| 1. |
|
|
| 2. |
- Harnesk, Dan, et al.
(författare)
-
Materializing organizational information security
- 2012
-
Ingår i: Nordic Contributions in IS Research. - Berlin, Heidelberg : Encyclopedia of Global Archaeology/Springer Verlag. - 9783642322693 - 9783642322709 ; , s. 76-94
-
Konferensbidrag (refereegranskat)abstract
- In the context of situated elderly care this paper discusses the intertwined relationship between organizational security objectives, technology, and employees' security behavior. We use findings from a single case study to aid in our understanding of how managers sought to create a secure work environment by introducing behavioral security technology, and how employees appreciated the new security software in everyday routines. Theoretically the case study is informed by sociomateriality in that it employs the notion of technological affordances of behavioral security technology. Findings show that security technology material is an integral part of security management and security in use, and that both the technical actor and human actors contributed to cultivation of the information security practice in the elderly care center
|
|
| 3. |
- Harnesk, Dan, et al.
(författare)
-
Shaping security behaviour through discipline and agility: Implications for information security management
- 2011
-
Ingår i: Information Management & Computer Security. - : Emerald. - 0968-5227 .- 1758-5805. ; 19:4, s. 262-276
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose: The purpose of this paper is to broaden the understanding about security behaviour by developing a security behavior typology based on the concepts of discipline and agility.Design/methodology/approach: A case study was designed to analyze security behaviours in one public nursing centre. The inquiry was organized around the themes discipline and agility, culture,and security processes in order to get an in-depth understanding of the complex relationship between security management, referred to as discipline, and security in use, referred to as agility.Findings: The paper shows that security behaviour can be shaped by discipline and agility and that both can exist collectively if organizations consider the constitutional and existential aspects of information security management.Practical implications: This research makes a pivotal stand for the issue how security behaviours narrate a broad picture to enhance information security management. In particular, this will improve design of information security training and awareness programs.Originality/value: This research is relevant to information security management in organizations, particularly as behavioural and cultural aspects are becoming increasingly significant for maintaining and also designing systemic information security management.
|
|
| 4. |
- Lindström, John, et al.
(författare)
-
A model for explaining strategic IT- and information security to senior management
- 2009
-
Ingår i: International Journal of Public Information Systems. - 1653-4360. ; 5:1, s. 17-29
-
Tidskriftsartikel (refereegranskat)abstract
- Awareness and understanding of strategic IT- and information security appears to be a low priority amongst senior managers although this falls within their responsibilities. In this paper a tested and confirmed model used to explain strategic IT- and information security is described. The model has been iteratively developed and applied in development, implementation or training in five different organizations. In these five cases, senior management awareness and understanding of strategic IT- and information security was verified as being very low. The model was originally developed to explain IT- and information security to corporate senior management. It has been adapted for use in the public sector by changing some of the terminology to match that used within the public sector. The model may also be used for training purposes, with regards to senior management or personnel in strategic IT- and information security. The importance of senior management ownership and care for strategic elements of the organization's security programme is also discussed and the conclusion drawn is that the operative levels should be coordinated by one or a few members of the senior management team.
|
|
| 5. |
- Lindström, John
(författare)
-
Models, methodology and challenges within strategic information security for senior managements
- 2009
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The work in this thesis is based on an interest for strategic information security, and in particular business continuity planning, in combination with own experiences from strategic management of corporations. Information security policy- and education, practice and awareness issues have also been part of my focus. Strategic information security is the part of information security that senior managements (top managements) should own and care for, like for any other strategic area in an organization. One problem is that this is often not the case as the senior management attention and awareness is focused on other areas instead. The work has mainly addressed explanatory models and methodology to explain what strategic information security including business continuity planning is to senior management teams and a training concept. It has also high-lighted challenges from current and future technology, and terminology problems affecting business continuity planning in a direct or indirect way. The purpose of the thesis was broken down into six objectives matching identified knowledge gaps. These resulted in the research question "How to improve the senior management own and care process for strategic information security, and in particular business continuity planning?" The results from the empirical studies are two models and one methodology to be used when targeting strategic information security issues like modeling and implementations of business continuity planning, security policies and security education, practice and awareness during the own and care process. A further result is a training concept for organizational crisis management. In addition, the results also indicate challenges that need to be addressed during work with security policies and business continuity planning. The thesis further contributes with a framework for business continuity planning guiding how the models and methodology, together with the training concept and challenges should be used together in the own and care process, to resolve problems and achieve organizational change. The contribution is of a general nature and is suitable to use in both private and public sector organizations.
|
|
| 6. |
- Lindström, John, et al.
(författare)
-
The need for improved alignment between actability, strategic planning of IS and information security
- 2008
-
Ingår i: 13th International ITA Workshop. ; , s. 14-27
-
Konferensbidrag (refereegranskat)abstract
- The purpose of this paper is to high-light problems regarding user actability and security implementations – what are the important mechanisms that affect actability in usage situations? Alignment between actability and strategic IS-planning and security issues is of the essence. However, serious gaps in alignment have been identified concerning strategic IS-planning as well as in development or implementation of security controls, and selection and use of security standards. The analysis of the alignment gaps show that there is a need to bring in the users view on business requirements in IS, or rather what they need to be allowed to do - to be able to work efficiently.
|
|
| 7. |
|
|
| 8. |
|
|
| 9. |
|
|
| 10. |
- Lindström, John, et al.
(författare)
-
Security challenges and selected legal aspects for wearable computing
- 2012
-
Ingår i: Journal of Information Technology Research. - : IGI Global. - 1938-7857 .- 1938-7865. ; 5:1, s. 68-87
-
Tidskriftsartikel (refereegranskat)abstract
- This paper discusses information security challenges encountered during the wearIT@work project and selected legal aspects of wearable computing. Wearable computing will offer interesting opportunities to improve and reengineer work processes in organizations, but can at the same introduce alignment problems as users in organizations may adopt the new technology before organizations are prepared. In addition, needed supportive legal frameworks have not yet fully addressed the new wearable computing technology. Different alignment concepts for how such challenges can be managed are discussed in the paper.
|
|
