Paper Type
Complete
Abstract
Functional-area managers play a critical role in ensuring the cybersecurity practices of their teams. Organizational policies, resources, and interventions shape managers' capacity to fulfill this responsibility. Although prior research has addressed specific interventions to prevent security breaches, proactive managerial measures remain underexplored. This study examines how elements of the organizational control structure influence managers' ability to act proactively. Using Adler and Borys’ (1996) enabling control framework, we apply deductive thematic analysis to open-ended questionnaire responses from 83 functional-area managers. The analysis identifies eight first-order interventions linked to features of the security control structure. The findings suggest that the mere presence of interventions is insufficient; their effectiveness depends on implementation in the broader socio-technical system. Interventions supporting managerial repair, transparency (internal and global), and flexibility emerge as critical channels for achieving both external (regulatory) alignment and internal (managerial) empowerment.
Paper Number
2057
Recommended Citation
Austin, Rebekah E. and Davis, Joshua M., "Cultivating Workgroup Security Effectiveness through Control Structure Alignment and Empowerment: An Exploratory Study" (2025). AMCIS 2025 Proceedings. 2.
https://aisel.aisnet.org/amcis2025/sig_osra/sig_osra/2
Cultivating Workgroup Security Effectiveness through Control Structure Alignment and Empowerment: An Exploratory Study
Functional-area managers play a critical role in ensuring the cybersecurity practices of their teams. Organizational policies, resources, and interventions shape managers' capacity to fulfill this responsibility. Although prior research has addressed specific interventions to prevent security breaches, proactive managerial measures remain underexplored. This study examines how elements of the organizational control structure influence managers' ability to act proactively. Using Adler and Borys’ (1996) enabling control framework, we apply deductive thematic analysis to open-ended questionnaire responses from 83 functional-area managers. The analysis identifies eight first-order interventions linked to features of the security control structure. The findings suggest that the mere presence of interventions is insufficient; their effectiveness depends on implementation in the broader socio-technical system. Interventions supporting managerial repair, transparency (internal and global), and flexibility emerge as critical channels for achieving both external (regulatory) alignment and internal (managerial) empowerment.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGOSRA