Using Actor Network Theory to Understand Information Security Management

摘要

This paper presents an Actor Network Theory (ANT) analy sis of a computer hack at a large university. Computer hacks are usually addressed through technical means thus ensuring that perpetrators are unable to exploit system vulnerabilities. We however argue that a com puter hack is a result of different events in a heterogeneous network embodying human and non-human actors. Hence a secure organizational environment is one that is characterized by 'stability' and 'social order , which is a result of negotiations and alignment of interests among dif ferent actants. The argument is conducted through a case study. Our findings reveal not only the usefulness of ANT in developing an under standing of the (in)security environment at the case study organization, but also the ability of ANT to identify differences in interests among actants. At a practical level, our analysis suggests three principles that management needs to pay attention to in order to prevent future security breaches