Information systems security is a challenging research area in the context of Information Systems. In fact, it has strong practical implications for the management of IS and, at the same time, it gives very interesting insights into understanding the process of social phenomena when communication information technologies are deployed in organizations. Current standards and best practices for the design and management of information systems security, recommend structured and mechanistic approaches, such as risk management methods and techniques, in order to address security issues. However, risk analysis and risk evaluation processes have their limitations, when security incidents occur, they emerge in a context, and their rarity and even their uniqueness give rise to unpredictable threats. The analysis of these phenomena which are characterized by breakdowns, surprises and side- effects, requires a theoretical approach which is able to examine and interpret subjectively the detail of each incident. The aim of this paper is to highlight the duality of information systems security, providing an alternative view on the management of those aspects already defined in the literature as intractable problems and this is pursued through a formative context (Ciborra, Lanzara, 1994) that supports bricolage, hacking and improvisation .

A Framework for Managing Predictable and Unpredictable Threats: the Duality of Information Security Management / Spagnoletti, Paolo; Resca, A.. - Proceedings of the Fifteenth European Conference on Information Systems, (2007), pp. 1539-1550. (15th European Conference on Information Systems, St. Gallen, 7-9 June 2007).

A Framework for Managing Predictable and Unpredictable Threats: the Duality of Information Security Management

SPAGNOLETTI, PAOLO
;
2007

Abstract

Information systems security is a challenging research area in the context of Information Systems. In fact, it has strong practical implications for the management of IS and, at the same time, it gives very interesting insights into understanding the process of social phenomena when communication information technologies are deployed in organizations. Current standards and best practices for the design and management of information systems security, recommend structured and mechanistic approaches, such as risk management methods and techniques, in order to address security issues. However, risk analysis and risk evaluation processes have their limitations, when security incidents occur, they emerge in a context, and their rarity and even their uniqueness give rise to unpredictable threats. The analysis of these phenomena which are characterized by breakdowns, surprises and side- effects, requires a theoretical approach which is able to examine and interpret subjectively the detail of each incident. The aim of this paper is to highlight the duality of information systems security, providing an alternative view on the management of those aspects already defined in the literature as intractable problems and this is pursued through a formative context (Ciborra, Lanzara, 1994) that supports bricolage, hacking and improvisation .
File in questo prodotto:
File Dimensione Formato  
A Framework for Managing Predictable and Unpredictable Threats_ T.pdf

Solo gestori archivio

Tipologia: Versione dell'editore
Licenza: Tutti i diritti riservati
Dimensione 173.51 kB
Formato Adobe PDF
173.51 kB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11385/5530
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact