Risk aversion and the value of information
Decision Support Systems
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
In the eye of the beholder: a visualization-based approach to information system security
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Editorial: Editorial: JSIS Security and Privacy Special Issue
The Journal of Strategic Information Systems
The Journal of Strategic Information Systems
The Journal of Strategic Information Systems
Organizational competence for harnessing IT: A case study
Information and Management
Security in Health Information Systems: An Exploratory Comparison of U.S. and Swiss Hospitals
HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
Measuring the value of information: the information-intensive organization
IBM Systems Journal
Defining value-based objectives for ERP systems planning
Decision Support Systems
Hi-index | 0.00 |
A business's information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model.