Yesterday I attended the monthly ISACA Belgium chapter meeting. The topic was “The influence of national cultures on IT governance“. This very interesting question was the purpose of a paper published by Prof. A.J. Gilbert Silvius. The second presentation was performed by Layla El Kastite. She presented her thesis on the relationship between IT Governance and Business/IT alignment in the context of her German employer.
IT governance, even if mandatory, is not my favorite topic but the idea to link the multiculturalism with IT was a good approach. Why? The round table started with a classic joke: “This is the story of three men in a room: A Belgian, a French and a German guy…“. This is so true! People, coming from different countries, different organizations do not react in a same way. Why not the same in IT or more precisely Information Security? There are different aspects of the multiculturalism: national culture, organization culture, religion culture, etc. They make the perception or adoption of IT different. Living in Belgium, trust me, this is true! Organizations from the Flemish part of the country do not work as the others in the French side.
What kind of differences can we find in cultures?
- Power distance
- Collectivism <> Individualism
- Masculinism <> Feminism
- Uncertainty <> Avoidance
- Long <> Short term orientation
“Power distance is the extent to which less powerful members of institutions and organizations within a country expect and accept that power is distributed unequally.” (Hofstede page 262). Men and women can also react in a different way. In some countries, women prefer to stay at home and educate the children. In other countries (like in the north of Europe), men feel comfortable to stay at home. Some organizations are not afraid of uncertainty, others try to implement their IT for a very long period. Gilbert Silvius gave plenty of examples like those. Some international organizations also try to push their vision to foreign countries. A good example are the United States. Another style, in Germany, the IT departments decide themselves what are their projects and how to implement them.
If the study focuses on IT governance, there is clearly some material than can be reused and applied to information security. From a social engineering perspective, it could be interesting to know that people working in a specific (part of a) country or from this social origin are more individualist and won’t share important information. Or that other people are not afraid of some uncertainty in their day-to-day job. What if people are addicted to 9AM-5PM or that every Friday afternoon is dedicated to meetings? Less people checking their screens! Could be interesting to know…
The Prof. Gilbert Silvius’s study is available here.