Ella Kolkowska

Value conflicts for information security management

A businesss information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model.

Organizational power and information security rule compliance

This paper analyzes power relationships and the resulting failure in complying with information security rules. It argues that an inability to understand the intricate power relationships in the design and implementation of information security rules leads to a lack of compliance with the intended policy. The argument is conducted through an empirical, qualitative case study set in a Swedish Social Services organization. Our findings indicate that various dimensions of power and how these relate to information security rules ensure adequate compliance. This also helps to improve configuration of security rules through proactive information security management.

Analyzing Value Conflicts for a Work-Friendly ISS Policy Implementation

Existing research shows that the Information Systems Security policies’ (ISSPs) inability to reflect current practice is a perennial problem resulting in users’ non-compliant behaviors. While the existing compliance approaches are beneficial in many ways, they do not consider the complexity of Information Systems Security (ISS) management and practice where different actors adhere to different and sometimes conflicting values. The unsolved value conflicts often lead to unworkable ISS processes and users’ resistance. To address this shortcoming, this paper suggests a value conflicts analysis as a starting point for implementing work-friendly ISSPs. We show that the design and implementation of a work-friendly ISSP should involve the negotiation for different values held by the different actors within an organization.

Socio-Technical Challenges in Implementation of Monitoring Technologies in Elderly Care

Although new monitoring technologies (MT) supporting aging in place are continuously developed and introduced on the market, attempts to implement these technologies as an integrated part of elderly care often fail. According to the literature, the reason for that may be the prevailing technical focus applied during development and implementation of monitoring technologies in real settings. The aim of this paper was to investigate the socio-technical challenges that arise during implementation of monitoring technologies in elderly care. We used a qualitative case study and semi-structured interviews to investigate socio-technical (S/T) challenges in implementation of monitoring technologies generally and social alarms especially. Based on our findings we suggest a framework for classification of S/T challenges arising during implementation of monitoring technologies in elderly care and in this way this paper contributes to a better understanding of these challenges.

Organizational Power and Information Security Rule Compliance

This paper analyzes power relationships and the resulting failure in complying with information security rules. We argue that inability to understand the intricate power relationships in the design and implementation of information security rules leads to a lack of compliance with the intended policy. We conduct the argument through an empirical, qualitative case study set in a Swedish Social Services organization. Our findings suggest a relationship between dimensions of power and information security rules and the impact there might be on compliance behavior. This also helps to improve configuration of security rules through proactive information security management.

Towards analysing the rationale of information security non-compliance

We develop a method for Value Based Compliance analysis of information security.We develop a set of design principles for a Value Based Compliance analysis method.We analyse value conflicts behind information security non-compliance.We provide a hands-on guide to Value Based Compliance analysis. Employees poor compliance with information security policies is a perennial problem. Current information security analysis methods do not allow information security managers to capture the rationalities behind employees compliance and non-compliance. To address this shortcoming, this design science research paper suggests: (a) a Value-Based Compliance analysis method and (b) a set of design principles for methods that analyse different rationalities for information security. Our empirical demonstration shows that the method supports a systematic analysis of why employees comply/do not comply with policies. Thus we provide managers with a tool to make them more knowledgeable about employees information security behaviours.

To Meet the Needs of Aging Users and the Prerequisites of Innovators in the Design Process

The aim of this paper is to analyze cases where participatory design with different stakeholder groups was a beacon in the development of innovations. An important aspect was a strong foundation both in the needs of the elderly and in the feasibility from the market side. Three cases were analyzed from aspects as: environment and development phase of product; participation of different stakeholders; and proxy involvement of care professionals. The impact of this approach is a benefit for aging end-users as well as increased feasibility for the innovation companies, as a result when collaboration of different stakeholders focuses on balancing the demands of the users and the prerequisites of the industry.

Privacy Principles in Design of Smart Homes Systems in Elderly Care

Privacy is considered as a main concern in developing and implementing smart home systems for elderly care SHSEC. Privacy-by-Design PbD can help to ensure privacy in such systems and can support the designers in taking the protection of the privacy into account during the development of such systems. In this paper, we investigate the suitability of the PbD principles PbDPs suggested by Cavoukian et al. [1] in the context of SHSEC. This research is conducted as a qualitative case study, where we highlight limitations of existing PbDPs in this context. Based on our findings, we suggest seven additional PbDPs which complement the existing PbDPs and adjust them in the context of SHSEC.

Can a Cloud Be Really Secure? A Socratic Dialogue

Issues related to Cloud Computing security are emerging to be important and of concern to various stakeholders. However there is little consensus as to what the nature and scope of such challenges might be. Clearly there are multiple points of view with respect to management of Could Computing security. In this paper we adopt an innovative way – the Socratic Dialogue – as a means to present several perspectives and the discordances therein. One of the authors, a technology enthusiast, makes a case for technical security and the benefits of Cloud Computing. The other authors points to the systemic problems in Cloud Computing and warns of the looming dangers. As the dialogue progresses, both authors seems to agree that the answer resides in adopting a socio-technical perspective. In a final synthesis a set of conditions necessary for Cloud Computing security are presented.

To Capture the Diverse Needs of Welfare Technology Stakeholders – Evaluation of a Value Matrix

Welfare technology (WT) is often developed with a technical perspective, which does not involve important ethical considerations and different values that come up during the development and implementation of WT within elderly care. This paper presents a study where we have applied an ethical value matrix to support systematic ethical assessments of WT intended for personal health monitoring. The matrix consists of values in a checklist and a number of stakeholders and it is possible to analyze which values are emphasized by which stakeholders. The aim was to assess the matrix and find out how the matrix supports identification of values and interests that drive the various stakeholders in the development and implementation of WT. We have realized that several values specified by different actors as especially important were not included in the matrix and that the values in the matrix did not visualize or enable identification of value conflicts.