A Framework for Managing Predictable and Unpredictable Threats: the Duality of Information Security Management

Information systems security is a challenging research area in the context of Information Systems. In fact, it has strong practical implications for the management of IS and, at the same time, it gives very interesting insights into understanding the process of social phenomena when communication information technologies are deployed in organizations. Current standards and best practices for the design and management of information systems security, recommend structured and mechanistic approaches, such as risk management methods and techniques, in order to address security issues. However, risk analysis and risk evaluation processes have their limitations, when security incidents occur, they emerge in a context, and their rarity and even their uniqueness give rise to unpredictable threats. The analysis of these phenomena which are characterized by breakdowns, surprises and side- effects, requires a theoretical approach which is able to examine and interpret subjectively the detail of each incident. The aim of this paper is to highlight the duality of information systems security, providing an alternative view on the management of those aspects already defined in the literature as intractable problems and this is pursued through a formative context (Ciborra, Lanzara, 1994) that supports bricolage, hacking and improvisation .

A Framework for Managing Predictable and Unpredictable Threats: the Duality of Information Security Management / Spagnoletti, Paolo; Resca, A.. - (2007), pp. 1539-1550. ((Intervento presentato al convegno 15th European Conference on Information Systems tenutosi a St. Gallen nel 7-9 June 2007.

Check for full text @ Luiss
Titolo: A Framework for Managing Predictable and Unpredictable Threats: the Duality of Information Security Management
Autori: 
Spagnoletti, Paolo (Corresponding)
mostra contributor esterni 
Data di pubblicazione: 2007
Citazione: A Framework for Managing Predictable and Unpredictable Threats: the Duality of Information Security Management / Spagnoletti, Paolo; Resca, A.. - (2007), pp. 1539-1550. ((Intervento presentato al convegno 15th European Conference on Information Systems tenutosi a St. Gallen nel 7-9 June 2007.
Handle: http://hdl.handle.net/11385/5530
Appare nelle tipologie:04.1 - Contributo in Atti di convegno (Paper in Proceedings)

File in questo prodotto:
FileDescrizioneTipologiaLicenza 
A Framework for Managing Predictable and Unpredictable Threats_ T.pdf Versione dell'editoreTutti i diritti riservatiAdministrator
Pubblicazioni consigliate
Loading suggested articles...
Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11385/5530
  • Citazioni
  • Scopus
  • WOS ND
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookies-Privacy
Logo CINECA  Copyright © 2022