oru.sePublications
Change search
Refine search result
12 1 - 50 of 75
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the 'Create feeds' function.
  • 1.
    Al-Haydar, Sattar
    et al.
    Örebro University, Department of Business, Economics, Statistics and Informatics.
    Karlsson, Fredrik
    Örebro University, Department of Business, Economics, Statistics and Informatics.
    Cultural aspects in global systems development: an analytical tool2007Conference paper (Refereed)
  • 2.
    Andersson, Annika
    et al.
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Terminologi och begrepp inom informationssäkerhet: Hur man skapar en språkgemenskap2016Report (Other (popular science, discussion, etc.))
    Abstract [sv]

    Syftet med den här studien är att utvärdera svensk terminologi på informationssäkerhetsområdet med fokus på frågor om målgrupper och grundläggande termer. Baserat på en Delphi-studie, där experter från olika yrkeskategorier har fått definiera en uppsättning grundläggande begrepp, har vi utvärderat både experternas definitioner och processen med att ta fram definitionerna. Vi har identifierat flera problem med svensk terminologi på informationssäkerhetsområdet. För att stödja arbetet med att utveckla svensk terminologi för informationssäkerhet beskriver vi i rapporten förslag på hur arbetet kan bedrivas vidare. De problem vi har identifierat är bl.a. att begrepp som inte finns med i rådande styrdokument blir otydliga och svårtolkade för experter inom området och att det är problematiskt med två olika styrdokument (HB550 och SIS-TR50:2015) i användning med delvis olika definitioner av samma begrepp. Vi har även sett att olika yrkeskategorier ofta definierar begreppen utifrån sin specifika profession, vilket kan innebära att det finns ett behov av att säkerhetsbegrepp kontextualiseras utifrån yrkesroller. Processen med att arbeta med experter enligt Delphi-metoden gav ett bra underlag för att analysera och diskutera olika definitioner av centrala begrepp inom informationssäkerhetsområdet. Dessutom har experterna varit mycket engagerade i processen. Vi föreslår att framtida begreppsutredningar använder sig av denna metod eller varianter av den och att det är experterna, de som i sitt dagliga yrke handhar informationssäkerheten, som ska vara de som skapar definitionerna. Vi ser också ett stort behov av större, effektivare och mer samordnade former för framtida begreppsutredningar.

  • 3.
    Andersson, Annika
    et al.
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Konfliktfylld kultur vid framtagande av informationssäkerhetsstandarder2017In: Informationssäkerhet och organisationskultur / [ed] Jonas Hallberg, Peter Johansson, Fredrik Karlsson, Frida Lundberg, Björn Lundgren, Marianne Törner, Lund: Studentlitteratur AB, 2017Chapter in book (Other (popular science, discussion, etc.))
  • 4.
    Frostenson, Magnus
    et al.
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Helin, Sven
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Prenkert, Frans
    Örebro University, Örebro University School of Business.
    Samverkan mellan aktörer i industriella nätverk skapar nya utmaningar för informationssäkerheten2017In: Informationssäkerhet och organisationskultur / [ed] J. Hallberg, P. Johansson, F. Karlsson, F. Lundberg, B. Lundgren, M. Törner, Lund, 2017, 1, p. 61-75Chapter in book (Refereed)
  • 5.
    Hallberg, Jonas
    et al.
    Totalförsvarets forskningsinstitut, Stockholm, Sverige.
    Johansson, PeterChalmers tekniska högskola AB, Göteborg, Sverige.Karlsson, FredrikÖrebro University, Örebro University School of Business.Lundberg, FridaLundgren, BjörnKungliga Tekniska Högskolan, Stockholm, Sverige.Törner, MarianneGöteborgs universitet, Göteborg, Sverige.
    Informationssäkerhet och organisationskultur2017Collection (editor) (Other (popular science, discussion, etc.))
  • 6.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Dhillon, Gurpreet
    Virginia Commonwealth University, Richmond, USA.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Using actor network theory to understand information security management2010In: Security and privacy: silver linings in the cloud / [ed] Kai Rannenberg, Vijay Varadharajan, Christian Weber, Berlin, Germany: Springer, 2010, p. 43-54Conference paper (Refereed)
    Abstract [en]

    This paper presents an Actor Network Theory (ANT) analysis of a computer hack at a large university. Computer hacks are usually addressed through technical means thus ensuring that perpetrators are unable to exploit system vulnerabilities. We however argue that a computer hack is a result of different events in a heterogeneous network embodying human and non-human actors. Hence a secure organizational environment is one that is characterized by ‘stability’ and ‘social order’, which is a result of negotiations and alignment of interests among different actants. The argument is conducted through a case study. Our findings reveal not only the usefulness of ANT in developing an understanding of the (in)security environment at the case study organization, but also the ability of ANT to identify differences in interests among actants. At a practical level, our analysis suggests three principles that management needs to pay attention to in order to prevent future security breaches.

  • 7.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Developing Information and Communication Technologies for Health Care - Design Principles2006Conference paper (Other academic)
  • 8.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Facing moving targets?2008In: Electronic government: proceedings of ongoing research and projects of EGOV 08 / [ed] Enrico Ferro, H. Jochen Scholl, Maria A. Wimmer, Linz: Trauner Verlag , 2008, p. 62-69Conference paper (Refereed)
    Abstract [en]

    It is widely acknowledged that requirements change during systems development projects. The reasons are usually explained by changes in lower-level goals, while high-level goals are expected to be stable. In this paper we analyse, and compare, how two electronic government projects use goals as a basis for procuring new Information Technology systems. The high-level goals of these projects have evolved differently, where high-level goals changed in one project, but remained stable in the second project. This can be explained by the fact that the two cases have interpreted the concept of high-level goals differently. We believe that goal-stability increases when values are related to high-level goals during goal-oriented requirements engineering. This illustrates the importance of taking political values into consideration when defining the high-level goals for electronic government projects.

  • 9.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Shooting on a moving target?2008In: EGOV 2008, 2008Conference paper (Refereed)
    Abstract [en]

    It is widely acknowledged that requirements change during systems development projects. The reasons are usually explained by changes in lower-level goals, while high-level goals are expected to be stable. In this paper we analyse, and compare, how two electronic government projects use goals as a basis for procuring new Information Technology systems. The high-level goals of these projects have evolved differently, where high-level goals changed in one project, but remained stable in the second project. This can be explained by the fact that the two cases have interpreted the concept of high-level goals differently. We believe that goal-stability increases when values are related to high-level goals during goal-oriented requirements engineering. This illustrates the importance of taking political values into consideration when defining the high-level goals for electronic government projects.

     

     

  • 10.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Kolkowska, Ella
    Örebro University, Swedish Business School at Örebro University.
    Managing information systems security: compliance between users and managers2009In: E-Hospital, ISSN 1374-321X, Vol. 11, no 2, p. 30-31Article in journal (Other (popular science, discussion, etc.))
  • 11.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Social action theory for understanding information security non-compliance in hospitals: the importance of user rationale2013In: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 21, no 4, p. 266-287Article in journal (Refereed)
    Abstract [en]

    Purpose – Employees' compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the usefulness of social action theory (SAT) for management of information security.

    Design/methodology/approach – This research was carried out as a longitudinal case study at a Swedish hospital. Data were collected using a combination of interviews, information security documents, and observations. Data were analysed using a combination of a value-based compliance model and the taxonomy laid out in SAT to determine user rationality.

    Findings – The paper argues that management of information security and design of countermeasures should be based on an understanding of users' rationale covering both intentional and unintentional non-compliance. The findings are presented in propositions with practical and theoretical implications: P1. Employees' non-compliance is predominantly based on means-end calculations and based on a practical rationality, P2. An information security investigation of employees' rationality should not be based on an a priori assumption about user intent, P3. Information security management and choice of countermeasures should be based on an understanding of the use rationale, and P4. Countermeasures should target intentional as well as unintentional non-compliance.

    Originality/value – This work is an extension of Hedström et al. arguing for the importance of addressing user rationale for successful management of information security. The presented propositions can form a basis for information security management, making the objectives underlying the study presented in Hedström et al. more clear

  • 12.
    Hedström, Karin
    et al.
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Utveckling av praktikanpassad informationssäkerhetspolicy2017In: Informationssäkerhet och organisationskultur / [ed] Jonas Hallberg, Peter Johansson, Fredrik Karlsson, Frida Lundberg, Björn Lundgren, Marianne Törner, Lund: Studentlitteratur AB, 2017Chapter in book (Other (popular science, discussion, etc.))
  • 13.
    Hedström, Karin
    et al.
    Örebro University, Örebro University School of Business. Department of Management and Engineering, Linköping University, Linköping, Sweden.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Söderström, Fredrik
    Department of Management and Engineering, Information Systems Division, Linköping University, Linköping, Sweden .
    Challenges of introducing a professional eID card within health care2016In: Transforming Government: People, Process and Policy, ISSN 1750-6166, E-ISSN 1750-6174, Vol. 10, no 1, p. 22-46Article in journal (Refereed)
    Abstract [en]

    Purpose: The purpose of this paper is to examine the challenges that arise when introducing an electronic identification (eID) card for professional use in a health-care setting.

    Design/methodology/approach: This is a case study of an eID implementation project in healthcare. Data were collected through interviews with key actors in a project team and with eID end users. The authors viewed the eID card as a boundary object intersecting social worlds. For this analysis, the authors combined this with an electronic government initiative challenge framework.

    Findings: The findings of this paper illustrate the interpretative flexibility of eID cards and how eID cards as boundary objects intersect social worlds. The main challenges of implementing and using eID cards in healthcare are usability, user behaviour and privacy. However, the way in which these challenges are interpreted varies between different social worlds.

    Practical implications: One of the implications for future practice is to increase our understanding of the eID card as a socio-technical artefact, where the social and technical is intertwined, at the same time as the eID card affects the social as well as the technical. By using a socio-technical perspective, it is possible to minimise the potential problems related to the implementation and use of eID.

    Originality/value: Previous research has highlighted the need for more empirical research on identity management. The authors contextualise and analyse the implementation and use of eID cards within healthcare. By viewing the eID card as a boundary object, the authors have unveiled its interpretative flexibility and how it is translated across different social worlds.

  • 14.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Kolkowska, Ella
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Allen, J. P.
    School of Management, University of San Francisco, San Francisco, USA.
    Value conflicts for information security management2011In: Journal of strategic information systems, ISSN 0963-8687, E-ISSN 1873-1198, Vol. 20, no 4, p. 373-384Article in journal (Refereed)
    Abstract [en]

    A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model.

  • 15.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Melin, Ulf
    Linköping University, Linköping, Sweden .
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Kolkowska, Ella
    Örebro University, Swedish Business School at Örebro University.
    Availability in Practice2011Conference paper (Other academic)
  • 16.
    Hedström, Karin
    et al.
    Örebro University, Örebro University School of Business.
    Persson, Anne
    Högskolan i Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Swedish e-health: from policy to practice2012Conference paper (Refereed)
  • 17.
    Holgersson, Jesper
    et al.
    Högskolan i Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Exploring citizens’ possibilities to participate in public e-service development2011In: Electronic government and electronic participation: joint proceedings of ongoing research and projects of IFIP EGOV and ePart 2011 / [ed] J.-L. Chappelet, O. Glassey, M. Janssen, A. Macintosh, J. Scholl, E. Tambouris, M. A. Wimmer, Linz: TRAUNER Verlag, 2011Conference paper (Refereed)
    Abstract [en]

    The increased interest for user participation in development of public electronic services (public e-services for short) is expected to bring similar value as it has done in other systems development projects. Existing research, however, has shown that introducing user participation to public e-service development is associated with a number of challenges. We have in this paper explored the challenges a) getting users to participate, and b) lacking adequate skills, in the context of three user participation schools. Our interview results show that citizens in general are interested to participate in public e-service development, and favour user participation schools with a high degree of active participation.Moreover, citizens’ ability to participate is high with respect to ICT-knowledge. However, their knowledge of laws, regulations and business processes related to public authorities in general is low, thus limiting citizens’ ability to participate.

  • 18.
    Holgersson, Jesper
    et al.
    Informatics Research Centre, University of Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Public e-service development: understanding citizens' conditions for participation2014In: Government Information Quarterly, ISSN 0740-624X, E-ISSN 1872-9517, Vol. 31, no 3, p. 396-410Article in journal (Refereed)
    Abstract [en]

    For decades, user participation has brought value to various systems development projects. Today, there are expectations that public e-service development will experience the same benefits. However, existing research has shown that introducing user participation into public e-service development can be challenging. In this study, we interviewed citizens in order to explore their willingness and ability to participate in public e-service development according to three user participation schools: User-Centred Design, Participatory Design and User Innovation. Our findings show that citizens in general are willing to participate, but their ability to do so is limited. Based on our findings, we developed nine propositions to explain citizens' willingness and ability to participate in public e-service development. The propositions contribute to practice by acting as a tentative guide for systems developers when they use user participation schools as inspiration in public e-service projects. They also act as a starting point for future research into conditions for user participation in public e-service development. (C) 2014 Elsevier Inc. All rights reserved.

  • 19.
    Holgersson, Jesper
    et al.
    Högskolan i Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Understanding business employees’ conditions for participating in public e-service development2012In: European Conference on Information Systems 2012, AIS Electronic Library , 2012Conference paper (Refereed)
  • 20.
    Holgersson, Jesper
    et al.
    Högskolan Skövde, Skövde, Sweden.
    Söderström, Eva
    Högskolan Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    Towards a roadmap for user involvement in e-government service development2010In: Electronic government / [ed] Maria A. Wimmer, Jean-Loup Chappelet, Marijn Janssen, Hans J. Scholl, Berlin, Germany: Springer , 2010, p. 251-262Conference paper (Refereed)
    Abstract [en]

    New technology means new ways of both developing, providing and consuming services. In the strive for government organizations to build and maintain relationships with its citizens, e-presence is highly important. E-services are one way to go, and it has been argued that user participation is an important part of developing said services. In this paper we analyze a selection of user participation approaches from a goal perspective to see how they fit in an e-government service development context., In doing so, we identify four challenges that need to be addressed when including users in the development: 1) Identifying the user target segment, 2) Identifying the individual user within each segment, 3) Getting users to participate, and 4) Lacking adequate skills

  • 21.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    A wiki-based approach to method tailoring2008In: Proceedings of the 3rd international conference on the pragmatic web: innovating the interactive society / [ed] Pär J. Ågerfalk, Harry Delugach, Mikael Lind, New York: ACM , 2008, p. 13-22Conference paper (Refereed)
    Abstract [en]

    Tailoring systems development methods is a challenge. Both the research of method engineering and method-in-action have put much effort into this issue. State-of-the art Computer-Aided Method Engineering tools for situational method engineering often requires specific competences in meta modelling languages. Together with the tool investments they often become heavy weight solutions for small systems development companies that seek method tailoring support. In this paper a wiki-based approach to method tailoring, the Wiki Method Tool (WMT), has been evaluated during two systems development projects. The evaluation of this light weight tool has been carried out in a small systems development company in Sweden. The evaluation has been anchored in Activity Theory to focus on the collaborative actions on the situational methods using the WMT, such as changing work descriptions and templates. The WMT itself contributed with data about each documented change -- what the change looked like, by whom, and when it was made. Based on these data and subsequent interviews, we report on lessons learned and can conclude that all team members have contributed to the situational methods. It also means that they took a shared responsibility for the role as method engineer.

  • 22.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Orebro University School of Business, Örebro University, Sweden.
    Att analysera värderingar bakom informationssäkerhet2011Report (Other (popular science, discussion, etc.))
  • 23.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Bridging the Gap: between Method for Method Configuration and Situational Method Engineering2002Conference paper (Refereed)
  • 24.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Internet-based Software Artefacts A Trigger for Rethinking Process Configuration: A Trigger for Rethinking Process Configuration2001In: Proceedings of Conference for the Promotion of Research in IT at New Universities and at University Colleges in Sweden, 23-25 April 2001, Ronneby, Sweden., 2001Conference paper (Refereed)
  • 25.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Longitudinal use of method rationale in method configuration: an exploratory study2013In: European Journal of Information Systems, ISSN 0960-085X, E-ISSN 1476-9344, Vol. 22, no 6, p. 690-710Article in journal (Refereed)
    Abstract [en]

    Organizations that implement a company-wide method to standardize the way that systems development is carried out still have a need to adapt this method to specific projects. When adapting this method the end results should align with the basic philosophy of the original method. To this end, goal-driven situational method engineering has been proposed. However, there are no longitudinal studies on systems developers’ use of such approaches and their intentions to balance their need of adaptation with the basic philosophy of the original method. This paper explores how goal-driven method configuration has been used by two project teams in six successive systems development projects, with the intention to balance the goals and values of a specific method with the systems developers’ need for method adaptation. We do that through the use of method rationality resonance theory. Through content examples of method configurations, we report on (a) lessons learned from the project teams’ work on balancing the goals of the company-wide method with their needs and (b) theoretical development of the method rationality resonance theory.

  • 26.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Method Components: Applied2004In: Promote IT 2004: proceedings of the fourth Conference for the Promotion of Research in IT at New Universities and University Colleges in Sweden : 5-7 May, 2004, Karlstad University, Sweden. P. 2 / [ed] Bubenko, Janis, Karlstad: Karlstad University Press, 2004Conference paper (Refereed)
  • 27.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Method Components From the Horizon of Activity Theory2005In: Promote IT 2005: proceedings of the fifth Conference for the Promotion of Research in IT at New Universities and University Colleges in Sweden : Borlänge, Sweden 11-13 May, 2005 / [ed] Bubenko, Janis, Lund: Studentlitteratur AB, 2005Conference paper (Refereed)
  • 28.
    Karlsson, Fredrik
    Örebro University, Department of Business, Economics, Statistics and Informatics.
    Method configuration: a systems development project revisited2005Conference paper (Refereed)
  • 29.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Method Tailoring as Negotiation2008In: CAiSE Forum, volume 344 of CEUR Workshop Proceedings, Amsterdam, Netherlands: Elsevier, 2008Conference paper (Refereed)
    Abstract [en]

    The need for method tailoring is widely accepted in the field of information systems development methods. Today much attention has been devoted to viewing method tailoring either as (a) a highly rational process with the method engineer as the driver where the method users are passive information providers, or (b) as an unstructured process where the developer makes individual choices, a selection process without a driver. In this paper we view method tailoring from a negotiation perspective using Actor Network Theory. Our narrative examples depict method tailoring as a more complexprocess than either (a) or (b) show.

  • 30.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    On The Empirical Grounding of Meta-Method for Method Configuration: The Personnel System2003In: Proceedings of Promote IT 2003, 2003Conference paper (Refereed)
  • 31.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Programmering i Delphi.Net2007 (ed. 1)Book (Other (popular science, discussion, etc.))
  • 32.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Using two heads in practice2008In: Proceedings of the 4th international workshop on End-user software engineering, (WEUSE '08), New York: ACM , 2008, p. 43-47Conference paper (Refereed)
    Abstract [en]

    Group development has been proposed as a way of improving quality in end user development. Earlier experiments have shown promising results on error rates. However, these studies have been carried out on students, often, in laboratory settings. This study reports on a field experiment on group development during spreadsheeting. Experienced business managers have been working alone (monads) and in groups of two (dyads), solving a context specific problem. The results show that dyads made 36% fewer errors than monads. Hence, the results verify earlier findings and that group development can be recommended as a technique to include in end user development processes to improve quality.

  • 33.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Dhillon, GurpreetVirginia Commonwealth University, Richmond VA, USA.Harnesk, DanLuleå Tekniska Universitet, Luleå, Sweden.Kolkowska, EllaÖrebro University, Örebro University School of Business.Hedström, KarinÖrebro University, Örebro University School of Business.
    Proceedings of the 2011 European Security Conference (ESC’11): Exploring emergent frontiers in identity and privacy management2011Conference proceedings (editor) (Other academic)
  • 34.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business. Informatics, CERIS.
    Frostenson, Magnus
    Örebro University, Örebro University School of Business.
    Prenkert, Frans
    Örebro University, Örebro University School of Business. Business Administration, INTERORG.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business. Informatics, CERIS.
    Helin, Sven
    Örebro University, Örebro University School of Business.
    Inter-organisational information sharing in the public sector: A longitudinal case study on the reshaping of success factors2017In: Government Information Quarterly, ISSN 0740-624X, E-ISSN 1872-9517, Vol. 34, no 4, p. 567-577Article in journal (Refereed)
    Abstract [en]

    Today, public organisations need to share information in order to complete their tasks. Over the years, scholars have mapped out the social and organisational factors that affect the success or failure of these kinds of endeavours. However, few of the suggested models have sought to address the temporal aspect of inter-organisational information sharing. The aim of this paper is to investigate the reshaping of social and organisational factors of inter-organisational information sharing in the public sector over time. We analysed four years' worth of information sharing in an inter-organisational reference group on copper corrosion in the context of nuclear waste management. We could trace how factors in the model proposed by Yang and Maxwell (2011) were reshaped over time. Two factors in the model – concerns of information misuse and trust – are frequently assessed by organisations and are the most likely to change. In the long run we also found that legislation and policies can change.

  • 35.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Goldkuhl, Göran
    Linköping University, Linköping, Sweden.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Practice-Based Discourse Analysis of Information Security Policy in Health Care2014Conference paper (Refereed)
    Abstract [en]

    Information security is an understudied area within electronic government. In this study, we examine the quality of information security policy design in health care. Employees cause a majority of the security breaches in health care, and many of them are unintentional. In order to support the formulation of practical, from the employees’ perspective, information security policies, we propose eight tentative quality criteria. These criteria were developed using practice-based discourse analysis on three information security policy documents from a health care organisation.

  • 36.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business.
    Goldkuhl, Göran
    Department of Management and Engineering, Linköping University, Linköping, Sweden.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    Practice-Based Discourse Analysis of InfoSec Policies2015In: ICT systems security and privacy protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings / [ed] Hannes Federrath, Dieter Gollmann, Boston: Springer International Publishing , 2015, p. 297-310Conference paper (Refereed)
    Abstract [en]

    Employees' poor compliance with information security policies is a perennial problem for many organizations. Existing research shows that about half of all breaches caused by insiders are accidental, which means that one can question the usefulness of information security policies. In order to support the formulation of practical, from the employees' perspective, information security policies, we propose eight tentative quality criteria. These criteria were developed using practice-based discourse analysis on three information security policy documents from a health care organisation.

  • 37.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business. End user development and information security cultureDepartment of Management and Engineering, Linköping University, Linköping, Sweden.
    End user development and information security culture2014In: Human Aspects of Information Security, Privacy, and Trust / [ed] Theo Tryfonas, Ioannis Askoxylakis, Springer publications , 2014, p. 246-257Conference paper (Refereed)
    Abstract [en]

    End user development has grown strong during the last decades. The advantages and disadvantages of this phenomenon have been debated over the years, but not extensively from an information security culture point of view. We therefore investigate information security design decisions made by an end user during an end user development. The study is interpretative and the analysis is structured using the concept of inscriptions. Our findings show that end user development results in inscriptions that may induce security risks that organizations are unaware of. We conclude that it is a) important to include end user development as a key issue for information security management, and include end user developers as in important group for the development of a security-aware culture, and b) that information security aspects are addressed in end user development policies.

  • 38.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Evaluating end user development as a requirements engineering technique for communicating across social worlds during systems development2013In: Scandinavian Journal of Information Systems, ISSN 0905-0167, E-ISSN 1901-0990, Vol. 25, no 2Article in journal (Refereed)
    Abstract [en]

    Requirements engineering is a key activity in systems development. This paper examines six systems development projects that have used end user development (EUD) as a requirements engineering technique for communicating across social worlds. For this purpose, we employed the theoretical lens of design boundary object in order to focus on functional and political ecologies during the development process. Four features were investigated: (1) the capability for common representation, (2) the capability to transform design knowledge, (3) the capability to mobilise for design action, and (4) the capability to legitimise design knowledge across social worlds. We concluded that EUD means a high degree of end user involvement and takes advantage of end users’ know-how. It has the ability to capture requirements and transfer them into the final information system without the need to make an explicit design rationale available to the systems developers. However, systems developers have little or no influence on business requirements. Their role is mainly as technical experts rather than business developers. The systems developers took control and power of technical requirements, while requirements that relate to business logic remained with the end users. Consequently, the systems developers did not act as catalysts in the systems development process

  • 39.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    Exploring the conceptual structure of security rationale2008Conference paper (Refereed)
    Abstract [en]

    Working with a socio-technical view on information systems security is a challenge. Existing studies show that a great number of security incidents are caused by trusted personnel within organizations due to the tension between the design of information systems security policies, guidelines, rules and tools, and how they actually are used. This paper describes a framework for anlyzinging users’ compliance with the creator’s intentions that underlie an information systems security design. This framework is anchored in the concept of rationality, and the result can be used, for example, to facilitate the task of analyzing security incidents, to verify existing information systems security approaches, and to match information systems security approaches with organizational requirements. We have illustrated the use of the framework with data on health-care information systems security.

  • 40.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    Negotiating a systems development method2010In: Information systems development: towards a service provision society / [ed] George A. Papadopoulos ..., Heidelberg: Springer, 2010, p. 491-499Conference paper (Refereed)
    Abstract [en]

    Systems development methods (or methods) are often applied in tailored version to fit the actual situation. Method tailoring is in most the existing literature viewed as either (a) a highly rational process with the method engineer as the driver where the project members are passive information providers, or (b) as an unstructured process where the systems developer makes individual choices, a selection process without any driver. The purpose of this paper is to illustrate that important design decisions during method tailoring are made by project members through negotiation. The study has been carried out using the perspective of Actor-Network Theory. Our narratives depict method tailoring as more complex than (a) and (b) show: the driver role rotates between the project members and design decisions are based on influences from several project members. However, these design decisions are not consensus decisions.

  • 41.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    Var är perspektivet?: Systemutvecklingsforskning inom e-government2010In: Förvaltning och medborgarskap i förändring: etablerad praxis och kritiska perspektiv / [ed] Katarina Lindblad-Gidlund, Lund: Studentlitteratur AB, 2010, p. 121-138Chapter in book (Other academic)
  • 42.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Goldkuhl, Göran
    Information Systems, Linköpings Universitet, Linköping, Sweden.
    Practice-based discourse analysis of information security policies2017In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 67, p. 267-279Article in journal (Refereed)
    Abstract [en]

    To address the “insider” threat to information and information systems, an information security policy is frequently recommended as an organisational measure. However, having a policy in place does not necessarily guarantee information security. Employees’ poor compliance with information security policies is a perennial problem for many organisations. It has been shown that approximately half of all security breaches caused by insiders are accidental, which means that one can question the usefulness of current information security policies. We therefore propose eight tentative quality criteria in order to support the formulation of information security policies that are practical from the employees’ perspective. These criteria have been developed using practice-based discourse analysis on three information security policy documents from a health care organisation.

  • 43.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University. nformatics Research Centre, University of Skövde, Skövde, Sweden.
    Holgersson, Jesper
    nformatics Research Centre, University of Skövde, Skövde, Sweden.
    Söderström, Eva
    nformatics Research Centre, University of Skövde, Skövde, Sweden.
    Hedström, Karin
    Örebro University, Örebro University School of Business. nformatics Research Centre, University of Skövde, Skövde, Sweden.
    Exploring user participation approaches in public e-service development2012In: Government Information Quarterly, ISSN 0740-624X, E-ISSN 1872-9517, Vol. 29, no 2, p. 158-168Article in journal (Refereed)
    Abstract [en]

    It has been argued that user participation is important when public authorities develop e-services. At the same time there is limited research on the usefulness of existing user participation approaches in public e-service development. In this paper we, therefore, analyze how the three user participation approaches – participatory design, user-centered design, and user innovation – meet the strategic e-service goals of the EU and the US. In doing so, we identify three challenges that need to be considered when choosing among these approaches: 1) unclear user target segments can impede the fulfillment of usability and relevance goals, 2) the nature of participation can impede the fulfillment of democracy goals, and 3) lack of adequate skills can impede the fulfillment of efficiency goals.

  • 44.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business. CERIS, Department of Informatics.
    Karlsson, Martin
    Örebro University, School of Humanities, Education and Social Sciences. Department of Political Science.
    Åström, Joachim
    Örebro University, School of Humanities, Education and Social Sciences. Department of Political Science.
    Measuring employees’ compliance: The importance of value pluralism2017In: Information and Computer Security, ISSN 1434-5250, E-ISSN 2220-3796, Vol. 25, no 3, p. 279-299Article in journal (Refereed)
    Abstract [en]

    Purpose: This paper aims to investigate two different types of compliance measures: the first measure is a value-monistic compliance measure, whereas the second is a value-pluralistic measure, which introduces the idea of competing organisational imperatives.

    Design/methodology/approach: A survey was developed using two sets of items to measure compliance. The survey was sent to 600 white-collar workers and analysed through ordinary least squares.

    Findings: The results suggest that when using the value-monistic measure, employees' compliance was a function of employees' intentions to comply, their self-efficacy and awareness of information security policies. In addition, compliance was not related to the occurrence of conflicts between information security and other organisational imperatives. However, when the dependent variable was changed to a value-pluralistic measure, the results suggest that employees' compliance was, to a great extent, a function of the occurrence of conflicts between information security and other organisational imperatives, indirect conflicts with other organisational values.

    Research limitations/implications: The results are based on small survey; yet, the findings are interesting and justify further investigation. The results suggest that relevant organisational imperatives and value systems, along with information security values, should be included in measures for employees' compliance with information security policies.

    Practical implications: Practitioners and researchers should be aware that there is a difference in measuring employees' compliance using value monistic and value pluralism measurements.

    Originality/value: Few studies exist that critically compare the two different compliance measures for the same population.

  • 45.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Kolkowska, Ella
    Örebro University, Swedish Business School at Örebro University.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    En översikt av informationssäkerhet i Sverige2011Report (Other (popular science, discussion, etc.))
  • 46.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    En översikt av informationssäkerhetsforskning i Sverige2011Report (Other (popular science, discussion, etc.))
  • 47.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Frostenson, Magnus
    Örebro University, Örebro University School of Business.
    Inter-organisational information sharing: Between a rock and a hard place2015In: Proceedings of the Ninth International Symposium on Human Aspects of Information  Security & Assurance (HAISA 2015), Plymouth UK: Plymouth University , 2015, p. 71-81Conference paper (Refereed)
    Abstract [en]

    Although inter-organisational collaboration is common, most information security (IS) research has focused on IS issues within organisations. Confidentiality, integrity of data and availability (CIA) and responsibility, integrity of role, trust, and ethicality (RITE) are two sets of principles for managing IS that have been developed from an intra-organisational, rather static, perspective. The aim of this paper is thus to investigate the relation between the CIA and RITE principles in the context of an inter-organisational collaboration, i.e., collaboration between organisations. To this end we investigated inter-organisational collaboration and information sharing concerning Swedish cooper corrosion research in the field a long-term nuclear waste disposal. We found that in an inter-organisational context, responsibility, integrity of role and ethicality affected the CIA-principles, which in turn affected the collaborating actors’ trust in each other over time.

  • 48.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Prenkert, Frans
    Örebro University, Örebro University School of Business.
    Inter-organisational information security: a systematic literature review2016In: Information & Computer Security, ISSN 2056-4961, Vol. 24, no 5, p. 418-451Article in journal (Refereed)
    Abstract [en]

    Purpose: The purpose of this paper is to survey existing inter-organisational information securityresearch to scrutinise the kind of knowledge that is currently available and the way in which thisknowledge has been brought about.

    Design/methodology/approach: The results are based on a literature review of inter-organisational information security research published between 1990 and 2014.

    Findings: The authors conclude that existing research has focused on a limited set of research topics.A majority of the research has focused management issues, while employees’/non-staffs’ actualinformation security work in inter-organisational settings is an understudied area. In addition, themajority of the studies have used a subjective/argumentative method, and few studies combinetheoretical work and empirical data.

    Research limitations/implications: The findings suggest that future research should address abroader set of research topics, focusing especially on employees/non-staff and their use of processes andtechnology in inter-organisational settings, as well as on cultural aspects, which are lacking currently;focus more on theory generation or theory testing to increase the maturity of this sub-field; and use abroader set of research methods.

    Practical implications: The authors conclude that existing research is to a large extent descriptive,philosophical or theoretical. Thus, it is difficult for practitioners to adopt existing research results, suchas governance frameworks, which have not been empirically validated.

    Originality/value: Few systematic reviews have assessed the maturity of existinginter-organisational information security research. Findings of authors on research topics, maturity andresearch methods extend beyond the existing knowledge base, which allow for a critical discussionabout existing research in this sub-field of information security.

  • 49.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Linander, Fredrik
    Örebro University, Örebro University School of Business. Saab Dynamics AB, Karlskoga, Sweden.
    von Schéele, Fabian
    Linnaues University, Växjö, Sweden.
    A conceptual framework for time distortion analysis in method components2014In: Exploring Modelling Methods for Systems Analysis and Design (EMMSAD'14), Berlin Heidelberg: Springer Berlin/Heidelberg, 2014, p. 454-463Conference paper (Refereed)
    Abstract [en]

    The “software crisis” is still a prevailing problem to many organizations despite existence of advanced systems engineering methods, techniques for project planning and method engineering; systems engineering project still struggle to deliver on time and budget, and with sufficient quality. Existing research stresses that time leakage has a lever effect on economic outcome, which is not addressed in the abovementioned approaches. As part of an on-going research project we therefore extend existing method engineering concept to include time distortion analysis. This allows for analysis of resource use (productivity) in execution of method components. It has the potential to act as a) a tool for improving the execution of systems engineering processes, or b) criteria for selecting method parts to improve the systems engineering processes.

  • 50.
    Karlsson, Fredrik
    et al.
    Örebro University, Department of Business, Economics, Statistics and Informatics.
    Wistrand, Kai
    Örebro University, Department of Business, Economics, Statistics and Informatics.
    Combining method engineering with activity theory: theoretical grounding of the method component concept2006In: European Journal of Information Systems, ISSN 0960-085X, E-ISSN 1476-9344, Vol. 15, no 1, p. 82-90Article in journal (Refereed)
    Abstract [en]

    The complex and demanding business of developing information systems often involves the use of different systems development methods such as the Rational Unified Process or the Microsoft Solution Framework. Through these methods the development organisation can be viewed as a collective of actors following different rules in the form of prescribed actions in order to guide a work process in accord with activity theory. Very often standardised systems development methods need tailoring for unique projects and strategies for this process have been labelled method engineering. Method configuration, a sub-discipline to method engineering, is applicable in situations where a single base method is used as a starting point for the engineering process. A meta-method (method for method configuration) has been developed addressing these issues. A fundamental part of this meta-method is the method component construct as a means to facilitate efficient and rationally motivated modularisation of systems development methods. This paper is an exploration of possible benefits of combining activity theory and method engineering as theoretical grounding of the method component concept.

12 1 - 50 of 75
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf