ACM Digital Library home
ACM home
Advanced Search
research-article

Information systems continuity process

Publication: Computers and SecurityMarch 2017 https://doi.org/10.1016/j.cose.2016.11.001
  • 0citation
  • 0
    • Downloads
Metrics
Total Citations0
Total Downloads0
Last 12 Months0
Last 6 weeks0
    Computers and Security
    Volume 65, Issue C
    March 2017
    PreviousArticleNextArticle

    Abstract

    Organizations' value creation is dependent on the reliable and continuous operations of their inherently unreliable information systems (IS). Year after year industry and academic surveys show that IS-related incidents persist as a top concern on IS managers' agendas. While past research has addressed technological improvements and planning methodologies as a means of improving the continuity of organizational technologies (IS continuity), the social part that is, the humans and their social and cognitive processes has largely remained in the background and under researched. This current research seeks to bring to the foreground the implications of the social for IS continuity by developing conceptual foundations of the social dynamics in the IS continuity process. This study proposes a framework of IS continuity process with three phases: (1) preparing for incidents; (2) coping with and mitigating the impact of incidents; and (3) recovering from incidents. Implications of and potential theoretical and conceptual foundations for the social in the IS continuity process are discussed together with their practical implications. Addressing the challenges that pertain to the management of IS continuity requires multidisciplinary approaches that broadly take use of social and cognitive theories on individual and collective levels of analysis.

    References

    1. bib0010 P.S. Adler, S.W. Kwon, Social capital: prospects for a new concept, Acad Manage Rev, 27 (2002) 17-40.Google ScholarGoogle ScholarCross RefCross Ref
    2. bib0015 A. Ahmad, J. Hadgkiss, A. Ruighaver, Incident response teams challenges in supporting the organisational security function, Comput Secur, 31 (2012) 643-652. Google ScholarGoogle ScholarDigital LibraryDigital Library
    3. bib0020 A. Alonaizan, Developing a business continuity programme at Arab National Bank, J Bus Contin Emer Plan, 3 (2009) 216-221.Google ScholarGoogle Scholar
    4. bib0025 M. Alvesson, S. Deetz, Doing critical management research, SAGE Publications, London, 2000.Google ScholarGoogle Scholar
    5. bib0030 A. Asgary, Y. Mousavi-Jahromi, Power outage, business continuity and businesses' choices of power outage mitigation measures, Am J Econ Bus Admin, 3 (2011) 312-320.Google ScholarGoogle Scholar
    6. bib0035 D.E. Avison, M.D. Myers, Information systems and anthropology: an anthropological perspective on IT and organizational culture, Inf Technol People, 8 (1995) 43-56.Google ScholarGoogle ScholarCross RefCross Ref
    7. bib0040 N. Bajgoric, Information technologies for business continuity: an implementation framework, Inf Manag Comput Secur, 14 (2006) 450-466.Google ScholarGoogle ScholarCross RefCross Ref
    8. bib0045 N. Bajgoric, Server operating environment for business continuance: framework for selection, Int J Bus Contin Risk Manag, 1 (2010) 317-338.Google ScholarGoogle ScholarCross RefCross Ref
    9. bib0050 M. Barrett, L. Heracleous, G. Walsham, A rhetorical approach to IT diffusion: reconceptualizing the ideology-framing relationship in computerization movements, MIS Q, 37 (2013) 201-220. Google ScholarGoogle ScholarDigital LibraryDigital Library
    10. bib0055 R. Baskerville, J. Pries-Heje, Diffusing best practices: a design science study using the theory of planned behavior, in: Creating value for all through IT, Springer-Verlag, Berlin, 2014, pp. 35-48.Google ScholarGoogle Scholar
    11. bib0060 K.J. Benson, A dialectical view, Adm Sci Q, 22 (1977) 1-21.Google ScholarGoogle ScholarCross RefCross Ref
    12. bib0065 M. Benyoucef, S. Forzley, Business continuity planning and supply chain management, Supp Chain Forum, 8 (2007) 14-22.Google ScholarGoogle ScholarCross RefCross Ref
    13. bib0070 A. Berman, Lessons learned: the aftermath of September 11, ACM Trans Inf Syst Secur, 11 (2002) 30-37.Google ScholarGoogle ScholarCross RefCross Ref
    14. bib0075 C. Bertrand, Business continuity and mission critical applications, Netw Secur, 2005 (2005) 9-11. Google ScholarGoogle ScholarDigital LibraryDigital Library
    15. bib0080 A.S. Bollinger, R.D. Smith, Managing organizational knowledge as a strategic asset, J Knowl Manag, 5 (2001) 8-18.Google ScholarGoogle ScholarCross RefCross Ref
    16. bib0085 R.P. Bostrom, J.S. Heinen, MIS problems and failures: a socio-technical perspective. Part I: the causes, MIS Q, 1 (1977) 17-32. Google ScholarGoogle ScholarDigital LibraryDigital Library
    17. bib0090 J. Botha, R. von Solms, A cyclic approach to business continuity planning, Inf Manag Comput Secur, 12 (2004) 328-337.Google ScholarGoogle ScholarCross RefCross Ref
    18. bib0095 J.S. Brown, P. Duguid, Organizational learning and communities-of-practice: toward a unified view of working, learning, and innovation, Organ Sci, 2 (1991) 40-57. Google ScholarGoogle ScholarDigital LibraryDigital Library
    19. bib0100 Business Continuity Institute, Horizon Scan 2015: Survey Report, 2015.Google ScholarGoogle Scholar
    20. bib0105 B.S. Butler, P.H. Gray, Reliability, mindfulness, and information systems, MIS Q, 30 (2006) 211-224. Google ScholarGoogle ScholarDigital LibraryDigital Library
    21. bib9000 A. Conseil, J. Mounier, R. Coker, Business continuity planning and pandemic influenza in Europe: a thematic analysis of independent sector and national governments' guidance, J Bus Contin Emer Plan, 3 (2008) 75-92.Google ScholarGoogle Scholar
    22. bib0110 J. Collicutt, Community resilience: the future of business continuity, J Bus Contin Emer Plan, 3 (2009) 145-152.Google ScholarGoogle Scholar
    23. bib0115 J. Copenhaver, D. Lindstedt, From cacophony to symphony: how to focus the discipline of business continuity, J Bus Contin Emer Plan, 4 (2010) 165-173.Google ScholarGoogle Scholar
    24. bib0120 G.B. Davis, A.S. Lee, K.R. Nickles, S. Chatterjee, R. Hartung, Y. Wu, Diagnosis of an information system failure: a framework and interpretive process, Inf Manag, 23 (1992) 293-318. Google ScholarGoogle ScholarDigital LibraryDigital Library
    25. bib0125 M. Dey, Business Continuity Planning (BCP) methodology essential for every business, in: GCC conference and exhibition (GCC), IEEE, 2011, pp. 229-232.Google ScholarGoogle ScholarCross RefCross Ref
    26. bib0130 P.J. DiMaggio, W.W. Powell, The iron cage revisited: institutional isomorphism and collective rationality in organizational fields, Am Sociol Rev, 48 (1983) 147-160.Google ScholarGoogle ScholarCross RefCross Ref
    27. bib0135 D. Elliott, E. Swartz, Just waiting for the next big bang: business continuity planning in the UK finance sector, J Appl Manag Stud, 8 (1999) 43.Google ScholarGoogle Scholar
    28. bib0140 S. Faraj, Y. Xiao, Coordination in fast-response organizations, Manage Sci, 52 (2006) 1155-1169. Google ScholarGoogle ScholarDigital LibraryDigital Library
    29. bib0145 M. Freestone, M. Lee, Planning for and surviving a BCM audit, J Bus Contin Emer Plan, 2 (2008) 138-151.Google ScholarGoogle Scholar
    30. bib0150 J. Gall, The Systems Bible: the beginner's guide to systems large and small. The third edition of systemantics, General Systemantics Press, Minnesota, 2006.Google ScholarGoogle Scholar
    31. bib0155 F. Gibb, S. Buchanan, A framework for business continuity management, Int J Inf Manag, 26 (2006) 128-141. Google ScholarGoogle ScholarDigital LibraryDigital Library
    32. bib0160 S. Graham, N. Thrift, Out of order understanding repair and maintenance, Theor Cult Soc, 24 (2007) 1-25.Google ScholarGoogle ScholarCross RefCross Ref
    33. bib0165 M. Granovetter, Economic action and social structure: the problem of embeddedness, Am J Sociol, 91 (1985) 481-510.Google ScholarGoogle ScholarCross RefCross Ref
    34. bib0170 J.A. Hecht, Business continuity management, Commun Assoc Inf Syst, 8 (2002) 444-450.Google ScholarGoogle Scholar
    35. bib0175 B. Herbane, The evolution of business continuity management: a historical review of practices and drivers, Bus Hist, 52 (2010) 978-1002.Google ScholarGoogle ScholarCross RefCross Ref
    36. bib0180 B. Herbane, D. Elliott, E.M. Swartz, Business continuity management: time for a strategic role?, Long Range Plann, 37 (2004) 435-457.Google ScholarGoogle ScholarCross RefCross Ref
    37. bib0185 C.W. Hsu, Frame misalignment: interpreting the implementation of information systems security certification in an organization, Eur J Inf Syst, 18 (2009) 140-150.Google ScholarGoogle ScholarCross RefCross Ref
    38. bib0190 P. Hunter, Eastern Internet outage brings customary boom in business continuity, Comput Fraud Secur, 2008 (2008) 16-17.Google ScholarGoogle ScholarCross RefCross Ref
    39. bib0195 International Organization for Standardization, ISO-22301 Societal Security Business Continuity Management Systems Requirements, 2012.Google ScholarGoogle Scholar
    40. bib0200 H.L. James, Managing information systems security: a soft approach, 1996.Google ScholarGoogle Scholar
    41. bib0205 J. Jrvelinen, Information security and business continuity management in interorganizational IT relationships, Inf Manag Comput Secur, 20 (2012) 332-349.Google ScholarGoogle ScholarCross RefCross Ref
    42. bib0210 M. Jones, A matter of life and death: exploring conceptualizations of sociomateriality in the context of critical care, MIS Q, 38 (2014) 895-925. Google ScholarGoogle ScholarDigital LibraryDigital Library
    43. bib0215 K. Jonsson, J. Holmstrm, K. Lyytinen, Turn to the material: remote diagnostics systems and new forms of boundary-spanning, Inf Organ, 19 (2009) 233-252. Google ScholarGoogle ScholarDigital LibraryDigital Library
    44. bib0220 L. Kappelman, E. McLean, V. Johnson, R. Torres, The 2015 SIM IT issues and trends study, MIS Quart Execut, 15 (2016) 55-83.Google ScholarGoogle Scholar
    45. bib0225 K.E. Kendall, J.E. Kendall, K.C. Lee, Understanding disaster recovery planning through a theatre metaphor: rehearsing for a show that might never open, Commun Assoc Inf Syst, 16 (2005) 1001-1012.Google ScholarGoogle Scholar
    46. bib0230 C.S. Kite, G.S. Zucca, How to access your Board/C-suite and make an effective case for business continuity investments, J Bus Contin Emer Plan, 1 (2007) 332-339.Google ScholarGoogle Scholar
    47. bib0235 H.K. Klein, Critical social IS research today: a reflection of past accomplishments and current challenges, in: Critical management perspectives on information systems, Elsevier, Oxford, 2009, pp. 247-270.Google ScholarGoogle Scholar
    48. bib0240 E. Laaksonen, M. Niemimaa, D. Harnesk, Influence of frame incongruence on information security policy outcomes: an interpretive case study, Int J Soc Organ Dynamics IT, 3 (2013) 33-50.Google ScholarGoogle ScholarCross RefCross Ref
    49. bib0245 P. Leonardi, When flexible routines meet flexible technologies: affordance, constraint, and the imbrication of human and material agencies, MIS Q, 35 (2011) 147-167. Google ScholarGoogle ScholarDigital LibraryDigital Library
    50. bib0250 J. Lindstrm, A. Hgerfors, A model for explaining strategic IT and information security to senior management, Int J Public Inf Syst, 2009 (2009) 17-29.Google ScholarGoogle Scholar
    51. bib0255 J. Lindstrm, D. Harnesk, E. Laaksonen, M. Niemimaa, A methodology for inter-organizational emergency management continuity planning, Int J Inf Syst Crisis Resp Manag, 2 (2010) 1-19.Google ScholarGoogle ScholarCross RefCross Ref
    52. bib0260 J. Lindstrm, S. Samuelsson, A. Hgerfors, Business continuity planning methodology, Disast Prev Manag, 19 (2010) 243-255.Google ScholarGoogle ScholarCross RefCross Ref
    53. bib0265 J.E. Mathieu, T.S. Heffner, G.F. Goodwin, E. Salas, J.A. Cannon-Bowers, The influence of shared mental models on team process and performance, J Appl Psychol, 85 (2000) 273-283.Google ScholarGoogle ScholarCross RefCross Ref
    54. bib0270 A.D. Meyer, Adapting to environmental jolts, Adm Sci Q, 27 (1982) 515-537.Google ScholarGoogle ScholarCross RefCross Ref
    55. bib0275 T. Morris, Z. Lancaster, Translating management ideas, Organ Stud, 27 (2006) 207-233.Google ScholarGoogle ScholarCross RefCross Ref
    56. bib0280 G. Morwood, Business continuity: awareness and training programmes, Inf Manag Comput Secur, 6 (1998) 28-32.Google ScholarGoogle ScholarCross RefCross Ref
    57. bib0285 J. Moyer, K. Novick, Introducing a new resource for water and wastewater system business continuity planning, Am Water Works Assoc J, 104 (2012) 37-39.Google ScholarGoogle ScholarCross RefCross Ref
    58. bib0290 M. Niemimaa, Interdisciplinary review of business continuity from an information systems perspective: toward an integrative framework, Commun Assoc Inf Syst, 37 (2015) 69-102.Google ScholarGoogle Scholar
    59. bib0295 M. Niemimaa, J. Jrvelinen, IT service continuity: achieving embeddedness through planning, 2013.Google ScholarGoogle Scholar
    60. bib0300 M. Niemimaa, E. Laaksonen, D. Harnesk, Interpreting information security policy outcomes: a frames of reference perspective, 2013.Google ScholarGoogle Scholar
    61. bib0305 H. Nissenbaum, Where computer security meets national security, Ethics Inf Technol, 7 (2005) 61-73. Google ScholarGoogle ScholarDigital LibraryDigital Library
    62. bib0310 K. Njenga, I. Brown, Conceptualising improvisation in information systems security, Eur J Inf Syst, 21 (2012) 592-607.Google ScholarGoogle ScholarCross RefCross Ref
    63. bib0315 J. Nosworthy, A practical risk analysis approach: managing BCM risk, Comput Secur, 19 (2000) 596-614. Google ScholarGoogle ScholarDigital LibraryDigital Library
    64. bib0325 J. Orr, Ten years of talking about machines, Organ Stud, 27 (2006) 1805-1820.Google ScholarGoogle ScholarCross RefCross Ref
    65. bib0330 T. Parsons, The sick role and the role of the physician reconsidered, Milbank Mem Fund Q Health Soc, 3 (1975) 257-278.Google ScholarGoogle ScholarCross RefCross Ref
    66. bib0335 D. Paton, Business continuity during and after disaster: building resilience through continuity planning and management, ASBM J Manag, 2 (2009) 1-16.Google ScholarGoogle Scholar
    67. bib0340 D. Paton, R. Flin, Disaster stress: an emergency management perspective, Disast Prev Manag, 8 (1999) 261-267.Google ScholarGoogle ScholarCross RefCross Ref
    68. bib0345 B. Pentland, T. Hrem, D. Hillison, The (n)ever-changing world: stability and change in organizational routines, Organ Sci, 22 (2011) 1369-1383. Google ScholarGoogle ScholarDigital LibraryDigital Library
    69. bib0350 C. Perrow, Normal accident at Three Mile Island, Society, 18 (1981) 17-26.Google ScholarGoogle ScholarCross RefCross Ref
    70. bib0355 M. Pitt, S. Goyal, Business continuity planning as a facilities management tool, Facilities, 22 (2004) 87-99.Google ScholarGoogle ScholarCross RefCross Ref
    71. bib0360 Ponemon Institute LLC, 2015 cost of data breach study: impact of business continuity management, 2015.Google ScholarGoogle Scholar
    72. bib0365 T.C. Powell, Shaken, but alive: organizational behavior in the wake of catastrophic events, Organ Environ, 5 (1991) 271-291.Google ScholarGoogle Scholar
    73. bib0370 G. Quirchmayr, Survivability and business continuity management, 2004.Google ScholarGoogle Scholar
    74. bib0375 C. Rapaport, A. Kirschenbaum, Business continuity as an adaptive social process, Int J Emerg Manag, 5 (2008) 338-347.Google ScholarGoogle ScholarCross RefCross Ref
    75. bib0380 O. Renn, W.J. Burns, J. Kasperson, R.E. Kasperson, P. Slovic, The social amplification of risk: theoretical foundations and empirical applications, J Soc Issues, 48 (1992) 137-160.Google ScholarGoogle ScholarCross RefCross Ref
    76. bib0385 N. Roberts, P.S. Galluch, M. Dinger, V. Grover, Absorptive capacity and information systems research: review, synthesis, and directions for future research, MIS Q, 36 (2012) 625-648. Google ScholarGoogle ScholarDigital LibraryDigital Library
    77. bib0390 K. Saleem, S. Luis, Y. Deng, S.-C. Chen, V. Hristidis, T. Li, Towards a business continuity information network for rapid disaster recovery, 2008.Google ScholarGoogle Scholar
    78. bib0395 C. Sapateiro, N. Baloian, P. Antunes, G. Zurita, Developing a mobile collaborative tool for business continuity management, J Univers Comput Sci, 17 (2011) 164-182.Google ScholarGoogle Scholar
    79. bib0400 I.H. Sawalha, J.R. Anchor, Business continuity management in emerging markets: the case of Jordan, J Bus Contin Emer Plan, 5 (2012) 327-337.Google ScholarGoogle Scholar
    80. bib0405 I.H. Sawalha, J. Meaton, The Arabic culture of Jordan and its impacts on a wider Jordanian adoption of business continuity management, J Bus Contin Emer Plan, 6 (2012) 84-95.Google ScholarGoogle Scholar
    81. bib0410 I.H. Sawalha, J.R. Anchor, J. Meaton, Continuity culture: a key factor for building resilience and sound recovery capabilities, Int J Disaster Risk Sci, 6 (2015) 428-437.Google ScholarGoogle ScholarCross RefCross Ref
    82. bib9005 K. Seow, Gaining senior executive commitment to business continuity: motivators and reinforcers, J Bus Contin Emer Plan, 3 (2009) 201-208.Google ScholarGoogle Scholar
    83. bib0415 G. Shaw, J. Harrald, The core competencies required of executive level business crisis and continuity managers the results, J Homel Secur Emerg Manag, 3 (2006) 1-34.Google ScholarGoogle Scholar
    84. bib9010 Z. Sheaffer, B. Richardson, Z. Rosenblatt, Early-warning-signals management: a lesson from the baring crisis, J Contingencies Crisis Manage, 6 (1998) 1-22.Google ScholarGoogle ScholarCross RefCross Ref
    85. bib0420 P. Shedden, A. Ahmad, A.B. Ruighave, Informal learning in security incident response teams, 2011.Google ScholarGoogle Scholar
    86. bib0425 S. Sheth, J. McHugh, F. Jones, A dashboard for measuring capability when designing, implementing and validating business continuity and disaster recovery projects, J Bus Contin Emer Plan, 2 (2008) 221-239.Google ScholarGoogle Scholar
    87. bib0430 L. Silva, R. Hirschheim, Fighting against windmills: strategic information systems and organizational deep structures, MIS Q, 31 (2007) 327-354. Google ScholarGoogle ScholarDigital LibraryDigital Library
    88. bib0435 D. Smith, Business continuity and crisis management, Manag Quart (2003) 27-33.Google ScholarGoogle Scholar
    89. bib0440 M. Smith, J. Sherwood, Business continuity planning, Comput Secur, 14 (1995) 14-23. Google ScholarGoogle ScholarDigital LibraryDigital Library
    90. bib0445 R. Stamper, Organizational semiotics, in: Information systems: an emerging discipline?, McGraw-Hill Publishing Company, London, 1997, pp. 267-284.Google ScholarGoogle Scholar
    91. bib0450 C. Stucke, D.W. Straub, R. Sainsbury, Business continuity planning and the protection of informational assets, in: Information security: policy, processes and practices, M.E. Sharpe, Armonk (NY), 2008, pp. 152-171.Google ScholarGoogle Scholar
    92. bib0455 L. Suchman, Human-machine reconfigurations: plans and situated actions, Cambridge University Press, Cambridge, UK, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
    93. bib0460 R. Suddaby, R. Greenwood, Rhetorical strategies of legitimacy, Adm Sci Q, 50 (2005) 35-67.Google ScholarGoogle ScholarCross RefCross Ref
    94. bib0465 E. Swartz, D. Elliott, B. Herbane, Greater than the sum of its parts: Business Continuity Management in the UK finance sector, Risk Manag, 5 (2003) 65-80.Google ScholarGoogle ScholarCross RefCross Ref
    95. bib0470 R.L. Tammineedi, Business continuity management: a standards-based approach, Inf Secur J, 19 (2010) 36-50. Google ScholarGoogle ScholarDigital LibraryDigital Library
    96. bib0475 G. Thornton, An innovative, flexible and workable business continuity plan: case study of the Australian Customs Service Cargo BCP, J Bus Contin Emer Plan, 3 (2008) 47-54.Google ScholarGoogle Scholar
    97. bib0480 K. Tierney, Toward a critical sociology of risk, Sociol Forum (Randolph N J), 14 (1999) 215-242.Google ScholarGoogle Scholar
    98. bib0485 A. Tversky, D. Kahneman, Availability: a heuristic for judging frequency and probability, Cognit Psychol, 5 (1973) 207-232.Google ScholarGoogle ScholarCross RefCross Ref
    99. bib0490 A.H. van de Ven, M.S. Poole, Explaining development and change in organizations, Acad Manage Rev, 20 (1995) 510-540.Google ScholarGoogle ScholarCross RefCross Ref
    100. bib0495 B.V. van de Walle, A. Rutkowski, A fuzzy decision support system for IT service continuity threat assessment, Dec Supp Syst, 42 (2006) 1931-1943. Google ScholarGoogle ScholarDigital LibraryDigital Library
    101. bib0500 J.P. Walsh, Managerial and organizational cognition: notes from a trip down memory lane, Organ Sci, 6 (1995) 280-321. Google ScholarGoogle ScholarDigital LibraryDigital Library
    102. bib0505 S. Wan, Service impact analysis using business continuity planning processes, Campus Wide Inf Syst, 26 (2009) 20-42.Google ScholarGoogle ScholarCross RefCross Ref
    103. bib0510 T. Webler, H. Rakel, R. Ross, A critical theoretic look at technical risk analysis, Organ Environ, 6 (1992) 23-38.Google ScholarGoogle Scholar
    104. bib0515 R. West, The psychology of security, Commun ACM, 51 (2008) 34-40. Google ScholarGoogle ScholarDigital LibraryDigital Library
    105. bib0520 C.D. Wickens, J.G. Hollands, Engineering psychology and human performance, Pearson Education, Upper Saddle River (NJ), 2000.Google ScholarGoogle Scholar
    106. bib0525 World Economic Forum, Global risks 2012, 2012.Google ScholarGoogle Scholar
    107. bib0530 G.A. Zsidisin, S.A. Melnyk, G.L. Ragatz, An institutional theory perspective of business continuity planning for purchasing and supply management, Int J Prod Res, 43 (2005) 3401-3420.Google ScholarGoogle ScholarCross RefCross Ref

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    Get this Article

    • Article Metrics

      • Downloads (Last 12 months)0
      • Downloads (Last 6 weeks)0

      Other Metrics

      View Author Metrics
    View Issue’s Table of Contents
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!