تعارضات ارزشی برای مدیریت امنیت اطلاعات
|کد مقاله||سال انتشار||مقاله انگلیسی||ترجمه فارسی||تعداد کلمات|
|41822||2011||12 صفحه PDF||سفارش دهید||7992 کلمه|
Publisher : Elsevier - Science Direct (الزویر - ساینس دایرکت)
Journal : The Journal of Strategic Information Systems, Volume 20, Issue 4, December 2011, Pages 373–384
A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model.