ABSTRACT
This chapter provides a detailed discussion on the practices and related issues and dilemmas experienced at ALPHA during the initial phases of the study. In its role at ALPHA, information risk management (IRM) needed to coordinate activities and influence program adoption and secure practices across various organizational functions and businesses. The global IRM function focused on global policy, strategy, and plans that could impact the entire organization. IRM also had to understand the stakeholders' goals, motivations, supports, and influences in their respective areas and cross functional areas. The social–technical approach introduced changes to the IRM system and practices by adopting social science and systems thinking techniques in understanding individuals and organizational behaviours and devising plans and action strategies the address key attributes identified from the knowledge acquired. The IRM program as a process from the beginning of the study provides an environment for developing IRM competency. The IRM program needed to address the risks of habituation.
