{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T15:13:25Z","timestamp":1743002005236,"version":"3.40.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031385292"},{"type":"electronic","value":"9783031385308"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-38530-8_13","type":"book-chapter","created":{"date-parts":[[2023,7,25]],"date-time":"2023-07-25T20:38:17Z","timestamp":1690317497000},"page":"157-168","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Qualitative Content Analysis of Actionable Advice in Swedish Public Agencies\u2019 Information Security Policies"],"prefix":"10.1007","author":[{"given":"Elham","family":"Rostami","sequence":"first","affiliation":[]},{"given":"Fredrik","family":"Karlsson","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,7,26]]},"reference":[{"key":"13_CR1","unstructured":"Alshaikh, M., Maynard, S.B., Ahmad, A., Chang, S.: Information security policy: a management practice perspective. In: Australasian Conference on Information Systems (2015)"},{"issue":"1","key":"13_CR2","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1177\/1744987117741667","volume":"23","author":"A Assarroudi","year":"2018","unstructured":"Assarroudi, A., Heshmati Nabavi, F., Armat, M.R., Ebadi, A., Vaismoradi, M.: Directed qualitative content analysis: the description and elaboration of its underpinning methods and data analysis process. J. Res. Nurs. 23(1), 42\u201355 (2018)","journal-title":"J. Res. Nurs."},{"issue":"3","key":"13_CR3","doi-asserted-by":"publisher","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"B Bulgurcu","year":"2010","unstructured":"Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523\u2013548 (2010)","journal-title":"MIS Q."},{"issue":"12","key":"13_CR4","doi-asserted-by":"publisher","first-page":"1290","DOI":"10.1080\/0144929X.2019.1583769","volume":"38","author":"NH Chowdhury","year":"2019","unstructured":"Chowdhury, N.H., Adam, M.T., Skinner, G.: The impact of time pressure on cybersecurity behaviour: a systematic literature review. Behav. Inf. Technol. 38(12), 1290\u20131308 (2019)","journal-title":"Behav. Inf. Technol."},{"key":"13_CR5","unstructured":"Demsar, J., et al.: Orange: data mining toolbox in python. J. Mach. Learn. Res. 14 2349\u20132353 (2013).https:\/\/jmlr.org\/papers\/volume14\/demsar13a\/demsar13a.pdf"},{"key":"13_CR6","unstructured":"Diver, S.: Information Security Policy - A Development Guide for Large and Small Companies. SANS Institute (2021)"},{"issue":"4","key":"13_CR7","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1016\/j.jsis.2010.10.002","volume":"19","author":"S Goel","year":"2010","unstructured":"Goel, S., Chengalur-Smith, I.N.: Metrics for characterizing the form of security policies. J. Strateg. Inf. Syst. 19(4), 281\u2013295 (2010)","journal-title":"J. Strateg. Inf. Syst."},{"issue":"6","key":"13_CR8","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/S1353-4858(02)06011-7","volume":"2002","author":"K H\u00f6ne","year":"2002","unstructured":"H\u00f6ne, K., Eloff, J.H.P.: What makes an effective information security policy? Netw. Secur. 2002(6), 14\u201316 (2002b)","journal-title":"Netw. Secur."},{"issue":"9","key":"13_CR9","doi-asserted-by":"publisher","first-page":"1277","DOI":"10.1177\/1049732305276687","volume":"15","author":"H-F Hsieh","year":"2005","unstructured":"Hsieh, H.-F., Shannon, S.E.: Three approaches to qualitative content analysis. Qual. Health Res. 15(9), 1277\u20131288 (2005)","journal-title":"Qual. Health Res."},{"key":"13_CR10","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1016\/j.cose.2016.12.012","volume":"67","author":"F Karlsson","year":"2017","unstructured":"Karlsson, F., Hedstr\u00f6m, K., Goldkuhl, G.: Practice-based discourse analysis of information security policies. Comput. Secur. 67, 267\u2013279 (2017). https:\/\/doi.org\/10.1016\/j.cose.2016.12.012","journal-title":"Comput. Secur."},{"issue":"2","key":"13_CR11","first-page":"105","volume":"14","author":"B K\u00f6r","year":"2021","unstructured":"K\u00f6r, B., Metin, B.: Understanding human aspects for an effective information security management implementation. Int. J. Appl. Decis. Sci. 14(2), 105\u2013122 (2021)","journal-title":"Int. J. Appl. Decis. Sci."},{"key":"13_CR12","doi-asserted-by":"publisher","first-page":"173","DOI":"10.2307\/249574","volume":"16","author":"KD Loch","year":"1992","unstructured":"Loch, K.D., Carr, H.H., Warkentin, M.E.: Threats to information systems: today\u2019s reality, yesterday\u2019s understanding. MIS Q. 16, 173\u2013186 (1992)","journal-title":"MIS Q."},{"key":"13_CR13","doi-asserted-by":"crossref","unstructured":"Ponemon Institute LLC. Cost of Insider Threats: Global Report (2020). https:\/\/www.ibm.com\/downloads\/cas\/LQZ4RONE","DOI":"10.1016\/S1353-4858(20)30017-9"},{"key":"13_CR14","unstructured":"PWC. The Information Security Breaches Survey - Technical Report. Department for Business, Innovation and Skills (BIS), London, UK (2014)."},{"key":"13_CR15","unstructured":"Rostami, E.: Tailoring information security policies\u2013a computerized tool and a design theory \u00d6rebro universitet] (2023)"},{"key":"13_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102063","volume":"99","author":"E Rostami","year":"2020","unstructured":"Rostami, E., Karlsson, F., Gao, S.: Requirements for computerized tools to design information security policies. Comput. Secur. 99, 102063 (2020)","journal-title":"Comput. Secur."},{"key":"13_CR17","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1108\/ICS-10-2022-0160","volume":"31","author":"E Rostami","year":"2023","unstructured":"Rostami, E., Karlsson, F., Gao, S.: Policy components\u2013a conceptual model for modularizing and tailoring of information security policies. Inf. Comput. Secur. 31, 331\u2013352 (2023)","journal-title":"Inf. Comput. Secur."},{"key":"13_CR18","unstructured":"SFS. 2009:400 Offentlighets- och sekretesslag. Justitiedepartementet, Stockholm (2009)"},{"key":"13_CR19","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1111\/j.1365-2575.2011.00378.x","volume":"22","author":"BC Stahl","year":"2012","unstructured":"Stahl, B.C., Doherty, N.F., Shaw, M.: Information security policies in the UK healthcare sector: a critical evaluation. Inf. Syst. J. 22, 77\u201394 (2012)","journal-title":"Inf. Syst. J."},{"issue":"1","key":"13_CR20","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1016\/j.istr.2005.11.003","volume":"11","author":"C Sundt","year":"2006","unstructured":"Sundt, C.: Information security and the law. Inf. Secur. Tech. Rep. 11(1), 2\u20139 (2006)","journal-title":"Inf. Secur. Tech. Rep."},{"key":"13_CR21","first-page":"123","volume-title":"Information security: Policy, processes, and practices","author":"M Whitman","year":"2008","unstructured":"Whitman, M.: Security policy: from design to maintenance. In: Straub, D.W., Goodman, S.E., Baskerville, R. (eds.) Information security: Policy, processes, and practices, pp. 123\u2013151. M. E. Sharpe, New York (2008)"},{"key":"13_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.25300\/MISQ\/2013\/37.1.01","volume":"37","author":"R Willison","year":"2013","unstructured":"Willison, R., Warkentin, M.: Beyond deterrence: an expanded view of employee computer abuse. MIS Q. 37, 1\u201320 (2013)","journal-title":"MIS Q."}],"container-title":["IFIP Advances in Information and Communication Technology","Human Aspects of Information Security and Assurance"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-38530-8_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,25]],"date-time":"2023-07-25T20:40:09Z","timestamp":1690317609000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-38530-8_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031385292","9783031385308"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-38530-8_13","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"26 July 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HAISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Human Aspects of Information Security and Assurance","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kent","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"haisa2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.haisa.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"54","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"37","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"69% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.93","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}