Information Security Policies: A Frames of Reference Perspective
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Researchers and information security professionals share an understanding of information securitypolicies as the foundation of organizational information security. A major concern for informationsecurity professionals is that only seldom do these policies bring about the expected outcomes. Inefforts to understand this problem, researchers have concentrated on different approaches formotivating end-users to comply with the information security policies but left the differences inorganizational groups and their expectations of these policies for little attention. This thesisanalyzes the impact of key organizational groups' perceptions of information security policies to theimplementation and use of these policies in the light of a theoretical framework that draws on theliterature on frames of reference and on information security policies. We propose a concept ofInformation Security Policy Frames of Reference (ISPFOR) as a means for understanding theseperceptions and their consequences. Our empirical findings from an interpretive case studyhighlight that organizational groups' perceptions of information security policies deserve attentionin regard to formulating and implementing information security policies in organizations. The thesisconcludes by arguing that frames of reference perspective, a perspective prominent in informationsystems research but not yet applied in the context of information security policies, offers acompelling explanation for problems around information security policy implementation and use inorganizations and provides new insight into employees' perceptions of information security policies.
Place, publisher, year, edition, pages
2011. , 78 p.
Teknik, IS security, information security policies, information security management, frames of reference, interpretive research
IdentifiersURN: urn:nbn:se:ltu:diva-54400Local ID: b5b4da79-52dc-4ae9-9798-480e6c411567OAI: oai:DiVA.org:ltu-54400DiVA: diva2:1027781
Subject / course
Student thesis, at least 30 credits
Information Security, master's level
Validerat; 20110607 (anonymous)2016-10-042016-10-04Bibliographically approved