A Practice-Based Approach to Security Management: Materials, Meaning and Competence for Trainers of Healthcare Cybersecurity

Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Managing how new digital technologies are integrated into different contexts has become a key component needed for effective international security management. This chapter focuses on rethinking our approach to the integration of digital technologies within (cyber)security work. Most analyses of security take for granted a problematic split between technologies involved in securing specific contexts and the humans involved with or operating such devices. By shifting to a practice theory approach, we offer a more holistic view of security by examining not only the implementation of technologies or human factors but also how this affects the meaning these practices hold. We highlight how this comes into being in the healthcare domain by drawing on interviews with trainers who are actively involved in providing this type of change management. Trainers relate to the daily practices of healthcare staff they train by taking into account the materials they work with, the skills they need and which meaning these practices may hold for them building on this. As such, trainers can be conceived of as mediators of practices and a practice theory approach offers a clearer sense of how to implement security change management.


Cybersecurity Practice theory Security culture Trainer experiences 


  1. Ayala, L. (2016). Cybersecurity for hospitals and healthcare facilities. A guide to detection and prevention. New York, US: Apress.CrossRefGoogle Scholar
  2. Baldwin, D. A. (1997). The concept of security. Review of International Studies, 23, 5–26.CrossRefGoogle Scholar
  3. Boyes, H. (2015). Cybersecurity and cyber-resilient supply chains. Technology Innovation Management Review, 5(4), 28–34.CrossRefGoogle Scholar
  4. Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77–101.CrossRefGoogle Scholar
  5. Cankaya, Y. (2015). Technical note: Exploiting problem definition study for cyber security simulations. The Journal of Defense Modeling and Simulation, 12(4), 363–368.CrossRefGoogle Scholar
  6. Caragliu, A., Bo, C. D., & Nijkamp, P. (2011). Smart cities in Europe. Journal of Urban Technology, 18(2), 65–82.CrossRefGoogle Scholar
  7. Chiock, M. (2019, April 4). 8 Steps to simplify cybersecurity. SecurityRoundTable. Accessed April 10, 2019.
  8. Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas, 113, 48–52.CrossRefGoogle Scholar
  9. Dunn Cavelty, M. (2018). Cybersecurity research meets science and technology studies. Politics and Governance, 6(2), 22–30.CrossRefGoogle Scholar
  10. European Central Bank. (2018). Digitalisation and its impact on the economy: Insights from a survey of large companies. European Central Bank. Accessed April 10, 2019.
  11. Feldman, M. S., & Orlikowski, W. J. (2011). Theorizing practice and practicing theory. Organization Science, 22, 1240–1253.CrossRefGoogle Scholar
  12. Hargreaves, T. (2011). Practice-ing behaviour change: Applying social practice theory to pro-environmental behaviour change. Journal of Consumer Culture, 11(1), 79–99.CrossRefGoogle Scholar
  13. Koppel, R., Smith, S., Blythe, J., & Kothari, V. (2015). Workarounds to computer access in healthcare organizations: You want my password or a dead patient? Studies in Health Technology and Informatics, 208, 215–220.Google Scholar
  14. Lyon, D. (2017). Making trade-offs for safe, effective, and secure patient care. Journal of Diabetes Science and Technology, 11(2), 213–215.CrossRefGoogle Scholar
  15. Reckwitz, A. (2002). Toward a theory of social practices: A development in culturalist theorizing. European Journal of Social Theory, 5(2), 243–263.CrossRefGoogle Scholar
  16. Schatzki, T. R. (2002). The site of the social: A philosophical account of the constitution of social life and change. Pennsylvania, US: Penn State University Press.Google Scholar
  17. Shove, E., Pantzar, M., & Watson, M. (2012). The dynamics of social practice: Everyday life and how it changes. Los Angeles, US: SAGE.CrossRefGoogle Scholar
  18. Thomson, K.-L., Von Solms, R., & Louw, L. (2006). Cultivating an organizational information security culture. Computer Fraud & Security, 2006(10), 7–11.CrossRefGoogle Scholar
  19. Van Niekerk, J. F., & Von Solms, R. (2010). Information security culture: A management perspective. Computers & Security, 29(4), 476–486.CrossRefGoogle Scholar
  20. Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97–102.CrossRefGoogle Scholar
  21. Warner, M. (2012). Cybersecurity: A pre-history. Intelligence and National Security, 27(5), 781–799.CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2021

Authors and Affiliations

  1. 1.Erasmus University RotterdamRotterdamThe Netherlands

Personalised recommendations