Information systems security policy implementation in practice: from best practices to situated practices

Niemimaa, Elina; Niemimaa, Marko

doi:10.1057/s41303-016-0025-y

Cited by 49 publications

(48 citation statements)

References 77 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Chen & Zahedi, 2016), which has resulted in various design theories (Heikka, Baskerville, & Siponen, 2006;Siponen & Iivari, 2006). A key research focus in the area of IS security is the use of organizational policies that define how the users of information systems should prevent, identify, and react in security incidents (Anderson et al, 2017;Cram, Proudfoot, & D'Arcy, 2017;Moody, Siponen, & Pahnila, 2018;Niemimaa & Niemimaa, 2017). An excellent review of the body of knowledge is provided by Cram et al (2017), who analyzed 114 security policy-related journal articles.…”

Section: Existing Research On Sdpss and Their Limitationsmentioning

confidence: 99%

"Blockchain for the IoT: Privacy-Preserving Protection of Sensor Data"

Chanson¹,

Bogner²,

Bilgeri³

et al. 2019

JAIS

View full text Add to dashboard Cite

A constantly growing pool of smart, connected Internet of Things (IoT) devices poses completely new challenges for business regarding security and privacy. In fact, the widespread adoption of smart products might depend on the ability of organizations to offer systems that ensure adequate sensor data integrity while guaranteeing sufficient user privacy. In light of these challenges, previous research indicates that blockchain technology may be a promising means to mitigate issues of data security arising in the IoT. Building upon the existing body of knowledge, we propose a design theory, including requirements, design principles, and features, for a blockchain-based sensor data protection system (SDPS) that leverages data certification. We then design and develop an instantiation of an SDPS (CertifiCar) in three iterative cycles that prevents the fraudulent manipulation of car mileage data. Furthermore, we provide an ex-post evaluation of our design theory considering CertifiCar and two additional use cases in the realm of pharmaceutical supply chains and energy microgrids. The evaluation results suggest that the proposed design ensures the tamper-resistant gathering, processing, and exchange of IoT sensor data in a privacy-preserving, scalable, and efficient manner.

show abstract

Section: Existing Research On Sdpss and Their Limitationsmentioning

confidence: 99%

"Blockchain for the IoT: Privacy-Preserving Protection of Sensor Data"

Chanson¹,

Bogner²,

Bilgeri³

et al. 2019

JAIS

View full text Add to dashboard Cite

show abstract

“…On the other hand, employees lack basic information on security knowledge and are thus unarmed when addressing information security risks. As a result, employees' violations of ISP or the abuse or misuse of work computers frequently occurs within organizations (Niemimaa & Niemimaa, 2017). To this end, information security management at the organizational level should focus on cultivating employees' information security awareness and improving the self-efficacy level (Posey et al, 2013;Moody et al, 2018).…”

Section: Introductionmentioning

confidence: 99%

Positive Emotions and Employees’ Protection-Motivated Behaviours: A Moderated Mediation Model

Zhang

Xie²,

Dong

2020

Journal of Business Economics and Management

View full text Add to dashboard Cite

This study explores the relationship between positive emotions and protection-motivated behaviours by focusing on the mediating role of self-efficacy and the moderating role of information security awareness. Based on a sample of 215 full-time employees from various organizations in China, the results of hierarchical regression and moderated path analysis indicate that positive emotions positively influence protection-motivated behaviours, and self-efficacy partially mediates this relationship. In addition, information security awareness has a positive moderating effect on the relationships between positive emotions and self-efficacy and between self-efficacy and protectionmotivated behaviours. Furthermore, the findings show that information security awareness has a positive moderating effect on the mediating effect of self-efficacy between positive emotions and protection-motivated behaviours. The theoretical and practical implications of these results, as well as directions for future research, are discussed.

show abstract

“…will they be fully effective. Niemimaa and Niemimaa (2017) studied how an information technology service provider translated the information systems security (ISS) best practice of information classification into an ISS policy and into situated practices. As found in the study of the Norwegian electricity power supply sector, they note that the international ISS standards, such as ISO/IEC 27001 and ISO/IEC 27002, are universal and general in their scope and provide little guidance for the organizations that wish to adopt them (Siponen, 2006;Siponen and Wilson, 2009).…”

Section: Discussionmentioning

confidence: 99%

“…According to Ansari, Fiss, and Zajac (2010), transfer and diffusion of practices among different local contexts consist of translation, coconstruction, and editing activities in different cultural and social contexts and may lead to divergence and variability in practices that are being adopted, enacted, and adapted. Niemimaa and Niemimaa (2017) have also found that practices across organizations may not emerge as identical simply by following the same set of best practices. On an abstract level, it may be possible to identify common characteristics of practices across organizations.…”

Section: Sensemaking and Translation Theorymentioning

confidence: 99%

Standardization and Risk Governance

Olsen¹,

Juhl²,

Lindøe³

et al. 2019

View full text Add to dashboard Cite

This multidisciplinary book conceptualizes, maps, and analyses ongoing standardization processes of risk issues across various sectors, processes, and practices. Standards are not only technical specifications and guidelines to support efficient risk governance, but also contain social, political, economic, and organizational aspects. This book presents a variety of standardization processes and applications of standards that may influence our judgements of risk, the organizing of risk governance, and, accordingly, our behaviour. Standardization and standards can impact risk governance in different ways. The most important lessons drawn from the present volume can be summarized in three areas: (1) how standardization might impact on power relations and interests; (2) how standardization may change flexibility in decision-making, communication, and cooperation; and (3) how standardization could (re)direct attention and risk perception. The volume's aim is to present an analysis of standardization processes and how it affects our thinking about risk, how we organize risk governance, and how standardization may influence risk management. In so doing, it contributes to a more informed discourse regarding the use of standards and standardization in contemporary risk management. Standardization and Risk Governance will be of great interest to students of risk, standardization, global governance, and critical security studies.

show abstract

Information systems security policy implementation in practice: from best practices to situated practices

Cited by 49 publications

References 77 publications

"Blockchain for the IoT: Privacy-Preserving Protection of Sensor Data"

"Blockchain for the IoT: Privacy-Preserving Protection of Sensor Data"

Positive Emotions and Employees’ Protection-Motivated Behaviours: A Moderated Mediation Model

Standardization and Risk Governance

Contact Info

Product

Resources

About