Shaping security behaviour through discipline and agility: Implications for information security management
Purpose ‐ The purpose of this paper is to broaden the understanding about security behaviour by developing a security behaviour typology based on the concepts of discipline and agility. Design/methodology/approach ‐ A case study was designed to analyze security
behaviours in one public nursing centre. The inquiry was organized around the themes discipline and agility, culture, and security processes in order to get an in-depth understanding of the complex relationship between security management, referred to as discipline, and security in use, referred
to as agility. Findings ‐ The paper shows that security behaviour can be shaped by discipline and agility and that both can exist collectively if organizations consider the constitutional and existential aspects of information security (IS) management. Practical implications
‐ This research makes a pivotal stand for the issue how security behaviours narrate a broad picture to enhance IS management. In particular, this will improve design of IS training and awareness programs. Originality/value ‐ This research is relevant to IS management in
organizations, particularly as behavioural and cultural aspects are becoming increasingly significant for maintaining and also designing systemic IS management.