Inter-organisational information security: a systematic literature review

Karlsson, Fredrik; Kolkowska, Ella; Prenkert, Frans

doi:10.1108/ics-11-2016-091

Cited by 17 publications

(16 citation statements)

References 75 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, only a few studies have investigated employees' actual behavior in this context (Cram et al, 2017;Karlsson et al, 2016;McCole et al, 2010;Gozman and Willcocks, 2019;Amankwah-Amoah and Wang, 2019). Theories in the literature include protection motivation theory (Rogers, 1983), general deterrence theory (Beccaria, 1963;Gibbs, 1975), rational choice theory (Paternoster and Simpson, 1996), neutralization theory (Siponen and Vance, 2010;Sykes and Matza, 1957), theory of reasoned action (Fishbein and Ajzen, 1975), theory of planned behavior (Ajzen, 1985) and social cognitive theory (Bandura, 1986).…”

Section: Theoretical Backgroundmentioning

confidence: 99%

Keeping customers' data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce

Ameen

Tarhini

Shah³

et al. 2021

Computers in Human Behavior

View full text Add to dashboard Cite

Employees are increasingly relying on mobile devices. In international organizations, more employees are using their personal smartphones for work purposes. Meanwhile, the number of data breaches is rising.However, employees' cybersecurity compliance with cybersecurity policies is poorly understood.Researchers have called for a more holistic approach to information security. We propose an employee smartphone-security compliance (ESSC) model, which deepens understanding of employees' informationsecurity behavior by considering influences on the national, organizational, technological (smartphonespecific), and personal levels. The research focuses on secure smartphone use in the workplace among Gen-Mobile (aged 18-35) employees in a cross-cultural context: the United Kingdom (UK), United States (US) and United Arab Emirates (UAE) where 1,735 questionnaires were collected. Our findings suggest that those who wish to understand employees' smartphone-security behavior should consider national cybersecurity policies, cultural differences in different countries, and threats specific to smartphone use.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 99%

Keeping customers' data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce

Ameen

Tarhini

Shah³

et al. 2021

Computers in Human Behavior

View full text Add to dashboard Cite

show abstract

“…Third, ISG papers have low "research maturity". Following Karlsson et al (2016), the research papers are classified by maturity; from emergent to mature (Figure 1). Figure 2 shows that over time, the ISG literature has become more mature.…”

Section: Information Security Governancementioning

confidence: 99%

What do we know about information security governance?

Schinagl

Shahim

2020

ICS

View full text Add to dashboard Cite

Purpose This paper aims to review the information security governance (ISG) literature and emphasises the tensions that exist at the intersection of the rapidly changing business climate and the current body of knowledge on ISG. Design/methodology/approach The intention of the authors was to conduct a systematic literature review. However, owing to limited empirical papers in ISG research, this paper is more conceptually organised. Findings This paper shows that security has shifted from a narrow-focused isolated issue towards a strategic business issue with “from the basement to the boardroom” implications. The key takeaway is that protecting the organisation is important, but organizations must also develop strategies to ensure resilient businesses to take advantage of the opportunities that digitalization can bring. Research limitations/implications The concept of DSG is a new research territory that addresses the limitations and gaps of traditional ISG approaches in a digital context. To this extent, organisational theories are suggested to help build knowledge that offers a deeper understanding than that provided by the too often used practical approaches in ISG research. Practical implications This paper supports practitioners and decision makers by providing a deeper understanding of how organisations and their security approaches are actually affected by digitalisation. Social implications This paper helps individuals to understand that they have increasing rights with regard to privacy and security and a say in what parties they assign business to. Originality/value This paper makes a novel contribution to ISG research. To the authors’ knowledge, this is the first attempt to review and structure the ISG literature.

show abstract

“…However, from an overall analysis of the extant literature, it appears that research on information risk and security has been dominated by technical aspects (Karlsson et al , 2016), and information security management was treated as a technical issue (Singh et al , 2013). Hence, the majority of the attention was given to technological solutions (Soomro et al , 2016).…”

Section: Theoretical Backgroundmentioning

confidence: 99%

“…Nevertheless, from the reviewed literature, it appears that information risk management efforts are generally focussed within the boundaries of the organization or, on a much lesser scale, on inter-organizational dyadic connections between companies (Karlsson et al , 2016). Hence, the literature advocates for a more holistic approach to information risk management (Soomro et al , 2016).…”

Section: Theoretical Backgroundmentioning

confidence: 99%

“…It also shows the need for providing the scientific and industrial communities with empirical evidence aimed at advancing the knowledge and managerial practice on the topic of CSCRM for building a resilient supply chain. In fact, a substantial dearth of empirical studies on cyber and information risk management conducted according to the abovementioned perspectives has been highlighted by previous research (Boyson, 2014; Karlsson et al , 2016) and thus further empirical studies are called for by the managerial implications of cyber-attacks shown in recent examples (Williams, 2017). These gaps provide the motivations for our study and offer to the authors the possibility to complement the existing body of knowledge by providing the academic community with the results of our study, especially shedding light on the managerial implications of the choices made by companies in terms of approaches to managing cyber and information risks, the adopted initiatives, and to what extent in the supply chain.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

See 1 more Smart Citation

Managing cyber and information risks in supply chains: insights from an exploratory analysis

Colicchia

Creazza

Menachof

2019

SCM

View full text Add to dashboard Cite

The increasing level of connectivity is transforming supply chains, and it creates new opportunities but also new risks in the cyber space. Hence, cyber supply chain risk management (CSCRM) is emerging as a new management construct. The purpose of this paper is to explore how companies approach the management of cyber and information risks in their supply chain, what initiatives they adopt to this aim, and to what extent along the supply chain. The ultimate aim is to help organizations in understanding and improving the CSCRM process and cyber resilience in their supply chains. Design/methodology/approach: This research relied on a qualitative approach based on a comparative case study analysis involving five large multinational companies with headquarters, or branches, in the UK. Findings: Results highlight the importance for CSCRM to shift the viewpoint from the traditional focus on companies' internal information technology infrastructure, able to "firewall themselves" only, to the whole supply chain with a cross-functional approach; initiatives for CSCRM are mainly adopted to "respond" and "recover" without a well-rounded approach to supply chain resilience for a long-term capacity to adapt to changes according to an evolutionary approach. Initiatives are adopted at a firm/dyadic level, and a network perspective is missing. Research limitations/implications: This paper extends the current theory on cyber and information risks in supply chains, as a combination of supply chain risk management and resilience, and information risk management. It provides an analysis and classification of cyber and information risks, sources of risks and initiatives to managing them according to a supply chain perspective, along with an investigation of their adoption across the supply chain. It also studies how the concept of resilience has been deployed in the CSCRM process by companies. By laying the empirical foundations of the subject, our study stimulates further research on the challenges and drivers of initiatives and coordination mechanisms for CSCRM at a supply chain network level. Practical implications: Results invite companies to break the "silos" of their activities in CSCRM, embracing the whole supply chain network for better resilience. The adoption of information technology security initiatives should be combined with organizational ones and extended beyond the dyad. Where applicable, initiatives should be bi-directional to involve supply chain partners, remove the typical isolation in the CSCRM process, and leverage the value of information. Decisions on investments in CSCRM should involve also supply chain managers according to a holistic approach. Originality/value: A supply chain perspective in the existing scientific contributions is missing in the management of cyber and information risk. This is one of the first empirical studies dealing with this interdisciplinary subject, focusing on risks that are now very high in the companies' agenda, but still overlooked. It contributes to theory on information risk ...

show abstract

Inter-organisational information security: a systematic literature review

Cited by 17 publications

References 75 publications

Keeping customers' data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce

Keeping customers' data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce

What do we know about information security governance?

Managing cyber and information risks in supply chains: insights from an exploratory analysis

Contact Info

Product

Resources

About