![Sample our Economics, Finance,Business & Industry journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5931/TOC-Subject-Sample-2021-Economics-Finance-Business-Industry.jpg"})
Abstract
Organizations face institutional pressure to adopt information systems security (ISS) best practices to manage risks to their information assets. The literature shows that best practices should be contextualized, that is, translated from universal and general prescriptions into organizational documents and practices. Yet, little is known about how organizations actually make the translation from the best practices into situated practices. In this ethnographic study, we draw on practice theory and related concepts of canonical and non-canonical practices to analyze the process of translation. We explore how an IT service provider translated the ISS best practice of information classification into an ISS policy and into situated practices. We identify three translation mechanisms: (1) translating global to local, (2) disrupting and reconstructing local non-canonical practices, and (3) reconstructing and enacting local canonical practices. We find that while the translation was inhibited by incongruent practices, insufficient understanding of employees’ work, and the ISS managers’ lack of engagement in organizational practices, allowing situated practices to shape the ISS policy and actively engaging employees in the reconstruction of situated practices contributed positively to the translation. Contributions and implications for research and practice are discussed and conclusions are drawn.
Editor: Frantz Rowe
Associate Editor: Michael David Myers
Editor: Frantz Rowe
Associate Editor: Michael David Myers
Additional information
Notes on contributors
Elina Niemimaa
Elina Niemimaa is a doctoral candidate at the Tampere University of Technology in the department of Information Management and Logistics. Her main research interests lie in the field of IS security where she focuses on information security management and on the practices of information security management.
Marko Niemimaa
Marko Niemimaa is a PhD candidate at the Turku Centre for Computer Sciences and University of Turku, Turku School of Economics in the department of Information Systems. His main research interests lie in the fields of IS security management, IS continuity and sociomateriality.
