To read the full version of this content please select one of the options below:

Revisiting information security risk management challenges: a practice perspective

Erik Bergström (School of Informatics, University of Skövde, Skövde, Sweden)
Martin Lundgren (Department of Computer Science, Information Systems, Luleå University of Technology, Luleå, Sweden)
Åsa Ericson (Department of Computer Science, Information Systems, Luleå University of Technology, Luleå, Sweden)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 8 July 2019

Abstract

Purpose

The study aims to revisit six previously defined challenges in information security risk management to provide insights into new challenges based on current practices.

Design/methodology/approach

The study is based on an empirical study consisting of in-depth interviews with representatives from public sector organisations. The data were analysed by applying a practice-based view, i.e. the lens of knowing (or knowings). The results were validated by an expert panel.

Findings

Managerial and organisational concerns that go beyond a technical perspective have been found, which affect the ongoing social build-up of knowledge in everyday information security work..

Research limitations/implications

The study has delimitation as it consists of data from four public sector organisations, i.e. statistical analyses have not been in focus, while implying a better understanding of what and why certain actions are practised in their security work.

Practical implications

The new challenges that have been identified offer a refined set of actionable advice to practitioners, which, for example, can support cost-efficient decisions and avoid unnecessary security trade-offs.

Originality/value

Information security is increasingly relevant for organisations, yet little is still known about how related risks are handled in practice. Recent studies have indicated a gap between the espoused and the actual actions. Insights from actual, situated enactment of practice can advise on process adaption and suggest more fit approaches.

Keywords

Citation

Bergström, E., Lundgren, M. and Ericson, Å. (2019), "Revisiting information security risk management challenges: a practice perspective", Information and Computer Security, Vol. 27 No. 3, pp. 358-372. https://doi.org/10.1108/ICS-09-2018-0106

Publisher

:

Emerald Publishing Limited

Copyright © 2019, Emerald Publishing Limited