Information Security (InfoSec) research has traditionally been addressed mainly from a positivist rationality, instrumental approaches such as best-practices, while limited research attention has been given to empirical research. This paper aims to review InfoSec literature to gain insight into how case-study research has been conducted within the field. The surveyed studies were analyzed by their theoretical assumptions and practical aspects. The analysis showed that empirical research conducted within InfoSec still undertakes mainly a positivist approach. In-depth interpretive case-studies are suggested for future research.
展开▼
