Abstract
In the context of situated elderly care this paper discusses the intertwined relationship between organizational security objectives, technology, and employees’ security behavior. We use findings from a single case study to aid in our understanding of how managers sought to create a secure work environment by introducing behavioral security technology, and how employees appreciated the new security software in everyday routines. Theoretically the case study is informed by sociomateriality in that it employs the notion of technological affordances of behavioral security technology. Findings show that security technology material is an integral part of security management and security in use, and that both the technical actor and human actors contributed to cultivation of the information security practice in the elderly care center.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chandra, A., Calderon, T.: Challenges and constraints to the diffusion of biometrics in information systems. Communications of the ACM 48, 101–106 (2005)
Puhakainen, P., Siponen, M.: Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly 34, 767–793 (2010)
Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., Vance, A.: What levels of moral reasoning and values explain adherence to information security rules: An empirical study. European Journal of Information Systems 18, 126–139 (2009)
Lee, Y., Larsen, K.R.: Threat or coping appraisal: determinants of SMB executives/’ decision to adopt anti-malware software. European Journal of Information Systems 18, 177–187 (2009)
Hsu, C.W.: Frame misalignment: interpreting the implementation of information systems security certification in an organization. European Journal of Information Systems 18, 140–150 (2009)
Warkentin, M., Johnston, A.C., Shropshire, J.: The influence of the informal social learning environment on information privacy policy compliance efficacy and intention. European Journal of Information Systems 20, 267–284 (2011)
Wade, H.B., Linda, W.: Is information security under control?: Investigating quality in information security management. IEEE Security & Privacy 5, 36–44 (2007)
Leonardi, P.M., Barley, S.R.: Materiality and change: Challenges to building better theory about technology and organizing. Information and Organization 18, 159–176 (2008)
Introna, L.D., Hayes, N.: On sociomaterial imbrications: What plagiarism detection systems reveal and why it matters. Information and Organization 21, 107–122 (2011)
Jonsson, K., Holmström, J., Lyytinen, K.: Turn to the material: Remote diagnostic systems and new forms of boundary spanning. Information and Organization 19(2009), 233–252 (2009)
Scolaí, P.: Materialising materiality. In: Proceedings of the Twenty Ninth International Conference on Information Systems, Paris, pp. 1–10 (2008)
Orlikowski, W.J.: Sociomaterial practices: Exploring technology at work. Organization Studies 28, 1435–1448 (2007)
Holmström, J., Robey, D.: Inscribing organizational change with information technology. In: Czarniawska, B., Hernes, T. (eds.) Actor-network Theory and Organising. Copenhagen Business School Press, Copenhagen (2005)
Choobineh, J., Dhillon, G., Grimalla, M., Rees, J.: Management of information security: challenges and research directions. Communications of the Association for Information Systems 20, 958–971 (2007)
Stahl, B.C., Shaw, M., Doherty, N.F.: Information systems security management: A critical research agenda. In: Association of Information Systems SIGSEC Workshop on Information Security and Privacy (WISP 2008), Paris (2008)
Woodhouse, S.: Information Security: End User Behavior and Corporate Culture. In: Proceedings of the Seventh Conference on Computer and Information Technology, pp. 767–772. IEEE (2007)
Orlikowski, W.J.: Sociomaterial practices: Exploring technology at work. Organization Studies 28, 1435–1448 (2007)
Siponen, M.: Analysis of modern IS security development approaches: Towards the next generation of social and adaptable ISS methods. Information and Organization 15, 339–375 (2005)
Dhillon, G., Backhouse, J.: Current directions in IS security research: Towards socio-organizational perspectives. Information Systems Journal 11, 127–153 (2001)
Baskerville, R.: Risk analysis: An interpretive feasibility tool in justifying information systems security. European Journal of Information Systems 1, 121–130 (1991)
Dhillon, G.: Princples of information security: Text and cases. John Wiley & Sons, New Jersey (2007)
Lacey, D.: Understanding and transforming organizational security culture. Information Management & Computer Security 18, 4–13 (2010)
Stanton, J.M., Mastrangelo, P.R., Stam, K.R., Jolton, J.: Behavioral information security: Two end user survey studies of motivation and security practices. In: Proceedings of the Tenth America’s Conference on Information Systems, New York (2004)
Dinev, T., Hu, Q.: The centrality of awareness in the formation of user behavioral intention toward protective information technologies. Journal of the Association for Information Systems 8 (2007)
Backhouse, J., Dhillon, G.: Structures of responsibilities and security of information systems. European Journal of Information Systems 5, 2–10 (1996)
von Solms, B.: Information security - The third wave? Computers & Security 19, 615–620 (2000)
Silva, L., Backhouse, J.: The circuits-of-power framework for studying power in institutionalization of information systems. Journal of the Association for Information Systems 4, 294–336 (2003)
Whitman, M.E., Mattord, H.: Principles of information security. Course Technology, Boston (2005)
Bishop, M.: Computer security: Art and science. Addison-Wesley, Boston (2003)
Johnston, A.C., Warkentin, M.: Fear appeals and information security behaviors: An empirical study. MIS Quarterly 34, 549–565 (2010)
Siponen, M.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8, 31–41 (2000)
Dhillon, G., Torkzadeh, G.: Value-focused assessment of information system security in organizations. Information Systems Journal 16, 293–314 (2006)
Hedström, K., Dhillon, G., Karlsson, F.: Using Actor Network Theory to Understand Information Security Management. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 43–54. Springer, Heidelberg (2010)
Siponen, M., Willison, R.: Information security management standards: Problems and solutions. Information & Management 46, 267–270 (2009)
Elgarah, W., Falaleeva, N.: Adoption of biometric technology: Information privacy in TAM. In: Proceedings of AMCIS The Americas Conference on Information Systems. Paper 222 (2005)
Matyas, S.M., Stapleton, J.: A biometric standard for information management and security. Journal of Computer Security 19, 428–441 (2000)
Phillips, P.J., Martin, A., Wilson, C.L., Przybocki, M.: An introduction evaluating biometric systems. Computer 33, 56–63 (2000)
Boatwright, M., Luo, X.: What do we know about biometrics authentication? In: Proceedings of the 4th Annual Conference on Information Security Curriculum Development. ACM, Kennesaw (2007)
Jain, A.K., Ross, A., Prabhakar, S.: An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology 14, 4–20 (2004)
Lease, D.R.: Factors influencing the adoption of biometric security technologies by decision-making information technology and security managers. Dissertation 179, Capella University (2005)
Gamboa, H., Fred, A.: A behavioural biometric system based on human computer interaction. SPIE (2004)
Pentland, B.T., Feldman, M.S.: Designing routines: On the folly of designing arti facts, while hoping for patterns of action. Information and Organization 18, 235–250 (2008)
Kong, J., Zerfos, P., Luo, H., Lu, S., Zhang, L.: Providing robust and ubiquitous security support for mobile ad hoc networks. In: The Ninth IEEE ICNP, Riverside, USA, pp. 251–260 (2001)
Barad, K.: Posthumanist performativity: Toward an understanding of how matter comes to matter. Signs 28, 801–831 (2003)
Orlikowski, W.J.: The sociomateriality of organisational life: considering technology in management research. Cambridge Journal of Economics 34, 125–141 (2010)
Harnesk, D., Lindström, J.: Shaping security behavior through discipline and agility: Implications for information security management. Information Management & Computer Security 19 (2011)
Pahnila, S., Siponen, M., Mahmood, A.: Employées Adherence to Information Security Policies: An Empirical Study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 133–144. Springer, Boston (2007)
Bhattacherjee, A., Premkumar, G.: Understanding changes in belief and attitude toward information technology usage: A theoretical model and longitudinal test. MIS Quarterly 28, 229–254 (2004)
Orlikowski, W.J., Gash, D.C.: Technological frames: Making sense of information technology in organizations. ACM Transactions of Information Systems 2, 174–207 (1994)
Straub, D.W., Welke, R.J.: Coping with systems risk: Security planning models for management decision making. MIS Quarterly 22, 441–469 (1998)
Cordella, A.: Information infrastructure in action. London School of Economics and Political Sciences, Department of Information Systems (2006)
Yin, R.: Case study research. Sage Publications, Thousand Oaks (1994)
Miles, M.B., Huberman, M.A.: Qualitative data analysis. Sage Publications, Thousand Oaks (1994)
Chattacherjee, A.: Understanding information systems continuance: An expectation-confirmation Model. MIS Quarterly 5, 351–370 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Harnesk, D., Lindström, J. (2012). Materializing Organizational Information Security. In: Keller, C., Wiberg, M., Ågerfalk, P.J., Eriksson Lundström, J.S.Z. (eds) Nordic Contributions in IS Research. SCIS 2012. Lecture Notes in Business Information Processing, vol 124. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32270-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-32270-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32269-3
Online ISBN: 978-3-642-32270-9
eBook Packages: Computer ScienceComputer Science (R0)