{"title":"Bureaucracies in information securing: Transitioning from iron cages to iron shields","authors":"Yaojie Li , Clay Posey , Thomas Stafford","doi":"10.1016/j.infoandorg.2024.100526","DOIUrl":null,"url":null,"abstract":"<div><p>Drawing inspiration from bureaucracy and information security literature, we develop the theory of security bureaucracy—an evolutionary framework that describes how organizations arrive at their information-securing approaches. Within this framework, we describe three general bureaucratic archetypes (i.e., Security Prototype, Security Structure, and Security Superstructure) that emerge from the interplay between control and expertise. We also expound on the phenomenon of security bureaucracy and delineate how organizations can transition from coercive “iron cages” to enabling “iron shields” in information securing. We also use our security establish-enforce-enculturate (3E) evolutionary framework to inform a proposed variance model of security bureaucracy. Our efforts offer significant insights and implications for organizational information security research and practice.</p></div>","PeriodicalId":47253,"journal":{"name":"Information and Organization","volume":"34 3","pages":"Article 100526"},"PeriodicalIF":5.7000,"publicationDate":"2024-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Organization","FirstCategoryId":"91","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1471772724000265","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Drawing inspiration from bureaucracy and information security literature, we develop the theory of security bureaucracy—an evolutionary framework that describes how organizations arrive at their information-securing approaches. Within this framework, we describe three general bureaucratic archetypes (i.e., Security Prototype, Security Structure, and Security Superstructure) that emerge from the interplay between control and expertise. We also expound on the phenomenon of security bureaucracy and delineate how organizations can transition from coercive “iron cages” to enabling “iron shields” in information securing. We also use our security establish-enforce-enculturate (3E) evolutionary framework to inform a proposed variance model of security bureaucracy. Our efforts offer significant insights and implications for organizational information security research and practice.
期刊介绍:
Advances in information and communication technologies are associated with a wide and increasing range of social consequences, which are experienced by individuals, work groups, organizations, interorganizational networks, and societies at large. Information technologies are implicated in all industries and in public as well as private enterprises. Understanding the relationships between information technologies and social organization is an increasingly important and urgent social and scholarly concern in many disciplinary fields.Information and Organization seeks to publish original scholarly articles on the relationships between information technologies and social organization. It seeks a scholarly understanding that is based on empirical research and relevant theory.