Benchmarking Methodology for Information Security Policy (BMISP): Artifact Development and Evaluation

Kang, Martin; Hovav, Anat

doi:10.1007/s10796-018-9855-6

Cited by 17 publications

(8 citation statements)

References 64 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…AT is a practice-based theory (Karanasios and Allen, 2018;Simeonova, 2018) and research often is undertaken in the natural (work) setting as a longitudinal case study (for example, Malaurent and Avison, 2016;Weeger and Haase, 2016;Marcandella and Guèye, 2018). Hence, research using AT may embrace a participative action research (PAR) model or canonical action research www.ejbrm.com 218 ©ACPIL (Malaurent and Avison, 2016) with the iterative design that is required by PAR or may use a Design Science research methodology (see Kang and Hovav, 2018).…”

Section: Research Methodology Must Include Taking Actionmentioning

confidence: 99%

“…Recent examples of use reported in organisational and business sciences and published in various 'business journals' include its use for business intelligence (Kekwaletswe and Lesole, 2016), knowledge acquisition through process mapping (White and Cicmil, 2016) and the creation and evolution of new business ventures (Jones and Holt, 2008). The value of integrating AT into organisation studies, particularly those relating to organisational change and technology-mediated change has been noted (Harrington and Kearney, 2011;Kang and Hovav, 2018). Karanasios (2018) refers to Blackler ( 2009) when saying, "In the context of organizational research rather than the organizational being taken as the unit of analysis and organizational objectives prioritized, activity theory takes the activity system as the core unit and prioritizes 'objects' of organizational activities.…”

Section: At In Researchmentioning

confidence: 99%

See 1 more Smart Citation

Activity Theory used as an Analytical Lens for Business Research

Kamanga¹,

Alexander²,

Kanobe³

2019

EJBRM

View full text Add to dashboard Cite

Activity Theory is used in this paper to demonstrate the process of critical analysis of qualitative data from two case studies. The paper explains the elements of an activity system (the subject, object, outcome, mediating tools, rules, community and division of labour). Thereafter, practical examples from the work of two recent PhD students are used to show the importance of identifying and analysing activities that are found either in the introduction or the current use of information systems in business organisations. These examples highlight the applicability of Activity Theory in analysing data from projects of interest to Business Management whose topics and contexts are very different. The first focusses on the introduction of an Accounting Information System to microbusinesses in a low‑income community in South Africa and the second focusses on Information Security Management in Mobile Network Organisations in Uganda. The examples illustrate the value of Activity Theory as a lens and as a way of stimulating critical analysis. Activity Theory is known for its ability to identify reasons for failure or disappointing performance in existing situations by highlighting contradictions either between different activities, between an earlier version of an activity and a later version as the activity evolves, or within an activity (between the elements of that activity). However, as shown in the first example, it can also be seen as a useful tool when proposing a new project as a predictor of success. Despite the fact that data is typically qualitative, the analytical process related to Activity Theory can be structured, which assists novice researchers or those unaccustomed to interpretivist analysis to uncover insights that are not immediately obvious. Activity Theory is said to act as a lens in data analysis and is particularly useful in organisational sciences for the theorization of technology‑mediated organizational change.

show abstract

Section: Research Methodology Must Include Taking Actionmentioning

confidence: 99%

Section: At In Researchmentioning

confidence: 99%

Activity Theory used as an Analytical Lens for Business Research

Kamanga¹,

Alexander²,

Kanobe³

2019

EJBRM

View full text Add to dashboard Cite

show abstract

“…The research in Information Systems Frontiers (ISF) particularly stressed the cyber risk assessment (Mukhopadhyay et al 2019), security risk mitigation (Ye et al 2006), IT security investment (Ezhei and Ladani 2018), information security policy (Kang and Hovav 2018), and security risk management (Lee and Lee 2012). In this regard, ISF's research also focuses more on the organization and employee aspect of cybersecurity issues.…”

Section: Cybersecurity Research Literaturementioning

confidence: 99%

Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach

et al. 2020

View full text Add to dashboard Cite

The emergence of a preventive cybersecurity paradigm that aims to eliminate the sources of cybercrime threats is becoming an increasingly necessary complement to the current self-defensive cybersecurity systems. One concern associated with adopting such preventive measures is the risk of privacy infringement. Therefore, it is necessary to design the future Internet infrastructure so that it can appropriately balance preventive cybersecurity measures with privacy protections. This research proposes to design the Internet infrastructure using the preventive cybersecurity measures of the Bright Internet, namely preventive cybersecurity protocol and identifiable anonymity protocol, and ten privacy rights derived from Europe's General Data Protection Regulations (GDPR). We then analyze the legitimacy of the five steps of the preventive cybersecurity protocol and the four features of the identifiable anonymity protocol from the perspectives of ten privacy rights. We address the legitimacy from the perspective of potential victims' self-defense rights. Finally, we discuss four potential risks that may occur to the innocent senders and proposed resilient recovery procedures.

show abstract

“…Activity Theory is a practice‐based theory (Karanasios & Allen, 2018; Simeonova, 2018) and research is often undertaken in the natural (work) setting as a longitudinal case study (eg, Malaurent & Avison, 2016; Marcandella & Guèye, 2018; Weeger & Haase, 2016). Hence, research using Activity Theory may embrace a participatory action research (PAR) model or canonical action research (Malaurent & Avison, 2016) with the iterative design that is required by PAR or may use a Design Science research methodology (see Kang & Hovav, 2018).…”

Section: Literature Reviewmentioning

confidence: 99%

“…Hence, research using Activity Theory may embrace a participatory action research (PAR) model or canonical action research (Malaurent & Avison, 2016) with the iterative design that is required by PAR or may use a Design Science research methodology (see Kang & Hovav, 2018).…”

Section: Critique Of Is Research Using Activity Theorymentioning

confidence: 99%

Contradictions and strengths in activity systems: Enhancing insights into human activity in IS adoption research

Kamanga

Alexander

2020

E J Info Sys Dev Countries

View full text Add to dashboard Cite

Activity Theory is increasingly employed in Information Systems research because of its ability to provide insights into the outcomes of human‐technology interaction. At the heart of the modern Activity Theory is the principle of contradictions; contradictions are considered to be the driving force behind the transformation of tool‐mediated human activities within organizations and communities. The study examined the facilitated adoption of Accounting Information Systems by microenterprises in a low‐income community in South Africa. Using the study, this paper demonstrates the potential and value of leveraging both strengths and contradictions in activity systems. Although identifying and resolving contradictions is crucial to the development of human activity, in the context of this research a limitation was identified. In studying relationships between the elements of an activity or between activities, researchers using Activity Theory do not generally highlight the strong relationships. The inclusion of strengths in the analysis of activity systems is a feature that could be utilised by Activity Theorists where there is a need to assess the viability of the activity under examination. Though the paper emphasises a theoretical contribution, the study itself had a practical contribution based on the use of Activity Theory as a Participatory Action Research to empower the subjects (entrepreneurs) within the community.

show abstract

Benchmarking Methodology for Information Security Policy (BMISP): Artifact Development and Evaluation

Cited by 17 publications

References 64 publications

Activity Theory used as an Analytical Lens for Business Research

Activity Theory used as an Analytical Lens for Business Research

Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach

Contradictions and strengths in activity systems: Enhancing insights into human activity in IS adoption research

Contact Info

Product

Resources

About