Elina Niemimaa scite author profile

Developing organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research indicates that organisations should create InfoSec policies based on best practices (top-down) and simultaneously encourages participatory development (bottom-up). These contradictory suggestions place managers in a dilemma: Should they follow a top-down or bottom-up approach? In this research, we build on an ethnographic approach to study how an innovative engineering company (MachineryCorp) managed the contradiction when the firm developed an InfoSec policy. Drawing on the dialectical theory of organisations as a lens, the findings suggest the InfoSec policy development is a recurrent process consisting of three phases: (1) drawing interpretations of InfoSec requirements from best practices (deductive adoption) and (2) constructing possibilities for local implementation (inductive adjustment) (3) that engender tensions between best practices and local contingencies facilitating innovative local resolutions (synthetic innovation).We call this process abductive innovation. At MachineryCorp, a triangle of tensions surfaced due to economic realities, infrastructure affordances, and social arrangements, and were necessary in explaining how the InfoSec policy gradually and iteratively materialised and resulted in an organisationally contingent policy.

show abstract

In the Riptide of Control and Trust: Emergence of Control Practices, Suspicion, and Distrust in New Technology Deployment

Hurmelinna‐Laukkanen

Niemimaa

Rantakari

et al. 2022

J Management Studies

View full text Add to dashboard Cite

In this study, we focus on the unintended consequences of new technology deployment for control‐trust dynamics. When addressing these dynamics, managers and management researchers often focus on consciously designed and implemented controls and management actions that build, repair, or preserve trust. At the same time, unowned processes – processes that have no single source or purpose – easily go unnoticed. These processes may have effects that are inadvertent and sometimes detrimental. A close‐up ethnographic study of a technology deployment provides insight into the emergence of unintended control practices and shifts in trust. Our findings demonstrate how deployment of new technology prompted a shift in the loci and forms of control and how trust, suspicion, and distrust surfaced asymmetrically as organizational members interpreted in different ways how others were using the new technological features. These developments contributed to the emergence of four unintended control practices: incidental monitoring, organizational surveillance, individual concealment, and collective resistance. Our study highlights the role of unowned processes in the control‐trust dynamics and emphasizes that whether or not control and trust are consciously addressed, both play interactive and evolving roles in organizations.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Elina Niemimaa

Information systems security policy implementation in practice: from best practices to situated practices

Abductive innovations in information security policy development: an ethnographic study

In the Riptide of Control and Trust: Emergence of Control Practices, Suspicion, and Distrust in New Technology Deployment

Contact Info

Product

Resources

About