LOJİSTİK BİLGİ SİSTEMİ GÜVENLİĞİ KÜLTÜRÜ ÜZERİNE BİLGİ SİSTEM GÜVENLİĞİ FARKINDALIĞI VE BAĞLILIĞININ ETKİSİ: KARGO LOJİSTİK FİRMALARINDAN BULGULAR*

Tedarik zinciri yönetimindeki lojistik faaliyetlerin büyük bir kısmınıgünümüzde lojistik bilgi sistemleri üstlenmektedir. Bu kritik önemi nedeniylelojistik bilgi sistemlerinin güvenliğine yönelik alınan teknik tedbirlerin yanında,örgütsel tedbirlere de ihtiyaç duyulmaktadır. Bu anlamda bilgi sistem güvenliğiyalnızca teknik personel değil diğer tüm çalışanlarında katılımını gerektirir.Örgüt içerisinde oluşturulacak kültürel tedbirler ve yöneticilerin bilgi sistemgüvenliği farkındalığı ile lojistik firmaların bu konudaki açıklarını ortadankaldırması söz konusu olabilir. Bu bakış açısıyla mevcut çalışma kargo lojistikfirmalarında yerleşik bilgi sistem güveliğine ilişkin kültürel bir yapının varlığıve yöneticilerin bu konudaki farkındalığının sorgulanması üzerineoluşturulmuştur. Bu amaçla Erzurum ilinde faaliyet gösteren kargo lojistikfirmalarında ankete dayalı bir araştırma yapılmıştır. İstatistikseldeğerlendirmeler ışığında elde edilen bulgular yöneticiler ve politika yapıcılaraçısından değerli sonuçlar barındırmaktadır.

THE EFFECT OF LOGISTICS INFORMATION SYSTEM SECURITY AWARENESS AND COMMITMENT ON LOGISTICS INFORMATION SYSTEM SECURITY CULTURE: EVIDENCE FROM CARGO LOGISTICS COMPANIES

Logistics information systems undertakes a large part of logistics services in supply chain management, nowadays. For its critical importance, there is a need to take organizational measures besides technical measures related to logistics information systems security. In this sense, information system security requires the participation of not only the technical staff but all other employees. Logistics companies can eliminate the insufficiency in this area with the help of cultural measures which will be established within the organization and the managers' awareness of information system. From this perspective, this study is formed in order to ascertain existence of a cultural structure related the embedded information systems security and to determine managers' awareness about the information system security in the cargo logistics company. For this purpose, questionnaire has been applied to cargo logistics companies which are operating in city of Erzurum in this study. Findings of the study which have been obtained in the light of statistical assessments have significant out comes for managers and policy makers.

PDF

___

Acılar, A. (2009). "İşletmelerde Bilgi Güvenliği ve Örgüt Kültürü". Organizasyon Ve Yönetim Bilimleri Dergisi, 1(1), 25-33.
Allen, N J, Meyer, J P. (1990). "The measurement and antecedents of affective, continuance and normative commitment to the organization". Journal of occupational psychology, 63(1), 1-18.
Barton, K A, Tejay, G, Lane, M, Terrell, S. (2016). "Information system security commitment: A study of external influences on senior management". Computers & Security, 59, 9-25.
Bess, D A. (2012). Understanding Information Security Culture in an Organization: An Interpretive Case Study: ERIC.
Bulgurcu, B, Cavusoglu, H, Benbasat, I. (2010). "Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness". MIS quarterly, 34(3), 523-548.
Chen, C C, Shaw, R, Yang, S C. (2006). "Mitigating information security risks by increasing user security awareness: A case study of an information security awareness system". Information Technology, Learning, and Performance Journal, 24(1), 1.
Cooper Ph. D, M. (2000). "Towards a model of safety culture". Safety science, 36(2), 111-136.
Da Veiga, A, Martins, N. (2015). "Improving the information security culture through monitoring and implementation actions illustrated through a case study". Computers & Security, 49, 162-176.
Da Veiga, A, Martins, N, Eloff, J H. (2007). "Information security culture- validation of an assessment instrument". Southern African Business Review, 11(1), 147-166.
Fawcett, S E, Wallin, C, Allred, C, Fawcett, A M, Magnan, G M. (2011). "Information technology as an enabler of supply chain collaboration: a dynamic- capabilities perspective". Journal of Supply Chain Management, 47(1), 38-59.
Hansche, S. (2001). "Designing a security awareness program: Part 1". Information systems security, 9(6), 1-9.
Ilvonen, I. (2011). Information Security Culture or Information Safety CultureWhat do Words Convey? Paper presented at the European Conference on Information Warfare and Security.
Katsikas, S K. (2000). "Health care management and information systems security: awareness, training or education?". International journal of medical informatics, 60(2), 129-135.
Knapp, K J, Marshall, T E, Kelly Rainer, R, Nelson Ford, F. (2006). "Information security: management's effect on culture and policy". Information Management & Computer Security, 14(1), 24-36.
Kruger, H A, Kearney, W D. (2006). "A prototype for assessing information security awareness". computers & security, 25(4), 289-296.
Marşap, A, Akalp, G, Yeniman, E. (2010). "Sağlık işletmelerinde insan kaynağının kurumsal bilgi güvenliği kültürü gelişimi". International Journal Of Informatics Technologies, 3(1).
Mcintosh, B. (2011). An ethnographic investigation of the assimilation of new organizational members into an information security culture: Nova Southeastern University.
Mitnick, K D, Simon, W L. (2011). The art of deception: Controlling the human element of security: John Wiley & Sons.
Nonaka, I. (1994). "A dynamic theory of organizational knowledge creation". Organization science, 5(1), 14-37.
Patnayakuni, R, Patnayakuni, N. (2014). "Information security in value chains: a governance perspective".
Sabherwal, R, Sein, M K, Marakas, G M. (2003). "Escalating commitment to information system projects: findings from two simulated experiments". Information & Management, 40(8), 781-798.
Siponen, M T. (2000). "A conceptual foundation for organizational information security awareness". Information Management & Computer Security, 8(1), 31-41.
Stanton, J M, Stam, K R, Guzman, I, Caldera, C. (2003). Examining the linkage between organizational commitment and information security. Paper presented at the Ieee International Conference on Systems Man and Cybernetics.
Von Solms, B. (2000). "Information security--the third wave?". Computers & Security, 19(7), 615-620.
Vural, Y, Sağıroğlu, Ş. (2008). "Kurumsal Bilgi Güvenliği Ve Standartları Üzerine Bir İnceleme". Gazi Üniversitesi Mühendislik-Mimarlık Fakültesi Dergisi, 23(2).
Woodhouse, S. (2007). Information security: end user behavior and corporate culture. Paper presented at the Computer and Information Technology, 2007. CIT 2007. 7th IEEE International Conference on.
Zafar, H, Clark, J G. (2009). "Current state of information security research in IS". Communications of the Association for Information Systems, 24(1), 34.