Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Conceptualizing the role of IS security compliance in projects of digital transformation
T2 - 40th International Conference on Information Systems, ICIS 2019
AU - Raza, Hassan
AU - Baptista, Joao
AU - Constantinides, Panos
N1 - Publisher Copyright: © 40th International Conference on Information Systems, ICIS 2019. All rights reserved.
PY - 2019/12/15
Y1 - 2019/12/15
N2 - Research shows that information systems security operates between two main distinct functioning modes, either prevention before a security incident occurs, or response which follows from an incident, usually external to the organisation. In this paper, we argue that this shift between prevention and response modes also happens due to inherent internal tensions created between pressures for digital transformation and the established forces for security compliance. We show how a digital transformation project introduced a security incident and challenged the IS security compliance function, a process that reflected these two approaches to IS security in organizations. We conduct a participatory observation study of the implementation of Robotic Process Automation (RPA) in a financial services organization. We examine the shift from prevention to response in this project and identify generative drivers of digital transformation, and drivers of IS security compliance. Our analysis leads to the development of a process model that explains how organizations move from prevention to response when faced with tensions between IS security compliance and digital transformation.
AB - Research shows that information systems security operates between two main distinct functioning modes, either prevention before a security incident occurs, or response which follows from an incident, usually external to the organisation. In this paper, we argue that this shift between prevention and response modes also happens due to inherent internal tensions created between pressures for digital transformation and the established forces for security compliance. We show how a digital transformation project introduced a security incident and challenged the IS security compliance function, a process that reflected these two approaches to IS security in organizations. We conduct a participatory observation study of the implementation of Robotic Process Automation (RPA) in a financial services organization. We examine the shift from prevention to response in this project and identify generative drivers of digital transformation, and drivers of IS security compliance. Our analysis leads to the development of a process model that explains how organizations move from prevention to response when faced with tensions between IS security compliance and digital transformation.
KW - Digital Innovation
KW - Digital Transformation
KW - IS Security Compliance
M3 - Conference contribution/Paper
AN - SCOPUS:85099320895
T3 - 40th International Conference on Information Systems, ICIS 2019
BT - 40th International Conference on Information Systems, ICIS 2019
PB - Association for Information Systems
Y2 - 15 December 2019 through 18 December 2019
ER -