cyber-attack; cyber-security; IT management; mindfulness; case study; government agency
Abstract :
[en] Cyber-security requires not only technical preparations but also organizational practices that reduce the likelihood and severity of damage to the organization. Although user compliance to security policies has been examined in prior literature, user behaviour is only one facet of an organization’s cyber-security; the actions of the IT staff, crisis team, and the management are just as critical. Consequently, organizational practices in cyber-security are not understood very well. To address this gap, this research applied the concept of mindfulness, which has recently received attention also in the IT field. We collected data from a revelatory case – that of a government agency that was targeted by a large-scale cyber-attack – and applied the concept of mindfulness in analyzing the data. Our analysis uncovered a number of mindful practices related to cyber-security. These practices can serve as a building block to theorize on the activities to be taken by IT workers in promoting cyber-security. Our paper also suggests avenues for further research in the emerging topic, for instance, through the concept of cyber-security capability.
Research Center/Unit :
Laboratoire d'Etudes sur les Nouvelles Technologies de l'Information, la Communication, l'Innovation et le Changement - LENTIC
Disciplines :
Management information systems
Author, co-author :
Tapanainen, Tommi ; Université de Liège > HEC Liège > Gestion du changement, innovation et intrapreneuriat
Lisein, Olivier ; Université de Liège > HEC Liège > Gestion du changement, innovation et intrapreneuriat
Language :
English
Title :
Mindfulness in Cyber-Security: The Case of a Government Agency
Publication date :
June 2017
Event name :
Pre-ECIS Workshop "Socio-Technical Perspectives on Information Systems Security", 25th European Conference on Information Systems (ECIS)
