Although there are several general prescriptions for managers to follow in developing an information security system, these recommendations typically assume a relatively centralized, homogeneous organization with a culture that is conducive to compliance with documented rules and procedures. This paper describes a research project that is intended to understand how the IS functional structure affects the development and implementation of an information security system. Commonly-used guides, for developing an information security system, along with their imbedded assumptions about organizational structure are discussed. Elements comprising the IS functional structure are introduced, followed by discussion of the potential relationships among these elements and the elements of an information security system. Finally, a research project is described that will lead to a better understanding of these relationships.
Aytes, Kregg and Ball, Nicholas L., "Information Systems Security and Information Systems Structure: A Contingency Perspective" (2005). AMCIS 2005 Proceedings. 453.