International Perspectives for Cybersecurity
Permanent URI for this collection
Browse
Recent Submissions
Item Introduction to the Minitrack on International Perspectives for Cybersecurity(2023-01-03) Calandro, Enrico; Axon, Louise; Rudolph, Carsten; Chigona, WallaceItem Conflict Resolution in an ISO/IEC 27001 Standard Implementation: A Contradiction Management Perspective(2023-01-03) Soliman, Wael; Ojalainen, AnniinaThe ISO/IEC 27001 standard provides organizations with guidelines to help them evaluate, document, and improve their information security processes. In practice, however, the generality of the standard can create a conflict between its requirements and the adopters’ expectations. To better understand how an organization manages such conflicts, we conduct a case study in a Finnish corporation during the standard’s implementation in one of its units. Two critical conflicts emerged: Conflict I reflects a tension between the standard requirement for disciplinary measures vis-à-vis the organization’s punishment-averse culture. Conflict II reflects a tension between the organization’s aspiration for concrete code reviewing instructions vis-à-vis the lack thereof in the standard. Our findings reveal that whereas the conflict resolution process was similar in managing both conflicts, their content was radically different. Specifically, whereas conflict I’s resolution was paradoxical, conflict II’s resolution was dialectical. We discuss the theoretical and practical implications of our findings.