You are here: TUCS > PUBLICATIONS > Publication Search > Interpreting Information Secur...
Interpreting Information Security Policy Outcomes: A Frames of Reference Perspective
Marko Niemimaa, Elina Laaksonen, Dan Harnesk, Interpreting Information Security Policy Outcomes: A Frames of Reference Perspective. In: 46th Hawaii International Conference on System Sciences, 4541–4550, IEEE Computer & Society, 2013.
Abstract:
A major concern for IS managers is that
information security policies seldom produce expected outcomes. Previously, scholars have studied motivations underlying on-conformance to policies and proposed approaches for motivating employees. However, the socio-cognitive aspects that shape employees' perceptions of the policies and implications
for policy outcomes have received modest attention. This study draws on socio-cognitive concept of frames and on literature on information security policies to suggest a theoretical and analytical concept of Information Security Policy Frames of reference(ISPFOR). The concept provides a sensitizing device to interpret how the frames influence organizational groups' perceptions of policies and the implications of the perceptions on policy outcomes. Three frame categories were uncovered through an interpretive case study at large multinational internet service provider. Findings suggest frames shape perceptions of
policies and provide an explanation for unanticipated policy outcomes. Implications for research and practice are discussed.
BibTeX entry:
@INPROCEEDINGS{inpNiLaHa13a,
title = {Interpreting Information Security Policy Outcomes: A Frames of Reference Perspective},
booktitle = {46th Hawaii International Conference on System Sciences},
author = {Niemimaa, Marko and Laaksonen, Elina and Harnesk, Dan},
publisher = {IEEE Computer & Society},
pages = {4541–4550},
year = {2013},
}
Belongs to TUCS Research Unit(s): UTU Information Systems Science (ISS)
Publication Forum rating of this publication: level 1