Technology-push and need-pull roles in information system security diffusion

Quey Jen Yeh, Chang Arthur Jung-Ting

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)


Research of information system security (ISS) usually conceives of security models on the basis of positive, strategic benefits, such as planning or developing a security baseline. However, ISS works only when it enables an organization to protect against attacks, so managers seldom adopt positively based new security measures. By theorising ISS as a technology cluster that consists of distinguishable but interrelated countermeasures, this study analyses managers' security concerns on the basis of two forces - technology-push (TP) and need-pull (NP) - traditionally applied to technology diffusion. Both TP, which entails managers' perceived security threats, and NP, or requirements associated with the industry, organisational readiness, and security incidents, forces may prompt organisational ISS diffusion. The empirical findings suggest this conceptualisation effectively explains organisational ISS diffusion, though NP forces appear dominant. In general, organisations are less likely to adopt new security measures unless compelled to do so by industry or security gaps or if they are large enough and technically prepared for security innovations. Therefore, organisations should adjust their security plans to align with the threats facing their industries.

Original languageEnglish
Pages (from-to)321-343
Number of pages23
JournalInternational Journal of Technology Management
Issue number2-3
Publication statusPublished - 2011 Mar

All Science Journal Classification (ASJC) codes

  • Industrial relations
  • General Engineering
  • Computer Science Applications
  • Strategy and Management
  • Law


Dive into the research topics of 'Technology-push and need-pull roles in information system security diffusion'. Together they form a unique fingerprint.

Cite this