oru.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A method for analyzing value-based compliance in systems security
Örebro University, Örebro University School of Business.
2013 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

Aim: The aim of this thesis is to design a method that supports analysis of different values that come into play in compliance and non compliance situations within information systems security (ISS). The thesis addresses the problem of lack of ISS compliance methods that support systematic analysis of compliant and non-compliant behaviours as well as the reasons for these behaviours. The problem is addressed by designing a method that supports analysis of different values that come into play in compliance and non compliance situations in ISS. The method is called Value Based Compliance method (VBC method).

Research questions: The main research question of the thesis is: How should a method for analysis of different values that come in play in compliance and non-compliance situations within ISS be designed? This research question is answered by answering three sub-questions: 1) What values and goals (perspective) should the VBC method realize? 2) What underpinning design principles should the VBC method build on? 3) How should the VBC method be constructed to realize the VBC perspective and to incorporate the design principles?

Research method: Design Science Research (DSR) was chosen as a research approach in this thesis. DSR prescribe how to carry on a design process of an artefact with preserved rigor and relevance. The approach is both useful in order to solve real life problems and theoretically ground suchproblems. The VBC method is informed by a number of kernel theories and based on current knowledge in ISS compliance literature. The method is also empirically tested in three different contexts, during six DSR cycles.

Contributions: The three main contributions from the thesis are: the VBC perspective, the design principles and the VBC method. The VBC perspective is in line with a social view on ISS’s role in organisation. This perspective is realized in the VBC method by analysing values and value conflicts that come in play in compliance and non-compliance situations. Thus this study contributes to the field of ISS by designing a method that realizes the social view on ISS’s role in an organisation. The five design principles for a VBC method is the second contribution. The design theory with the five empirically tested design principles may be the point of departure for development of other compliance methods focusing on analysis of values and value conflicts that come into play in relation to ISS compliance. The design principles contribute also to the ISS compliance field by 1) extending compliance analysis with consideration of the different rationalities (values and goals) 2) acknowledging the difference between rational and non-rational ISS actions and 3) emphasizing the importance of finding articulated as well as unarticulated ISS actions. Finally, the VBC method itself contributes to the ISS compliance research and practice by offering a formalized, theoretically and empirically grounded method for systematic analysis of compliance and non-compliance situations as well as rationalities that come into play in these situations.

Place, publisher, year, edition, pages
Örebro: Örebro universitet , 2013. , p. 341
Series
Örebro Studies in Informatics ; 5
Keywords [en]
ISS compliance, ISS rule compliance, ISS policy violations, ISS policy compliance, behavioural aspects within ISS, employees’ behaviours, user security behaviour
National Category
Information Systems
Research subject
Informatics
Identifiers
URN: urn:nbn:se:oru:diva-27676ISBN: 978-91-7668-926-4 (print)OAI: oai:DiVA.org:oru-27676DiVA, id: diva2:607584
Public defence
2013-05-14, Hörsal M, Örebro universitet, Fakultetstgatan 1, Örebro, 13:15 (English)
Opponent
Supervisors
Available from: 2013-02-25 Created: 2013-02-25 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

omslag(296 kB)162 downloads
File information
File name COVER01.pdfFile size 296 kBChecksum SHA-512
94f021d08d63ad0596ef9d9b774c038fa9a45349557dae9703d82531c43026ef70cf89013ef38fea4a4e8ed76c17c4d18f0f1dfdb4c05161f24967dc5bcdfd3b
Type coverMimetype application/pdf
spikblad(107 kB)30 downloads
File information
File name SPIKBLAD01.pdfFile size 107 kBChecksum SHA-512
f7bc76130f5bb6fffd674aaeba6f2adeb59589e4f81c4de901c46b16b91a13cb1334c009a934156346dc6c99166203fa1647ff582a24d0d67284e19c0f30e2c0
Type spikbladMimetype application/pdf

Authority records BETA

Kolkowska, Ella

Search in DiVA

By author/editor
Kolkowska, Ella
By organisation
Örebro University School of Business
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1035 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf