References
- AlbrechtsenEHovdenJThe information security digital divide between information security managers and usersComputers & Security200928647649010.1016/j.cose.2009.01.003
- AlmklovPGAntonsenSMaking work invisible: New public management and operational work in critical infrastructure sectorsPublic Administration201492247749210.1111/padm.12069
- ArvidssonVHolmströmJLyytinenKInformation systems use as strategy practice: A multi-dimensional view of strategic information system implementation and useThe Journal of Strategic Information Systems2014231456110.1016/j.jsis.2014.01.004
- BackhouseJHsuCWSilvaLCircuits of power in creating de jure standards: Shaping an international information systems security standardManagement Information Systems Quarterly200630Special Issue413438
- BarnesBSchatzkiTRCetinaKKSavignyEPractice as collective actionThe Practice Turn in Contemporary Theory2001London, UKRoutledge2536
- BaskervilleRSiponenMAn information security meta-policy for emergent organizationsLogistics Information Management2002155/633734610.1108/09576050210447019
- BossSRKirschLJAngermeierIShinglerRABossRWIf someone is watching, I’ll do what I’m asked: Mandatoriness, control, and information securityEuropean Journal Information Systems200918215116410.1057/ejis.2009.8
- BrownJSDuguidPOrganizational learning and communities-of-practice: Toward a unified view of working, learning, and innovationOrganization Science199121405710.1287/orsc.2.1.40
- BrownJSDuguidPKnowledge and organization: A social-practice perspectiveOrganization Science200112219821310.1287/orsc.12.2.198.10116
- BulgurcuBCavusogluHBenbasatIInformation security policy compliance: an empirical study of rationality-based beliefs and information security awarenessMIS Quarterly2010343523A7
- CallonMAsdalKBrennaBMoserISome elements of a sociology of translation: Domestication of the scallops and the fishermen of St. Brieuc bayTechnoscience: The Politics of Interventions2007Oslo, NOOslo Academic Press
- CarloJLLyytinenKBolandRJJrDialectics of collective minding: Contradictory appropriations of information technology in a high-risk projectManagement Information Systems Quarterly20123641081-A3
- CiborraCUNotes on improvisation and time in organizationsAccounting, Management and Information Technologies199992779410.1016/S0959-8022(99)00002-8
- Coles-KempLInformation security management: An entangled research challengeInformation Security Technical Report200914418118510.1016/j.istr.2010.04.005
- CzarniawskaBJoergesBCzarniawskaBSevónGTravels of ideasTranslating Organizational Change1996Berlin, DEWalter de Gruyter1348
- CzarniawskaBOn time, space, and action netsOrganization200411677379110.1177/1350508404047251
- CzarniawskaBEmerging institutions: pyramids or anthills?Organization Studies200930442344110.1177/0170840609102282
- D’ArcyJHovavAGallettaDUser awareness of security countermeasures and its impact on information systems misuse: A deterrence approachInformation Systems Research2009201799810.1287/isre.1070.0160
- DavisonRMMartinsonsMGOuCXJThe roles of theory in canonical action researchManagement Information Systems Quarterly2012363763796
- DhillonGPrinciples of Information Systems Security: Text and Cases2007Hoboken, NJWiley
- Dhillon G, Tejay G and Weiyin H (2007) Identifying governance dimensions to evaluate information systems security in organizations. In Proceedings of the 40th Hawaii International Conference on System Sciences, IEEE, Piscataway.
- DiMaggioPJPowellWWThe iron cage revisited: institutional isomorphism and collective rationality in organizational fieldsAmerican Sociological Review198348214716010.2307/2095101
- DohertyNAnastasakisLFulfordHInformation security policy unpacked: a critical study of the content of university policiesInternational Journal of Information Management200929644945710.1016/j.ijinfomgt.2009.05.003
- DoughertyDOrganizing practices in services: capturing practice-based knowledge for innovationStrategic Organization200421356410.1177/1476127004040914
- FeldmanMSOrlikowskiWJTheorizing practice and practicing theoryOrganization Science2011225240125310.1287/orsc.1100.0612
- GeertzCThe Interpretation of Cultures: Selected Essays1973NYBasic books
- GerberMSolmsRInformation security requirements – Interpreting the legal aspectsComputers & Security2008275–612413510.1016/j.cose.2008.07.009
- GillonKBranzLCulnanMDhillonGHodgkinsonRMacWillsonAInformation security and privacy - Rethinking governance modelsCommunications of the ACM201128561570
- Hanks W (2014) The space of translation. HAU: Journal of Ethnographic Theory 4(2), 17–39.
- HansethOMonteiroEInscribing behaviour in information infrastructure standardsAccounting, Management and Information Technologies19977418321110.1016/S0959-8022(97)00008-8
- HedströmKKolkowskaEKarlssonFAllenJPValue conflicts for information security managementJournal of Strategic Information Systems201120437338410.1016/j.jsis.2011.06.001
- HerathTRaoHRProtection motivation and deterrence: a framework for security policy compliance in organisationsEuropean Journal of Information Systems200918210612510.1057/ejis.2009.6
- HöneKEloffJHPInformation security policy - What do international information security standards say?Computers & Security200221540240910.1016/S0167-4048(02)00504-7
- HsuCLeeJNStraubDWInstitutional influences on information systems security innovationsInformation Systems Research2012233-Part-291893910.1287/isre.1110.0393
- HsuCWFrame misalignment: Interpreting the implementation of information systems security certification in an organizationEuropean Journal of Information Systems200918214015010.1057/ejis.2009.7
- Ingold T (2014) That’s enough about ethnography!. HAU: Journal of Ethnographic Theory 4(1), 383–395.
- ISO/IEC (2013a) ISO/IEC 27001: Information technology - Security techniques - Information security management systems - Requirements.
- ISO/IEC (2013b) ISO/IEC 27002: Information technology - Security techniques - Code of practice for information security controls.
- ISO/IEC (2014) ISO/IEC 27000: Information technology - Security techniques - Information security management systems - Overview and vocabulary.
- JarzabkowskiPALeJKFeldmanMSToward a theory of coordinating: Creating coordinating mechanisms in practiceOrganization Science201223490792710.1287/orsc.1110.0693
- JohnstonACWarkentinMFear appeals and information security behaviors: An empirical studyManagement Information Systems Quarterly2010343549-A4
- JohnstonACWarkentinMSiponenMAn enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoricManagement Information Systems Quarterly2015391113134
- KarjalainenMSiponenMToward a new meta-theory for designing information systems (IS) security training approachesJournal of the Association for Information Systems2011128518555
- KarydaMKiountouzisEKokolakisSInformation systems security policies: a contextual perspectiveComputers & Security200524324626010.1016/j.cose.2004.08.011
- KleinHKMyersMDA set of principles for conducting and evaluating interpretive field studies in information systemsManagement Information Systems Quarterly1999231679310.2307/249410
- KnappKJMorrisRFMarshallTEByrdTAInformation security policy: An organizational-level process modelComputers & Security200928749350810.1016/j.cose.2009.07.001
- KolkowskaEDhillonGOrganizational power and information security rule complianceComputers & Security201333March31110.1016/j.cose.2012.07.001
- LangleyAStrategies for theorizing from process dataThe Academy of Management Review1999244691710
- Leavitt J (2014) Words and worlds: Ethnography and theories of translation. HAU: Journal of Ethnographic Theory, 4(2), 193–220.
- LeeASBaskervilleRGeneralizing generalizability in information systems researchInformation Systems Research200314322124310.1287/isre.14.3.221.16560
- LevinaNVaastEThe emergence of boundary spanning competence in practice: Implications for implementation and use of information systemsManagement Information Systems Quarterly2005292335363
- LevinaNVaastETurning a community into a market: A practice perspective on information Technology use in boundary spanningJournal of Management Information Systems2006224133710.2753/MIS0742-1222220402
- MerminodVRoweFHow does PLM technology support knowledge transfer and translation in new product development? Transparency and boundary spanners in an international contextInformation and Organization201222429532210.1016/j.infoandorg.2012.07.002
- MiettinenRSamra-FredericksDYanowDRe-turn to practice: An introductory essayOrganization Studies200930121309132710.1177/0170840609349860
- MilesMBHubermanAMQualitative Data Analysis: An Expanded Sourcebook1994Thousand Oaks, CASAGE Publications Inc
- MorrisTLancasterZTranslating management ideasOrganization Studies200627220723310.1177/0170840605057667
- MyersMInvestigating information systems with ethnographic researchCommunications of the AIS1999223120
- MyersMDQualitative Research in Business and Management2009London, UKSage
- MyyryLSiponenMPahnilaSVartiainenTVanceAWhat levels of moral reasoning and values explain adherence to information security rules? An empirical studyEuropean Journal of Information Systems200918212613910.1057/ejis.2009.10
- NicoliniDMedical innovation as a process of translation: A case from the field of telemedicineBritish Journal of Management20102141011102610.1111/j.1467-8551.2008.00627.x
- NielsenJAMathiassenLNewellSTheorization and translation in information technology institutionalization: Evidence from Danish home careManagement Information Systems Quarterly2014381165186
- Niemimaa M, Laaksonen E and Harnesk D (2013) Interpreting information security policy outcomes: A frames of reference perspective. In Proceedings of the 46th Hawaii International Conference on System Sciences, pp 4541–4550, IEEE, Piscataway.
- NiemimaaMLaaksonenAEVaujanyFXMitevNLanzaraGFMukherjeeAEnacting information security policies in practice: Three modes of policy complianceMateriality, rules and regulation: New trends in management and organization studies2015Hampshire, UKPalgrave Macmillan223249
- NjengaKBrownIConceptualising improvisation in information systems securityEuropean journal of information systems20122159260710.1057/ejis.2012.3
- OrlikowskiWJUsing technology and constituting structures: A practice lens for studying technology in organizationsOrganization Science200011440442810.1287/orsc.11.4.404.14600
- OrlikowskiWJBarleySRTechnology and institutions: What can research on information technology and research on organizations learn from each other?MIS quarterly200125214516510.2307/3250927
- OrrJETalking About Machines: An Ethnography of a Modern Job1996IthacaILR Press/Cornell University Press
- OrrJETen years of talking about machinesOrganization Studies200627121805182010.1177/0170840606071933
- PowellWWGammalDLSimardCCzarniawskaBSevónGClose encounters: The circulation and reception of managerial practices in the San Francisco Bay area nonprofit communityGlobal Ideas: How Ideas, Objects and Practices Travel in the Global Economy2005Copenhagen, DKLiber and Copenhagen Business School Press
- PuhakainenPA Design Theory for Information Security Awareness2006Oulu, FinlandUniversity of Oulu
- PuhakainenPSiponenMImproving employees’ compliance through information systems security training: an action research studyManagement Information Systems Quarterly2010344767-A4
- PWC (2014) Managing cyber risks in an interconnected world: Key findings from the global state of information security survey 2015.
- RamillerNCPentlandBTManagement implications in information systems research: The untold storyJournal of the Association for Information Systems2009106474494
- RansbothamSMitraSChoice and chance: A conceptual model of paths to information security compromiseInformation Systems Research200920112113910.1287/isre.1080.0174
- ReesJBandyopadhyaySSpaffordEHPFIRES: A policy framework for information securityCommunications of the ACM200346710110610.1145/792704.792706
- RoweFToward a richer diversity of genres in information systems research: new categorization and guidelinesEuropean Journal of Information Systems20122146948710.1057/ejis.2012.38
- Saint-GermainRInformation security management best practice based on ISO/IEC 17799Information Management Journal20053946066
- SchatzkiTRSchatzkiTRCetinaKKSavignyEIntroductionThe Practice Turn in Contemporary Theory2001London, UKRoutledge1123
- SchatzkiTRCetinaKKSavignyEThe Practice Turn in Contemporary Theory2001London, UKRoutledge
- SchatzkiTRThe sites of organizationsOrganization Studies200526346548410.1177/0170840605050876
- SchultzeUOrlikowskiWJA practice perspective on technology-mediated network relations: The use of internet-based self-serve technologiesInformation Systems Research20041518710610.1287/isre.1030.0016
- SiponenMAn analysis of the traditional IS security approaches: implications for research and practiceEuropean Journal of Information Systems20051430331510.1057/palgrave.ejis.3000537
- SiponenMInformation security standards focus on the existence of process, not its contentCommunications of the ACM20064989710010.1145/1145287.1145316
- SiponenMIivariJSix design theories for IS security policies and guidelinesJournal of the Association for Information Systems200677445472
- SiponenMTOinas-KukkonenHA review of information security issues and respective research contributionsSIGMIS Database2007381608010.1145/1216218.1216224
- SiponenMWillisonRInformation security management standards: Problems and solutionsInformation & Management200946526727010.1016/j.im.2008.12.007
- SiponenMVanceANeutralization: New insights into the problem of employee information systems security policy violationsManagement Information Systems Quarterly2010343487-A12
- Siponen M, Willison R and Baskerville R (2008) Power and practice in information systems security research. In Proceedings of the International Conference on Information Systems (Boland R, Limayem M and Pentland B, Eds), (14-17 December), Paris, Association for Information Systems.
- SmetsMMorrisTGreenwoodRFrom practice to field: A multilevel model of practice-driven institutional changeAcademy of Management Journal201255487790410.5465/amj.2010.0013
- SmithSWinchesterDBunkerDJamiesonRCircuits of power: a study of mandated compliance to an information systems security de jure standard in a government organizationManagment Information Systems Quarterly2010343463486
- StahlBDohertyNShawMInformation security policies in the UK healthcare sector: a critical evaluationInformation Systems Journal2012221779410.1111/j.1365-2575.2011.00378.x
- StraubDWGoodmanSBaskervilleRLStraubDWGoodmanSBaskervilleRLFraming the information security process in modern societyInformation security: policy, processes and practices2008M.E. SharpeArmonk, NY512
- SuchmanLAHuman-machine reconfigurations: Plans and situated actions2007OxfordCambridge University Press, Lancaster University
- TsohouAKarydaMKokolakisSKiountouzisEAnalyzing trajectories of information security awarenessInformation Technology & People201225332735210.1108/09593841211254358
- TsohouAKarydaMKokolakisSKiountouzisEManaging the introduction of information security awareness programmes in organisationsEuropean Journal Information Systems2015241385810.1057/ejis.2013.27
- MarrewijkAYanowDMarrewijkAYanowDIntroduction: The spatial turn in organization studiesOrganizational spaces: Rematerializing the workaday world2010Northampton, MAEdward Elgar116
- SolmsRInformation security management: why standards are importantInformation Management & Computer Security199971505710.1108/09685229910255223
- SolmsBSolmsRThe 10 deadly sins of information security managementComputers & Security200423537137610.1016/j.cose.2004.05.002
- SolmsRSolmsSHInformation security governance: Due careComputers & Security200625749449710.1016/j.cose.2006.08.013
- WarkentinMJohnstonACStraubDWGoodmanSEBaskervilleRIT governance and organizational design for security managementInformation security: Policy, processes and practices2008M.E. SharpeArmonk, NY4668
- WarkentinMWillisonRBehavior and policy issues in information systems security: the insider threatEuropean Journal of Information Systems20091810110510.1057/ejis.2009.12
- WarkentinMJohnstonACShropshireJThe influence of the informal social learning environment on information privacy policy compliance efficacy and intentionEuropean Journal of Information Systems201120326728410.1057/ejis.2010.72
- WhitmanMEStraubDWGoodmanSBaskervilleRLSecurity policy: From design to maintenanceInformation security: Policy, processes and practices2008M.E. SharpeArmonk, NY123151
- WhittingtonRCompleting the practice turn in strategy researchOrganization Studies200627561363410.1177/0170840606064101