Your browser has javascript turned off or blocked. This will lead to some parts of our website to not work properly or at all. Turn on javascript for best performance.

The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here:

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

Mikael Sundström

Mikael Sundström

Senior lecturer

Mikael Sundström

The Weakest Link Human Behaviour and the Corruption of Information Security Management in Organisations - an Analytical Framework


  • Mikael Sundström
  • Robert Holmberg

Summary, in English

In this paper we introduce the norm-injection analysis framework, a construct which can be employed to aid analysis of processes that affect information security management (ISM) in organisations. The underpinnings of this framework draw on and evolve - theories about how apparently mundane organisational processes, particularly managerial demands on employees, may in some instances lead to undesired, perhaps calamitous, consequences. Because the mechanisms between input (demand) and the adverse consequences work by gradually accruing and multiplying Subtle communication "problemettes" into major problems, they are almost undetectable to the untrained eye. Breaches of ISM protocol may appear wholly mysterious to the crash investigators brought in to analyse, post-event, what went wrong. The norm-injection analysis framework is intended to shed light on these below-the-radar processes, and to supplement the tool set an organisation analyst has at his disposal when preparing or evaluating strategic ISM measures.


  • Department of Political Science
  • Department of Psychology

Publishing year







IMSCI '08: 2nd International Multi-Conference on Society, Cybernetics and Informatics, Vol III, Proceedings

Document type

Conference paper


International Institute of Informatics and Systemics


  • Political Science
  • Psychology

Conference name

2nd International Multi-Conference on Society, Cybernetics and Informatics

Conference date

2008-06-29 - 2008-07-02