oru.sePublikationer
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards analysing the rationale of information security non-compliance: Devising a Value-Based Compliance analysis method
Örebro University, Orebro University School of Business, Örebro University, Sweden. (CERIS)
Örebro University, Orebro University School of Business, Örebro University, Sweden. (CERIS)
Örebro University, Swedish Business School at Örebro University. (CERIS)ORCID iD: 0000-0003-2304-7170
2017 (English)In: Journal of strategic information systems, ISSN 0963-8687, E-ISSN 1873-1198, Vol. 6, no 1, 39-57 p.Article in journal (Refereed) Published
Abstract [en]

Employees’ poor compliance with information security policies is a perennial problem. Current information security analysis methods do not allow information security managers to capture the rationalities behind employees’ compliance and non-compliance. To address this shortcoming, this design science research paper suggests: (a) a Value-Based Compliance analysis method and (b) a set of design principles for methods that analyse different rationalities for information security. Our empirical demonstration shows that the method supports a systematic analysis of why employees comply/do not comply with policies. Thus we provide managers with a tool to make them more knowledgeable about employees’ information security behaviours. 

Place, publisher, year, edition, pages
Amsterdam, Netherlands: Elsevier, 2017. Vol. 6, no 1, 39-57 p.
Keyword [en]
Information systems security, Compliance, Goals, Value, Rationale Method, Security policy
National Category
Information Systems, Social aspects
Research subject
Informatics
Identifiers
URN: urn:nbn:se:oru:diva-54117DOI: 10.1016/j.jsis.2016.08.005ISI: 000397689700004Scopus ID: 2-s2.0-84992365538OAI: oai:DiVA.org:oru-54117DiVA: diva2:1058091
Funder
Swedish Civil Contingencies Agency
Available from: 2016-12-20 Created: 2016-12-20 Last updated: 2017-04-24Bibliographically approved

Open Access in DiVA

Towards analysing the rationale of information security non-compliance: Devising a Value-Based Compliance analysis method(1602 kB)157 downloads
File information
File name FULLTEXT01.pdfFile size 1602 kBChecksum SHA-512
b1eb0807e7dfcdc246c793e53a5885bac6cb8a12adcde2d1849ab40991920dde4aa9e7838380c217ab8059ea5628f5061d5e78e293baaa9807c20b27974e0063
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Kolkowska, EllaKarlsson, FredrikHedström, Karin
By organisation
Orebro University School of Business, Örebro University, SwedenSwedish Business School at Örebro University
In the same journal
Journal of strategic information systems
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 157 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 305 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf