Institutional Theory: A New Perspective for Research into IS/IT Security in Organisations

The aim of this position paper is to argue for the suitability of an institutional perspective in IS/IT (Information Systems/Information Technology) security research. Institutional theory, including some of its central concepts, is presented, along with examples of how it has been used in information systems research. A discussion of how the theory could benefit managerial IS/IT research concludes the paper.

[1]  Donn B. Parker,et al.  The strategic values of information security in business , 1997, Comput. Secur..

[2]  Christer Magnusson,et al.  Hedging shareholder value in an IT dependent business society : the framework BRITS , 1999 .

[3]  E. Romanelli,et al.  The New Institutionalism in Organizational Analysis , 1992 .

[4]  Nils Brunsson The Irrational Organization: Irrationality as a Basis for Organizational Action and Change , 1985 .

[5]  Leonard Steinborn International Organization for Standardization ISO 9001:2000 Quality Management Systems — Requirements , 2004 .

[6]  Ananth Chiravuri,et al.  A THEORETICAL EXAMINATION OF ORGANIZATIONALDOWNSIZING AND ITS EFFECTS ON ISORGANIZATIONAL LEARNING,MEMORY, AND INNOVATION , 2002 .

[7]  John W. Meyer,et al.  Institutional conditions for diffusion , 1993 .

[8]  Thomas Finne Information security implemented in: The theory on stock market efficiency, Markowitz's portfolio theory and porter's value chain , 1997, Comput. Secur..

[9]  Kerstin Sahlin-Andersson,et al.  Beslutsprocessens komplexitet. Att genomföra och hindra stora projekt, [The complexity of Decision processes: to implement and obstruct major projects] , 1986 .

[10]  Elizabeth J. Davidson,et al.  An Exploratory Study of Joint Application Design (JAD) in Information Systems Delivery , 1993, ICIS.

[11]  Carol M. Sánchez,et al.  Organizational downsizing: Constraining, cloning, learning , 1995 .

[12]  Bengt Jacobsson,et al.  Hur styrs förvaltningen? : myt och verklighet kring departementens styrning av ämbetsverken , 1984 .

[13]  W. Powell,et al.  The New Institutionalism in Organizational Analysis , 1993 .

[14]  Thomas Finne,et al.  The three categories of decision-making and information security , 1998, Comput. Secur..

[15]  Sirkka L. Jarvenpaa,et al.  International Conference on Information Systems ( ICIS ) 1991 EXTERNAL VERSUS INTERNAL PERSPECTIVES IN DETERMINING A FIRM ' S PROGRESSIVE USE OF INFORMATION TECHNOLOGY , 2017 .

[16]  Il Im,et al.  Topics of interest in IS: comparing academic journals with the practitioner press , 1997, ICIS '97.

[17]  J. Hunter The human factor. , 2001, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[18]  W. Powell,et al.  The iron cage revisited institutional isomorphism and collective rationality in organizational fields , 1983 .

[19]  Sten Jönsson Institutions and Organizations , 1997 .

[20]  Björn Rombach Rationalisering eller prat : Kommuners anpassning till en stagnerande ekonomi , 1986 .

[21]  A. Kellerman,et al.  The Constitution of Society : Outline of the Theory of Structuration , 2015 .

[22]  Wanda J. Orlikowski,et al.  Information Technology and the Structuring of Organizations , 2011 .

[23]  John W. Meyer,et al.  Institutional Environments and Organizations: Structural Complexity and Individualism , 1994 .

[24]  Roine Johansson Nyinstitutionalismen inom organisationsanalysen : En skolbildnings uppkomst, spridning och utveckling , 2002 .

[25]  Louise Yngström,et al.  A systemic-holistic approach to academic programmes in IT security , 1996 .

[26]  Henk Sol,et al.  Proceedings of the 54th Hawaii International Conference on System Sciences , 1997, HICSS 2015.