To Örebro University

oru.seÖrebro University Publications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
Refine search result
123 1 - 50 of 106
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Al-Haydar, Sattar
    et al.
    Örebro University, Department of Business, Economics, Statistics and Informatics.
    Karlsson, Fredrik
    Örebro University, Department of Business, Economics, Statistics and Informatics.
    Cultural aspects in global systems development: an analytical tool2007Conference paper (Refereed)
  • 2.
    Andersson, Annika
    et al.
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    “Standardizing information security – a structurational analysis”2022In: Information & Management, ISSN 0378-7206, E-ISSN 1872-7530, Vol. 59, no 3, article id 103623Article in journal (Refereed)
    Abstract [en]

    Given that there are an increasing number of information security breaches, organizations are being driven to adopt best practice for coping with attacks. Information security standards are designed to embody best practice and the legitimacy of these standards is a core issue for standardizing organizations. This study uncovers how structures at play in de jure standard development affect the input and throughput legitimacy of standards. We participated as members responsible for standards on information security and our analysis revealed two structures: consensus and warfare. A major implication of the combination of these structures is that legitimacy claims based on appeals to best practice are futile because it is difficult to know which the best practice is.

  • 3.
    Andersson, Annika
    et al.
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Terminologi och begrepp inom informationssäkerhet: Hur man skapar en språkgemenskap2016Report (Other (popular science, discussion, etc.))
    Abstract [sv]

    Syftet med den här studien är att utvärdera svensk terminologi på informationssäkerhetsområdet med fokus på frågor om målgrupper och grundläggande termer. Baserat på en Delphi-studie, där experter från olika yrkeskategorier har fått definiera en uppsättning grundläggande begrepp, har vi utvärderat både experternas definitioner och processen med att ta fram definitionerna. Vi har identifierat flera problem med svensk terminologi på informationssäkerhetsområdet. För att stödja arbetet med att utveckla svensk terminologi för informationssäkerhet beskriver vi i rapporten förslag på hur arbetet kan bedrivas vidare. De problem vi har identifierat är bl.a. att begrepp som inte finns med i rådande styrdokument blir otydliga och svårtolkade för experter inom området och att det är problematiskt med två olika styrdokument (HB550 och SIS-TR50:2015) i användning med delvis olika definitioner av samma begrepp. Vi har även sett att olika yrkeskategorier ofta definierar begreppen utifrån sin specifika profession, vilket kan innebära att det finns ett behov av att säkerhetsbegrepp kontextualiseras utifrån yrkesroller. Processen med att arbeta med experter enligt Delphi-metoden gav ett bra underlag för att analysera och diskutera olika definitioner av centrala begrepp inom informationssäkerhetsområdet. Dessutom har experterna varit mycket engagerade i processen. Vi föreslår att framtida begreppsutredningar använder sig av denna metod eller varianter av den och att det är experterna, de som i sitt dagliga yrke handhar informationssäkerheten, som ska vara de som skapar definitionerna. Vi ser också ett stort behov av större, effektivare och mer samordnade former för framtida begreppsutredningar.

    Download full text (pdf)
    fulltext
  • 4.
    Andersson, Annika
    et al.
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Consensus versus warfare – unveiling discourses in de jure information security standard development2020In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 99, article id 102035Article in journal (Refereed)
    Abstract [en]

    Information security standards are influential tools in society today. The validity claim of standards is based on what is considered “best practice.” We unveil the negotiations that take place when “best practice” is constructed during standard development. By using dis- course analysis, we investigate how power operates in national and international contexts of de jure information security standard development work. As members of a standard- ization committee, we analyzed the language used by this committee. The results showed two discourses at play: the consensus discourse and the warfare discourse. We conclude by proposing six theoretical propositions on how power operates in the above-mentioned contexts of de jure standard development.

  • 5.
    Andersson, Annika
    et al.
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Konfliktfylld kultur vid framtagande av informationssäkerhetsstandarder2017In: Informationssäkerhet och organisationskultur / [ed] Jonas Hallberg, Peter Johansson, Fredrik Karlsson, Frida Lundberg, Björn Lundgren, Marianne Törner, Lund: Studentlitteratur AB, 2017Chapter in book (Other (popular science, discussion, etc.))
  • 6.
    Bergström, Erik
    et al.
    School of Engineering, Jönköping University, Jönköping, Sweden.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Åhlfeldt, Rose-Mharie
    School of Informatics, University of Skövde, Skövde, Sweden.
    Developing an information classification method2021In: Information and Computer Security, E-ISSN 2056-4961, Vol. 29, no 2, p. 209-239Article in journal (Refereed)
    Abstract [en]

    Purpose: The purpose of this paper is to develop a method for information classification. The proposed method draws on established standards, such as the ISO/IEC 27002 and information classification practices. The long-term goal of the method is to decrease the subjective judgement in the implementation of information classification in organisations, which can lead to information security breaches because the information is under- or over-classified.

    Design/methodology/approach: The results are based on a design science research approach, implemented asfive iterations spanning the years 2013 to 2019.

    Findings: The paper presents a method for information classification and the design principles underpinning the method. The empirical demonstration shows that senior and novice information security managers perceive the method as a useful tool for classifying information assets in an organisation.

    Research limitations/implications: Existing research has, to a limited extent, provided extensive advice on how to approach information classification in organisations systematically. The method presented in this paper can act as a starting point for further research in this area, aiming at decreasing subjectivity in the information classification process. Additional research is needed to fully validate the proposed method fo rinformation classification and its potential to reduce the subjective judgement.

    Practical implications: The research contributes to practice by offering a method for information classification. It provides a hands-on-tool for how to implement an information classification process. Besides, this research proves that it is possible to devise a method to support information classification. This is important, because, even if an organisation chooses not to adopt the proposed method, the very fact that this method has proved useful should encourage any similar endeavour.

    Originality/value: The proposed method offers a detailed and well-elaborated tool for information classification. The method is generic and adaptable, depending on organisational needs.

  • 7.
    Denk, Thomas
    et al.
    Örebro University, School of Humanities, Education and Social Sciences.
    Hedström, Karin
    Örebro University, Örebro University School of Business. Department of Informatics.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business. Department of Informatics.
    Citizens' attitudes towards automated decision-making2022In: Information Polity, ISSN 1570-1255, E-ISSN 1875-8754, Vol. 27, no 3, p. 391-408Article in journal (Refereed)
    Abstract [en]

    Public organisations are starting to show an interest in automated decision-making (ADM). So far, existing research focuses on the governmental perspective on this phenomenon. Less attention is paid to citizens' views on ADM. The aim of this study is to provide empirical insights into citizen awareness of and beliefs about ADM in public-sector services. To this end, we participated in an annual national survey in Sweden carried out by the SOM Institute at Gothenburg University concluding that a minority of the citizens know about the use of ADM in public-sector services. Furthermore, when computers instead of civil servants make decisions in the public-sector, citizens expect decisions by computers to become less legally secure but more impartial. They also expect ADM to take personal circumstances into account to a lesser degree and become less transparent. Finally, we found that citizens with that awareness expect decisions by computers to become more reliable and impartial. Based on our empirical findings in relation to previous research, we suggest four hypotheses on citizen's awareness and beliefs about public-sector ADM.

    Download full text (pdf)
    Citizens' attitudes towards automated decision-making
  • 8.
    Denk, Thomas
    et al.
    Örebro University, School of Humanities, Education and Social Sciences.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Medborgarna och automatiserat beslutsfattande2019In: Storm och Stiltje: SOM-institutets 74:e forskarantologi / [ed] Ulrika Andersson, Björn Rönnerstrand, Patrik Öhberg och Annika Bergström, Göteborg: SOM-institutet , 2019, 1, p. 183-196Chapter in book (Other (popular science, discussion, etc.))
    Abstract [sv]

    I allt större utsträckning införs automatiserat beslutsfattande i offentlig sektor. Det innebär att datorer ersätter handläggare som beslutsfattare. Flera av de ärenden som avgörs med automatiserat beslutsfattande berör medborgarna. Detta kapitel undersöker om medborgarna är medvetna om denna förändring och hur de tror att besluten förändras när datorer ersätter handläggare som beslutsfattare. Resultaten visar att det är en minoritet (20 procent) som har kännedom sedan tidigare om automatiserat beslutsfattande i offentlig sektor. En majoritet tror att besluten förvisso blir mer opartiska när datorer istället för handläggare fattar beslut, men inte att besluten blir mer tillförlitliga. De tror också att automatiska beslut kommer att ta mindre hänsyn till människornas situation och minska insynen i beslutsfattandet. De som har kännedom om automatiserat beslutsfattande är mer positiva när det gäller beslutens opartiskhet och tillförlitlighet, men anser i samma utsträckning som de utan kännedom att besluten medför mindre hänsynstagande till människors situation och minskad insyn i beslutsfattandet.

    Download full text (pdf)
    Medborgarna och automatiserat beslutsfattande
  • 9.
    Denk, Thomas
    et al.
    Örebro University, School of Humanities, Education and Social Sciences.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Whilborg, Elin
    Linköping University, Linköping, Sweden.
    Medborgarnas inställning till automatiserat beslutsfattande2020In: Digitala är vi allihopa?: Den västsvenska SOM-undersökningen 2019 / [ed] Anders Carlander & Ulrika Andersson, Göteborg: SOM-institutet, Göteborgs universitet , 2020, p. 78-89Chapter in book (Other (popular science, discussion, etc.))
    Abstract [sv]

    Alltfler myndigheter inför automatiserat beslutsfattande, vilket innebär att en dator fattar beslut istället för handläggare och utredare. Detta kapitel undersöker med- borgarnas inställning till att öka det automatiserade beslutsfattandet i myndigheter. Kapitlets analyser visar att en majoritet (64 procent) anser att det är ett mycket dåligt eller ganska dåligt förslag att datorer ska få ta över fler beslut i myndigheter. Analyserna indikerar också att inställningen har samband med socio-demografisk bakgrund, politiska förhållningssätt och framtidsoro för AI, automatisering och robotisering. Den negativa inställningen återfinns i samtliga grupper. Det är dessutom så att det snarare är graden av negativ inställning som varierar mellan grupper än inställningen som sådan. Med dessa resultat framträder en möjlig spänning mellan utvecklingen inom myndigheter och medborgarnas inställning till automatiserat beslutsfattande.

    Download full text (pdf)
    Medborgarnas inställning till automatiserat beslutsfattande
  • 10.
    Dhillon, Gurpreet
    et al.
    University of North Carolina, Greensboro, USA .
    Karlsson, FredrikÖrebro University, Örebro University School of Business.Hedström, KarinÖrebro University, Örebro University School of Business.Zúquete, AndréUniversity of Aveiro, Aveiro, Portugal .
    ICT Systems Security and Privacy Protection2019Conference proceedings (editor) (Refereed)
  • 11.
    Frostenson, Magnus
    et al.
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Helin, Sven
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Prenkert, Frans
    Örebro University, Örebro University School of Business.
    Samverkan mellan aktörer i industriella nätverk skapar nya utmaningar för informationssäkerheten2017In: Informationssäkerhet och organisationskultur / [ed] J. Hallberg, P. Johansson, F. Karlsson, F. Lundberg, B. Lundgren, M. Törner, Lund: Studentlitteratur AB, 2017, 1, p. 61-75Chapter in book (Refereed)
  • 12.
    Goldkuhl, Göran
    et al.
    Linköping University, Linköping, Sweden; Uppsala University, Uppsala, Sweden.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Method Engineering as Design Science2020In: Journal of the Association for Information Systems, E-ISSN 1536-9323, Vol. 21, no 5, p. 1237-1278Article in journal (Refereed)
    Abstract [en]

    In this paper, we motivate, devise, demonstrate, and evaluate an approach for the research-based development of information systems development methods (ISDMs). This approach, termed "method engineering as design science" (ME-DS), emerged from the identified need for scholars to develop ISDMs using proper research methods that meet the standards of both rigor and relevance. ISDMs occupy a position of central importance to information systems development and scholars have therefore invested extensive resources over the years in developing such methods. The method engineering (ME) discipline has developed different frameworks and methods to guide such development work and, for that purpose, they are well-suited. Still, there remains a need for applications and evaluations of ISDMs based on the demands for knowledge justification. Unfortunately, in many cases, scholars come up short with regard to how ISDMs are generated and empirically validated. While design science (DS) stresses knowledge justification, prominent DS approaches seem to be biased toward the development of IT artifacts, making this approach ill-suited for the development of method artifacts. We therefore propose eight principles that marry ME and DS, resulting in a process model with six activities to support research-based development of ISDMs. We demonstrate and evaluate ME-DS by assessing three existing research papers that propose ISDMs. These retrospectives show how ME-DS directs attention to certain aspects of the research process and provides support for future ISDM development.

  • 13.
    Hallberg, Jonas
    et al.
    Totalförsvarets forskningsinstitut, Stockholm, Sverige.
    Johansson, PeterChalmers tekniska högskola AB, Göteborg, Sverige.Karlsson, FredrikÖrebro University, Örebro University School of Business.Lundberg, FridaLundgren, BjörnKungliga Tekniska Högskolan, Stockholm, Sverige.Törner, MarianneGöteborgs universitet, Göteborg, Sverige.
    Informationssäkerhet och organisationskultur2017Collection (editor) (Other (popular science, discussion, etc.))
  • 14.
    Havstorm, Tanja Elina
    et al.
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Software developers reasoning behind adoption and use of software development methods – a systematic literature review2023In: International Journal of Information Systems and Project Management, ISSN 2182-7796, E-ISSN 2182-7788, Vol. 11, no 2, p. 47-78Article, review/survey (Refereed)
    Abstract [en]

    When adopting and using a Software Development Method (SDM), it is important to stay true to the philosophy of the method; otherwise, software developers might execute activities that do not lead to the intended outcomes. Currently, no overview of SDM research addresses software developers’ reasoning behind adopting and using SDMs. Accordingly, this paper aims to survey existing SDM research to scrutinize the current knowledge base on software developers’ type of reasoning behind SDM adoption and use. We executed a systematic literature review and analyzed existing research using two steps. First, we classified papers based on what type of reasoning was addressed regarding SDM adoption and use: rational, irrational, and non-rational. Second, we made a thematic synthesis across these three types of reasoning to provide a more detailed characterization of the existing research. We elicited 28 studies addressing software developers’ reasoning and identified five research themes. Building on these themes, we framed four future research directions with four broad research questions, which can be used as a basis for future research.

    Download full text (pdf)
    Software developers reasoning behind adoption and use of software development methods – a systematic literature review
  • 15.
    Havstorm, Tanja Elina
    et al.
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Gao, Shang
    Örebro University, Örebro University School of Business.
    Being Agile and doing Agile is not the Same: Analyzing Software Development Method Cargo Cult BehaviourManuscript (preprint) (Other academic)
  • 16.
    Havstorm, Tanja Elina
    et al.
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Uncovering Situations of Cargo Cult Behavior in Agile Software Development Method Use2023In: Proceedings of the 56th Hawaii International Conference on System Sciences / [ed] Tung X. Bui, University of Hawai'i at Manoa , 2023, Vol. 56, p. 6486-6495Conference paper (Refereed)
    Abstract [en]

    Misinterpretations and faulty use of Software Development Method (SDM) practices and principles are identified pitfalls in Software Development (SD). Previous research indicates cases with method adoption and use failures; one reason could be the SDM Cargo Cult (CC) behavior, where SD organizations claim to be agile but not doing agile. Previous research has suggested the SDM CC framework as an analytical tool. The aim of this paper is to refine the SDM CC framework and empirically test this version of the framework. We use data from an ethnographical study on three SD teams’ Daily Scrum Meetings (DSM). The empirical material was collected through observations, interviews, and the organization’s business documents. We uncovered twelve CC situations in the SD teams’ use of the DSM practice, structured into seven categories of SDM deviations: bringing irrelevant information, canceling meetings, disturbing the team, receiving unclear information, bringing new requirements, problemsolving, and task distribution.

    Download full text (pdf)
    Uncovering Situations of Cargo Cult Behavior in Agile Software Development Method Use
  • 17.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Dhillon, Gurpreet
    Virginia Commonwealth University, Richmond, USA.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Using actor network theory to understand information security management2010In: Security and privacy: silver linings in the cloud / [ed] Kai Rannenberg, Vijay Varadharajan, Christian Weber, Berlin, Germany: Springer, 2010, p. 43-54Conference paper (Refereed)
    Abstract [en]

    This paper presents an Actor Network Theory (ANT) analysis of a computer hack at a large university. Computer hacks are usually addressed through technical means thus ensuring that perpetrators are unable to exploit system vulnerabilities. We however argue that a computer hack is a result of different events in a heterogeneous network embodying human and non-human actors. Hence a secure organizational environment is one that is characterized by ‘stability’ and ‘social order’, which is a result of negotiations and alignment of interests among different actants. The argument is conducted through a case study. Our findings reveal not only the usefulness of ANT in developing an understanding of the (in)security environment at the case study organization, but also the ability of ANT to identify differences in interests among actants. At a practical level, our analysis suggests three principles that management needs to pay attention to in order to prevent future security breaches.

  • 18.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Developing Information and Communication Technologies for Health Care - Design Principles2006Conference paper (Other academic)
  • 19.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Facing moving targets?2008In: Electronic government: proceedings of ongoing research and projects of EGOV 08 / [ed] Enrico Ferro, H. Jochen Scholl, Maria A. Wimmer, Linz: Trauner Verlag , 2008, p. 62-69Conference paper (Refereed)
    Abstract [en]

    It is widely acknowledged that requirements change during systems development projects. The reasons are usually explained by changes in lower-level goals, while high-level goals are expected to be stable. In this paper we analyse, and compare, how two electronic government projects use goals as a basis for procuring new Information Technology systems. The high-level goals of these projects have evolved differently, where high-level goals changed in one project, but remained stable in the second project. This can be explained by the fact that the two cases have interpreted the concept of high-level goals differently. We believe that goal-stability increases when values are related to high-level goals during goal-oriented requirements engineering. This illustrates the importance of taking political values into consideration when defining the high-level goals for electronic government projects.

  • 20.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Shooting on a moving target?2008In: EGOV 2008, 2008Conference paper (Refereed)
    Abstract [en]

    It is widely acknowledged that requirements change during systems development projects. The reasons are usually explained by changes in lower-level goals, while high-level goals are expected to be stable. In this paper we analyse, and compare, how two electronic government projects use goals as a basis for procuring new Information Technology systems. The high-level goals of these projects have evolved differently, where high-level goals changed in one project, but remained stable in the second project. This can be explained by the fact that the two cases have interpreted the concept of high-level goals differently. We believe that goal-stability increases when values are related to high-level goals during goal-oriented requirements engineering. This illustrates the importance of taking political values into consideration when defining the high-level goals for electronic government projects.

     

     

    Download full text (pdf)
    FULLTEXT01
  • 21.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Kolkowska, Ella
    Örebro University, Swedish Business School at Örebro University.
    Managing information systems security: compliance between users and managers2009In: E-Hospital, ISSN 1374-321X, Vol. 11, no 2, p. 30-31Article in journal (Other (popular science, discussion, etc.))
  • 22.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Social action theory for understanding information security non-compliance in hospitals: the importance of user rationale2013In: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 21, no 4, p. 266-287Article in journal (Refereed)
    Abstract [en]

    Purpose – Employees' compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the usefulness of social action theory (SAT) for management of information security.

    Design/methodology/approach – This research was carried out as a longitudinal case study at a Swedish hospital. Data were collected using a combination of interviews, information security documents, and observations. Data were analysed using a combination of a value-based compliance model and the taxonomy laid out in SAT to determine user rationality.

    Findings – The paper argues that management of information security and design of countermeasures should be based on an understanding of users' rationale covering both intentional and unintentional non-compliance. The findings are presented in propositions with practical and theoretical implications: P1. Employees' non-compliance is predominantly based on means-end calculations and based on a practical rationality, P2. An information security investigation of employees' rationality should not be based on an a priori assumption about user intent, P3. Information security management and choice of countermeasures should be based on an understanding of the use rationale, and P4. Countermeasures should target intentional as well as unintentional non-compliance.

    Originality/value – This work is an extension of Hedström et al. arguing for the importance of addressing user rationale for successful management of information security. The presented propositions can form a basis for information security management, making the objectives underlying the study presented in Hedström et al. more clear

  • 23.
    Hedström, Karin
    et al.
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Utveckling av praktikanpassad informationssäkerhetspolicy2017In: Informationssäkerhet och organisationskultur / [ed] Jonas Hallberg, Peter Johansson, Fredrik Karlsson, Frida Lundberg, Björn Lundgren, Marianne Törner, Lund: Studentlitteratur AB, 2017Chapter in book (Other (popular science, discussion, etc.))
  • 24.
    Hedström, Karin
    et al.
    Örebro University, Örebro University School of Business. Department of Management and Engineering, Linköping University, Linköping, Sweden.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Söderström, Fredrik
    Department of Management and Engineering, Information Systems Division, Linköping University, Linköping, Sweden .
    Challenges of introducing a professional eID card within health care2016In: Transforming Government: People, Process and Policy, ISSN 1750-6166, E-ISSN 1750-6174, Vol. 10, no 1, p. 22-46Article in journal (Refereed)
    Abstract [en]

    Purpose: The purpose of this paper is to examine the challenges that arise when introducing an electronic identification (eID) card for professional use in a health-care setting.

    Design/methodology/approach: This is a case study of an eID implementation project in healthcare. Data were collected through interviews with key actors in a project team and with eID end users. The authors viewed the eID card as a boundary object intersecting social worlds. For this analysis, the authors combined this with an electronic government initiative challenge framework.

    Findings: The findings of this paper illustrate the interpretative flexibility of eID cards and how eID cards as boundary objects intersect social worlds. The main challenges of implementing and using eID cards in healthcare are usability, user behaviour and privacy. However, the way in which these challenges are interpreted varies between different social worlds.

    Practical implications: One of the implications for future practice is to increase our understanding of the eID card as a socio-technical artefact, where the social and technical is intertwined, at the same time as the eID card affects the social as well as the technical. By using a socio-technical perspective, it is possible to minimise the potential problems related to the implementation and use of eID.

    Originality/value: Previous research has highlighted the need for more empirical research on identity management. The authors contextualise and analyse the implementation and use of eID cards within healthcare. By viewing the eID card as a boundary object, the authors have unveiled its interpretative flexibility and how it is translated across different social worlds.

    Download full text (pdf)
    fulltext
  • 25.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Kolkowska, Ella
    Örebro University, Swedish Business School at Örebro University.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Allen, J. P.
    School of Management, University of San Francisco, San Francisco, USA.
    Value conflicts for information security management2011In: Journal of strategic information systems, ISSN 0963-8687, E-ISSN 1873-1198, Vol. 20, no 4, p. 373-384Article in journal (Refereed)
    Abstract [en]

    A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model.

  • 26.
    Hedström, Karin
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Melin, Ulf
    Linköping University, Linköping, Sweden .
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Kolkowska, Ella
    Örebro University, Swedish Business School at Örebro University.
    Availability in Practice2011Conference paper (Other academic)
  • 27.
    Hedström, Karin
    et al.
    Örebro University, Örebro University School of Business.
    Persson, Anne
    Högskolan i Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Swedish e-health: from policy to practice2012Conference paper (Refereed)
  • 28.
    Hellberg, Ann-Sofie
    et al.
    Örebro University, Örebro University School of Business.
    Islam, Sirajul
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Säkerhet vid molnlösningar2018Report (Other academic)
    Download full text (pdf)
    Säkerhet vid molnlösningar
  • 29.
    Holgersson, Jesper
    et al.
    Högskolan i Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Exploring citizens’ possibilities to participate in public e-service development2011In: Electronic government and electronic participation: joint proceedings of ongoing research and projects of IFIP EGOV and ePart 2011 / [ed] J.-L. Chappelet, O. Glassey, M. Janssen, A. Macintosh, J. Scholl, E. Tambouris, M. A. Wimmer, Linz: TRAUNER Verlag, 2011Conference paper (Refereed)
    Abstract [en]

    The increased interest for user participation in development of public electronic services (public e-services for short) is expected to bring similar value as it has done in other systems development projects. Existing research, however, has shown that introducing user participation to public e-service development is associated with a number of challenges. We have in this paper explored the challenges a) getting users to participate, and b) lacking adequate skills, in the context of three user participation schools. Our interview results show that citizens in general are interested to participate in public e-service development, and favour user participation schools with a high degree of active participation.Moreover, citizens’ ability to participate is high with respect to ICT-knowledge. However, their knowledge of laws, regulations and business processes related to public authorities in general is low, thus limiting citizens’ ability to participate.

  • 30.
    Holgersson, Jesper
    et al.
    Informatics Research Centre, University of Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Public e-service development: understanding citizens' conditions for participation2014In: Government Information Quarterly, ISSN 0740-624X, E-ISSN 1872-9517, Vol. 31, no 3, p. 396-410Article in journal (Refereed)
    Abstract [en]

    For decades, user participation has brought value to various systems development projects. Today, there are expectations that public e-service development will experience the same benefits. However, existing research has shown that introducing user participation into public e-service development can be challenging. In this study, we interviewed citizens in order to explore their willingness and ability to participate in public e-service development according to three user participation schools: User-Centred Design, Participatory Design and User Innovation. Our findings show that citizens in general are willing to participate, but their ability to do so is limited. Based on our findings, we developed nine propositions to explain citizens' willingness and ability to participate in public e-service development. The propositions contribute to practice by acting as a tentative guide for systems developers when they use user participation schools as inspiration in public e-service projects. They also act as a starting point for future research into conditions for user participation in public e-service development. (C) 2014 Elsevier Inc. All rights reserved.

  • 31.
    Holgersson, Jesper
    et al.
    Högskolan i Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Understanding business employees’ conditions for participating in public e-service development2012In: European Conference on Information Systems 2012, AIS Electronic Library , 2012Conference paper (Refereed)
  • 32.
    Holgersson, Jesper
    et al.
    Högskolan Skövde, Skövde, Sweden.
    Söderström, Eva
    Högskolan Skövde, Skövde, Sweden.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    Towards a roadmap for user involvement in e-government service development2010In: Electronic government / [ed] Maria A. Wimmer, Jean-Loup Chappelet, Marijn Janssen, Hans J. Scholl, Berlin, Germany: Springer , 2010, p. 251-262Conference paper (Refereed)
    Abstract [en]

    New technology means new ways of both developing, providing and consuming services. In the strive for government organizations to build and maintain relationships with its citizens, e-presence is highly important. E-services are one way to go, and it has been argued that user participation is an important part of developing said services. In this paper we analyze a selection of user participation approaches from a goal perspective to see how they fit in an e-government service development context., In doing so, we identify four challenges that need to be addressed when including users in the development: 1) Identifying the user target segment, 2) Identifying the individual user within each segment, 3) Getting users to participate, and 4) Lacking adequate skills

  • 33.
    Islam, M. Sirajul
    et al.
    Örebro University, Örebro University School of Business.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    The public sector cloud service procurement in Sweden: An Exploratory Study of Use and Information Security Challenges2022In: International Journal of Public Administration in the Digital Age, ISSN 2334-4520, E-ISSN 2334-4539, Vol. 8, no 1, p. 1-22, article id 6Article in journal (Refereed)
    Abstract [en]

    This paper investigates the use of cloud services in the public sector and management of information security challenges in the procurement of such services. The findings are based on an exploratory approach that included a systematic literature review and a survey among the public agencies and municipalities in Sweden. The literature review is used to derive a conceptual framework that structures our empirical results into the three groups: 1) contractual and legal, 2) operational, and 3) managerial competency. The survey explored all these three groups. The findings show that the information security challenges are mostly related to the potential breaching of national security and laws applicable to cross-border cloud services. Most of the cloud contracts of public organizations are found to be supplier driven. In this case, lack of knowledge and awareness in managing procurement are mostly raised compared to technical risks.

  • 34.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    A wiki-based approach to method tailoring2008In: Proceedings of the 3rd international conference on the pragmatic web: innovating the interactive society / [ed] Pär J. Ågerfalk, Harry Delugach, Mikael Lind, New York: ACM , 2008, p. 13-22Conference paper (Refereed)
    Abstract [en]

    Tailoring systems development methods is a challenge. Both the research of method engineering and method-in-action have put much effort into this issue. State-of-the art Computer-Aided Method Engineering tools for situational method engineering often requires specific competences in meta modelling languages. Together with the tool investments they often become heavy weight solutions for small systems development companies that seek method tailoring support. In this paper a wiki-based approach to method tailoring, the Wiki Method Tool (WMT), has been evaluated during two systems development projects. The evaluation of this light weight tool has been carried out in a small systems development company in Sweden. The evaluation has been anchored in Activity Theory to focus on the collaborative actions on the situational methods using the WMT, such as changing work descriptions and templates. The WMT itself contributed with data about each documented change -- what the change looked like, by whom, and when it was made. Based on these data and subsequent interviews, we report on lessons learned and can conclude that all team members have contributed to the situational methods. It also means that they took a shared responsibility for the role as method engineer.

  • 35.
    Karlsson, Fredrik
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Orebro University School of Business, Örebro University, Sweden.
    Att analysera värderingar bakom informationssäkerhet2011Report (Other (popular science, discussion, etc.))
    Download full text (pdf)
    fulltext
  • 36.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Bridging the Gap: between Method for Method Configuration and Situational Method Engineering2002Conference paper (Refereed)
  • 37.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Internet-based Software Artefacts A Trigger for Rethinking Process Configuration: A Trigger for Rethinking Process Configuration2001In: Proceedings of Conference for the Promotion of Research in IT at New Universities and at University Colleges in Sweden, 23-25 April 2001, Ronneby, Sweden., 2001Conference paper (Refereed)
  • 38.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Longitudinal use of method rationale in method configuration: an exploratory study2013In: European Journal of Information Systems, ISSN 0960-085X, E-ISSN 1476-9344, Vol. 22, no 6, p. 690-710Article in journal (Refereed)
    Abstract [en]

    Organizations that implement a company-wide method to standardize the way that systems development is carried out still have a need to adapt this method to specific projects. When adapting this method the end results should align with the basic philosophy of the original method. To this end, goal-driven situational method engineering has been proposed. However, there are no longitudinal studies on systems developers’ use of such approaches and their intentions to balance their need of adaptation with the basic philosophy of the original method. This paper explores how goal-driven method configuration has been used by two project teams in six successive systems development projects, with the intention to balance the goals and values of a specific method with the systems developers’ need for method adaptation. We do that through the use of method rationality resonance theory. Through content examples of method configurations, we report on (a) lessons learned from the project teams’ work on balancing the goals of the company-wide method with their needs and (b) theoretical development of the method rationality resonance theory.

  • 39.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Method Components: Applied2004In: Promote IT 2004: proceedings of the fourth Conference for the Promotion of Research in IT at New Universities and University Colleges in Sweden : 5-7 May, 2004, Karlstad University, Sweden. P. 2 / [ed] Bubenko, Janis, Karlstad: Karlstad University Press, 2004Conference paper (Refereed)
  • 40.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Method Components From the Horizon of Activity Theory2005In: Promote IT 2005: proceedings of the fifth Conference for the Promotion of Research in IT at New Universities and University Colleges in Sweden : Borlänge, Sweden 11-13 May, 2005 / [ed] Bubenko, Janis, Lund: Studentlitteratur AB, 2005Conference paper (Refereed)
  • 41.
    Karlsson, Fredrik
    Örebro University, Department of Business, Economics, Statistics and Informatics.
    Method configuration: a systems development project revisited2005Conference paper (Refereed)
  • 42.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Method Tailoring as Negotiation2008In: CAiSE Forum, volume 344 of CEUR Workshop Proceedings, Amsterdam, Netherlands: Elsevier, 2008Conference paper (Refereed)
    Abstract [en]

    The need for method tailoring is widely accepted in the field of information systems development methods. Today much attention has been devoted to viewing method tailoring either as (a) a highly rational process with the method engineer as the driver where the method users are passive information providers, or (b) as an unstructured process where the developer makes individual choices, a selection process without a driver. In this paper we view method tailoring from a negotiation perspective using Actor Network Theory. Our narrative examples depict method tailoring as a more complexprocess than either (a) or (b) show.

  • 43.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    On The Empirical Grounding of Meta-Method for Method Configuration: The Personnel System2003In: Proceedings of Promote IT 2003, 2003Conference paper (Refereed)
  • 44.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Programmering i Delphi.Net2007 (ed. 1)Book (Other (popular science, discussion, etc.))
  • 45.
    Karlsson, Fredrik
    Örebro University, Swedish Business School at Örebro University.
    Using two heads in practice2008In: Proceedings of the 4th international workshop on End-user software engineering, (WEUSE '08), New York: ACM , 2008, p. 43-47Conference paper (Refereed)
    Abstract [en]

    Group development has been proposed as a way of improving quality in end user development. Earlier experiments have shown promising results on error rates. However, these studies have been carried out on students, often, in laboratory settings. This study reports on a field experiment on group development during spreadsheeting. Experienced business managers have been working alone (monads) and in groups of two (dyads), solving a context specific problem. The results show that dyads made 36% fewer errors than monads. Hence, the results verify earlier findings and that group development can be recommended as a technique to include in end user development processes to improve quality.

  • 46.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Dhillon, GurpreetVirginia Commonwealth University, Richmond VA, USA.Harnesk, DanLuleå Tekniska Universitet, Luleå, Sweden.Kolkowska, EllaÖrebro University, Örebro University School of Business.Hedström, KarinÖrebro University, Örebro University School of Business.
    Proceedings of the 2011 European Security Conference (ESC’11): Exploring emergent frontiers in identity and privacy management2011Conference proceedings (editor) (Other academic)
  • 47.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business. Informatics, CERIS.
    Frostenson, Magnus
    Örebro University, Örebro University School of Business.
    Prenkert, Frans
    Örebro University, Örebro University School of Business. Business Administration, INTERORG.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business. Informatics, CERIS.
    Helin, Sven
    Örebro University, Örebro University School of Business.
    Inter-organisational information sharing in the public sector: A longitudinal case study on the reshaping of success factors2017In: Government Information Quarterly, ISSN 0740-624X, E-ISSN 1872-9517, Vol. 34, no 4, p. 567-577Article in journal (Refereed)
    Abstract [en]

    Today, public organisations need to share information in order to complete their tasks. Over the years, scholars have mapped out the social and organisational factors that affect the success or failure of these kinds of endeavours. However, few of the suggested models have sought to address the temporal aspect of inter-organisational information sharing. The aim of this paper is to investigate the reshaping of social and organisational factors of inter-organisational information sharing in the public sector over time. We analysed four years' worth of information sharing in an inter-organisational reference group on copper corrosion in the context of nuclear waste management. We could trace how factors in the model proposed by Yang and Maxwell (2011) were reshaped over time. Two factors in the model – concerns of information misuse and trust – are frequently assessed by organisations and are the most likely to change. In the long run we also found that legislation and policies can change.

  • 48.
    Karlsson, Fredrik
    et al.
    Örebro University, Swedish Business School at Örebro University.
    Goldkuhl, Göran
    Linköping University, Linköping, Sweden.
    Hedström, Karin
    Örebro University, Örebro University School of Business.
    Practice-Based Discourse Analysis of Information Security Policy in Health Care2014Conference paper (Refereed)
    Abstract [en]

    Information security is an understudied area within electronic government. In this study, we examine the quality of information security policy design in health care. Employees cause a majority of the security breaches in health care, and many of them are unintentional. In order to support the formulation of practical, from the employees’ perspective, information security policies, we propose eight tentative quality criteria. These criteria were developed using practice-based discourse analysis on three information security policy documents from a health care organisation.

  • 49.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business.
    Goldkuhl, Göran
    Department of Management and Engineering, Linköping University, Linköping, Sweden.
    Hedström, Karin
    Örebro University, Swedish Business School at Örebro University.
    Practice-Based Discourse Analysis of InfoSec Policies2015In: ICT systems security and privacy protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings / [ed] Hannes Federrath, Dieter Gollmann, Boston: Springer International Publishing , 2015, p. 297-310Conference paper (Refereed)
    Abstract [en]

    Employees' poor compliance with information security policies is a perennial problem for many organizations. Existing research shows that about half of all breaches caused by insiders are accidental, which means that one can question the usefulness of information security policies. In order to support the formulation of practical, from the employees' perspective, information security policies, we propose eight tentative quality criteria. These criteria were developed using practice-based discourse analysis on three information security policy documents from a health care organisation.

  • 50.
    Karlsson, Fredrik
    et al.
    Örebro University, Örebro University School of Business.
    Hedström, Karin
    Örebro University, Örebro University School of Business. End user development and information security cultureDepartment of Management and Engineering, Linköping University, Linköping, Sweden.
    End user development and information security culture2014In: Human Aspects of Information Security, Privacy, and Trust / [ed] Theo Tryfonas, Ioannis Askoxylakis, Springer publications , 2014, p. 246-257Conference paper (Refereed)
    Abstract [en]

    End user development has grown strong during the last decades. The advantages and disadvantages of this phenomenon have been debated over the years, but not extensively from an information security culture point of view. We therefore investigate information security design decisions made by an end user during an end user development. The study is interpretative and the analysis is structured using the concept of inscriptions. Our findings show that end user development results in inscriptions that may induce security risks that organizations are unaware of. We conclude that it is a) important to include end user development as a key issue for information security management, and include end user developers as in important group for the development of a security-aware culture, and b) that information security aspects are addressed in end user development policies.

123 1 - 50 of 106
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf