The Case for Improvisation in Information Security Risk Management - E-Government, E-Services and Global Processes
Conference Papers Year : 2010

The Case for Improvisation in Information Security Risk Management

Abstract

Information Security (IS) practitioners face increasingly unanticipated challenges in IS risk management, often pushing them to act extemporaneously. Few studies have been dedicated to examining the role these extemporaneous actions play in mitigating IS risk. Studies have focused on clear guidelines and policies as sound approaches to ISRM (functionalist approaches). When IS risk incidents occur in context and differ one from another, incrementalist approaches to ISRM apply. This paper qualitatively draws viewpoints from IS management on the functionalist and incrementalist viewpoint of managing IS risk. We examine improvisation as an expression of extemporaneous action using a selected case study and argue that improvisation is a fusion of functionalist and incrementalist approaches. Discussions with information security practitioners selected from the case study suggest the presence of improvisation as a positive value-add phenomenon in ISRM. This paper presents a case for improvisation in ISRM.
Fichier principal
Vignette du fichier
4_Information_Security_Risk_Management.pdf (245.01 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01054639 , version 1 (07-08-2014)

Licence

Identifiers

Cite

Kennedy Njenga, Irwin Brown. The Case for Improvisation in Information Security Risk Management. Joint IFIP TC 8 and TC 6 International Conferences on E-Government, E-Services and Global Processes (EGES) / Global Information Systems Processes (GISP), / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. pp.220-230, ⟨10.1007/978-3-642-15346-4_18⟩. ⟨hal-01054639⟩
87 View
193 Download

Altmetric

Share

More