The case for improvisation in information security risk management

Kennedy Njenga, Irwin Brown

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Information Security (IS) practitioners face increasingly unanticipated challenges in IS risk management, often pushing them to act extemporaneously. Few studies have been dedicated to examining the role these extemporaneous actions play in mitigating IS risk. Studies have focused on clear guidelines and policies as sound approaches to ISRM (functionalist approaches). When IS risk incidents occur in context and differ one from another, incrementalist approaches to ISRM apply. This paper qualitatively draws viewpoints from IS management on the functionalist and incrementalist viewpoint of managing IS risk. We examine improvisation as an expression of extemporaneous action using a selected case study and argue that improvisation is a fusion of functionalist and incrementalist approaches. Discussions with information security practitioners selected from the case study suggest the presence of improvisation as a positive value-add phenomenon in ISRM. This paper presents a case for improvisation in ISRM.

Original languageEnglish
Title of host publicationE-Government, E-Services and Global Processes - Joint IFIP TC 8 and TC 6 International Conferences EGES 2010 and GISP 2010 Held as Part of WCC 2010, Proceedings
EditorsMarijn Janssen, Winfried Lamersdorf, Jan Pries-Heje, Michael Rosemann
PublisherSpringer New York LLC
Pages220-230
Number of pages11
ISBN (Print)9783642153457
DOIs
Publication statusPublished - 2010
EventJoint IFIP TC 8 International Conference on E-Government and E-Services, EGES 2010 and IFIP TC 6 International Conference on Global Information Systems Processes, GISP 2010 Held as Part of 21st IFIP World Computer Congress, WCC 2010 - Brisbane, Australia
Duration: 20 Sept 201023 Sept 2010

Publication series

NameIFIP Advances in Information and Communication Technology
Volume334
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

ConferenceJoint IFIP TC 8 International Conference on E-Government and E-Services, EGES 2010 and IFIP TC 6 International Conference on Global Information Systems Processes, GISP 2010 Held as Part of 21st IFIP World Computer Congress, WCC 2010
Country/TerritoryAustralia
CityBrisbane
Period20/09/1023/09/10

Keywords

  • Improvisation
  • Incrementalism
  • Information Security
  • Risk Management Functionalism

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'The case for improvisation in information security risk management'. Together they form a unique fingerprint.

Cite this