Skip to main content
SpringerLink
Log in

Materializing Organizational Information Security

  • Conference paper
Book cover Nordic Contributions in IS Research (SCIS 2012)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 124))

Included in the following conference series:

  • 987 Accesses

Abstract

In the context of situated elderly care this paper discusses the intertwined relationship between organizational security objectives, technology, and employees’ security behavior. We use findings from a single case study to aid in our understanding of how managers sought to create a secure work environment by introducing behavioral security technology, and how employees appreciated the new security software in everyday routines. Theoretically the case study is informed by sociomateriality in that it employs the notion of technological affordances of behavioral security technology. Findings show that security technology material is an integral part of security management and security in use, and that both the technical actor and human actors contributed to cultivation of the information security practice in the elderly care center.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chandra, A., Calderon, T.: Challenges and constraints to the diffusion of biometrics in information systems. Communications of the ACM 48, 101–106 (2005)

    Article  Google Scholar 

  2. Puhakainen, P., Siponen, M.: Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly 34, 767–793 (2010)

    Google Scholar 

  3. Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., Vance, A.: What levels of moral reasoning and values explain adherence to information security rules: An empirical study. European Journal of Information Systems 18, 126–139 (2009)

    Article  Google Scholar 

  4. Lee, Y., Larsen, K.R.: Threat or coping appraisal: determinants of SMB executives/’ decision to adopt anti-malware software. European Journal of Information Systems 18, 177–187 (2009)

    Article  Google Scholar 

  5. Hsu, C.W.: Frame misalignment: interpreting the implementation of information systems security certification in an organization. European Journal of Information Systems 18, 140–150 (2009)

    Article  Google Scholar 

  6. Warkentin, M., Johnston, A.C., Shropshire, J.: The influence of the informal social learning environment on information privacy policy compliance efficacy and intention. European Journal of Information Systems 20, 267–284 (2011)

    Article  Google Scholar 

  7. Wade, H.B., Linda, W.: Is information security under control?: Investigating quality in information security management. IEEE Security & Privacy 5, 36–44 (2007)

    Article  Google Scholar 

  8. Leonardi, P.M., Barley, S.R.: Materiality and change: Challenges to building better theory about technology and organizing. Information and Organization 18, 159–176 (2008)

    Article  Google Scholar 

  9. Introna, L.D., Hayes, N.: On sociomaterial imbrications: What plagiarism detection systems reveal and why it matters. Information and Organization 21, 107–122 (2011)

    Article  Google Scholar 

  10. Jonsson, K., Holmström, J., Lyytinen, K.: Turn to the material: Remote diagnostic systems and new forms of boundary spanning. Information and Organization 19(2009), 233–252 (2009)

    Article  Google Scholar 

  11. Scolaí, P.: Materialising materiality. In: Proceedings of the Twenty Ninth International Conference on Information Systems, Paris, pp. 1–10 (2008)

    Google Scholar 

  12. Orlikowski, W.J.: Sociomaterial practices: Exploring technology at work. Organization Studies 28, 1435–1448 (2007)

    Article  Google Scholar 

  13. Holmström, J., Robey, D.: Inscribing organizational change with information technology. In: Czarniawska, B., Hernes, T. (eds.) Actor-network Theory and Organising. Copenhagen Business School Press, Copenhagen (2005)

    Google Scholar 

  14. Choobineh, J., Dhillon, G., Grimalla, M., Rees, J.: Management of information security: challenges and research directions. Communications of the Association for Information Systems 20, 958–971 (2007)

    Google Scholar 

  15. Stahl, B.C., Shaw, M., Doherty, N.F.: Information systems security management: A critical research agenda. In: Association of Information Systems SIGSEC Workshop on Information Security and Privacy (WISP 2008), Paris (2008)

    Google Scholar 

  16. Woodhouse, S.: Information Security: End User Behavior and Corporate Culture. In: Proceedings of the Seventh Conference on Computer and Information Technology, pp. 767–772. IEEE (2007)

    Google Scholar 

  17. Orlikowski, W.J.: Sociomaterial practices: Exploring technology at work. Organization Studies 28, 1435–1448 (2007)

    Article  Google Scholar 

  18. Siponen, M.: Analysis of modern IS security development approaches: Towards the next generation of social and adaptable ISS methods. Information and Organization 15, 339–375 (2005)

    Article  Google Scholar 

  19. Dhillon, G., Backhouse, J.: Current directions in IS security research: Towards socio-organizational perspectives. Information Systems Journal 11, 127–153 (2001)

    Article  Google Scholar 

  20. Baskerville, R.: Risk analysis: An interpretive feasibility tool in justifying information systems security. European Journal of Information Systems 1, 121–130 (1991)

    Article  Google Scholar 

  21. Dhillon, G.: Princples of information security: Text and cases. John Wiley & Sons, New Jersey (2007)

    Google Scholar 

  22. Lacey, D.: Understanding and transforming organizational security culture. Information Management & Computer Security 18, 4–13 (2010)

    Article  Google Scholar 

  23. Stanton, J.M., Mastrangelo, P.R., Stam, K.R., Jolton, J.: Behavioral information security: Two end user survey studies of motivation and security practices. In: Proceedings of the Tenth America’s Conference on Information Systems, New York (2004)

    Google Scholar 

  24. Dinev, T., Hu, Q.: The centrality of awareness in the formation of user behavioral intention toward protective information technologies. Journal of the Association for Information Systems 8 (2007)

    Google Scholar 

  25. Backhouse, J., Dhillon, G.: Structures of responsibilities and security of information systems. European Journal of Information Systems 5, 2–10 (1996)

    Article  Google Scholar 

  26. von Solms, B.: Information security - The third wave? Computers & Security 19, 615–620 (2000)

    Article  Google Scholar 

  27. Silva, L., Backhouse, J.: The circuits-of-power framework for studying power in institutionalization of information systems. Journal of the Association for Information Systems 4, 294–336 (2003)

    Google Scholar 

  28. Whitman, M.E., Mattord, H.: Principles of information security. Course Technology, Boston (2005)

    Google Scholar 

  29. Bishop, M.: Computer security: Art and science. Addison-Wesley, Boston (2003)

    Google Scholar 

  30. Johnston, A.C., Warkentin, M.: Fear appeals and information security behaviors: An empirical study. MIS Quarterly 34, 549–565 (2010)

    Google Scholar 

  31. Siponen, M.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8, 31–41 (2000)

    Article  Google Scholar 

  32. Dhillon, G., Torkzadeh, G.: Value-focused assessment of information system security in organizations. Information Systems Journal 16, 293–314 (2006)

    Article  Google Scholar 

  33. Hedström, K., Dhillon, G., Karlsson, F.: Using Actor Network Theory to Understand Information Security Management. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 43–54. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  34. Siponen, M., Willison, R.: Information security management standards: Problems and solutions. Information & Management 46, 267–270 (2009)

    Article  Google Scholar 

  35. Elgarah, W., Falaleeva, N.: Adoption of biometric technology: Information privacy in TAM. In: Proceedings of AMCIS The Americas Conference on Information Systems. Paper 222 (2005)

    Google Scholar 

  36. Matyas, S.M., Stapleton, J.: A biometric standard for information management and security. Journal of Computer Security 19, 428–441 (2000)

    Article  Google Scholar 

  37. Phillips, P.J., Martin, A., Wilson, C.L., Przybocki, M.: An introduction evaluating biometric systems. Computer 33, 56–63 (2000)

    Article  Google Scholar 

  38. Boatwright, M., Luo, X.: What do we know about biometrics authentication? In: Proceedings of the 4th Annual Conference on Information Security Curriculum Development. ACM, Kennesaw (2007)

    Google Scholar 

  39. Jain, A.K., Ross, A., Prabhakar, S.: An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology 14, 4–20 (2004)

    Article  Google Scholar 

  40. Lease, D.R.: Factors influencing the adoption of biometric security technologies by decision-making information technology and security managers. Dissertation 179, Capella University (2005)

    Google Scholar 

  41. Gamboa, H., Fred, A.: A behavioural biometric system based on human computer interaction. SPIE (2004)

    Google Scholar 

  42. Pentland, B.T., Feldman, M.S.: Designing routines: On the folly of designing arti facts, while hoping for patterns of action. Information and Organization 18, 235–250 (2008)

    Article  Google Scholar 

  43. Kong, J., Zerfos, P., Luo, H., Lu, S., Zhang, L.: Providing robust and ubiquitous security support for mobile ad hoc networks. In: The Ninth IEEE ICNP, Riverside, USA, pp. 251–260 (2001)

    Google Scholar 

  44. Barad, K.: Posthumanist performativity: Toward an understanding of how matter comes to matter. Signs 28, 801–831 (2003)

    Article  Google Scholar 

  45. Orlikowski, W.J.: The sociomateriality of organisational life: considering technology in management research. Cambridge Journal of Economics 34, 125–141 (2010)

    Article  Google Scholar 

  46. Harnesk, D., Lindström, J.: Shaping security behavior through discipline and agility: Implications for information security management. Information Management & Computer Security 19 (2011)

    Google Scholar 

  47. Pahnila, S., Siponen, M., Mahmood, A.: Employées Adherence to Information Security Policies: An Empirical Study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 133–144. Springer, Boston (2007)

    Chapter  Google Scholar 

  48. Bhattacherjee, A., Premkumar, G.: Understanding changes in belief and attitude toward information technology usage: A theoretical model and longitudinal test. MIS Quarterly 28, 229–254 (2004)

    Google Scholar 

  49. Orlikowski, W.J., Gash, D.C.: Technological frames: Making sense of information technology in organizations. ACM Transactions of Information Systems 2, 174–207 (1994)

    Article  Google Scholar 

  50. Straub, D.W., Welke, R.J.: Coping with systems risk: Security planning models for management decision making. MIS Quarterly 22, 441–469 (1998)

    Article  Google Scholar 

  51. Cordella, A.: Information infrastructure in action. London School of Economics and Political Sciences, Department of Information Systems (2006)

    Google Scholar 

  52. Yin, R.: Case study research. Sage Publications, Thousand Oaks (1994)

    Google Scholar 

  53. Miles, M.B., Huberman, M.A.: Qualitative data analysis. Sage Publications, Thousand Oaks (1994)

    Google Scholar 

  54. Chattacherjee, A.: Understanding information systems continuance: An expectation-confirmation Model. MIS Quarterly 5, 351–370 (2001)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Electrical and Space Engineering and Department of Engineering Sciences and Mathematics, Luleå University of Technology, 971 87, Luleå, Sweden

    Dan Harnesk & John Lindström

Authors
  1. Dan Harnesk
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Lindström
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Jönköping International Business School, Jönköping, Sweden

    Christina Keller

  2. Uppsala University, Uppsala, Sweden

    Mikael Wiberg , Pär J. Ågerfalk  & Jenny S. Z. Eriksson Lundström ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Harnesk, D., Lindström, J. (2012). Materializing Organizational Information Security. In: Keller, C., Wiberg, M., Ågerfalk, P.J., Eriksson Lundström, J.S.Z. (eds) Nordic Contributions in IS Research. SCIS 2012. Lecture Notes in Business Information Processing, vol 124. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32270-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32270-9_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32269-3

  • Online ISBN: 978-3-642-32270-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation