Collective IT artifacts: Toward Inclusive Crisis Infrastructures

This paper investigates a previously overlooked phenomenon in crisis response information systems, namely inclusive crisis infrastructure. By expanding the well-acknowledged infrastructure concept with alternatives to understand the nature and scope of inclusive crisis infrastructures, this paper contributes to closing the gap between theory and practice by raising some research questions critical to the study of inclusive crisis infrastructures. The emerging literature on crisis response information systems suggests that external sourcing of information increasingly influences crisis response operations. To contribute to this discourse, the paper draws on Pipek and Wulf’s (2009) definition of work infrastructures and Palen and Liu’s (2007) conceptualization of peer-to-peer communications to develop a better understanding of the crisis response arena as a whole. In doing so, this paper goes beyond the emphasis on event-based technologies that currently dominate the crisis response information systems literature and instead argues why crisis infrastructures need to be both inward-looking and accommodating to technological and social outcomes parallel to formal response contexts. The novel conceptualization captures the fact that the crisis context contains collections of collective IT artifacts that are not aligned or related but that are, for autonomy reasons, interlinked to crisis organizations’ current IT infrastructure and may be of great value to such organizations if infrastructure capability options are considered

Misunderstandings and Misjudgments about Security: A Dialogical Narrative Analysis of Global IT Offshoring

This paper explores the patterns of technology use in a global enterprise. We use the concept of narrative networks to understand interactions between technology and organizations and the emergent implications. The paper is based on empirical work undertaken in the context of offshoring electronic medical records and billing systems from a group of US physician practices to service providers in India. Findings from our research suggest technology, represented as information security and privacy, as playing a central role in determining outcome of actions and the performances thereof. The narratives in technology in use and enactment of organizational forms display multiple third men, with features that modify the initial understandings of an agreement to implement technical systems

Equipment-as-Experience: A Heidegger-Based Position of Information Security

Information security (InfoSec) has ontologically been characterised as an order machine. The order machine connects with other machines through interrupting mechanisms. This way of portraying InfoSec focuses on the correct placement of machine entities to protect information assets. However, what is missing in this view is that for the InfoSec we experience in everyday practice, we are not just observers of the InfoSec phenomena but also active agents of it. To contribute to the quest, we draw on Heidegger’s (1962) notion of equipment and propose the concept of equipment-as-experience to understand the ontological position of InfoSec in everyday practice. In this paper we show how equipment-as-experience provides a richer picture of InfoSec as being a fundamental sociotechnical phenomena. We further contend using an example case to illustrate that InfoSec equipment should not be understood merely by its properties (present-at-hand mode), but rather in ready-to-hand mode when put into practice

Relationship alignment between small firms : an information exchange perspective on dyads

The thesis is about conceptualizing relationship alignment in small firm relationships from an information exchange perspective. The thesis has a theoretical focus but is also informed by three case studies. The thesis is based on five papers dealing with information exchange with different focus: inter-organizational information systems, information exchange patterns, social information exchange, coordination of information, concepts for relationship alignment. The context in which information exchange is examined is small firm relationships. While there are research of information technology in such context on strategic issues of IT alignment, there is still a great need to find out how the small firm relationship can be aligned from the perspective of ‘working together' with an information focus rather than technology focus. The thesis examine and criticize three sets of theoretical bodies; Social exchange theory, relational theory, and information systems theory in order to understand how relationship alignment may be articulated in a differentiated style. The main conclusion drawn from this work is that relationship alignment between small firms could be expressed by a relationship alignment conceptualization that consists of three different aspects of information exchange. The three aspects of the concept are: presence which is the social dimension of exchanging information, formality which has a transaction focus, and mediation, an information technology concept for information exchange.Godkänd; 2006; 20070912 (dan_h

Misunderstandings and Misjudgements about Security : A Dialogical Narrative Network Analysis of Global IT Offshoring

Godkänd; 2016; 20160815 (danh)</p

A review of secure emergency communications : technical and organisational aspects

In organizations responsible for emergency management there is a growing need to develop deep understanding for how communications between emergency actors can be secured and improved. In this paper we examine the current body of knowledge in the field of secure emergency communications in order understand the role of information security in the emergency context? Our study shows that while technical developments aim at effective and secure technologies, organizational aspects of emergency communications seem to involve not only emergency management actors, but also how these actors more and more utilize information technology for emergency management. Hence, the scene or landscape for emergency management is becoming more complex, which indeed challenge the way that secure emergency communications can be understood. We apply Giddens' structuration theory as a vehicle to understand the technological and organizational dimensions of emergency management. Our main conclusion is that there is a need for better theoretical integration between technology use and organizational systems in emergency management.Godkänd; 2009; 20090820 (heihar

Rethinking the information security risk practices : a critical social theory perspective

There is a lack of theoretical understanding of information security risk practices. For example, the information security risks related literatures are dominated by instrumental approach to protect the information assets. This approach, however, often fails to acknowledge the ideologies and consequences of risks practices. In this paper, through critical analysis, we suggest various perspectives to advance the understanding in this regard. In doing so, we present our argument by reviewing the security risk literature using Habermas’s concept of four orientations: instrumental, strategic, communicative and discursive. The contribution of this paper is to develop conceptual clarity of the risk related ideologies and its consequences on emancipation.Godkänd; 2014; 20130912 (devtha); Konferensartikel i tidskrift</p

Action research supported implementation of a crisis competence centre

The purpose of this paper is to describe the development of a regional crisis competence centre in Sweden. The overall research approach utilizes action research methodology to support the development process. The overall development process is divided into three steps; early need finding, the organizational platform, and business development. This paper is devoted to the first phase - early need finding - which deals with the specific needs and demand of four municipality organizations and how these requirements can be converged into a organizational setting that correspond to national crisis management strategies as well as regional responsibilities in crisis management. The research approach is action based and the theoretical considerations to support progress in development activities are from the Actor Network Theory (ANT). The main conclusion from the research is that the formation of a crisis competence centre revolves around sharing competences, and compromising between internal and external objectives in the progress towards a common goal.Godkänd; 2009; 20090321 (dan_h)</p

Genre-based assessment of information and knowledge security risks

Contemporary methods for assessing information security risks have adopted mainly technical views on the information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines how an information security risk assessment method can be elaborated using knowledge-centric analysis of information assets. For this purpose, we suggest the use of a genre-based analysis method for identifying organizational communication patterns, through which organizational knowledge is shared. Initial experiences of the method try-outs by three experienced information security professionals are discussed. The article concludes with a look at the implications of a genre-based analysis of knowledge assets for future research and practice.Godkänd; 2014; 20130915 (danh); Konferensartikel i tidskrif

The need for improved alignment between actability, strategic planning of IS and information security

The purpose of this paper is to high-light problems regarding user actability and security implementations – what are the important mechanisms that affect actability in usage situations? Alignment between actability and strategic IS-planning and security issues is of the essence. However, serious gaps in alignment have been identified concerning strategic IS-planning as well as in development or implementation of security controls, and selection and use of security standards. The analysis of the alignment gaps show that there is a need to bring in the users view on business requirements in IS, or rather what they need to be allowed to do - to be able to work efficiently.Godkänd; 2008; 20080812 (dan_h)</p