Show simple item record

dc.contributor.authorNiemimaa, Marko
dc.contributor.authorNiemimaa, Elina
dc.date.accessioned2020-01-14T13:31:19Z
dc.date.available2020-06-16T21:35:12Z
dc.date.issued2019
dc.identifier.citationNiemimaa, M., & Niemimaa, E. (2019). Abductive innovations in information security policy development : an ethnographic study. <i>European Journal of Information Systems</i>, <i>28</i>(5), 566-589. <a href="https://doi.org/10.1080/0960085X.2019.1624141" target="_blank">https://doi.org/10.1080/0960085X.2019.1624141</a>
dc.identifier.otherCONVID_31218687
dc.identifier.otherTUTKAID_81685
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/67301
dc.description.abstractDeveloping organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research indicates that organisations should create InfoSec policies based on best practices (top-down) and simultaneously encourages participatory development (bottom-up). These contradictory suggestions place managers in a dilemma: Should they follow a top-down or bottom-up approach? In this research, we build on an ethnographic approach to study how an innovative engineering company (MachineryCorp) managed the contradiction when the firm developed an InfoSec policy. Drawing on the dialectical theory of organisations as a lens, the findings suggest the InfoSec policy development is a recurrent process consisting of three phases: (1) drawing interpretations of InfoSec requirements from best practices (deductive adoption) and (2) constructing possibilities for local implementation (inductive adjustment) (3) that engender tensions between best practices and local contingencies facilitating innovative local resolutions (synthetic innovation). We call this process abductive innovation. At MachineryCorp, a triangle of tensions surfaced due to economic realities, infrastructure affordances, and social arrangements, and were necessary in explaining how the InfoSec policy gradually and iteratively materialised and resulted in an organisationally contingent policy.fi
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.publisherTaylor & Francis
dc.relation.ispartofseriesEuropean Journal of Information Systems
dc.rightsIn Copyright
dc.subject.otherinformation security policy development
dc.subject.otherISS policy
dc.subject.otherabductive innovation
dc.titleAbductive innovations in information security policy development : an ethnographic study
dc.typearticle
dc.identifier.urnURN:NBN:fi:jyu-202001081086
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.type.urihttp://purl.org/eprint/type/JournalArticle
dc.date.updated2020-01-08T10:15:14Z
dc.type.coarhttp://purl.org/coar/resource_type/c_2df8fbb1
dc.description.reviewstatuspeerReviewed
dc.format.pagerange566-589
dc.relation.issn0960-085X
dc.relation.numberinseries5
dc.relation.volume28
dc.type.versionacceptedVersion
dc.rights.copyright© Operational Research Society 2019.
dc.rights.accesslevelopenAccessfi
dc.subject.ysoetnografia
dc.subject.ysotietoturva
dc.subject.ysotietoturvapolitiikka
dc.subject.ysoorganisaatiot
dc.subject.ysoyritykset
dc.subject.ysoinnovaatiot
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p14028
jyx.subject.urihttp://www.yso.fi/onto/yso/p5479
jyx.subject.urihttp://www.yso.fi/onto/yso/p25795
jyx.subject.urihttp://www.yso.fi/onto/yso/p272
jyx.subject.urihttp://www.yso.fi/onto/yso/p3128
jyx.subject.urihttp://www.yso.fi/onto/yso/p7903
dc.rights.urlhttp://rightsstatements.org/page/InC/1.0/?language=en
dc.relation.doi10.1080/0960085X.2019.1624141
dc.type.okmA1


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

In Copyright
Except where otherwise noted, this item's license is described as In Copyright