Value Conflicts and Information Security Management
Special issue call for papers from Information and Computer Security
About the Journal
Information and Computer Security (ICS) contributes to the advance of knowledge directly related to the theory and practice of the management and security of information and information systems. It publishes research and case study papers relating to new technologies, methodological developments, empirical studies and practical applications.
Guest Edited by
Fredrik Karlsson, [email protected], Örebro University, Fakultetsgatan 1, SE-701 82 Örebro, Sweden
Marianne Törner, [email protected], Sahlgrenska Academy, University of Gothenburg, P.O. Box 414, SE-405 30 Gothenburg, Sweden
Ella Kolkowska, [email protected], Örebro University, Fakultetsgatan 1, SE-701 82 Örebro, Sweden
About this Special Issue
This special issue focuses on a crucial but under-developed area in information security management, namely the complexity of information security management when different practices, demands, and management systems meet and create tension. In particular this means highlighting value pluralism, value conflicts and paradoxes anchored in practices, demands and management systems. Such value conflicts and paradoxes could appear within or between organisations, as well as between different societal interests. We also seek contributions elucidating how value conflicts involving information security, and the way they are dealt with, influence information security per se, but also organisational performance, working conditions, and life quality.
Specific topics we invite you to provide submissions on include but are not limited to:
- The balance of information security goals and, for example, business and performance goals within an organisation and in work involving several organisations
- Coping with value conflicts involving information security in different organisational culture contexts
- Managing differences in co-existing subcultures in organisations with regard to information security
- Strategies for managing value conflicts with regard to information security behaviour
- Frameworks and methods for analysing value conflicts related to information security
- Behavioural and cognitive research into information security design, development, implementation, and use with consideration of value conflicts
- State-of-the-art reviews on value conflicts and information security
- Dependencies and conflicts between values introduced at legal, societal and organisational levels
- Privacy trade-offs and paradoxes
- Issues of employee and user surveillance with focus on value conflicts (i.e. security vs privacy)
- Value conflicts embedded in management systems
- Corporate code of ethics/conduct and information security
- Cases of value dilemmas and information security
- Value conflicts influencing compliance with information security and privacy policies, procedures, and regulations
- Whistle-blowing and information security
- Submission deadline: August 31, 2017
- Papers reviewed: October 16, 2017
- Revised papers reviewed and accepted: November 24, 2017
- Final versions of accepted papers delivered: December 18, 2017
How to submit:
Manuscripts should be a maximum of 7500 words in length. This includes all text including references and appendices. Prospective authors should ensure their papers meet the Special Issue scope and must adhere to the ICS author guidelines. For further information, please go to the author guidelines page.
All papers must be submitted online. Submissions to ICS are made using ScholarOne Manuscripts, the online submission and peer review system. Registration and access are available at https://mc.manuscriptcentral.com/iacs. Full information and guidance on using ScholarOne Manuscripts is available at the Emerald ScholarOne Manuscripts Support Centre: http://msc.emeraldinsight.com.
The need to approach value conflicts in organisations through an inclusive perspective is increasingly acknowledged (e.g Lewis & Smith, 2014). Although it has also been acknowledged that information security values may be in conflict with other organisational values (e.g. Hedström et al. 2011), most current information security research does not address value pluralism. In information security research values are generally addressed from a value monistic perspective (c.f. Kolkowska et al. In press). If acknowledged, value conflicts are often addressed through an either/or perspective, prioritizing one value before others. In practice, this prioritization is often left to the employees (Kirlappos et al. 2013).
This special issue aims to redress this imbalance, opening up for discussions on value pluralism, competing demands, dilemmas and paradoxes in relation to information security management. Viewing competing demands as often interrelated and even interdependent may provide better grounds for organisational and management systems development.
- Lewis, M., & Smith, W. (2014). Paradox as a metatheoretical perspective: sharpening the focus and widening the scope. Journal of Applied Behavioral Science, 50(2), 127-149.
- Hedström, K, Kolkowska, E, Karlsson, F, Allen, J P (2011). “Value conflicts for information security management”. Journal of Strategic Information Systems, 20(4), 373-384.
- Kolkowska, E, Karlsson, F, Hedström K (In press) “Towards analysing the rationale of information security non-compliance: Devising a Value-Based Compliance analysis method”. Journal of Strategic Information Systems
- Kirlappos, I, Beautement, A, Sasse, M A. (2013). ‘‘Comply or Die” Is Dead: Long live security-aware principal agents. In: Adam, A.A., Brenner, M., Smith, M. (Eds.), Financial Cryptography and Data Security – FC 2013 Workshops, USEC and WAHC 2013, Okinawa, Japan, April 1, 2013, Revised Selected Papers. Springer-Verlag, Berlin Heidelberg.
About the Guest Editors
Fredrik Karlsson, PhD, is professor in Informatics at Örebro University, Sweden. His research interests focus on how values are embodied in information systems designs and on value conflicts in information security, tailoring of systems development methods, and electronic government. His research on these topics has appeared in a variety of information systems journals such as European Journal of Information Systems, Government Information Quarterly, Information Management and Computer Security, Strategic Journal of Information Systems, and Scandinavian Journal of Information Systems. He is currently research leader of the research environment Centre for Empirical Research on Information Systems, at Örebro University.
Marianne Törner, PhD, professor, is the head of the research team Safety, Organization and Leadership at the Dept. of Occupational and Environmental Medicine, Institute of Medicine, Sahlgrenska Academy, University of Gothenburg. Her area of expertise is organisational psychology, specifically organisational climate and culture, particularly in relation to different aspects of safety, but more recently also in relation to security. Presently one of Törner’s main research interests is how employees cope with competing organisational demands, comprising safety and security, and how the organisation may support paradox coping that promotes organisational goal attainment and does not induce harmful stress.
Ella Kolkowska is assistant professor in Informatics at Örebro University, Sweden. Her research focuses on value conflicts that exist in relation to information security and information security culture. Especially she has studied how users’ professional values influence their behaviours with respect to information security policies and guidelines. Currently, Kolkowska studies value conflicts with regard to privacy in the context of smart homes technologies used in elderly care. Her research has been published in journals such as Information Management and Computer Security, Strategic Journal of Information Systems, and Computers and Security.