Purpose
The purpose of this paper is to survey existing information security policy (ISP) management research to scrutinise the extent to which manual and computerised support has been suggested, and ...the way in which the suggested support has been brought about.
Design/methodology/approach
The results are based on a literature review of ISP management research published between 1990 and 2017.
Findings
Existing research has focused mostly on manual support for managing ISPs. Very few papers have considered computerised support. The entire complexity of the ISP management process has received little attention. Existing research has not focused much on the interaction between the different ISP management phases. Few research methods have been used extensively and intervention-oriented research is rare.
Research limitations/implications
Future research should to a larger extent address the interaction between the ISP management phases, apply more intervention research to develop computerised support for ISP management, investigate to what extent computerised support can enhance integration of ISP management phases and reduce the complexity of such a management process.
Practical implications
The limited focus on computerised support for ISP management affects the kind of advice and artefacts the research community can offer to practitioners.
Originality/value
Today, there are no literature reviews on to what extent computerised support the ISP management process. Findings on how the complexity of ISP management has been addressed and the research methods used extend beyond the existing knowledge base, allowing for a critical discussion of existing research and future research needs.
Today, public organisations need to share information in order to complete their tasks. Over the years, scholars have mapped out the social and organisational factors that affect the success or ...failure of these kinds of endeavours. However, few of the suggested models have sought to address the temporal aspect of inter-organisational information sharing. The aim of this paper is to investigate the reshaping of social and organisational factors of inter-organisational information sharing in the public sector over time. We analysed four years' worth of information sharing in an inter-organisational reference group on copper corrosion in the context of nuclear waste management. We could trace how factors in the model proposed by Yang and Maxwell (2011) were reshaped over time. Two factors in the model – concerns of information misuse and trust – are frequently assessed by organisations and are the most likely to change. In the long run we also found that legislation and policies can change.
•Investigates information sharing in a network of public organisations.•Investigates social and organisational factors of information sharing.•Results reveal these factors are reshaped over time.•Results extend an existing model on information sharing.
► Value conflicts can be used as a strategic tool for organizational development. ► Users’ information security practices is opportunities for reflection-in-action. ► A value-based compliance model ...can offer a better information security practice. ► We found seventeen areas of value conflicts in two longitudinal hospital studies.
A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model.
Purpose
The purpose of this paper is to survey existing inter-organisational information security research to scrutinise the kind of knowledge that is currently available and the way in which this ...knowledge has been brought about.
Design/methodology/approach
The results are based on a literature review of inter-organisational information security research published between 1990 and 2014.
Findings
The authors conclude that existing research has focused on a limited set of research topics. A majority of the research has focused management issues, while employees’/non-staffs’ actual information security work in inter-organisational settings is an understudied area. In addition, the majority of the studies have used a subjective/argumentative method, and few studies combine theoretical work and empirical data.
Research limitations/implications
The findings suggest that future research should address a broader set of research topics, focusing especially on employees/non-staff and their use of processes and technology in inter-organisational settings, as well as on cultural aspects, which are lacking currently; focus more on theory generation or theory testing to increase the maturity of this sub-field; and use a broader set of research methods.
Practical implications
The authors conclude that existing research is to a large extent descriptive, philosophical or theoretical. Thus, it is difficult for practitioners to adopt existing research results, such as governance frameworks, which have not been empirically validated.
Originality/value
Few systematic reviews have assessed the maturity of existing inter-organisational information security research. Findings of authors on research topics, maturity and research methods extend beyond the existing knowledge base, which allow for a critical discussion about existing research in this sub-field of information security.
Privacy of information is a critical issue for e‐government development as lack of it negatively influences users' trust and adoption of e‐government. To earn user trust government organizations need ...to provide reliable privacy assurance by implementing adequate information privacy protection (IPP) practices. African least developing countries (LDCs) today develop e‐government, but focus is on quick technical development, and the status of IPP issues is not clear. Little research has yet studied the status of IPP practices in e‐government in African LDCs. To fill this gap, we assess the status of existing IPP practices in e‐government in Rwanda, using international privacy principles as an assessment baseline. We adopt a case study approach including three cases. Data were collected by interviews and a survey. The findings call into question the efficacy of existing IPP practices and their effect in ensuring e‐government service users' privacy protection in Rwanda. The study extends existing literature by providing insights related to privacy protection from an African LDC context. For practitioners in Rwanda and other LDCs, this study contributes to the protection of information privacy in e‐government by providing recommendations to mitigate identified gaps.
Privacy of information is a critical issue for e-government development as lack of it negatively influences users’ trust and adoption of e-government. To earn user trust government organizations need ...to provide reliable privacy assurance by implementing adequate information privacy protection (IPP) practices. African Least Developing Countries (LDCs) today develop e-government but focus is on quick technical development and the status of IPP issues is not clear. Little research has yet studied the status of IPP practices in e-government in African LDCs. To fill this gap, we assess the status of existing IPP practices in e-government in Rwanda, using international privacy principles as an assessment baseline. We adopt a case-study approach including three cases. Data were collected by interviews and a survey. The findings call into question the efficacy of existing IPP practices and their effect in ensuring e-government service users’ privacy protection in Rwanda. The study extends existing literature by providing insights related to privacy protection from an African LDC context. For practitioners in Rwanda and other LDCs, this study contributes to the protection of information privacy in e-government by providing recommendations to mitigate identified gaps.