{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,27]],"date-time":"2025-05-27T21:40:03Z","timestamp":1748382003363,"version":"3.41.0"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319184661"},{"type":"electronic","value":"9783319184678"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-18467-8_20","type":"book-chapter","created":{"date-parts":[[2015,5,8]],"date-time":"2015-05-08T12:12:03Z","timestamp":1431087123000},"page":"297-310","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Practice-Based Discourse Analysis of InfoSec Policies"],"prefix":"10.1007","author":[{"given":"Fredrik","family":"Karlsson","sequence":"first","affiliation":[]},{"given":"G\u00f6ran","family":"Goldkuhl","sequence":"additional","affiliation":[]},{"given":"Karin","family":"Hedstr\u00f6m","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,5,9]]},"reference":[{"key":"20_CR1","unstructured":"Ernst & Young: Ernst & Young 2008 Global Information Security Survey. Ernst & Young (2008)"},{"key":"20_CR2","unstructured":"Ernst & Young: Borderless security - Ernst & Young\u2019s 2010 Global Information Security Survey. Ernst & Young (2010)"},{"key":"20_CR3","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1016\/j.cose.2004.01.012","volume":"23","author":"C Vroom","year":"2004","unstructured":"Vroom, C., von Solms, R.: Towards information security behavioural compliance. Computers and Security 23, 191\u2013198 (2004)","journal-title":"Computers and Security"},{"key":"20_CR4","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1108\/09576050210447019","volume":"15","author":"R Baskerville","year":"2002","unstructured":"Baskerville, R., Siponen, M.: An information security meta-policy for emergent organizations. Logistics Information Management 15, 337\u2013346 (2002)","journal-title":"Logistics Information Management"},{"key":"20_CR5","unstructured":"Gaskell, G.: Simplifying the onerous task of writing security policies. In: 1st Australian Information Security Management Workshop (2000)"},{"key":"20_CR6","unstructured":"ISO: ISO\/IEC 27002:2005, Information Technology - Secuirty Techniques - Code of Practice for Information Management Systems - Requirements. International Organization for Standardization (ISO) (2005)"},{"key":"20_CR7","doi-asserted-by":"crossref","unstructured":"Baskerville, R.: Information systems security design methods: Implications for information systems development. ACM Computing Surveys 25 (1993)","DOI":"10.1145\/162124.162127"},{"key":"20_CR8","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1111\/j.1365-2575.2011.00378.x","volume":"22","author":"BC Stahl","year":"2012","unstructured":"Stahl, B.C., Doherty, N.F., Shaw, M.: Information security policies in the UK healthcare sector: a critical evaluation. Information Systems Journal 22, 77\u201394 (2012)","journal-title":"Information Systems Journal"},{"issue":"4","key":"20_CR9","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1016\/j.ijmedinf.2005.11.003","volume":"76","author":"S Lusignana De","year":"2007","unstructured":"De Lusignana, S., Chanb, T., Theadoma, A., Dhoula, N.: The roles of policy and professionalism in the protection of processed clinical data: A literature review. International Journal of Medical Informatics 76(4), 261\u2013268 (2007)","journal-title":"International Journal of Medical Informatics"},{"key":"20_CR10","volume-title":"Management information systems: conceptual foundations, structure, and development","author":"GB Davis","year":"1985","unstructured":"Davis, G.B., Olson, M.H.: Management information systems: conceptual foundations, structure, and development. McGraw-Hill Inc., New York (1985)"},{"key":"20_CR11","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1016\/j.cose.2004.01.013","volume":"23","author":"R Solms von","year":"2004","unstructured":"von Solms, R., von Solms, B.: From policies to culture. Computers and Security 23, 275\u2013279 (2004)","journal-title":"Computers and Security"},{"key":"20_CR12","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1016\/S0167-4048(01)00305-4","volume":"20","author":"B Solms von","year":"2001","unstructured":"von Solms, B.: Corporate Governance and Information Security. Computer & Security 20, 215\u2013218 (2001)","journal-title":"Computer & Security"},{"key":"20_CR13","doi-asserted-by":"publisher","first-page":"408","DOI":"10.1016\/j.cose.2006.07.005","volume":"25","author":"R Solms von","year":"2006","unstructured":"von Solms, R., von Solms, S.H.: Information Security Governance: A model based on the Direct-Control Cycle. Computer & Security 25, 408\u2013412 (2006)","journal-title":"Computer & Security"},{"key":"20_CR14","doi-asserted-by":"publisher","DOI":"10.1201\/9780203488737","volume-title":"Information security policies and procedures - a practitioner\u2019s reference","author":"TR Peltier","year":"2004","unstructured":"Peltier, T.R.: Information security policies and procedures - a practitioner\u2019s reference. Auerbach Publications, Boca Raton (2004)"},{"key":"20_CR15","volume-title":"Information security policies made easy","author":"CC Wood","year":"2001","unstructured":"Wood, C.C.: Information security policies made easy. Information Shield, Huston (2001)"},{"key":"20_CR16","doi-asserted-by":"crossref","unstructured":"Sibley, E.H.: Experiments in organizational policy representation: resuls to date. In: Proceedings of the International Conference on Systems, Man and Cybernetics, vol. 1, pp. 337\u2013342 (1993)","DOI":"10.1109\/ICSMC.1993.384767"},{"key":"20_CR17","first-page":"667","volume":"14","author":"CC Wood","year":"1995","unstructured":"Wood, C.C.: Writing InfoSec Policies. Computer & Security 14, 667\u2013674 (1995)","journal-title":"Writing InfoSec Policies. Computer & Security"},{"key":"20_CR18","doi-asserted-by":"publisher","first-page":"81","DOI":"10.4018\/978-1-878289-71-1.ch004","volume-title":"Internet and Intranet Security Management: Risks and Solutions","author":"L Janczewski","year":"2000","unstructured":"Janczewski, L.: Managing Security Functions Using Security Standards. In: Janczewski, L. (ed.) Internet and Intranet Security Management: Risks and Solutions, pp. 81\u2013105. IGI Global, Hershey (2000)"},{"key":"20_CR19","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1016\/j.cose.2009.07.001","volume":"28","author":"KJ Knapp","year":"2009","unstructured":"Knapp, K.J., Morris Jr., R.F., Marshall, T.E., Byrd, T.A.: Information security policy: An organizational-level process model. Computer & Security 28, 493\u2013508 (2009)","journal-title":"Computer & Security"},{"key":"20_CR20","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1007\/s00766-009-0092-x","volume":"15","author":"F Fabian","year":"2010","unstructured":"Fabian, F., G\u00fcrses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Engineering 15, 7\u201340 (2010)","journal-title":"Requirements Engineering"},{"key":"20_CR21","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/j.csi.2010.01.006","volume":"32","author":"D Mellado","year":"2010","unstructured":"Mellado, D., Blanco, C., S\u00e1nchez, L.E., Ferna\u00e1ndez-Medina, E.: A systematic review of security requirements engineering. Computer Standards and Interfaces 32, 153\u2013165 (2010)","journal-title":"Computer Standards and Interfaces"},{"key":"20_CR22","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1016\/j.ijinfomgt.2009.05.003","volume":"29","author":"N Doherty","year":"2009","unstructured":"Doherty, N., Anastasakis, L., Fulford, H.: The information security policy unpacked: A critical study of the content of university policies. International Journal of Information Management 29, 449\u2013457 (2009)","journal-title":"International Journal of Information Management"},{"key":"20_CR23","doi-asserted-by":"crossref","unstructured":"Siponen, M.: Policies for construction of information systems\u2019 security guidelines. In: The 15th International Information Security Conference (IFIP TC11\/SEC2000), Beijing, China (2000)","DOI":"10.1007\/978-0-387-35515-3_12"},{"key":"20_CR24","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1016\/S0167-4048(97)83121-5","volume":"15","author":"K Lindup","year":"1996","unstructured":"Lindup, K.: The Role of Information Security in Corporate Governance. Computer & Security 15, 477\u2013485 (1996)","journal-title":"Computer & Security"},{"key":"20_CR25","volume-title":"Discourse and social psychology. Beyond attitudes and behaviour","author":"J Potter","year":"1987","unstructured":"Potter, J., Wetherell, M.: Discourse and social psychology. Beyond attitudes and behaviour. Sage, London (1987)"},{"key":"20_CR26","volume-title":"Case study research: design and methods","author":"RK Yin","year":"1994","unstructured":"Yin, R.K.: Case study research: design and methods. Sage, Thousand Oaks (1994)"},{"key":"20_CR27","unstructured":"Schatzki, T.R.: Introduction: Practice theory. In: Schatzki, T.R., Knorr Cetina, K., von Savigny, E. (eds.) The Practice Turn in Contemporary Theory. Routledge, London (2001)"},{"key":"20_CR28","unstructured":"Goldkuhl, G.: The many facets of communication \u2013 a socio-pragmatic conceptualisation for information systems studies. In: Proceedings of the Workshop on Communication and Coordination in Business Processes, Kiruna (2005)"},{"key":"20_CR29","volume-title":"The theory of communicative action1. Reason and the rationalization of society","author":"J Habermas","year":"1984","unstructured":"Habermas, J.: The theory of communicative action1. Reason and the rationalization of society. Polity Press, Cambridge (1984)"},{"key":"20_CR30","volume-title":"Lectures on conversation","author":"H Sacks","year":"1992","unstructured":"Sacks, H.: Lectures on conversation. Blackwell, Oxford (1992)"},{"key":"20_CR31","doi-asserted-by":"publisher","DOI":"10.1075\/z.164","volume-title":"Theory of language","author":"K B\u00fchler","year":"2011","unstructured":"B\u00fchler, K.: Theory of language. John Benjamins Publishing, Amsterdam (2011)"},{"key":"20_CR32","volume-title":"Logic: The theory of inquiry","author":"J Dewey","year":"1938","unstructured":"Dewey, J.: Logic: The theory of inquiry. Henry Holt, New York (1938)"},{"key":"20_CR33","volume-title":"Basics of qualitative research","author":"J Corbin","year":"2008","unstructured":"Corbin, J., Strauss, A.: Basics of qualitative research. Techniques and procedures for developing Grounded Theory. Sage, Thousand Oaks (2008)"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-18467-8_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,27]],"date-time":"2025-05-27T21:22:35Z","timestamp":1748380955000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-18467-8_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319184661","9783319184678"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-18467-8_20","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"9 May 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}