Power Relationships in Information Systems Security Policy Formulation and Implementation

.........................................................................................................x

[1]  R. Stamper Information in business and administrative systems , 1973 .

[2]  James Backhouse,et al.  The Circuits-of-Power Framework for Studying Power in Institutionalization of Information Systems , 2003, J. Assoc. Inf. Syst..

[3]  Henry Mintzberg,et al.  Cycles of organizational change , 1992 .

[4]  D. Schoen,et al.  The Reflective Practitioner: How Professionals Think in Action , 1985 .

[5]  Chu-Hsing Lin,et al.  Hierarchical key assignment without public-key cryptography , 2001, Comput. Secur..

[6]  T. Kern,et al.  Culture, power and politics in ICT outsourcing in higher education institutions , 2002, Eur. J. Inf. Syst..

[7]  Kathy Brittain White,et al.  Information Systems Development Success: Perspectives from Project Team Participants , 1986, MIS Q..

[8]  Norman L. Chervany,et al.  The Relationship Between Organizational Characteristics and the Structure of the Information Services Function , 1980, MIS Q..

[9]  Victoria Hoban,et al.  The Reflective Practitioner , 2013 .

[10]  Gurpreet Dhillon,et al.  Dimensions of power and IS implementation , 2004, Inf. Manag..

[11]  Gurpreet Dhillon,et al.  A Semantic Analysis of Security Policy Formulation and Implementation: A Case Study , 2006, AMCIS.

[12]  Rossouw von Solms,et al.  From policies to culture , 2004, Comput. Secur..

[13]  Glenn H. MacEwen,et al.  A logic for reasoning about security , 1992, TOCS.

[14]  Leiser Silva Power and politics in the adoption of information systems by organisations: the case of a research centre in Latin America , 1997 .

[15]  Otto Neurath,et al.  Foundations of the Unity of Science, Toward an International Encyclopedia of Unified Science, Volume 1, Numbers 1-10. , 1955 .

[16]  Peter G. Neumann,et al.  Crypto policy perspectives , 1994, CACM.

[17]  Donald C. Hambrick,et al.  Operationalizing the Concept of Business-Level Strategy in Research , 1980 .

[18]  James Backhouse,et al.  Circuits of Power in Creating de jure Standards: Shaping an International Information Systems Security Standard , 2006, MIS Q..

[19]  Stewart Clegg,et al.  Frameworks of power , 1989 .

[20]  August Bequai Employee abuses in cyberspace: Management's legal quagmire , 1998, Comput. Secur..

[21]  Simon N. FoleyDepartment Building Chinese Walls in Standard Unix , 1996 .

[22]  Rossouw von Solms,et al.  Management of risk in the information age , 2005, Comput. Secur..

[23]  D. Morgan,et al.  Sociological Paradigms and Organizational Analysis. , 1983 .

[24]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[25]  R. Power CSI/FBI computer crime and security survey , 2001 .

[26]  Marios Damianides Sarbanes–Oxley and it Governance: New Guidance on it Control and Compliance , 2005, Inf. Syst. Manag..

[27]  Steven Furnell,et al.  Authentication and Supervision: A Survey of User Attitudes , 2000, Comput. Secur..

[28]  Terry L. Huston,et al.  Security issues for implementation of e-medical records , 2001, CACM.

[29]  Dwight A. Haworth,et al.  Sarbanes–Oxley: Achieving Compliance by Starting with ISO 17799 , 2006, Inf. Syst. Manag..

[30]  Anthony M. Townsend,et al.  Information Systems Security and the Need for Policy , 2001 .

[31]  C. Bauer The Circuits-of-Power Framework for Studying Power in Institutionalization of Information Systems , 2003 .

[32]  R. Bennett,et al.  A TYPOLOGY OF DEVIANT WORKPLACE BEHAVIORS: A MULTIDIMENSIONAL SCALING STUDY , 1995 .

[33]  James Brian Quinn,et al.  The Strategy Process , 1988 .

[34]  J. M. Ferris Using standards as a security policy tool , 1994, STAN.

[35]  Samuel A. Culbert,et al.  The invisible war: Pursuing self-interests at work , 1980 .

[36]  Albert L. Lederer,et al.  Toward a theory of strategic information systems planning , 1996, J. Strateg. Inf. Syst..

[37]  L. R. Hoffman,et al.  Management of Organizational Behavior. , 1970 .

[38]  G. Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[39]  Varun Grover,et al.  Profiles of Strategic Information Systems Planning , 1999, Inf. Syst. Res..

[40]  Lance J. Hoffman,et al.  Cryptography policy , 1994, CACM.

[41]  M. Porter How Competitive Forces Shape Strategy , 1989 .

[42]  Kalle Lyytinen,et al.  Information systems development and data modelling: conceptual and philosophical foundations , 1995 .

[43]  Michael D. Myers,et al.  A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[44]  Mikko T. Siponen,et al.  An analysis of the traditional IS security approaches: implications for research and practice , 2005, Eur. J. Inf. Syst..

[45]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[46]  Rossouw von Solms,et al.  The 10 deadly sins of information security management , 2004, Comput. Secur..

[47]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[48]  Martin Harris,et al.  Strategic planning for information systems , 1991, J. Inf. Technol..

[49]  Margaret S. Archer,et al.  Culture And Agency: ‘Social integration and System integration’ , 1996 .

[50]  James Backhouse,et al.  The use of semantic analysis in the development of information systems , 1991 .

[51]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[52]  A. Kellerman,et al.  The Constitution of Society : Outline of the Theory of Structuration , 2015 .

[53]  Izak Benbasat,et al.  Factors That Influence the Social Dimension of Alignment Between Business and Information Technology Objectives , 2000, MIS Q..

[54]  Henry Mintzberg,et al.  Structure in Fives: Designing Effective Organizations , 1983 .

[55]  Brian P. Bloomfield,et al.  Management Consultants: Systems Development, Power and the Translation of Problems , 1992 .

[56]  J. Backhouse,et al.  Becoming part of the furniture: the institutionalization of information systems , 1997 .

[57]  S. Lukes Power: A Radical View , 1974 .

[58]  Eugene H. Spafford,et al.  PFIRES: a policy framework for information security , 2003, CACM.

[59]  Donald A. Schön The reflective practitioner : how professionals think in action , 1986 .

[60]  Clifton L. Smith,et al.  The Development of Access Control Policies for Information Technology Systems , 2002, Comput. Secur..

[61]  Ursula Holmstrom,et al.  User-centered design of security software , 1999 .

[62]  Evangelos A. Kiountouzis,et al.  Information systems security policies: a contextual perspective , 2005, Comput. Secur..

[63]  Dimitris Gritzalis A baseline security policy for distributed healthcare information systems , 1997, Comput. Secur..

[64]  Diomidis Spinellis,et al.  Trusted third party services for deploying secure telemedical applications over the WWW , 1999, Comput. Secur..

[65]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[66]  Sonia Fahmy,et al.  Analysis of vulnerabilities in Internet firewalls , 2003, Comput. Secur..

[67]  Richard Baskerville,et al.  Generalizing Generalizability in Information Systems Research , 2003, Inf. Syst. Res..

[68]  A. Kinicki,et al.  Organizational Culture and Climate , 2003 .

[69]  Ross J. Anderson,et al.  A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[70]  A. Sohal,et al.  RESISTANCE: A CONSTRUCTIVE TOOL FOR CHANGE , 1998 .

[71]  Shoshana Zuboff,et al.  In the Age of the Smart Machine: The Future of Work and Power , 1989 .

[72]  R. Burchfield Oxford English dictionary , 1982 .

[73]  John P. Ceraolo Penetration Testing Through Social Engineering , 1996, Inf. Secur. J. A Glob. Perspect..

[74]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[75]  R. Willison,et al.  Opportunities for computer abuse : assessing a crime specific approach in the case of Barings Bank , 2002 .

[76]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[77]  Jan H. P. Eloff,et al.  Information Security Policy - What do International Information Security Standards say? , 2002, ISSA.

[78]  Jon David,et al.  Policy enforcement in the workplace , 2002, Comput. Secur..

[79]  Geoff Walsham,et al.  The Emergence of Interpretivism in IS Research , 1995, Inf. Syst. Res..

[80]  John D. Sterman,et al.  System Dynamics: Systems Thinking and Modeling for a Complex World , 2002 .

[81]  James W. Coyne,et al.  “Mainstreaming” automated information systems security engineering (a case study in security run amok) , 1994, CCS '94.

[82]  Milton Leontiades,et al.  The Confusing Words of Business Policy , 1982 .

[83]  Varun Grover,et al.  Special Section: Toward a Theory of Business Process Change Management , 1995, J. Manag. Inf. Syst..

[84]  Jan Mouritsen,et al.  The commodification of expertise: The case of systems development consulting , 1991 .

[85]  Gurpreet Dhillon,et al.  Value‐focused assessment of information system security in organizations , 2006, Inf. Syst. J..

[86]  R. Yin Case Study Research: Design and Methods , 1984 .

[87]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[88]  E. Eugene Schultz,et al.  The case for one-time credentials , 2004, Comput. Secur..

[89]  S. Barley The alignment of technology and structure through roles and networks. , 1990, Administrative science quarterly.

[90]  Robert D. Galliers,et al.  Towards the integration of e-business, knowledge management and policy considerations within an information systems strategy framework , 1999, J. Strateg. Inf. Syst..

[91]  Henry Margenau,et al.  Foundations of the Unity of Science , 1941 .

[92]  Blake Ives,et al.  Executive Involvement and Participation in the Management of Information Technology , 1991, MIS Q..

[93]  J. Ward,et al.  Strategic Planning for Information Systems , 1990 .

[94]  Geoff Walsham,et al.  Doing interpretive research , 2006, Eur. J. Inf. Syst..

[95]  Frank F. Land,et al.  Evaluation of Systems Goals in Determining a Design Strategy for a Computer Based Information System , 1976, Comput. J..

[96]  L. Willcocks,et al.  Social theory and philosophy for information systems , 2004 .

[97]  Hans J. Eysenck,et al.  The Eysenck Personality Inventory , 1965 .

[98]  John C. Henderson,et al.  Continuous strategic alignment: Exploiting information technology capabilities for competitive success , 1993 .

[99]  John K. Christiansen,et al.  Understanding IS implementation by estimating power of subunits , 1996 .

[100]  Joe Nandhakumar,et al.  Structured Development? A Structurational Analysis of the Development of an Executive Information System , 1993, Human, Organizational, and Social Dimensions of Information Systems Development.

[101]  Peter G. W. Keen,et al.  Information systems and organizational change , 1990, CACM.

[102]  Geoff Walsham,et al.  Interpreting Information Systems in Organizations , 1993 .

[103]  Walid G. Aref,et al.  Digital government security infrastructure design challenges , 2001 .

[104]  A. Pettigrew Information Control as a Power Resource , 1972 .

[105]  Robert W. Zmud,et al.  The Influence of a Convergence in Understanding Between Technology Providers and Users on Information Technology Innovativeness , 1991 .

[106]  K. Tarapanoff,et al.  In the age of the smart machine: the future of work and power: Shoshana Zuboff. Oxford: Heinemann professional publishing Ltd, 1988. 468 pp. ISBN 0 434 92486 5. £16.95 , 1990 .

[107]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[108]  William H. Starbuck,et al.  Forum: Exchanges on Cases and Policy Courses , 1966 .

[109]  Wanda J. Orlikowski,et al.  Studying Information Technology in Organizations: Research Approaches and Assumptions , 1991, Inf. Syst. Res..

[110]  Neil F. Doherty,et al.  Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis , 2005, Inf. Resour. Manag. J..

[111]  Detmar W. Straub,et al.  Information Technology Adoption Across Time: A Cross-Sectional Comparison of Pre-Adoption and Post-Adoption Beliefs , 1999, MIS Q..

[112]  W. Orlikowski,et al.  An Improvisational Model of Change Management: The Case of Groupware Technologies , 1996 .

[113]  Gurpreet Dhillon,et al.  Applying double loop learning to interpret implications for information systems security design , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[114]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[115]  D. Schoen The Reflective Practitioner , 1983 .

[116]  Michael J. Earl,et al.  Experiences in Strategic Information Systems Planning , 1993, MIS Q..

[117]  John Law,et al.  Power, Discretion and Strategy , 1990 .

[118]  Rossouw von Solms,et al.  A framework for the governance of information security , 2004, Comput. Secur..

[119]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[120]  Ravi S. Sandhu Lattice-based enforcement of Chinese Walls , 1992, Comput. Secur..

[121]  A. Hughes Oxford English Dictionary. , 2008, Isis; an international review devoted to the history of science and its cultural influences.

[122]  Sung-Bae Cho,et al.  Detecting intrusion with rule-based integration of multiple models , 2003, Comput. Secur..

[123]  Eugene Schultz Security training and awareness - fitting a square peg in a round hole , 2004, Comput. Secur..

[124]  Henry C. Lucas,et al.  Organizational power and the information services department , 1984, CACM.

[125]  Sirkka L. Jarvenpaa,et al.  Integrating market, technology, and policy opportunities in e-business strategy , 1999, J. Strateg. Inf. Syst..

[126]  Werner Ulrich A Philosophical Staircase for Information Systems Definition, Design, and Development: A Discursive Approach to Reflective Practice in ISD (Part 1) , 2001 .

[127]  Brian S. Butler,et al.  Power and Information Technology Research: A Metatriangulation Review , 2002, MIS Q..

[128]  Ann-Marie K. Baronas,et al.  Restoring a Sense of Control During Implementation: How User Involvement Leads to System Acceptance , 1988, MIS Q..

[129]  John Smyth Collegiality as a Counter Discourse to the Intrusion of Corporate Management into Higher Education. , 1989 .

[130]  Angela Lin,et al.  The social and political construction of technological frames , 2005, Eur. J. Inf. Syst..

[131]  R. Fazio,et al.  Attitude accessibility as a moderator of the attitude-perception and attitude-behavior relations: an investigation of the 1984 presidential election. , 1986, Journal of personality and social psychology.

[132]  Kailash Joshi,et al.  A Model of Users' Perspective on Change: The Case of Information Systems Technology Implementation , 1991, MIS Q..

[133]  Helen Collinson Cracking a social engineer , 1995 .

[134]  N. Doherty,et al.  Aligning the information security policy with the strategic information systems plan , 2006, Comput. Secur..

[135]  Geoff Walsham,et al.  Making Contributions From Interpretive Case Studies: Examining Processes of Construction and Use , 2004, Relevant Theory and Informed Practice.

[136]  Leslie P. Willcocks,et al.  IT outsourcing as strategic partnering: the case of the UK Inland Revenue , 1998, ECIS.

[137]  Geoff Walsham,et al.  Using IT to Support Business Innovation: A Case Study of the London Insurance Market , 1996, Scand. J. Inf. Syst..

[138]  Avishai Wool,et al.  The use and usability of direction-based filtering in firewalls , 2004, Comput. Secur..

[139]  M. Foucault,et al.  Discipline and Punish: The Birth of the Prison , 2020, On Violence.

[140]  Niels Bjørn-Andersen,et al.  International Conference on Information Systems ( ICIS ) 1986 POWER OVER USERS : ITS EXERCISE BY SYSTEM PROFESSIONALS , 2017 .

[141]  Michael Newman,et al.  User Involvement as an Interaction Process: A Case Study , 1990, Inf. Syst. Res..

[142]  Gurpreet Dhillon,et al.  Principles of information systems security - text and cases , 2006 .

[143]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[144]  Rudy Hirschheim,et al.  Realizing Emancipatory Principles in Information Systems Development: The Case for ETHICS , 1994, MIS Q..

[145]  Winfried E. Kühnhauser Policy Groups , 1999, Comput. Secur..

[146]  Robert W. Zmud,et al.  The Implementation Process: A Change Approach , 1979, MIS Q..

[147]  Denis Trèek,et al.  An integral framework for information systems security management , 2003, Comput. Secur..

[148]  Wanda J. Orlikowski,et al.  CASE Tools as Organizational Change: Investigating Incremental and Radical Changes in Systems Development , 1993, MIS Q..

[149]  R. Baskerville,et al.  An information security meta‐policy for emergent organizations , 2002 .

[150]  James C. Scott,et al.  Weapons of the Weak: Everyday Forms of Peasant Resistance. , 1985, The Journal of Asian Studies.

[151]  M. Callon Some Elements of a Sociology of Translation: Domestication of the Scallops and the Fishermen of St Brieuc Bay , 1984 .

[152]  Debra Howcroft,et al.  Re-conceptualising failure: social shaping meets IS research , 2002, Eur. J. Inf. Syst..

[153]  Marshall W. Meyer,et al.  Power in Organizations. , 1982 .

[154]  Jan H. P. Eloff,et al.  Special Features: A Framework for the Implementation of Socio-ethical Controls in Information Security , 2001 .

[155]  Felix B. Tan,et al.  The Repertory Grid Technique: A Method for the Study of Cognition in Information Systems , 2002, MIS Q..

[156]  D. Mumby Theorizing Resistance in Organization Studies , 2005 .

[157]  Rob Kling,et al.  Reconceptualizing Users as Social Actors in Information Systems Research , 2003, MIS Q..

[158]  Dorothy E. Leidner,et al.  Studying Knowledge Management in Information Systems Resarch: Discourses and Theoretical Assumptions , 2002, MIS Q..

[159]  Sung-Bae Cho,et al.  Efficient anomaly detection by modeling privilege flows using hidden Markov model , 2003, Comput. Secur..

[160]  Wanda J. Orlikowski,et al.  Technology and Institutions: What Can Research on Information Technology and Research on Organizations Learn from Each Other? , 2001, MIS Q..

[161]  M. Miles,et al.  Data management and analysis methods. , 1994 .

[162]  Eirik Albrechtsen,et al.  A qualitative study of users' view on information security , 2007, Comput. Secur..

[163]  James Backhouse,et al.  Understanding Information: An Introduction , 1990 .

[164]  Leslie P. Willcocks,et al.  Social Theory and Philosophy for Information Systems Social Theory and Philosophy for Information Systems , 2004 .

[165]  Allen S. Lee Crafting a Paper for Publication , 2007, Commun. Assoc. Inf. Syst..

[166]  J Swanson,et al.  Business Dynamics—Systems Thinking and Modeling for a Complex World , 2002, J. Oper. Res. Soc..

[167]  M. Foucault,et al.  Discipline and Punish: The Birth of the Prison. , 1978 .

[168]  Simon N. Foley Building Chinese walls in standard unixTM , 1997, Comput. Secur..

[169]  E. Guba,et al.  Competing paradigms in qualitative research. , 1994 .

[170]  D. Campbell,et al.  EXPERIMENTAL AND QUASI-EXPERIMENT Al DESIGNS FOR RESEARCH , 2012 .

[171]  E. Trauth,et al.  Handbook of critical information systems research : theory and application , 2005 .

[172]  A. R. Warman,et al.  Organizational computer security policy: the reality , 1992 .

[173]  M. Lynne Markus,et al.  Power, politics, and MIS implementation , 1987, CACM.

[174]  I. Hodder The Interpretation of Documents and Material Culture , 1994 .

[175]  Richard Beckhard,et al.  Organization Development: Strategies and Models , 1969 .