{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:19:27Z","timestamp":1754158767401,"version":"3.41.2"},"reference-count":46,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2015,11,9]],"date-time":"2015-11-09T00:00:00Z","timestamp":1447027200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,11,9]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>\u2013 This paper aims to discuss the need for management control system for information security management that encapsulates the technical, formal and informal systems. This motivated the conceptualization of supply chain information security from a management controls perspective. Extant literature on information security mostly focused on technical security and managerial nuances in implementing and enforcing technical security through formal policies and quality standards at an organizational level. However, most of the security mechanisms are difficult to differentiate between businesses, and there is no one common platform to resolve the security issues pertaining to varied organizations in the supply chain.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>\u2013 The paper was conceptualized based on the review of literature pertaining to information security domain.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>\u2013 This study analyzed the need and importance of having a higher level of control above the already existing levels so as to cover the inter-organizational context. Also, it is suggested to have a management controls perspective for an all-encompassing coverage to the information security discipline in organizations that are in the global supply chain.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>\u2013 This paper have conceptualized the organizational and inter-organizational challenges that need to be addressed in the context of information security management. It would be difficult to contain the issues of information security management with the existing three levels of controls; hence, having a higher level of security control, namely, the management control that can act as an umbrella to the existing domains of security controls was suggested.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-07-2014-0050","type":"journal-article","created":{"date-parts":[[2015,11,3]],"date-time":"2015-11-03T03:30:17Z","timestamp":1446521417000},"page":"476-496","source":"Crossref","is-referenced-by-count":7,"title":["Information security in supply chains: a management control perspective"],"prefix":"10.1108","volume":"23","author":[{"given":"Sindhuja","family":"P N","sequence":"first","affiliation":[]},{"given":"Anand S.","family":"Kunnathur","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020121921023890600_b1","unstructured":"Anthony, R.N. and Govindarajan, V. (2007), Management Control Systems , McGraw-Hill, New York, NY."},{"key":"key2020121921023890600_b2","unstructured":"Asai, T. and Perez, J.L.C. (2012), \u201cHuman-related problems in information security faced by Japanese, British and American overseas companies because of cultural differences\u201d, China-USA Business Review , Vol. 11 No. 1, pp. 86-101."},{"key":"key2020121921023890600_b3","doi-asserted-by":"crossref","unstructured":"Ashenden, D. (2008), \u201cInformation security management: a human challenge?\u201d, Tech. Rep. No. 13, Department of Informatics & Sensors, Cranfield University, Swindon.","DOI":"10.1016\/j.istr.2008.10.006"},{"key":"key2020121921023890600_b4","doi-asserted-by":"crossref","unstructured":"Autry, C.W. and Bobbitt, L.M. (2008), \u201cSupply chain security orientation: conceptual development and a proposed framework\u201d, International Journal of Logistics Management , Vol. 19 No. 1, pp. 42-64.","DOI":"10.1108\/09574090810872596"},{"key":"key2020121921023890600_b5","doi-asserted-by":"crossref","unstructured":"Bandyopadhyay, T. , Jacob, V. and Raghunathan, S. (2010), \u201cInformation security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest\u201d, Information Technology Management , Vol. 11 No. 7, pp. 7-23.","DOI":"10.1007\/s10799-010-0066-1"},{"key":"key2020121921023890600_b6","unstructured":"Barlas, S. , Queen, R. , Radowitz, R. , Shillam, P. and Williams, K. (2007), \u201cTop 10 technology concerns\u201d, Strategic Finance , Vol. 88 No. 1, pp. 1-21."},{"key":"key2020121921023890600_b7","doi-asserted-by":"crossref","unstructured":"Baskerville, R. (1991), \u201cRisk analysis: an interpretive feasibility tool in justifying information systems security\u201d, European Journal of Information Systems , Vol. 1 No. 2, pp. 121-130.","DOI":"10.1057\/ejis.1991.20"},{"key":"key2020121921023890600_b8","doi-asserted-by":"crossref","unstructured":"Baskerville, R. and Siponen, M. (2002), \u201cAn information security meta-policy for emergent organizations\u201d, Journal of Logistics Information Management , Vol. 15 Nos 5\/6, pp. 337-346.","DOI":"10.1108\/09576050210447019"},{"key":"key2020121921023890600_b9","doi-asserted-by":"crossref","unstructured":"Brotby, W.K. (2009), Information Security Management Metrics , CRC Press, Boca Raton, FL.","DOI":"10.1201\/9781420052862"},{"key":"key2020121921023890600_b10","doi-asserted-by":"crossref","unstructured":"Bryant, K. and Campbell, J. (2006), \u201cUser behaviors associated with password security and management\u201d, Australasian Journal of Information Systems , Vol. 14 No. 1, pp. 81-100.","DOI":"10.3127\/ajis.v14i1.9"},{"key":"key2020121921023890600_b11","unstructured":"BS 7799 (1999), Information Security Management Part 2: Specification for Information Security Management Systems , British Standards Institute, London."},{"key":"key2020121921023890600_b12","doi-asserted-by":"crossref","unstructured":"Bulgurcu, B. , Cavusoglu, H. and Benbasat, I. (2010), \u201cInformation security policy compliance: an empirical study of rationality-based beliefs and information security awareness\u201d, MIS Quarterly , Vol. 34 No. 3, pp. 523-548.","DOI":"10.2307\/25750690"},{"key":"key2020121921023890600_b13","doi-asserted-by":"crossref","unstructured":"Chen, C.C. , Medlin, B.D. and Shaw, R.S. (2008), \u201cA cross-cultural investigation of situational information security awareness programs\u201d, Information Management & Computer Security , Vol. 16 No. 4, pp. 360-376.","DOI":"10.1108\/09685220810908787"},{"key":"key2020121921023890600_b14","doi-asserted-by":"crossref","unstructured":"Dhillon, G. (2001), \u201cViolation of safeguards by trusted personnel and understanding related information security concerns\u201d, Computers & Security , Vol. 20 No. 2, pp. 165-172.","DOI":"10.1016\/S0167-4048(01)00209-7"},{"key":"key2020121921023890600_b15","unstructured":"Dhillon, G. (2007), Principles of Information Systems Security: Text and Cases , John Wiley and Sons, New York, NY."},{"key":"key2020121921023890600_b16","doi-asserted-by":"crossref","unstructured":"Dhillon, G. and Backhouse, J. (2001), \u201cCurrent directions in IS security research: toward socio-organizational perspectives\u201d, Information Systems Journal , Vol. 11 No. 2, pp. 127-153.","DOI":"10.1046\/j.1365-2575.2001.00099.x"},{"key":"key2020121921023890600_b17","doi-asserted-by":"crossref","unstructured":"Dhillon, G. and Moores, S. (2001), \u201cComputer crimes: theorizing about the enemy within\u201d, Computers & Security , Vol. 20 No. 8, pp. 715-723.","DOI":"10.1016\/S0167-4048(01)00813-6"},{"key":"key2020121921023890600_b18","doi-asserted-by":"crossref","unstructured":"Doherty, N.F. and Fulford, H. (2006), \u201cAligning the information security policy with the strategic information systems plan\u201d, Computers & Security , Vol. 25 No. 1, pp. 55-63.","DOI":"10.1016\/j.cose.2005.09.009"},{"key":"key2020121921023890600_b19","doi-asserted-by":"crossref","unstructured":"Fiala, P. (2005), \u201cInformation sharing in supply chains\u201d, Omega , Vol. 33, pp. 419-423.","DOI":"10.1016\/j.omega.2004.07.006"},{"key":"key2020121921023890600_b20","doi-asserted-by":"crossref","unstructured":"Finne, T. (1996), \u201cThe information security chain in a company\u201d, Computers & Security , Vol. 15, pp. 297-316.","DOI":"10.1016\/0167-4048(96)88941-3"},{"key":"key2020121921023890600_b21","doi-asserted-by":"crossref","unstructured":"Fulford, H. and Doherty, N.F. (2003), \u201cThe application of information security policies in large UK-based organizations: an exploratory investigation\u201d, Information Management & Computer Security , Vol. 11 No. 3, pp. 106-114.","DOI":"10.1108\/09685220310480381"},{"key":"key2020121921023890600_b22","doi-asserted-by":"crossref","unstructured":"Griffith, D.A. , Matthew, B.M. and Michael, G.H. (2006), \u201cThe role of culture in relationship and knowledge development in Japan and Unites States intra- and inter-cultural inter-organizational Exchanges\u201d, Journal of International Marketing , Vol. 14 No. 3, pp. 1-32.","DOI":"10.1509\/jimk.14.3.1"},{"key":"key2020121921023890600_b23","doi-asserted-by":"crossref","unstructured":"Guo, K.H. , Yuan, Y. , Archer, N.P. and Connelly, C.E. (2011), \u201cUnderstanding nonmalicious security violations in the workplace: a composite behavior model\u201d, Journal of Management Information Systems , Vol. 28 No. 2, pp. 203-236.","DOI":"10.2753\/MIS0742-1222280208"},{"key":"key2020121921023890600_b24","doi-asserted-by":"crossref","unstructured":"Hagen, J.M. , Albrechtsen, E. and Hovden, J. (2008), \u201cImplementation and effectiveness of organizational information security measures\u201d, Information Management & Computer Security , Vol. 16 No. 4, pp. 377-397.","DOI":"10.1108\/09685220810908796"},{"key":"key2020121921023890600_b25","doi-asserted-by":"crossref","unstructured":"Herath, T. and Rao, H.R. (2009), \u201cEncouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness\u201d, Decision Support Systems , Vol. 47, pp. 154-165.","DOI":"10.1016\/j.dss.2009.02.005"},{"key":"key2020121921023890600_b26","doi-asserted-by":"crossref","unstructured":"Kankanhalli, A. , Teo, H.-H. , Tan, B.C. and Wei, K.-K. (2003), \u201cAn integrative study of information systems security effectiveness\u201d, International Journal of Information Management , Vol. 23 No. 2, pp. 139-154.","DOI":"10.1016\/S0268-4012(02)00105-6"},{"key":"key2020121921023890600_b27","doi-asserted-by":"crossref","unstructured":"Karyda, M. , Kiountouzis, E. and Kokolakis, S. (2005), \u201cInformation systems security policies: a contextual perspective\u201d, Computers & Security , Vol. 24, pp. 246-260.","DOI":"10.1016\/j.cose.2004.08.011"},{"key":"key2020121921023890600_b28","doi-asserted-by":"crossref","unstructured":"Kolluru, R. and Meredith, P.H. (2001), \u201cSecurity and trust management in supply chains\u201d, Information Management & Computer Security , Vol. 9 No. 5, pp. 233-236.","DOI":"10.1108\/09685220110408031"},{"key":"key2020121921023890600_b29","doi-asserted-by":"crossref","unstructured":"Kraemer, S. and Carayon, P. (2007), \u201cHuman errors and violations in computer and information security: the viewpoint of network administrators and security specialists\u201d, Applied Ergonomics , Vol. 38, pp. 143-154.","DOI":"10.1016\/j.apergo.2006.03.010"},{"key":"key2020121921023890600_b30","doi-asserted-by":"crossref","unstructured":"Ma, Q. , Johnston, A.C. and Pearson, J.M. (2008), \u201cInformation security management objectives and practices: a parsimonious framework\u201d, Information Management & Computer Security , Vol. 16 No. 3, pp. 251-270.","DOI":"10.1108\/09685220810893207"},{"key":"key2020121921023890600_b31","doi-asserted-by":"crossref","unstructured":"Mouratidis, H. , Jahankhani, H. and Nkhoma, M.Z. (2008), \u201cManagement versus security specialists: an empirical study on security related perceptions\u201d, Information Management & Computer Security , Vol. 16 No. 2, pp. 187-205.","DOI":"10.1108\/09685220810879645"},{"key":"key2020121921023890600_b32","unstructured":"Poluha, R.G. (2007), Application of the SCOR Model in Supply Chain Management , Cambria Press, Amherst, NY."},{"key":"key2020121921023890600_b33","doi-asserted-by":"crossref","unstructured":"Sahin, F. and Robinson, E.P. (2002), \u201cFlow coordination and information sharing in supply chains: review, implications and directions for future research\u201d, Decision Sciences , Vol. 33 No. 4, pp. 505-536.","DOI":"10.1111\/j.1540-5915.2002.tb01654.x"},{"key":"key2020121921023890600_b34","doi-asserted-by":"crossref","unstructured":"Sarathy, R. (2006), \u201cSecurity and the global supply chain\u201d, Transportation Journal , Vol. 45 No. 4, pp. 29-52.","DOI":"10.5325\/transportationj.45.4.0028"},{"key":"key2020121921023890600_b46","doi-asserted-by":"crossref","unstructured":"Siponen, M.T. (2001), \u201cA conceptual foundation for organizational information security awareness\u201d, Information Management and Computer Security , Vol. 8 No. 1, pp. 31-41.","DOI":"10.1108\/09685220010371394"},{"key":"key2020121921023890600_b35","doi-asserted-by":"crossref","unstructured":"Smith, G.E. , Watson, K.J. , Baker, B.H. and Pokorski, J.A. (2007), \u201cA critical balance: collaboration and security in the IT-enabled supply chain\u201d, International Journal of Production Research , Vol. 45 No. 11, pp. 2595-1613.","DOI":"10.1080\/00207540601020544"},{"key":"key2020121921023890600_b36","doi-asserted-by":"crossref","unstructured":"Tan, F.B. and Hunter, M.G. (2002), \u201cThe repertory grid technique: a method for the study of cognition in information systems\u201d, MIS Quarterly , Vol. 26 No. 1, pp. 39-57.","DOI":"10.2307\/4132340"},{"key":"key2020121921023890600_b37","doi-asserted-by":"crossref","unstructured":"Torkzadeh, G. and Dhillon, G. (2002), \u201cMeasuring factors that influence the success of Internet commerce\u201d, Information Systems Research , Vol. 13 No. 2, pp. 187-204.","DOI":"10.1287\/isre.13.2.187.87"},{"key":"key2020121921023890600_b38","doi-asserted-by":"crossref","unstructured":"van Veen-Dirks, P.M.G. and Verdaasdonk, P.J.A. (2009), \u201cThe dynamic relation between management control and governance structure in a supply chain context\u201d, Supply Chain Management: An International Journal , Vol. 14 No. 6, pp. 466-478.","DOI":"10.1108\/13598540910995237"},{"key":"key2020121921023890600_b39","doi-asserted-by":"crossref","unstructured":"Veiga Da, A. and Eloff, J.H.P. (2010), \u201cA framework and assessment instrument for information security culture\u201d, Computers & Security , Vol. 29 No. 2, pp. 196-207.","DOI":"10.1016\/j.cose.2009.09.002"},{"key":"key2020121921023890600_b40","doi-asserted-by":"crossref","unstructured":"von Solms, B. (2000), \u201cInformation security \u2013 the third wave\u201d, Computers & Security , Vol. 19 No. 7, pp. 615-620.","DOI":"10.1016\/S0167-4048(00)07021-8"},{"key":"key2020121921023890600_b41","doi-asserted-by":"crossref","unstructured":"von Solms, R. (1998), \u201cInformation security management: why information security is so important\u201d, Information Management & Computer Security , Vol. 6 No. 5, pp. 224-225.","DOI":"10.1108\/09685229810240158"},{"key":"key2020121921023890600_b42","doi-asserted-by":"crossref","unstructured":"Voss, M.D. , Whipple, J.M. and Closs, D.J. (2008), \u201cThe role of strategic security: internal and external security measures with security performance implications\u201d, Transportation Journal , Vol. 28 No. 2, pp. 5-23.","DOI":"10.5325\/transportationj.48.2.0005"},{"key":"key2020121921023890600_b43","doi-asserted-by":"crossref","unstructured":"Werlinger, R. , Hawkey, K. and Beznosov, K. (2009), \u201cAn integrated view of human, organizational and technological challenges of IT security management\u201d, Information Management & Computer Security , Vol. 17 No. 1, pp. 4-19.","DOI":"10.1108\/09685220910944722"},{"key":"key2020121921023890600_b44","doi-asserted-by":"crossref","unstructured":"William, Z. , Ponder, N. and Autry, C.W. (2009), \u201cSupply chain security culture: measure development and validation\u201d, The International Journal of Logistics Management , Vol. 20 No. 2, pp. 243-260.","DOI":"10.1108\/09574090910981323"},{"key":"key2020121921023890600_b45","doi-asserted-by":"crossref","unstructured":"Yang, C. and Wei, H. (2011), \u201cThe effect of supply chain security management on security performance in container shipping operations\u201d, Supply Chain Management: An International Journal , Vol. 18 No. 1, pp. 74-85.","DOI":"10.1108\/13598541311293195"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-07-2014-0050","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2014-0050\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2014-0050\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:01Z","timestamp":1753406581000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/5\/476-496\/110947"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,11,9]]},"references-count":46,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2015,11,9]]}},"alternative-id":["10.1108\/ICS-07-2014-0050"],"URL":"https:\/\/doi.org\/10.1108\/ics-07-2014-0050","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2015,11,9]]}}}