Beyond the 'fix-it' treadmill

Reed, J. Paul

doi:10.1145/3380322

Cited by 3 publications

(11 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The first learning mode, reflective learning, considers learning as a process through which organizations reflect on past incidents, derive insights, and disseminate them to prevent or handle future incidents effectively (Reed 2020). Reflective learning is the most common learning mode and seeks to capitalize on past experience (67% of the studies).…”

Section: Reflective Learning: Learning From Past Incidents For the Fu...mentioning

confidence: 99%

“…A large portion of the reviewed studies conceive learning as a formal process of post-incident analysis: examining the causes of the incident (Ebert 2015), drawing lessons (Dalal and Chhillar 2013;Leveson 2013), articulating corrective solutions (Card 1998), outlining best practices (von Solms and von Solms 2004), and identifying early warning signals (Kappelman et al 2006). In post-incident analysis, also known in practice as postmortem (Reed 2020), the individuals and communities closely involved in the incident develop abstract knowledge about past IS incidents by reflecting on their actions and experiences (Dalal and Chhillar 2013). Thorough, timely post-incident analysis aims to prevent similar incidents (Straub and Welke 1998;Talin 1997), reduce the damage caused by future incidents (Kliem 1999), boost preparedness (Junglas and Ives 2007), allow efficient recovery from future incidents (Shedden et al 2010), enhance the quality and reliability of systems (Mouratidis and Giorgini 2007), and improve organizational processes (Harkness et al 1996).…”

Section: Post-incident Analysismentioning

confidence: 99%

“…They claimed that knowledge of early warning signals from past incidents can help organizations take measures to prevent future incidents. Reed (2020) showed that during post-incident analysis, organizations produce a variety of "artifacts," such as incident documentation, root-cause analysis, action lists, and generalizable lessons. The author stressed that each artifact has a distinct learning effect, as some focus on short-term remedies and others longer-term, fundamental improvements.…”

Section: Box 1 Using Post-incident Analysis To Drawmentioning

confidence: 99%

“…Through post-mortem investigation organizations often produce static lists of remedial actions. These tend to be specific to a particular incident and, therefore, scarcely transferable or helpful for dealing with future incidents (Reed 2020). Bouwens and Stafford (2019) stressed that the "contexts and nature of attacks" change over time, which requires firms to learn how to distinguish between stable, generalizable lessons and transient, incident-specific ones.…”

Section: Box 1 Using Post-incident Analysis To Drawmentioning

confidence: 99%

“…Finally, even when companies conduct post-incident analyses, the lessons may not be properly captured, or stored in easily accessible format and locations, and may not be shared actively with different stakeholders (Grispos et al 2015). As a result, the learning process might generate static artifacts and individualized learning, which are useful to certain people in the organization, but are of no benefit to the organization as a whole (Reed 2020).…”

Section: Box 1 Using Post-incident Analysis To Drawmentioning

confidence: 99%

See 4 more Smart Citations

How Do Organizations Learn from Information System Incidents? A Synthesis of the Past, Present, and Future

Mehrizi¹,

Nicolini²,

Rodón³

2022

MISQ

View full text Add to dashboard Cite

We review the literature on how organizations learn from information system (IS) incidents. We identify three modes of learning depending on the practices that constitute the learning process, the specific actors who play roles in learning, the temporal orientation of the learning practices, and the specific contextual focus of the learning. The literature focuses primarily on learning from past experience to draw lessons for future incidents (reflective learning mode). Yet, a growing stream of literature stresses the importance of learning through engagement with present incidents (embedded learning mode), and a few studies suggest that organizations can learn prospectively to prepare for future incidents (prospective learning mode). We argue that although these three learning modes are effective, they do not adequately explain how organizations learn from IS incidents when used in isolation. Since IS incidents unfold increasingly as sets of interacting events across information systems and organizational settings, organizational learning needs to be theorized as an iterative process among these learning modes. We synthesize these three learning modes into an integrative framework and theorize about their supportive and inhibiting relations. We suggest some opportunities for future research, which would advance our understanding of how organizations learn from IS incidents.

show abstract

Section: Reflective Learning: Learning From Past Incidents For the Fu...mentioning

confidence: 99%

Section: Post-incident Analysismentioning

confidence: 99%

Section: Box 1 Using Post-incident Analysis To Drawmentioning

confidence: 99%

Section: Box 1 Using Post-incident Analysis To Drawmentioning

confidence: 99%

Section: Box 1 Using Post-incident Analysis To Drawmentioning

confidence: 99%

See 3 more Smart Citations

How Do Organizations Learn from Information System Incidents? A Synthesis of the Past, Present, and Future

Mehrizi¹,

Nicolini²,

Rodón³

2022

MISQ

View full text Add to dashboard Cite

show abstract

Conceptualizing Information Systems Development as an Organizational Routine

Vial

Rivard

2022

SIGMIS Database

View full text Add to dashboard Cite

Research acknowledges that information systems development (ISD) teams experiment with, overlook, or adapt the methods that they purportedly use. Given this, one stream of research adopts a perspective focused on prescriptions based on the idea of a method. Another stream of research adopts a perspective anchored in the view that human agency plays a critical role in the unfolding of ISD projects. We suggest that our understanding of ISD can be enriched by mobilizing both perspectives. Specifically, we propose a conceptualization of ISD as an organizational routine based on the ontology developed by Feldman and Pentland. We build on the elements of this ontology- (1) the idea of a routine (the ostensive aspect) and (2) its enactment (the performative aspect) as the two mutually constitutive aspects of organizational routines; and (3) the role of artifacts as mediators of the relationship between actors and the ostensive and performative aspects of organizational routines - to develop theoretical arguments explaining the benefits of applying this ontology to the ISD phenomenon. Extending the contextual boundaries of Feldman and Pentland's ontology, we propose research avenues that have the potential to contribute to our understanding of this core phenomenon of the IS discipline.

show abstract

Microservice security: a systematic literature review

Berardi

Giallorenzo

Mauro

et al. 2022

PeerJ Computer Science

View full text Add to dashboard Cite

Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus: it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges.

show abstract

Beyond the 'fix-it' treadmill

Abstract: The use of post-incident artifacts in high-performing organizations.

Cited by 3 publications

References 0 publications

How Do Organizations Learn from Information System Incidents? A Synthesis of the Past, Present, and Future

How Do Organizations Learn from Information System Incidents? A Synthesis of the Past, Present, and Future

Conceptualizing Information Systems Development as an Organizational Routine

Microservice security: a systematic literature review

Contact Info

Product

Resources

About