6533b7d9fe1ef96bd126c5e9

RESEARCH PRODUCT

Exploring the value conflicts and supports of information security compliance in nursing practices : A case-study in the Hospital of Southern Norway (SSHF) Kristiansand

subject

description

Master's thesis in Information systems (IS501) Background: Information and information systems are a vital resource for an organiza-tion. Data breaches cannot be prevented by technical measures alone, that is why this thesis looks at the human elementin the search for understanding compliancewith se-curity policies. Thecontext is the hospital sectorwith the aim ofunderstanding theac-tual behavior of employees and the divergence of convergence withprescribed policies. Theoretical lens:The study adopts the lens of Value-Based Compliancetheory,which has its roots in the health caresector. This theory describes information security actions as 1) prescribed(the written policies), and2) actual(the actual behavior of employees) and looks for goals and values associated withprescribed and actual information secu-rity actionsto identify potentialconflicts. Method:This thesisfollows aqualitative approachthrough a case study of SSHF Kris-tiansand with interviews and documentsas the data sources. The interview data are col-lected from fifteen interviewees: nurses, unit leaders, and information security workers. The data analysis is performed following thevalue-basedcompliance method. This method is a development of the value-based compliance theory.