{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T14:01:03Z","timestamp":1778162463554,"version":"3.51.4"},"reference-count":122,"publisher":"Informa UK Limited","issue":"5","content-domain":{"domain":["www.tandfonline.com"],"crossmark-restriction":true},"short-container-title":["European Journal of Information Systems"],"published-print":{"date-parts":[[2019,9,3]]},"DOI":"10.1080\/0960085x.2019.1624141","type":"journal-article","created":{"date-parts":[[2019,6,16]],"date-time":"2019-06-16T16:59:15Z","timestamp":1560704355000},"page":"566-589","update-policy":"https:\/\/doi.org\/10.1080\/tandf_crossmark_01","source":"Crossref","is-referenced-by-count":19,"title":["Abductive innovations in information security policy development: an ethnographic study"],"prefix":"10.1080","volume":"28","author":[{"given":"Marko","family":"Niemimaa","sequence":"first","affiliation":[{"name":"Faculty of Information Technology, University of Jyvaskyla, Jyvaskyla, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elina","family":"Niemimaa","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology, University of Jyvaskyla, Jyvaskyla, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"301","published-online":{"date-parts":[[2019,6,16]]},"reference":[{"key":"CIT0001","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.11.004"},{"key":"CIT0002","doi-asserted-by":"publisher","DOI":"10.1111\/padm.12069"},{"key":"CIT0003","volume-title":"Making sense of management: A critical introduction","author":"Alvesson M.","year":"1996"},{"key":"CIT0004","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2010.05.010"},{"key":"CIT0006","doi-asserted-by":"publisher","DOI":"10.2307\/25148767"},{"key":"CIT0007","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43459-8_3"},{"key":"CIT0008","doi-asserted-by":"publisher","DOI":"10.1108\/09576050210447019"},{"key":"CIT0009","doi-asserted-by":"publisher","DOI":"10.2307\/2391741"},{"key":"CIT0010","first-page":"190","volume-title":"Encyclopedia of management theory","author":"Benson J. K.","year":"2013"},{"key":"CIT0011","volume-title":"Philosophy of social science: The philosophical foundations of social thought","author":"Benton T.","year":"2001"},{"key":"CIT0012","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2009.8"},{"key":"CIT0013","doi-asserted-by":"publisher","DOI":"10.1108\/09685220410553541"},{"key":"CIT0014","doi-asserted-by":"publisher","DOI":"10.1080\/02683960210164336"},{"key":"CIT0015","doi-asserted-by":"publisher","DOI":"10.2307\/25148728"},{"key":"CIT0016","doi-asserted-by":"publisher","DOI":"10.2307\/41703499"},{"key":"CIT0018","first-page":"1","volume-title":"From control to drift: The dynamics of corporate information infrastructures","author":"Ciborra C. U.","year":"1999"},{"key":"CIT0019","doi-asserted-by":"publisher","DOI":"10.1016\/S0959-8022(99)00002-8"},{"key":"CIT0020","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2010.04.005"},{"key":"CIT0021","doi-asserted-by":"publisher","DOI":"10.1287\/isre.2014.0542"},{"key":"CIT0022","doi-asserted-by":"publisher","DOI":"10.1057\/s41303-017-0059-9"},{"key":"CIT0023","doi-asserted-by":"publisher","DOI":"10.1007\/s10514-007-9080-5"},{"key":"CIT0024","doi-asserted-by":"publisher","DOI":"10.1046\/j.1365-2575.2001.00099.x"},{"key":"CIT0025","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2009.05.003"},{"key":"CIT0026","doi-asserted-by":"publisher","DOI":"10.1057\/jit.2016.3"},{"key":"CIT0027","doi-asserted-by":"publisher","DOI":"10.1177\/0170840615604501"},{"key":"CIT0029","doi-asserted-by":"publisher","DOI":"10.4135\/9781473957954.n6"},{"key":"CIT0030","doi-asserted-by":"publisher","DOI":"10.1287\/orsc.1100.0612"},{"key":"CIT0031","volume-title":"The interpretation of cultures","author":"Geertz C.","year":"1973"},{"key":"CIT0032","doi-asserted-by":"publisher","DOI":"10.1287\/orsc.4.4.595"},{"issue":"2","key":"CIT0033","first-page":"75","volume":"29","author":"Guba E.","year":"1981","journal-title":"Educational Technology Research and Development"},{"key":"CIT0034","doi-asserted-by":"publisher","DOI":"10.1057\/jit.2009.19"},{"key":"CIT0035","doi-asserted-by":"publisher","DOI":"10.5465\/amr.2006.22527458"},{"key":"CIT0036","doi-asserted-by":"publisher","DOI":"10.1177\/0170840616640843"},{"key":"CIT0037","doi-asserted-by":"publisher","DOI":"10.1016\/j.jsis.2011.06.001"},{"key":"CIT0038","doi-asserted-by":"publisher","DOI":"10.1177\/1350508404046454"},{"key":"CIT0039","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2009.6"},{"key":"CIT0040","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511895425"},{"key":"CIT0041","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(02)00504-7"},{"key":"CIT0042","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1110.0393"},{"key":"CIT0043","doi-asserted-by":"publisher","DOI":"10.14318\/hau4.1.021"},{"key":"CIT0044","volume-title":"ISO\/IEC 27001 information technology - security techniques - information security management systems \u2013 requirements","author":"International Organization for Standardization\/International Electrotechnical Commission","year":"2005"},{"key":"CIT0045","volume-title":"ISO\/IEC 27001: FiInformation technology - security techniques - information security management systems \u2013 requirements","author":"International Organization for Standardization\/International Electrotechnical Commission","year":"2006"},{"key":"CIT0046","volume-title":"ISO\/IEC 27001 information technology - security techniques - information security management systems \u2013 requirements","author":"International Organization for Standardization\/International Electrotechnical Commission","year":"2013"},{"key":"CIT0048","doi-asserted-by":"publisher","DOI":"10.1177\/1476127014554575"},{"key":"CIT0049","doi-asserted-by":"publisher","DOI":"10.1145\/3242734.3242739"},{"key":"CIT0050","doi-asserted-by":"publisher","DOI":"10.2307\/25750691"},{"key":"CIT0051","doi-asserted-by":"publisher","DOI":"10.1287\/orsc.1120.0792"},{"issue":"1","key":"CIT0052","first-page":"55","volume":"15","author":"Kappelman L.","year":"2016","journal-title":"MIS Executive"},{"key":"CIT0053","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.08.011"},{"key":"CIT0054","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41320-9_5"},{"key":"CIT0056","doi-asserted-by":"publisher","DOI":"10.2307\/249410"},{"key":"CIT0057","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.07.001"},{"key":"CIT0058","doi-asserted-by":"publisher","DOI":"10.1016\/j.jsis.2016.08.005"},{"key":"CIT0059","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2014\/38.2.06"},{"key":"CIT0060","doi-asserted-by":"publisher","DOI":"10.4018\/ijsodit.2013070103"},{"key":"CIT0061","doi-asserted-by":"publisher","DOI":"10.5465\/amr.1999.2553248"},{"key":"CIT0063","doi-asserted-by":"publisher","DOI":"10.2307\/23043493"},{"key":"CIT0064","doi-asserted-by":"publisher","DOI":"10.1016\/0147-1767(85)90062-8"},{"key":"CIT0065","doi-asserted-by":"publisher","DOI":"10.1111\/isj.12063"},{"key":"CIT0066","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00211"},{"key":"CIT0067","doi-asserted-by":"publisher","DOI":"10.1111\/isj.12093"},{"key":"CIT0068","doi-asserted-by":"publisher","DOI":"10.1108\/09685220810893207"},{"key":"CIT0069","doi-asserted-by":"publisher","DOI":"10.1016\/j.infoandorg.2012.03.001"},{"issue":"23","key":"CIT0070","first-page":"1","volume":"2","author":"Myers M.","year":"1999","journal-title":"Communications of the Association for Information Systems"},{"key":"CIT0071","volume-title":"Qualitative research in business & management","author":"Myers M.","year":"2009"},{"key":"CIT0073","doi-asserted-by":"publisher","DOI":"10.1057\/s41303-016-0025-y"},{"key":"CIT0074","doi-asserted-by":"publisher","DOI":"10.1057\/9781137552648_12"},{"key":"CIT0076","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2012.3"},{"key":"CIT0077","doi-asserted-by":"publisher","DOI":"10.1093\/cje\/bep058"},{"key":"CIT0078","volume-title":"Talking about machines: An ethnography of a modern job","author":"Orr J. E.","year":"1996"},{"key":"CIT0082","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1080.0174"},{"key":"CIT0083","doi-asserted-by":"publisher","DOI":"10.1145\/792704.792706"},{"key":"CIT0084","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2012.38"},{"key":"CIT0085","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.10.006"},{"issue":"4","key":"CIT0086","first-page":"60","volume":"39","author":"Saint-Germain R.","year":"2005","journal-title":"Information Management Journal"},{"key":"CIT0087","doi-asserted-by":"publisher","DOI":"10.1057\/palgrave.ejis.3000485"},{"key":"CIT0088","doi-asserted-by":"publisher","DOI":"10.2307\/3250978"},{"key":"CIT0089","doi-asserted-by":"publisher","DOI":"10.4324\/9781315619361-9"},{"key":"CIT0090","doi-asserted-by":"publisher","DOI":"10.1108\/09685220010371394"},{"key":"CIT0091","doi-asserted-by":"publisher","DOI":"10.1057\/palgrave.ejis.3000537"},{"key":"CIT0092","doi-asserted-by":"publisher","DOI":"10.1016\/j.infoandorg.2004.11.001"},{"key":"CIT0093","doi-asserted-by":"publisher","DOI":"10.1145\/1145287.1145316"},{"key":"CIT0094","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00095"},{"key":"CIT0095","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2008.12.007"},{"key":"CIT0096","doi-asserted-by":"publisher","DOI":"10.5465\/amj.2010.0013"},{"key":"CIT0097","doi-asserted-by":"publisher","DOI":"10.2307\/25750687"},{"key":"CIT0098","doi-asserted-by":"publisher","DOI":"10.2307\/25750689"},{"issue":"2","key":"CIT0099","first-page":"225","volume":"29","author":"Staat W.","year":"1993","journal-title":"Transactions of the Charles S. Peirce Society"},{"key":"CIT0100","doi-asserted-by":"publisher","DOI":"10.1111\/j.1365-2575.2011.00378.x"},{"key":"CIT0101","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2011.21"},{"key":"CIT0102","doi-asserted-by":"publisher","DOI":"10.1287\/isre.7.1.111"},{"key":"CIT0103","first-page":"5","volume-title":"Information security: Policy, processes and practices","author":"Straub D. W.","year":"2008"},{"key":"CIT0104","doi-asserted-by":"publisher","DOI":"10.2307\/249551"},{"key":"CIT0106","author":"Tene O.","year":"2013","journal-title":"11 Northwestern Journal of Technology and Intellectual Property239(2013), 1\u201336. Available at SSRN: https:\/\/ssrn.com\/abstract=2149364"},{"key":"CIT0107","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2015.19"},{"key":"CIT0108","doi-asserted-by":"publisher","DOI":"10.5465\/amr.1995.9508080329"},{"key":"CIT0109","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-6486.2010.00980.x"},{"key":"CIT0110","doi-asserted-by":"publisher","DOI":"10.7208\/chicago\/9780226849638.001.0001"},{"key":"CIT0111","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2014\/38.3.13"},{"key":"CIT0112","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2005.02.002"},{"key":"CIT0113","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.05.002"},{"key":"CIT0114","doi-asserted-by":"publisher","DOI":"10.1108\/09685229910255223"},{"key":"CIT0116","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.01.013"},{"key":"CIT0117","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2005.07.003"},{"key":"CIT0118","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.1995.9"},{"key":"CIT0119","doi-asserted-by":"publisher","DOI":"10.1057\/palgrave.ejis.3000589"},{"key":"CIT0120","doi-asserted-by":"publisher","DOI":"10.2307\/249409"},{"key":"CIT0121","first-page":"46","volume-title":"Information security: Policy, processes and practices","author":"Warkentin M.","year":"2008"},{"key":"CIT0122","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2003.12.003"},{"key":"CIT0123","first-page":"123","volume-title":"Information security: Policy, processes and practices","author":"Whitman M. E.","year":"2008"},{"key":"CIT0124","doi-asserted-by":"publisher","DOI":"10.1177\/0170840606064101"},{"key":"CIT0125","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbusres.2015.12.055"},{"key":"CIT0126","doi-asserted-by":"publisher","DOI":"10.1287\/orsc.1070.0307"},{"key":"CIT0127","doi-asserted-by":"publisher","DOI":"10.5465\/AMR.2011.59330882"},{"key":"CIT0128","doi-asserted-by":"publisher","DOI":"10.1007\/1-4020-8095-6_17"},{"key":"CIT0129","doi-asserted-by":"publisher","DOI":"10.1111\/j.1365-2575.2004.00173.x"},{"key":"CIT0130","doi-asserted-by":"publisher","DOI":"10.2307\/4132312"},{"key":"CIT0131","doi-asserted-by":"publisher","DOI":"10.4324\/9780203944769"},{"key":"CIT0132","doi-asserted-by":"publisher","DOI":"10.1287\/isre.14.3.221.16560"},{"key":"CIT0133","doi-asserted-by":"publisher","DOI":"10.2307\/256926"},{"issue":"4","key":"CIT0134","first-page":"iii","volume":"37","author":"Sarker S.","year":"2013","journal-title":"MIS Quarterly"},{"key":"CIT0135","doi-asserted-by":"publisher","DOI":"10.1016\/j.infoandorg.2004.11.001"}],"container-title":["European Journal of Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.1080\/0960085X.2019.1624141","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,20]],"date-time":"2019-09-20T08:57:52Z","timestamp":1568969872000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/0960085X.2019.1624141"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,16]]},"references-count":122,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2019,5,28]]},"published-print":{"date-parts":[[2019,9,3]]}},"alternative-id":["10.1080\/0960085X.2019.1624141"],"URL":"https:\/\/doi.org\/10.1080\/0960085x.2019.1624141","relation":{},"ISSN":["0960-085X","1476-9344"],"issn-type":[{"value":"0960-085X","type":"print"},{"value":"1476-9344","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,6,16]]},"assertion":[{"value":"The publishing and review policy for this title is described in its Aims & Scope.","order":1,"name":"peerreview_statement","label":"Peer Review Statement"},{"value":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=tjis20","URL":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=tjis20","order":2,"name":"aims_and_scope_url","label":"Aim & Scope"},{"value":"2018-05-16","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-05-20","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-06-16","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}