1Kwakye Agyapong, PhD, 2Isaac Boakye
1Metropolitan Consulting Group
2Accra Institute of Technology
DOI : https://doi.org/10.47191/ijmra/v8-i03-42Google Scholar Download Pdf
ABSTRACT:
This study examines the effect of an Information Security Management System (ISMS) on organizational performance in a Small and Medium Business (SMB), with a focus on Red Mango Ltd. The study employed a correlational survey design to assess the relationship between ISMS implementation and organizational performance. Primary data was collected from 44 respondents, including management and staff, through structured questionnaires. The convenience sampling technique was used for respondent selection, and data analysis was conducted using the Statistical Package for Social Sciences (SPSS) version 25. Correlation and regression analyses were applied to determine the relationship and effect of ISMS on organizational performance. Findings revealed that ISMS is well-implemented at Red Mango Ltd, with clear policies, structured roles and responsibilities, and comprehensive employee training on security measures. Employees are well-informed about acceptable usage of information security systems, and security incidents are promptly reported. However, several challenges hinder ISMS implementation, including leadership issues, technical system difficulties, personnel constraints, and financial limitations. Despite these challenges, ISMS adoption has led to significant benefits, including regulatory compliance, optimized business processes, cost savings, improved information security awareness, enhanced company reputation, and increased productivity. The study further established a strong positive correlation between ISMS implementation and organizational performance at Red Mango Ltd. Regression analysis indicated that a unit increase in ISMS adoption results in a 0.495 increase in organizational performance, confirming its significant impact. The study concludes that effective ISMS implementation enhances security, improves operational efficiency, and contributes to overall business success. Organizations are encouraged to address implementation challenges through leadership commitment, technical capacity building, and financial investment to fully realize ISMS benefits.
KEYWORDS:Information Security Management System, ISMS, Organizational Performance, Small and Medium Business, Red Mango Ltd
REFERENCES1) Abugabah, A., Sanzogni, L., & Poropat, A. (2012). The Impact of Information Systems on user Performance: A critical review and theoretical model. Nathan, Brisbane, QLD 4111, Australia.
2) Al-Rashdi, Z., Dick, M., & Storey, I. (2017). Literature-based analysis of the influences of the new forces on isms: a conceptual framework. In Valli, C. (Ed.). (2017). The Proceedings of 15th Australian Information Security Management Conference, 5-6 December 2017, Edith Cowan University, Perth, Western Australia. (pp.116-124). This Conference Proceeding is posted at Research Online.https://ro.ecu.edu.au/ism/213
3) Amarachi, A.A., Okolie, S.O., & Ajeagbu, C. (2013). Information Security Management System: Emerging Issues and Prospect. Journal of Computer Engineering (IOSR-JCE),
4) Azeez, R.T., & Yaakub, K.B. (2019). The Effect of Management Information System on Organizational Performance: A Survey Study at Missan Oil Company in Iraq. Journal of Global Scientific Research. Vol 2, p 135-165
5) Bansal, P., Smith, W. and Vaara, E., 2018. New Ways of Seeing through Qualitative Research. Academy of Management Journal, 61(4), pp.1189-1195.
6) Bansal, Pratima & Smith, Wendy & Vaara, Eero. (2018). New Ways of Seeing through Qualitative Research. Academy of Management Journal. 61. 1189-1195. 10.5465/amj.2018.4004.
7) Bashroush, R., Akinyemi, I. and Schatz, D., 2020. SWOT analysis of information security management system ISO 27001. International Journal of Services Operations and Informatics, 10(4), p.305.
8) Bongiovanni, I., 2019. The least secure places in the universe? A systematic literature review on information security management in higher education. Computers & Security, 86, pp.350- 357.
9) Chang, S.E., & Ho, C.B. (2006). Organizational factors to the effectiveness of implementing information security management. Industrial Management & Data Systems, Vol 1
10) Collins, V. and Lanz, J., 2019. Managing Data as an Asset. The CPA Journal,.
11) Cooper, D. R., & Schindler, P. S. (2014). Business Research Methods 12th Edition. In Business Research Methods.
12) da Veiga, A. and Martins, N., 2015. Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, pp.162-176.
13) da Veiga, A. and Martins, N., 2017. Defining and identifying dominant information security cultures and subcultures. Computers & Security, 70, pp.72-94.
14) da Veiga, A., Astakhova, L., Botha, A. and Herselman, M., 2020. Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, p.101713.
15) Diesch, R., Pfaff, M. and Krcmar, H., 2020. A comprehensive model of information security factors for decision-makers. Computers & Security, 92, p.101747.
16) doi: 10.1097/ACM.0000000000003093
17) Dutton, J., 2020. What Is An ISMS? 9 Reasons Why You Should Implement One - IT Governance UK Blog. [online] IT Governance UK Blog. Available at:
18) Hangbae Chang, 2012. Is ISMS for financial organizations effective on their business? Mathematical and Computer Modelling, Volume 58, Issues 1–2,2013, Pages 79-84, ISSN 0895-7177, https://doi.org/10.1016/j.mcm.2012.07.018.
19) Hassan, N. and Ismail, Z., 2012. A Conceptual Model for Investigating Factors Influencing Information Security Culture in Healthcare Environment. Procedia - Social and Behavioral Sciences, 65, pp.1007-1012.
20) Irwin, L., 2019. What Is An ISMS And Why Does Your Organisation Need One? - IT Governance Blog En. [online] IT Governance Blog En. Available at:
21) Jain, S. and Chawla, D., 2020. A Relative Study on Different Database Security Threats and their Security Techniques. International Journal of Innovative Science and Research Technology, 5(1), pp.794-199.
22) Jalagat, R. (2017). Reflecting Change in a Changing World: The Human and Spiritual Dimension. European Business & Management, 4(3-1): 1-5. doi: 10.11648/j.ebm.s.20 18040301.11
23) Kandel, S., & Ndungu, M. (2015). Information Security Management in Organizations. An unpublished project work submitted to Centria AMMATTIKORKEAKOULU.
24) Malatji, M., Marnewick, A. and von Solms, S., 2020. Validation of a socio-technical management process for optimising cybersecurity practices. Computers & Security, 95, p.101846.
Volume 08 Issue 03 March 2025
There is an Open Access article, distributed under the term of the Creative Commons Attribution – Non Commercial 4.0 International (CC BY-NC 4.0) (https://creativecommons.org/licenses/by-nc/4.0/), which permits remixing, adapting and building upon the work for non-commercial use, provided the original work is properly cited.
Our Services and Policies
Authors should prepare their manuscripts according to the instructions given in the authors' guidelines. Manuscripts which do not conform to the format and style of the Journal may be returned to the authors for revision or rejected.
The Journal reserves the right to make any further formal changes and language corrections necessary in a manuscript accepted for publication so that it conforms to the formatting requirements of the Journal.
International Journal of Multidisciplinary Research and Analysis will publish 12 monthly online issues per year,IJMRA publishes articles as soon as the final copy-edited version is approved. IJMRA publishes articles and review papers of all subjects area.
Open access is a mechanism by which research outputs are distributed online, Hybrid open access journals, contain a mixture of open access articles and closed access articles.
International Journal of Multidisciplinary Research and Analysis initiate a call for research paper for Volume 08 Issue 04 (April 2025).
PUBLICATION DATES:
1) Last Date of Submission : 26 April 2025.
2) Article published within a week.
3) Submit Article : editor@ijmra.in or Online
Why with us
1 : IJMRA only accepts original and high quality research and technical papers.
2 : Paper will publish immediately in current issue after registration.
3 : Authors can download their full papers at any time with digital certificate.
The Editors reserve the right to reject papers without sending them out for review.
Authors should prepare their manuscripts according to the instructions given in the authors' guidelines. Manuscripts which do not conform to the format and style of the Journal may be returned to the authors for revision or rejected. The Journal reserves the right to make any further formal changes and language corrections necessary in a manuscript accepted for publication so that it conforms to the formatting requirements of the Journal.