Value conflicts for information security management |
| |
| Authors: | Karin Hedströ m,Ella Kolkowska,Fredrik Karlsson,J.P. Allen |
| |
| Affiliation: | aSwedish Business School, Örebro University, 701 82 Örebro, Sweden;bUniversity of Skövde, 541 28 Skövde, Sweden;cSchool of Business and Professional Studies, University of San Francisco, 2130 Fulton Street, MH 222, San Francisco, CA 94117-1045, USA |
| |
| Abstract: | A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model. |
| |
| Keywords: | Information systems security Information security Health care information systems Values Value conflicts Management of information security |
| 本文献已被 ScienceDirect 等数据库收录! |
|
