Analysis of Evidences About the Relationship Between Organisational Flexibility and Information Systems Security

  • Maurizo Cavallari
Conference paper


The aim of this research is to investigate information systems security in the context of organizational issues. In doing so, we adopted a socio-organizational approach to the subject matter by investigating the interrelationship between the organization’s ability to learn, exploiting and exploring knowledge, both as prior constructs of organization’s flexibility, with respect to information systems security. ISS is often considered in literature as the issue putting constraints on organisational structure. The scope of present paper is to empirically explore previous conceptual findings as the reverse relationship: the possible effect on the level of security driven by the organization’s flexibility. This research offers to the reader empirical evidences to demonstrate the importance of organization’s flexibility as the independent variable which impacts on information system security, regarded as the dependent variable.


Security Policy Leadership Style Security Measure Contextualist Approach Exploration Learning 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Reuters, 2011,, downloaded 10th of June 2011.
  2. 2.
    Cavallari M., 2011, Organisational Constraints on Information Systems Security, in: Emerging Themes in Information Systems and Organization Studies, Carugati A., Rossignoli C. (Eds.), 1st Edition., 2011, XXVIII, 193–207 pp., Springer Physica Verlag HeidelbergCrossRefGoogle Scholar
  3. 3.
    Straub, D., Goodman, S., & Baskerville, R. (2008). Framing of Information Security Policies and Practices. In Information Security Policies, Processes, and Practices. D. Straub, S. Goodman and R. Baskerville (eds.), Armonk, NY: M. E. Sharpe.Google Scholar
  4. 4.
    Pettigrew, A.M. Context and action in the transformation of the firm. Journal of Management Studies, 1987.Google Scholar
  5. 5.
    Pettigrew, A.M. What is processual analysis? Scandinavian Journal of Management, 1997.Google Scholar
  6. 6.
    Pettigrew, A.M., Woodman, R.W. & Cameron, K.S. Studying organizational change and development: Challenges for future research. Academy of Management Journal, 2001.Google Scholar
  7. 7.
    Pettigrew, A.M. Innovative forms of organizing: Progress, performance and process. In A. Pettigrew, H. Thomas & R. Whittington (Eds), Innovative forms of organizing. London: Sage, 2003.Google Scholar
  8. 8.
    March, J.G. Exploration and exploitation in organizational learning. Organization Science, 1991.Google Scholar
  9. 9.
    Burgelman, R.A. Strategy as vector and the inertia of coevolutionary lock-in. Administrative Science Quarterly, 2002, 47.Google Scholar
  10. 10.
    Gupta, A.K., Smith, K.G. & Shalley, C.E. The interplay between exploration and exploitation. Academy of Management Journal, 2006, 49.Google Scholar
  11. 11.
    He, Z.-L. and Wong, P.-K. Exploration vs. Exploitation: An empirical test of the ambidexterity hypothesis. Organization Science, 2004, 15.Google Scholar
  12. 12.
    Benner, M.J. & Tushman, M.L. Exploitation, exploration, and process management: The productivity dilemma revisited. Academy of Management Review, 2003, 28.Google Scholar
  13. 13.
    Levitt, B. & March, J.G. Organizational learning. Annual Review of Sociology, 1988, 14.Google Scholar
  14. 14.
    Fiol, C.M. & Lyles, M.A. Organizational learning. Academy of Management Review, 1985, 10.Google Scholar
  15. 15.
    Spagnoletti P. and Resca A., 2008, The duality of Information Security Management: fighting against predictable and unpredictable threats, Journal of Information Systems Security, Vol. 4 – Issue 3, 2008.Google Scholar
  16. 16.
    Hitchings, J. (1995). Deficiencies of the Traditional Approach to Information Security and the Requirements for a New Methodology. Computers & Security (14) (pp. 377–383)CrossRefGoogle Scholar
  17. 17.
    Avison, D. & Wood-Harper, T. (2003) Bringing social and organisational issues into information systems development: the story of multiview. Socio-technical and human cognition elements of information systems. IGI Publishing Hershey, PA (pp. 5–21).Google Scholar
  18. 18.
    Mishra S. & Dhillon G. (2006) Information Systems Security Governance Research: A Behavioral Perspective. Proceedings of the 1st Annual Symposium on Information Assurance, academic track of the 9th Annual 2006 NYS Cyber Security Conference (pp. 18–26). New York, USA.Google Scholar
  19. 19.
    Dhillon, G. & Torkzadeh, G. (2006) Value-focused assessment of information systems security in organizations. Information Systems Journal (16:3) (pp. 293–314).CrossRefGoogle Scholar
  20. 20.
    Hagen, J.M., Albrechtsen, E. et al. (2008) Implementation and effectiveness of organizational information security measures. Information Management & Computer Security (16:4).Google Scholar
  21. 21.
    Åhlfeldt R.M., Spagnoletti P. and Sindre G., 2007, Improving the Information Security Model by using TFI”. In New Approaches for Security, Privacy and Trust in Complex Environments, IFIP Springer Series, Springer Boston, Volume 232/2007, pp. 73–84.Google Scholar
  22. 22.
    Carayon, P. & Smith, M. J. (2000) Work organization and ergonomics, Applied Ergonomics (31:6) (pp. 649–662).CrossRefGoogle Scholar
  23. 23.
    Gordon, A. L., Loeb, P. M.,Lucyshyn, W. et al. (2005) CSI/FBI computer crime and security survey. Computer Security Institute. downloaded: FBI2005.pdf on November, 23rd 2007
  24. 24.
    Mullins, L. J. (2007) Management and organisational behaviour. FT Prentice Hall.Google Scholar
  25. 25.
    Karyda, M., Kiountouzis, E. et al. (2005) Information systems security policies: a contextual perspective. Computers & Security (24:3), pp. 246–260.CrossRefGoogle Scholar
  26. 26.
    Warkentin, M. & Johnston, A. C. (2006) IT governance and organizational design for security management, chapter 3. In Baskerville, R., Goodman S., and Straub, D. W. (Eds.). Information Security Policies and Practices. M.E. Sharpe.Google Scholar
  27. 27.
    Taylor, P. (2004) A Wake Up Call to All Information Security and Audit Executives: Become Business-Relevant. Information Systems Control Journal (1:14) (pp.123–135).Google Scholar
  28. 28.
    Spagnoletti P., Albano V., Caccetta E., Tarquini R., D’Atri A., 2011, Supporting policy definition in the e-health domain: a QCA based method, HEALTHINF – International Conference on Health Informatics, 26–29 January, Roma, Italy.Google Scholar
  29. 29.
    Stacey, R.D. Complex responsive processes in organizations: Learning and knowledge creation. London: Routledge, 2001.Google Scholar
  30. 30.
    Pagell, M., and Krause, D.R. Re-exploring the relationship between flexibility and the external environment. Journal of Operations Management, 21, 6, 2004.Google Scholar
  31. 31.
    Winter, S.G. Understanding dynamic capabilities. Strategic Management Journal, 2003, 24.Google Scholar
  32. 32.
    Beach, R.; Muhlemann, A.P.; Price, D.H.R.; Paterson, A.; and Sharp, J.A. A review of manufacturing flexibility. European Journal of Operational Research, 122, 1, 2000.Google Scholar
  33. 33.
    Zhang, Q.; Vonderembse, M.A.; and Lim, J.S. Manufacturing flexibility: Defining and analyzing relationships among competence, capability, and customer satisfaction. Journal of Operations Management, 21, 2, 2003.Google Scholar
  34. 34.
    Braccini A. M. and Spagnoletti P., 2008, Business Models and e-services: an ontological approach in a cross-border environment, in D’Atri, A., De Marco, M., Casalino, N. Eds., Interdisciplinary Aspects of Information Systems Studies, Springer, GermanyGoogle Scholar
  35. 35.
    Vaidyanathan, G. & Mautone. S. (2009) Security in dynamic web content management systems applications. Communications of the ACM (52:12).Google Scholar
  36. 36.
    Wright, P. & Snell, S. (1998) Toward a Unifying Framework for Exploring Fit and Flexibility in Strategic Human Resource Management. The Academy of Management Review, 23:4.Google Scholar
  37. 37.
    Hair, J.F., Anderson, R.E., Tatham, R.L. and Black, W.C. Multivariate Data Analysis (4th ed.). Englewood Cliffs, NJ: Prentice-Hall, 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Università Cattolica – Milano (I)MilanoItaly

Personalised recommendations