{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T20:56:06Z","timestamp":1780433766227,"version":"3.54.1"},"reference-count":94,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2015,8,1]],"date-time":"2015-08-01T00:00:00Z","timestamp":1438387200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["AI &amp; Soc"],"published-print":{"date-parts":[[2016,8]]},"DOI":"10.1007\/s00146-015-0597-4","type":"journal-article","created":{"date-parts":[[2015,7,31]],"date-time":"2015-07-31T12:20:01Z","timestamp":1438345201000},"page":"347-359","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Technologist engagement with risk management practices during systems development? Approaches, effectiveness and challenges"],"prefix":"10.1007","volume":"31","author":[{"given":"John","family":"Organ","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Larry","family":"Stapleton","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2015,8,1]]},"reference":[{"issue":"1","key":"597_CR1","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1016\/j.ijinfomgt.2011.07.002","volume":"32","author":"S Alhawari","year":"2012","unstructured":"Alhawari S, Karadsheh L, Nehari Talet A, Mansour E (2012) Knowledge-based risk management framework for information technology project. Int J Inf Manage 32(1):50\u201365","journal-title":"Int J Inf Manage"},{"issue":"1\u20132","key":"597_CR2","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/j.cose.2008.03.002","volume":"27","author":"EE Anderson","year":"2008","unstructured":"Anderson EE, Choobineh J (2008) Enterprise information security strategies. Comput Secur 27(1\u20132):22\u201329","journal-title":"Comput Secur"},{"issue":"6","key":"597_CR3","doi-asserted-by":"crossref","first-page":"452","DOI":"10.1108\/00251749710173823","volume":"35","author":"SH Appelbaum","year":"1997","unstructured":"Appelbaum SH (1997) Socio-technical systems theory: an intervention strategy for organizational development. Manag Decis 35(6):452\u2013463","journal-title":"Manag Decis"},{"issue":"1\u20132","key":"597_CR4","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1016\/j.techsoc.2011.03.006","volume":"33","author":"K Ardalan","year":"2011","unstructured":"Ardalan K (2011) Globalization and information technology: four paradigmatic views. Technol Soc 33(1\u20132):59\u201372","journal-title":"Technol Soc"},{"issue":"4","key":"597_CR5","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1016\/j.istr.2008.10.006","volume":"13","author":"D Ashenden","year":"2008","unstructured":"Ashenden D (2008) Information security management: a human challenge? Inf Secur Tech Rep 13(4):195\u2013201","journal-title":"Inf Secur Tech Rep"},{"key":"597_CR6","doi-asserted-by":"crossref","first-page":"136","DOI":"10.1016\/j.ress.2013.02.020","volume":"115","author":"T Aven","year":"2013","unstructured":"Aven T (2013) Practical implications of the new risk perspectives. Reliab Eng Syst Saf 115:136\u2013145","journal-title":"Reliab Eng Syst Saf"},{"key":"597_CR7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ress.2013.07.005","volume":"121","author":"T Aven","year":"2014","unstructured":"Aven T, Krohn BS (2014) A new perspective on how to understand, assess and manage risk and the unforeseen. Reliab Eng Syst Saf 121:1\u201310","journal-title":"Reliab Eng Syst Saf"},{"issue":"6","key":"597_CR9","doi-asserted-by":"crossref","first-page":"775","DOI":"10.1016\/0005-1098(83)90046-8","volume":"19","author":"L Bainbridge","year":"1983","unstructured":"Bainbridge L (1983) Ironies of automation. Automatica 19(6):775\u2013779","journal-title":"Automatica"},{"issue":"5","key":"597_CR10","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1108\/00251749910274216","volume":"37","author":"K Bandyopadhyay","year":"1999","unstructured":"Bandyopadhyay K, Mykytyn PP, Mykytyn K (1999) A framework for integrated risk management in information technology. Manag Decis 37(5):437\u2013444","journal-title":"Manag Decis"},{"issue":"1\u20132","key":"597_CR11","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1016\/S0164-1212(02)00155-3","volume":"70","author":"M d O Barros","year":"2004","unstructured":"Barros M d O, Werner CML, Travassos GH (2004) Supporting risks in software project management. J Syst Softw 70(1\u20132):21\u201335","journal-title":"J Syst Softw"},{"issue":"1","key":"597_CR12","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1016\/j.intcom.2010.07.003","volume":"23","author":"G Baxter","year":"2011","unstructured":"Baxter G, Sommerville I (2011) Socio-technical systems: from design methods to systems engineering. Interact Comput 23(1):4\u201317","journal-title":"Interact Comput"},{"issue":"2","key":"597_CR13","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1016\/S0951-8320(01)00015-1","volume":"72","author":"RB Belzer","year":"2001","unstructured":"Belzer RB (2001) Getting beyond \u2018grin and bear it\u2019 in the practice of risk management. Reliab Eng Syst Saf 72(2):137\u2013148","journal-title":"Reliab Eng Syst Saf"},{"key":"597_CR14","volume-title":"Critical risk research: practices, politics and ethics","author":"LJ Bracken","year":"2012","unstructured":"Bracken LJ (2012) Practices of doing interdisciplinary risk-research: communication, framing and reframing. In: Kearnes MB, Klauser FR, Lane SN (eds) Critical risk research: practices, politics and ethics. Wiley-Blackwell, Hoboken"},{"key":"597_CR15","doi-asserted-by":"crossref","first-page":"263","DOI":"10.4018\/978-1-4666-1782-7.ch018","volume-title":"Systems approaches to knowledge management, transfer, and resource development","author":"M Brownsword","year":"2012","unstructured":"Brownsword M, Setchi R (2012) A formalised approach to the management of risk: a conceptual framework and ontology. In: Lee WB (ed) Systems approaches to knowledge management, transfer, and resource development. IGI Global, Hershey, PA, pp 263\u2013285"},{"key":"597_CR16","volume-title":"Sociological paradigms and organisational analysis: elements of the sociology of corporate life","author":"G Burrell","year":"1979","unstructured":"Burrell G, Morgan G (1979) Sociological paradigms and organisational analysis: elements of the sociology of corporate life. Heinemann Educational Books Ltd, Hants"},{"issue":"5","key":"597_CR17","doi-asserted-by":"crossref","first-page":"436","DOI":"10.1108\/09696470710762655","volume":"14","author":"A Cartelli","year":"2007","unstructured":"Cartelli A (2007) ICT and knowledge construction: towards new features for the socio-technical approach. Learning Organization 14(5):436\u2013449","journal-title":"Learning Organization"},{"key":"597_CR18","volume-title":"Simple tools and techniques for enterprise risk management","author":"RJ Chapman","year":"2011","unstructured":"Chapman RJ (2011) Simple tools and techniques for enterprise risk management, 2nd edn. Wiley, Hoboken","edition":"2"},{"key":"597_CR19","volume-title":"Systems thinking, systems practice","author":"P Checkland","year":"1993","unstructured":"Checkland P (1993) Systems thinking, systems practice. Wiley, Chichester"},{"issue":"1","key":"597_CR20","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1002\/1099-1743(200011)17:1+<::AID-SRES374>3.0.CO;2-O","volume":"17","author":"P Checkland","year":"2000","unstructured":"Checkland P (2000) Soft systems methodology: a thirty year retrospective. Syst Res Behav Sci 17(1):11\u201358","journal-title":"Syst Res Behav Sci"},{"key":"597_CR21","volume-title":"Learning for action: a short definitive account of soft systems methodology and it use practitioners, teachers and students","author":"P Checkland","year":"2006","unstructured":"Checkland P, Poulter J (2006) Learning for action: a short definitive account of soft systems methodology and it use practitioners, teachers and students. Wiley, Chichester"},{"key":"597_CR22","volume-title":"Soft systems methodology in action","author":"P Checkland","year":"1990","unstructured":"Checkland P, Scholes J (1990) Soft systems methodology in action. Wiley, Chichester"},{"key":"597_CR23","volume-title":"Soft systems methodology in action: 30 year retrospective","author":"P Checkland","year":"1999","unstructured":"Checkland P, Scholes J (1999) Soft systems methodology in action: 30 year retrospective. Wiley, Chichester"},{"issue":"20","key":"597_CR24","first-page":"958","volume":"20","author":"J Choobineh","year":"2007","unstructured":"Choobineh J, Dhillion G, Grimaila MR, Rees J (2007) Management of information security: challenges and research directions. Commun Asssoc Inf Syst 20(20):958\u2013971","journal-title":"Commun Asssoc Inf Syst"},{"key":"597_CR25","volume-title":"The labyrinths of information: challenging the wisdom of systems","author":"C Ciborra","year":"2002","unstructured":"Ciborra C (2002) The labyrinths of information: challenging the wisdom of systems. Oxford University Press, Oxford"},{"key":"597_CR26","first-page":"23","volume-title":"Risk, complexity and ICT","author":"C Ciborra","year":"2007","unstructured":"Ciborra C (2007) Digital technologies and risk: a critical review. In: Hanseth O, Ciborra C (eds) Risk, complexity and ICT. Edward Elgar, Cheltenham, pp 23\u201346"},{"issue":"Supplement 1(0)","key":"597_CR27","doi-asserted-by":"crossref","first-page":"S98","DOI":"10.1016\/j.ijmedinf.2006.05.026","volume":"76","author":"E Coiera","year":"2007","unstructured":"Coiera E (2007) Putting the technical back into socio-technical systems research. Int J Med Inf 76(Supplement 1(0)):S98\u2013S103","journal-title":"Int J Med Inf"},{"issue":"4","key":"597_CR28","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1016\/j.istr.2010.04.005","volume":"14","author":"L Coles-Kemp","year":"2009","unstructured":"Coles-Kemp L (2009) Information security management: an entangled research challenge. Inf Secur Tech Rep 14(4):181\u2013185","journal-title":"Inf Secur Tech Rep"},{"issue":"1","key":"597_CR29","doi-asserted-by":"crossref","first-page":"1","DOI":"10.2307\/41410403","volume":"36","author":"P Constantinides","year":"2012","unstructured":"Constantinides P, Chiasson MW, Introna LD (2012) The ends of information systems research: a pragmatic framework. MIS Q 36(1):1\u201310","journal-title":"MIS Q"},{"issue":"2","key":"597_CR30","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1002\/sres.822","volume":"24","author":"SC Cook","year":"2007","unstructured":"Cook SC, Ferris TLJ (2007) Re-evaluating systems engineering as a framework for tackling systems issues. Syst Res Behav Sci 24(2):169\u2013181","journal-title":"Syst Res Behav Sci"},{"issue":"6","key":"597_CR31","doi-asserted-by":"crossref","first-page":"538","DOI":"10.1108\/01435120810894545","volume":"29","author":"R Delbridge","year":"2008","unstructured":"Delbridge R (2008) An illustrative application of soft systems methodology (SSM) in a library and information service context: process and outcome. Library Manag 29(6):538\u2013555","journal-title":"Library Manag"},{"issue":"6","key":"597_CR32","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1108\/01435120710774459","volume":"28","author":"R Delbridge","year":"2007","unstructured":"Delbridge R, Fisher S (2007) The use of soft systems methodology (SSM) in the management of library and information services: a review. Library Manag 28(6):306\u2013322","journal-title":"Library Manag"},{"key":"597_CR33","unstructured":"Dhillion GS (1995) Interpreting the management of information systems security. Unpublished thesis. The London School of Economics and Political Science"},{"issue":"2","key":"597_CR34","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1046\/j.1365-2575.2001.00099.x","volume":"11","author":"G Dhillion","year":"2001","unstructured":"Dhillion G, Backhouse J (2001) Current directions in IS security research: towards socio-organizational perspectives. Inf Syst J 11(2):127\u2013153","journal-title":"Inf Syst J"},{"issue":"3","key":"597_CR35","doi-asserted-by":"crossref","first-page":"234","DOI":"10.1016\/S0167-4048(00)88612-5","volume":"19","author":"T Finne","year":"2000","unstructured":"Finne T (2000) Information systems risk management: key concepts and business processes. Comput Secur 19(3):234\u2013242","journal-title":"Comput Secur"},{"issue":"8","key":"597_CR36","doi-asserted-by":"crossref","first-page":"983","DOI":"10.1016\/j.cose.2012.08.004","volume":"31","author":"S Furnell","year":"2012","unstructured":"Furnell S, Clarke N (2012) \u2018Power to the people? The evolving recognition of human aspects of security. Comput Secur 31(8):983\u2013988","journal-title":"Comput Secur"},{"issue":"1","key":"597_CR37","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.cose.2004.11.002","volume":"24","author":"M Gerber","year":"2005","unstructured":"Gerber M, von Solms R (2005) Management of risk in the information age. Comput Secur 24(1):16\u201330","journal-title":"Comput Secur"},{"key":"597_CR38","doi-asserted-by":"crossref","first-page":"1499","DOI":"10.1016\/j.procs.2011.01.039","volume":"3","author":"V Ghaffarian","year":"2011","unstructured":"Ghaffarian V (2011) The new stream of socio-technical approach and main stream information systems research. Proc Comput Sci 3:1499\u20131511","journal-title":"Proc Comput Sci"},{"key":"597_CR39","doi-asserted-by":"crossref","unstructured":"Gill KS (2012) Human machine symbiotics: on control and automation in human contexts. In: Proceedings of the international federation of automation and control international conference on international stability and systems engineering. Elsevier, Waterford, pp 91\u201396","DOI":"10.3182\/20120611-3-IE-4029.00019"},{"issue":"3","key":"597_CR40","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1016\/S0305-0483(99)00042-0","volume":"28","author":"T Goles","year":"2000","unstructured":"Goles T, Hirschheim R (2000) The paradigm is dead, the paradigm is dead\u2026long live the paradigm: the legacy of Burrell and Morgan. Omega 28(3):249\u2013268","journal-title":"Omega"},{"key":"597_CR41","doi-asserted-by":"crossref","unstructured":"Greer D, Bustard DW (1996) Towards an evolutionary software delivery strategy based on soft systems and risk analysis. In: Proceedings of the IEEE International symposium and workshop on engineering of computer based systems. IEEE Computer Society Press, Friedrichshafen, pp 126\u2013133","DOI":"10.1109\/ECBS.1996.494520"},{"issue":"1","key":"597_CR42","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1108\/09685229610114178","volume":"4","author":"S Halliday","year":"1996","unstructured":"Halliday S, Badenhorst K, von Solms R (1996) A business approach to effective information technology risk analysis and management. Inf Manag Comput Secur 4(1):19\u201331","journal-title":"Inf Manag Comput Secur"},{"key":"597_CR43","doi-asserted-by":"crossref","first-page":"75","DOI":"10.4337\/9781847207005","volume-title":"Complexity, risk and ICT","author":"O Hanseth","year":"2007","unstructured":"Hanseth O (2007) Complexity and Risk. In: Hanseth O, Ciborra C (eds) Complexity, risk and ICT. Edward Elgar, Cheltenham, pp 75\u201396"},{"issue":"3","key":"597_CR44","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1016\/S0263-7863(01)00074-6","volume":"20","author":"D Hillson","year":"2002","unstructured":"Hillson D (2002) Extending the risk process to manage opportunities. Int J Proj Manage 20(3):235\u2013240","journal-title":"Int J Proj Manage"},{"key":"597_CR45","doi-asserted-by":"crossref","unstructured":"Holten R, Dreiling A, Becker J (2005) Ontology-driven method engineering for information systems development. In: Green P, Rosemann M (eds) Business systems analysis with ontologies. IGI Global, Hershey, PA, pp 174\u2013217","DOI":"10.4018\/978-1-59140-339-5.ch007"},{"issue":"1","key":"597_CR46","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1108\/09593840510584621","volume":"18","author":"K Horton","year":"2005","unstructured":"Horton K, Davenport E, Wood-Harper T (2005) Exploring sociotechnical interaction with Rob Kling: five \u201cbig\u201d ideas. Inf Technol People 18(1):50\u201367","journal-title":"Inf Technol People"},{"key":"597_CR47","volume-title":"The failure of risk management: why it\u2019s broken and how to fix it","author":"D Hubbard","year":"2005","unstructured":"Hubbard D (2005) The failure of risk management: why it\u2019s broken and how to fix it. Wiley, New Jersey"},{"key":"597_CR48","volume-title":"Risk management for computer security: protecting your network and information assets","author":"A Jones","year":"2005","unstructured":"Jones A, Ashenden D (2005) Risk management for computer security: protecting your network and information assets, 1st edn. Butterworth-Heinemann, Amsterdam","edition":"1"},{"issue":"2","key":"597_CR49","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.cose.2004.07.004","volume":"24","author":"B Karabacak","year":"2005","unstructured":"Karabacak B, Sogukpinar I (2005) ISRAM: information security risk analysis method. Comput Secur 24(2):147\u2013159","journal-title":"Comput Secur"},{"key":"597_CR50","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1002\/9781119962748.ch7","volume-title":"Critical risk research: practices, politics and ethics","author":"MB Kearnes","year":"2012","unstructured":"Kearnes MB (2012) Technologies of risk and responsibility: attesting to the truth of novel things. In: Kearnes MB, Klauser FR, Lane SN (eds) Critical risk research: practices, politics and ethics. Wiley-Blackwell, Hoboken, pp 125\u2013147"},{"issue":"2","key":"597_CR51","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1016\/S0164-1212(00)00010-8","volume":"53","author":"M Keil","year":"2000","unstructured":"Keil M, Wallace L, Turk D, Dixon-Randall G, Nulden U (2000) An investigation of risk perception and risk propensity on the decision to continue a software development project. J Syst Softw 53(2):145\u2013157","journal-title":"J Syst Softw"},{"key":"597_CR52","doi-asserted-by":"crossref","first-page":"856","DOI":"10.1057\/palgrave.jors.2602147","volume":"57","author":"K Kotiadis","year":"2006","unstructured":"Kotiadis K, Mingers J (2006) Combining PSMs with hard OR methods: the philosophical and practical challenges. J Oper Res Soc 57:856\u2013867","journal-title":"J Oper Res Soc"},{"key":"597_CR53","doi-asserted-by":"crossref","DOI":"10.7208\/chicago\/9780226458106.001.0001","volume-title":"The structure of scientific revolutions","author":"T Kuhn","year":"1996","unstructured":"Kuhn T (1996) The structure of scientific revolutions. University of Chicago Press, Chicago"},{"issue":"5","key":"597_CR54","doi-asserted-by":"crossref","first-page":"528","DOI":"10.1145\/78607.78613","volume":"33","author":"K Kumar","year":"1990","unstructured":"Kumar K, Bjorn-Andersen N (1990) A cross-cultural comparison of IS designer values. Commun ACM 33(5):528\u2013538","journal-title":"Commun ACM"},{"issue":"6","key":"597_CR55","doi-asserted-by":"crossref","first-page":"637","DOI":"10.1057\/ejis.2012.6","volume":"22","author":"E Kutsch","year":"2013","unstructured":"Kutsch E, Denyer D, Hall M, Lee-Kelley E (2013) Does risk matter? Disengagement from risk management practices in information systems projects. Eur J Inf Syst 22(6):637\u2013649","journal-title":"Eur J Inf Syst"},{"key":"597_CR56","volume-title":"Managing the human factor in information security: how to win over staff and influence business managers","author":"D Lacey","year":"2009","unstructured":"Lacey D (2009) Managing the human factor in information security: how to win over staff and influence business managers. Wiley, Hoboken"},{"key":"597_CR57","first-page":"1","volume-title":"Critical risk research: practices, politics and ethics","author":"SN Lane","year":"2012","unstructured":"Lane SN, Klauser FR, Kearnes MB (2012) Introduction: risk research after Fukushima. In: Kearnes MB, Klauser FR, Lane SN (eds) Critical risk research: practices, politics and ethics. Wiley-Blackwell, Hoboken, pp 1\u201320"},{"issue":"1","key":"597_CR58","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1002\/sys.20194","volume":"15","author":"R Lock","year":"2012","unstructured":"Lock R (2012) Developing a methodology to support the evolution of System of Systems using risk analysis. Syst Eng 15(1):62\u201373","journal-title":"Syst Eng"},{"issue":"6","key":"597_CR59","doi-asserted-by":"crossref","first-page":"673","DOI":"10.1111\/j.1475-3995.2000.tb00224.x","volume":"7","author":"J Mingers","year":"2000","unstructured":"Mingers J (2000) Variety is the spice of life: combining soft and hard OR\/MS methods. Int Trans Oper Res 7(6):673\u2013691","journal-title":"Int Trans Oper Res"},{"issue":"5","key":"597_CR60","doi-asserted-by":"crossref","first-page":"489","DOI":"10.1016\/S0305-0483(97)00018-2","volume":"25","author":"J Mingers","year":"1997","unstructured":"Mingers J, Brocklesby J (1997) Multimethodology: towards a framework for mixing methodologies. Omega 25(5):489\u2013509","journal-title":"Omega"},{"issue":"3","key":"597_CR61","doi-asserted-by":"crossref","first-page":"795","DOI":"10.25300\/MISQ\/2013\/37:3.3","volume":"37","author":"J Mingers","year":"2013","unstructured":"Mingers J, Mutch A, Willcocks L (2013) Critical realism in information systems research. MIS Q 37(3):795\u2013802","journal-title":"MIS Q"},{"key":"597_CR62","volume-title":"Lessons from the global financial crisis: the relevance of Adam Smith on morality and free markets","author":"R Morgan","year":"2010","unstructured":"Morgan R (2010) Lessons from the global financial crisis: the relevance of Adam Smith on morality and free markets. Taylor Trade Publishing, Plymouth"},{"issue":"8","key":"597_CR63","doi-asserted-by":"crossref","first-page":"609","DOI":"10.1016\/j.is.2004.06.002","volume":"30","author":"H Mouratidis","year":"2005","unstructured":"Mouratidis H, Giorgini P, Manson G (2005) When security meets software engineering: a case of modelling secure information systems. J Inf Syst 30(8):609\u2013629","journal-title":"J Inf Syst"},{"issue":"2","key":"597_CR64","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1007\/PL00010345","volume":"5","author":"E Mumford","year":"2000","unstructured":"Mumford E (2000) A socio-technical approach to systems design. Requir Eng 5(2):125\u2013133","journal-title":"Requir Eng"},{"issue":"4","key":"597_CR65","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1111\/j.1365-2575.2006.00221.x","volume":"16","author":"E Mumford","year":"2006","unstructured":"Mumford E (2006) The story of socio-technical design: reflections on its successes, failures and potential. Inf Syst J 16(4):317\u2013342","journal-title":"Inf Syst J"},{"key":"597_CR66","unstructured":"Nabende P, Ahimbisibwe B, Lubega JT (2009) Relationship between information systems development paradigms and methods. In: Kizza JM, Lynch K, Ravi N, Aisbett J, Phoha Vir (eds) Special topics in computing and ICT research: strengthening the role of ICT in development, pp 75\u201384"},{"issue":"2","key":"597_CR67","doi-asserted-by":"crossref","first-page":"176","DOI":"10.1108\/09593849910267224","volume":"12","author":"J Nandhakumar","year":"1999","unstructured":"Nandhakumar J, Avison DE (1999) The fiction of methodological development: a field study of information systems development. Inf Technol People 12(2):176\u2013191","journal-title":"Inf Technol People"},{"issue":"6","key":"597_CR68","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1108\/02756660510700618","volume":"26","author":"GE Olson","year":"2005","unstructured":"Olson GE (2005) Strategically managing risk in the information age: a holistic approach. J Bus Strategy 26(6):45\u201354","journal-title":"J Bus Strategy"},{"key":"597_CR69","doi-asserted-by":"crossref","unstructured":"Organ J, Stapleton L (2012) Information systems risk through a socio-technical lens: future directions in systems risk research. In: Proceedings of the international federation of automation and control international conference on international stability and systems engineering. Waterford, Elsevier, pp 138\u2013143","DOI":"10.3182\/20120611-3-IE-4029.00027"},{"key":"597_CR70","doi-asserted-by":"crossref","unstructured":"Organ J, Stapleton L (2013) Information systems risk paradigms: towards a new theory on systems risk. In: Proceedings of the international federation of automation and control international conference on international stability, technology and culture. Elsevier, Prishtina, Kosova, pp 116\u2013121","DOI":"10.3182\/20130606-3-XK-4037.00045"},{"issue":"1","key":"597_CR71","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1108\/17465680910932441","volume":"4","author":"P Pelzer","year":"2009","unstructured":"Pelzer P (2009) The displaced world of risk: risk management as alienated risk (perception?). Soc Bus Rev 4(1):26\u201336","journal-title":"Soc Bus Rev"},{"key":"597_CR72","volume-title":"Normal accidents: living with high-risk technologies","author":"C Perrow","year":"1999","unstructured":"Perrow C (1999) Normal accidents: living with high-risk technologies. Princeton University Press, Princeton"},{"issue":"3","key":"597_CR73","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1016\/S0164-1212(00)00017-0","volume":"53","author":"SL Pfleeger","year":"2000","unstructured":"Pfleeger SL (2000) Risky business: what we have yet to learn about risk management. J Syst Softw 53(3):265\u2013273","journal-title":"J Syst Softw"},{"issue":"4","key":"597_CR74","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1108\/02635579510086698","volume":"95","author":"A Platt","year":"1995","unstructured":"Platt A, Warwick S (1995) Review of soft systems methodology. Ind Manag Data Syst 95(4):19\u201321","journal-title":"Ind Manag Data Syst"},{"key":"597_CR76","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4020-6799-0","volume-title":"Risk governance: coping with uncertainty in a complex world","author":"O Renn","year":"2008","unstructured":"Renn O (2008) Risk governance: coping with uncertainty in a complex world. Routledge, London"},{"key":"597_CR78","volume-title":"Organisational security requirements: an agile approach to ubiquitous information security","author":"AB Ruighaver","year":"2008","unstructured":"Ruighaver AB (2008) Organisational security requirements: an agile approach to ubiquitous information security. Edith Cowan University, Perth"},{"key":"597_CR79","unstructured":"Shedden P, Smith W, Ahmad A (2010) Information security risk assessment: towards a business practice perspective. In: Proceedings of the 8th Australian information security management conference. Edith Cowan University, Perth, Western Australia, pp 119\u2013130"},{"issue":"2","key":"597_CR80","first-page":"29","volume":"14","author":"AS Sherer","year":"2004","unstructured":"Sherer AS, Alter S (2004) Information systems risks and risks factors: Are they mostly about information systems? Commun Assoc Inf Syst 14(2):29\u201364","journal-title":"Commun Assoc Inf Syst"},{"key":"597_CR81","doi-asserted-by":"crossref","unstructured":"Siponen M (2001) A paradigmatic analysis of conventional approaches for developing and managing secure IS. In: Proceedings of the 16th international conference on information security: trusted information: the new decade challenge. Kluwer Academic Publishers, Paris, France, pp 437\u2013452","DOI":"10.1007\/0-306-46998-7_30"},{"key":"597_CR82","unstructured":"Siponen M (2002) Designing secure information systems and software: critical evaluation of the existing approaches and a new paradigm. Unpublished thesis. University of Oulu"},{"issue":"4","key":"597_CR83","doi-asserted-by":"crossref","first-page":"339","DOI":"10.1016\/j.infoandorg.2004.11.001","volume":"15","author":"M Siponen","year":"2005","unstructured":"Siponen M (2005) Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods. Inf Organ 15(4):339\u2013375","journal-title":"Inf Organ"},{"issue":"8","key":"597_CR84","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1145\/1145287.1145316","volume":"49","author":"M Siponen","year":"2006","unstructured":"Siponen M (2006) Information security standards focus on the existence of process, not its content. Commun ACM 49(8):97\u2013100","journal-title":"Commun ACM"},{"key":"597_CR85","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1007\/0-306-47007-1_8","volume-title":"Advances in information security management & small systems security","author":"M Siponen","year":"2001","unstructured":"Siponen M, Baskerville R (2001) A new paradigm for adding security into IS development methods. In: Eloff JHP, Labuschagne L, von Solms R, Dhillon G (eds) Advances in information security management & small systems security. Springer, New York, pp 99\u2013111"},{"issue":"5","key":"597_CR86","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1016\/j.im.2008.12.007","volume":"46","author":"M Siponen","year":"2009","unstructured":"Siponen M, Willison R (2009) Information security management standards: problems and solutions. Inf Manag 46(5):267\u2013270","journal-title":"Inf Manag"},{"issue":"3","key":"597_CR87","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1016\/j.infoandorg.2005.10.003","volume":"16","author":"ML Smith","year":"2006","unstructured":"Smith ML (2006) Overcoming theory-practice inconsistencies: critical realism and information systems research. Inf Organ 16(3):191\u2013211","journal-title":"Inf Organ"},{"key":"597_CR88","unstructured":"Soros G (2009) Reflections on the crash of 2008 and what it means: an E-Book update to the new paradigm for financial markets. Public Affairs"},{"issue":"3","key":"597_CR89","first-page":"46","volume":"4","author":"P Spagnoletti","year":"2008","unstructured":"Spagnoletti P, Resca A (2008) The duality of information security management: fighting against predictable and unpredictable threats. Journal of Information Systems Security 4(3):46\u201362","journal-title":"Journal of Information Systems Security"},{"key":"597_CR90","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1007\/978-1-4615-4851-5_36","volume-title":"Evolution and challenges in system development","author":"L Stapleton","year":"1999","unstructured":"Stapleton L (1999) Information systems development (ISD) in complex settings as interlocking spirals of sense-making. In: Zupan\u010di\u010d J, Wojtkowski W, Wojtkowski WG, Wrycza S (eds) Evolution and challenges in system development. Springer, New York, pp 389\u2013404"},{"key":"597_CR91","unstructured":"Stapleton L (2001) Information systems development: an empirical study in Irish manufacturing companies. Unpublished thesis. University College Cork"},{"issue":"1","key":"597_CR92","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1108\/09685221211219182","volume":"201","author":"G Stewart","year":"2012","unstructured":"Stewart G, Lacey D (2012) Death by a thousand facts: criticising the technocratic approach to information security awareness. Inf Manag Comput Secur 201(1):29\u201338","journal-title":"Inf Manag Comput Secur"},{"issue":"4","key":"597_CR93","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1108\/09685220110401254","volume":"9","author":"T Tryfonas","year":"2001","unstructured":"Tryfonas T, Kiountouzis E, Poulymenakou A (2001) Embedding security practices in contemporary information systems development approaches. Inf Manag Comput Secur 9(4):183\u2013197","journal-title":"Inf Manag Comput Secur"},{"key":"597_CR94","volume-title":"Computer and information security handbook","author":"RJ Vacca","year":"2009","unstructured":"Vacca RJ (2009) Computer and information security handbook. Morgan Kaufmann, Burlington"},{"issue":"1","key":"597_CR95","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1108\/09685229910255223","volume":"7","author":"R Solms von","year":"1999","unstructured":"von Solms R (1999) Information security management: why standards are important. Inf Manag Comput Secur 7(1):50\u201358","journal-title":"Inf Manag Comput Secur"},{"issue":"1","key":"597_CR96","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1108\/09685220910944722","volume":"17","author":"R Werlinger","year":"2009","unstructured":"Werlinger R, Hawkey K, Beznosov K (2009) An integrated view of human, organizational, and technological challenges of IT security management. Inf Manag Computr Secur 17(1):4\u201319","journal-title":"Inf Manag Computr Secur"},{"key":"597_CR97","volume-title":"IT risk: turning business threats into competitive advantage","author":"G Westerman","year":"2007","unstructured":"Westerman G, Hunter R (2007) IT risk: turning business threats into competitive advantage. Harvard Business School Press, Boston"}],"container-title":["AI &amp; SOCIETY"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00146-015-0597-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00146-015-0597-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00146-015-0597-4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,28]],"date-time":"2019-08-28T23:17:59Z","timestamp":1567034279000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00146-015-0597-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,8,1]]},"references-count":94,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2016,8]]}},"alternative-id":["597"],"URL":"https:\/\/doi.org\/10.1007\/s00146-015-0597-4","relation":{},"ISSN":["0951-5666","1435-5655"],"issn-type":[{"value":"0951-5666","type":"print"},{"value":"1435-5655","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,8,1]]}}}