Conceptualising improvisation in information systems security

Kennedy Njenga, Irwin Brown

Research output: Contribution to journalArticlepeer-review

39 Citations (Scopus)


Information Systems Security (ISS) has constantly been ranked as a key concern for Information Systems (IS) managers. Research in the field has largely assumed rational choice (functional) approaches to managing ISS. Such approaches do not give due recognition to the role of improvisation in ISS work. Empirical evidence in organisations suggests that in the context of dynamic, volatile and uncertain environments practitioners are both rational and adaptive (a manifestation of improvisation). In this paper, we conceptualise and demonstrate the manifestation of improvisation in ISS. In order to develop a better understanding of improvisation in ISS activities, hermeneutical and exegetical techniques were employed. Empirical data were collected through in-depth interviews in a single case study. The data obtained were analysed and interpreted hermeneutically. Generally it was found that improvisation is manifested in ISS activities. Implications of these and other findings for the scholarly community and for practical use are discussed.

Original languageEnglish
Pages (from-to)592-607
Number of pages16
JournalEuropean Journal of Information Systems
Issue number6
Publication statusPublished - Nov 2012


  • hermeneutics
  • improvisation
  • information systems security
  • rational choice

ASJC Scopus subject areas

  • Management Information Systems
  • Information Systems
  • Library and Information Sciences
  • Information Systems and Management


Dive into the research topics of 'Conceptualising improvisation in information systems security'. Together they form a unique fingerprint.

Cite this