Skip to Main content Skip to Navigation
Conference papers

The Case for Improvisation in Information Security Risk Management

Abstract : Information Security (IS) practitioners face increasingly unanticipated challenges in IS risk management, often pushing them to act extemporaneously. Few studies have been dedicated to examining the role these extemporaneous actions play in mitigating IS risk. Studies have focused on clear guidelines and policies as sound approaches to ISRM (functionalist approaches). When IS risk incidents occur in context and differ one from another, incrementalist approaches to ISRM apply. This paper qualitatively draws viewpoints from IS management on the functionalist and incrementalist viewpoint of managing IS risk. We examine improvisation as an expression of extemporaneous action using a selected case study and argue that improvisation is a fusion of functionalist and incrementalist approaches. Discussions with information security practitioners selected from the case study suggest the presence of improvisation as a positive value-add phenomenon in ISRM. This paper presents a case for improvisation in ISRM.
Document type :
Conference papers
Complete list of metadata

Cited literature [28 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, August 7, 2014 - 4:48:14 PM
Last modification on : Friday, April 1, 2022 - 2:52:02 PM
Long-term archiving on: : Wednesday, November 26, 2014 - 5:31:14 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Kennedy Njenga, Irwin Brown. The Case for Improvisation in Information Security Risk Management. Joint IFIP TC 8 and TC 6 International Conferences on E-Government, E-Services and Global Processes (EGES) / Global Information Systems Processes (GISP), / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. pp.220-230, ⟨10.1007/978-3-642-15346-4_18⟩. ⟨hal-01054639⟩



Record views


Files downloads