Show simple item record

dc.contributor.authorAnderson, C.
dc.contributor.authorBaskerville, Richard
dc.contributor.authorKaul, M.
dc.identifier.citationAnderson, C. and Baskerville, R. and Kaul, M. 2017. Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information. Journal of Management Information Systems. 34 (4): pp. 1082-1112.

Copyright © Taylor & Francis Group, LLC. Contemporary organizations operate in highly interconnected environments where they are frequently confronted by the challenge of balancing the protection of information resources with the need for sharing information. This tension between the expected benefits and the potential security risks inherent in the information sharing process, exists in many domains, including business, health care, law enforcement, and military—yet it is not well-understood. We propose an information security control theory to explain and manage this tension. We evaluate this theory through a longitudinal case study of the iterative development of the information security policies for a health information exchange in the western United States. Our study shows that the theory offers a good framework through which to understand the information security policy development process, and a way to reconcile the tension between information sharing and information protection. The theory has practical applicability to many business domains.

dc.publisherM E Sharpe, Inc.
dc.titleInformation Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information
dc.typeJournal Article
dcterms.source.titleJournal of Management Information Systems
curtin.departmentSchool of Management
curtin.accessStatusFulltext not available

Files in this item


There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record