Many studies on information security culture and information security focus on the work carried out within organisations, they do not pay attention to the work carried out between organisations. This is despite the fact that today’s organisation often work in networks of actors. Collaboration to achieved shared results means that different organisational cultures and ideas about information security meet and potentially collide with each other.
The aim with the Interorg project was to develop knowledge about conflicts that can arise when multiple information security cultures meet in an inter-organisational context. The project posed the following research questions: 1) which factors affects information sharing between organisations and how are they changed over time? and 2) how can the development of an inter-organisational information security culture be understood?
The project has reconstructed how information was shared between three organisations in a Swedish reference group on copper corrosion and Swedish nuclear waste management. Svensk Kärnbränslehantering AB established the reference group in 2010 and it was dissolved in 2014. Several organisations participated in the work, and the three most active organisations were included in the study: Svensk Kärnbränslehantering AB, Kungliga tekniska högskolan och Miljöorganisationernas kärnavfallsgranskning. The three organisations held different views concerning the core issue, but also held different views on how information was handled. The reconstruction of the reference group’s work was carried out using interviews and document studies.
The project resulted in two models that can be used to analyse information sharing between public organisations. The first model is an analytical tool to assess the existing inter-organisational information security culture at different points in time. The model makes it possible to identify how well the culture succeeds when it comes to finding compromises concerning information security issues and to solve the collaboration’s core work tasks. The second model describes which factors that contribute to/block inter-organisational information sharing and can be used to identify factors that matter in a specific collaboration and how they evolve over time.
An interesting future research question is to evaluate how these models work in other contexts and through the use of these models identify successful and less successful collaborations. This could potentially lead to possibilities to predict success concerning inter-organisational information sharing.
Karlsson F, Kolkowska E, Prenkert F (2016) Inter-organisational information security: a systematic literature review. Information & Computer Security, Volume 24, Issue 5. 418-451.
Karlsson F, Kolkowska K, Hedström K, Frostenson M (2015) Inter-organisational information sharing – between a rock and a hard place. 9th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), Lesvos, Greece, July 1-3 July, 2015.
Frostenson M, Hedström K, Helin S, Karlsson F, Kolkowska E, Prenkert F (2017) Samverkan mellan aktörer i industriella nätverk skapar nya utmaningar för informationssäkerheten. I Hallberg J, Johansson P, Karlsson F, Lundberg F, Lundgren B, Törner M: Informationssäkerhet och organisationskultur. Studentlitteratur, Lund.
Karlsson F, Frostenson M, Prenkert F, Kolkowska E, Helin S. (accepted) Inter-organisational information sharing in the public sector: a longitudinal case study on the reshaping of success factors. Government Information Quarterly.