ANALYSIS OF CRITICAL SUCCESS FACTORS FOR INFORMATION SECURITY MANAGEMENT PERFORMANCE
Abstract
The ever-increasing reliance on information systems for a competitive edge has thrust information security to the forefront of organizational priorities. This strategic concern arises from the widespread adoption of information systems across organizations, underscoring the imperative of safeguarding information in the face of complex systems and rapid technological advancements. This study focuses on the critical success factors analysis of information security management performance. The study investigates the relationships between information security controls, top management support, security awareness and training, and the performance of information security management. A theoretical model was proposed and tested empirically using survey data obtained from 119 IT personnel in high-tech firms across the Lagos metropolis. The results indicate significant positive relationships between information security management performance and the following factors: information security controls (r = 0.699**, P < 0.01), top management support (r = 0.751**, P < 0.01), and security awareness and training (r = 0.778**, P < 0.01). Furthermore, the study reveals that information security controls are significantly determined by top management support (r = 0.901**, P < 0.01), security awareness and training (r = 0.579**, P < 0.01), and IT competence (r = 0.451**, P < 0.01). Moreover, the study demonstrates that business alignment has a strong direct effect on an organization's IT competence, with a significant path coefficient (r = 0.318**, P < 0.01). The findings emphasize the criticality of information security controls, top management support, security awareness and training, and IT competence in achieving effective information security management. Enhancing these factors in organizations improves information security practices and safeguards valuable assets.