A Canonical Action Research Approach to the Effective Diffusion of Information Security with Social Network Analysis

As modern organisations are using strategic information systems as their competitive advantage, the management of information security (IS) is regarded as a top priority. However, technical measures are no longer sufficient for protecting IS, and the prevalence of centralised IS controls and top-down approach in IS management are challenged by the dynamic socio-organisational environment. In this article, a canonical action research (CAR) project discusses the use of social network analysis (SNA) methods to design and implement a cascading IS training/diffusion, which leveraged the social dynamics in the workplace to enhance the IS-related interactions between the employees in a large construction organisation in Southeast Asia. Through the enhanced IS interactions, which involved the employees' provisions of IS resources and IS influence, results indicated an improvement in the employees' attitudes towards IS. The research outcomes advocated the effective use of SNA methods, in combination with the CAR approach, which included the network metrics and means to select the suitable champions for the diffusion of IS, as well as to measure the diffusion effectiveness. Future directions to develop new IS-related network theories and apply SNA methods to study other IS concepts are also discussed.