1.
2.
Padyab, Ali Mohammad, et al.
(author)
Genre-Based Approach to Assessing Information and Knowledge Security Risks
2014
In: International Journal of Knowledge Management. - : IGI Global. - 1548-0666 .- 1548-0658. ; 10:2, s. 13-27
Journal article (peer-reviewed) abstract
Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.
3.
4.
5.
Harnesk, Dan, et al.
(author)
Materializing organizational information security
2012
In: Nordic Contributions in IS Research. - Berlin, Heidelberg : Encyclopedia of Global Archaeology/Springer Verlag. - 9783642322693 - 9783642322709 ; , s. 76-94
Conference paper (peer-reviewed) abstract
In the context of situated elderly care this paper discusses the intertwined relationship between organizational security objectives, technology, and employees' security behavior. We use findings from a single case study to aid in our understanding of how managers sought to create a secure work environment by introducing behavioral security technology, and how employees appreciated the new security software in everyday routines. Theoretically the case study is informed by sociomateriality in that it employs the notion of technological affordances of behavioral security technology. Findings show that security technology material is an integral part of security management and security in use, and that both the technical actor and human actors contributed to cultivation of the information security practice in the elderly care center
6.
Harnesk, Dan, et al.
(author)
Shaping security behaviour through discipline and agility: Implications for information security management
2011
In: Information Management & Computer Security. - : Emerald. - 0968-5227 .- 1758-5805. ; 19:4, s. 262-276
Journal article (peer-reviewed) abstract
Purpose: The purpose of this paper is to broaden the understanding about security behaviour by developing a security behavior typology based on the concepts of discipline and agility.Design/methodology/approach: A case study was designed to analyze security behaviours in one public nursing centre. The inquiry was organized around the themes discipline and agility, culture,and security processes in order to get an in-depth understanding of the complex relationship between security management, referred to as discipline, and security in use, referred to as agility.Findings: The paper shows that security behaviour can be shaped by discipline and agility and that both can exist collectively if organizations consider the constitutional and existential aspects of information security management.Practical implications: This research makes a pivotal stand for the issue how security behaviours narrate a broad picture to enhance information security management. In particular, this will improve design of information security training and awareness programs.Originality/value: This research is relevant to information security management in organizations, particularly as behavioural and cultural aspects are becoming increasingly significant for maintaining and also designing systemic information security management.
7.
Lindström, John, et al.
(author)
A methodology for inter-organizational emergency management continuity planning
2010
In: International Journal of Information Systems for Crisis Response and Management. - : IGI Global. - 1937-9390 .- 1937-9420. ; 2:4, s. 1-19
Journal article (peer-reviewed) abstract
This paper extends emergency management literature by developing a methodology for emergency management continuity planning (EmCP). In particular, the methodology focuses on inter-organizational continuous and coordinated planning among emergency management organizations. The authors draw on Soft Systems Methodology (Checkland & Scholes, 1999; Checkland, 2000), using it as a base for better understanding of EmCP. Barriers that must be overcome before the methodology can be introduced and established, as well as potential benefits, are also discussed.
8.
Lindström, John, et al.
(author)
A methodology for inter-organizational emergency management continuity planning
2012
In: Managing Crises and Disasters with Emerging Technologies. - : IGI Global. - 9781466601673 - 9781466601680 ; , s. 197-215
Book chapter (peer-reviewed) abstract
This paper extends emergency management literature by developing a methodology for emergency management continuity planning (EmCP). In particular, the methodology focuses on inter-organizational continuous and coordinated planning among emergency management organizations. The authors draw on Soft Systems Methodology (Checkland & Scholes, 1999; Checkland, 2000), using it as a base for better understanding of EmCP. Barriers that must be overcome before the methodology can be introduced and established, as well as potential benefits, are also discussed.
9.
10.
Dhillon, Gurpreet S, et al.
(author)
Misunderstandings and misjudgments about security : A dialogical narrative analysis of global it offshoring
2016
In: AMCIS 2016. - : Association for Information Systems.
Conference paper (peer-reviewed) abstract
This paper explores the patterns of technology use in a global enterprise. We use the concept of narrative networks to understand interactions between technology and organizations and the emergent implications. The paper is based on empirical work undertaken in the context of offshoring electronic medical records and billing systems from a group of US physician practices to service providers in India. Findings from our research suggest technology, represented as information security and privacy, as playing a central role in determining outcome of actions and the performances thereof. The narratives in technology in use and enactment of organizational forms display multiple third men, with features that modify the initial understandings of an agreement to implement technical systems.
