Information security: Listening to the perspective of organisational insiders

Se Eun Choi, Jorge Tiago Martins, Igor Bernik

Research output: Contribution to journalArticleScientificpeer-review

29 Citations (Scopus)


Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research & Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders – a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders’ perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed.

Original languageEnglish
Pages (from-to)752-767
Number of pages16
JournalJournal of Information Science
Issue number6
Publication statusPublished - 1 Dec 2018
MoE publication typeA1 Journal article-refereed


  • information security
  • Information security awareness
  • organisational insiders
  • strategy as practice


Dive into the research topics of 'Information security: Listening to the perspective of organisational insiders'. Together they form a unique fingerprint.

Cite this