TY - GEN
T1 - The case for improvisation in information security risk management
AU - Njenga, Kennedy
AU - Brown, Irwin
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2010.
PY - 2010
Y1 - 2010
N2 - Information Security (IS) practitioners face increasingly unanticipated challenges in IS risk management, often pushing them to act extemporaneously. Few studies have been dedicated to examining the role these extemporaneous actions play in mitigating IS risk. Studies have focused on clear guidelines and policies as sound approaches to ISRM (functionalist approaches). When IS risk incidents occur in context and differ one from another, incrementalist approaches to ISRM apply. This paper qualitatively draws viewpoints from IS management on the functionalist and incrementalist viewpoint of managing IS risk. We examine improvisation as an expression of extemporaneous action using a selected case study and argue that improvisation is a fusion of functionalist and incrementalist approaches. Discussions with information security practitioners selected from the case study suggest the presence of improvisation as a positive value-add phenomenon in ISRM. This paper presents a case for improvisation in ISRM.
AB - Information Security (IS) practitioners face increasingly unanticipated challenges in IS risk management, often pushing them to act extemporaneously. Few studies have been dedicated to examining the role these extemporaneous actions play in mitigating IS risk. Studies have focused on clear guidelines and policies as sound approaches to ISRM (functionalist approaches). When IS risk incidents occur in context and differ one from another, incrementalist approaches to ISRM apply. This paper qualitatively draws viewpoints from IS management on the functionalist and incrementalist viewpoint of managing IS risk. We examine improvisation as an expression of extemporaneous action using a selected case study and argue that improvisation is a fusion of functionalist and incrementalist approaches. Discussions with information security practitioners selected from the case study suggest the presence of improvisation as a positive value-add phenomenon in ISRM. This paper presents a case for improvisation in ISRM.
KW - Improvisation
KW - Incrementalism
KW - Information Security
KW - Risk Management Functionalism
UR - http://www.scopus.com/inward/record.url?scp=84943618823&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-15346-4_18
DO - 10.1007/978-3-642-15346-4_18
M3 - Conference contribution
AN - SCOPUS:84943618823
SN - 9783642153457
T3 - IFIP Advances in Information and Communication Technology
SP - 220
EP - 230
BT - E-Government, E-Services and Global Processes - Joint IFIP TC 8 and TC 6 International Conferences EGES 2010 and GISP 2010 Held as Part of WCC 2010, Proceedings
A2 - Janssen, Marijn
A2 - Lamersdorf, Winfried
A2 - Pries-Heje, Jan
A2 - Rosemann, Michael
PB - Springer New York LLC
T2 - Joint IFIP TC 8 International Conference on E-Government and E-Services, EGES 2010 and IFIP TC 6 International Conference on Global Information Systems Processes, GISP 2010 Held as Part of 21st IFIP World Computer Congress, WCC 2010
Y2 - 20 September 2010 through 23 September 2010
ER -