Paper Type

full

Description

Research shows that information systems security operates between two main distinct functioning modes, either prevention before a security incident occurs, or response which follows from an incident, usually external to the organisation. In this paper, we argue that this shift between prevention and response modes also happens due to inherent internal tensions created between pressures for digital transformation and the established forces for security compliance. We show how a digital transformation project introduced a security incident and challenged the IS security compliance function, reflecting the two different approaches to IS security in organizations. We conduct a participatory observation study of the implementation of Robotic Process Automation (RPA) in a financial services organization. We examine the shift from prevention to response in this project and identify generative drivers of digital transformation, and drivers of IS security compliance. Our analysis leads to the development of a process model that explains how organizations move from prevention to response when faced with tensions between IS security compliance and digital transformation.

Share

COinS
 

Conceptualizing the Role of IS Security Compliance in Projects of Digital Transformation: Tensions and Shifts Between Prevention and Response Modes

Research shows that information systems security operates between two main distinct functioning modes, either prevention before a security incident occurs, or response which follows from an incident, usually external to the organisation. In this paper, we argue that this shift between prevention and response modes also happens due to inherent internal tensions created between pressures for digital transformation and the established forces for security compliance. We show how a digital transformation project introduced a security incident and challenged the IS security compliance function, reflecting the two different approaches to IS security in organizations. We conduct a participatory observation study of the implementation of Robotic Process Automation (RPA) in a financial services organization. We examine the shift from prevention to response in this project and identify generative drivers of digital transformation, and drivers of IS security compliance. Our analysis leads to the development of a process model that explains how organizations move from prevention to response when faced with tensions between IS security compliance and digital transformation.