Information systems security is a challenging research area in the context of Information Systems. In fact, it has strong practical implications for the management of IS and, at the same time, it gives very interesting insights into understanding the process of social phenomena when communication information technologies are deployed in organizations. Current standards and best practices for the design and management of information systems security, recommend structured and mechanistic approaches, such as risk management methods and techniques, in order to address security issues. However, risk analysis and risk evaluation processes have their limitations, when security incidents occur, they emerge in a context, and their rarity and even their uniqueness give rise to unpredictable threats. The analysis of these phenomena which are characterized by breakdowns, surprises and side effects, requires a theoretical approach which is able to examine and interpret subjectively the detail of each incident. The aim of this paper is to highlight the duality of information systems security, providing an alternative view on the management of those aspects already defined in the literature as intractable problems and this is pursued through a formative context (Ciborra, Lanzara, 1994) that supports bricolage, hacking and improvisation.

The duality of Information Security Management: fighting against predictable and unpredictable threats / Spagnoletti, Paolo; Resca, Andrea. - In: JOURNAL OF INFORMATION SYSTEM SECURITY. - ISSN 1551-0123. - STAMPA. - 4:3(2008), pp. 46-62.

The duality of Information Security Management: fighting against predictable and unpredictable threats

SPAGNOLETTI, PAOLO;RESCA, ANDREA
2008

Abstract

Information systems security is a challenging research area in the context of Information Systems. In fact, it has strong practical implications for the management of IS and, at the same time, it gives very interesting insights into understanding the process of social phenomena when communication information technologies are deployed in organizations. Current standards and best practices for the design and management of information systems security, recommend structured and mechanistic approaches, such as risk management methods and techniques, in order to address security issues. However, risk analysis and risk evaluation processes have their limitations, when security incidents occur, they emerge in a context, and their rarity and even their uniqueness give rise to unpredictable threats. The analysis of these phenomena which are characterized by breakdowns, surprises and side effects, requires a theoretical approach which is able to examine and interpret subjectively the detail of each incident. The aim of this paper is to highlight the duality of information systems security, providing an alternative view on the management of those aspects already defined in the literature as intractable problems and this is pursued through a formative context (Ciborra, Lanzara, 1994) that supports bricolage, hacking and improvisation.
information systems security; risk management; formative context
The duality of Information Security Management: fighting against predictable and unpredictable threats / Spagnoletti, Paolo; Resca, Andrea. - In: JOURNAL OF INFORMATION SYSTEM SECURITY. - ISSN 1551-0123. - STAMPA. - 4:3(2008), pp. 46-62.
File in questo prodotto:
File Dimensione Formato  
JISSec 2008.pdf

Solo gestori archivio

Tipologia: Documento in Post-print
Licenza: DRM non definito
Dimensione 63.31 kB
Formato Adobe PDF
63.31 kB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11385/5478
Citazioni
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact