Martin Karlsson, Fredrik Karlsson, Joachim Åström and Thomas Denk
This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers.
Abstract
Purpose
This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers.
Design/methodology/approach
The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy, market and bureaucracy.
Findings
The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance.
Research limitations/implications
The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance.
Practical implications
Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations.
Originality/value
Few information security policy compliance studies exist on the consequences of different organizational/information cultures.
Details
Keywords
Martin Karlsson, Thomas Denk and Joachim Åström
The purpose of this paper is to investigate the occurrence of value conflicts between information security and other organizational values among white-collar workers. Further…
Abstract
Purpose
The purpose of this paper is to investigate the occurrence of value conflicts between information security and other organizational values among white-collar workers. Further, analyzes are conducted of the relationship between white-collar workers’ perceptions of the culture of their organizations and value conflicts involving information security.
Design/methodology/approach
Descriptive analyses and regression analyses were conducted on survey data gathered among two samples of white-collar workers in Sweden.
Findings
Value conflicts regarding information security occur regularly among white-collar workers in the private and public sectors and within different business sectors. Variations in their occurrence can be understood partly as a function of employees’ work situations and the sensitivity of the information handled in the organization. Regarding how perceived organizational culture affects the occurrence of value conflicts, multivariate regression analysis reveals that employees who perceive their organizations as having externally oriented, flexible cultures experience value conflicts more often.
Research limitations/implications
The relatively low share of explained variance in the explanatory models indicates the need to identify alternative explanations of the occurrence of value conflicts regarding information security.
Practical implications
Information security managers need to recognize that value conflicts occur regularly among white-collar workers in different business sectors, more often among workers in organizations that handle sensitive information, and most often among white-collar workers who perceive the cultures of their organizations as being externally oriented and flexible.
Originality/value
The study addresses a gap in the information security literature by contributing to the understanding of value conflicts between information security and other organizational values. This study has mapped the occurrence of value conflicts regarding information security among white-collar professionals and shows that the occurrence of value conflicts is associated with work situation, information sensitivity and perceived organizational culture.
Details
Keywords
Martin Karlsson, Fredrik Bagge Carlson, Martin Holmstrand, Anders Robertsson, Jeroen De Backer, Luisa Quintino, Eurico Assuncao and Rolf Johansson
This study aims to enable robotic friction stir welding (FSW) in practice. The use of robots has hitherto been limited, because of the large contact forces necessary for FSW…
Abstract
Purpose
This study aims to enable robotic friction stir welding (FSW) in practice. The use of robots has hitherto been limited, because of the large contact forces necessary for FSW. These forces are detrimental for the position accuracy of the robot. In this context, it is not sufficient to rely on the robot’s internal sensors for positioning. This paper describes and evaluates a new method for overcoming this issue.
Design/methodology/approach
A closed-loop robot control system for seam-tracking control and force control, running and recording data in real-time operation, was developed. The complete system was experimentally verified. External position measurements were obtained from a laser seam tracker and deviations from the seam were compensated for, using feedback of the measurements to a position controller.
Findings
The proposed system was shown to be working well in overcoming position error. The system is flexible and reconfigurable for batch and short production runs. The welds were free of defects and had beneficial mechanical properties.
Research limitations/implications
In the experiments, the laser seam tracker was used both for control feedback and for performance evaluation. For evaluation, it would be better to use yet another external sensor for position measurements, providing ground truth.
Practical implications
These results imply that robotic FSW is practically realizable, with the accuracy requirements fulfilled.
Originality/value
The method proposed in this research yields very accurate seam tracking as compared to previous research. This accuracy, in turn, is crucial for the quality of the resulting material.
Details
Keywords
Joakim Berndtsson, Peter Johansson and Martin Karlsson
The purpose of the study is to explore potential value conflicts between information security work and whistleblowing activities by analysing attitudes to whistleblowing among…
Abstract
Purpose
The purpose of the study is to explore potential value conflicts between information security work and whistleblowing activities by analysing attitudes to whistleblowing among white-collar workers in Swedish organisations.
Design/methodology/approach
The study is conducted using survey data among (n = 674) Swedish white-collar workers. Statistical analyses are conducted to explore variations in acceptance of whistleblowing and analyse the relationship between acceptance for whistleblowing and information security attitudes and behaviours.
Findings
The study finds strong support for whistleblowing in both public and private spheres, and by both private and public sector employees. The study also finds stronger acceptance for intra-organisational whistleblowing, while support for external whistleblowing is low. Finally, the study shows that the whistleblowing activities might be perceived as coming in conflict with information security work, even as the support for including whistleblowing functions in information security practices is high.
Research limitations/implications
With a focus on one country, the study is limited in terms of empirical scope. It is also limited by a relatively small number of respondents and survey items relating to whistleblowing, which in turn affects its explanatory value. However, the study does provide unique new insight into a specific form of “non-compliance”, i.e. whistleblowing, which merits further investigation.
Originality/value
Few studies exist that combine insights from the fields of whistleblowing and information security research. Thus, this study provides a basis for further investigation into attitudes and behaviours linked to whistleblowing in public and private organisations, as well as attendant value conflicts related to information security management and practice.
Details
Keywords
Fredrik Karlsson, Martin Karlsson and Joachim Åström
This paper aims to investigate two different types of compliance measures: the first measure is a value-monistic compliance measure, whereas the second is a value-pluralistic…
Abstract
Purpose
This paper aims to investigate two different types of compliance measures: the first measure is a value-monistic compliance measure, whereas the second is a value-pluralistic measure, which introduces the idea of competing organisational imperatives.
Design/methodology/approach
A survey was developed using two sets of items to measure compliance. The survey was sent to 600 white-collar workers and analysed through ordinary least squares.
Findings
The results suggest that when using the value-monistic measure, employees’ compliance was a function of employees’ intentions to comply, their self-efficacy and awareness of information security policies. In addition, compliance was not related to the occurrence of conflicts between information security and other organisational imperatives. However, when the dependent variable was changed to a value-pluralistic measure, the results suggest that employees’ compliance was, to a great extent, a function of the occurrence of conflicts between information security and other organisational imperatives, indirect conflicts with other organisational values.
Research limitations/implications
The results are based on small survey; yet, the findings are interesting and justify further investigation. The results suggest that relevant organisational imperatives and value systems, along with information security values, should be included in measures for employees’ compliance with information security policies.
Practical implications
Practitioners and researchers should be aware that there is a difference in measuring employees’ compliance using value monistic and value pluralism measurements.
Originality/value
Few studies exist that critically compare the two different compliance measures for the same population.
Details
Keywords
Sofia Alexopoulou, Joachim Åström and Martin Karlsson
Technology access, digital skills, and digital services are increasingly prerequisites for public life and accessing public services. The digital divide in contemporary societies…
Abstract
Purpose
Technology access, digital skills, and digital services are increasingly prerequisites for public life and accessing public services. The digital divide in contemporary societies matters for efforts to digitalize the welfare state. Research has already mapped individual determinants of digital exclusion and the existence of an age-related digital divide. However, far less attention has been paid to variations in digital inclusion between countries and to their potential explanations related to political systems. This study explores the influence of variations in welfare regimes on the digital divide among seniors (aged 65+) in Europe.
Design/methodology/approach
This article presents time-series cross-sectional analyses of the relationship between welfare state regimes and digital inclusion among seniors in European countries. The analyses are based on data from Eurostat, the World Bank, and the UN E-Government Survey.
Findings
The authors find extensive variation in the digital inclusion of citizens between welfare regimes and argue that considering regime differences improves the understanding of these variations. The findings indicate that the age-related digital divide seems to be least evident in countries with more universalistic welfare regimes and most evident in countries where seniors rely more on their families.
Originality/value
This is the first comparative study of the association between welfare state regimes and digital inclusion among seniors.
Details
Keywords
Rebecca Dei Mensah, Stephen Tetteh, Jacinta Martina Annan, Raphael Papa Kweku Andoh and Elijah Osafo Amoako
The purpose of this study was to investigate the roles of employee experience and top management commitment in the relationship between human resource (HR) records management…
Abstract
Purpose
The purpose of this study was to investigate the roles of employee experience and top management commitment in the relationship between human resource (HR) records management culture and HR records privacy control in organisations in Ghana.
Design/methodology/approach
Structural equation modelling was used in analysing the data. Following the specification of the model, three main types of analyses were carried out. They were reflective measurement model analyses to test reliability and validity; formative measurement model analyses to test redundancy, collinearity, significance and relevance of the lower-order constructs; and structural model analyses to ascertain the explanatory and predictive powers of the model, significance of the hypotheses and their effect sizes.
Findings
The study confirmed that communication, privacy awareness and training and risk assessment are dimensions of HR records management culture. Concerning the hypotheses, it was established that HR records management culture is related to HR records privacy control. Also, the study showed that employee experience positively moderated the relationship HR records management culture has with HR records privacy control. However, top management commitment negatively moderated the relationship HR records management culture has with HR records privacy control.
Practical implications
Organisations committed to the privacy control of HR records need to ensure the retention of their employees, as the longer they stay with the organisation, the more they embody the HR records management culture which improves the privacy control of HR records. For top management commitment, it should be restricted to providing strategic direction for HR records privacy control, as the day-to-day influence of top management commitment on the HR records management culture does not improve the privacy control of HR records.
Originality/value
This study demonstrates that communication, privacy awareness and training and risk assessment are dimensions of HR record management culture. Also, the extent of employee experience and top management commitment required in the relationship between HR records management culture and HR records privacy control is revealed.
Details
Keywords
Fredrik Karlsson, Joachim Åström and Martin Karlsson
The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge…
Abstract
Purpose
The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about.
Design/methodology/approach
Results are based on a literature review of information security culture research published between 2000 and 2013 (December).
Findings
This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature.
Research limitations/implications
Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research.
Practical implications
Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated.
Originality/value
Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.
Details
Keywords
Axis, HMS and Sectra are three Swedish companies whose managers argue that you should never be radical on two fronts: creating new products for new markets at the same time. This…
Abstract
Purpose
Axis, HMS and Sectra are three Swedish companies whose managers argue that you should never be radical on two fronts: creating new products for new markets at the same time. This paper aims to show however that while Axis’ managers claim not to be radical on two fronts, they still perform horizontal diversification, but they do so by disguising it as product development. Just like certain animals disguise themselves for protection, Axis’ managers disguise diversification as a defense mechanism, to protect themselves. In so doing, they have learned to manage the dynamics of innovation, by shifting between periods of focus and diversification.
Design/methodology/approach
This study was based on an inductive research approach influenced by grounded theory. In total, 32 interviews were performed with top and middle-line managers from three Swedish companies: Axis, Sectra and HMS. A total of 91 A4 transcript pages, 66 A4 e-mail pages, 52 annual reports (from 1999 to 2017) and 256 company presentations and newspaper articles (from 1988 to 2015) were collected and analyzed. Open and selective coding yielded 105 sub-categories, which were grouped into four main categories and presented as detailed descriptions. The results were based on the interpretation of those descriptions and related to disguise as a defense mechanism in psychology.
Findings
Innovation is a difficult process often met with hostility. Axis’ managers however have found a way to go beyond their existing business domain, while still protecting themselves from internal and external opposing forces that would go against such a risky strategy. To do so, they first expand their existing business domain. Then they perform horizontal diversification and disguise it as product development, as a defense mechanism to protect their desire to create innovation from managers who would oppose their risky strategy. In so doing, they convince other stakeholders that innovation through diversification is the best strategy for their company.
Research limitations/implications
This study was only performed at three Swedish technological companies. For future research, other Swedish companies could be included, and not only technological companies either, to explore whether diversification is considered a strategy that needs to be disguised in other businesses as well, and how managers from those businesses deal with internal and external forces.
Practical implications
Managers from Axis, Sectra and HMS are fully aware that innovation as well as diversification is difficult. Ideas that seem interesting and full of potential for some people may seem too risky and dangerous for others. To protect diversification as a strategy for innovation, Axis’ managers have found a way to disguise diversification, and make it seem less dangerous. In so doing, they are able to diversify and create innovation. A strategy for disguising diversification therefore has practical managerial implications of how managers can deal with internal and external forces that would go against such a strategy.
Originality/value
This study connects defense mechanisms in psychology with innovations strategy and innovation management and solves a practical dilemma that managers often struggle with: how to create innovation despite barriers that exists and oppose such a strategy. Managers will most likely always face different barriers to innovation, and perhaps solving them is not possible. This study shows how Axis’ managers have found a way to go around this problem, when solving it is not possible. This strategy thus shows originality and value for both theory and practice related to innovations strategy and innovation management.