The Case for Improvisation in Information Security Risk Management

Abstract : Information Security (IS) practitioners face increasingly unanticipated challenges in IS risk management, often pushing them to act extemporaneously. Few studies have been dedicated to examining the role these extemporaneous actions play in mitigating IS risk. Studies have focused on clear guidelines and policies as sound approaches to ISRM (functionalist approaches). When IS risk incidents occur in context and differ one from another, incrementalist approaches to ISRM apply. This paper qualitatively draws viewpoints from IS management on the functionalist and incrementalist viewpoint of managing IS risk. We examine improvisation as an expression of extemporaneous action using a selected case study and argue that improvisation is a fusion of functionalist and incrementalist approaches. Discussions with information security practitioners selected from the case study suggest the presence of improvisation as a positive value-add phenomenon in ISRM. This paper presents a case for improvisation in ISRM.
Type de document :
Communication dans un congrès
Marijn Janssen; Winfried Lamersdorf; Jan Pries-Heje; Michael Rosemann. Joint IFIP TC 8 and TC 6 International Conferences on E-Government, E-Services and Global Processes (EGES) / Global Information Systems Processes (GISP), / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. Springer, IFIP Advances in Information and Communication Technology, AICT-334, pp.220-230, 2010, E-Government, E-Services and Global Processes. 〈10.1007/978-3-642-15346-4_18〉
Liste complète des métadonnées

Littérature citée [28 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01054639
Contributeur : Hal Ifip <>
Soumis le : jeudi 7 août 2014 - 16:48:14
Dernière modification le : vendredi 20 avril 2018 - 13:34:01
Document(s) archivé(s) le : mercredi 26 novembre 2014 - 05:31:14

Fichier

4_Information_Security_Risk_Ma...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Kennedy Njenga, Irwin Brown. The Case for Improvisation in Information Security Risk Management. Marijn Janssen; Winfried Lamersdorf; Jan Pries-Heje; Michael Rosemann. Joint IFIP TC 8 and TC 6 International Conferences on E-Government, E-Services and Global Processes (EGES) / Global Information Systems Processes (GISP), / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. Springer, IFIP Advances in Information and Communication Technology, AICT-334, pp.220-230, 2010, E-Government, E-Services and Global Processes. 〈10.1007/978-3-642-15346-4_18〉. 〈hal-01054639〉

Partager

Métriques

Consultations de la notice

106

Téléchargements de fichiers

115