Workshop - Cyber Security: an organisational and management perspective (November 2023)

Cyber Security: an organisational and management perspective

LUMS Information Systems Group and Security Lancaster

Friday, 3rd November 2023

The cross disciplinary nature of cyber security was the focus of a workshop at Lancaster University bringing together academics from different departments within Lancaster University and established researchers on security from other Universities such as Sydney Business School in Australia, and LUISS University in Italy. This event which was organised by the LUMS Information Systems group and co-hosted with Security Lancaster, highlighted opportunities for more joined up approaches to security in organisations, to address silos and dominant focus on technical or policy perspectives in security.

Another aim was to showcase research in information systems security, which is naturally broader in its approach and perspective by considering security as a combination of technical, formal and informal layers in organisations. Professor Joao Baptista illustrated this approach as a fried egg where technical systems are embedded in formalised structure which are also integrated in the social fabric of organisations, as shows in Figure 1

The workshop was attended by 25 academics from different disciplines across the university, including management science, sociology, international relations, psychology and computer science, as well as industry practitioners sought to build bridges in research on security as well as capture perspectives from companies and organisations on the importance and challenges of a more joined up approach to cyber security in organisations.

In her keynote speech, Professor Carol Hsu, from the University of Sydney, Australia, reviewed several research projects on IS security that go beyond dominant focus on organisational end-user and related misuse behaviours. This covered topics such as proactive IS security behaviours, smishing and the role of the CISO role. The title of her talk was “Behavioural Information Security Research: Moving Beyond Misuse and Organizational User”.

Then the keynote by Professor Paolo Spagnoletti, LUISS Business School, Italy, discussed how in highly regulated sectors actors strive to generate value from data while ensuring data protection across organizational boundaries and jurisdictions. Drawing on empirical work from data governance initiatives in the banking and public sectors his talk explained how distributed data protection leads to value co-creation in public data spaces.

In the second part of the workshop all the participants reflected on the themes and ideas from the keynotes to reflect on the importance of research on the management and organisational aspects of information systems security, which goes much beyond technical boundaries and require a much broader view of organisations.

Professor Niki Panteli closed the event by saying that "the workshop provided excellent opportunities for networking among attendees and there was a general agreement that this is the beginning of further cross-disciplinary events.”