Factors impacting information governance in the mobile device dual‐use context

Purpose – The purpose of this paper is to reveal factors that impact information governance within the mobile technology implementation in organizations in the dual‐use context.Design/methodology/approach – Case study methodology was used and 15 semi‐structured interviews were conducted with records and information management (RIM) and information security professionals from different types of organizations.Findings – There are three main findings. First, stakeholder support is critical to drive the change and leverage organizational security culture. Second, records mobility with data security dimension represents the biggest challenge for RIM stakeholders. Third, mobile strategy and security framework are two must‐win areas for a successful mobile implementation.Research limitations/implications – The paper does not include any end‐user perspective in interviews and this end‐user context is missing.Practical implications – Awareness through education and training of employees needs to be given very part...

[1]  David K. Allen,et al.  Spreading the load: mobile information and communications technologies and their effect on information overload , 2005, Inf. Res..

[2]  Howon Lee,et al.  Group on Human-ComputerInteraction 1-1-2011 Measuring the Mobile User Experience : Conceptualization and Empirical Assessment , 2013 .

[3]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[4]  Bill Morrow,et al.  BYOD security challenges: control and protect your most sensitive data , 2012, Netw. Secur..

[5]  Jeremy Rose,et al.  Stakeholder Governance: Adapting Stakeholder Theory to E-Government , 2005, Commun. Assoc. Inf. Syst..

[6]  Andrew Koubatis,et al.  Risk management of complex critical systems , 2005, Int. J. Crit. Infrastructures.

[7]  Elizabeth Lomas Information governance: information security and access within a UK context , 2010 .

[8]  Joanne Hardman,et al.  An Exploratory Case Study of Computer Use in a Primary School Mathematics Classroom: New Technology, New Pedagogy? Research: Information and Communication Technologies , 2005 .

[9]  Sari Mäkinen Document Management, Organizational Memory, and Mobile Environment , 2006 .

[10]  Kenton O'Hara,et al.  Dealing with mobility: understanding access anytime, anywhere , 2001, TCHI.

[11]  Frederick M. Avolio Best practices in network security , 2000 .

[12]  A. Willis Corporate governance and management of information and records , 2005 .

[13]  Liisa von Hellens,et al.  Qualitative Research in Information Systems , 2007, Australas. J. Inf. Syst..

[14]  P. N. Ramachandran Nair,et al.  What Is on the Horizon? , 2014, Journal of conservative dentistry : JCD.

[15]  W. Webb Being mobile [smartphone revolution] , 2010 .

[16]  Stephanie Teufel,et al.  Information security culture - from analysis to change , 2003, South Afr. Comput. J..

[17]  David J. Pauleen,et al.  Cause or Cure: Technologies and Work-Life Balance , 2008, ICIS.

[18]  Antonio Scarfò,et al.  New Security Perspectives around BYOD , 2012, 2012 Seventh International Conference on Broadband, Wireless Computing, Communication and Applications.

[19]  Helen Meyer,et al.  A business approach to effective information technology risk analysis and management , 1996 .

[20]  Helmut Krcmar,et al.  Beyond Technical Aspects of Information Security: Risk Culture as a Success Factor for IT Risk Management , 2005, AMCIS.

[21]  Sari Mäkinen,et al.  Mobile work and its challenges to personal and collective information management , 2012, Inf. Res..

[22]  Sebastiaan H. von Solms,et al.  Information Security - The Third Wave? , 2000, Comput. Secur..

[23]  Manfred Bruhn,et al.  Internes Marketing als Forschungsgebiet der Marketingwissenschaft — Eine Einführung in die theoretischen und praktischen Probleme , 1995 .

[24]  Peter Goldschmidt,et al.  Paradigm shifts in recordkeeping responsibilities: implications for ISO 15489's implementation , 2012 .

[25]  Tony Elliman,et al.  Focus Issue on Legacy Information Systems and Business Process Change: The Role of Stakeholders in Managing Change , 1999, Commun. Assoc. Inf. Syst..

[26]  Sari Mäkinen,et al.  Motivations for records management in mobile work , 2011 .

[27]  John Leach,et al.  Improving user security behaviour , 2003, Comput. Secur..

[28]  A. Jones,et al.  A framework for the management of information security risks , 2007 .

[29]  Elayne Coakes,et al.  Focus issue on legacy information systems and business process engineering: the role of stakeholders in managing change , 1999 .

[30]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[31]  Shuang Xu,et al.  Usability for Mobile Commerce Across Multiple Form Factors , 2002, J. Electron. Commer. Res..

[32]  Janine L. Spears A Holistic Risk Analysis Method for Identifying Information Security Risks , 2004, IICIS.

[33]  T. Schlienger,et al.  Information security culture - from analysis to change : research article , 2003 .

[34]  Fabio Crestani,et al.  Effective search results summary size and device screen size: Is there a relationship? , 2005, Inf. Process. Manag..

[35]  Virpi Roto,et al.  Understanding, scoping and defining user experience: a survey approach , 2009, CHI.

[36]  Sebastiaan H. von Solms,et al.  Information Security - The Fourth Wave , 2006, Comput. Secur..

[37]  Jan H. P. Eloff,et al.  A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[38]  David Bromage,et al.  Current state of play: records management and the cloud , 2010 .

[39]  Ahmed Ataullah A Framework for Records Management in Relational Database Systems , 2008 .

[40]  Tom L. Roberts,et al.  Understanding the mindset of the abusive insider: An examination of insiders' causal reasoning following internal security changes , 2011, Comput. Secur..

[41]  Kara Morgan,et al.  Development of a Preliminary Framework for Informing the Risk Analysis and Risk Management of Nanoparticles , 2005, Risk analysis : an official publication of the Society for Risk Analysis.

[42]  T. S. Raghu,et al.  Privacy and Security Practices in the Arena of Cloud Computing - A Research in Progress , 2010, AMCIS.

[43]  Richard Sizer,et al.  Computer security—a pragmatic approach for managers , 1989 .

[44]  K. Eisenhardt Building theories from case study research , 1989, STUDI ORGANIZZATIVI.

[45]  E. Anders Eriksson VIEWPOINT: INFORMATION WARFARE: HYPE OR REALITY? , 1999 .

[46]  Jan H. P. Eloff,et al.  Information security culture - validation of an assessment instrument , 2007 .

[47]  Aurélie Leclercq,et al.  Adoption and appropriation: towards a new theoretical framework. An exploratory research on mobile technologies in French companies , 2006 .

[48]  Joanne Hardman,et al.  An exploratory case study of computer use in a primary school mathematics classroom: New technology, new pedagogy? , 2005 .

[49]  Qing Hu,et al.  The Role of External Influences on Organizational Information Security Practices: An Institutional Perspective , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[50]  George Roth,et al.  Lessons from the desert , 2004 .

[51]  F. Nelson Ford,et al.  Information security: management's effect on culture and policy , 2006, Inf. Manag. Comput. Secur..

[52]  Lawrence W. Serewicz Do we need bigger buckets or better search engines , 2010 .