TY - JOUR
T1 - Information security
T2 - Listening to the perspective of organisational insiders
AU - Choi, Se Eun
AU - Martins, Jorge Tiago
AU - Bernik, Igor
N1 - Publisher Copyright:
© The Author(s) 2018.
Copyright:
Copyright 2018 Elsevier B.V., All rights reserved.
PY - 2018/12/1
Y1 - 2018/12/1
N2 - Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research & Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders – a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders’ perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed.
AB - Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research & Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders – a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders’ perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed.
KW - information security
KW - Information security awareness
KW - organisational insiders
KW - strategy as practice
UR - http://www.scopus.com/inward/record.url?scp=85042361253&partnerID=8YFLogxK
U2 - 10.1177/0165551517748288
DO - 10.1177/0165551517748288
M3 - Article
AN - SCOPUS:85042361253
SN - 0165-5515
VL - 44
SP - 752
EP - 767
JO - Journal of Information Science
JF - Journal of Information Science
IS - 6
ER -