A study of relationships among organizational factors and information systems security practices to information systems security effectiveness of selected domestic banks in the Philippines

As demand and investment in information systems considerably grow in order to gain competitive advantage and improvement in the conduct of business, the need to secure it from abuse and unauthorized access increases. Deterrent and preventive measures are employed by companies in various types and degrees to mitigate systems risk. This study aims to evaluate the effectiveness of information system security among selected domestic banks in the Philippines. Moreover, relationships among different variables affecting security effectiveness are also studied empirically to test the model designed to evaluate its effectiveness. Data gathering process was done by sending separate survey questionnaires to the Human Resources (HR) and Information Technology (IT) Department of our respondents. Larger organizations were found to have greater deterrent efforts. On the other hand, domestic banks with stronger top management support were found to have established more severe sanctions and more advanced preventive efforts as compared to those who have weaker management support. Moreover, greater deterrent severity and preventive efforts as security measures were found to have direct relationships with Information System (IS) security effectiveness. Implications of these findings for further research and practice are also discussed.