Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Organizing for the Digital World: An Overview of Current IT Solutions to Support Individuals, Communities and Societies Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

Information Security Policies in Organizations

How Convention Theory Can Serve as a Framework to Inform Information Security Research and HR Practice

verfasst von : Dominik Zellhofer

Erschienen in: Organizing for the Digital World

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The increased use of information technology throughout organizations led to a surge in concern for information security. Information security standards guide information security policy implementation, but the challenge of ensuring compliance is still a major issue, despite extensive information security research. The lack of versatility in theoretical approaches spurred calls for sociological approaches to contribute to the literature, but they were only partly addressed. The proposed framework of convention theory can serve as a fruitful approach by providing a holistic perspective and a strong theoretical foundation. The use of human resource information systems (HRIS) und electronic human resource management (e-HRM) extends the concern for information security to human resource (HR) practices and data privacy is no longer an issue solely for external stakeholders but for employees alike. At the same time, the role of HR practices in contributing to compliance with information security policies seems to be underestimated in existing literature. This paper introduces main concepts of a convention theory-based framework and illustrates implications for information security research and suggests that HR practices can contribute to ensuring information security in organizations.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel XBRL Implementation in the European Union: Exploring Preparers’ Points of View
Nächstes Kapitel E2mC: Improving Rapid Mapping with Social Network Information
Literatur
1.
2.
3.
Cost of Data Breach Study: Global Analysis. Ponemon Institute (2016)
4.
Stanton, J.M., Stam, K.R., Mastrangelo, P., Jolton, J.: Analysis of end user security behaviors. Comput. Secur. 24, 124–133 (2005)CrossRef
5.
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34, 523–548 (2010)CrossRef
6.
McFadzean, E., Ezingeard, J.-N., Birchall, D.: Anchoring information security governance research: sociological groundings and future directions. J. Inf. Syst. Secur. 2, 3–48 (2006)
7.
Bauer, S., Bernroider, E.W., Chudzikowski, K.: Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks. Comput. Secur. 68, 145–159 (2017)CrossRef
8.
Zafar, H.: Human resource information systems: information security concerns for organizations. Human Resour. Manag. Rev. 23, 105–113 (2013)CrossRef
9.
Beadles, I., Aston, N., Lowery, C.M., Johns, K.: The impact of human resource information systems: an exploratory study in the public sector. Commun. IIMA 5, 6 (2005)
10.
Kovach, K.A., Hughes, A.A., Fagan, P., Maggitti, P.G.: Administrative and strategic advantages of HRIS. Employ. Relat. Today 29, 43–48 (2002)CrossRef
11.
Strohmeier, S.: Research in e-HRM: review and implications. Human Resour. Manag. Rev. 17, 19–37 (2007)CrossRef
12.
Zafar, H., Clark, J.G.: Current state of information security research in IS. Commun. Assoc. Inf. Syst. 24, 572–596 (2009)
13.
Williams, P.: Information security governance. Inf. Secur. Tech. Rep. 6, 60–70 (2001)CrossRef
14.
Simon, H.A.: Models of Man; Social and Rational. Wiley, New York (1957)
15.
Davis, G., Olson, M.: Management Information Systems: Conceptual Foundations, Methods and Development. McGraw-Hill, New York (1985)
16.
Knapp, K.J., Franklin Morris Jr, R., Marshall, T.E., Byrd, T.A.: Information security policy: an organizational-level process model. Comput. Secur. 28, 493–508 (2009)
17.
Siponen, M.: A conceptual foundation for organizational information security awareness. Inf. Manag. Comput. Secur. 8, 31–41 (2000)CrossRef
18.
Warkentin, M., Willison, R.: Behavioral and policy issues in information systems security: the insider threat. Eur. J. Inf. Syst. 18, 101 (2009)CrossRef
19.
Orlikowski, W.J., Barley, S.R.: Technology and institutions: what can research on information technology and research on organizations learn from each other? MIS Q. 25, 145–165 (2001)CrossRef
20.
Siponen, M., Oinas-Kukkonen, H.: A review of information security issues and respective research contributions. SIGMIS Database 38, 60–80 (2007)CrossRef
21.
Dhillon, G., Backhouse, J.: Current directions in IS security research: towards socio-organizational perspectives. Inf. Syst. J. 11, 127–153 (2001)CrossRef
22.
Durkheim, E., Solovay, S.A., Mueller, J.H., Catlin, S.G.E.G.: The Rules of Sociological Method, by Emile Durkheim (trans: Solovay, S.A., Mueller, J.H. and Ed: Catlin, G.E.G.). Free Press, New York (1982)
23.
Wagner, P.: A History and Theory of the Social Sciences. Sage Publications Ltd., London (2001)
24.
Bourdieu, P., Passeron, J.-C.: Sociology and philosophy in France since 1945: death and resurrection of a philosophy without subject. Soc. Res. 162–212 (1967)
25.
Weber, M.: Wirtschaft und Gesellschaft: Grundriss der verstehenden Soziologie. Mohr, Tübingen (1922)
26.
Diaz-Bone, R.: Die “Economie des conventions”: Grundlagen und Entwicklungen der neuen französischen Wirtschaftssoziologie. Springer VS, Wiesbaden (2015)CrossRef
27.
Hirschheim, R., Klein, H.K.: Four paradigms of information systems development. Commun. ACM 32, 1199–1216 (1989)CrossRef
28.
Boltanski, L., Thévenot, L.: On Justification: Economies of Worth. Princeton University Press, Princeton (2006)
29.
Patriotta, G., Gond, J.-P., Schultz, F.: Maintaining legitimacy: controversies, orders of worth, and public justifications. J. Manag. Stud. 48, 1804–1836 (2011)CrossRef
30.
Thévenot, L.: Organized complexity: conventions of coordination and the composition of economic arrangements. Eur. J. Soc. Theory 4, 405–425 (2001)CrossRef
31.
Thévenot, L., Moody, M., Lafaye, C.: Forms of valuing nature: arguments and modes of justification in French and American environmental disputes. In: Rethinking Comparative Cultural Sociology: Repertoires of Evaluation in France and the United States, pp. 229–272 (2000)
32.
Thévenot, L.: Postscript to the special issue: governing life by standards a view from engagements. Social Stud. Sci. 39, 793–813 (2009)
33.
Thévenot, L.: Rules and implements: investment in forms. Soc. Sci. Inf. 23, 1–45 (1984)CrossRef
34.
Thévenot, L.: The plurality of cognitive formats and engagements moving between the familiar and the public. Eur. J. Soc. Theory 10, 409–423 (2007)CrossRef
35.
Thévenot, L.: Conventions of co-ordination and the framing of uncertainty. In: Intersubjectivity in Economics: Agents and Structures, pp. 181–197. Routledge, London (2002)
36.
Thévenot, L.: Die Person in ihrem vielfachen Engagiertsein. Trivium. Revue franco-allemande de sciences humaines et sociales—Deutsch-französische Zeitschrift für Geistes-und Sozialwissenschaften (2010)
37.
Thévenot, L.: Institutions and agency: differentiating regimes of engagement. In: Conference on Economy and Society
38.
Thévenot, L.: Pragmatic regimes governing the engagement with the world. In: Knorr-Cetina, K., Schatzki, T., von Savigny, E. (eds.) The Practice Turn in Contemporary Theory, pp. 56–73. Routledge, London (2001)
39.
Diaz-Bone, R.: The methodological standpoint of the “économie des conventions”. Hist. Soc. Res./Historische Sozialforschung 43–63 (2011)
40.
Richards, M., Zellweger, T., Gond, J.P.: Maintaining moral legitimacy through worlds and words: an explanation of firms’ investment in sustainability certification. J. Manag. Stud. 54, 676–710 (2017)CrossRef
41.
Latour, B.: Reassembling the Social: An Introduction to Actor-Network-Theory. Oxford University Press, Oxford (2005)
42.
Orlikowski, W.J., Scott, S.V.: Sociomateriality: challenging the separation of technology, work and organization. Acad. Manag. Ann. 2, 433–474 (2008)CrossRef
43.
Soomro, Z.A., Shah, M.H., Ahmed, J.: Information security management needs more holistic approach: a literature review. Int. J. Inf. Manag. 36, 215–225 (2016)CrossRef
44.
Schlienger, T., Teufel, S.: Information Security Culture. In: Ghonaimy, M.A., El-Hadidi, M.T., Aslan, H.K. (eds.) Security in the Information Society: Visions and Perspectives, pp. 191–201. Springer, US, Boston, MA (2002)CrossRef
45.
Meyer, J.W., Rowan, B.: Institutionalized organizations: formal structure as myth and ceremony. Am. J. Sociol. 83, 340–363 (1977)CrossRef
46.
Jagd, S.: Pragmatic sociology and competing orders of worth in organizations. Eur. J. Soc. Theory 14, 343–359 (2011)CrossRef
47.
Knoll, L. (ed.): Organisationen und Konventionen. Die Soziologie der Konventionen in der Organisationsforschung. Springer VS, Wiesbaden (2015)
Metadaten
Titel
Information Security Policies in Organizations
verfasst von
Dominik Zellhofer
Copyright-Jahr
2019
Buch
Organizing for the Digital World

Print ISBN: 978-3-319-90502-0

Electronic ISBN: 978-3-319-90503-7

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-319-90503-7_5