{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,2]],"date-time":"2026-03-02T16:02:31Z","timestamp":1772467351389,"version":"3.50.1"},"reference-count":109,"publisher":"SAGE Publications","issue":"6","license":[{"start":{"date-parts":[[2018,1,4]],"date-time":"2018-01-04T00:00:00Z","timestamp":1515024000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Information Science"],"published-print":{"date-parts":[[2018,12]]},"abstract":"<jats:p> Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research &amp; Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders \u2013 a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders\u2019 perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed. <\/jats:p>","DOI":"10.1177\/0165551517748288","type":"journal-article","created":{"date-parts":[[2018,1,4]],"date-time":"2018-01-04T21:11:30Z","timestamp":1515100290000},"page":"752-767","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":26,"title":["Information security: Listening to the perspective of organisational insiders"],"prefix":"10.1177","volume":"44","author":[{"given":"SeEun","family":"Choi","sequence":"first","affiliation":[{"name":"Information School, The University of Sheffield, UK"}]},{"given":"Jorge Tiago","family":"Martins","sequence":"additional","affiliation":[{"name":"Information School, The University of Sheffield, UK"}]},{"given":"Igor","family":"Bernik","sequence":"additional","affiliation":[{"name":"Information Security Lab, Faculty of Criminal Justice, Maribor University, Slovenia"}]}],"member":"179","published-online":{"date-parts":[[2018,1,4]]},"reference":[{"key":"bibr1-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1080\/10580530802384639"},{"key":"bibr2-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1108\/09685221111115836"},{"key":"bibr3-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2010.10.006"},{"key":"bibr4-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.08.004"},{"key":"bibr5-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-2053-8"},{"key":"bibr6-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(03)00406-1"},{"key":"bibr7-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1080.0180"},{"key":"bibr8-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.jsis.2007.05.004"},{"key":"bibr9-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1145\/341852.341877"},{"key":"bibr10-0165551517748288","doi-asserted-by":"publisher","DOI":"10.2307\/249551"},{"key":"bibr11-0165551517748288","volume-title":"Understanding and measuring information security culture in developing countries: case of Saudi Arabia","author":"Al Natheer M","year":"2012"},{"key":"bibr12-0165551517748288","first-page":"3317","volume-title":"45th Hawaii international conference on system science","author":"Al-Omari A"},{"key":"bibr13-0165551517748288","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-031-02275-3","volume-title":"Knowledge management (KM) processes in organizations: theoretical foundations and practice","author":"McInerney CR","year":"2011"},{"key":"bibr14-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1007\/s11747-013-0354-5"},{"key":"bibr15-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.ibusrev.2008.02.005"},{"key":"bibr16-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-010-9265-x"},{"key":"bibr17-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.01.001"},{"key":"bibr18-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.respol.2010.03.005"},{"key":"bibr19-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1201\/b15573"},{"key":"bibr20-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1108\/MD-11-2012-0791"},{"key":"bibr21-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1504\/IJNVO.2013.063049"},{"key":"bibr22-0165551517748288","volume-title":"Managing knowledge assets and business value creation in organizations: measures and dynamics","author":"Schiuma G","year":"2010"},{"key":"bibr23-0165551517748288","doi-asserted-by":"publisher","DOI":"10.5465\/19416520.2012.672039"},{"key":"bibr24-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1057\/palgrave.emr.1500012"},{"key":"bibr25-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/S0742-3322(05)22016-8"},{"key":"bibr26-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1177\/1476127006069427"},{"key":"bibr27-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1111\/j.1468-2370.2008.00250.x"},{"key":"bibr28-0165551517748288","volume-title":"Sensemaking in organizations","author":"Weick KE","year":"1995"},{"key":"bibr29-0165551517748288","volume-title":"Theoretical sensitivity: advances in the methodology of grounded theory","author":"Glaser BG","year":"1978"},{"key":"bibr30-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1108\/14684520710832333"},{"key":"bibr31-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1007\/s10845-012-0683-0"},{"key":"bibr32-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2013.11.004"},{"key":"bibr33-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1108\/JKM-05-2014-0198"},{"key":"bibr34-0165551517748288","doi-asserted-by":"publisher","DOI":"10.2307\/23044049"},{"key":"bibr35-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-7133-3_3"},{"key":"bibr36-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2010.11.002"},{"key":"bibr37-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.09.010"},{"key":"bibr38-0165551517748288","doi-asserted-by":"publisher","DOI":"10.2307\/25750690"},{"key":"bibr39-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2009.12.005"},{"key":"bibr40-0165551517748288","doi-asserted-by":"publisher","DOI":"10.4018\/joeuc.2012010102"},{"key":"bibr41-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1070.0160"},{"key":"bibr42-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1111\/isj.12063"},{"key":"bibr43-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2013.08.006"},{"key":"bibr44-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2014.05.043"},{"key":"bibr45-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-04-2014-0025"},{"key":"bibr46-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2014.03.009"},{"key":"bibr47-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.10.005"},{"key":"bibr48-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.04.006"},{"key":"bibr49-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1108\/09685221311314383"},{"key":"bibr50-0165551517748288","unstructured":"ISO\/IEC 27000:2009. Information technology \u2013 security techniques \u2013 information security management systems \u2013 overview and vocabulary."},{"key":"bibr51-0165551517748288","unstructured":"ISO\/IEC 27002:2013. Information technology security techniques \u2013 code of practice for information security controls."},{"key":"bibr52-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1176998"},{"key":"bibr53-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2004.17"},{"key":"bibr54-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2005.09.009"},{"key":"bibr55-0165551517748288","first-page":"361","volume-title":"43rd annual international Carnahan conference on security technology","author":"Malcolmson J"},{"key":"bibr56-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.07.001"},{"key":"bibr57-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1002\/9781118027974"},{"key":"bibr58-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(00)07021-8"},{"key":"bibr59-0165551517748288","first-page":"1","volume-title":"IFIP international information security conference","author":"Von Solms SB"},{"key":"bibr60-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxr118"},{"key":"bibr61-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2003.11.004"},{"key":"bibr62-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2012.104"},{"key":"bibr63-0165551517748288","volume-title":"Management of information security","author":"Whitman ME","year":"2013"},{"key":"bibr64-0165551517748288","doi-asserted-by":"publisher","DOI":"10.2307\/25750689"},{"key":"bibr65-0165551517748288","first-page":"405","volume-title":"14th international workshop on database and expert systems applications","author":"Schlienger T"},{"key":"bibr66-0165551517748288","first-page":"1560","volume-title":"European conference on information systems","author":"Dojkovski S"},{"key":"bibr67-0165551517748288","doi-asserted-by":"publisher","DOI":"10.2307\/25750704"},{"key":"bibr68-0165551517748288","volume-title":"2nd European conference on information warfare and security","author":"Zakaria O"},{"key":"bibr69-0165551517748288","volume-title":"Organizational culture and leadership","author":"Schein EH","year":"1992"},{"key":"bibr70-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(06)70430-4"},{"key":"bibr71-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2009.6"},{"key":"bibr72-0165551517748288","first-page":"1270","volume-title":"IEEE 14th international conference on high performance computing and communication and IEEE 9th international conference on embedded software and systems (HPCC-ICESS)","author":"Waly N"},{"key":"bibr73-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1108\/02635570610653498"},{"key":"bibr74-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/S0268-4012(02)00105-6"},{"key":"bibr75-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1287\/isre.2.1.1"},{"key":"bibr76-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.ejor.2005.07.006"},{"key":"bibr77-0165551517748288","unstructured":"Yin RK. Case study research: design and methods. Thousand Oaks, CA: SAGE, 2003, pp. 5\u201311."},{"key":"bibr78-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-954X.1983.tb00387.x"},{"key":"bibr79-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-954X.1991.tb02970.x"},{"key":"bibr80-0165551517748288","volume-title":"Learning the craft of qualitative research interviewing","author":"Kvale S","year":"2009"},{"key":"bibr81-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1177\/0165551515625032"},{"key":"bibr82-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1177\/0165551514538742"},{"key":"bibr83-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1177\/0165551504046725"},{"key":"bibr84-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1111\/j.1468-005X.2009.00227.x"},{"key":"bibr85-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1111\/j.1468-005X.2011.00268.x"},{"key":"bibr86-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1111\/j.1468-005X.2006.00170.x"},{"key":"bibr87-0165551517748288","doi-asserted-by":"publisher","DOI":"10.2307\/248684"},{"key":"bibr88-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1145\/196734.196744"},{"key":"bibr89-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2013.26"},{"key":"bibr90-0165551517748288","first-page":"164","volume-title":"Technology and enterprise in a historical perspective","author":"Nelson R","year":"1992"},{"key":"bibr91-0165551517748288","doi-asserted-by":"publisher","DOI":"10.2307\/2393553"},{"key":"bibr92-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/S0048-7333(99)00071-2"},{"key":"bibr93-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/0048-7333(95)00847-0"},{"key":"bibr94-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp063oa"},{"issue":"1","key":"bibr95-0165551517748288","first-page":"57","volume":"20","author":"Choobineh J","year":"2007","journal-title":"Commun Assoc Inform Syst"},{"key":"bibr96-0165551517748288","first-page":"60","volume-title":"International conference on computational science and engineering","volume":"3","author":"Williams MA"},{"key":"bibr97-0165551517748288","first-page":"530","volume-title":"International conference on information security","author":"Torres JM"},{"key":"bibr98-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2013.10.001"},{"key":"bibr99-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.10.007"},{"key":"bibr100-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2009.02.005"},{"key":"bibr101-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1016\/j.compedu.2008.06.011"},{"key":"bibr102-0165551517748288","doi-asserted-by":"publisher","DOI":"10.2307\/2393235"},{"key":"bibr103-0165551517748288","volume-title":"Narrating the organization: dramas of institutional identity","author":"Czarniawska B","year":"1997"},{"key":"bibr104-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1108\/09534819610128760"},{"key":"bibr105-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1111\/1467-6486.00343"},{"key":"bibr106-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1177\/1350507612443208"},{"key":"bibr107-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1177\/1350507609340809"},{"key":"bibr108-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1007\/s10551-012-1308-4"},{"key":"bibr109-0165551517748288","doi-asserted-by":"publisher","DOI":"10.1596\/0-8213-5356-X"}],"container-title":["Journal of Information Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0165551517748288","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/0165551517748288","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0165551517748288","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,28]],"date-time":"2025-02-28T19:09:44Z","timestamp":1740769784000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/0165551517748288"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,1,4]]},"references-count":109,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2018,12]]}},"alternative-id":["10.1177\/0165551517748288"],"URL":"https:\/\/doi.org\/10.1177\/0165551517748288","relation":{},"ISSN":["0165-5515","1741-6485"],"issn-type":[{"value":"0165-5515","type":"print"},{"value":"1741-6485","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,1,4]]}}}