Академический Документы
Профессиональный Документы
Культура Документы
IE
by
PR
EV
UNIVERSITY OF PHOENIX
May 2012
IE
In the unlikely event that the author did not send a complete manuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.
UMI 3569139
PR
EV
Published by ProQuest LLC (2013). Copyright in the Dissertation held by the Author.
Microform Edition ProQuest LLC.
All rights reserved. This work is protected against
unauthorized copying under Title 17, United States Code
ProQuest LLC.
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
W
IE
PR
EV
2012 by Scipiaruth Kendall Curtis
ALL RIGHTS RESERVED
IE
EV
PR
Abstract
The continual emergence of technologies has infiltrated government and industry
business infrastructures, requiring reforming organizations and fragile network
infrastructures. Emerging technologies necessitates countermeasures, commitment to
cybersecurity and information technology governance for organizations survivability and
sustainability. The purpose of the qualitative exploratory case study was to analyze the
critical inclusion of information assurance professionals in the organizations strategic
plan by senior leadership to advance the integration of cybersecurity and information
IE
PR
EV
iv
Dedication
I dedicate this study to my loving husband Kelly, my chef, and true love. Your
sage advice, endless patience, and continual encouragement to persevere made it easy for
me to complete my doctoral journey. I would never forget the many long nights that you
kept me entertained, so that I could make my doctoral class deadlines and the many
vacations, bike rides, golfing, and tennis events that you sacrificed because you wanted
me there as your wife and partner. To my parentsmy mother, who gave me the guiding
light, and my first leadership course on developing my own footsteps. To my father, who
I did not have the pleasure of knowing, but very much aware that he was responsible for
IE
my creativity and analytical mindset that I use on a daily basis, ultimately the foundation
for my doctoral map. To Michele, my confidante and tennis doubles partner, whose
PR
EV
creativity and innovativeness provided the vehicle to transcend many writing challenges
presented during the doctoral journey into mental keenness on and off the court. To the
almighty spiritGod, who gave me the mental, physical, and spiritual strength, the will
to find meaningfulness, and most of all to remember that will provides a way to succeed.
v
Acknowledgments
Many senior leaders, colleagues, peers, and friends supported my doctoral
journey. Every encounter provided a unique relationship that will always add special
meaning and value in my travels. My sincerest and heart-felt words of thank you will
forever remain at the forefront of my memories. To Dr. Linda de Charon, my dissertation
chair, Dr. C. Augusto Casas and Dr. Melissa Holmberg, my committee members, for
your continual focus, astute recommendations, and steadfast reinforcement to stay on the
doctoral course. To my University of Phoenix cohorts, who provided unwavering
dedication, best practices, and lessons learned particularly difficult in distance learning
IE
doctoral courses. To the men and women at March Air Reserve Base, especially the
information technology organization, that supported this research study with confidence
PR
EV
and professionalism. Special thanks to Brig Gen Udo Karl McGregor without his
permission and support, this research study would not have been possible.
vi
Disclaimer
The views presented in this dissertation are those of the author or the research
participants and do not necessarily represent the views of the Department of Defense or
PR
EV
IE
vii
Table of Contents
Chapter 1: Introduction .............................................................................................. 1
Background of the Problem ....................................................................................... 3
Statement of the Problem ........................................................................................... 8
Purpose of the Study .................................................................................................. 9
Significance of the Study ......................................................................................... 13
Importance of the Study to Leadership .................................................................... 15
Nature of the Study .................................................................................................. 16
IE
PR
EV
viii
Summary .................................................................................................................. 46
Chapter 2: Review of the Literature......................................................................... 49
Title Searches, Articles, Research Documents, and Journals .................................. 49
Historical overview. ................................................................................................. 51
Organizational communication. ........................................................................ 52
Organizational discourse. ................................................................................. 52
Organizational change. ..................................................................................... 53
Organizational adaptability. .............................................................................. 55
IE
PR
EV
Organizational structure.................................................................................... 58
Organizational conflict. .................................................................................... 59
Organizational survivability. ............................................................................ 60
Organizational culture. ..................................................................................... 62
Organizational strategies. ................................................................................. 63
Organizational resources. ................................................................................. 64
Leadership theory. ............................................................................................ 65
Organizational leadership. ................................................................................ 66
Executive leadership. ........................................................................................ 67
Decision-making. .............................................................................................. 68
Emotional intelligence. ..................................................................................... 68
Management and information. .......................................................................... 69
ix
Organizational performance. ............................................................................ 70
Organizational management. ............................................................................ 71
Strategic management. ...................................................................................... 72
Innovation. ........................................................................................................ 73
Globalization of information technologies. ...................................................... 73
Information technology environment. .............................................................. 74
Security, certification, and accreditation. ......................................................... 74
IT governance ................................................................................................... 76
Cybersecurity. ................................................................................................... 76
IE
PR
EV
x
Organizational resources. ................................................................................. 90
Leadership......................................................................................................... 91
Organizational leadership. ................................................................................ 92
Executive leadership. ........................................................................................ 92
Decision making. .............................................................................................. 93
Emotional intelligence. ..................................................................................... 94
Management and information technology. ....................................................... 95
Organizational performance. ............................................................................ 96
IE
PR
EV
xi
Population .............................................................................................................. 119
Sampling Frame ..................................................................................................... 121
Informed Consent................................................................................................... 123
Confidentiality ....................................................................................................... 125
Geographic Location .............................................................................................. 127
Data Collection ...................................................................................................... 127
Instrumentation ...................................................................................................... 130
Validity .................................................................................................................. 132
IE
PR
EV
xii
Research Question Findings .................................................................................. 181
Summary ................................................................................................................ 183
Chapter 5: Conclusions and Recommendations .................................................... 186
Implication of Research Question Findings ........................................................... 188
Implications of the themes ..................................................................................... 193
Limitations ............................................................................................................. 210
Recommendations for Action ................................................................................ 214
Recommendations for Further Research ................................................................ 219
IE
PR
EV
xiii
Appendix L: Security Management Emerging Responses ................................. 305
Appendix M: Cybersecurity Emerging Nodes ....................................................... 306
Appendix N: Cybersecurity Emerging Responses .............................................. 307
Appendix O: Network Management Emerging Nodes ....................................... 308
Appendix P: Network Management Emerging Responses ................................. 309
Appendix Q: Senior Leadership Involvement Emerging Nodes ........................ 310
Appendix R: Senior Leadership Involvement Emerging Responses .................. 311
Appendix S: Emerging Response Themes Populated from Significant Frequency
IE
PR
EV
1
Chapter 1: Introduction
The continual emergence of technologies in the 21st century indirectly influences
cyberattacks and postures the federal government to develop countermeasures by
establishing partnerships with organizations in the public and private sectors to combat
network intrusions (Hare, 2009). In December 2008, the Cyberspace for the 44th
Presidency Report identified cybersecurity as an essential strategic national security issue
that challenges on a global enterprise scale, beckons public diplomacy practitioners, and
academics to analyze the economic influence (Baker, 2009). Emerging technologies
increase the number of cyberattacks on information networks, which may result in data
IE
PR
EV
2
countermeasure against network vulnerabilities (Matisziw, Murray, & Grubesic, 2009).
Organizations investing in information assurance (IA) ensure the protection of critical
information (Ezingeard, McFadzean, & Birchall, 2007) and IT governance might provide
organizations countermeasures against cyberattacks (Chanda, 2008).
In Chapter 1, the focus of discussion provided the overview for this case research
study--background of the problem, problem statement, purpose, significance of the study,
importance of the study to leadership, nature of the study, research questions, theoretical
framework, definition of terms, assumptions, scope and limitations, and delimitations.
IE
PR
EV
(Ramamurthy, Premkumar, & Crum, 1999) to IA (Vaugh et al., 2010) and IT governance
(Iliescu, 2010; see also Wallace & Webber, 2007, 2010; Weill & Ross, 2004; Wood,
2005). Additionally, in Chapter 1 insight to decision theories (Cavusoglu, Raghunathan,
& Yue, 2008; Clemmons, 2008; Yajiong, Huigang, & Boulton, 2008) incorporated IA
professionals as critical elements in developing cybersecurity strategies to counter
network vulnerabilities formed the research study foundation. In summary, Chapter 1
focused on how March Air Reserve Base leaders may capitalize by using IA
professionals expertise to diminish network vulnerabilities through cybersecurity
strategies and IT governance, thereby adding to the body of research literature,
leadership, and practice.
3
Background of the Problem
Network infrastructure vulnerabilities may escalate over time (Matisziw et al.,
2009) as technology evolves. The continual emergence of technologies has infiltrated
government and industry business infrastructures, resulting in reforming organizations
and fragile network infrastructures. The outcome from network vulnerabilities is the
potential debilitating aftermath occurring to national security, economic security, public
health, and safety may combine to precipitate global inoperability of the nations
communication system, affecting government, private, and public agencies (Moteff,
2010). Data security is the number-one issue as highly personal data and fiscal records
IE
are lost through theft (Trope, Power, Polley, & Morley, 2007). Bartlett and Smith (2008)
described the importance of data security to lower organizational risk by eliminating data
PR
EV
breaches, first quarter of 2008, there were 167 data breaches reported, compromising
more than 8.3 million personal and financial records (p. 34).
The U.S. established compliance policies for information assurance professionals
to have certification and accreditation and for the remaining workforce to receive
information assurance training (U.S. Department of the Air Force, 2008; 2010). In
January 2008, the Bush Administration identified cybersecurity as the critical entity for
national security and economic stability in the Comprehensive National Cybersecurity
Initiative (CNCI) (Rollins & Henning, 2009). CNCI includes defensive and offensive
cybersecurity strategies to deny adversaries network access and reduce network
vulnerabilities (Rollins & Henning, 2009). Sheldon and Vishik (2010) described CNCI
as a multidisciplinary approach for solving difficult cybersecurity threats (Raduege Jr.,
4
2009) through initiatives to control scalability and to establish trustworthy processes for
organizations using hardware, software, data, and networks for information.
Cybersecurity threats to organizational infrastructures come in a variety of forms,
such as organization insiders, terrorists, software (malware), hackers, and criminal groups
(Langevin, 2008). IA professionals frequently must attend technology events, participate
in cyber exercises, and enroll in cyber courses to hone skill level and to remain informed
of the latest cyber threats. IA professionals may assist organizational leadership in
configuring security policy elements, doctrine, and other security resources necessary in
IE
(Brechbuhl, Bruce, Dynes, & Johnson, 2010). The National Science and Technology
Council develop cost strategies for implementing cybersecurity solutions (Sternstein,
PR
EV
5
partnerships, resulting in new security policies under the disguise for interorganizational
IT governance (Croteau & Bergeron, 2009). Organizational leaderships commitment to
a strategic plan might require refocusing to incorporate IA at various organizational
levels as organizations use technology for global business expansion (Tiwana &
Konsynski, 2010).
The U.S. Air Force as a rational organization must have countermeasures for the
increasing emerging technologies and challenging the organizations network
infrastructure (Young, 2010). The Air Force strategic decision makers sought to control
IE
by reengineering the U.S. Strategic Command and include the U.S. Cyber Command as a
subordinate organization (U.S. Department of Defense [DoD], 2009). The U.S. Cyber
PR
EV
6
sector to manage the cybersecurity risk along with the information communication
technologies (ICTs) infrastructure administration. The federal government recognizes the
course of action is to inform the public concerning cybersecurity and has initiated
partnerships with public-and-private sectors, and international industries for critical
alliance (Obama, 2011).
MARBs cybersecurity strategic plan require stakeholders responsible at all
organizational levels, external commitment through cooperative partnerships, and internal
commitment of functional organizations to support the network infrastructure. The
IE
service, and contractors) and 29 tenant organizations (March Air Reserve Base Strategic
Plan, 2009). MARB personnel establish business-to-business (B2B) partnerships to
PR
EV
7
competitor. Broadbent and Kitzis (2004) described legislation would increase to control
information security through an organizations compliance mechanisms, the passage of
liabilities onto the organization, and in some cases criminal liability for the misuse or loss
of corporate data. Buszta (2008) expressed organizational leaders must strategically plan
to incorporate certification and accreditation cybersecurity components to ensure the
organization remains in compliance and does not contradict federal government
regulations.
Organizational leaders must reassess continually outcomes from legislative
IE
Paperwork Reduction Act of 1995, and the Information Technology Management Reform
Act of 1996 (also known as the Clinger-Cohen Act) for compliance (Buszta, 2008).
PR
EV
Organizations must adopt new paradigms to interface with the new compliance
mechanisms, risk assessment, and security assurance (Tashi, 2009). A hidden pivotal
chasm unknown to organizational leaders induces network vulnerabilities when the
organizations acquisition technologies seek ROI for the organization. IA professionals
continually adjust protocols for just-in-time fixes or patch management strategies to
secure the network infrastructure and lower organizational risks as business units invest
in technologies without seeking IT expertise prior to the acquisition decision. The United
States General Accounting Office (GAO) recognized the criticality to assess requirements
for building a DoD enterprise with secure architecture and network infrastructure to
ensure the nations valuable information remains protected and available to only
individuals with the proper credentials (Rhodes & Willemssen, 2004).
8
Statement of the Problem
The general problem is organizational leaders who work for government agencies
have experienced cyberattacks occurring on federal enterprise network systems and
critical architectural infrastructures (Wilshusen, 2010a) and presently seek alternatives
for securing information (Clark & Levin, 2009). The globalization of information
communication technologies (ICTs), such as social networking, increases organizational
risks (Barr, 2010). The implementation of ICTs challenges the federal governments
IE
PR
EV
9
organizational levels. The Federal Information Security Management Act (FISMA)
provides regulatory guidance for federal agencies to ensure data security, data protection,
and require organizations to implement policies and procedures to reduce the risk
throughout the information life cycle (Ross, Swanson, Stoneburner, Katzke, & Johnson,
2004). Organizational leaders who work in the federal government may seek to control
information security through legislative initiatives on certification and accreditation of IA
professionals (Ross, Swanson, Stoneburner, Katzke, & Johnson, 2004), information
awareness, information technology governance, and countermeasures to support
IE
The qualitative case study design involved exploring the critical inclusion of IA
professionals in the organizations strategic plan by senior leadership to advance the
PR
EV