Show simple item record

dc.contributor.authorNiemimaa, Marko
dc.contributor.authorNiemimaa, Elina
dc.date.accessioned2020-01-14T13:31:19Z
dc.date.issued2019fi
dc.identifier.citationNiemimaa, M., & Niemimaa, E. (2019). Abductive innovations in information security policy development : an ethnographic study. <em>European Journal of Information Systems</em>, 28 (5), 566-589. <a href="https://doi.org/10.1080/0960085X.2019.1624141">doi:10.1080/0960085X.2019.1624141</a>fi
dc.identifier.otherTUTKAID_81685
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/67301
dc.description.abstractDeveloping organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research indicates that organisations should create InfoSec policies based on best practices (top-down) and simultaneously encourages participatory development (bottom-up). These contradictory suggestions place managers in a dilemma: Should they follow a top-down or bottom-up approach? In this research, we build on an ethnographic approach to study how an innovative engineering company (MachineryCorp) managed the contradiction when the firm developed an InfoSec policy. Drawing on the dialectical theory of organisations as a lens, the findings suggest the InfoSec policy development is a recurrent process consisting of three phases: (1) drawing interpretations of InfoSec requirements from best practices (deductive adoption) and (2) constructing possibilities for local implementation (inductive adjustment) (3) that engender tensions between best practices and local contingencies facilitating innovative local resolutions (synthetic innovation). We call this process abductive innovation. At MachineryCorp, a triangle of tensions surfaced due to economic realities, infrastructure affordances, and social arrangements, and were necessary in explaining how the InfoSec policy gradually and iteratively materialised and resulted in an organisationally contingent policy.fi
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.publisherTaylor & Francis
dc.relation.ispartofseriesEuropean Journal of Information Systems
dc.rightsIn Copyright
dc.subject.othertietoturvafi
dc.subject.othertietoturvapolitiikkafi
dc.subject.otherorganisaatiotfi
dc.subject.otheryrityksetfi
dc.subject.otherinnovaatiotfi
dc.subject.otheretnografiafi
dc.subject.otherinformation security policy developmentfi
dc.subject.otherISS policyfi
dc.subject.otherethnographyfi
dc.subject.otherabductive innovationfi
dc.titleAbductive innovations in information security policy development : an ethnographic studyfi
dc.typearticle
dc.identifier.urnURN:NBN:fi:jyu-202001081086
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.date.embargo2020-06-16
dc.type.urihttp://purl.org/eprint/type/JournalArticle
dc.date.updated2020-01-08T10:15:14Z
dc.description.reviewstatuspeerReviewed
dc.format.pagerange566-589
dc.relation.issn0960-085X
dc.relation.numberinseries5
dc.relation.volume28
dc.type.versionacceptedVersion
dc.rights.copyright© Operational Research Society 2019.
dc.rights.accesslevelopenAccessfi
dc.format.contentfulltext
dc.rights.urlhttp://rightsstatements.org/page/InC/1.0/?language=en
dc.relation.doi10.1080/0960085X.2019.1624141


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

In Copyright
Except where otherwise noted, this item's license is described as In Copyright