Overcoming Resistance to Diversity in the Executive Suite: Grease, Grit, and the Corporate Tournament

Once we open the corporate governance/human resources nexus to deeper inquiry, mutual scholarly interest in diversity and discrimination follows naturally. Firms have complex motives to take nondiscrimination and the promotion of diversity seriously. First, at least certain forms of discrimination are both unlawful and socially illegitimate and hence present threats of potential liability and injury to reputation. Second, human resources demands are such that attracting and motivating a diverse workforce is a competitive imperative. At the same time, however, offsetting economic forces may exist that favor subtle forms of discrimination and hostility to diversity, even if intentional and overt racial or gender-based bias is mostly outdated. In sum, the process of promoting diversity and ending discrimination, whether to avoid liability or simply to remain competitive, is a difficult challenge faced by many firms. It demands a close look at the efficacy of the internal decisionmaking and authority structures of the firm

One Size Does Not Fit All: Different Cultures Require Different Information Systems Security Interventions

Employees’ non-compliance with information systems (IS) security policies is a key concern for organizations. Previous studies have proposed different explanations for employees’ behavior, such as the use of sanctions and monitoring, fear appeal and training, which represent different paradigms of learning. Previous works do not test the validity of their models or methods across different cultural settings. Based on interviews in four countries, we argue that while information security behaviors are learned, different paradigms of learning are effective in different cultures; i.e., different cultures require different IS security interventions. What is even more important is that by providing non-preferred IS security interventions (e.g., monitoring/sanctions in Switzerland) were negative for improving information security. This study has implications for IS security research, editors, and practitioners. For scholars, we urge them to not only validate, but also test their models in different countries. The implication for editors is the need to re-consider their reviewing policy and accept papers that also show the limits of their model (not positive results) in some countries. From a managerial perspective, our findings suggest that different cultures require different IS security interventions

End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors

Business information, held within information systems, is critical for most organizations. To protect these critical information assets, security controls should be deployed which might come as a hindrance for the end-users. The Information Security Policies (ISP) give direction to their behaviors. Organizations can focus on conditions likely to promote so-called motivational factors influencing the end-users intentions to perform the desired behavior of compliance to ISP in order to protect these information assets. In total, six motivational factors, applicable to intentions on compliance, are found during research and are measured within five organizational contexts. From the measurements and analysis is learned, that the degree to which these factors relate differs per factor and per context. Two of these factors were found to always relate in such degree to compliance intentions that even without measuring the degree for a particular organization, applying these factors can be very effective for any organization or context. The other four factors have shown to be effective within particular context(s) meaning measurement of the context is needed before utilizing these factors within an organization to optimize the effect of efforts

How CISOs Can Become Effective Leaders? A Path-Goal Approach

Information security is a complex issue and Chief Information Security Officers (CISO) are faced with various challenges. Additional research is needed to study the role of CISOs in attaining information security compliance. In this paper, we follow path-goal theory of leadership as a theoretical lens to understand how CISOs can be more effective information security leaders. We present a research model for effective security leadership with emphasis on security member characteristics, organizational environment and security motivation process. This paper suggests that CISOs leadership behaviors must be tailored to communicate and influence subordinates’ perception as well as paths to the attainment of information security goals

Motivation: A selected bibliography

A bibliography is presented of books, periodicals, and documents concerning managerial motivation