Tampere University of Technology

TUTCRIS Research Portal

A Practice Lens for Understanding the Organizational and Social Challenges of Information Security Management

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review


Original languageEnglish
Title of host publicationProceedings of the 20th Pacific Asia Conference on Information Systems (PACIS 2016)
ISBN (Electronic)9789860491029
Publication statusPublished - 2016
Publication typeA4 Article in a conference publication
EventPacific Asia Conference on Information Systems -
Duration: 1 Jan 2014 → …


ConferencePacific Asia Conference on Information Systems
Period1/01/14 → …


As the cost and amount of information security breaches continue to rise, information security management becomes vital for organizations. Often organization seek advice from information security management standards and other frameworks to manage their information security. Such standards and frameworks depict information security management as a rational, systematic and linear process and leave out the complexity and uncertainty of real-life settings. In particular, they pay little attention to the organizational and social challenges inherent in information security management. Therefore, this study draws on the practice theory to develop a practice lens for understanding how people, practices and what happens in practice interact and create such challenges. This lens depicts information security management as emerging from mundane aspects of information security management work and from the enacted social structures of and events arising at an organization and its environment and enables a deeper understanding of the organizational and social challenges. After developing this lens, it is illustrated and elaborated through an ethnographic study at an IT service provider, and its contributions to research and practice discussed.

Publication forum classification

Field of science, Statistics Finland