Authors: Ella Kolkowska, Fredrik Karlsson, J.P. Allen, Karin Hedströma
Tags: 2011, conceptual modeling
A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model.Read the full paper here: https://www.journals.elsevier.com/the-journal-of-strategic-information-systems
