Materializing Organizational Information Security

  • Dan Harnesk
  • John Lindström
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 124)


In the context of situated elderly care this paper discusses the intertwined relationship between organizational security objectives, technology, and employees’ security behavior. We use findings from a single case study to aid in our understanding of how managers sought to create a secure work environment by introducing behavioral security technology, and how employees appreciated the new security software in everyday routines. Theoretically the case study is informed by sociomateriality in that it employs the notion of technological affordances of behavioral security technology. Findings show that security technology material is an integral part of security management and security in use, and that both the technical actor and human actors contributed to cultivation of the information security practice in the elderly care center.


Information Security Security Management Security Technology Biometric Template Security Software 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chandra, A., Calderon, T.: Challenges and constraints to the diffusion of biometrics in information systems. Communications of the ACM 48, 101–106 (2005)CrossRefGoogle Scholar
  2. 2.
    Puhakainen, P., Siponen, M.: Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly 34, 767–793 (2010)Google Scholar
  3. 3.
    Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., Vance, A.: What levels of moral reasoning and values explain adherence to information security rules: An empirical study. European Journal of Information Systems 18, 126–139 (2009)CrossRefGoogle Scholar
  4. 4.
    Lee, Y., Larsen, K.R.: Threat or coping appraisal: determinants of SMB executives/’ decision to adopt anti-malware software. European Journal of Information Systems 18, 177–187 (2009)CrossRefGoogle Scholar
  5. 5.
    Hsu, C.W.: Frame misalignment: interpreting the implementation of information systems security certification in an organization. European Journal of Information Systems 18, 140–150 (2009)CrossRefGoogle Scholar
  6. 6.
    Warkentin, M., Johnston, A.C., Shropshire, J.: The influence of the informal social learning environment on information privacy policy compliance efficacy and intention. European Journal of Information Systems 20, 267–284 (2011)CrossRefGoogle Scholar
  7. 7.
    Wade, H.B., Linda, W.: Is information security under control?: Investigating quality in information security management. IEEE Security & Privacy 5, 36–44 (2007)CrossRefGoogle Scholar
  8. 8.
    Leonardi, P.M., Barley, S.R.: Materiality and change: Challenges to building better theory about technology and organizing. Information and Organization 18, 159–176 (2008)CrossRefGoogle Scholar
  9. 9.
    Introna, L.D., Hayes, N.: On sociomaterial imbrications: What plagiarism detection systems reveal and why it matters. Information and Organization 21, 107–122 (2011)CrossRefGoogle Scholar
  10. 10.
    Jonsson, K., Holmström, J., Lyytinen, K.: Turn to the material: Remote diagnostic systems and new forms of boundary spanning. Information and Organization 19(2009), 233–252 (2009)CrossRefGoogle Scholar
  11. 11.
    Scolaí, P.: Materialising materiality. In: Proceedings of the Twenty Ninth International Conference on Information Systems, Paris, pp. 1–10 (2008)Google Scholar
  12. 12.
    Orlikowski, W.J.: Sociomaterial practices: Exploring technology at work. Organization Studies 28, 1435–1448 (2007)CrossRefGoogle Scholar
  13. 13.
    Holmström, J., Robey, D.: Inscribing organizational change with information technology. In: Czarniawska, B., Hernes, T. (eds.) Actor-network Theory and Organising. Copenhagen Business School Press, Copenhagen (2005)Google Scholar
  14. 14.
    Choobineh, J., Dhillon, G., Grimalla, M., Rees, J.: Management of information security: challenges and research directions. Communications of the Association for Information Systems 20, 958–971 (2007)Google Scholar
  15. 15.
    Stahl, B.C., Shaw, M., Doherty, N.F.: Information systems security management: A critical research agenda. In: Association of Information Systems SIGSEC Workshop on Information Security and Privacy (WISP 2008), Paris (2008)Google Scholar
  16. 16.
    Woodhouse, S.: Information Security: End User Behavior and Corporate Culture. In: Proceedings of the Seventh Conference on Computer and Information Technology, pp. 767–772. IEEE (2007)Google Scholar
  17. 17.
    Orlikowski, W.J.: Sociomaterial practices: Exploring technology at work. Organization Studies 28, 1435–1448 (2007)CrossRefGoogle Scholar
  18. 18.
    Siponen, M.: Analysis of modern IS security development approaches: Towards the next generation of social and adaptable ISS methods. Information and Organization 15, 339–375 (2005)CrossRefGoogle Scholar
  19. 19.
    Dhillon, G., Backhouse, J.: Current directions in IS security research: Towards socio-organizational perspectives. Information Systems Journal 11, 127–153 (2001)CrossRefGoogle Scholar
  20. 20.
    Baskerville, R.: Risk analysis: An interpretive feasibility tool in justifying information systems security. European Journal of Information Systems 1, 121–130 (1991)CrossRefGoogle Scholar
  21. 21.
    Dhillon, G.: Princples of information security: Text and cases. John Wiley & Sons, New Jersey (2007)Google Scholar
  22. 22.
    Lacey, D.: Understanding and transforming organizational security culture. Information Management & Computer Security 18, 4–13 (2010)CrossRefGoogle Scholar
  23. 23.
    Stanton, J.M., Mastrangelo, P.R., Stam, K.R., Jolton, J.: Behavioral information security: Two end user survey studies of motivation and security practices. In: Proceedings of the Tenth America’s Conference on Information Systems, New York (2004)Google Scholar
  24. 24.
    Dinev, T., Hu, Q.: The centrality of awareness in the formation of user behavioral intention toward protective information technologies. Journal of the Association for Information Systems 8 (2007)Google Scholar
  25. 25.
    Backhouse, J., Dhillon, G.: Structures of responsibilities and security of information systems. European Journal of Information Systems 5, 2–10 (1996)CrossRefGoogle Scholar
  26. 26.
    von Solms, B.: Information security - The third wave? Computers & Security 19, 615–620 (2000)CrossRefGoogle Scholar
  27. 27.
    Silva, L., Backhouse, J.: The circuits-of-power framework for studying power in institutionalization of information systems. Journal of the Association for Information Systems 4, 294–336 (2003)Google Scholar
  28. 28.
    Whitman, M.E., Mattord, H.: Principles of information security. Course Technology, Boston (2005)Google Scholar
  29. 29.
    Bishop, M.: Computer security: Art and science. Addison-Wesley, Boston (2003)Google Scholar
  30. 30.
    Johnston, A.C., Warkentin, M.: Fear appeals and information security behaviors: An empirical study. MIS Quarterly 34, 549–565 (2010)Google Scholar
  31. 31.
    Siponen, M.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8, 31–41 (2000)CrossRefGoogle Scholar
  32. 32.
    Dhillon, G., Torkzadeh, G.: Value-focused assessment of information system security in organizations. Information Systems Journal 16, 293–314 (2006)CrossRefGoogle Scholar
  33. 33.
    Hedström, K., Dhillon, G., Karlsson, F.: Using Actor Network Theory to Understand Information Security Management. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 43–54. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  34. 34.
    Siponen, M., Willison, R.: Information security management standards: Problems and solutions. Information & Management 46, 267–270 (2009)CrossRefGoogle Scholar
  35. 35.
    Elgarah, W., Falaleeva, N.: Adoption of biometric technology: Information privacy in TAM. In: Proceedings of AMCIS The Americas Conference on Information Systems. Paper 222 (2005)Google Scholar
  36. 36.
    Matyas, S.M., Stapleton, J.: A biometric standard for information management and security. Journal of Computer Security 19, 428–441 (2000)CrossRefGoogle Scholar
  37. 37.
    Phillips, P.J., Martin, A., Wilson, C.L., Przybocki, M.: An introduction evaluating biometric systems. Computer 33, 56–63 (2000)CrossRefGoogle Scholar
  38. 38.
    Boatwright, M., Luo, X.: What do we know about biometrics authentication? In: Proceedings of the 4th Annual Conference on Information Security Curriculum Development. ACM, Kennesaw (2007)Google Scholar
  39. 39.
    Jain, A.K., Ross, A., Prabhakar, S.: An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology 14, 4–20 (2004)CrossRefGoogle Scholar
  40. 40.
    Lease, D.R.: Factors influencing the adoption of biometric security technologies by decision-making information technology and security managers. Dissertation 179, Capella University (2005)Google Scholar
  41. 41.
    Gamboa, H., Fred, A.: A behavioural biometric system based on human computer interaction. SPIE (2004)Google Scholar
  42. 42.
    Pentland, B.T., Feldman, M.S.: Designing routines: On the folly of designing arti facts, while hoping for patterns of action. Information and Organization 18, 235–250 (2008)CrossRefGoogle Scholar
  43. 43.
    Kong, J., Zerfos, P., Luo, H., Lu, S., Zhang, L.: Providing robust and ubiquitous security support for mobile ad hoc networks. In: The Ninth IEEE ICNP, Riverside, USA, pp. 251–260 (2001) Google Scholar
  44. 44.
    Barad, K.: Posthumanist performativity: Toward an understanding of how matter comes to matter. Signs 28, 801–831 (2003)CrossRefGoogle Scholar
  45. 45.
    Orlikowski, W.J.: The sociomateriality of organisational life: considering technology in management research. Cambridge Journal of Economics 34, 125–141 (2010)CrossRefGoogle Scholar
  46. 46.
    Harnesk, D., Lindström, J.: Shaping security behavior through discipline and agility: Implications for information security management. Information Management & Computer Security 19 (2011)Google Scholar
  47. 47.
    Pahnila, S., Siponen, M., Mahmood, A.: Employées Adherence to Information Security Policies: An Empirical Study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 133–144. Springer, Boston (2007)CrossRefGoogle Scholar
  48. 48.
    Bhattacherjee, A., Premkumar, G.: Understanding changes in belief and attitude toward information technology usage: A theoretical model and longitudinal test. MIS Quarterly 28, 229–254 (2004)Google Scholar
  49. 49.
    Orlikowski, W.J., Gash, D.C.: Technological frames: Making sense of information technology in organizations. ACM Transactions of Information Systems 2, 174–207 (1994)CrossRefGoogle Scholar
  50. 50.
    Straub, D.W., Welke, R.J.: Coping with systems risk: Security planning models for management decision making. MIS Quarterly 22, 441–469 (1998)CrossRefGoogle Scholar
  51. 51.
    Cordella, A.: Information infrastructure in action. London School of Economics and Political Sciences, Department of Information Systems (2006)Google Scholar
  52. 52.
    Yin, R.: Case study research. Sage Publications, Thousand Oaks (1994)Google Scholar
  53. 53.
    Miles, M.B., Huberman, M.A.: Qualitative data analysis. Sage Publications, Thousand Oaks (1994)Google Scholar
  54. 54.
    Chattacherjee, A.: Understanding information systems continuance: An expectation-confirmation Model. MIS Quarterly 5, 351–370 (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Dan Harnesk
    • 1
  • John Lindström
    • 1
  1. 1.Department of Computer Science, Electrical and Space Engineering and Department of Engineering Sciences and MathematicsLuleå University of TechnologyLuleåSweden

Personalised recommendations