The Relation of Information Security Management System Efficiency with Organizational Agility Case Study: Isfahan Mobarakeh Steel Company

This study was aimed to investigate the relationship between the system of information security management and organization agility in Mobarakeh Steel Company of Isfahan. The descriptive-correlational research method was used and the documentary method also was used to formulate the theoretical framework of the research. The statistical population included those expert, employees of Mobarakeh Steel Company who dealt with information systems in performing their work processes. The number of the aforementioned employees was reported to be 2150 in 2014. In this research, the Standard Organizational Agility Scale by Zhang and Sharifi and the substantive questionnaire of the system of information security management were employed. The obtained data was analyzed using statistical methods named correlation coefficient and one-way variance analysis. The results revealed that there is a positive significant relationship between the efficiency of the system of information security management and organizational agility at p=0.029 (p 0.05) significance level. The variance analysis showed no significant difference in the sample population’s perception of the relationship between the system of information security management and organizational agility in terms of variables including job position, years of service, and place of service. However, a significant difference was observed in terms of academic level.


Introduction
Although discussion on having access to information and information security and protection across the country has been proposed for rulers since far past and obtaining martial and civil information that sometimes caused ethnic destruction, information security has found a new dimension by the development of information technology and the use of information as a business tool and profitable capital.In modern business, information plays the role of a firm's capital and protection of the firm's information is one of the important elements of its survival.Globalization of economy has led to global competition and many companies have to cooperate with other firms to continue their presence in the global arena.Thus, classification, valuation and protection of information resources of an organization (either about the information system or members of an organization) are very important and vital (Pipkin, 2000).On the other hand, agile organization as the 21 st paradigm has many adherents and is regarded as a successful strategy in competitive markets with rapid changes of customers' needs.Generally, it can decrease costs, increase market share, satisfy customers' needs, pave the way to launch new products, and enhance competition for an organization (Mehryar, 2008).One of the major priorities of agile systems is paying much attention to information.Information transfer in agile organizations is high and requires serious protection of key information (Ebrahimian, 2012).
In recent years, considerable progresses in information technology have largely been resulted in basic changes in business affairs of organizations (Rashidi Rad et al., 2011).In order to achieve more competitive ability, firms intend to enhance customers' satisfaction and improve their business efficiency.On-time delivery of products with the cost price or less than it tend to increase competitive ability.Firms know that they cannot improve efficiency of the organization and their business performance without focusing on information security (Sangho, 2007).Given the wide use of the internet, information exchange and the related expenditures for information integration, the topic of control and management of information transfer and existence of a comprehensive system for information security management had been established since the topic of physical security was proposed.These two topics can support each other that create the framework for security control in firms (Tip ton, 2003).Achievements of the information and financial flow increase business performance as well as competitive ability of firms in the global markets.Information security management system can be effective on information authenticity, accuracy, coordination, accessibility, originality, etc. through assimilation, control increase and centralization of information systems control.Therefore, it is expected that information security management system-that guarantees access to proper and on-time information as a system with central control-is effective on increased level of organizational agility (Kanan & Tan, 2005).
Competitive price and high quality are essential in the current age but they are not the determinants of business success.Rather, the speed of access to the market and rapid and flexible response to the customer have been considered as a basic principle.Compatibility with change in business environment is highly stressed in the modern world that gaining agility is the necessity to respond to these changing factors (Khoshsima, 2004).Agility is the firm's ability to respond to change in order to utilize the opportunities that are created based on this change (Molahosseini, 2008).Information is regarded as one of the most efficient elements and is one of the major levers that establish agility capabilities for organizations that without it, is not possible to make a firm agile.
Mobarakeh Steel Company as an agile manufacturing company in Iran and even in the Middle East plays a key role in production of steel plates and has a great share in direct and indirect employments inside the country.Since productions of this company are in process form and the information in this cycle of process has a special importance, production quality and customer satisfaction are directly related to information authenticity, accuracy and accessibility.On the other hand, this company has utilized the information technology and systems to enhance its competitive ability in the region in order to integrate and centralize its required information.It has executed the information security management system to ensure information authenticity and accuracy, information coordination and integration, human and hardware error prevention, and proper control of physical and human displacements.Hence, research on the relationship between efficiency of information security management system and organizational agility in this company seems necessary.

Literature Review
There are a few studies on the relationship between information security management system and organizational agility but a lot of studies have been carried out about each one separately.It seems that there is a link between the two variables; thus, this study is focused on the relationship between them.
In a study entitled "the role of information technology in agile production in Zara cloths manufactures in Spain", Christopher (2000) indicated that production of Zara cloths in Spain has been flexible against the changes with the support of information technology.Moreover, it has quickly been coordinated with the market and has been converted into an agile producer in cloths industry.Yusuf et al. (2004) proposed the agile organization model from human dimension.In their model, elements such as leadership, culture, information technology, organizational membership, suppliers, customers, and the reward system are major aspects of agility.They concluded that human factors along with advanced production of information technology can enhance flexibility and accountability via agile production.Mondragon et al. (2004) conducted a study entitled "evaluating the role of information systems in enhancement of agility in manufacturing firms" and concluded that information systems play a major role in enhanced agility of manufacturing firms.Kannan and Choon (2005) have referred to the positive effect of information integration through improving the communicative channels on quality of products and increased competition ability and thus enhanced business performance.Zain et al. (2005) performed a study on the relationship between information technology and organizational agility in Malaysia.They concluded that optimal use of information technology by employees will lead to more agility of the organization.
In a paper entitled "enhancement of agility through on-time information sharing in China".Li et al. (2006) concluded that on-time information sharing by improving the stability and performance of production chain enhances organizational agility.
In a paper entitled "the effect of use of information systems on improved prioritizing of Karafarin Insurance Company", Ebrahimi (2007) indicated that information systems can help firms develop their activity, offer new products and services, change the jobs and workflows, and create important changes in how work and business are organized and thus, enhance their productivity and efficiency.The results of this study revealed that managers need suitable information tools which provide perfect, proper and on-time information and make further controls possible in order to understand internal weaknesses and strengths, environmental threats and opportunities and adopt strategic decisions as well as rapid, appropriate and on-time action.With regard to the effect of information systems on competitive position of Karafarin Insurance Company, this company has been able to enhance its competitive advantage to a large extent through advanced information systems and modern technologies.Fathian and Golchinpour (2007) investigated the importance of agility in firms especially, manufacturing firms and its impact on competitive position of the firm, firm's readiness to encounter with any change, reduction of organizational expenses and attraction of customers' satisfaction in a study entitled "agility strategies in manufacturing firms".Then they mentioned the dimensions of agile production and tools of the firm to realize agility.This study was carried out in Mega Motor Company and the result was that there was a gap between the existing agility and agility required by the company under study.Mahmoudzadeh (2007) conducted a study entitled "the effect of information security management on information systems in three independent firms"; i.e. an administrative firm, a business firm and an auto parts manufacturer.The major purpose of this study was to identify and measure the effective factors which threaten information systems of firms with the danger of theft, destruction or change of the information.Human force security, physical security and information security are three major factors whose validity was evaluated.The obtained results showed that lack of users' awareness was the highest threat and then human force security was the second threat for information security of information systems.
In a paper entitled "access to supply chain agility through information technology and flexibility integration" that was conducted in several companies in the US, Swafford et al. (2008) concluded that in order to achieve agility, firms should first invest in information technology integration and then flexibility of processes.Taghva (2012) conducted a study and concluded that the role of information security management systems in improved performance of supply chain, increased authenticity and accuracy of the information, having access to proper and on-time information, and reduced errors of the management system is effective.Jafarian (2011) investigated the relationship between the use of information security management system and integration of organizational processes in supply chain and the effect of implementing information security management system on increased integration of supply chain.The results disclosed that the effect of different dimensions of information security management including information coordination, human and hardware errors prevention, information authenticity and accuracy, and creating educational context for users on internal and external integration of organizational processes in supply chain enhance the integration of organizational processes in supply chain.
In his master's thesis entitled "exploring the relationship between information systems establishment and firm's performance" (case study: Namaad Iran IT company) Dadashzadeh (2012) stated that survival in the competition world in the current high stressed and high speed world is one of the greatest challenges for managers.They require proper and accurate information more than any other time in the past to be able to make the best possible decision in the shortest time and execute it.Organizational information systems, thus, have been specially considered and converted into one of the most important organizational arteries.
In a study entitled "the role of information security management use in decreased reinforcement of orders in one of the automotive industries", Jafarian (2012) illustrated that small and large firms have used information technology more than ever in information transfer, financial exchanges, and supervision of their accelerated businesses.
There are various studies including Lim, 2015, Javdani, 2014, Kim, and Jeoung, 2015, Kim, 2015;Irudayasamy, Arockiam, 2015, and Sheikhpour, and Moradi, that each one has explored the relationship between information security management system and agility in different institution using different methods.
The most comprehensive framework for agility among the existing theoretical literature is the model proposed by Sharifi and Zhang.This conceptual model, thus, was used to explore the relationship between efficiency of information security management system and agility capabilities of the organization.

Methodology
This study was conducted using descriptive-correlation-field methodology.The statistical population included experts of Mobarakeh Steel Company, consisting of 2150 in 2014, who worked with information systems professionally.
The researcher distributed 326 questionnaires among the research sample that was selected through simple random sampling method and Cochran sampling formula.Two-hundred eighty eight respondents returned the questionnaires (return coefficient was equal to 83%).The standard questionnaire of agility level (Sharifi- Zhang, 2000) and also the substantive questionnaire of information security management system were employed to gather the required data.
Cronbach's alpha was employed to measure reliability of the measurement tool based on a pilot study and pre-test on the sample (30 persons).Because values of the Cronbach's alpha for questionnaires and research indexes were equal to 0.752 and more than 0.7 at the significance level 0.5, it showed reliability of the test as well as the reliability and internal consistency of the questionnaire.

Data Analysis Procedures
For the analysis of data in descriptive statistics section, criterions such as frequency, percentage, mean, and standard deviation were used to describe the variables and questions of the questionnaire.To test the hypotheses regarding the relationship between information security management system and organizational agility and their dimensions, Pearson correlation coefficient was employed.One-way ANOVA was used to test the complementary hypotheses and SPSS 19 software was applied for statistical analysis.

Testing the Research Hypotheses
In this section, the research hypotheses are analyzed statistically and Pearson correlation coefficient, variance analysis along with the significance level are used to test the main hypothesis.Main hypothesis: Study the relationship between efficiency of information security management system and organizational agility.The main research question investigated by means of correlation coefficient.The results are displayed in Table 1.The results in Table 1 show that there is a significant relationship between information security management system and organizational agility.The value and sign of Pearson correlation coefficient illustrate that there is a direct relationship between information security management system and organizational agility and agility of the organization is increased if the mentioned variables are enhanced.Regression modeling was conducted to predict the use of information security system in organizational agility and the results are presented below.

Correlations among the Research Variables
Spearman correlation coefficient was used for correlation analysis of variables including information security management (independent variable) and organizational agility capabilities (dependent variable).Table 2 shows the results of this test.Each value in this table shows that the test is significant (sig).In order to accept the hypothesis regarding existence of correlation between the two variables, value of sig should be less than 0.05.
Variables which have correlation with each other are shown with an asterisk.

Summary
General results of descriptive statistics which investigate mean of agility dimensions and information security management system extracted from responses to the questionnaires and the results of inferential statistics that illustrate Pearson correlation coefficient and significance level of all dimensions of information security management system as the independent variable with organizational agility as the dependent variable are displayed in Tables 3 and 4 respectively.

Discussion and Conclusion
The present study explored the relationship between efficiency of information security management system and organizational agility in Mobarakeh Steel Company.For this purpose, opinions of 288 employees of this company were studied by means of two questionnaires of efficiency and the results of implementing information security management system and organizational agility.The collected data was analyzed through statistical methods of correlation coefficient and variance analysis.
Findings according to Table 1 showed that there is a significant correlation between efficiency of information security management system and agility capabilities in Mobarakeh Steel Company.Similarly, according to Table 2, the findings reveal that proper use of hardware tools, knowledge workers, database management, perfect and integrated, accurate, authentic and on-time information, and multi-skilled and flexible employees are effective on gaining organizational agility.On the other hand, different firms need a strong information security management system and they should update their system along with the environmental changes considering the importance and value of their information and prevention of reworking, danger of information theft or change as well as the influence of strangers in databases, and keeping the information safe by development of information networks and insertion of organizational data in such networks, and decentralized accessibility to the data.Since information security management system is effective on increased authenticity and accuracy of information, access to proper and on-time information, and reduction of the management system errors, it can be stated that information plays a key role in achieving competitive advantage including organizational agility.Whatever such information is proper, on-time and coordinated, it is more effective on achieving organizational agility.

Figure 1 .
Figure 1.Conceptual model of the main hypothesis

Table 1 .
Correlation test between function of information security management system and organizational agility(number: 288)

Table 2 .
Results of correlation analysis of ISMS factors and dimensions of organizational agility capabilitiesThe first number in each cell shows test significance and the second number shows Spearman correlation coefficient. *

Table 3 .
Mean of dimensions of information security management system and organizational agility capabilities