Modern Studies in Management and Organization

Modern Studies in Management and Organization

The Effect of Institutional Theory Dimensions on Information Security Management Based on ISO 27001 (Study of: Shahrekord Medical Sciences Teaching Hospitals)

Document Type : Original Article

Authors
Rohallah Kargar
Mohammad Javad Salehpour
Department of management, Deh.C, Islamic Azad University, Isfahan,Iran.
10.22034/jmsmo.2025.221002
Abstract
The present study aimed to investigate the effect of institutional theory dimensions on information security management based on ISO 27001 in Shahrekord Medical Sciences Teaching Hospitals, which was conducted using a descriptive-correlation method. The study's statistical population included Shahrekord hospitals, which consisted of 10 hospitals and 3 clinics, of which hospital information technology experts were surveyed using a census method. After distributing 48 questionnaires, 45 completed questionnaires were finally obtained, and the questionnaire data were analyzed. The research variables were measured using the standard questionnaire of Cavusoglu et al. (2015) and the Security Management System Quality Assessment Questionnaire using ISO 27001. The variables in the questionnaire were measured on a five-point Likert scale. Data analysis was performed at two levels: descriptive statistics using SPSS software and inferential statistics using partial least squares using SmartPLS software. The results of the findings from the analysis of research data showed that the two components of imitative and normative pressure with coefficients of 0.25 and 0.32 had a positive and significant effect on information security management and were able to explain and predict 62% of the changes in information security management in teaching hospitals of Shahrekord University of Medical Sciences.
Keywords
Institutional Pressures
Information Security
ISO27001
Hospitals and Educational Medical Centers in Shahrekord

Subjects

Das, S., & Mukhopadhyay, A. (2012). Security and Privacy Challenges in Telemedicine. CSI Communications.
Eissazadeh, A. A. (2015). Ranking of key success factors in implementing the Information Security Management System of the General Administration of Ports and Maritime Affairs International Conference on New Research in Industrial Management and Engineering, Guilan Province.  [In Persian]
Guillen, E., Estupiñan, P., Lemus, C., & Ramirez, L. (2010). Analysis of security requirements in telemedicine networks. In Proceedings of annual international conference of telecommunications engineering, Colombia. 
Kahooei, M., & Abbasi, Z. (2015). Prioritizing factors affecting the security of electronic health information in medical centers. Information Management, 2(12), 162-170. [In Persian]
Kahouei, M., & Abbasi, Z. ( 2015). The Prioritization of Effective Factors on Electronic Health Information Security in Medical Centers. Health Inf Manage, 12(2), 170.
Mehraeen, E., Ayatollahi, H., & Ahmadi, M. (2014). A Study of Information Security in Hospital Information Systems. Health Information Management, 10(6), 779-788. [In Persian]
Parks, C., Chu, H., Xu, L., & Adams, D. A. (2011). Understanding the drivers and outcomes of healthcare organizational privacy responses Proceedings of the Thirty Second International Conference on Information Systems, Shanghai. 
Sheikh Abu Masoudi, Ruhollah, Kouhi Habibi, S., Ataei, M., & Ismaili, N. (2015). Evaluation of Information Management Systems of Isfahan University of Medical Sciences Using the Standard ISO/IEC 27001. Information Security Management, 3(12), 306-316. [In Persian]
Singh, A. N., Gupta, M. P., & Ojha, A. (2014). Identifying factors of organizational information security management. Journal of Enterprise Information Management, 27(5), 644-667.
Siponen, A., & Vance, B. (2014). Neutralization: new insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487–502.
Tajfar, A. (2014). Ranking the barriers to implementing information security management systems and assessing the level of exploration management readiness [Master's thesis, Tabriz.
Tallon, P. P., & Pinsonnault, A. (2011). Competing perspectives on the link between strategic information technology alignment and organizational agility: insights from a mediation model. MIS Quarterly, 35(2), 463-486.
Tseng, S. M. (2008). The effects of Control of information security. on knowledge management systems. Expert Systems with Applications(35), 150–160.

  • Receive Date 20 October 2024
  • Revise Date 17 November 2024
  • Accept Date 26 February 2025
  • Publish Date 15 March 2025