Information Security Risk Management has found itself rising on the priority of organizations after the significant growth experienced by compliance activities in the last 20 years. This has led often to conflicts between the requirements of Information Security Risk Management and Compliance as said requirements could impact the same systems or compete from the same resources. This study identifies strategies and tactics that an organization might implement to address balancing the requirements of the two. Oliver (1991) Strategic Responses to Institutional Processes frame the strategies and tactics predicted by theory as well as inform what new insights can be derived from practice. A Children’s Hospital system serves as a setting to explore how the Information Systems and Compliance organizations navigate balancing Information Security Risk Management and Compliance requirements. A new tactic is identified that supplements those predicted by theory where Information Security Risk Management and Compliance requirements balancing is supported by formalized governance structures and processes.
Rivera, Darwin M. and Arenas, Alvaro, "When Organizational Pressures Collide – Balancing Information Security Risk Management and Compliance" (2020). WISP 2020 Proceedings. 6.