TY - GEN
T1 - Towards a holistic understanding of security process
T2 - 47th Hawaii International Conference on System Sciences, HICSS 2014
AU - Soyref, Max
AU - Seltsikas, Philip
PY - 2014
Y1 - 2014
N2 - Despite a variety of existing approaches and techniques for securing corporate information assets, information security threats continue to present an ongoing challenge to business and governments. Existing research suggests that improving the effectiveness of information security depends on the customization of existing security models to specific businesses requirements. A greater socio-technical focus is also cited as necessary. We have used a relational processes lens to examine interactions between the key actors relevant to information security management in a large Australian financial institution from which we present the results of an in-depth case study. By examining organizational information security practices we identify how organizational actors engage in cognitive, social and political processes to achieve various security-related objectives. We suggest that a focus on social and political processes, such as networking and negotiation, complements formal policy and governance structures in achieving organizational security objectives and can assist information security stakeholders in working together more effectively.
AB - Despite a variety of existing approaches and techniques for securing corporate information assets, information security threats continue to present an ongoing challenge to business and governments. Existing research suggests that improving the effectiveness of information security depends on the customization of existing security models to specific businesses requirements. A greater socio-technical focus is also cited as necessary. We have used a relational processes lens to examine interactions between the key actors relevant to information security management in a large Australian financial institution from which we present the results of an in-depth case study. By examining organizational information security practices we identify how organizational actors engage in cognitive, social and political processes to achieve various security-related objectives. We suggest that a focus on social and political processes, such as networking and negotiation, complements formal policy and governance structures in achieving organizational security objectives and can assist information security stakeholders in working together more effectively.
UR - http://www.scopus.com/inward/record.url?scp=84902279313&partnerID=8YFLogxK
U2 - 10.1109/HICSS.2014.601
DO - 10.1109/HICSS.2014.601
M3 - Conference contribution
AN - SCOPUS:84902279313
SN - 9781479925049
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
SP - 4905
EP - 4914
BT - Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014
PB - IEEE Computer Society
Y2 - 6 January 2014 through 9 January 2014
ER -