Track: Undergraduate Student Paper Competition

Abstract

The world now considers information security to be a critical concern while most Sri Lankan public and commercial enterprises also have it as a legal requirement. Businesses must utilize an Information Security Management System (ISMS) as it improves resilience to cyber-attacks and decreases information-security expenses. Organizational factors are vital because no system or technology will be properly applied if the human aspect of the setting is neglected. As no prior study has been undertaken to focus on Sri Lankan organizations and the IT sector is an advancing sector, this research is aimed at identifying the organizational factors that influence the efficacy of ISMS in Sri Lankan IT organizations. A qualitative approach with a systematic literature review was done following the PRISMA method. Identified Success Factors were analyzed, and a conceptual model is developed from the top 7 constructs (Implementer IT competency, Information Security Training, Employee acceptance and readiness, Information Security Policy, Employee Security Awareness, Top Management Commitment, Information security standard compliance). Understanding the impact of organizational factors will aid businesses in developing more effective information security strategic planning and deployment suited for all employees. The suggested constructs will offer a base for future research on this study area.

Keywords

ISMS, Sri Lanka, Organizational factors, IT sector, Information Security Management