Conflict Resolution in an ISO/IEC 27001 Standard Implementation: A Contradiction Management Perspective Soliman, Wael Ojalainen, Anniina 2022-12-27T19:15:22Z 2022-12-27T19:15:22Z 2023-01-03
dc.description.abstract The ISO/IEC 27001 standard provides organizations with guidelines to help them evaluate, document, and improve their information security processes. In practice, however, the generality of the standard can create a conflict between its requirements and the adopters’ expectations. To better understand how an organization manages such conflicts, we conduct a case study in a Finnish corporation during the standard’s implementation in one of its units. Two critical conflicts emerged: Conflict I reflects a tension between the standard requirement for disciplinary measures vis-à-vis the organization’s punishment-averse culture. Conflict II reflects a tension between the organization’s aspiration for concrete code reviewing instructions vis-à-vis the lack thereof in the standard. Our findings reveal that whereas the conflict resolution process was similar in managing both conflicts, their content was radically different. Specifically, whereas conflict I’s resolution was paradoxical, conflict II’s resolution was dialectical. We discuss the theoretical and practical implications of our findings.
dc.format.extent 10
dc.identifier.doi 10.24251/HICSS.2023.590
dc.identifier.isbn 978-0-9981331-6-4
dc.language.iso eng
dc.relation.ispartof Proceedings of the 56th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.subject International Perspectives for Cybersecurity
dc.subject conflict resolution
dc.subject contextualism
dc.subject dialectics
dc.subject iso/iec 27001
dc.subject paradox
dc.title Conflict Resolution in an ISO/IEC 27001 Standard Implementation: A Contradiction Management Perspective
dc.type.dcmi text
prism.startingpage 4839
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
407.61 KB
Adobe Portable Document Format