Open this publication in new window or tab >>2019 (English)In: International Journal on Cyber Situational Awareness, ISSN 2057-2182, Vol. 4, no 1, p. 128-154, article id 28Article in journal (Refereed) Published
Abstract [en]
Today, information is a key asset for many organisations. Reducing risks of information compromise is increasingly prioritised. However, there is an incomplete understanding of how organisations with limited security knowledge and experience manage information security risks in practice. Previous studies have suggested that security-novice employees faced with burdensome, complex, and ambiguous security requirements can experience security-related stress (SRS), and ultimately influence their security decisions. In this study, we further this research stream by suggesting that SRS can similarly be found with security-novice managers responsible for developing and practising information security risk management (ISRM). Two organisations were targeted in the study using a case study approach, to obtain data about their practices, using SRS as an analytical lens. The study found various examples where SRS influenced security-novice managers’ decisions, and identifies several stressors and stress inhibitors in the ISRM process and supporting ISRM tools, and discusses the implications for practitioners.
Place, publisher, year, edition, pages
Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC), 2019
Keywords
Security-novice, information security, information security risk management, stress, tools, compliance, management, Information Systems, Social aspects, Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning
National Category
Information Systems Information Systems, Social aspects
Identifiers
urn:nbn:se:his:diva-18925 (URN)10.22619/IJCSA (DOI)
Note
CC BY 4.0
This paper is a revised and expanded version of Lundgren and Bergström (2019b) presented at the 2019 International Conference on Cyber Science, 3-4 June 2019 in Oxford, UK. We want to thank the anonymous reviewers for their excellent suggestions and valuable insights.
Lundgren, M., & Bergström, E. (2019b). Security-Related Stress: A Perspective on Information Security Risk Management. Paper presented at the 2019 International Conference On Cyber Security and Protection of Digital Services (Cyber Security), Oxford, UK
2020-08-172020-08-172023-07-06Bibliographically approved