评估组织信息安全和业务连续性的合规性:腹语代理的三个层次

IF 4.9 3区 管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE Information Technology & People Pub Date : 2023-11-07 DOI:10.1108/itp-03-2022-0156
Marko Niemimaa
{"title":"评估组织信息安全和业务连续性的合规性:腹语代理的三个层次","authors":"Marko Niemimaa","doi":"10.1108/itp-03-2022-0156","DOIUrl":null,"url":null,"abstract":"Purpose The purpose of this research is to study how compliance evaluation becomes performed in practice. Compliance evaluation is a common practice among organizations that need to evaluate their posture against a set of criteria (e.g. a standard, legislative framework and “best practices”). The results of these evaluations have significant importance for organizations, especially in the context of information security and continuity. The author argues that how these evaluations become performed is not merely a “social” activity but shaped by the materiality of the evaluation criteria Design/methodology/approach The authors adopt a sociomaterial practice-based view to study the compliance evaluation through in situ participant observations from compliance evaluation workshops to evaluate organizational compliance against a information security and business continuity criteria. The empirical material was analyzed to construct vignettes that serve to illustrate the practice of compliance evaluation. Findings The research analysis shows how the information security and business continuity criteria themselves partake in the compliance evaluations by operating through (ventriloqually) the evaluators on three strata: the material, the textual and the structural. The author also provides a conceptualization of a hybrid agency. Originality/value This research contributes to lack of studies on the organizational-level compliance. Further, the research is an original contribution to information security and business continuity management by focusing on the practices of compliance evaluation. Further, the research has theoretical novelty by adopting the ventriloqual agency as a hybrid agency to study the sociomateriality of a phenomenon.","PeriodicalId":47740,"journal":{"name":"Information Technology & People","volume":"5 11","pages":"0"},"PeriodicalIF":4.9000,"publicationDate":"2023-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluating compliance for organizational information security and business continuity: three strata of ventriloqual agency\",\"authors\":\"Marko Niemimaa\",\"doi\":\"10.1108/itp-03-2022-0156\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Purpose The purpose of this research is to study how compliance evaluation becomes performed in practice. Compliance evaluation is a common practice among organizations that need to evaluate their posture against a set of criteria (e.g. a standard, legislative framework and “best practices”). The results of these evaluations have significant importance for organizations, especially in the context of information security and continuity. The author argues that how these evaluations become performed is not merely a “social” activity but shaped by the materiality of the evaluation criteria Design/methodology/approach The authors adopt a sociomaterial practice-based view to study the compliance evaluation through in situ participant observations from compliance evaluation workshops to evaluate organizational compliance against a information security and business continuity criteria. The empirical material was analyzed to construct vignettes that serve to illustrate the practice of compliance evaluation. Findings The research analysis shows how the information security and business continuity criteria themselves partake in the compliance evaluations by operating through (ventriloqually) the evaluators on three strata: the material, the textual and the structural. The author also provides a conceptualization of a hybrid agency. Originality/value This research contributes to lack of studies on the organizational-level compliance. Further, the research is an original contribution to information security and business continuity management by focusing on the practices of compliance evaluation. Further, the research has theoretical novelty by adopting the ventriloqual agency as a hybrid agency to study the sociomateriality of a phenomenon.\",\"PeriodicalId\":47740,\"journal\":{\"name\":\"Information Technology & People\",\"volume\":\"5 11\",\"pages\":\"0\"},\"PeriodicalIF\":4.9000,\"publicationDate\":\"2023-11-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Technology & People\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1108/itp-03-2022-0156\",\"RegionNum\":3,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"INFORMATION SCIENCE & LIBRARY SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Technology & People","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/itp-03-2022-0156","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 0

摘要

本研究的目的是研究合规评估如何在实践中进行。在需要根据一组标准(例如,标准、立法框架和“最佳实践”)评估其状态的组织中,遵从性评估是一种常见的实践。这些评估的结果对组织具有重要意义,特别是在信息安全和连续性的背景下。作者认为,如何执行这些评估不仅仅是一种“社会”活动,而是由评估标准的重要性所决定的。设计/方法/方法。作者采用基于社会材料实践的观点,通过合规性评估研讨会的现场参与者观察来研究合规性评估,根据信息安全和业务连续性标准评估组织的合规性。对经验材料进行了分析,以构建有助于说明合规评估实践的小插曲。研究分析表明,信息安全和业务连续性标准本身是如何通过(腹语式)评估者在三个层面(材料、文本和结构)进行合规性评估的。作者还提出了混合代理的概念。原创性/价值本研究导致缺乏对组织层面合规的研究。此外,该研究通过关注合规性评估的实践,对信息安全和业务连续性管理做出了原创性的贡献。此外,将腹语代理作为一种混合代理来研究一种现象的社会物质性,具有理论新颖性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Evaluating compliance for organizational information security and business continuity: three strata of ventriloqual agency
Purpose The purpose of this research is to study how compliance evaluation becomes performed in practice. Compliance evaluation is a common practice among organizations that need to evaluate their posture against a set of criteria (e.g. a standard, legislative framework and “best practices”). The results of these evaluations have significant importance for organizations, especially in the context of information security and continuity. The author argues that how these evaluations become performed is not merely a “social” activity but shaped by the materiality of the evaluation criteria Design/methodology/approach The authors adopt a sociomaterial practice-based view to study the compliance evaluation through in situ participant observations from compliance evaluation workshops to evaluate organizational compliance against a information security and business continuity criteria. The empirical material was analyzed to construct vignettes that serve to illustrate the practice of compliance evaluation. Findings The research analysis shows how the information security and business continuity criteria themselves partake in the compliance evaluations by operating through (ventriloqually) the evaluators on three strata: the material, the textual and the structural. The author also provides a conceptualization of a hybrid agency. Originality/value This research contributes to lack of studies on the organizational-level compliance. Further, the research is an original contribution to information security and business continuity management by focusing on the practices of compliance evaluation. Further, the research has theoretical novelty by adopting the ventriloqual agency as a hybrid agency to study the sociomateriality of a phenomenon.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Information Technology & People
Information Technology & People INFORMATION SCIENCE & LIBRARY SCIENCE-
CiteScore
8.20
自引率
13.60%
发文量
121
期刊介绍: Information Technology & People publishes work that is dedicated to understanding the implications of information technology as a tool, resource and format for people in their daily work in organizations. Impact on performance is part of this, since it is essential to the well being of employees and organizations alike. Contributions to the journal include case studies, comparative theory, and quantitative research, as well as inquiries into systems development methods and practice.
期刊最新文献
Unraveling real-time mobile connectivity paradox and emotional ambivalence: a quasi-experimental design from a multi-source perspective Understanding consumers' interest in social commerce: the role of privacy, trust and security Evaluating compliance for organizational information security and business continuity: three strata of ventriloqual agency The configurational effects of artificial intelligence-based hiring decisions on applicants' justice perception and organisational commitment Bridging the adoption gap for cryptocurrencies: understanding the affordances that impact approach–avoidance behavior for potential users and continuation usage for actual users
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1