کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
4973078 | 1451428 | 2017 | 19 صفحه PDF | دانلود رایگان |
- We develop a method for Value Based Compliance analysis of information security.
- We develop a set of design principles for a Value Based Compliance analysis method.
- We analyse value conflicts behind information security non-compliance.
- We provide a hands-on guide to Value Based Compliance analysis.
Employees' poor compliance with information security policies is a perennial problem. Current information security analysis methods do not allow information security managers to capture the rationalities behind employees' compliance and non-compliance. To address this shortcoming, this design science research paper suggests: (a) a Value-Based Compliance analysis method and (b) a set of design principles for methods that analyse different rationalities for information security. Our empirical demonstration shows that the method supports a systematic analysis of why employees comply/do not comply with policies. Thus we provide managers with a tool to make them more knowledgeable about employees' information security behaviours.
Journal: The Journal of Strategic Information Systems - Volume 26, Issue 1, March 2017, Pages 39-57