To Örebro University

oru.seÖrebro University Publications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards software for tailoring information security policies to organisations’ different target groups
Örebro University, Örebro University School of Business. (Informatik)ORCID iD: 0000-0002-4439-4713
Örebro University, Örebro University School of Business. (Informatik)ORCID iD: 0000-0002-3265-7627
Örebro University, Örebro University School of Business. (Informatik)ORCID iD: 0000-0002-5270-1517
Örebro University, Örebro University School of Business. (Informatik)ORCID iD: 0000-0002-3722-6797
2025 (English)In: Computers & Security, ISSN 0167-4048, E-ISSN 1872-6208, Vol. 159, article id 104687Article in journal (Refereed) Published
Abstract [en]

Designing accessible and relevant information security policies (ISPs) that support employees is crucial for improving organisations' information security. When employees are required to deal with cumbersome ISPs, there is a risk of reduced motivation towards information security, and employees' not following the rules in ISPs has been reported as a persistent issue. Existing research has suggested adopting a tailored approach to ISPs in order to enhance their relevance to employees. Tailoring is difficult and time consuming and information security managers lack information security management systems software (ISMSS) that can assist with this tailoring task. In this paper, we develop a design theory for ISMSS to support information security managers in tailoring ISPs to different employees. To achieve this, we employ design science research, drawing on prior studies concerning the tailoring of systems development methods. We evaluate the design theory through an expository instantiation, POLCO, and with information security managers, demonstrating both proof-of-concept and proof-of-value.
Place, publisher, year, edition, pages
Elsevier, 2025. Vol. 159, article id 104687
Keywords [en]
Tailored information security policy, Policy component, Software for tailoring policy, Design science research
National Category
Information Systems, Social aspects
Research subject
Informatics
Identifiers
URN: urn:nbn:se:oru:diva-124465DOI: 10.1016/j.cose.2025.104687ISI: 001587718900001OAI: oai:DiVA.org:oru-124465DiVA, id: diva2:2007036
Projects
Computerized tool-support for designing modular information security policies
Funder
Swedish Civil Contingencies Agency
Note

This work was supported by the Swedish Research School of Management and IT (MIT) and the Swedish Civil Contingencies Agency (MSB).

Available from: 2025-10-17 Created: 2025-10-17 Last updated: 2025-10-17Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Rostami, ElhamKarlsson, FredrikKolkowska, EllaGao, Shang

Search in DiVA

By author/editor
Rostami, ElhamKarlsson, FredrikKolkowska, EllaGao, Shang
By organisation
Örebro University School of Business
In the same journal
Computers & Security
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 15 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Örebro University Library
|
DiVA Portal
|
DiVA Log in
|
Register in DiVA
|
Contact us