To Örebro University

oru.seÖrebro University Publications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Information security policy compliance-eliciting requirements for a computerized software to support value-based compliance analysis
Örebro University, Örebro University School of Business. (CERIS)ORCID iD: 0000-0002-3265-7627
Örebro University, Örebro University School of Business. (CERIS)
Örebro University, Örebro University School of Business. (CERIS)ORCID iD: 0000-0003-1766-2206
2022 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 114, article id 102578Article in journal (Refereed) Published
Abstract [en]

When end users have to prioritize between different rationalities in organisations there is a risk of non-compliance with information security policies. Thus, in order for information security managers to align information security with the organisations’ core work practices, they need to understand the competing rationalities. The Value-based compliance (VBC) analysis method has been suggested to this end, however it has proven to be complex and time-consuming. Computerized software may aid this type of analysis and make it more efficient and executable. The purpose of this paper is to elicit a set of requirements for computerized software that support analysis of competing rationalities in relation to end users’ compliance and non-compliance with information security policies. We employed a design science research approach, drawing on design knowledge on VBC and elicited 17 user stories. These requirements can direct future research efforts to develop computerized software in this area.
Place, publisher, year, edition, pages
Elsevier, 2022. Vol. 114, article id 102578
Keywords [en]
Information security management, Information security policy, Compliance, Computerized support, Value-based compliance
National Category
Information Systems, Social aspects
Research subject
Informatics
Identifiers
URN: urn:nbn:se:oru:diva-96255DOI: 10.1016/j.cose.2021.102578ISI: 000754417100009Scopus ID: 2-s2.0-85121671844OAI: oai:DiVA.org:oru-96255DiVA, id: diva2:1624355
Projects
Informationssäkerhetskultur i praktiken
Funder
Swedish Civil Contingencies Agency, 2018-13755Available from: 2022-01-04 Created: 2022-01-04 Last updated: 2022-03-03Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Karlsson, FredrikKolkowska, EllaPetersson, Johan

Search in DiVA

By author/editor
Karlsson, FredrikKolkowska, EllaPetersson, Johan
By organisation
Örebro University School of Business
In the same journal
Computers & security (Print)
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 158 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0
|
WCAG
|
Örebro University Library
|
DiVA Portal
|
DiVA Log in
|
Register in DiVA
|
Contact us