Systèmes d'Information et Management


Many studies exist on the technical aspects of Information System's security, but organizational issues have been neglected. After a literature review that highlights the weaknesses in this particular field, we examine I.T. acceptation and adoption models and other fields such as psychology and behavioural theories. The conceptual framework thus constituted has led us to 3 research propositions. A qualitative methodology was conducted in 9 SMEs, where 30 semi-structured interviews found support for these propositions. This research corroborates the specificity of security behaviours and highlights compensation phenomena in case of managers' low implication and more particularly the informal employee's assumption of the responsibility of "chief information security officer".