{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T17:46:08Z","timestamp":1778175968948,"version":"3.51.4"},"reference-count":82,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2007,10,2]],"date-time":"2007-10-02T00:00:00Z","timestamp":1191283200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007,10,2]]},"abstract":"Purpose<\/jats:title>Information security is becoming increasingly more important as organisations are endangered by a variety of threats from both its internal and external environments. Many theorists now advocate that effective security policies should be created at senior management level. This is because executives are able to evaluate the organisation using a holistic approach as well as having the power to ensure that new systems and procedures are implemented in a timely manner. There is, however, a continuing lack of understanding regarding the strategic importance of managing information security. In addition, there is a gap in the literature on the relationship between directors and information security strategy. This paper attempts to close this gap by exploring how directors perceive their organisation's security and what factors influence their decisions on the development and implementation of information security strategy.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>The research is based on constructivist grounded theory. Forty\u2010three interviews were conducted at executive level in 29 organisations. These interviews were then coded and analysed in order to develop new theory on directors' perception of risk and its effect on the development and implementation of information security strategy.<\/jats:p><\/jats:sec>Findings<\/jats:title>The analysis shows that senior managers' engagement with information security is dependent on two key variables: the strategic importance of information systems to their organisation and their perception of risk. Additionally, this research found that these two variables are affected by both organisational contextual factors and the strategic and operational actions undertaken within the business. Furthermore, the results demonstrated that the two board variables also have an impact on the organisation's environment as well as its strategic and operational actions. This paper uses the data gathered from the interviews to develop a model of these factors. In addition, a perception grid is constructed which illustrates the potential concerns that can drive board engagement.<\/jats:p><\/jats:sec>Practical implications<\/jats:title>The paper illustrates the advantages of using the perception grid to understand and develop current and future information security issues.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>The paper investigates how organisational directors perceive information security and how this perception influences the development of their information security strategy.<\/jats:p><\/jats:sec>","DOI":"10.1108\/14684520710832333","type":"journal-article","created":{"date-parts":[[2007,10,13]],"date-time":"2007-10-13T07:06:16Z","timestamp":1192259176000},"page":"622-660","source":"Crossref","is-referenced-by-count":46,"title":["Perception of risk and the strategic impact of existing IT on information security strategy at board level"],"prefix":"10.1108","volume":"31","author":[{"given":"Elspeth","family":"McFadzean","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jean\u2010Noel","family":"Ezingeard","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Birchall","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022020720271810300_b1","doi-asserted-by":"crossref","unstructured":"Abouzakhar, N.S. and Manson, G.A. (2002), \u201cAn intelligent approach to prevent distributed systems attack\u201d, Information Management & Computer Security, Vol. 10 No. 5, pp. 203\u20109.","DOI":"10.1108\/09685220210447505"},{"key":"key2022020720271810300_b2","unstructured":"Austin, R.D. and Darby, C.A. (2003), \u201cThe myth of secure computing\u201d, Harvard Business Review, Vol. 81 No. 6, pp. 120\u20106."},{"key":"key2022020720271810300_b3","doi-asserted-by":"crossref","unstructured":"Backhouse, J. and Dhillon, G. (1996), \u201cStructures of responsibility and security of information systems\u201d, European Journal of Information Systems, Vol. 5, pp. 2\u20109.","DOI":"10.1057\/ejis.1996.7"},{"key":"key2022020720271810300_b4","unstructured":"Barnett, T. and Vaicys, C. (2000), \u201cThe moderating effect of individuals' perceptions of ethical work climate on ethical judgments and behavioral intentions\u201d, Journal of Business Ethics, Vol. 27 No. 4, pp. 351\u201062."},{"key":"key2022020720271810300_b5","doi-asserted-by":"crossref","unstructured":"Barney, J. (1991), \u201cFirm resources and sustained competitive advantage\u201d, Journal of Management, Vol. 17 No. 1, pp. 99\u2010120.","DOI":"10.1177\/014920639101700108"},{"key":"key2022020720271810300_b6","doi-asserted-by":"crossref","unstructured":"Baskerville, R. (1991), \u201cRisk analysis: an interpretive feasibility tool in justifying information systems security\u201d, European Journal of Information Systems, Vol. 1 No. 2, pp. 121\u201030.","DOI":"10.1057\/ejis.1991.20"},{"key":"key2022020720271810300_b7","doi-asserted-by":"crossref","unstructured":"Baskerville, R. (1993), \u201cInformation systems security design methods: implications for information systems development\u201d, ACM Computing Surveys, Vol. 25 No. 4, pp. 375\u2010414.","DOI":"10.1145\/162124.162127"},{"key":"key2022020720271810300_b8","doi-asserted-by":"crossref","unstructured":"Baskerville, R. and Siponen, M. (2002), \u201cAn information security meta\u2010policy for emergent organizations\u201d, Logistics Information Management, Vol. 15 Nos 5\/6, pp. 337\u201046.","DOI":"10.1108\/09576050210447019"},{"key":"key2022020720271810300_b9","unstructured":"Beatson, J.G. (1991), \u201cSecurity \u2010 a personnel issue: the importance of personnel attitudes and security education\u201d, in Dittrich, K., Rautakivi, S. and Saari, J. (Eds), Computer Security and Information Integrity, Elsevier Science Publishers, Amsterdam, pp. 29\u201038."},{"key":"key2022020720271810300_b10","doi-asserted-by":"crossref","unstructured":"Birch, G.D.W. and McEvoy, N.A. (1992), \u201cRisk analysis for information systems\u201d, Journal of Information Technology, Vol. 7, pp. 44\u201053.","DOI":"10.1177\/026839629200700107"},{"key":"key2022020720271810300_b11","doi-asserted-by":"crossref","unstructured":"Brewer, B. (2002), Perception and Reason, Oxford University Press, Oxford.","DOI":"10.1093\/0199250456.001.0001"},{"key":"key2022020720271810300_b12","unstructured":"Brooke, P. (2001), \u201cDDoS: internet weapons of mass destruction\u201d, Network Computing, Vol. 12 No. 1, pp. 67\u201070."},{"key":"key2022020720271810300_b13","unstructured":"Bryant, A. (2002), \u201cRe\u2010grounding grounded theory\u201d, Journal of Information Technology Theory and Application, Vol. 4 No. 1, pp. 25\u201042."},{"key":"key2022020720271810300_b14","doi-asserted-by":"crossref","unstructured":"Cachon, G.P. and Fisher, M. (2000), \u201cSupply chain inventory management and the value of shared information\u201d, Management Science, Vol. 46 No. 8, pp. 1032\u201048.","DOI":"10.1287\/mnsc.46.8.1032.12029"},{"key":"key2022020720271810300_b15","unstructured":"Chan, Y.E. (2002), \u201cWhy haven't we mastered alignment? The importance of the informal organization structure\u201d, MIS Quarterly Executive, Vol. 1 No. 2, pp. 97\u2010112."},{"key":"key2022020720271810300_b16","doi-asserted-by":"crossref","unstructured":"Chan, Y.E., Huff, S.L., Barclay, D.W. and Copeland, D.G. (1997), \u201cBusiness strategic orientation, information systems strategic orientation, and strategic alignment\u201d, Information Systems Research, Vol. 8 No. 2, pp. 125\u201050.","DOI":"10.1287\/isre.8.2.125"},{"key":"key2022020720271810300_b17","unstructured":"Charmaz, K. (2000), \u201cGrounded theory: objectivist and constructivist methods\u201d, in Denzin, N. and Lincoln, Y. (Eds), The Handbook of Qualitative Research, Sage, Thousand Oaks, CA, pp. 509\u201035."},{"key":"key2022020720271810300_b18","unstructured":"Creswell, J.W. (2003), Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, 2nd ed., Sage Publications, Thousand Oaks, CA."},{"key":"key2022020720271810300_b19","doi-asserted-by":"crossref","unstructured":"Cutting, B. and Kouzmin, A. (2002), \u201cEvaluating corporate board cultures and decision making\u201d, Corporate Governance, Vol. 2 No. 2, pp. 27\u201045.","DOI":"10.1108\/14720700210430324"},{"key":"key2022020720271810300_b20","doi-asserted-by":"crossref","unstructured":"DeSanctis, G. and Poole, M.S. (1994), \u201cCapturing the complexity in advanced technology use: adaptive structuration theory\u201d, Organization Science, Vol. 5 No. 2, pp. 121\u201047.","DOI":"10.1287\/orsc.5.2.121"},{"key":"key2022020720271810300_b21","doi-asserted-by":"crossref","unstructured":"Dhillon, G. and Backhouse, J. (2001), \u201cCurrent directions in IS security research: towards socio\u2010organizational perspectives\u201d, Information Systems Journal, Vol. 11 No. 2, pp. 127\u201053.","DOI":"10.1046\/j.1365-2575.2001.00099.x"},{"key":"key2022020720271810300_b22","doi-asserted-by":"crossref","unstructured":"Dixon, J. and Dogan, R. (2003), \u201cCorporate decision making: contending perspectives and their governance implications\u201d, Corporate Governance, Vol. 3 No. 1, pp. 39\u201057.","DOI":"10.1108\/14720700310459854"},{"key":"key2022020720271810300_b23","unstructured":"Dobson, J. (1991), \u201cA methodology for analysing human and computer\u2010related issues in secure systems\u201d, in Saari, J. (Ed.), Computer Security and Information Integrity, Elsevier Science Publishers, Amsterdam, pp. 151\u201070."},{"key":"key2022020720271810300_b24","doi-asserted-by":"crossref","unstructured":"Dutta, A. and McCrohan, K. (2002), \u201cManagement's role in information security in a cyber economy\u201d, California Management Review, Vol. 45 No. 1, pp. 67\u201087.","DOI":"10.2307\/41166154"},{"key":"key2022020720271810300_b25","doi-asserted-by":"crossref","unstructured":"Eisenhardt, K.M. (1989), \u201cBuilding theories from case study research\u201d, Academy of Management Review, Vol. 14 No. 4, pp. 532\u201050.","DOI":"10.5465\/amr.1989.4308385"},{"key":"key2022020720271810300_b26","unstructured":"Ernst & Young (2003), Ernst & Young Global Information Security Survey 2003, Ernst & Young LLP, London."},{"key":"key2022020720271810300_b27","doi-asserted-by":"crossref","unstructured":"Ettredge, M. and Richardson, V.J. (2003), \u201cInformation transfer among internet firms: the case of hacker attacks\u201d, Journal of Information Systems, Vol. 17 No. 2, pp. 71\u201082.","DOI":"10.2308\/jis.2003.17.2.71"},{"key":"key2022020720271810300_b28","doi-asserted-by":"crossref","unstructured":"Faber, N., de Koster, R.B.M. and van de Velde, S.L. (2002), \u201cLinking warehouse complexity to warehouse planning and control structure: an exploratory study of the use of warehouse management information systems\u201d, International Journal of Physical Distribution & Logistics Management, Vol. 32 No. 5, pp. 381\u201095.","DOI":"10.1108\/09600030210434161"},{"key":"key2022020720271810300_b29","doi-asserted-by":"crossref","unstructured":"Flint, D.J., Woodruff, R.B. and Gardial, S.F. (2002), \u201cExploring the phenomenon of customers' desired value change in a business\u2010to\u2010business context\u201d, Journal of Marketing, Vol. 66, pp. 102\u201017.","DOI":"10.1509\/jmkg.66.4.102.18517"},{"key":"key2022020720271810300_b30","doi-asserted-by":"crossref","unstructured":"Floyd, S.W. and Wooldridge, B. (1990), \u201cPath analysis of the relationship between competitive strategy, information technology, and financial performance\u201d, Journal of Management Information Systems, Vol. 7 No. 1, pp. 47\u201064.","DOI":"10.1080\/07421222.1990.11517880"},{"key":"key2022020720271810300_b31","doi-asserted-by":"crossref","unstructured":"Frey, B.F. (2000), \u201cThe impact of moral intensity on decision making in a business context\u201d, Journal of Business Ethics, Vol. 26 No. 3, pp. 181\u201095.","DOI":"10.1023\/A:1006139124110"},{"key":"key2022020720271810300_b32","doi-asserted-by":"crossref","unstructured":"Fulford, H. and Doherty, N.F. (2003), \u201cThe application of information security policies in large UK\u2010based organizations: an exploratory investigation\u201d, Information Management & Computer Security, Vol. 11 No. 3, pp. 106\u201014.","DOI":"10.1108\/09685220310480381"},{"key":"key2022020720271810300_b33","doi-asserted-by":"crossref","unstructured":"Galal, G.H. (2001), \u201cFrom contexts to constructs: the use of grounded theory in operationalising contingent process models\u201d, European Journal of Information Systems, Vol. 10 No. 1, pp. 2\u201014.","DOI":"10.1057\/palgrave.ejis.3000381"},{"key":"key2022020720271810300_b34","unstructured":"Giddens, A. (1984), The Constitution of Society, Polity Press, Cambridge."},{"key":"key2022020720271810300_b35","unstructured":"Glaser, B.G. and Strauss, A.L. (1967), The Discovery of Grounded Theory: Strategies for Qualitative Research, Aldine Publishing Company, New York, NY."},{"key":"key2022020720271810300_b36","unstructured":"Glover, S., Liddle, S. and Prawitt, D. (2001), E\u2010Business: Principles and Strategies for Accountants, Prentice Hall, Upper Saddle River, NJ."},{"key":"key2022020720271810300_b37","unstructured":"Gohring, N. (2000), \u201cBut is it safe?\u201d, Telephony, Vol. 238 No. 23, p. 116."},{"key":"key2022020720271810300_b38","doi-asserted-by":"crossref","unstructured":"Higgins, H.N. (1999), \u201cCorporate system security: towards an integrated management approach\u201d, Information Management & Computer Security, Vol. 7 No. 5, pp. 217\u201022.","DOI":"10.1108\/09685229910292817"},{"key":"key2022020720271810300_b39","doi-asserted-by":"crossref","unstructured":"Hitchings, J. (1996), \u201cA practical solution to the complex human issues of information security design\u201d, in Gritzalis, D. (Ed.), Information Systems Security: Facing the Information Society of the 21st Century, Chapman & Hall, London, pp. 3\u201012.","DOI":"10.1007\/978-1-5041-2919-0_1"},{"key":"key2022020720271810300_b40","unstructured":"IT Governance Institute (2004), \u201cIT control objectives for Sarbanes\u2010Oxley\u201d, available at: www.isaca.org\/Template.cfm?Section=Downloads5&CONTENTID=17090&TEMPLATE=\/ContentManagement\/ContentDisplay.cfm (accessed 3 March 2005)."},{"key":"key2022020720271810300_b41","doi-asserted-by":"crossref","unstructured":"Kelly, B.J. (1999), \u201cPreserve, protect and defend\u201d, Journal of Business Strategy, Vol. 20 No. 5, pp. 22\u20105.","DOI":"10.1108\/eb040027"},{"key":"key2022020720271810300_b42","doi-asserted-by":"crossref","unstructured":"Klein, H.K. and Myers, M.D. (1999), \u201cA set of principles for conducting and evaluating interpretive field studies in information systems\u201d, MIS Quarterly, Vol. 23 No. 1, pp. 67\u201093.","DOI":"10.2307\/249410"},{"key":"key2022020720271810300_b43","doi-asserted-by":"crossref","unstructured":"Kokolakis, S.A., Demopoulos, A.J. and Kiountouzis, E.A. (2000), \u201cThe use of business process modelling in information systems security analysis and design\u201d, Information Management & Computer Security, Vol. 8 No. 3, pp. 107\u201016.","DOI":"10.1108\/09685220010339192"},{"key":"key2022020720271810300_b44","doi-asserted-by":"crossref","unstructured":"Kotulic, A.G. and Clark, J.G. (2004), \u201cWhy there aren't more information security research studies\u201d, Information & Management, Vol. 41 No. 5, pp. 597\u2010607.","DOI":"10.1016\/j.im.2003.08.001"},{"key":"key2022020720271810300_b45","unstructured":"KPMG (2002), \u201cInformation security survey\u201c, available at: www.kpmg.com\/microsite\/informationsecurity\/isssurvey.html (accessed 12 January 2005)."},{"key":"key2022020720271810300_b46","doi-asserted-by":"crossref","unstructured":"Levy, M., Powell, P. and Yetton, P. (2001), \u201cSMEs: aligning IS and the strategic context\u201d, Journal of Information Technology, Vol. 16 No. 3, pp. 133\u201044.","DOI":"10.1080\/02683960110063672"},{"key":"key2022020720271810300_b47","unstructured":"Locke, K.D. (2001), Grounded Theory in Management Research, Sage, London."},{"key":"key2022020720271810300_b48","unstructured":"McFarlan, F.W., McKenney, J.L. and Pyburn, P. (1983), \u201cThe information archipelago \u2010 plotting a course\u201d, Harvard Business Review, Vol. 61 No. 1, pp. 145\u201056."},{"key":"key2022020720271810300_b49","doi-asserted-by":"crossref","unstructured":"Miller, H.E. and Engemann, K.G. (1996), \u201cA methodology for managing information\u2010based risk\u201d, Information Resources Management Journal, Vol. 9 No. 2, pp. 17\u201024.","DOI":"10.4018\/irmj.1996040102"},{"key":"key2022020720271810300_b50","doi-asserted-by":"crossref","unstructured":"Noble, C.H., Sinha, R.K. and Kumar, A. (2002), \u201cMarket orientation and alternative strategic orientations: a longitudinal assessment of performance implications\u201d, Journal of Marketing, Vol. 66 No. 4, pp. 25\u201039.","DOI":"10.1509\/jmkg.66.4.25.18513"},{"key":"key2022020720271810300_b51","unstructured":"O'Connor, R.J. (2000), \u201cTrading net privacy at e\u2010checkout\u201d, Inter@ctive Week, Vol. 7 No. 36, pp. 10\u201011."},{"key":"key2022020720271810300_b52","unstructured":"OECD (2004), OECD Principles of Corporate Governance, Organisation for Economic Co\u2010Operation and Development, Paris."},{"key":"key2022020720271810300_b53","doi-asserted-by":"crossref","unstructured":"Orlikowski, W.J. (1993), \u201cCASE tools as organizational change: investigating incremental and radical changes in systems development\u201d, MIS Quarterly, Vol. 17 No. 3, pp. 309\u201040.","DOI":"10.2307\/249774"},{"key":"key2022020720271810300_b54","doi-asserted-by":"crossref","unstructured":"Orlikowski, W.J. and Robey, D. (1991), \u201cInformation technology and the structuring of organizations\u201d, Information Systems Research, Vol. 2 No. 2, pp. 143\u201069.","DOI":"10.1287\/isre.2.2.143"},{"key":"key2022020720271810300_b55","doi-asserted-by":"crossref","unstructured":"Parry, K.W. (1998), \u201cGrounded theory and social process: a new direction for leadership research\u201d, Leadership Quarterly, Vol. 9 No. 1, pp. 85\u2010105.","DOI":"10.1016\/S1048-9843(98)90043-1"},{"key":"key2022020720271810300_b56","unstructured":"Parsons, W. (1995), Public Policy: An Introduction to the Theory and Practice of Policy Analysis, Edward Elgar, Cheltenham."},{"key":"key2022020720271810300_b57","doi-asserted-by":"crossref","unstructured":"Premkumar, G. and King, W.R. (1992), \u201cAn empirical assessment of information systems planning and the role of information systems in organizations\u201d, Journal of Management Information Systems, Vol. 9 No. 2, pp. 99\u2010125.","DOI":"10.1080\/07421222.1992.11517960"},{"key":"key2022020720271810300_b58","unstructured":"Pries\u2010Heje, J. (1992), \u201cThree barriers for continuing use of computer\u2010based tools in information systems development: a grounded theory approach\u201d, Scandinavian Journal of Information Systems, Vol. 4, pp. 119\u201036."},{"key":"key2022020720271810300_b59","doi-asserted-by":"crossref","unstructured":"Reich, B.H. and Benbasat, I. (1996), \u201cMeasuring the linkage between business and information technology objectives\u201d, MIS Quarterly, Vol. 20 No. 1, pp. 55\u201081.","DOI":"10.2307\/249542"},{"key":"key2022020720271810300_b60","doi-asserted-by":"crossref","unstructured":"Reich, B.H. and Benbasat, I. (2000), \u201cFactors that influence the social dimension of alignment between business and information technology objectives\u201d, MIS Quarterly, Vol. 24 No. 1, pp. 81\u2010113.","DOI":"10.2307\/3250980"},{"key":"key2022020720271810300_b61","doi-asserted-by":"crossref","unstructured":"Rodgers, J.A., Yen, D.C. and Chou, D.C. (2002), \u201cDeveloping e\u2010business: a strategic approach\u201d, Information Management & Computer Security, Vol. 10 No. 4, pp. 184\u201092.","DOI":"10.1108\/09685220210436985"},{"key":"key2022020720271810300_b62","unstructured":"Ryan, G.W. and Bernard, H.R. (2000), \u201cData management and analysis methods\u201d, in Denzin, N.K. and Lincoln, Y.S. (Eds), Handbook of Qualitative Research, Sage Publications, Thousand Oaks, CA, p. CA."},{"key":"key2022020720271810300_b63","doi-asserted-by":"crossref","unstructured":"Sambamurthy, V., Bharadwaj, A. and Grover, V. (2003), \u201cShaping agility through digital options: reconceptualizing the role of information technology in contemporary firms\u201d, MIS Quarterly, Vol. 27 No. 2, pp. 237\u201063.","DOI":"10.2307\/30036530"},{"key":"key2022020720271810300_b64","doi-asserted-by":"crossref","unstructured":"Sambamurthy, V. and Zmud, R.W. (1999), \u201cArrangements for information technology governance: a theory of multiple contingencies\u201d, MIS Quarterly, Vol. 23 No. 2, pp. 261\u201090.","DOI":"10.2307\/249754"},{"key":"key2022020720271810300_b65","doi-asserted-by":"crossref","unstructured":"Sarker, S., Lau, F. and Sahay, S. (2001), \u201cUsing an adapted grounded theory approach for inductive theory building about virtual team development\u201d, The DATA BASE for Advances in Information Systems, Vol. 32 No. 1, pp. 38\u201056.","DOI":"10.1145\/506740.506745"},{"key":"key2022020720271810300_b66","doi-asserted-by":"crossref","unstructured":"Siponen, M.T. (2001), \u201cAn analysis of the recent IS security development approaches: descriptive and prescriptive implications\u201d, in Dhillon, G. (Ed.), Information Security Management: Global Challenges in the New Millennium, Idea Group Publishing, Hershey, PA.","DOI":"10.4018\/978-1-878289-78-0.ch008"},{"key":"key2022020720271810300_b67","unstructured":"Stiles, P. and Taylor, B. (2001), Boards at Work: How Directors View their Roles and Responsibilities, Oxford University Press, Oxford."},{"key":"key2022020720271810300_b68","unstructured":"Strauss, A. and Corbin, J. (1990), Basics of Qualitative Research: Grounded Theory Procedures and Techniques, Sage, Thousand Oaks, CA."},{"key":"key2022020720271810300_b69","unstructured":"Strauss, A. and Corbin, J. (1998), Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, Sage Publications, Thousand Oaks, CA."},{"key":"key2022020720271810300_b70","doi-asserted-by":"crossref","unstructured":"Tallon, P.P., Kraemer, K.L. and Gurbaxani, V. (2000), \u201cExecutives' perceptions of the business value of information technology: a process\u2010oriented approach\u201d, Journal of Management Information Systems, Vol. 16 No. 4, pp. 145\u201073.","DOI":"10.1080\/07421222.2000.11518269"},{"key":"key2022020720271810300_b71","doi-asserted-by":"crossref","unstructured":"Tavakolian, H. (1989), \u201cLinking the information technology structure with organizational competitive strategy: a survey\u201d, MIS Quarterly, Vol. 13 No. 3, pp. 309\u201017.","DOI":"10.2307\/249006"},{"key":"key2022020720271810300_b72","doi-asserted-by":"crossref","unstructured":"Teo, T.S.H. and Pian, Y. (2003), \u201cA contingency perspective on Internet adoption and competitive advantage\u201d, European Journal of Information Systems, Vol. 12 No. 2, pp. 78\u201092.","DOI":"10.1057\/palgrave.ejis.3000448"},{"key":"key2022020720271810300_b73","unstructured":"Tidd, J., Bessant, J. and Pavitt, K. (1997), Managing Innovation: Integrating Technological Market and Organizational Change, John Wiley & Sons, Chichester."},{"key":"key2022020720271810300_b74","doi-asserted-by":"crossref","unstructured":"Trauth, E.M. and Jessup, L.M. (2000), \u201cUnderstanding computer\u2010mediated discussions: positivist and interpretive analyses of group support system use\u201d, MIS Quarterly, Vol. 24 No. 1, pp. 43\u201079.","DOI":"10.2307\/3250979"},{"key":"key2022020720271810300_b75","doi-asserted-by":"crossref","unstructured":"Urquhart, C. (1997), \u201cExploring analyst\u2010client communication: using grounded theory techniques to investigate interaction in informal requirements gathering\u201d, in Lee, A.S., DeGross, J.I. and Liebenau, J. (Eds), Information Systems and Qualitative Research, Chapman & Hall, London, pp. 149\u201081.","DOI":"10.1007\/978-0-387-35309-8_10"},{"key":"key2022020720271810300_b76","doi-asserted-by":"crossref","unstructured":"Venkatraman, N. (1993), \u201cContinuous strategic alignment: exploiting information technology capabilities for competitive success\u201d, European Management Journal, Vol. 11 No. 2, pp. 139\u201049.","DOI":"10.1016\/0263-2373(93)90037-I"},{"key":"key2022020720271810300_b77","doi-asserted-by":"crossref","unstructured":"Von Solms, B. (2001), \u201cCorporate governance and information security\u201d, Computers & Security, Vol. 20 No. 3, pp. 215\u20108.","DOI":"10.1016\/S0167-4048(01)00305-4"},{"key":"key2022020720271810300_b78","unstructured":"Ward, J. and Griffiths, P.M. (1996), Strategic Planning for Information Systems, John Wiley, Chichester."},{"key":"key2022020720271810300_b79","unstructured":"Ward, J. and Peppard, J. (2002), Strategic Planning for Information Systems, John Wiley & Sons Ltd, Chichester."},{"key":"key2022020720271810300_b80","doi-asserted-by":"crossref","unstructured":"Yu, Z., Yan, H. and Cheng, T.C.E. (2002), \u201cModelling the benefits of information sharing\u2010based partnerships in a two\u2010level supply chain\u201d, Journal of the Operational Research Society, Vol. 53 No. 4, pp. 436\u201046.","DOI":"10.1057\/palgrave.jors.2601255"},{"key":"key2022020720271810300_b81","unstructured":"Zuboff, S. (1988), The Age of the Smart Machine, Heinemann, Oxford."},{"key":"key2022020720271810300_b82","doi-asserted-by":"crossref","unstructured":"Zviran, M. (1990), \u201cRelationships between organizational and information systems objectives: some empirical evidence\u201d, Journal of Management Information Systems, Vol. 7 No. 1, pp. 65\u201084.","DOI":"10.1080\/07421222.1990.11517881"}],"container-title":["Online Information Review"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/14684520710832333","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/14684520710832333\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/14684520710832333\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:40:52Z","timestamp":1753404052000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/oir\/article\/31\/5\/622-660\/314622"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,10,2]]},"references-count":82,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2007,10,2]]}},"alternative-id":["10.1108\/14684520710832333"],"URL":"https:\/\/doi.org\/10.1108\/14684520710832333","relation":{},"ISSN":["1468-4527"],"issn-type":[{"value":"1468-4527","type":"print"}],"subject":[],"published":{"date-parts":[[2007,10,2]]}}}