The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework

Mikael Sundström; Robert Holmberg

The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework

Research output: Chapter in Book/Report/Conference proceeding › Paper in conference proceeding › peer-review

437 Downloads (Pure)

Abstract

In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators brought in to analyse, post-event, what went wrong. The norm-injection analysis framework is intended to shed light on these below-the-radar processes, and to supplement the tool set an organisation analyst has at his disposal when preparing or evaluating strategic ISM measures.

Original language	English
Title of host publication	IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings
Publisher	International Institute of Informatics and Systemics
Pages	94-99
Publication status	Published - 2008
Event	2nd International Multi-Conference on Society, Cybernetics and Informatics - Orlando, FL Duration: 2008 Jun 29 → 2008 Jul 2

Conference

Conference	2nd International Multi-Conference on Society, Cybernetics and Informatics
Period	2008/06/29 → 2008/07/02

Subject classification (UKÄ)

Political Science
Psychology

Access to Document

PISTA2008

Cite this

@inproceedings{9e3dfa125f064892bc6a3a9f7cd92036,

title = "The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework",

abstract = "In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication {"}problemettes{"} into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators brought in to analyse, post-event, what went wrong. The norm-injection analysis framework is intended to shed light on these below-the-radar processes, and to supplement the tool set an organisation analyst has at his disposal when preparing or evaluating strategic ISM measures.",

author = "Mikael Sundstr{\"o}m and Robert Holmberg",

year = "2008",

language = "English",

pages = "94--99",

booktitle = "IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings",

publisher = "International Institute of Informatics and Systemics",

address = "Venezuela, Bolivarian Republic of",

note = "2nd International Multi-Conference on Society, Cybernetics and Informatics ; Conference date: 29-06-2008 Through 02-07-2008",

}

Sundström, M & Holmberg, R 2008, The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework. in IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings. International Institute of Informatics and Systemics, pp. 94-99, 2nd International Multi-Conference on Society, Cybernetics and Informatics, 2008/06/29.

The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework. / Sundström, Mikael ; Holmberg, Robert.
IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings. International Institute of Informatics and Systemics, 2008. p. 94-99.

Research output: Chapter in Book/Report/Conference proceeding › Paper in conference proceeding › peer-review

TY - GEN

T1 - The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework

AU - Sundström, Mikael

AU - Holmberg, Robert

PY - 2008

Y1 - 2008

N2 - In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators brought in to analyse, post-event, what went wrong. The norm-injection analysis framework is intended to shed light on these below-the-radar processes, and to supplement the tool set an organisation analyst has at his disposal when preparing or evaluating strategic ISM measures.

AB - In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators brought in to analyse, post-event, what went wrong. The norm-injection analysis framework is intended to shed light on these below-the-radar processes, and to supplement the tool set an organisation analyst has at his disposal when preparing or evaluating strategic ISM measures.

UR - https://www.scopus.com/pages/publications/84896600497

M3 - Paper in conference proceeding

SP - 94

EP - 99

BT - IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings

PB - International Institute of Informatics and Systemics

T2 - 2nd International Multi-Conference on Society, Cybernetics and Informatics

Y2 - 29 June 2008 through 2 July 2008

ER -

The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework

Abstract

Conference

Subject classification (UKÄ)

Access to Document

Other files and links

Fingerprint

Cite this