{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T21:15:10Z","timestamp":1757625310711,"version":"3.44.0"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032043740","type":"print"},{"value":"9783032043757","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T00:00:00Z","timestamp":1757462400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T00:00:00Z","timestamp":1757462400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-04375-7_22","type":"book-chapter","created":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T17:28:15Z","timestamp":1757438895000},"page":"349-364","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards a Speech Act-Based Model to Enable Future Quality Improvements of Information Security Policies Using Large Language Models"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3265-7627","authenticated-orcid":false,"given":"Fredrik","family":"Karlsson","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3722-6797","authenticated-orcid":false,"given":"Shang","family":"Gao","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4830-1876","authenticated-orcid":false,"given":"John","family":"Krogstie","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0001-9207-3236","authenticated-orcid":false,"given":"Leila","family":"Aro-Sati","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,9,10]]},"reference":[{"issue":"2","key":"22_CR1","first-page":"105","volume":"14","author":"B K\u00f6r","year":"2021","unstructured":"K\u00f6r, B., Metin, B.: Understanding human aspects for an effective information security management implementation. Int. J. Appl. Decis. Sci. 14(2), 105\u2013122 (2021)","journal-title":"Int. J. Appl. Decis. Sci."},{"issue":"4","key":"22_CR2","doi-asserted-by":"publisher","first-page":"673","DOI":"10.2307\/20650322","volume":"33","author":"MJ Culnan","year":"2009","unstructured":"Culnan, M.J., Williams, C.C.: How ethics can enhance organizational privacy: lessons from the choicepoint and tjx data breaches. MIS Q. 33(4), 673\u2013687 (2009)","journal-title":"MIS Q."},{"key":"22_CR3","unstructured":"Truesec: Threat Intelligence Report 2023. Truesec (2023)"},{"key":"22_CR4","doi-asserted-by":"crossref","unstructured":"Chatterjee, S., Gao, X., Sarkar, S., Uzmanoglu, C.: Reacting to the scope of a data breach: the differential role of fear and anger. J. Bus. Res. 101, 183\u2013193 (2019)","DOI":"10.1016\/j.jbusres.2019.04.024"},{"issue":"2","key":"22_CR5","doi-asserted-by":"publisher","first-page":"173","DOI":"10.2307\/249574","volume":"16","author":"KD Loch","year":"1992","unstructured":"Loch, K.D., Carr, H.H., Warkentin, M.E.: Threats to information systems: today\u2019s reality, yesterday\u2019s understanding. MIS Q. 16(2), 173\u2013186 (1992)","journal-title":"MIS Q."},{"issue":"12","key":"22_CR6","doi-asserted-by":"publisher","first-page":"1290","DOI":"10.1080\/0144929X.2019.1583769","volume":"38","author":"NH Chowdhury","year":"2019","unstructured":"Chowdhury, N.H., Adam, M.T., Skinner, G.: The impact of time pressure on cybersecurity behaviour: a systematic literature review. Behav. Inf. Technol. 38(12), 1290\u20131308 (2019)","journal-title":"Behav. Inf. Technol."},{"issue":"3","key":"22_CR7","doi-asserted-by":"publisher","first-page":"487","DOI":"10.2307\/25750688","volume":"34","author":"M Siponen","year":"2010","unstructured":"Siponen, M., Vance, A.: Neutralization: new insights into the problem of employee information systems security policy violations. MIS Q. 34(3), 487\u2013502 (2010)","journal-title":"MIS Q."},{"key":"22_CR8","doi-asserted-by":"crossref","unstructured":"Ponemon Institute LLC: Cost of Insider Threats: Global Report (2020). https:\/\/Www.Ibm.Com\/Downloads\/Cas\/Lqz4rone","DOI":"10.1016\/S1353-4858(20)30017-9"},{"key":"22_CR9","unstructured":"Rostami, E.: Tailoring Information Security Policies - Computerized Tool and a Design Theory. Department of Informactics, vol. PhD. \u00d6rebro University, \u00d6rebro (2023)"},{"issue":"1","key":"22_CR10","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/S1353-4858(02)06011-7","volume":"6","author":"K H\u00f6ne","year":"2002","unstructured":"H\u00f6ne, K., Eloff, J.H.P.: What makes an effective information security policy? Netw. Secur. 6(1), 14\u201316 (2002)","journal-title":"Netw. Secur."},{"key":"22_CR11","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/978-3-319-16486-1_50","volume-title":"New Contributions in Information Systems and Technologies","author":"I Lopes","year":"2015","unstructured":"Lopes, I., Oliveira, P.: Applying action research in the formulation of information security policies. In: Rocha, A., Correia, A.M., Costanzo, S., Reis, L.P. (eds.) New Contributions in Information Systems and Technologies, pp. 513\u2013522. Springer, Cham (2015)"},{"key":"22_CR12","doi-asserted-by":"crossref","unstructured":"Karlsson, F., Hedstr\u00f6m, K., Goldkuhl, G.: Practice-based discourse analysis of information security policies. Comput. Secur. 67, 267\u2013279 (2017)","DOI":"10.1016\/j.cose.2016.12.012"},{"key":"22_CR13","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1111\/j.1365-2575.2011.00378.x","volume":"22","author":"BC Stahl","year":"2012","unstructured":"Stahl, B.C., Doherty, N.F., Shaw, M.: Information security policies in the UK healthcare sector: a critical evaluation. Inf. Syst. J. 22, 77\u201394 (2012)","journal-title":"Inf. Syst. J."},{"issue":"4","key":"22_CR14","doi-asserted-by":"publisher","first-page":"492","DOI":"10.1108\/ICS-10-2023-0187","volume":"32","author":"E Rostami","year":"2024","unstructured":"Rostami, E., Karlsson, F.: Qualitative content analysis of actionable advice in information security policies \u2013 introducing the keyword loss of specificity metric. Inf. Comput. Secur. 32(4), 492\u2013508 (2024)","journal-title":"Inf. Comput. Secur."},{"key":"22_CR15","unstructured":"ISO: ISO\/IEC 27002:2022 Information Security, Cybersecurity and Privacy Protection\u2014Information Security Controls. International Organization for Standardization (ISO) (2022)"},{"issue":"1","key":"22_CR16","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1016\/j.istr.2005.11.003","volume":"11","author":"C Sundt","year":"2006","unstructured":"Sundt, C.: Information security and the law. Inf. Secur. Tech. Rep. 11(1), 2\u20139 (2006)","journal-title":"Inf. Secur. Tech. Rep."},{"key":"22_CR17","doi-asserted-by":"crossref","unstructured":"Trummer, I.: From bert to Gpt-3 codex: harnessing the potential of very large language models for data management. In: Proceedings of the VLDB Endowment, vol. 15, pp. 3770\u20133773. ACM (2022)","DOI":"10.14778\/3554821.3554896"},{"key":"22_CR18","doi-asserted-by":"crossref","unstructured":"Abdullah, M., Madain, A., Jararweh, Y.: Chatgpt: fundamentals, applications and social impacts. In: 2022 Ninth International Conference on Social Networks Analysis, Management and Security. IEEE, Milan, Italy (2022)","DOI":"10.1109\/SNAMS58071.2022.10062688"},{"issue":"1","key":"22_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1017\/S0047404500006837","volume":"5","author":"JR Searle","year":"1976","unstructured":"Searle, J.R.: A Classification of illocutionary acts. Lang. Soc. 5(1), 1\u201323 (1976)","journal-title":"Lang. Soc."},{"key":"22_CR20","unstructured":"Alshaikh, M., Maynard, S.B., Ahmad, A., Chang, S.: Information security policy: a management practice perspective. In: Australasian Conference on Information Systems (2015)"},{"issue":"4","key":"22_CR21","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1016\/j.jsis.2010.10.002","volume":"19","author":"S Goel","year":"2010","unstructured":"Goel, S., Chengalur-Smith, I.N.: Metrics for characterizing the form of security policies. J. Strat. Inf. Syst. 19(4), 281\u2013295 (2010)","journal-title":"J. Strat. Inf. Syst."},{"issue":"1","key":"22_CR22","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1016\/j.cose.2005.09.009","volume":"25","author":"N Doherty","year":"2006","unstructured":"Doherty, N., Fulford, H.: Aligning the information security policy with the strategic information systems plan. Comput. Secur. 25(1), 55\u201363 (2006)","journal-title":"Comput. Secur."},{"issue":"3","key":"22_CR23","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1108\/ICS-10-2022-0160","volume":"31","author":"E Rostami","year":"2023","unstructured":"Rostami, E., Karlsson, F., Shang, G.: Policy components - a conceptual model for modularizing and tailoring of information security policies. Inf. Comput. Secur. 31(3), 331\u2013352 (2023)","journal-title":"Inf. Comput. Secur."},{"key":"22_CR24","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102063","volume":"99","author":"E Rostami","year":"2020","unstructured":"Rostami, E., Karlsson, F., Gao, S.: Requirements for computerized tools to design information security policies. Comput. Secur. 99, 102063 (2020)","journal-title":"Comput. Secur."},{"issue":"12","key":"22_CR25","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0311410","volume":"19","author":"L Yun","year":"2024","unstructured":"Yun, L., Yun, S., Xue, H.: Improving citizen-government interactions with generative artificial intelligence: novel human-computer interaction strategies for policy understanding through large language models. PLoS ONE 19(12), e0311410 (2024)","journal-title":"PLoS ONE"},{"key":"22_CR26","doi-asserted-by":"crossref","unstructured":"Lawal, S., Zhao, X., Rios, A., Krishnan, R., Ferraiolo, D.: Translating natural language specifications into access control policies by leveraging large language models. In: 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), pp. 361\u2013370. IEEE, Washington (2024)","DOI":"10.1109\/TPS-ISA62245.2024.00048"},{"key":"22_CR27","doi-asserted-by":"crossref","unstructured":"Quevedo, E., et al.: Creation and analysis of a natural language understanding dataset for dod cybersecurity policies (Csiac-Dodin V1. 0). In: 2023 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 91\u201398. IEEE, Las Vegas (2023)","DOI":"10.1109\/CSCI62032.2023.00021"},{"key":"22_CR28","doi-asserted-by":"crossref","unstructured":"Deldari, S., et al.: Auditnet: a conversational AI-based security assistant (2024)","DOI":"10.1145\/3640471.3680444"},{"key":"22_CR29","doi-asserted-by":"crossref","unstructured":"Najafali, D., Camacho, J.M., Reiche, E., Galbraith, L.G., Morrison, S.D., Dorafshar, A.H.: Truth or lies? the pitfalls and limitations of chatgpt in systematic review creation. Aesthetic Surg. J. 43(8), NP654\u2013NP655 (2023)","DOI":"10.1093\/asj\/sjad093"},{"key":"22_CR30","volume-title":"How to Do Things with Words","author":"JL Austin","year":"1962","unstructured":"Austin, J.L.: How to Do Things with Words. Oxford University Press, Cambridge (1962)"},{"key":"22_CR31","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781139173438","volume-title":"Speech Acts: An Essay in the Philosophy of Language","author":"JR Searle","year":"1969","unstructured":"Searle, J.R.: Speech Acts: An Essay in the Philosophy of Language. Cambridge University Press, Cambridge (1969)"},{"key":"22_CR32","first-page":"109","volume-title":"Logic, Thought and Action","author":"JR Searle","year":"2005","unstructured":"Searle, J.R., Vanderveken, D.: Speech acts and illocutionary logic. In: Vanderveken, D. (ed.) Logic, Thought and Action, pp. 109\u2013132. Springer, Dordrecht (2005)"},{"key":"22_CR33","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511609213","volume-title":"Expression and Meaning: Studies in the Theory of Speech Acts","author":"JR Searle","year":"1979","unstructured":"Searle, J.R.: Expression and Meaning: Studies in the Theory of Speech Acts. Cambridge University Press, Cambridge (1979)"},{"issue":"12","key":"22_CR34","doi-asserted-by":"publisher","first-page":"2024","DOI":"10.1016\/j.pragma.2005.03.005","volume":"37","author":"T Holtgraves","year":"2005","unstructured":"Holtgraves, T.: The production and perception of implicit performatives. J. Pragmat. 37(12), 2024\u20132043 (2005)","journal-title":"J. Pragmat."},{"issue":"5","key":"22_CR35","doi-asserted-by":"publisher","first-page":"510","DOI":"10.1080\/00131857.2017.1382353","volume":"50","author":"R Gasparatou","year":"2018","unstructured":"Gasparatou, R.: How to do things with words: speech acts in education. Educ. Philos. Theory 50(5), 510\u2013518 (2018)","journal-title":"Educ. Philos. Theory"},{"issue":"1","key":"22_CR36","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s13347-025-00839-y","volume":"38","author":"JV Schmidt","year":"2025","unstructured":"Schmidt, J.V.: Can artificial agents be authors? Phil. Technol. 38(1), 1\u201325 (2025)","journal-title":"Phil. Technol."},{"issue":"2","key":"22_CR37","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1109\/52.268955","volume":"11","author":"OI Lindland","year":"1994","unstructured":"Lindland, O.I., Sindre, G., Solvberg, A.: Understanding quality in conceptual modeling. IEEE Softw. 11(2), 42\u201349 (1994)","journal-title":"IEEE Softw."},{"key":"22_CR38","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4471-2936-3","volume-title":"Model-Based Development and Evolution of Information Systems","author":"J Krogstie","year":"2012","unstructured":"Krogstie, J.: Model-Based Development and Evolution of Information Systems. Springer, London (2012)"},{"key":"22_CR39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-42512-2","volume-title":"Quality in Business Process Modeling","author":"J Krogstie","year":"2016","unstructured":"Krogstie, J.: Quality in Business Process Modeling. Springer, Cham (2016)"},{"key":"22_CR40","unstructured":"Thalheim, B.: The science of conceptual modelling. In: Hameurlain, A., Liddle, S.W., Schewe, K.-D., Zhou, X. (eds.) Database and Expert Systems Applications - 22nd International Conference, Dexa 2011. Toulouse, France, 29 August\u20132 September 2011 Proceedings, Part I, pp. 12\u201326. Springer, Heidelberg (2011)"},{"issue":"2","key":"22_CR41","doi-asserted-by":"publisher","first-page":"27","DOI":"10.3316\/QRJ0902027","volume":"9","author":"GA Bowen","year":"2009","unstructured":"Bowen, G.A.: Document analysis as a qualitative research method. Qual. Res. J. 9(2), 27\u201340 (2009)","journal-title":"Qual. Res. J."},{"key":"22_CR42","doi-asserted-by":"crossref","unstructured":"Duffy, M.E.: Methodological triangulation: a vehicle for merging quantitative and qualitative research methods. Image: J. Nurs. Scholarship 19(3), 130\u2013133 (1987)","DOI":"10.1111\/j.1547-5069.1987.tb00609.x"}],"container-title":["Lecture Notes in Business Information Processing","Perspectives in Business Informatics Research"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-04375-7_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T17:28:23Z","timestamp":1757438903000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-04375-7_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,10]]},"ISBN":["9783032043740","9783032043757"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-04375-7_22","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"value":"1865-1348","type":"print"},{"value":"1865-1356","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,9,10]]},"assertion":[{"value":"10 September 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"BIR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Business Informatics Research","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Riga","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Latvia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"bir2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/bir2025.rtu.lv\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}