Information Security: An Organizational Change Perspective

This research examines changing information security requirements and the strategies organizations are developing to meet the related challenges. This is a topic of considerable importance because organizations must simultaneously provide information to their employees, customers, and business partners while safeguarding it from inappropriate access, use, and disclosure. Sharing information through the Internet is now a prevailing practice (Panda, 1999) with security breaches affecting 90% of all businesses each year and costing some $17 billion (Austin & Darby, 2003). To investigate how organizations are changing in response to new information security requirements, this paper develops a theoretical framework, validates the framework, proposes a set of interesting research questions for further study, and concludes with a suggested methodology.

[1]  Brajendra Panda,et al.  Defensive information warfare , 1999, CACM.

[2]  Nandini Rajagopalan,et al.  TOWARD A THEORY OF STRATEGIC CHANGE: A MULTI-LENS PERSPECTIVE AND INTEGRATIVE FRAMEWORK , 1997 .

[3]  E. H. Bowman,et al.  Strategy through the Option Lens: An Integrated View of Resource Investments and the Incremental-Choice Process , 1993 .

[4]  A. H. Van de Nothing Is Quite So Practical as a Good Theory. , 1989 .

[5]  William A. Arbaugh,et al.  Security problems in 802.11-based networks , 2003, CACM.

[6]  J CulnanMary,et al.  Information Privacy Concerns, Procedural Fairness, and Impersonal Trust , 1999 .

[7]  J. March Footnotes To Organizational Change , 1980 .

[8]  W. Orlikowski Using Technology and Constituting Structures: A Practice Lens for Studying Technology in Organizations , 2000 .

[9]  M. Culnan,et al.  Information Privacy Concerns, Procedural Fairness, and Impersonal Trust: An Empirical Investigation , 1999 .

[10]  Arie Segev,et al.  Internet Security , 1998 .

[11]  John J. Mauriel,et al.  A Framework for Linking Culture and Improvement Initiatives in Organizations , 2000 .

[12]  Varun Grover,et al.  Business Process Change and Organizational Performance: Exploring an Antecedent Model , 1997, J. Manag. Inf. Syst..

[13]  Robert D Austin,et al.  The myth of secure computing. , 2003, Harvard business review.

[14]  Russ Housley,et al.  Security flaws in 802.11 data link protocols , 2003, CACM.

[15]  Anthony M. Townsend,et al.  Why Wi-Fi wants to be free , 2003, CACM.

[16]  Ari Ginsberg,et al.  Measuring and modelling changes in strategy: Theoretical foundations and empirical directions , 1988 .

[17]  Ravi S. Sandhu,et al.  Identity management , 2003, IEEE Internet Computing.