Adoption of information security measures in public research institutes

Abstract

There are several Information Security measures recommended by international standards and literature, but the adoption by the organizations should be designated by specific needs identified by Information Security Governance structure of each organization, although it may be influenced by forces of the institutional environment in which organizations are inserted. In public research institutes, measures may be adopted as a result of pressure from Government and other agencies that regulate their activities, or by the influence of Information Security professionals, or simply adopting the same measures of leading organizations in the organizational field. This study aimed to investigate whether in public research institutes the adoption of Information Security measures is influenced by organizational factors relating to Information Security Governance, and by external factors relating to its institutional environment. The results show that these organizations are subject to institutional influences more than organizational influences.