Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
4973078 | The Journal of Strategic Information Systems | 2017 | 19 Pages |
â¢We develop a method for Value Based Compliance analysis of information security.â¢We develop a set of design principles for a Value Based Compliance analysis method.â¢We analyse value conflicts behind information security non-compliance.â¢We provide a hands-on guide to Value Based Compliance analysis.
Employees' poor compliance with information security policies is a perennial problem. Current information security analysis methods do not allow information security managers to capture the rationalities behind employees' compliance and non-compliance. To address this shortcoming, this design science research paper suggests: (a) a Value-Based Compliance analysis method and (b) a set of design principles for methods that analyse different rationalities for information security. Our empirical demonstration shows that the method supports a systematic analysis of why employees comply/do not comply with policies. Thus we provide managers with a tool to make them more knowledgeable about employees' information security behaviours.