The Role of Conflict Resolution in Designing and Implementing Information Security Policies: An Institutional Perspective

Authors

Sherly Abraham, University at AlbanyFollow
Indushobha Chengalur-Smith, Department of Information Technology Management, School of Business, University at Albany, SUNYFollow

Track

Information Systems Security and Privacy

Abstract

This paper examines the suitability of institutional theory in explaining the design and implementation ofinformation security policies in organizations. We conduct a case study in a large governmental organization in theUnited States. We capture multiple perspectives among the different groups in the organization and examine howthis affects the design and implementation of security policies. We find a high interdependence between theinformation security group and other groups in the organization resulting in task and process conflicts. Theseconflicts had both positive and negative outcomes. A combination of dominating and compromising conflictmanagement styles are shown to produce positive results in resolving the conflicts. Our study highlights theimportance for managers to balance security and usability and to ensure that the stringency of security policies donot override the business objectives of the organization.

Recommended Citation

Abraham, Sherly and Chengalur-Smith, Indushobha, "The Role of Conflict Resolution in Designing and Implementing Information Security Policies: An Institutional Perspective" (2011). AMCIS 2011 Proceedings - All Submissions. 467.
https://aisel.aisnet.org/amcis2011_submissions/467