Institutional theory: a new perspective for research into IS/IT security in organisations

The aim of this position paper is to argue for the suitability of an institutional perspective in IS/IT (information systems/information technology) security research. Institutional theory, including some of its central concepts, is presented, along with examples of how it has been used in information systems research. A discussion of how the theory could benefit managerial IS/IT research concludes the paper.

[1]  Leonard Steinborn International Organization for Standardization ISO 9001:2000 Quality Management Systems — Requirements , 2004 .

[2]  Lars Norén,et al.  Nyinstitutionalismen inom organisationsanalysen: Roine Johansson; Studentlitteratur, Lund, 2002 , 2004 .

[3]  Ananth Chiravuri,et al.  A THEORETICAL EXAMINATION OF ORGANIZATIONALDOWNSIZING AND ITS EFFECTS ON ISORGANIZATIONAL LEARNING,MEMORY, AND INNOVATION , 2002 .

[4]  Roine Johansson Nyinstitutionalismen inom organisationsanalysen : En skolbildnings uppkomst, spridning och utveckling , 2002 .

[5]  Thomas Peltier,et al.  Information Technology: Code of Practice for Information Security Management , 2001 .

[6]  J. Hunter The human factor. , 2001, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[7]  Christer Magnusson,et al.  Hedging shareholder value in an IT dependent business society : the framework BRITS , 1999 .

[8]  Thomas Finne,et al.  The three categories of decision-making and information security , 1998, Comput. Secur..

[9]  Il Im,et al.  Topics of interest in IS: comparing academic journals with the practitioner press , 1997, ICIS '97.

[10]  Sten Jönsson Institutions and Organizations , 1997 .

[11]  Donn B. Parker,et al.  The strategic values of information security in business , 1997, Comput. Secur..

[12]  Thomas Finne Information security implemented in: The theory on stock market efficiency, Markowitz's portfolio theory and porter's value chain , 1997, Comput. Secur..

[13]  Louise Yngström,et al.  A systemic-holistic approach to academic programmes in IT security , 1996 .

[14]  Carol M. Sánchez,et al.  Organizational downsizing: Constraining, cloning, learning , 1995 .

[15]  John W. Meyer,et al.  Institutional conditions for diffusion , 1993 .

[16]  Elizabeth J. Davidson,et al.  An Exploratory Study of Joint Application Design (JAD) in Information Systems Delivery , 1993, ICIS.

[17]  W. Powell,et al.  The New Institutionalism in Organizational Analysis , 1993 .

[18]  Wanda J. Orlikowski,et al.  Information Technology and the Structuring of Organizations , 2011 .

[19]  Sirkka L. Jarvenpaa,et al.  International Conference on Information Systems ( ICIS ) 1991 EXTERNAL VERSUS INTERNAL PERSPECTIVES IN DETERMINING A FIRM ' S PROGRESSIVE USE OF INFORMATION TECHNOLOGY , 2017 .

[20]  Björn Rombach Rationalisering eller prat : Kommuners anpassning till en stagnerande ekonomi , 1986 .

[21]  Kerstin Sahlin-Andersson,et al.  Beslutsprocessens komplexitet. Att genomföra och hindra stora projekt, [The complexity of Decision processes: to implement and obstruct major projects] , 1986 .

[22]  Nils Brunsson The Irrational Organization: Irrationality as a Basis for Organizational Action and Change , 1985 .

[23]  A. Kellerman,et al.  The Constitution of Society : Outline of the Theory of Structuration , 2015 .

[24]  Bengt Jacobsson,et al.  Hur styrs förvaltningen? : myt och verklighet kring departementens styrning av ämbetsverken , 1984 .

[25]  Graham Greene,et al.  The Human Factor , 1978 .

[26]  John W. Meyer,et al.  Institutionalized Organizations: Formal Structure as Myth and Ceremony , 1977, American Journal of Sociology.

[27]  W. Powell,et al.  The iron cage revisited institutional isomorphism and collective rationality in organizational fields , 1983 .