Contemporary methods for assessing information security risks have adopted mainly technical views on the information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines how an information security risk assessment method can be elaborated using knowledge-centric analysis of information assets. For this purpose, we suggest the use of a genre-based analysis method for identifying organizational communication patterns, through which organizational knowledge is shared. Initial experiences of the method try-outs by three experienced information security professionals are discussed. The article concludes with a look at the implications of a genre-based analysis of knowledge assets for future research and practice.
PurposeThe purpose of this paper is to broaden the understanding about security behaviour by developing a security behaviour typology based on the concepts of discipline and agility.Design/methodology/approachA case study was designed to analyze security behaviours in one public nursing centre. The inquiry was organized around the themes discipline and agility, culture, and security processes in order to get an in‐depth understanding of the complex relationship between security management, referred to as discipline, and security in use, referred to as agility.FindingsThe paper shows that security behaviour can be shaped by discipline and agility and that both can exist collectively if organizations consider the constitutional and existential aspects of information security (IS) management.Practical implicationsThis research makes a pivotal stand for the issue how security behaviours narrate a broad picture to enhance IS management. In particular, this will improve design of IS training and awareness programs.Originality/valueThis research is relevant to IS management in organizations, particularly as behavioural and cultural aspects are becoming increasingly significant for maintaining and also designing systemic IS management.
Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.
Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.