Information Security, Organizational Emotions, and Enterprise 2.0

ABSTRACT

Japanese companies, particularly ones with many employees, are proactively working on information security management for personal information protection and risk management. In addition to such efforts, many companies are also strengthening management control by enhancing internal control and cost-cutting such as overtime restrictions. While necessary, such control must be based on the situations of individual workplaces or it could damage employees’ morale and performance.

This paper empirically analyzes the organizational effect of information security management on Japanese companies based on questionnaire survey to office workers. The following points became clear from the analysis.

Regarding the relationship between information security management and organizational emotions, too much control can have a negative effect on overall emotions if the security director does not act from the standpoint of the workers being controlled. Information security management can also generate a negative awareness that such management may damage productivity; this impact is greater in companies where negative organizational emotions are already strong. Rich social capital can improve this negative awareness by creating more positive organizational emotions. Better human communication, in turn, is shown to be effective in creating rich social capital. Tools such as intra-company blogs and SNSs, known as Enterprise 2.0, complement face-to-face communication, and using such tools facilitates rich social capital.

Three points can be proposed when considering how to promote information security management in companies. First, it should be understood that such management can have adverse effects on company performance and organizational emotions depending on how they are promoted. Second, to limit such adverse effects, the security director should act from the viewpoint of workers who are controlled by such management. Third, creating rich social capital by improving communication is also necessary to make information security management more effective.

The questionnaire survey in this research was commissioned by the Institute of Information Security (IISEC) as part of “Effective Information Security Governance Systems in Companies,” a research project sponsored by the Research Institute of Science and Technology for Society (RISTEX).