Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information
Copyright © Taylor & Francis Group, LLC. Contemporary organizations operate in highly interconnected environments where they are frequently confronted by the challenge of balancing the protection of information resources with the need for sharing information. This tension between the expected...
| Main Authors: | , , |
|---|---|
| Format: | Journal Article |
| Published: |
M E Sharpe, Inc.
2017
|
| Online Access: | http://hdl.handle.net/20.500.11937/62286 |
| _version_ | 1848760823223156736 |
|---|---|
| author | Anderson, C. Baskerville, Richard Kaul, M. |
| author_facet | Anderson, C. Baskerville, Richard Kaul, M. |
| author_sort | Anderson, C. |
| building | Curtin Institutional Repository |
| collection | Online Access |
| description | Copyright © Taylor & Francis Group, LLC. Contemporary organizations operate in highly interconnected environments where they are frequently confronted by the challenge of balancing the protection of information resources with the need for sharing information. This tension between the expected benefits and the potential security risks inherent in the information sharing process, exists in many domains, including business, health care, law enforcement, and military—yet it is not well-understood. We propose an information security control theory to explain and manage this tension. We evaluate this theory through a longitudinal case study of the iterative development of the information security policies for a health information exchange in the western United States. Our study shows that the theory offers a good framework through which to understand the information security policy development process, and a way to reconcile the tension between information sharing and information protection. The theory has practical applicability to many business domains. |
| first_indexed | 2025-11-14T10:21:54Z |
| format | Journal Article |
| id | curtin-20.500.11937-62286 |
| institution | Curtin University Malaysia |
| institution_category | Local University |
| last_indexed | 2025-11-14T10:21:54Z |
| publishDate | 2017 |
| publisher | M E Sharpe, Inc. |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | curtin-20.500.11937-622862018-02-01T05:56:15Z Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information Anderson, C. Baskerville, Richard Kaul, M. Copyright © Taylor & Francis Group, LLC. Contemporary organizations operate in highly interconnected environments where they are frequently confronted by the challenge of balancing the protection of information resources with the need for sharing information. This tension between the expected benefits and the potential security risks inherent in the information sharing process, exists in many domains, including business, health care, law enforcement, and military—yet it is not well-understood. We propose an information security control theory to explain and manage this tension. We evaluate this theory through a longitudinal case study of the iterative development of the information security policies for a health information exchange in the western United States. Our study shows that the theory offers a good framework through which to understand the information security policy development process, and a way to reconcile the tension between information sharing and information protection. The theory has practical applicability to many business domains. 2017 Journal Article http://hdl.handle.net/20.500.11937/62286 10.1080/07421222.2017.1394063 M E Sharpe, Inc. restricted |
| spellingShingle | Anderson, C. Baskerville, Richard Kaul, M. Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information |
| title | Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information |
| title_full | Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information |
| title_fullStr | Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information |
| title_full_unstemmed | Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information |
| title_short | Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information |
| title_sort | information security control theory: achieving a sustainable reconciliation between sharing and protecting the privacy of information |
| url | http://hdl.handle.net/20.500.11937/62286 |