- List of Contributors
- Historical Reflections on the Practice of Information Management and Implications for the Field of MIS
- Tracing the History of the Information Systems Field
- The Truth, the Whole Truth, and Nothing but the Truth: High‐Quality Research in Information Systems
- Systems Thinking and Soft Systems Methodology
- Structuration Theory
- Institutional Theory of Information Technology
- ‘Everything is Dangerous’: Rethinking Michel Foucault and the Social Study of ICT
- Critical Social Information Systems Research
- Hermeneutics and Meaning‐Making in Information Systems
- Phenomenology, Screens, and <i>Screenness</i>: Returning to the World Itself
- Post‐structuralism, Social Shaping of Technology, and Actor‐Network Theory: What Can They Bring to IS Research?
- Further Developments in Information Systems Strategizing: Unpacking the Concept
- Rethinking Business–IT Alignment
- IT‐Dependent Strategic Initiatives and Sustained Competitive Advantage: A Review, Synthesis, and an Extension of the Literature
- Changing the Story Surrounding Enterprise Systems to Improve our Understanding of What Makes ERP Work in Organizations
- A Multi‐theoretic Approach to IT Governance: The Need for Commitment as well as Alignment
- Rethinking Information Systems Security
- Mobile IT
- A Review of the IT Outsourcing Literature: Insights for Practice
- Managing Knowledge Work
- Rethinking Gender and MIS for the Twenty‐First Century
- Green Digits: Towards an Ecology of IT Thinking
- Ethics and ICT
- IT, Globalization, and Human Development: A Personal View
- Discourses on Innovation and Development in Information Systems in Developing Countries Research
- From Instrumentality to Emergence in Information Systems
Abstract and Keywords
A key aspect of the rights and responsibilities associated with the use, storage, retrieval, and collection of data' is the question of security. The first part of this article considers the growing sophistication of newer technologies that demands new security management thinking beyond addressing individual vulnerabilities. It describes some new complexities resulting from interactions among more feature-rich technologies and their use, along with consideration of related security risks. It goes on to present some ideas for improving security management efforts and includes suggestions for more proactively identifying risks resulting from the emergent use of these systems. The potential role of logical models similar to those used for decades for information systems analysis and design is introduced. This article presents an effort to bridge the gap between high-level policy-based security management and low-level technology-based security management to consider how more attention to technological and business processes may lead to improvements in information security management efforts.
Amy Ray currently serves as Trustee Chair in the Information Process and Management Department at Bentley University. Dr. Ray teaches, consults, and conducts research in information security, with special interests in interorganizational systems and processes, particularly in healthcare. Dr. Ray has worked extensively with leaders in the healthcare and consumer packaged goods industries and has taught a variety of information security courses in executive and university education programmes. She has received numerous grants, including grants from Symantec and NSF to complete security and other practice‐oriented research. Her research appears in numerous scholarly MIS journals including the Journal of Management Information Systems, Information and Management, the Journal of Information Systems, and the Journal of Strategic Information Systems as well as several scholarly accounting journals.
Access to the complete content on Oxford Handbooks Online requires a subscription or purchase. Public users are able to search the site and view the abstracts and keywords for each book and chapter without a subscription.
If you have purchased a print title that contains an access token, please see the token for information about how to register your code.