Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework

Sundström, Mikael LU orcid and Holmberg, Robert LU (2008) 2nd International Multi-Conference on Society, Cybernetics and Informatics p.94-99
Abstract
In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators... (More)
In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators brought in to analyse, post-event, what went wrong. The norm-injection analysis framework is intended to shed light on these below-the-radar processes, and to supplement the tool set an organisation analyst has at his disposal when preparing or evaluating strategic ISM measures. (Less)
Please use this url to cite or link to this publication:
author
and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
host publication
IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings
pages
94 - 99
publisher
International Institute of Informatics and Systemics
conference name
2nd International Multi-Conference on Society, Cybernetics and Informatics
conference dates
2008-06-29 - 2008-07-02
external identifiers
  • wos:000263668200020
  • scopus:84896600497
language
English
LU publication?
yes
id
9e3dfa12-5f06-4892-bc6a-3a9f7cd92036 (old id 1375206)
date added to LUP
2016-04-04 12:18:14
date last changed
2022-01-29 23:14:13
@inproceedings{9e3dfa12-5f06-4892-bc6a-3a9f7cd92036,
  abstract     = {{In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators brought in to analyse, post-event, what went wrong. The norm-injection analysis framework is intended to shed light on these below-the-radar processes, and to supplement the tool set an organisation analyst has at his disposal when preparing or evaluating strategic ISM measures.}},
  author       = {{Sundström, Mikael and Holmberg, Robert}},
  booktitle    = {{IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings}},
  language     = {{eng}},
  pages        = {{94--99}},
  publisher    = {{International Institute of Informatics and Systemics}},
  title        = {{The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework}},
  url          = {{https://lup.lub.lu.se/search/files/5974349/1543150.pdf}},
  year         = {{2008}},
}