Analyzing Value Conflicts for a Work-Friendly ISS Policy Implementation

Abstract : Existing research shows that the Information Systems Security policies’ (ISSPs) inability to reflect current practice is a perennial problem resulting in users’ non-compliant behaviors. While the existing compliance approaches are beneficial in many ways, they do not consider the complexity of Information Systems Security (ISS) management and practice where different actors adhere to different and sometimes conflicting values. The unsolved value conflicts often lead to unworkable ISS processes and users’ resistance. To address this shortcoming, this paper suggests a value conflicts analysis as a starting point for implementing work-friendly ISSPs. We show that the design and implementation of a work-friendly ISSP should involve the negotiation for different values held by the different actors within an organization.
Document type :
Conference papers
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.339-351, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_28〉
Liste complète des métadonnées

Cited literature [31 references]  Display  Hide  Download

https://hal.inria.fr/hal-01518254
Contributor : Hal Ifip <>
Submitted on : Thursday, May 4, 2017 - 1:45:46 PM
Last modification on : Thursday, May 4, 2017 - 2:53:52 PM
Document(s) archivé(s) le : Saturday, August 5, 2017 - 1:26:51 PM

File

978-3-642-30436-1_28_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Ella Kolkowska, Bart Decker. Analyzing Value Conflicts for a Work-Friendly ISS Policy Implementation. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.339-351, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_28〉. 〈hal-01518254〉

Share

Metrics

Record views

33

Document downloads

13