The impact of organizational culture on information security during development and management of IT systems : A comparative study between Japanese and Swedish banking industry

Abstract: The objective of this study is to investigate how banks are working with information security by performing a comparative study between banks in Japan and Sweden. Special focus is given to the impact of organizational culture when developing IT-systems. The material analyzed is collected through semi-structured interviews with banks in Japan and Sweden, and additional interviews with professionals within the field of information security. The findings show that banks in both Japan and Sweden take information security seriously, both from a technical and an organizational culture point of view. They have implemented technological countermeasures and try to impose a safety culture by educating their employees. Organizational culture aspects are demonstrated to have a great impact on the development of IT systems from an information security perspective. The development process of IT systems are different between the countries, the Swedish banks have started to use the agile development method, while the Japanese banks still use the more traditional waterfall method. The result also implies that in Sweden there is an open climate and a greater trust between the banks which have lead to collaboration between the major banks and the development of innovative products. In Japan it is more difficult for the banks to create trustworthy relationships and share their information security knowledge to the same extent. The findings strengthen the notion in related research that cultural aspects have influence on how information security is managed.