Enterprises have increased their level of consciousness regarding information security management, due to the relevant nature of organizational information regarding competitiveness and survival in global markets. The importance that has been gained by information security management in enterprises worldwide has been enormous. On one hand, management boards are becoming aware of the need to protect data and information while on the other hand, cyberattacks are booming, as documented by worldwide cybersecurity institutions and the level of consciousness about the need to implement countermeasures have comprehensively increased. Information security management system is a framework of policies and controls that information security risks systematically and across your entire enterprise. With society’s increasing dependency on information technology, the consequences of security breaches can be extremely grave [1]. In addition to monetary losses, breaches of information systems can also cause damages to businesses such as disruption of internal processes and communications, the loss of potential sales, loss of competitive advantage, and negative impacts on a company’s reputation, goodwill and trust. In many cases, it is impossible or nearly impossible to run a business without the smooth and secure operation of its information systems [2].  To protect organizational information assets from both internal and external attacks, many different information security standards and guidelines have been proposed and developed. For example, the generally accepted system security principles (GASSP) is a joint international effort between ten countries to develop a set of rules, practices, and    procedures    to   achieve     information  integrity, availability, and confidentiality. The information must be protected against harm from threats leading to different types of impacts, such as loss, inaccessibility, alteration or wrongful disclosure. Threats include errors and omissions, fraud, accidents, and intentional damage and these are the measures adopted by creative organizations in order to remain competitive and relevant.  Information security management is a key aspect of IT governance, and it is an important issue for all computer users to understand and address. As computer systems have become more and more commonplace in all walks of life, from home to school and the office, unfortunately, so too have the security risks. In obvious scenario, the business value of information security management can be calculated on the basis of risk reduction, security as a (decreasing) cost of doing business and return on investment via enhanced trust relationships and improved business opportunity. Instead, code words such as "risk" and "trust" are used to show super security to commerce. In any case, unsecured enterprises are likely to face higher costs from poorly administered, expensive security programs, intellectual property losses, theft and lawsuits. Superior security is a competitive advantage, and poor security will be increasingly disadvantageous. Good security allows you to achieve a primary goal of the e-business era: reaching a greater number of customers with enhanced products and services. [3]. The goal of ISM is to align IT and business security to ensure InfoSec is effectively managed in all activities.  The practice of protecting the confidentiality, integrity and availability of data is not new; passwords, encryption and data classification structures have been around for years. What has changed is the type of data that's now considered valuable. From the external attacker perspective, intellectual property and insider information were once the most sought-after data asset. Now, the data currency of choice is identity, e-mail addresses, social security numbers and credit card information. Corporate espionage is still a significant threat, but the new underground deals in volume, where success is being measured in thousands and millions of identities. Information security management has been transformed to a vital business issue and it is treated like that both from Enterprises as well as service providers & vendors. The benefits of good information security are not just a reduction in risk or a reduction in the impact should something go wrong. Good security will improve an enterprise’s reputation, build its confidence and increase the trust from others with whom business is conducted, and can even improve efficiency by making it possible to avoid wasted time and effort recovering from a security incident. Having a good security posture can allow an organization successfully embrace new opportunities.  The challenge for information security management today is to serve the needs of the next generation of ubiquitous and converged network and service infrastructures for telecommunication, computing and media [4]. Information is a veritable tool that is central and pivotal to the decision making processes of the telecommunication industry as well as every other sector.  Since virtually all captains of industries rely heavily on information for decision making, it becomes a concern when organizational information is not protected against malicious attacks and unauthorized sharing. The differentials in information content at the disposal of an organization gives its an edge in a competitive world.  According to Andress, [5]. It is also a concern if the identity of information users is not authenticated before being granted access; it is also a huge source of concern when the integrity of organizational most valuable assets is not protected, neither are they made available to the right users who may need access to such information. It is also a disservice if telecommunication companies are not proactive enough to put in place information security measures capable of properly protecting their information repositories against any unforeseen attacks. Malicious attackers are improving their game all geared towards information misuse, disclosure, unavailability, loss and damage of organizational information. This development is enough to cause disconnect, as a result, this research effort was triggered by the need to address the lack of adequate information security management approaches needed to protect organization’s most valuable resource ‘information’ from unauthorized access. It is therefore the thrust of this to investigate the role of authentication, integrity, availability and information risk management to enhance a sustainable organization.

Literature

Situating this study likely in the resource base theory, one would understand that resources that are valuable, rare, difficult to imitate and nonsubstitutable best position an enterprise for long-term success. These strategic resources can provide the foundation to develop the firm’s capabilities that can lead to superior performance over time.  It then suggest that with secured information, telecommunication industry can increase their level of creativity when their information is authenticated, integrity, available, and management of risk in telecommunication operations.  Ross, Johnson, Katzke, Toth, Stoneburner and Rogers [6] stated that information systems are incredibly complex assemblages of technology, processes, and people that collaboratively function together to accommodate the processing, storage, and transmission of information to support an organization's mission and business functions. They argued that information security is crucial for information systems, and is central to the survival of a company. They stated, "The degree to which organizations have come to depend upon information and these information systems to conduct routine and critical missions and business functions means that the protection (Security) of the underlying systems and the information such systems host is paramount to the success of the organization. 

Authentication

Authentication is process of validating the user‘s identity. Users are identified using different authentication mechanisms. In a secured system the authentication process checks the information provided by the user with the database.  Abie [7] maintained that, if the information matches with the database, the user is granted access to the security system. There are three types of authentication mechanism used. Validation is the initial phase in access control, and there are three regular variables utilized for verification; something you know, something you have, and something you are. Something you know mostly requires individual to get access to the system by typing the username and password. Something you have is where the user uses smart card for authentications. Something you are where the user using biometrics methods to get access control. All types of authentication mechanisms allow users to get access to the system however they all work differently. There are many authentications methods developed for users to gain access to the system. In password authentication, there are two forms; weak password and strong password authentications. Access control allows the user to log in into the trusted sites of an organization. Every access control has four processes; identification, authentication, authorization, and accountability. The identification is when the user enters the ID and ID is checked with the security system. Some security system generates random IDs to protect against the attackers. There are three authentication processes.  By authenticating users before granting them access to information systems, Nigerian organizations especially the telecommunication industry proves that they are creative and proactive enough to safeguard their most valuable assets (information). Since they rely mainly on information for decision making, it is safe to say that; if organizational most valuable assets are compromised, the entire organization is also compromised.  ‘Identification’, ‘authentication’ and ‘authorization’ are three interrelated concepts, which form the core of a security system. Identification is the communication of an identity to an IS. Before authentication, the claimant typically provides the IS an identity anyway (for example, a login or an email address), and the monitor asserts the identity by authentication (for example, using a password). An authentication is a proof given by a claimant to assert a monitor that he/she really corresponds to the identity he/she provided. The monitor then asserts the IS of the identity of the user. Finally, the authorization is the granted privileges given to the user.  Authentication systems provide the answers to both questions; 

• who is the user
• Is the user really who he/she represents himself/herself to be

Hence, authentication represents one of the most promising ways concerning trust and security enhancement for commercial applications. It also denotes a property of ensuring the identity of the previously mentioned entities [8]. Besides, authorization is a process of giving individuals an access to the system objects based on their identity. Authorization systems provide the answers to the three questions:

• Is user U authorized to access resource R
• Is user U authorized to perform operation O
• Is user U authorized to perform operation O on resource R

There is often confusion between ‘identification’, ‘authentication’ and ‘authorization’. These words/terms do not have the same meaning at all. Each of these concepts requires an enrolment step. Enrolment is the ‘registration’ of a new user, including the emission of tokens and credentials. Enrolment is a major concern and should also be carefully handled. In the rest of this paper, we will consider the IS has already registered the claimant. Let us consider the same example as the previous one. When the user authenticates himself with his token, he provides his identity by putting his card, which contains an identification number linked to his account. The system does not need to know the full description of the worker, so a simple identification number is enough. Then, the card authenticates to the reader (for example, by a symmetric cryptographic protocol), to prove the authenticity of the provided identity. Finally, the authorization will be given to the user to go through the door, if he has the right to do it [9].

Integrity

Information integrity is a vital security property in a variety of applications. However, there is clearly more than one facet to integrity. Indeed, security textbooks. It is hard to pin down the essence of integrity, and surveys. Integrity in the area of information flow often means that trusted output is independent from untrusted input [10]. This is dual to the classical models of confidentiality, where public output is required to be independent from secret input. Integrity in the area of access control is concerned with improper/unauthorized data modification. The focus is on preventing data modification operations, when no modification rights are granted to a given principal. Integrity in the context of fault-tolerant systems is concerned with preservation of actual data. For example, a desired property for a file transfer protocol on a lousy channel is that the integrity of a transmitted file is preserved, i.e., the information at both ends of communication must be identical (which can be enforced by detecting and repairing possible file corruption). Integrity in the context of databases often means preservation of some important invariants, such as consistency of data and uniqueness of database keys. However, the concept of integrity is difficult to capture and context dependent. Traditionally, information integrity has been supported by security models based on discretionary access control via access control lists or capabilities. These models mainly provide the authorization component of integrity requirements. However, such enforcement mechanisms are not adequate to deal with situations in which important data in the system may be affected by untrusted sources of information. For example, the programmer may use a format string provided by the user to print some information, possibly creating a vulnerability to the well-known buffer overflow attack. Other examples include using a value received from the network as an array index, or executing a piece of code downloaded from untrusted web email. Prior to using dangerous data, the programmer must carefully verify it against possible attacks to assure safety. The word integrity is used in many contexts. Applied to information, integrity is the representational faithfulness of the information to the subject matter (e.g., the events or instances) being represented by the information content. The definition of information integrity provided in this study is defined by the attributes of completeness and accuracy including additional attributes such as authorization, timeliness, consistency and segregation of incompatible functions. An extensive series of studies of data quality at MIT provided valuable insights into information users’ views about data quality, which also have a bearing on data integrity and information integrity. In summary, information integrity focuses on a narrower set of information attributes than information quality but information integrity is the sine qua non of information quality as it would be hard to imagine information having quality in the absence of integrity [11].

Availability

According to [4], a spark was provided in the paper that got attention among the security stakeholders and practitioners towards the fact that availability cannot be left out. Given the threats to Information Security Management, denial of service attack continues to be a threat today in the form of much bigger and destructive DDoS, there is a demand to study, research and analyze availability for better understanding of “Availability as a security attribute” and also given the fact that Confidentiality and Integrity are the most researched and studied attributes of Information Security Management. The main target of DoS attacks as we know is rendering an information resource unavailable or in simpler terms the main target is Information Availability.  The meaning of Availability is diverse in Computer Science, Information Technology and Applications. Over the past few decades it has been distinctly studied and researched much in the context of functionality and performance (i.e. computer networks, information processing systems, databases, file systems and data storage etc.) and comparatively has been acknowledged very little as a security requirement. Some standards from the stakeholders of security (i.e. government) followed and some studies acknowledged the fact that information availability cannot be left out and is a key pillar for providing Information Security. All of them vouched for the Information Security attribute “Availability” and agreed to a common goal (some well-known and most referred definitions from various stakeholders and practitioners of Information Security). Madhav and Gillies, [12] puts information availability as “the ability to make information and related physical and logical resources accessible as needed, when they are needed, and where they are needed”. With the hue and cry in some research papers regarding availability and the timely acknowledgement and recognition of the fact regarding availability by the stakeholders of Information Security (i.e. government) by the year 1991 the major attributes of Information Security were established and analyzed as Confidentiality, Integrity and Availability, although some went a step ahead and recommended some extensive frameworks. Khazanchi, and Martin, [13] has also mentioned and expressed the needfulness of detection and recovery to availability. Other writers vouched for detection and recovery and took it forward and stated that availability problem forces the issue of how unusual actions of legitimate users or the abnormal behaviour of their software can be detected, and how can an information system be recovered from such unusual actions.  He argued that on a different perspective about availability not being a safety, a system property or a liveness property under certain conditions explained in the same study. He further advocated that the malicious behaviour of the user being monitored and addressed by the information system itself that the information system should have the capability of self-detection. The security policy should be an effective one so that issues related to Information Security in an organization are handled effectively. Von-Solms and Von-Solms [14], however had a divergent view when he stated that, the concept of information availability is defined as the protection against malevolent concealment of information. That means, no users are permitted to hide the information, of which another user may be having the access rights. From the foregoing, it seems that a relationship exists between information availability and organizational creativity. The researcher also agrees with the opinions of previous researchers and therefore concludes that information availability influences organizational creativity in the Nigerian telecommunication industry.  All activity of certain organizations involves risk. Organizations manage risk by identifying, analyzing and then assessing whether risk treatment options should be applied so as to satisfy their criteria of risk. During this process, they communicate with and consult the interested parties, monitor and analyze risk and measures applied in order to ensure that further treatment is not needed. Not so markedly, as it is not within the scope of risk definition or terms, and reminiscent of the traditional forms of definition, the standards express that the ’level’ of risk is a combination of consequences and their probabilities, not defining the concept of risk ’prediction’.  Or is it rather a consequence of an existing hazard, or a cause or the exposure to the hazard? Risk is related to objectives, but if there are no objectives defined, are there no risks either? This definition can undoubtedly lead to various interpretations. Such a definition is not precise enough, which should be its main purpose, and therefore its purpose can be regarded as questionable [15]. noticed that the remarks are numerous because the definition is not precise enough. It is explained that risk is a consequence of organizational setting and accomplishing objectives against the background of uncertainty. This definition is further used to describe risk management as a process of optimization, which makes the accomplishment of objectives more likely. Various authors also criticize the definition of risk on the ground that it is not clear, nor mathematically based and has little to say about probability, data and models. Organizational creativity is linked to a risky balance between complexity, compromise and choices. The creative organization needs to be flexible while controlling entrepreneurial risk, but provide the freedom to search for new knowledge through learning and experimentation. The original output will be the outcome of internal processes of communication. The need to be a flexible organization rings true in that ‘good practices’ will promote creativity; ‘best practices’ may discourage them for optimum arrangements may change as circumstances change. When circumstances change, creative organizations should be able to immediately adapt with such changes in other to sustain her operations. From the above assertions, it seems that a relationship exists between management of risk and organizational creativity. The researcher also agrees with the opinions of previous researchers and therefore concludes that management of risk influences organizational creativity in the Nigerian telecommunication industry.

Management of Risk

According to Tom, Tipton & Krause [16], effective risk management is not about eliminating risk taking, which is indeed a fundamental driving force in business and entrepreneurship. At the same time, the need to strengthen risk management practices has been one of the main lessons from the financial crisis, for both financial and non-financial companies. While this is well recognized, there is limited evidence that listed companies have in fact paid significantly more attention to risk management in recent years. For example, in a 2011 survey by McKinsey, 44% of respondents said that their boards simply review and approve management’s proposed strategies. The same survey found that only 14% of board time was spent on business risk management, and that 14% of respondents had a complete understanding of the risks their company faced. Half of directors said that the information they received was too short-term. The risks that companies face are both financial and non-financial. In the context of financial institutions, the focus naturally tends to be on financial risks, such as credit, liquidity or market risks, although there is also an increasing emphasis on operational risk. In the case of nonfinancial institutions, the same risks will also be present, although not always to the same extent as in financial institutions. Other risks, such as IT and outsourcing risks are likely to concern nonfinancial institutions just as much, and in some cases (environmental, safety and health risks) are of stronger primary concern to nonfinancial corporations. That said, the primary concern of this study is central on management of risk and practices appropriate for the safety and protection of organizations’ most valuable resource (information). Therefore, the risk management measure discussed here are mainly focus on protecting organizational most valuable assets from cyberattacks and unauthorized access. [17] Since organizations depend mainly on information for decision making, creative organizations are employing these security measures in order to safeguard and protect their information repositories so as to have the much needed competitive edge in the ever competitive world of business. Good risk management strategies should be adopted in the Rivers State Communication industry so as to elicit organizational creativity since the adopted measures will ensure the safety of their information repository. In the medical profession, confidentiality and privacy of information are part of the doctor-patient relationship. That goes to show us how important and critical confidentiality is, be it in an organizational setting regarding the nondisclosure of organizational information to unauthorized users or malicious users or even in the bilateral relationship between Doctors and their patients. It is unethical for Doctors to even disclose confidential patient’s information without the patient’s authorization for whatever reason. It is only when the patient in question is caught up in a criminal investigation that the revelation of such information would lead to the apprehension of the culprit that Doctors are allowed to reveal confidential information about their patients and that’s subject to a court order signed by a seating judge. It was an issue present in deontological codes of professional classes in charge of assisting patients in their demand for health services. With the increasing introduction of multidisciplinary health teams, especially in primary health care such as it is the case of the family Health Strategy (ESF, Portuguese acronym) the way to ethically handle confidential and private information must be reconsidered, as the sharing of such information in primary health care is essential to enable the team to be accountable for the longitudinal care of users, who do not depend exclusively on a single professional.  According to Crossan and Apaydin [18], confidentiality and privacy refer to how professionals must handle pieces of information gathered during medical care. But confidentiality and privacy is not only limited to information gathered during medical care, it covers every piece of information be it personal or institutional. Hence, necessary effort has to be geared towards the protection and safeguarding of information from being disclosed to unauthorized users. Confidentiality concerns the attitude required of information professionals to handle information resulting from this relationship. The three attributes; secrecy, privacy and confidentiality are professional obligations. Innovation is a concept with a very large applicability, whose characteristics vary based on the field of reference. Innovation is production or adoption, assimilation, and exploitation of a value-added novelty in economic and social spheres; renewal and enlargement of products, services, and markets; development of new methods of production; and establishment of new management systems; it is both a process and an outcome” They establish a “comprehensive multidimensional framework of organizational innovation, linking leadership, innovation as a process and innovation as an outcome”. Leovaridis [19] approached organizational innovation, by considering a knowledge-intensive organization an innovation in itself, because this type of organization changes a whole series of aspects regarding the organizational dimension and that of human resources (for instance, from using specific traditional resources land, energy, etc. to knowledge resources; from mass management to a more personalized one; from respecting job requirements to negotiating competences etc.). These organizations are founded on the” anthropocentric management”, defined as” a new type of human resources management, based on training people and competences, offering an altogether different vision on what human resources are (and what they should become)”  According to him, the aim of this type of management is not to be able to use the human being (as a means) to a larger extent and better, but also to be able to consider the individual as the end goal and to see what the organization can and needs to do in order to help the respective individual become an accomplished person, but on a human level and through his work” [20]. Adaptability is the ability of an organization to recognize the need to change and seize opportunities in dynamic environments. In an increasingly complex world, leadership must pay close attention to dynamic, distributed, and contextual aspects in order to position their organizations for adaptability. The theory of dynamic capabilities constitutes a central concept for the requirements that enable organizational adaptability. According to [21], Adaptation to changing environmental conditions is a focal subject of organizational studies and deemed a necessity for organizations in every industry. The dynamic nature of most competitive environments requires organizations to continuously or periodically innovate in order to create a competitive advantage and eventually to survive [22]. In other words, certain capabilities are required in order to successfully manage an organizational change process. The relevance of adaptability as a measure of organizational creativity in the Nigerian Telecommunication industry cannot be over emphasized. When the goals and objectives of the telecommunication sector are attained, employees are retained, increased patronage, satisfied clients act as referral agents; undoubtedly, these positive outcomes will ultimately improve the overall productivity and creativity of the firm [23].

This study adopted the survey design in its assessment of the relationship between information security management and organizational creativity. The design is considered suitable because it allows for the descriptive examination of the variables across several units in a convenient way. As a macro study, its targeted population elements embrace all the principal officers of the telecom firms covered in the state.  The total of 173 principal officers which include regional managers, functional heads are covered in all the eight (8) functional telecoms firms in Rivers State were studied. To enable easier data gathering, structured closed ended 4point Likert scale questionnaire.  To empirically evaluate the relationship between the predictor and criterion variable of this study (including their dimensions and measures), the spearman’s rank order of correlation coefficient (RHO) was adopted. As a tool, it is considered to be more flexible and it is not limited or confined to parameters statistical assumption such as applicable in the Pearson’s product moment correlation. The multivariate analysis which examined the moderating effect of the contextual variable, leadership-competence on the relationship between the predictor and criterion variable which was tested using the partial correlation techniques at 95% confidence interval. The analysis was presented using the scientific package for social sciences (SPSS) version 23 software.  To ensure the internal reliability, the survey instrument was assessed by means of Cronbach alpha coefficient, using the statistical package for social sciences (SPSS). Hence, only the items that returned alpha values of 0.7 and above were considered. Cronbach’s alpha was used for the coefficient of reliability (or consistency).

Bivariate Level of Analysis

This segment presents the data results for the analysis and tests for all previously hypothesized bivariate associations are presented. The hypotheses stated in the null form were all tested and analyzed using the Pearson’s product moment correlation.

Table 1: Reliability Coefficients of Variables

Source:  SPSS Output

The result of correlation matrix obtained between authentication and innovativeness is shown in Table 2 above. The correlation coefficient of 0.701 confirms the direction and strength of this relationship. The coefficient represents a positive correlation between the variables. The test of significance shows that this relationship is significant at p 0.016<0.05. Therefore, based on observed findings the null hypothesis earlier stated is hereby rejected and the alternate upheld. Thus, there is a significant relationship between authentication and innovativeness of the telecommunication industry in Rivers State.

Table 2: Correlations Matrix between Authentication and Innovativeness

Source: SPSS output *. Correlation is significant at the 0.05 level (2-tailed).

The result of correlation matrix obtained between authentication and adaptability shown in Table 3. The correlation coefficient of 0.797 confirms the direction and strength of this relationship. The coefficient represents a positive correlation between the variables. The test of significance shows that this relationship is significant at p 0.018<0.05. Therefore, based on observed findings the null hypothesis earlier stated is hereby rejected and the alternate upheld. Thus, there is a significant relationship between authentication and adaptability of the telecommunication industry in Rivers State.

Table 3: Correlations Matrix between Authentication and Adaptability 

 Source: SPSS Output *. Correlation is significant at the 0.05 level (2-tailed).

The result of correlation matrix obtained between integrity and innovativeness was shown in Table 4. The correlation coefficient of 0.577 confirms the direction and strength of this relationship. The coefficient represents a positive correlation between the variables. The test of significance shows that this relationship is significant at p 0.000<0.01. Therefore, based on observed findings the null hypothesis earlier stated is hereby rejected and the alternate upheld. Thus, there is a significant relationship between integrity and innovativeness of the telecommunication industry in Rivers State.

Table 4:  Correlations Matrix between Integrity and Innovativeness

Source: SPSS Output **. Correlation is significant at the 0.01 level (2-tailed).

The result of correlation matrix obtained between integrity and adaptability was shown in Table 5. The correlation coefficient of 0.422 confirms the direction and strength of this relationship. The coefficient represents a positive correlation between the variables. The test of significance shows that this relationship is significant at p 0.000<0.01. Therefore, based on observed findings the null hypothesis earlier stated is hereby rejected and the alternate upheld. Thus, there is a significant relationship between integrity and adaptability of the telecommunication industry in Rivers State.

Table 5: Correlations matrix between Integrity and Adaptability 

Source: SPSS Output **. Correlation is significant at the 0.01 level (2-tailed).      

The result of correlation matrix obtained between availability and innovativeness was shown in Table 6. The correlation coefficient of 0.731 confirms the direction and strength of this relationship. The coefficient represents a positive correlation between the variables. The test of significance shows that this relationship is significant at p 0.000<0.01. Therefore, based on observed findings the null hypothesis earlier stated is hereby rejected and the alternate upheld. Thus, there is a significant relationship between availability and innovativeness of the telecommunication industry in Rivers State.

Table 6: Correlation Matrix between Availability and Innovativeness

Source: SPSS Output **. Correlation is significant at the 0.01 level (2-tailed)      

The result of correlation matrix obtained between availability and adaptability was shown in Table 7. The correlation coefficient of 0.664 confirms the direction and strength of this relationship. The coefficient represents a positive correlation between the variables. The test of significance shows that this relationship is significant at p 0.001<0.01. Therefore, based on observed findings the null hypothesis earlier stated is hereby rejected and the alternate upheld. Thus, there is a significant relationship between availability and adaptability of the telecommunication industry in Rivers State.

Table 7: Correlations Matrix between Availability and Adaptability 

Source: SPSS Output **. Correlation is significant at the 0.01 level (2-tailed).      

The result of correlation matrix obtained between management of risk and innovativeness was shown in Table 8 The correlation coefficient of 0.723 confirms the direction and strength of this relationship. The coefficient represents a positive correlation between the variables. The test of significance shows that this relationship is not significant at p 0.000<0.05. Therefore, based on observed findings the null hypothesis earlier stated is hereby accepted and upheld. Thus, there is no significant relationship between management of risk and innovativeness of the telecommunication industry in Rivers State.

Table 8: Correlations Matrix between Management of Risk and Innovativeness

Source: SPSS Output **. Correlation is significant at the 0.01 level (2-tailed). 

The result of correlation matrix obtained between management of risk and adaptability was shown in Table 9. The correlation coefficient of 0.626 confirms the direction and strength of this relationship. The coefficient represents a positive correlation between the variables. The test of significance shows that this relationship is not significant at p 0.000<0.05. Therefore, based on observed findings the null hypothesis earlier stated is hereby accepted and upheld. Thus, there is no significant relationship between management of risk and adaptability of the telecommunication industry in Rivers State.

Table 9: Correlations Matrix between Management of Risk and Adaptability 

 **. Correlation is significant at the 0.01 level (2-tailed)   Source: SPSS Output     

The result of correlation matrix obtained for leadership-competence moderating between information security management and organizational creativity was shown in Table 10. The correlation coefficient of 0.505 confirms the direction and strength of this relationship. The coefficient represents a positive correlation between the variables. The test of significance shows that this relationship is significant at p 0.000<0.01. Therefore, based on observed findings the null hypothesis earlier stated is hereby rejected and the alternate upheld. Thus, leadership-competence does moderate the relationship between information security management and organizational creativity of the telecommunication industry in Rivers State.

Table 10: Correlations Matrix of Leadership-competence Moderating Information Security Management and Organizational Creativity

 Source: SPSS Output
 

Discussion of the Findings

The finding of the study revealed that there is a significant effect of information security management and organizational creativity which corroborates with the study on authentication and organizational creativity, according to Abie [7], who proved that Authentication leads to organizational and information security such that it ensures that only authorized personnel have access to an organization’s most valuable assets (information). Authenticated employees come to believe that they control their own success through their efforts and hard work, which in turn benefits the success of the entire institution which leads to the achievement of organizational creativity. The fitness of information integrity for use, is its relevance for its actual or intended use, useable (clear, understandable, and at an appropriate level of granularity or aggregation) and possess information integrity; that is, be free from material error, omission or distortion. An extensive review of literature in this area led to adopting the definition for information integrity as the representational faithfulness of information to the true state of the subject that the information represents or purports to represent, where representational faithfulness is composed of four essential qualities or core attributes: completeness, currency, accuracy, and validity. From the foregoing, it shows that a relationship does exist between integrity and organizational creativity. Chivers showed that finding in this study which collaborated about availability and organizational creativity with his point which stated that availability problem forces the issue of how unusual actions of legitimate users or the abnormal behaviour of their software can be detected, and how can an information system be recovered from such unusual actions. With different perspective about availability not being a safety, a system property or a liveness property under certain conditions explained in the same study. He further advocated that the malicious behaviour of the user being monitored and addressed by the information system itself and the information system should have the capability of self-detection. The security policy should be an effective one so that issues related to Information Security in an organization are handled effectively. The concept of information availability is defined as the protection against malevolent concealment of information. That means, no users are permitted to hide the information, of which another user may be having the access rights. Adam [15] made clear his finding which support the result gotten from this study on management of risk and organizational creativity which stated that acknowledging the risk is related to uncertainty but wondering whether it is really a consequence of uncertainty. It can be a consequence of an existing hazard and risk is related to objectives. This definition can undoubtedly lead to various interpretations. Such a definition is not precise enough, which should be its main purpose, and therefore its purpose can be regarded as questionable. It’s noticed that the remarks are numerous because the definition is not precise enough. It is explained that risk is a consequence of organizational setting and accomplishing objectives against the background of uncertainty. This definition is further used to describe risk management as a process of optimization, which makes the accomplishment of objectives more likely.

Figure 1: Hieuristic Model Showing Findings

Authentication, on the other hand leads to organizational and information security such that it ensures that only authorized personnel have access to an organization’s most valuable assets (information). Authenticated employees come to believe that they control their own success through their efforts and hard work, which in turn benefits the success of the entire institution which leads to the achievement of organizational creativity.  The value of information comes from its relevance, usefulness/usability and integrity that collectively reflect its quality. Information integrity is a key aspect of information quality. Integrity means an unimpaired or unmarred condition entire correspondence of a representation with an original condition. Applied to information, integrity is the representational faithfulness of the information to the subject matter (e.g., the events or instances) being represented by the information.  Therefore, this study concludes that there is a positive significant effect of information security management enhances organizational creativity of the telecommunication industry in Rivers State. Furthermore, the study specifically concludes that information security management with its dimensions; authentication, integrity, availability with management of risk and organizational creativity, with its measures; innovativeness and adaptability, of telecommunication industry in Rivers State.

Recommendations 

Based on the study findings, the following recommendations were made:

• Enterprises should ensure that the identities of information users are authenticated so as to improve their information security and foster a better organizational creativity
• Management should ensure the consistent availability of the right information, to the right users, in the right form and at the right time
• They should ensure that the integrity of organization’s most valuable resource (information) is not compromised
• Every possible risk associated to the organization should be mapped out and personnel, most especially expert should ensure that company’s objective is risk-free most of the time 
• Employees should be given sufficient reward for their job description and additional task in order to have a higher competency level within the organization

1. Power, R. “CSI/FBI computer crime and security survey.” Computer Security Issues & Trends, vol. 8, no. 1, 2002, p. 22.

2. Zviran, M. and W. Haga. “Password security: An empirical study.” Journal of Management Information Systems, vol. 4, no. 15, 2009, pp. 161–85.

3. Bowen, P. et al. Information Security Handbook: A Guide for Managers. National Institute of Standards and Technology Publication 800-100, 2006.

4. Gligor, V.D. “On denial-of-service in computer networks.” Proceedings of the 2nd International Conference on Data Engineering, Los Angeles, 5–7 Feb. 2012. https://doi.org/10.1109/icde.1986.7266268.

5. Andress, J. The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory. 2014.

6. Ross, R. et al. Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans. NIST Special Publication 800-53A, 2007. http://csrc.nist.gov/publications/drafts/800-53A/draft-SP800-53A-fpd-sz.pdf.

7. Abie, H. “Semantic scholar.” Online, 2016. https://pdfs.semanticscholar.org/3733/2607f7a7ac8284c514845957fd00583e5614.pdf.

8. Kotzanikolaou, P. and C. Douligeris. “Network security: Current status and future directions.” Computer Network Security: Basic Background and Current Issues, 2007.

9. Beck, J. et al. “Protecting HIV information in countries scaling up HIV services.” Journal of the International AIDS Society, vol. 14, no. 6, 2011. http://www.biomedcentral.com/content/pdf/1758-2652-14-6.pdf.

10. Biba, K. “Integrity considerations for secure computer systems.” Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA, 2007.

11. Al-Ahmad, Walid and Bassil Mohammad. “Addressing information security risks by adopting standards.” International Journal of Information Security Science, vol. 2, no. 2, 2013, pp. 28–43.

12. Sinha, Madhav and Alan Gillies. “Improving the quality of information security management systems with ISO 27000.” The TQM Journal, vol. 23, no. 4, 2011, pp. 367–76.

13. Khazanchi, D. and P. Martin. “Information availability.” Handbook of Research on Information Security and Assurance, 2008. http://dx.doi.org/10.4018/978-1-59904-855-0.ch019.

14. Von Solms, E. and S.H. Von Solms. Information Security Management Through Measurement. Norwell, MA: Kluwer Academic, 2000.

15. Adams, J. “Managing risk: Framing your problems.” Boeringer Ingelheim Alumni Seminar, 2014.

16. Carlson et al. Understanding Information Security Management Systems. Auerbach Publications, Boca Raton, FL, 2008.

17. Fomin et al. “ISO/IEC 27001 information systems security management standard: Exploring the reasons for low adoption.” Proceedings of the Third European Conference on Management of Technology (EUROMOT), 2008.

18. Crossan, M. M., and M. Apaydin. “A multi-dimensional framework of organizational innovation: A systematic review of the literature.” Journal of Management Studies, vol. 47, no. 6, 2010, pp. 1154–1191.

19. Leovaridis, C. “Knowledge-intensive organizations and their management: The advertising agency.” Knowledge Management: Current Themes, Bucharest University Publishing House, 2011, pp. 45–76.

20. Hoffman, O. Management: Sociohuman Foundations. Bucharest: Victor Publishing House, 2009.

21. Uhl-Bien et al. “Leadership for organizational adaptability: A theoretical synthesis and integrative framework.” The Leadership Quarterly, vol. 29, 2018, pp. 89–104.

22. Hauschildt et al. Innovations Management. 6th ed., München: Franz Vahlen, 2016.

23. Pavlov, G. and J. Karakaneva. “Information security management system in organization.” Trakia Journal of Sciences, vol. 9, no. 4, 2011, pp. 20–25.

24.