To Örebro University

oru.seÖrebro University Publications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Qualitative Content Analysis of Actionable Advice in Swedish Public Agencies’ Information Security Policies
Örebro University, Örebro University School of Business.ORCID iD: 0000-0002-4439-4713
Örebro University, Örebro University School of Business.ORCID iD: 0000-0002-3265-7627
2023 (English)In: Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings / [ed] Steven Furnell; Nathan Clarke, Springer, 2023, p. 157-168Conference paper, Published paper (Refereed)
Abstract [en]

Information security policies (ISPs) are an essential type of formal control that must be designed in a manner that is easily understandable for employees. Prior studies have recommended the inclusion of actionable advice; however, it is unclear how such advice should be worded to minimize the scope for interpretation. Therefore, this study investigates existing ISPs to assess how clear the pieces of actionable advice are and provide suggestions on how actionable advice should be worded in order to be clear. A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. First, the findings revealed an unbalance between the ISPs, where one-third of the ISPs provide over 50% of the analyzed actionable advice. Second, around two-thirds offer advice that is ambiguous and does not provide advice that employees can act upon. We, therefore, recommended that ISP designers exercise caution when using words in the ISP and maintain consistency in their word choices throughout.

Place, publisher, year, edition, pages
Springer, 2023. p. 157-168
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238, E-ISSN 1868-422X ; 674
Keywords [en]
Information Security Policy, Qualitative Content Analysis, Actionable Advice, Orange Data Mining Software
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:oru:diva-108602DOI: 10.1007/978-3-031-38530-8_13ISBN: 9783031385292 (print)ISBN: 9783031385322 (print)ISBN: 9783031385308 (electronic)OAI: oai:DiVA.org:oru-108602DiVA, id: diva2:1800926
Conference
17th IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2023), Kent, UK, July 4–6, 2023
Available from: 2023-09-28 Created: 2023-09-28 Last updated: 2023-09-28Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Rostami, ElhamKarlsson, Fredrik

Search in DiVA

By author/editor
Rostami, ElhamKarlsson, Fredrik
By organisation
Örebro University School of Business
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 42 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf