SECURITY SUBCULTURES IN AN ORGANIZATION - EXPLORING VALUE CONFLICTS

Security culture is considered as an important factor in overcoming the problem with employees’ lack of compliance with Information Security (IS) policies. Within one organization different subcultures might transcribe to different and sometimes even conflicting, values. In this paper we study such value conflicts and their implications on IS management and practice. Shein’s (1999) model of organizational culture is used as a tool supporting analysis of our empirical data. We found that value conflicts exists between different security cultures within the same organization and that users anchor their values related to IS in their professional values. Thus our empirical results highlight value conflicts as an important factor to take into account when security culture is developed in an organization. Moreover, we found Shein’s model as a useful tool for analysis of value conflicts between different subcultures in an organization

Value Sensitive Approach to IS Security - A Socio-Organizational Perspective

In this paper we present a Value Sensitive Approach (VSA) to information systems security (ISS) within organizations. The approach helps to identify organizational and individual values, since we believe that objectives suitable for each organization can be identified by eliciting these values. We then discuss how organizational goals, strategies and culture together with individual values decide what relevant security issues for this particular organization are. We then discuss how organizational goals, strategies and culture, together with individual values decide the relevant security issues for a particular organization. Different methods to observe and identify values are discussed and evaluated. Then two different methods for identifying values are presented. Values – focused thinking is presented as a method for identifying values that guide decision makers and security managers. Scenarios are presented as a method to elicit values from actor groups who are less used to thinking in terms of information security issues. The Value Sensitive Approach to ISS presented in this paper will contribute to the ongoing research efforts to view security problems from a more holistic, socio-organizational perspective

Privacy dimensions in design of smart home systems for elderly people

Predominant research on privacy in smart homes reduces privacy to the protection of personal data. Recent research about Smart Home Systems in elderly care argues that this narrow conceptualization of privacy may be insufficient to safeguard privacy of an elderly person living in such environment. Privacy requirements for Smart Home Systems in Elderly Care (SHSEC) are usually decided based on legal regulations without considering elderly peoples’ specific needs. This paper investigates what values elderly people emphasize in relation to privacy in this context. To be able to study privacy beyond data protection we use the broad definition of privacy provided by Clarke (2006). Following this definition, the concept of privacy can be studied by four dimensions: privacy of the person, privacy of personal behavior, privacy of personal communications and privacy of personal data. The empirical data was collected through qualitative semi-structured interviews with elderly people, who participated in an interactive demonstration of a SHSEC. Our findings indicate that privacy in the context of SHSEC is a broader concept than the protection of personal data and therefore there is a need for a broader conceptualization of privacy concept in this context. Based on our empirical findings we can also conclude that understanding elderly\u27s values in relation to privacy is important in order to ensure their privacy in this context. Finally we found that elderly people are willing and are capable to discuss and express privacy-related requirements in relation to SHS technology that make them an untapped resource in design of privacy solutions in the context of SHSEC

Defining Seniors’ Value-based Objectives for ICT-supported Governmental Elderly Care Services: Preliminary Lessons from Poland and Sweden

ICT-supported governmental elderly care services are often introduced in an ad-hoc, technology-driven manner, which results in a low level of acceptance by seniors. The current paper aims to address this shortcoming by applying a Value-focused thinking (VFT) approach to investigate value-based objectives of older adults. The presented solution is based on the interviews with seniors (65-85) in Poland and Sweden, two countries with very diverse approaches to governmental elderly care services. The designed research approach includes the analysis of the data gathered following the VFT approach, comparison of findings across the two countries, definition of fundamental and means objectives of seniors, and formulation of recommendations regarding strategies for the implementation of governmental elderly care services. The preliminary findings suggest that using VFT is promising in the identification of value-based objectives that can be included in policies guiding ICT-supported elderly care services

Use of protection motivation theory in non-compliance research

There is a rich stream of research focusing on employee non-/compliance with information security policies. However, this stream suffers from inconsistent, even contradicting results and lack of theoretical congruence. Attempts to explain such inconsistencies have included investigation of possible moderating effects of contextual variables. We further investigate these inconsistencies by analytically disentangling the consistency in the implementation of the four most used variables of Protection Motivation Theory—Perceived severity, Perceived susceptibility, Response efficacy, and Self-efficacy—across the research field. Specifically, we address the following research question; what inconsistencies, if any, are there in the use of Protection motivation theory in non-/compliance research? We find that three of the variables analyzed have been ascribed more than one theoretical property across the seven studies reviewed, thereby making it problematic to fully understand their cause-and-effect relationships. That is, it is unclear which property that explains employees’ intention to comply with IS policies, whether they have the same effects, or have an increased effect when applied in conjunction. This study contributes to the literature by proposing that inconsistent results may not only be due to omitted moderating factors, but also to theoretical properties of key variables being inconsistently defined and measured

Understanding Drivers for Acceptance and Use of Digital Care Services for Seniors: Learning from a Value-Focused Thinking Study in Poland and Sweden

In order to maximize sustainability of digital services for seniors, the opinions of the main stakeholders and the broader context of independent and healthy ageing should be taken into consideration. Therefore, we applied a Value-focused thinking (VFT) approach to understand values held by seniors in the context of implementation of ICT for independent and healthy ageing. To this end, we conducted interviews with seniors in Poland and Sweden, which are countries with very diverse approaches to digital care services (DCS). Based on the interviews with seniors, we discovered 7 common fundamental objectives and 11 means objectives supporting the fundamental goals with varying understanding depending on a country, which allowed us to discuss the drivers for acceptance and use of DCS for seniors

INTERGENERATIONAL TENSIONS IN ICT ADOPTION FOR INDEPENDENT AND HEALTHY AGEING: PRELIMINARY INSIGHTS FROM A VALUE-FOCUSED THINKING STUDY IN POLAND AND SWEDEN

Current literature highlights the importance of understanding intergenerational tensions that arise in the context of implementation of ICT for independent and healthy ageing. The current study aims to explore tensions between value-based objectives emphasized by seniors and younger adults in the context of ICT for independent and healthy ageing in Poland and Sweden. Value-based objectives were identified by applying the value-focused thinking approach. By comparing the identified objectives between young adults and seniors, we found several significant tensions, both in Poland and Sweden. In particular, we found that young adults might perceive seniors as a fragile and passive group, which clashes with how seniors perceive themselves. The analysis also revealed several areas of agreement, e.g. with Polish young and senior respondents unanimously emphasizing improvement of seniors’ health condition and ICT usefulness for families, and Swedes agreeing upon the importance of seniors’ autonomy, social contact, and equal access to digital solutions

Attempts to share information between public sector organisations over time: A case-based exploration of value conflicts

Despite the importance of inter-organisational information sharing (IOIS) in the public sector, such endeavours often fail. Existing research has shown that the values held by collaborating organisations are one important factor affecting these kinds of initiatives. However, research has sought only to a limited extent to address how value conflicts come into play over time. Therefore, this paper aims to explore how conflicting values shape an inter-organisational information-sharing practice in the public sector over time. Using the local/global network framework, we analyse four years’ worth of information sharing in an inter-organisational advisory group in the context of Swedish nuclear waste management. We conclude that different value conflicts are emphasised to different extents at different points in time. That is, values do not uniformly affect IOIS activities, and such conflicts over time reduce the set of potential IOIS activities. We also conclude that when IOIS activities are driven by an individual organisation’s values, individual value rational activities may co-exist with a dysfunctional long-term IOIS practice.publishedVersio

Organizational Power and Information Security Rule Compliance

Part 6: Policy Compliance and ObligationsInternational audienceThis paper analyzes power relationships and the resulting failure in complying with information security rules. We argue that inability to understand the intricate power relationships in the design and implementation of information security rules leads to a lack of compliance with the intended policy. We conduct the argument through an empirical, qualitative case study set in a Swedish Social Services organization. Our findings suggest a relationship between dimensions of power and information security rules and the impact there might be on compliance behavior. This also helps to improve configuration of security rules through proactive information security management