Search results

This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs).

This study used a design science research approach, drawing on design knowledge from the field of situational method engineering. The conceptual model was developed as a unified modeling language class diagram using existing ISPs from public agencies in Sweden.

This study’s demonstration as proof of concept indicates that the conceptual model can be used to create free-standing modules that provide guidance about information security in relation to a specific work task and that these modules can be used across multiple tailored ISPs. Thus, the model can be considered as a step toward developing software to tailor ISPs.

The proposed conceptual model bears several short- and long-term implications for research. In the short term, the model can act as a foundation for developing software to design tailored ISPs. In the long term, having software that enables tailorable ISPs will allow researchers to do new types of studies, such as evaluating the software's effectiveness in the ISP development process.

Practitioners can use the model to develop software that assist information security managers in designing tailored ISPs. Such a tool can offer the opportunity for information security managers to design more purposeful ISPs.

The proposed model offers a detailed and well-elaborated starting point for developing software that supports modularizing and tailoring of ISPs.

This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers.

The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy, market and bureaucracy.

The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance.

The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance.

Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations.

Few information security policy compliance studies exist on the consequences of different organizational/information cultures.

This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.

A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.

The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.

The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.

The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.

The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.

The purpose of this paper is to survey existing information security policy (ISP) management research to scrutinise the extent to which manual and computerised support has been suggested, and the way in which the suggested support has been brought about.

The results are based on a literature review of ISP management research published between 1990 and 2017.

Existing research has focused mostly on manual support for managing ISPs. Very few papers have considered computerised support. The entire complexity of the ISP management process has received little attention. Existing research has not focused much on the interaction between the different ISP management phases. Few research methods have been used extensively and intervention-oriented research is rare.

Future research should to a larger extent address the interaction between the ISP management phases, apply more intervention research to develop computerised support for ISP management, investigate to what extent computerised support can enhance integration of ISP management phases and reduce the complexity of such a management process.

The limited focus on computerised support for ISP management affects the kind of advice and artefacts the research community can offer to practitioners.

Today, there are no literature reviews on to what extent computerised support the ISP management process. Findings on how the complexity of ISP management has been addressed and the research methods used extend beyond the existing knowledge base, allowing for a critical discussion of existing research and future research needs.

Social sustainability is a concept frequently referred to in public debates concerning how to construct the governance of future societies. The interpretations of its meaning, however, are ambiguous, and practices often dubious. Confronting top-down technocratic governance structures, this paper aims to argue for for tripartite collaborations between residents, higher education institutions (HEIs) and local government, as an approach toward social sustainability that involves residents’ interests in local governance.

This study argues that a specific time-spatial method of analysis can benefit the co-creation of knowledge as it passes through the spectrum of resident–HEI–local government. It provides a way for resident perceptions to become structured knowledge that originates from the residents, effectively engendering a bottom-up governance structure.

This study shows how to include residents in policymaking and implementation processes as co-creators of knowledge, and thereby displays the possibility of examining knowledge and competence within municipal projects for social sustainability.

The model developed in this study can be used as a methodological instrument to analyze and expand resident participation in local social sustainability work. It thereby provides a toolbox for inclusive policymaking and strategies.

The purpose of this paper is to explore and describe the perspective of the management group regarding how they reasoned when deciding to engage in a model focussing on systematic work environment management, and what motives that influenced their decision.

This qualitative study with semi-structured interviews includes 18 representatives from the management groups in 18 Swedish municipalities. Data were analysed with a constant comparative method.

The participants described two aspects that were of importance when making the decision; establishing commitment before making the decision and establishing strategies to legitimise the decision. Furthermore, they expressed motives that were linked both to their individual expectations and wishes and to policies and facts in their organisations. The participants experienced the model as a valuable tool in their organisations to increase employee participation and to provide structured support to their first-line managers.

The managers’ motives were linked to individual expectations and external directives. These were often intertwined and influenced their decisions. When implementing this type of model, it is important to discuss decisions in a larger group to avoid building an organisational initiative on one person’s expectations. Furthermore, it is important to support the management’s work to establish commitment for the model in the municipal organisation.

This study adds to knowledge of the complexity of deciding and implementing models to support systematic work environment management in organisations.

Drug sales facilitated through digital communication on the surface web and on darknet cryptomarkets have increased during the past two decades. This has resulted in an increase in drug law enforcement efforts to combat these markets and a subsequent increase in judicial sentencing of people selling drugs online. The aim of this study was to analyze how Swedish courts describe sentenced sellers and how the courts apply case law.

The empirical material consists of 71 sentencing documents produced by Swedish courts in cases of online drug selling between January 1, 2010 and January 1, 2020. In total, 99 sentenced persons occur in the documents. Using a qualitative research design, the authors analyzed the material through thematic text analysis.

Overall, in their descriptions of online drug sale operations, the courts’ characterizations of the concepts of street capital and digital capital show a dichotomy. These forms of capital are situationally described as both aggravating and mitigating aspects in the application of case law, indicating that it may be fruitful to view both street and digital capital as resources used on contemporary drug markets in general.

Very little research exists into how judicial systems describe and perceive the developing phenomenon of online drug sales. Using a relatively large sample from a decade of sentencing, the authors provide an analysis of how Swedish courts view and valuate capital forms in the online drugs trade.

The game plan firms must navigate in the quest of competitive advantage which is changing quickly. More and more firms acknowledge that future prosperity depends on achieving the joint goals of economic, environmental and social sustainability. This understanding has resulted in both firms and actors on the financial markets enhancing their focus on environmental, social and governance dimensions in their respective decision-making processes. In this chapter, the focus is on one key component of the changing game plan, the European Union’s (EU) Sustainable Finance Platform that envisions investors as a key driver of firms’ sustainability transformation. Based on survey data from Swedish listed firms, we discuss implications and outcomes of the Platform. Our results show that investors play an important role in setting the rules of the gameplan for firms. However, not to the extent that it meets the ambitions of the policymakers. This suggests either that the Platform will fail to meet its aims or that firms should expect further significant changes to the gameplan in the future.

This study aims to explore how people with concurrent mental health and substance use disorders and lived experience of deep social marginalization perceived barriers and facilitators to mainstream social participation. The purpose of this study is to identify meaningful and relevant learning content for a virtual reality-based intervention to promote social participation in this group.

This formative qualitative study was conducted in Norway during Autumn 2022. Nine in-depth individual interviews with adults recovering from dual diagnosis were conducted, audiotaped, transcribed and analysed using reflexive thematic analysis in a collaborative analysis process.

Results indicated that social alienation, poor social skills, stigma, low self-esteem and social anxiety were key barriers to social participation in this group. This study suggests a need to learn appropriate social behaviour in mainstream society, in addition to better employability skills, civic literacy and health literacy to improve utilization of social opportunities.

This study implies that virtual reality-based interventions for promoting social participation in people with dual diagnosis should primarily focus on learning and practising appropriate social behaviour in shared public spaces before practising advanced social skills such as employability skills in simulated work environments. Learning and practising social skills appears decisive for using more complex social opportunities, such as in education, health, social services and work.

This research provides suggestions for the content of a novel virtual reality-based intervention to promote social participation among people in recovery from dual diagnosis.

New digital technologies are reshaping the business landscape and accounting work. This paper aims to investigate how incorporating more data and new data analytics (DA) tools impacts the role and use of judgment in financial due diligence (FDD).

The paper reports findings from a field study at a Big Four accounting firm in Sweden (“DealCo”). The primary data includes semi-structured interviews, observations and other meetings. Theoretically, it draws on Dewey’s The Logic of Judgments of Practise and Logic: The Theory of Inquiry and distinguishes between theoretical (what is probably true) and practical judgment (what to do).

In DealCo’s FDD practice, using more data and new DA tools meant that the realm of possibility had expanded significantly. To manage the newfound abundance and to use DA effectively, DealCo’s advisors invoked practical and theoretical judgments in different stages and areas of the data-driven FDD. The paper identifies four critical uses of judgment: Setting priorities and exercising restraint (practical judgment) and forming hypotheses and doing sense checks (theoretical judgment). In these capacities, practical judgment and theoretical judgment were essential in transforming raw data into actionable insights and, in effect, an indeterminate situation into a determinate one.

The study foregrounds the practical dimension of knowledge production for decision-making and contributes to a better understanding of the role, use and importance of accounting professionals’ judgment in a data-driven world.