"A grounded theory study of information security practices of software " by Michelle Renee D. Ching

A grounded theory study of information security practices of software development outsourcing SME personnel in the Philippines

Date of Publication

8-23-2019

Document Type

Dissertation

Degree Name

Doctor in Information Technology

Subject Categories

Information Security

College

College of Computer Studies

Department/Unit

Information Technology

Thesis Adviser

Raymund C. Sison

Defense Panel Chair

Rafael A. Cabredo

Defense Panel Member

Merlin Teodosia C. Suarez
Nelson J. Celis
Ma. REgina E. Estuar
Raymund C. Sison

Abstract/Summary

Information security in this digital age is increasingly becoming more of a social problem rather than a technical problem because users are viewed as the weakest link due to their negligence and ignorance. The need for finding out what interrupts one’s intention to comply with Information Security Policies arouse. However, most of the studies are focused on the behavioral intention rather than the actual behavior. Through this research, it was able to uncover the main concern of the employees in the context of Software Development Outsourcing SMEs using the Classic Grounded Theory Method. It was discovered that the main concern of the employees is balancing their security and convenience and they resolve this through Security-Convenience Maturity. There are two dimensions for this core category, which are process dimension and type dimension. The first one refers to the Basic Social Process, where employees can transition from Low Maturity to High Maturity through various Techniques. These are Adopting, Understanding, Involving, and Informing. The latter refers to two types of actors, which are Managers and Non-Managers. Their actions can be categorized as Workarounds that can be further classified as Physical Security, Network Security, and Application Security. The Security-Convenience Maturity had uncovered that there are Sophisticated Workarounds that can help the management, information security professionals, and policy makers in improving the existing information security policies, standards, and technologies.

Abstract Format

html

Language

English

Format

Electronic

Accession Number

CDTG008181

Keywords

Computer security--Philippines; Information technology—Security measures; Small business—Computer networks; Computer software—Development; Subcontracting—Philippines

Upload Full Text

wf_no

Embargo Period

2-3-2025

This document is currently not available here.

Plum Print visual indicator of research metrics
PlumX Metrics
  • Usage
    • Abstract Views: 14
see details

Share

COinS