Electronic Markets

, Volume 23, Issue 4, pp 341–354

Information security governance practices in critical infrastructure organizations: A socio-technical and institutional logic perspective

  • Susan P. Williams
  • Catherine A. Hardy
  • Janine A. Holgate
Special Theme

DOI: 10.1007/s12525-013-0137-3

Cite this article as:
Williams, S.P., Hardy, C.A. & Holgate, J.A. Electron Markets (2013) 23: 341. doi:10.1007/s12525-013-0137-3


Achieving a sustainable information protection capability within complex business, legal and technical environments is an integral part of supporting an organization’s strategic and compliance objectives. Despite a growing focus on information security governance (ISG) it remains under-explored requiring greater empirical scrutiny and more contextually attuned theorizing. This study adopts an interpretive case approach and uses analytical lenses drawing from socio-technical systems and institutional logics to examine how ISG arrangements are framed and shaped in practice in fourteen Australian Critical Infrastructure Organizations. Our findings illustrate the heterogeneity and malleability of ISG across different organizations involving intra- and inter-organizational relationships and trust mechanisms. We identify the need to reframe ISG, adopting the new label information protection governance (IPG), to present a more multi-faceted view of information protection incorporating a richly layered set of social and technical aspects, that constitute and are constituted by governance arrangements.


Information security governance Information protection Critical infrastructure Interpretive case study Institutional logics Socio-technical systems 

Jel classification


Copyright information

© Institute of Information Management, University of St. Gallen 2013

Authors and Affiliations

  • Susan P. Williams
    • 1
  • Catherine A. Hardy
    • 2
  • Janine A. Holgate
    • 3
  1. 1.Institute for Information Systems ResearchUniversity of Koblenz-LandauKoblenzGermany
  2. 2.Discipline of Business Information SystemsUniversity of SydneySydneyAustralia
  3. 3.Wipro Consulting ServicesWipro TechnologiesNorth SydneyAustralia

Personalised recommendations