Correlation between employee participation and organizational information security management in Community College Districts

The dominant view of the relationship between employees and information security (InfoSec) is that employees are the weakest link. This research investigates the relationship between employees and InfoSec from a positive perspective. User buy-in is the theoretical framework of this study and Western U.S. Community Colleges (WUCCs) are the setting. A survey of the Chief Information Systems Officers of the largest Western U.S. Community College Districts supports the hypothesis that increased employee involvement in InfoSec security management (ISM) is positively correlated with improved quality of the ISM and better alignment of the WUCC educational and ISM goals. The results did not support the hypothesis that increased employee involvement in ISM is correlated with the development of an InfoSec culture at the WUCCs.