Towards analysing the rationale of information security non-compliance: Devising a Value-Based Compliance analysis method
نویسندگان
چکیده
Employees’ poor compliance with information security policies is a perennial problem. Current information security analysis methods do not allow information security managers to capture the rationalities behind employees’ compliance and non-compliance. To address this shortcoming, this design science research paper suggests: (a) a Value-Based Compliance analysis method and (b) a set of design principles for methods that analyse different rationalities for information security. Our empirical demonstration shows that the method supports a systematic analysis of why employees comply/do not comply with policies. Thus we provide managers with a tool to make them more knowledgeable about employees’ information security behaviours. 2016 Published by Elsevier B.V.
منابع مشابه
Social action theory for understanding information security non-compliance in hospitals: The importance of user rationale
Purpose – Employees’ compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the usefulness of social action theory (SAT) for management of information security. Design/methodology/approach – This research was carried out as a longitudinal case study at a Swedish hospital. Data were collected using a ...
متن کاملRanking Effective Behavioural Factors Affecting Non –compliance in Business Tax from the Professional Perspective
The country's tax system has always faced many challenges in the business sector, and various factors have caused lack of tax compliance in this sector. In this research, the identification and ranking of effective behavioural factors affecting non-compliance of business tax has been pursued with the aim[1] of answering the question that " what are the most important factors affecting the non-c...
متن کاملامنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...
متن کاملTechnical Challenges of Implementing Fair Values in Financial Reporting of Iran: Emphasizing on IFRS13 Requirements
Objective: By the full adoption of IFRS, measurement and disclosure of fair values become more common in Iranian financial reporting. The present study aims to identify the technical challenges of fair value measurement and disclosure in accordance with the proposed framework in IFRS13 as well as technical factors underlying resistance to fair-value based financial reporting from accounting and...
متن کاملIdentifying the Risk of Business Tax Compliance using the Grounded Theory
The present study identifies business tax compliance risks using the grounded theory approach. The statistical population of the study is the elite and experts in the field of taxation who have been selected from the snowball or chain sampling method for the interview according to the purpose of the research. After receiving the opinion of 23 elites and experts in 2019, 28 cases of business tax...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Strategic Inf. Sys.
دوره 26 شماره
صفحات -
تاریخ انتشار 2017