A design theory and a method for Value-based compliance

Om projektet





Fredrik Karlsson



Existing research shows that personnel's poor compliance with information security policies is a perennial problem. While existing information security methods are beneficial in many ways, they are unable to capture the multiple values that come into play behind employees' compliance and non-compliance. To address this shortcoming this research develops a method for analyzing different values in relation to information security management. The Value-Based Compliance (VBC) analysis method is a hands-on guide to assist examiners in extending their analysis of employee compliance to include potential value conflicts. The method developed will contribute to IS security management in two ways: 1) as a starting point for analyzing and changing values behind employees' actions and help to achieve Value-Based Compliance with IS security rules, 2) as a starting point for development of IS security rules adopted in the common practice.