{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T22:32:41Z","timestamp":1773959561850,"version":"3.50.1"},"reference-count":218,"publisher":"MIS Quarterly","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,3,1]]},"abstract":"<jats:p>This paper reviews the literature on how organizations learn from information system (IS) incidents. We identify three modes of learning depending on the practices that constitute the learning process, the specific actors who play roles in learning, the temporal orientation of the learning practices, and the specific contextual focus of the learning. The literature focuses primarily on learning from past experience to draw lessons for future incidents (reflective learning mode). Yet, a growing stream of literature stresses the importance of learning through engagement with present incidents (embedded learning mode), and a few studies suggest that organizations can learn prospectively to prepare for future incidents (prospective learning mode). We argue that although these three learning modes are effective, they do not adequately explain how organizations learn from IS incidents when used in isolation. Since IS incidents unfold increasingly as sets of interacting events across information systems and organizational settings, organizational learning needs to be theorized as an iterative process among these learning modes. We synthesize these three learning modes into an integrative framework and theorize about their supportive and inhibiting relations. We suggest some opportunities for future research, which would advance our understanding of how organizations learn from IS incidents.<\/jats:p>","DOI":"10.25300\/misq\/2022\/14305","type":"journal-article","created":{"date-parts":[[2022,5,5]],"date-time":"2022-05-05T12:49:13Z","timestamp":1651754953000},"page":"531-590","source":"Crossref","is-referenced-by-count":19,"title":["How Do Organizations Learn from Information System Incidents? A Synthesis of the Past, Present, and Future"],"prefix":"10.25300","volume":"46","author":[{"given":"Mohammad H.","family":"Rezazade Mehrizi","sequence":"first","affiliation":[{"name":"School of Business & Economics, KIN Center for Digital Innovation, Vrije Universiteit Amsterdam, De Boelelaan 1105, 1081 HV Amsterdam, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Davide","family":"Nicolini","sequence":"additional","affiliation":[{"name":"IKON, Warwick Business School, University of Warwick, Coventry, CV 4 7AL, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joan Rodon","family":"M\u00f2dol","sequence":"additional","affiliation":[{"name":"Universitat Ramon Llull, ESADE Business School, Av. Torreblanca, 59, E-08172 Sant Cugat, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"10933","published-online":{"date-parts":[[2022,3,1]]},"reference":[{"issue":"0","key":"2025082212270937300_b1-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1016\/j.cose.2014.11.006","article-title":"A Survey of Information Security Incident Handling in the Cloud","volume":"49","author":"Ab Rahman","year":"2015","journal-title":"Computers & Security"},{"issue":"11","key":"2025082212270937300_b2-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1145\/2366316.2366331","article-title":"Resilience Engineering: Learning to Embrace Failure","volume":"55","author":"ACM","year":"2012","journal-title":"Communications of the ACM"},{"issue":"8","key":"2025082212270937300_b3-16_14305_tr_rezazademehrizi","first-page":"939","article-title":"How Integration of Cyber Security Management and Incident Response Enables Organizational Learning","volume":"71","author":"Ahmad","year":"2020","journal-title":"JASIST"},{"issue":"5","key":"2025082212270937300_b4-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1016\/j.cose.2012.04.001","article-title":"Incident Response Teams: Challenges in Supporting the Organisational Security Function","volume":"31","author":"Ahmad","year":"2012","journal-title":"Computers & Security"},{"issue":"2","key":"2025082212270937300_b5-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"210","DOI":"10.5465\/amr.2012.0177","article-title":"Resolving the Paradox of Interdependency and Strategic Renewal in Activity Systems","volume":"40","author":"Albert","year":"2015","journal-title":"Academy of Management Review"},{"issue":"4","key":"2025082212270937300_b6-16_14305_tr_rezazademehrizi","first-page":"550","article-title":"Enhancing Information Security Best Practices Sharing in Virtual Knowledge Communities","volume":"51","author":"Alhogail","year":"2020","journal-title":"VINE Journal of Information and Knowledge Management"},{"issue":"8","key":"2025082212270937300_b7-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1145\/2346916.2353017","article-title":"Fault Injection in Production: Making the Case for Resilience Testing","volume":"10","author":"Allspaw","year":"2012","journal-title":"Queue"},{"issue":"5","key":"2025082212270937300_b8-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"448","DOI":"10.1057\/ejis.2008.37","article-title":"Defining Information Systems as Work Systems: Implications for the IS Field","volume":"17","author":"Alter","year":"2008","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025082212270937300_b9-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"893","DOI":"10.25300\/MISQ\/2017\/41.3.10","article-title":"When Do IT Security Investments Matter? Accounting for the Influence of Institutional Factors in the Context of Healthcare Data Breaches","volume":"41","author":"Angst","year":"2016","journal-title":"MIS Quarterly"},{"key":"2025082212270937300_b10-16_14305_tr_rezazademehrizi","article-title":"Security Related Information Sharing among Firms: Potential Theoretical Explanations","author":"Appan","year":"2018"},{"key":"2025082212270937300_b11-16_14305_tr_rezazademehrizi","first-page":"181","article-title":"Intraorganizational Learning","volume-title":"The Blackwell Companion to Organizations","author":"Argote","year":"2002"},{"key":"2025082212270937300_b12-16_14305_tr_rezazademehrizi","volume-title":"On Organizational Learning","author":"Argyris","year":"1999"},{"key":"2025082212270937300_b13-16_14305_tr_rezazademehrizi","volume-title":"Organizational Learning","author":"Argyris","year":"1978"},{"issue":"SI","key":"2025082212270937300_b14-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"413","DOI":"10.2307\/25148767","article-title":"Circuits of Power in Creating de jure Standards: Shaping an International Information Systems Security Standard","volume":"30","author":"Backhouse","year":"2006","journal-title":"MIS Quarterly"},{"key":"2025082212270937300_b15-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.1109\/PRDC.2017.46","article-title":"Trend Analyses of Failures in Information Systems: A Case Study on Communications Networks and Financial Information Systems","author":"Bando","year":"2017"},{"key":"2025082212270937300_b16-16_14305_tr_rezazademehrizi","article-title":"Influence of Information Overload on IT Security Behavior: A Theoretical Framework","author":"Bandyopadhyay","year":"2017"},{"issue":"4","key":"2025082212270937300_b17-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"397","DOI":"10.1177\/1350507604048270","article-title":"From Questions and Answers: Reviewing Organizational Learning Research","volume":"35","author":"Bapuji","year":"2004","journal-title":"Management Learning"},{"key":"2025082212270937300_b18-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1016\/j.cose.2016.11.017","article-title":"Challenges in IT Security Preparedness Exercises: A Case Study","volume":"67","author":"Bartnes","year":"2017","journal-title":"Computers & Security"},{"key":"2025082212270937300_b19-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1016\/j.cose.2016.05.004","article-title":"The Future of Information Security Incident Management Training: A Case Study of Electrical Power Companies","volume":"61","author":"Bartnes","year":"2016","journal-title":"Computers & Security"},{"issue":"2","key":"2025082212270937300_b20-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1057\/ejis.1991.20","article-title":"Risk Analysis: An Interpretive Feasibility Tool in Justifying Information Systems Security","volume":"1","author":"Baskerville","year":"1991","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"2025082212270937300_b21-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1016\/j.im.2013.11.004","article-title":"Incident-Centered Information Security: Managing a Strategic Balance between Prevention and Response","volume":"51","author":"Baskerville","year":"2014","journal-title":"Information & Management"},{"key":"2025082212270937300_b22-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1016\/j.cose.2017.04.009","article-title":"Prevention Is Better than Cure! Designing Information Security Awareness Programs to Overcome Users\u2019 Non-Compliance with Information Security Policies in Banks","volume":"68","author":"Bauer","year":"2017","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212270937300_b23-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1016\/j.lrp.2005.03.004","article-title":"Learning from Failures: Why It May Not Happen","volume":"38","author":"Baumard","year":"2005","journal-title":"Long Range Planning"},{"issue":"4","key":"2025082212270937300_b24-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1111\/ijmr.12029","article-title":"Time and Organizational Learning: A Review and Agenda for Future Research","volume":"16","author":"Berends","year":"2014","journal-title":"International Journal of Management Reviews"},{"issue":"1","key":"2025082212270937300_b25-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1109\/MS.2017.442103917","article-title":"From Incident to Insight: Incident Responders and Software Innovation","volume":"36","author":"Biddle","year":"2019","journal-title":"IEEE Software"},{"issue":"1","key":"2025082212270937300_b26-16_14305_tr_rezazademehrizi","first-page":"261","article-title":"Inside the Fence: Sensitizing Decision Makers to the Possibility of Deception in the Data They Use","volume":"4","author":"Biros","year":"2005","journal-title":"MIS Quarterly Executive"},{"issue":"49","key":"2025082212270937300_b27-16_14305_tr_rezazademehrizi","first-page":"77","article-title":"The Project Post-Mortem","volume":"21","author":"Boddie","year":"1987","journal-title":"Computerworld"},{"issue":"9","key":"2025082212270937300_b28-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1588","DOI":"10.1016\/j.techfore.2010.06.015","article-title":"Strategic Foresight and Organizational Learning: A Survey and Critical Analysis","volume":"77","author":"Bootz","year":"2010","journal-title":"Technological Forecasting and Social Change"},{"key":"2025082212270937300_b29-16_14305_tr_rezazademehrizi","first-page":"1","article-title":"The Role of Organizational Resilience across the Cyber Attack Lifecycle","author":"Bouwens","year":"2019"},{"issue":"1","key":"2025082212270937300_b30-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"102","DOI":"10.2307\/259265","article-title":"Organizational Identity and Learning: A Psychodynamic Perspective","volume":"25","author":"Brown","year":"2000","journal-title":"Academy of Management Review"},{"issue":"2","key":"2025082212270937300_b31-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"211","DOI":"10.2307\/25148728","article-title":"Reliability, Mindfulness, and Information Systems","volume":"30","author":"Butler","year":"2006","journal-title":"MIS Quarterly"},{"key":"2025082212270937300_b32-16_14305_tr_rezazademehrizi","article-title":"Today\u2019s Massive Ransomware Attack Was Mostly Preventable; Here\u2019s How to Avoid it","author":"Cameron","year":"2017","journal-title":"Gizmodo"},{"issue":"1","key":"2025082212270937300_b33-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1109\/52.646883","article-title":"Learning from Our Mistakes with Defect Causal Analysis","volume":"15","author":"Card","year":"1998","journal-title":"IEEE Software"},{"issue":"5","key":"2025082212270937300_b34-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"555","DOI":"10.1287\/orsc.1040.0094","article-title":"Transferring, Translating, and Transforming: An Integrative Framework for Managing Knowledge across Boundaries","volume":"15","author":"Carlile","year":"2004","journal-title":"Organization Science"},{"issue":"6","key":"2025082212270937300_b35-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"699","DOI":"10.1111\/1467-6486.00116","article-title":"Organizational Learning Activities in High-Hazard Industries: The Logics Underlying Self-Analysis","volume":"35","author":"Carroll","year":"1998","journal-title":"Journal of Management Studies"},{"issue":"1","key":"2025082212270937300_b36-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ssci.2010.03.005","article-title":"The Gift of Failure: New Approaches to Analyzing and Learning from Events and Near-Misses.\u2019 Honoring the Contributions of Bernhard Wilpert","volume":"49","author":"Carroll","year":"2011","journal-title":"Safety Science"},{"issue":"1","key":"2025082212270937300_b37-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1287\/isre.1050.0041","article-title":"The Value of Intrusion Detection Systems in Information Technology Security Architecture","volume":"16","author":"Cavusoglu","year":"2005","journal-title":"Information Systems Research"},{"issue":"5","key":"2025082212270937300_b38-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1145\/2749417","article-title":"Cascade Failure","volume":"58","author":"Cerf","year":"2015","journal-title":"Communications of the ACM"},{"issue":"3","key":"2025082212270937300_b39-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1080\/08874417.2015.11645767","article-title":"Impacts of Comprehensive Information Security Programs on Information Security Culture","volume":"55","author":"Chen","year":"2015","journal-title":"The Journal of Computer Information Systems"},{"issue":"3","key":"2025082212270937300_b40-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"522","DOI":"10.2307\/259140","article-title":"An Organizational Learning Framework: From Intuition to Institution","volume":"24","author":"Crossan","year":"1999","journal-title":"Academy of Management Review"},{"issue":"1","key":"2025082212270937300_b41-16_14305_tr_rezazademehrizi","first-page":"49","article-title":"Why IT Executives Should Help Employees Secure Their Home Computers","volume":"7","author":"Culnan","year":"2008","journal-title":"MIS Quarterly Executive"},{"issue":"4","key":"2025082212270937300_b42-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"673","DOI":"10.2307\/20650322","article-title":"How Ethics Can Enhance Organizational Privacy: Lessons from the ChoicePoint and TJX Data Breaches","volume":"33","author":"Culnan","year":"2009","journal-title":"MIS Quarterly"},{"key":"2025082212270937300_b43-16_14305_tr_rezazademehrizi","volume-title":"A Behavioral Theory of the Firm","author":"Cyert","year":"1963"},{"issue":"4","key":"2025082212270937300_b44-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2492248.2492263","article-title":"Empirical Study of Root Cause Analysis of Software Failure","volume":"38","author":"Dalal","year":"2013","journal-title":"ACM SIGSOFT Software Engineering Notes"},{"issue":"1","key":"2025082212270937300_b45-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1111\/ijmr.12178","article-title":"Concepts of Time and Temporality in the Storytelling and Sensemaking Literatures: A Review and Critique","volume":"21","author":"Dawson","year":"2019","journal-title":"International Journal of Management Reviews"},{"issue":"10","key":"2025082212270937300_b46-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1145\/1290958.1290971","article-title":"Deterring Internal Information Systems Misuse","volume":"50","author":"D\u2019Arcy","year":"2007","journal-title":"Communications of the ACM"},{"issue":"4","key":"2025082212270937300_b47-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1032","DOI":"10.5465\/amj.2013.0949","article-title":"Learning Through the Distribution of Failures Within an Organization: Evidence from Heart Bypass Surgery Performance","volume":"58","author":"Desai","year":"2015","journal-title":"Academy of Management Journal"},{"issue":"4","key":"2025082212270937300_b48-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"452","DOI":"10.1016\/j.im.2016.10.002","article-title":"Information Security Concerns in IT Outsourcing: Identifying (in) Congruence between Clients and Vendors","volume":"54","author":"Dhillon","year":"2017","journal-title":"Information & Management"},{"key":"2025082212270937300_b49-16_14305_tr_rezazademehrizi","article-title":"Terrifying Ransomware Statistics & Facts You Need to Read","author":"Dobran","year":"2019","journal-title":"PhoenixNAP Global IT Services"},{"issue":"4","key":"2025082212270937300_b50-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"823","DOI":"10.2307\/258050","article-title":"Potential Predictors of Whistle-Blowing: A Prosocial Behavior Perspective","volume":"10","author":"Dozier","year":"1985","journal-title":"Academy of Management Review"},{"issue":"1","key":"2025082212270937300_b51-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"61","DOI":"10.2308\/isys-50399","article-title":"XBRL Mandate: Thousands of Filing Errors and So What?","volume":"27","author":"Du","year":"2013","journal-title":"Journal of Information Systems"},{"issue":"9","key":"2025082212270937300_b52-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1805","DOI":"10.1177\/001872679705000903","article-title":"Disciplines of Organizational Learning: Contributions and Critiques","volume":"50","author":"Easterby-Smith","year":"1997","journal-title":"Human Relations"},{"issue":"6","key":"2025082212270937300_b53-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"783","DOI":"10.1111\/1467-6486.00203","article-title":"Organizational Learning: Debates Past, Present and Future","volume":"37","author":"Easterby-Smith","year":"2000","journal-title":"Journal of Management Studies"},{"key":"2025082212270937300_b54-16_14305_tr_rezazademehrizi","volume-title":"Handbook of Organizational Learning and Knowledge Management","author":"Easterby-Smith","year":"2011"},{"issue":"5","key":"2025082212270937300_b55-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1109\/MS.2015.126","article-title":"Implementing Functional Safety","volume":"32","author":"Ebert","year":"2015","journal-title":"IEEE Software"},{"issue":"1","key":"2025082212270937300_b56-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1111\/j.1468-5973.2007.00500.x","article-title":"Anticipating Future Vulnerability: Defining Characteristics of Increasingly Critical Infrastructure-Like Systems","volume":"15","author":"Egan","year":"2007","journal-title":"Journal of Contingencies & Crisis Management"},{"issue":"3","key":"2025082212270937300_b57-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1007\/s10799-015-0232-6","article-title":"Integrating Attacker Behavior in IT Security Analysis: A Discrete-Event Simulation Approach","volume":"16","author":"Ekelhart","year":"2015","journal-title":"Information Technology and Management"},{"issue":"3\/4","key":"2025082212270937300_b58-16_14305_tr_rezazademehrizi","first-page":"17","article-title":"Exploring the Failure to Learn: Crises and the Barriers to Learning","volume":"21","author":"Elliott","year":"2000","journal-title":"Review of Business"},{"issue":"4","key":"2025082212270937300_b59-16_14305_tr_rezazademehrizi","first-page":"211","article-title":"Cyberplagues, IT and Security: Threat Politics in the Information Age","volume":"9","author":"Eriksson","year":"2001","journal-title":"Journal of Contingency and Crisis Management"},{"key":"2025082212270937300_b60-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.1109\/HICSS.1999.772858","article-title":"Organizational Back Ups: Reconfiguring Technology in a Telemediated Environment","author":"Faia-Correia","year":"1999"},{"issue":"2","key":"2025082212270937300_b61-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1111\/j.1468-5973.2006.00485.x","article-title":"Moral Hazard and the Role of Users in Learning from Accidents","volume":"14","author":"Fauchart","year":"2006","journal-title":"Journal of Contingencies & Crisis Management"},{"key":"2025082212270937300_b62-16_14305_tr_rezazademehrizi","unstructured":"Financial Times\n          . 2020. \u201cThe Great Hack Attack: SolarWinds Breach Exposes Big Gaps in Cyber Security,\u201d December\u200818, (https:\/\/www.ft.com\/content\/c13dbb51-907b-4db7-834730921ef931c2)."},{"issue":"4","key":"2025082212270937300_b63-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"803","DOI":"10.2307\/258048","article-title":"Organizational Learning","volume":"10","author":"Fiol","year":"1985","journal-title":"Academy of Management Review"},{"issue":"8","key":"2025082212270937300_b64-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1145\/179606.179721","article-title":"CERT Incident Response and the Internet","volume":"37","author":"Fithen","year":"1994","journal-title":"Communications of the ACM"},{"issue":"3","key":"2025082212270937300_b65-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"244","DOI":"10.1057\/palgrave.ejis.3000541","article-title":"The Turnaround of the London Ambulance Service Computer-Aided Despatch System (LASCAD)","volume":"14","author":"Fitzgerald","year":"2005","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025082212270937300_b66-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"595","DOI":"10.2307\/25750693","article-title":"The Impact of Malicious Agents on the Enterprise Software Industry","volume":"34","author":"Galbreth","year":"2010","journal-title":"MIS Quarterly"},{"key":"2025082212270937300_b67-16_14305_tr_rezazademehrizi","volume-title":"The Systems Bible: The Beginner\u2019s Guide to Systems Large and Small","author":"Gall","year":"2002"},{"issue":"2","key":"2025082212270937300_b68-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1287\/isre.1050.0053","article-title":"The Economic Incentives for Sharing Security Information","volume":"16","author":"Gal-Or","year":"2005","journal-title":"Information Systems Research"},{"key":"2025082212270937300_b69-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1016\/j.cose.2018.04.006","article-title":"Empirical Analysis of Attack Graphs for Mitigating Critical Paths and Vulnerabilities","volume":"77","author":"Garg","year":"2018","journal-title":"Computers & Security"},{"issue":"1","key":"2025082212270937300_b70-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"113","DOI":"10.2307\/2666981","article-title":"Looking Forward and Looking Backward: Cognitive and Experiential Search","volume":"45","author":"Gavetti","year":"2000","journal-title":"Administrative Science Quarterly"},{"issue":"2","key":"2025082212270937300_b71-16_14305_tr_rezazademehrizi","first-page":"85","article-title":"The Role of E-Training in Protecting Information Assets Against Deception Attacks","volume":"7","author":"George","year":"2008","journal-title":"MIS Quarterly Executive"},{"key":"2025082212270937300_b72-16_14305_tr_rezazademehrizi","article-title":"Organizations\u2019 Proactive Information Security Behavior","author":"Ghahramani","year":"2018"},{"key":"2025082212270937300_b73-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.cose.2015.11.005","article-title":"A Comprehensive Approach for Network Attack Forecasting","volume":"58","author":"GhasemiGol","year":"2016","journal-title":"Computers & Security"},{"issue":"7","key":"2025082212270937300_b74-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1177\/105649260091002","article-title":"The Organizational Learning of Safety in Communities of Practice","volume":"9","author":"Gherardi","year":"2000","journal-title":"Journal of Management Inquiry"},{"issue":"2","key":"2025082212270937300_b75-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1057\/ejis.2011.54","article-title":"Pragmatism Vs. Interpretivism in Qualitative Information Systems Research","volume":"21","author":"Goldkuhl","year":"2012","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"2025082212270937300_b76-16_14305_tr_rezazademehrizi","first-page":"303","article-title":"Dark Screen: An Exercise in Cyber Security","volume":"4","author":"Goles","year":"2005","journal-title":"MIS Quarterly Executive"},{"issue":"3","key":"2025082212270937300_b77-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1201\/1078\/43197.16.3.19990601\/31316.8","article-title":"The Y2K Boon to IS and Business","volume":"16","author":"Gordon","year":"1999","journal-title":"Information Systems Management"},{"issue":"3","key":"2025082212270937300_b78-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"567","DOI":"10.2307\/25750692","article-title":"Market Value of Voluntary Disclosures Concerning Information Security","volume":"34","author":"Gordon","year":"2010","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212270937300_b79-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1111\/j.0966-0879.2004.00435.x","article-title":"The Revenge of Distance: Vulnerability Analysis of Critical Information Infrastructure","volume":"12","author":"Gorman","year":"2004","journal-title":"Journal of Contingencies & Crisis Management"},{"issue":"3","key":"2025082212270937300_b80-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"159","DOI":"10.2753\/MIS0742-1222220306","article-title":"The Role of Knowledge Repositories in Technical Support Environments: Speed Versus Learning in User Performance","volume":"22","author":"Gray","year":"2005","journal-title":"Journal of Management Information Systems"},{"key":"2025082212270937300_b81-16_14305_tr_rezazademehrizi","article-title":"Rethinking Security Incident Response: The Integration of Agile Principles","author":"Grispos","year":"2014"},{"key":"2025082212270937300_b82-16_14305_tr_rezazademehrizi","article-title":"Security Incident Response Criteria: A Practitioner\u2019s Perspective","author":"Grispos","year":"2015"},{"key":"2025082212270937300_b83-16_14305_tr_rezazademehrizi","volume-title":"Computer Security Incident Response Teams: Exploring the Incident Learning Capability","author":"Hadgkiss","year":"2006"},{"issue":"3","key":"2025082212270937300_b84-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"349","DOI":"10.2307\/249661","article-title":"Sustaining Process Improvement and Innovation in the Information Services Function: Lessons Learned at the Bose Corporation","volume":"20","author":"Harkness","year":"1996","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025082212270937300_b85-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"609","DOI":"10.2307\/3094911","article-title":"Learning from Complexity: Effects of Prior Accidents and Incidents on Airlines\u2019 Learning","volume":"47","author":"Haunschild","year":"2002","journal-title":"Administrative Science Quarterly"},{"key":"2025082212270937300_b86-16_14305_tr_rezazademehrizi","first-page":"3","article-title":"How Organizations Learn and Unlearn","volume-title":"Handbook of Organizational Design","author":"Hedberg","year":"1981"},{"issue":"4","key":"2025082212270937300_b87-16_14305_tr_rezazademehrizi","first-page":"333","article-title":"Dealing with Risk: A Practical Approach","volume":"11","author":"Heemstra","year":"1996","journal-title":"Journal of Information Technology Impact"},{"issue":"3","key":"2025082212270937300_b88-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"337","DOI":"10.2753\/MIS0742-1222250310","article-title":"Investments in Information Security: A Real Options Perspective with Bayesian Postaudit","volume":"25","author":"Herath","year":"2008","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"2025082212270937300_b89-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"79","DOI":"10.2308\/isys-51402","article-title":"The Relationship between Board-Level Technology Committees and Reported Security Breaches","volume":"30","author":"Higgs","year":"2016","journal-title":"Journal of Information Systems"},{"key":"2025082212270937300_b90-16_14305_tr_rezazademehrizi","article-title":"Towards a Conceptual Framework for Investigating IS Failure","author":"Holmes","year":"1995"},{"issue":"6","key":"2025082212270937300_b91-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1145\/2184319.2184322","article-title":"Protecting against Data Breaches; Living with Mistakes","volume":"55","author":"Hong","year":"2012","journal-title":"Communications of the ACM"},{"issue":"1","key":"2025082212270937300_b92-16_14305_tr_rezazademehrizi","first-page":"17","article-title":"Opportunities to Learn from \u2018Failure\u2019 with Electronic Commerce: A Case Study of Electronic Banking","volume":"18","author":"Huang","year":"2003","journal-title":"Journal of Information Technology Impact"},{"key":"2025082212270937300_b92a-16_14305_tr_rezazademehrizi","volume-title":"Cost of a Data Breach Report 2020","author":"IBM Security","year":"2020"},{"issue":"5","key":"2025082212270937300_b93-16_14305_tr_rezazademehrizi","first-page":"777","article-title":"Cost Effective Management Frameworks for Intrusion Detection Systems","volume":"12","author":"Iheagwara","year":"2004","journal-title":"International Journal of Information and Computer Security"},{"issue":"1","key":"2025082212270937300_b94-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1057\/palgrave.ejis.3000384","article-title":"Transforming Failure into Success through Organisational Learning: An Analysis of a Manufacturing Information System","volume":"10","author":"Irani","year":"2001","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"2025082212270937300_b95-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1016\/j.jsis.2018.09.003","article-title":"Decision-Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment","volume":"28","author":"Jalali","year":"2019","journal-title":"The Journal of Strategic Information Systems"},{"issue":"2","key":"2025082212270937300_b96-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1002\/ajim.10035","article-title":"Time Dependent Memory Decay","volume":"41","author":"Jenkins","year":"2002","journal-title":"American Journal of Industrial Medicine"},{"key":"2025082212270937300_b97-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.24251\/HICSS.2017.520","article-title":"Combating Phishing Attacks: A Knowledge Management Approach","author":"Jensen","year":"2017"},{"issue":"3","key":"2025082212270937300_b98-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"549","DOI":"10.2307\/25750691","article-title":"Fear Appeals and Information Security Behaviors: An Empirical Study","volume":"34","author":"Johnston","journal-title":"MIS Quarterly"},{"key":"2025082212270937300_b99-16_14305_tr_rezazademehrizi","unstructured":"Jolly, J.\n          \u20082019. \u201cPassenger Anger as Tens of Thousands Hit by BA Systems Failure,\u201d The Guardian (https:\/\/www.theguardian.com\/business\/2019\/aug\/07\/british-airways-it-glitch-causes-disruption-for-passengers-delays)."},{"issue":"4","key":"2025082212270937300_b100-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1080\/07399018408963057","article-title":"Solving Hardware and Software Problems with User Groups","volume":"1","author":"Jones","year":"1984","journal-title":"Information Systems Management"},{"issue":"1","key":"2025082212270937300_b101-16_14305_tr_rezazademehrizi","first-page":"39","article-title":"Recovering IT in a Disaster: Lessons from Hurricane Katrina","volume":"6","author":"Junglas","year":"2007","journal-title":"MIS Quarterly Executive"},{"issue":"2","key":"2025082212270937300_b102-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"357","DOI":"10.25300\/MISQ\/2013\/37.2.02","article-title":"The Ambivalent Ontology of Digital Artifacts","volume":"37","author":"Kallinikos","year":"2013","journal-title":"MIS Quarterly"},{"key":"2025082212270937300_b103-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.24251\/HICSS.2018.599","article-title":"Future Prospects of Cyber Security in Manufacturing: Findings from a Delphi Study","author":"Kannus","year":"2018"},{"issue":"4","key":"2025082212270937300_b104-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1201\/1078.10580530\/46352.23.4.20060901\/95110.4","article-title":"Early Warning Signs of IT Project Failure: The Dominant Dozen","volume":"23","author":"Kappelman","year":"2006","journal-title":"Information Systems Management"},{"issue":"1","key":"2025082212270937300_b105-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1057\/palgrave.ejis.3000727","article-title":"The Post Mortem Paradox: A Delphi Study of IT Specialist Perceptions","volume":"17","author":"Kasi","year":"2008","journal-title":"European Journal of Information Systems"},{"key":"2025082212270937300_b106-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.jpdc.2018.10.006","article-title":"Towards Augmented Proactive Cyberthreat Intelligence","volume":"124","author":"Khan","year":"2019","journal-title":"Journal of Parallel and Distributed Computing"},{"issue":"1","key":"2025082212270937300_b107-16_14305_tr_rezazademehrizi","first-page":"37","article-title":"The Link between Individual and Organizational Learning","volume":"35","author":"Kim","year":"1993","journal-title":"Sloan Management Review"},{"issue":"3","key":"2025082212270937300_b108-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"655","DOI":"10.25300\/MISQ\/2014\/38.3.02","article-title":"Differential Effects of Prior Experience on the Malware Resolution Process","volume":"38","author":"Kim","year":"2014","journal-title":"MIS Quarterly"},{"issue":"7","key":"2025082212270937300_b109-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"522","DOI":"10.1016\/j.cose.2006.08.004","article-title":"A Taxonomy and Comparison of Computer Security Incidents from the Commercial and Government Sectors","volume":"25","author":"Kjaerland","year":"2006","journal-title":"Computers & Security"},{"issue":"2","key":"2025082212270937300_b110-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1201\/1078\/43188.16.2.19990301\/31183.15","article-title":"A Tool for Managing Year 2000 Projects","volume":"16","author":"Kliem","year":"1999","journal-title":"Information Systems Management"},{"key":"2025082212270937300_b111-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1016\/j.cose.2013.05.001","article-title":"Integrated Digital Forensic Process Model","volume":"38","author":"Kohn","year":"2013","journal-title":"Computers & Security"},{"issue":"2","key":"2025082212270937300_b112-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"451","DOI":"10.25300\/MISQ\/2014\/38.2.06","article-title":"Proactive Versus Reactive Security Investments in the Healthcare Sector","volume":"38","author":"Kwon","year":"2014","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025082212270937300_b113-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1043","DOI":"10.25300\/MISQ\/2018\/13580","article-title":"Meaningful Healthcare Security: Does \u2018Meaningful-Use\u2019 Attestation Improve Information Security Performance?","volume":"42","author":"Kwon","year":"2018","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212270937300_b114-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1","DOI":"10.5465\/amj.2013.4001","article-title":"Process Studies of Change in Organization and Management: Unveiling Temporality, Activity, and Flow","volume":"56","author":"Langley","year":"2013","journal-title":"Academy of Management Journal"},{"key":"2025082212270937300_b115-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.4135\/9781473957954","volume-title":"The SAGE Handbook of Process Organization Studies","author":"Langley","year":"2016"},{"key":"2025082212270937300_b116-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511815355","volume-title":"Situated Learning: Legitimate Peripheral Participation","author":"Lave","year":"1991"},{"key":"2025082212270937300_b117-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511609268","volume-title":"Cognition in Practice","author":"Lave","year":"1988"},{"key":"2025082212270937300_b118-16_14305_tr_rezazademehrizi","first-page":"17","article-title":"Situating Learning in Communities of Practice","volume-title":"Perspectives on Socially Shared Cognition","author":"Lave","year":"1993"},{"issue":"6","key":"2025082212270937300_b119-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1145\/2461256.2461270","article-title":"Learning from the Past to Face the Risks of Today","volume":"56","author":"Leveson","year":"2013","journal-title":"Communications of the ACM"},{"issue":"1","key":"2025082212270937300_b120-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"319","DOI":"10.1146\/annurev.so.14.080188.001535","article-title":"Organizational Learning","volume":"14","author":"Levitt","year":"1988","journal-title":"Annual Review of Sociology"},{"issue":"6","key":"2025082212270937300_b121-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"414","DOI":"10.17705\/1jais.00269","article-title":"Managing Risks in a Failing IT Project: A Social Constructionist View","volume":"12","author":"Lim","year":"2011","journal-title":"Journal of the Association for Information Systems"},{"issue":"2","key":"2025082212270937300_b122-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"173","DOI":"10.2307\/249574","article-title":"Threats to Information Systems: Today\u2019s Reality, Yesterday\u2019s Understanding","volume":"16","author":"Loch","year":"1992","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212270937300_b123-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"263","DOI":"10.5465\/amr.2013.0273","article-title":"A Quantum Approach to Time and Organizational Change","volume":"40","author":"Lord","year":"2015","journal-title":"Academy of Management Review"},{"issue":"2","key":"2025082212270937300_b124-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1046\/j.1365-2575.1999.00051.x","article-title":"Learning Failure in Information Systems Development","volume":"9","author":"Lyytinen","year":"1999","journal-title":"Information Systems Journal"},{"issue":"3","key":"2025082212270937300_b125-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"233","DOI":"10.1287\/isre.9.3.233","article-title":"Attention Shaping and Software Risk\u2014A Categorical Analysis of Four Classical Risk Management Approaches","volume":"9","author":"Lyytinen","year":"1998","journal-title":"Information Systems Research"},{"issue":"2","key":"2025082212270937300_b126-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"55","DOI":"10.2753\/MIS0742-1222270202","article-title":"Safe Contexts for Interorganizational Collaborations Among Homeland Security Professionals","volume":"27","author":"Majchrzak","year":"2010","journal-title":"Journal of Management Information Systems"},{"key":"2025082212270937300_b127-16_14305_tr_rezazademehrizi","article-title":"Understanding the Information Security Awareness Process in Real Estate Organizations Using the SEC Model","author":"Mani","year":"2014"},{"issue":"1","key":"2025082212270937300_b128-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1287\/orsc.2.1.71","article-title":"Exploration and Exploitation in Organizational Learning","volume":"2","author":"March","year":"1991","journal-title":"Organization Science"},{"key":"2025082212270937300_b129-16_14305_tr_rezazademehrizi","first-page":"335","article-title":"The Uncertainty of the Past: Organizational Learning under Ambiguity","volume-title":"Decisions and Organizations","author":"March","year":"1988"},{"key":"2025082212270937300_b130-16_14305_tr_rezazademehrizi","volume-title":"Organizations","author":"March","year":"1958"},{"issue":"1","key":"2025082212270937300_b131-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1287\/orsc.2.1.1","article-title":"Learning from Samples of One or Fewer","volume":"2","author":"March","year":"1991","journal-title":"Organization Science"},{"issue":"5","key":"2025082212270937300_b132-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"622","DOI":"10.1108\/14684520710832333","article-title":"Perception of Risk and the Strategic Impact of Existing IT on Information Security Strategy at Board Level","volume":"31","author":"McFadzean","year":"2007","journal-title":"Online Information Review"},{"issue":"3","key":"2025082212270937300_b133-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"321","DOI":"10.2307\/249500","article-title":"Bank of America: The Crest and Trough of Technological Leadership","volume":"21","author":"McKenney","year":"1997","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212270937300_b134-16_14305_tr_rezazademehrizi","article-title":"Challenges and Best Practices in Information Security Management","volume":"17","author":"McLaughlin","year":"2018","journal-title":"MIS Quarterly Executive"},{"key":"2025082212270937300_b135-16_14305_tr_rezazademehrizi","unstructured":"McMullen, A.\n          \u20082010. \u201cDon\u2019t Leave IT to the Techies,\u201d National Post (https:\/\/nationalpost.com\/news\/dont-leave-it-to-the-techies)."},{"key":"2025082212270937300_b136-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.1093\/oso\/9780198805304.001.0001","volume-title":"Context in Action and How to Study It: Illustrations from Health Care","author":"Meier","year":"2019"},{"key":"2025082212270937300_b137-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","unstructured":"Menges, F., and Pernul, G.\u20082018. \u201cA Comparative Analysis of Incident Reporting Formats,\u201d Computers & Security (73), pp. 87-101.","DOI":"10.1016\/j.cose.2017.10.009"},{"issue":"0","key":"2025082212270937300_b138-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.cose.2014.09.003","article-title":"Implementing Information Security Best Practices on Software Lifecycle Processes: The ISO\/IEC 15504 Security Extension","volume":"48","author":"Mesquida","year":"2015","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212270937300_b139-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"565","DOI":"10.1287\/isre.2015.0587","article-title":"Information Disclosure and the Diffusion of Information Security Attacks","volume":"26","author":"Mitra","year":"2015","journal-title":"Information Systems Research"},{"issue":"3","key":"2025082212270937300_b140-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"606","DOI":"10.1287\/isre.1100.0341","article-title":"When Hackers Talk: Managing Information Security Under Variable Attack Rates and Knowledge Dissemination","volume":"22","author":"Mookerjee","year":"2011","journal-title":"Information Systems Research"},{"key":"2025082212270937300_b141-16_14305_tr_rezazademehrizi","article-title":"Design of a Business Resilience Model for Industry 4.0 Manufacturers","author":"Morisse","year":"2017"},{"issue":"4","key":"2025082212270937300_b142-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"706","DOI":"10.2307\/259200","article-title":"Organizational Silence: A Barrier to Change and Development in a Pluralistic World","volume":"25","author":"Morrison","year":"2000","journal-title":"Academy of Management Review"},{"issue":"8","key":"2025082212270937300_b143-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1166","DOI":"10.1016\/j.is.2007.03.002","article-title":"Security Attack Testing (SAT)\u2014Testing the Security of Information Systems at Design Time","volume":"32","author":"Mouratidis","year":"2007","journal-title":"Information Systems"},{"issue":"3","key":"2025082212270937300_b144-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1111\/j.1468-5973.2009.00579.x","article-title":"From Intercrisis to Intracrisis Learning","volume":"17","author":"Moynihan","year":"2009","journal-title":"Journal of Contingencies and Crisis Management"},{"key":"2025082212270937300_b145-16_14305_tr_rezazademehrizi","first-page":"576","article-title":"Organizational Learning for the Incident Management Process: Lessons from High Reliability Organizations","author":"Muhren","year":"2007"},{"issue":"3","key":"2025082212270937300_b146-16_14305_tr_rezazademehrizi","first-page":"361","article-title":"Project Retrospectives: Evaluating Project Success, Failure, and Everything in Between","volume":"4","author":"Nelson","year":"2005","journal-title":"MIS Quarterly Executive"},{"issue":"2","key":"2025082212270937300_b147-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1177\/1350507606063441","article-title":"Sharing Knowledge Across Projects: Limits to ICT-Led Project Review Practices","volume":"37","author":"Newell","year":"2006","journal-title":"Management Learning"},{"issue":"3","key":"2025082212270937300_b148-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"602","DOI":"10.1287\/orsc.1100.0556","article-title":"Practice as the Site of Knowing: Insights from the Field of Telemedicine","volume":"22","author":"Nicolini","year":"2011","journal-title":"Organization Science"},{"key":"2025082212270937300_b149-16_14305_tr_rezazademehrizi","volume-title":"Practice Theory, Work, and Organization: An Introduction","author":"Nicolini","year":"2013"},{"key":"2025082212270937300_b150-16_14305_tr_rezazademehrizi","first-page":"3","article-title":"Introduction: Toward a Practice-Based View of Knowing and Learning in Organizations","volume-title":"Knowing in Organizations: A Practice-Based Approach","author":"Nicolini","year":"2003"},{"issue":"1","key":"2025082212270937300_b151-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1057\/s41303-016-0025-y","article-title":"Information Systems Security Policy Implementation in Practice: From Best Practices to Situated Practices","volume":"26","author":"Niemimaa","year":"2017","journal-title":"European Journal of Information Systems"},{"key":"2025082212270937300_b152-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2016.11.001","article-title":"Information Systems Continuity Process: Conceptual Foundations for the Study of the \u2018Social,\u2019","volume":"65","author":"Niemimaa","year":"2017","journal-title":"Computers & Security"},{"key":"2025082212270937300_b153-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1016\/j.cose.2016.01.005","article-title":"A Formal Model and Risk Assessment Method for Security-Critical Real-Time Embedded Systems","volume":"58","author":"Ni","year":"2016","journal-title":"Computers & Security"},{"issue":"1","key":"2025082212270937300_b154-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1287\/isre.7.1.63","article-title":"Improvising Organizational Transformation Over Time: A Situated Change Perspective","volume":"7","author":"Orlikowski","year":"1996","journal-title":"Information Systems Research"},{"issue":"3","key":"2025082212270937300_b155-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1287\/orsc.13.3.249.2776","article-title":"Knowing in Practice: Enacting a Collective Capability in Distributed Organizing","volume":"13","author":"Orlikowski","year":"2002","journal-title":"Organization Science"},{"issue":"4","key":"2025082212270937300_b156-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1165","DOI":"10.25300\/MISQ\/2013\/37.4.08","article-title":"An Investigation of Information Systems Use Patterns: Technological Events as Triggers, the Effect of Time, and Consequences for Performance","volume":"37","author":"Ortiz de Guinea","year":"2013","journal-title":"MIS Quarterly"},{"issue":"7","key":"2025082212270937300_b157-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"409","DOI":"10.17705\/1jais.00163","article-title":"Overcoming the Mum Effect in IT Project Reporting: Impacts of Fault Responsibility and Time Urgency","volume":"9","author":"Park","year":"2008","journal-title":"Journal of the Association for Information Systems"},{"key":"2025082212270937300_b158-16_14305_tr_rezazademehrizi","article-title":"Threats to Computer Systems","volume-title":"Lawrence Livermore Laboratories","author":"Parker","year":"1973"},{"key":"2025082212270937300_b159-16_14305_tr_rezazademehrizi","volume-title":"The Next Catastrophe: Reducing Our Vulnerabilities to Natural, Industrial, and Terrorist Disasters","author":"Perrow","year":"2007"},{"key":"2025082212270937300_b160-16_14305_tr_rezazademehrizi","article-title":"How Do Post Mortems Contribute to Organizational Learning?","author":"Pettiway","year":"2017"},{"issue":"1","key":"2025082212270937300_b161-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1057\/ejis.1996.10","article-title":"A Contingency Framework for the Investigation of Information Systems Failure","volume":"5","author":"Poulymenakou","year":"1996","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025082212270937300_b162-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"167","DOI":"10.3727\/108812897792292203","article-title":"The Role of Evaluation in Dealing with Information Systems Failure: Conceptual Explorations","volume":"1","author":"Poulymenakou","year":"1997","journal-title":"Failure and Lessons Learned in Information Technology Management"},{"issue":"4","key":"2025082212270937300_b163-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1080\/07421222.2015.1138374","article-title":"The Impact of Organizational Commitment on Insiders\u2019 Motivation to Protect Organizational Information Assets","volume":"32","author":"Posey","year":"2015","journal-title":"Journal of Management Information Systems"},{"issue":"5","key":"2025082212270937300_b164-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1145\/2663341","article-title":"Privacy Behaviors After Snowden","volume":"58","author":"Preibusch","year":"2015","journal-title":"Communications of the ACM"},{"key":"2025082212270937300_b165-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1016\/j.cose.2017.02.005","article-title":"Data-Driven Analytics for Cyber-Threat Intelligence and Information Sharing","volume":"67","author":"Qamar","year":"2017","journal-title":"Computers & Security"},{"issue":"4","key":"2025082212270937300_b166-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"834","DOI":"10.1287\/isre.2016.0683","article-title":"Special Section Introduction\u2014Ubiquitous IT and Digital Vulnerabilities","volume":"27","author":"Ransbotham","year":"2016","journal-title":"Information Systems Research"},{"key":"2025082212270937300_b167-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9781139062367","volume-title":"Human Error","author":"Reason","year":"1990"},{"issue":"5","key":"2025082212270937300_b168-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1145\/3380322","article-title":"Beyond the \u2018Fix-It\u2019 Treadmill","volume":"63","author":"Reed","year":"2020","journal-title":"Communications of the ACM"},{"issue":"5","key":"2025082212270937300_b169-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"876","DOI":"10.1287\/orsc.1090.0467","article-title":"Attentional Triangulation: Learning from Unexpected Rare Crises","volume":"20","author":"Rerup","year":"2009","journal-title":"Organization Science"},{"issue":"9","key":"2025082212270937300_b170-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1145\/315762.315770","article-title":"Exploiting the Benefits of Y2K Preparation","volume":"42","author":"Robertson","year":"1999","journal-title":"Communications of the ACM"},{"issue":"1","key":"2025082212270937300_b171-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1287\/orsc.2018.1239","article-title":"Learning in Cycles","volume":"30","author":"Rockart","year":"2019","journal-title":"Organization Science"},{"issue":"1","key":"2025082212270937300_b172-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1057\/palgrave.ejis.3000253","article-title":"Can Software Risk Management Improve System Development: An Exploratory Study","volume":"6","author":"Ropponen","year":"1997","journal-title":"European Journal of Information Systems"},{"key":"2025082212270937300_b173-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1016\/j.cose.2016.09.001","article-title":"Security Knowledge Representation Artifacts for Creating Secure IT Systems","volume":"64","author":"Ruiz","year":"2017","journal-title":"Computers & Security"},{"key":"2025082212270937300_b174-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1016\/j.cose.2015.10.006","article-title":"Information Security Policy Compliance Model in Organizations","volume":"56","author":"Safa","year":"2016","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212270937300_b175-16_14305_tr_rezazademehrizi","first-page":"185","article-title":"Analysing Business Losses Caused by Information Systems Risk: A Business Process Analysis Approach","volume":"23","author":"Salmela","year":"2008","journal-title":"Journal of Information Technology Impact"},{"issue":"2","key":"2025082212270937300_b176-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"555","DOI":"10.25300\/MISQ\/2019\/14577","article-title":"High Reliability in Digital Organizing: Mindlessness, the Frame Problem, and Digital Operations","volume":"43","author":"Salovaara","year":"2019","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025082212270937300_b177-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1023","DOI":"10.1080\/07421222.2017.1394049","article-title":"Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence","volume":"34","author":"Samtani","year":"2017","journal-title":"Journal of Management Information Systems"},{"key":"2025082212270937300_b178-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.cose.2017.02.001","article-title":"Towards a System for Complex Analysis of Security Events in Large-Scale Networks","volume":"67","author":"Sapegin","year":"2017","journal-title":"Computers & Security"},{"issue":"2","key":"2025082212270937300_b179-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1080\/07399018708962850","article-title":"Security Policy in the PC Environment","volume":"4","author":"Scoma","year":"1987","journal-title":"Information Systems Management"},{"key":"2025082212270937300_b180-16_14305_tr_rezazademehrizi","first-page":"131","article-title":"Organisational Learning and Incident Response: Promoting Effective Learning Through The Incident Response Process","author":"Shedden","year":"2010"},{"issue":"4","key":"2025082212270937300_b181-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1054","DOI":"10.1080\/07421222.2017.1394056","article-title":"A Data-Mining Approach to Identification of Risk Factors in Safety Management Systems","volume":"34","author":"Shi","year":"2017","journal-title":"Journal of Management Information Systems"},{"key":"2025082212270937300_b182-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.101761","article-title":"A Review and Theoretical Explanation of the \u2018Cyberthreat-Intelligence (CTI) Capability\u2019 that Needs to Be Fostered in Information Security Practitioners and How This Can Be Accomplished","volume":"92","author":"Shin","year":"2020","journal-title":"Computers & Security"},{"issue":"4","key":"2025082212270937300_b183-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1111\/j.1467-6486.1988.tb00037.x","article-title":"Industrial Crisis Management: Learning from Organizational Failures","volume":"25","author":"Shrivastava","year":"1988","journal-title":"Journal of Management Studies"},{"issue":"1","key":"2025082212270937300_b184-16_14305_tr_rezazademehrizi","first-page":"41","article-title":"Impact of Negative Message Framing on Security Adoption","volume":"51","author":"Shropshire","year":"2010","journal-title":"The Journal of Computer Information Systems"},{"key":"2025082212270937300_b185-16_14305_tr_rezazademehrizi","article-title":"Cybersecurity Incident Detection Efficacy: From Ambidexterity and Social Capital Perspectives","author":"Siregar","year":"2020"},{"key":"2025082212270937300_b186-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.cose.2016.04.003","article-title":"A Problem Shared Is a Problem Halved: A Survey on the Dimensions of Collective Cyber Defense through Security Information Sharing","volume":"60","author":"Skopik","year":"2016","journal-title":"Computers & Security"},{"issue":"5","key":"2025082212270937300_b187-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1177\/1350507607083205","article-title":"Exploring the Barriers to Learning from Crisis: Organizational Learning and Crisis","volume":"38","author":"Smith","year":"2007","journal-title":"Management Learning"},{"issue":"3","key":"2025082212270937300_b188-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"464","DOI":"10.2307\/25750687","article-title":"Circuits of Power: A Study of Mandated Compliance to an Information Systems Security de jure Standard in a Government Organization","volume":"34","author":"Smith","year":"2010","journal-title":"MIS Quarterly"},{"issue":"7","key":"2025082212270937300_b189-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"598","DOI":"10.1016\/j.im.2013.08.004","article-title":"Theorizing the Concept and Role of Assurance in Information Systems Security","volume":"50","author":"Spears","year":"2013","journal-title":"Information & Management"},{"issue":"7-8","key":"2025082212270937300_b190-16_14305_tr_rezazademehrizi","first-page":"725","article-title":"Unlearning Ineffective or Obsolete Technologies","volume":"11","author":"Starbuck","year":"1996","journal-title":"International Journal of Technology Management (Journal International de La Gestion Technologique)"},{"issue":"4","key":"2025082212270937300_b191-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"441","DOI":"10.2307\/249551","article-title":"Coping with Systems Risk: Security Planning Models for Management Decision Making","volume":"22","author":"Straub","year":"1998","journal-title":"MIS Quarterly"},{"key":"2025082212270937300_b192-16_14305_tr_rezazademehrizi","volume-title":"Plans and Situated Actions: The Problem of Human\u2013Machine Communication","author":"Suchman","year":"1987"},{"issue":"3","key":"2025082212270937300_b193-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1177\/1350507609357003","article-title":"Why Don\u2019t (or Do) Organizations Learn from Projects?","volume":"41","author":"Swan","year":"2010","journal-title":"Management Learning"},{"issue":"7","key":"2025082212270937300_b194-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1145\/256175.256178","article-title":"The Power of Negative Thinking","volume":"40","author":"Talin","year":"1997","journal-title":"Communications of the ACM"},{"issue":"0","key":"2025082212270937300_b195-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.cose.2014.02.010","article-title":"Evaluation Model for Knowledge Sharing in Information Security Professional Virtual Community","volume":"43","author":"Tamjidyamcholo","year":"2014","journal-title":"Computers & Security"},{"key":"2025082212270937300_b196-16_14305_tr_rezazademehrizi","first-page":"3736","article-title":"Lessons Learned from an Information Security Incident: A Practical Recommendation to Involve Employees in Information Security","author":"Tatu","year":"2018"},{"issue":"1","key":"2025082212270937300_b197-16_14305_tr_rezazademehrizi","first-page":"75","article-title":"Recovering and Learning from Service Failures","volume":"40","author":"Tax","year":"1998","journal-title":"Sloan Management Review"},{"issue":"4","key":"2025082212270937300_b198-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"404","DOI":"10.1177\/1534484316671606","article-title":"Writing Integrative Literature Reviews: Using the Past and Present to Explore the Future","volume":"15","author":"Torraco","year":"2016","journal-title":"Human Resource Development Review"},{"key":"2025082212270937300_b199-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1016\/j.cose.2015.04.006","article-title":"Analyzing the Role of Cognitive and Cultural Biases in the Internalization of Information Security Policies: Recommendations for Information Security Awareness Programs","volume":"52","author":"Tsohou","year":"2015","journal-title":"Computers & Security"},{"key":"2025082212270937300_b200-16_14305_tr_rezazademehrizi","volume-title":"Man-Made Disasters","author":"Turner","year":"1978"},{"issue":"1","key":"2025082212270937300_b201-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1111\/j.1468-5973.1994.tb00024.x","article-title":"Software and Contingency: The Text and Vocabulary of System Failure?","volume":"2","author":"Turner","year":"1994","journal-title":"Journal of Contingencies and Crisis Management"},{"issue":"4","key":"2025082212270937300_b202-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1080\/07421222.1997.11518140","article-title":"Moral Hazard, Ethical Considerations, and the Decision to Implement an Information System","volume":"13","author":"Tuttle","year":"1997","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"2025082212270937300_b203-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1287\/orsc.5.1.98","article-title":"Windows of Opportunity: Temporal Patterns of Technological Adaptation in Organizations","volume":"5","author":"Tyre","year":"1994","journal-title":"Organization Science"},{"issue":"4","key":"2025082212270937300_b204-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1111\/j.1468-5973.2009.00592.x","article-title":"Emerging Threats to Internet Security: Incentives, Externalities and Policy Implications","volume":"17","author":"Van Eeten","year":"2009","journal-title":"Journal of Contingencies & Crisis Management"},{"issue":"5","key":"2025082212270937300_b205-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1016\/j.cose.2004.05.002","article-title":"The 10 Deadly Sins of Information Security Management","volume":"23","author":"von Solms","year":"2004","journal-title":"Computers & Security"},{"key":"2025082212270937300_b206-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2019.101589","article-title":"Cyber Threat Intelligence Sharing: Survey and Research Directions","volume":"87","author":"Wagner","year":"2019","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212270937300_b207-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1287\/orsc.6.3.280","article-title":"Managerial and Organizational Cognition: Notes from a Trip down Memory Lane","volume":"6","author":"Walsh","year":"1995","journal-title":"Organization Science"},{"key":"2025082212270937300_b208-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","DOI":"10.1080\/08874417.2019.1571458","article-title":"Knowledge Management for Cybersecurity in Business Organizations: A Case Study","author":"Wang","year":"2019","journal-title":"Journal of Computer Information Systems"},{"issue":"2","key":"2025082212270937300_b209-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1201\/1078\/43184.15.2.19980301\/31121.10","article-title":"TQM and the Year 2000 Crisis","volume":"15","author":"Ward","year":"1998","journal-title":"Information Systems Management"},{"key":"2025082212270937300_b210-16_14305_tr_rezazademehrizi","article-title":"Organizational Security Learning from Incident Response","author":"Webb","year":"2017"},{"issue":"2","key":"2025082212270937300_b211-16_14305_tr_rezazademehrizi","first-page":"xii","article-title":"Analyzing the Past to Prepare for the Future: Writing a Literature Review","volume":"26","author":"Webster","year":"2002","journal-title":"MIS Quarterly"},{"key":"2025082212270937300_b212-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"807","DOI":"10.1016\/j.cose.2018.02.001","article-title":"Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning","volume":"77","author":"Weish\u00e4upl","year":"2018","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212270937300_b213-16_14305_tr_rezazademehrizi","first-page":"109","article-title":"IT Risk as a Language for Alignment","volume":"8","author":"Westerman","year":"2009","journal-title":"MIS Quarterly Executive"},{"issue":"3","key":"2025082212270937300_b214-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1080\/08874417.2015.11645769","article-title":"Education and Prevention Relationships on Security Incidents for Home Computers","volume":"55","author":"White","year":"2015","journal-title":"The Journal of Computer Information Systems"},{"issue":"3","key":"2025082212270937300_b215-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"42","DOI":"10.4018\/IJISCRAM.2018070103","article-title":"Learning from Accidents: A Systematic Review of Accident Analysis Methods and Models","volume":"10","author":"Wienen","year":"2018","journal-title":"International Journal of Information Systems for Crisis Response and Management"},{"issue":"1","key":"2025082212270937300_b216-16_14305_tr_rezazademehrizi","first-page":"60","article-title":"The Impact of Information Security Events on the Stock Value of Firms: The Effect of Contingency Factors","volume":"26","author":"Yayla","year":"2011","journal-title":"Journal of Information Technology Impact"},{"key":"2025082212270937300_b217-16_14305_tr_rezazademehrizi","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1016\/j.cose.2018.02.011","article-title":"A Cyber Security Data Triage Operation Retrieval System","volume":"76","author":"Zhong","year":"2018","journal-title":"Computers & Security"}],"container-title":["MIS Quarterly"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/46\/1\/531\/7527\/16_14305_tr_rezazademehrizi.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/46\/1\/531\/7527\/16_14305_tr_rezazademehrizi.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:27:53Z","timestamp":1755880073000},"score":1,"resource":{"primary":{"URL":"https:\/\/misq.umn.edu\/misq\/article\/46\/1\/531\/1927\/How-Do-Organizations-Learn-from-Information-System"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,1]]},"references-count":218,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2022,3,1]]},"published-print":{"date-parts":[[2022,3,1]]}},"URL":"https:\/\/doi.org\/10.25300\/misq\/2022\/14305","relation":{},"ISSN":["0276-7783","2162-9730"],"issn-type":[{"value":"0276-7783","type":"print"},{"value":"2162-9730","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,1]]}}}