To Örebro University

oru.seÖrebro University Publications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Qualitative content analysis of actionable advice in information security policies - introducing the keyword loss of specificity metric
Örebro University, Örebro University School of Business.ORCID iD: 0000-0002-4439-4713
Örebro University, Örebro University School of Business.ORCID iD: 0000-0002-3265-7627
2024 (English)In: Information and Computer Security, E-ISSN 2056-4961Article in journal (Refereed) Published
Abstract [en]

Purpose: This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.

Design/methodology/approach: A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric - keyword loss of specificity - to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.

Findings: The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.

Research limitations/implications: The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.

Practical implications: The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.

Originality/value: The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors' knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2024.
Keywords [en]
Information security policy, Actionable advice, Policy design, Content analysis, Text analysis
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:oru:diva-113347DOI: 10.1108/ICS-10-2023-0187ISI: 001202480800001OAI: oai:DiVA.org:oru-113347DiVA, id: diva2:1854323
Available from: 2024-04-25 Created: 2024-04-25 Last updated: 2024-04-25Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Rostami, ElhamKarlsson, Fredrik

Search in DiVA

By author/editor
Rostami, ElhamKarlsson, Fredrik
By organisation
Örebro University School of Business
In the same journal
Information and Computer Security
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 55 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf