A4 Refereed article in a conference publication
Interpreting Information Security Policy Outcomes – A Frames of Reference Perspective
Subtitle: A Frames of Reference Perspective
Authors: Niemimaa M, Laaksonen A. E., Harnesk D.
Editors: -
Publication year: 2013
Book title : System Sciences (HICSS), 2013 46th Hawaii International Conference on
DOI: https://doi.org/10.1109/HICSS.2013.282(external)
Abstract
A major concern for IS managers is that information security policies seldom produce expected outcomes. Previously, scholars have studied motivations underlying non-conformance to policies and proposed approaches for motivating employees. However, the socio-cognitive aspects that shape employees' perceptions of the policies and implications for policy outcomes have received modest attention. This study draws on socio-cognitive concept of frames and on literature on information security policies to suggest a theoretical and analytical concept of Information Security Policy Frames of Reference (ISPFOR). The concept provides a sensitizing device to interpret how the frames influence organizational groups' perceptions of policies and the implications of the perceptions on policy outcomes. Three frame categories were uncovered through an interpretive case study at large multinational internet service provider. Findings suggest frames shape perceptions of policies and provide an explanation for unanticipated policy outcomes. Implications for research and practice are discussed.
A major concern for IS managers is that information security policies seldom produce expected outcomes. Previously, scholars have studied motivations underlying non-conformance to policies and proposed approaches for motivating employees. However, the socio-cognitive aspects that shape employees' perceptions of the policies and implications for policy outcomes have received modest attention. This study draws on socio-cognitive concept of frames and on literature on information security policies to suggest a theoretical and analytical concept of Information Security Policy Frames of Reference (ISPFOR). The concept provides a sensitizing device to interpret how the frames influence organizational groups' perceptions of policies and the implications of the perceptions on policy outcomes. Three frame categories were uncovered through an interpretive case study at large multinational internet service provider. Findings suggest frames shape perceptions of policies and provide an explanation for unanticipated policy outcomes. Implications for research and practice are discussed.
Downloadable publication This is an electronic reprint of the original article. |  |
UTU Research Portal