EFFECT OF STRATEGIC SECURITY MANAGEMENT PRACTICES ON FIRM PERFORMANCE: A CASE OF KENYA REVENUE AUTHORITY
Abstract
Over the past one century, the debates surrounding the issues of security have gained momentum tremendously. The general objective of this research was to establish the effect of strategic security management practices on the firm’s performance. The goal of this study was to address the gaps in the literature and develop an understanding of how strategic security management in an organization drives firm performance. Three gaps had been identified. The areas of physical security and other forms of security had not been focused which became important with the increase in threat of terrorism. Lastly, there was a dearth of studies that incorporated security management as a strategic focus. This study was a descriptive cross-sectional survey. This study was carried out in Nairobi. The study population was 92 employees in the security department of Kenya Revenue Authority (KRA), Nairobi. The sampling frame that was applied in this study was a list of employees in the security department of KRA. This study was a census where all target respondents in the population participated in the study. Questionnaire was utilized as data collection instrument in the study. Analysis was through both descriptive and inferential statistics. Descriptive statistics used were frequencies, percentages and mean scores. Inferential statistics were correlation and regression analysis. The results established that security of ICT infrastructure, leadership coordination in security management and security of employee working conditions at KRA significantly influenced performance of the organization. The results however established that employee participation in security management did not have a significant influence on performance of KRA. From the study findings, the study recommended that, first, KRA should put in place reward systems where there are punishments and deterrents for observance of ICT security policies and strategy. Secondly, top leadership of KRA should be involved in leading security management and also in designing and implementing security strategy and policies in the organization. Third, employees should be always orientated on security management when they are recruited to ensure that they understand security issues and help in implementing the security strategy. Lastly, KRA should have a clear plan and log of the physical and ICT infrastructure in place and ensure that the infrastructure in place is functional at all times to enhance service delivery to employees and customers.
Key Words: ICT infrastructure, employee participation, employee working conditions
Full Text:
PDFReferences
Ahammad, M. F., Lee, S. M., Malul, M., & Shoham, A. (2015). Behavioral Ambidexterity: The Impact of Incentive Schemes on Productivity, Motivation, and Performance of Employees in Commercial Banks. Human Resource Management, 52 (2), 156 – 171.
Amah, E., & Ahiauzu, A. (2013). Employee involvement and organizational effectiveness. Journal of Management Development, 32 (7), 661 – 674.
Anderson, R. (2011), “Why information security is hard: an economic perspective”, Proceedings of the 17th Annual Computer Security Applications Conference, Los Alamitos, CA, pp. 358-365.
Aral, S. and Weill, P. (2011), “IT assets, organizational capabilities, and firm performance: how resource allocations and organizational differences explain performance variation”, Organization Science, Vol. 18 No. 5, pp. 763-780.
Aronson, S.L. (2013). Kenya and the Global War on Terror: Neglecting History and Geopolitics in Approaches to Counterterrorism. African Journal of Criminology and Justice Studies, 7 (1&2), 24-34.
Babbie, E. (2011). The Practice of Social Research (13th ed). Belmont: Wadsworth Thomson.
Bandura, R. P., & Lyons, P. R. (2014). Situations-vacant fall where employees are engaged: Involvement boosts various aspects of organizational performance. Human Resource Management International Digest, 22 (5), 22 – 25.
Barney, J. (1991). Firm Resources and Sustained Competitive Advantage. Journal of Management, 17, 99-120.
Barney, J. (1991). Firm Resources and Sustained Competitive Advantage. Journal of Management, 17, 99 - 120.
Bharadwaj, A.S. (2013), “A resource-based perspective on information technology capability and firm performance”, MIS Quarterly, Vol. 24 No. 1, pp. 169-196.
Boal KB, Hooijberg R. (2011). Strategic leadership: Moving on. The Leadership Quarterly , 11, 515–550.
Bodin, L.D., Gordon, L.A. and Loeb, M.P. (2015), “Evaluating information security investments using the analytic hierarchy process”, Communications of the ACM, Vol. 48 No. 2, pp. 79-83.
Bose, R., & Luo, X.R. (2014). Investigating security investment impact on firm performance. International Journal of Accounting & Information Management, 22 (3), 194 – 208.
Brown, J. S. and Duguid, P., (2011). The Social Life of Information. Boston: Harvard Business School Press.
Brown, S., McHardy, J., McNabb, R., & Taylor, K. (2011). Workplace Performance, Worker Commitment, and Loyalty. Journal of economics and management strategy, 20 (3), 925 – 955.
Calas, B. (2008). From rigging to violence. Lafargue, J. (Ed.). The general elections in Kenya, 2007. (pp. 165-185). Dar es Salaam: Mkuki na Nyota Publishers, Ltd.
Carty, M. , Pimont, V. and Schmid, D.W. (2012), “Measuring the value of information security investments”, IT@Intel White Paper, Intel Corporate, Santa Clara, CA.
Cavusoglu, H. , Raghunathan, S. and Yue, W.T. (2012), “Decision-theoretic and game-theoretic approaches to IT security investment”, Journal of Management Information Systems, Vol. 25 No. 2, pp. 281-304.
Coolican, H. (2004). Research methods and statistics in psychology. London: Hugh Coolican.
Creswell, J. (2009). Research Design; Qualitative and Quantitative and Mixed Methods Approaches. London: Sage.
Easterby-Smith, M., Thorpe, R. & Lowe, A. (1999). Management Research: An introduction. London: SAGE Publication Ltd.
Estes, B. & Wang, J. (2012). Workplace Incivility: Impacts on Individual and Organizational Performance. Human Resource Development Review, Vol. 7, June 2008, pp.218-240.
Finkelstein S, Hambrick DC, Cannella AA, Jr. (2014). Strategic leadership: Theory and research on executives, top management teams, and boards . Oxford , UK : Oxford University Press.
Gillham, B. (2008). Developing a questionnaire (2nd ed.). London: Continuum International Publishing Group Ltd.
Gordon, L. A. & Loep, M. P. 2006. Budgeting Process for Information Security Expenditures. Communications of the ACM, Vol. 49, No. 1, pp. 121-125.
Gordon, L.A. and Loeb, M.P. (2012), “The economics of information security investment”, ACM Transactions on Information and System Security, Vol. 5 No. 4, pp. 438-457.
Hesket, J. L., Jones, T. O., Loveman, G.W., Sasser, W. E., & Schlesinger, L. A. (1994). Putting the service-profit chain to work. Harvard Business Review, 164 – 174.
Heskett, J. L., Jones, T. O., Loveman, G. W., Sasser, W. E., and Schelsinger, L. A. (1994). Putting the Service Profit Chain to Work. Harvard Business Review, (March- April), 164 – 174.
Israel, G. D. (2013). Determining Sample Size. Florida: University of Florida.
Katua, F. S. (2014). Information security management strategy implementation challenges at Kenya Electricity Generating Company. MBA Project, University of Nairobi, Nairobi.
Kothari, C. R. (2004). Research methodology: methods and techniques (2nd ed). New Delhi: New Age International Publishers.
Kuhn, JrJ.R. , Ahuja, M. and Mueller, J. (2013), “An examination of the relationship of IT control weakness to company financial performance and health”, International Journal of Accounting and Information Management, Vol. 21 No. 3, pp. 227-240.
Kurpius, S. E. & Stafford, M. E. (2006). Testing and measurement: A user-friendly guide. Thousand Oaks: Sage.
Kwon, J. and Johnson, M.E. (2014), “Proactive versus reactive security investments in the healthcare sector”, MIS Quarterly, Vol. 38 No. 2, pp. 451-472.
Leblebici, D. (2012). Impact of workplace quality on employee‘s productivity: case study of a bank in Turkey. Journal of Business, Economics & Finance, Vol.1 (1)
Ling Y, Simsek Z, Lubatkin MH, Veiga JF. (2014). The impact of transformational CEOs on the performance of small- to medium-sized firms: Does organizational context matter? Journal of Applied Psychology, 93, 923–934.
Lounsberya, M.O., Pearson, F. & Talentino, A.K. (2011). Unilateral and Multilateral Military Intervention: Effects on Stability and Security. Democracy and Security, 7 (3), 227-257.
Maupeu, H. (2008). Revisitng post-election violence. Lafargue, J. (Ed.). The general elections in Kenya, 2007. (pp. 187-223). Dar es Salaam: Mkuki na Nyota Publishers, Ltd.
Mugenda, O. and Mugenda, A. (2003). Research methodology: qualitative and quantitative techniques. Nairobi: Acts Press.
Muindi, F. K., (2011). The Relationship between Participation in Decision Making and Job Satisfaction among Academic Staff in the School of Business, University of Nairobi. Journal of Human Resources Management Research, 22, 1 – 34.
Ndung’u, S. I. (2014). Moderating role of entrepreneurial orientation on the relationship between information security management and firm performance in Kenya. PhD Thesis, Jomo Kenyatta University of Agriculture and Technology, Nairobi.
Ogbo, A.I. & Ukpere, W.I. (2013). Management of Designed Safety Adherence Model for the Nigerian Work Environment. Journal of Human Ecology, 41(3), 183-191
Oppenheim, A. N. (2000). Questionnaire design, interviewing and attitude measurement (New ed.). London: Continuum International Publishing Group Ltd.
Porter, M. E. (1985). Competitive Advantage. New York: The Free Press.
Reid, R. C. & Floyd, S. A. (2001). Extending the risk analysis model to include market insurance. Computers & Security, 20(4), 331‐9.
Rucci, A. J., Kirn, S. P. & Quinn, R. T. (1998). The Employee-Customer-Profit Chain at Sears. Harvard Business Review, 76 (1), 65 – 71.
Thomas, G. (2011). How to do your Case Study: A Guide for Students and Researchers. Thousand Oaks: Sage.
van Dierendonck D. (2011). Servant leadership: A review and synthesis. Journal of Management, 37, 1228–1261.
Wright, M. (1999). Third generation risk management practices. Computers & Security, 2, 9‐12.
DOI: http://dx.doi.org/10.61426/sjbcm.v3i4.317
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.
PAST ISSUES:
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.