{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T17:46:05Z","timestamp":1778175965634,"version":"3.51.4"},"reference-count":40,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2021,12,21]],"date-time":"2021-12-21T00:00:00Z","timestamp":1640044800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2022,5,27]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>The purpose of this study is to investigate the influence of work-related value conflicts on information security in two organisations in nuclear power production and related industry.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>A mixed-methods design was applied. Individual interviews were conducted with 24 employees of two organisations in Sweden and questionnaire data on information security climate were collected from 667 employees (62%) in the same two organisations.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>The qualitative part of the study identified five different types of value conflicts influencing information security behaviour. The quantitative part of the study found that value conflicts relating to information security had a negative relationship with rule-compliant behaviour. The opposite was found for participative security behaviour where there was a positive relationship with value conflicts. A high climate of information security was positively related to both rule-compliant and participative information security behaviour. It also moderated the effect of value conflicts on compliant information security behaviour.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>This paper highlights organisational contextual conditions that influence employees\u2019 motivation and ability to manage value conflicts relating to information security in a high-risk industry. It also enables a better understanding of the influence of the information security climate on information security in the presence of value conflicts in this type of industry.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-09-2021-0139","type":"journal-article","created":{"date-parts":[[2021,12,17]],"date-time":"2021-12-17T08:37:57Z","timestamp":1639730277000},"page":"346-363","source":"Crossref","is-referenced-by-count":2,"title":["Value conflicts and information security \u2013 a mixed-methods study in high-risk industry"],"prefix":"10.1108","volume":"30","author":[{"given":"Kristina","family":"Gyllensten","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anders","family":"Pousette","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marianne","family":"T\u00f6rner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","published-online":{"date-parts":[[2021,12,21]]},"reference":[{"issue":"3","key":"key2022052516415575100_ref001","doi-asserted-by":"crossref","first-page":"326","DOI":"10.1177\/000765039903800305","article-title":"Understanding research on values in business: a level of analysis framework","volume":"38","year":"1999","journal-title":"Business and Society"},{"key":"key2022052516415575100_ref002","article-title":"The role of organizational and social factors for information security in a high-risk industry","volume-title":"Manuscript in Press","author":"Author 1 and Author 3","year":"2021"},{"issue":"2","key":"key2022052516415575100_ref003","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1191\/1478088706qp063oa","article-title":"Using thematic analysis in psychology","volume":"3","year":"2006","journal-title":"Qualitative Research in Psychology"},{"issue":"5","key":"key2022052516415575100_ref004","doi-asserted-by":"publisher","first-page":"580","DOI":"10.1108\/ICS-02-2016-0015","article-title":"Escalation of commitment and information security: theories and implications","volume":"25","year":"2017","journal-title":"Information and Computer Security"},{"key":"key2022052516415575100_ref005","doi-asserted-by":"crossref","first-page":"656","DOI":"10.1016\/j.chb.2016.03.068","article-title":"Deciding between information security and usability: developing value based objectives","volume":"61","year":"2016","journal-title":"Computers in Human Behavior"},{"issue":"4","key":"key2022052516415575100_ref006","doi-asserted-by":"crossref","first-page":"435","DOI":"10.2307\/30040637","article-title":"Managing from the boundary: the effective leadership of self-managing work teams","volume":"46","year":"2003","journal-title":"Academy of Management Journal"},{"key":"key2022052516415575100_ref007","unstructured":"European Union Agency for Network and Information Security (ENISA) (2018), \u201cCybersecurity culture guidelines: behavioural aspects of cybersecurity\u201d, available at: www.ensisa.europa.eu"},{"key":"key2022052516415575100_ref008","unstructured":"European Union Agency for Network and Information Security (ENISA) (2021), \u201cENISA threat landscape 2121\u201d, available at: www.ensisa.europa.esu"},{"issue":"4","key":"key2022052516415575100_ref009","doi-asserted-by":"crossref","first-page":"327","DOI":"10.1037\/h0061470","article-title":"The critical incident technique","volume":"51","year":"1954","journal-title":"Psychological Bulletin"},{"issue":"1","key":"key2022052516415575100_ref010","doi-asserted-by":"crossref","first-page":"3","DOI":"10.5172\/conu.2006.23.1.3","article-title":"Mixed methods research for the novice researcher","volume":"23","year":"2006","journal-title":"Contemporary Nurse"},{"key":"key2022052516415575100_ref011","doi-asserted-by":"crossref","first-page":"148","DOI":"10.1016\/j.ssci.2019.01.008","article-title":"Promoting and impeding safety: a qualitative study into direct and indirect safety leadership practices of construction site managers","volume":"114","year":"2019","journal-title":"Safety Science"},{"key":"key2022052516415575100_ref012a","doi-asserted-by":"publisher","DOI":"10.1108\/OCJ-04-2021-0012","article-title":"The role of organizational and social factors for information security in a nuclear power industry","year":"2021","journal-title":"Organizational Cybersecurity Journal: Practice, Process and People"},{"issue":"4","key":"key2022052516415575100_ref012","doi-asserted-by":"crossref","first-page":"266","DOI":"10.1108\/IMCS-08-2012-0043","article-title":"Social action theory for understanding information security non-compliance in hospitals: the importance of user rationale","volume":"21","year":"2013","journal-title":"Information Management and Computer Security"},{"issue":"4","key":"key2022052516415575100_ref013","doi-asserted-by":"crossref","first-page":"373","DOI":"10.1016\/j.jsis.2011.06.001","article-title":"Value conflicts for information security management","volume":"20","year":"2011","journal-title":"The Journal of Strategic Information Systems"},{"key":"key2022052516415575100_ref014","first-page":"6398","article-title":"For what technology can\u2019t fix: building a model of organizational cybersecurity culture","year":"2019"},{"key":"key2022052516415575100_ref015","unstructured":"International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) (2013), \u201cInformation technology security techniques code of practice for information security management\u201d, Geneva, available at: http:\/\/docplayer.net\/668061-Information-technology-security-techniques-code-of-practicefor-information-security-controls.html (accessed 10 May 2018)."},{"issue":"2","key":"key2022052516415575100_ref016","doi-asserted-by":"crossref","first-page":"206","DOI":"10.1177\/0021886314524909","article-title":"Reflections: a perspective on paradox and its application to modern management","volume":"50","year":"2014","journal-title":"The Journal of Applied Behavioral Science"},{"issue":"2","key":"key2022052516415575100_ref017","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1108\/ICS-08-2017-0058","article-title":"Perceptions of organizational culture and value conflicts in information security management","volume":"26","year":"2018","journal-title":"Information and Computer Security"},{"key":"key2022052516415575100_ref018","first-page":"267","article-title":"Practice-based discourse analysis of information security policies","volume":"67","year":"2016","journal-title":"Computers and Security"},{"issue":"3","key":"key2022052516415575100_ref019","doi-asserted-by":"crossref","first-page":"279","DOI":"10.1108\/ICS-11-2016-0084","article-title":"Measuring employees\u2019 compliance \u2013 the importance of value pluralism","volume":"25","year":"2017","journal-title":"Information and Computer Security"},{"issue":"2","key":"key2022052516415575100_ref020","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1108\/ICS-02-2018-0019","article-title":"Guest editorial: value conflicts and information security management","volume":"26","year":"2018","journal-title":"Information and Computer Security"},{"key":"key2022052516415575100_ref021","volume-title":"Value-Focused Thinking: A Path to Creative Decision Making","year":"1992"},{"key":"key2022052516415575100_ref022","first-page":"70","article-title":"\u2018Comply or die\u2019 is dead: long live security-aware principal agents","volume-title":"International Conference on Financial Cryptography and Data Security","year":"2013"},{"issue":"4","key":"key2022052516415575100_ref023","doi-asserted-by":"crossref","first-page":"760","DOI":"10.5465\/amr.2000.3707712","article-title":"Exploring paradox: toward a more comprehensive guide","volume":"25","year":"2000","journal-title":"Academy of Management Review"},{"issue":"2","key":"key2022052516415575100_ref024","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1177\/0021886314522322","article-title":"Paradox as a metatheoretical perspective: sharpening the focus and widening the scope","volume":"50","year":"2014","journal-title":"The Journal of Applied Behavioral Science"},{"key":"key2022052516415575100_ref025","unstructured":"McCumber, J. (2004), \u201cThe McCumber cube and CIA triad\u201d, available at: https:\/\/www.ncyte.net\/"},{"key":"key2022052516415575100_ref026","unstructured":"Mulligan, K. (2004), \u201cThe nature of value conflict and its consequences for public opinion\u201d, Doctoral dissertation, The Ohio State University."},{"key":"key2022052516415575100_ref027","first-page":"67","article-title":"Safety climate and safety behaviour","volume":"27 (special issue)","year":"2002","journal-title":"Australian Journal of Management"},{"issue":"2","key":"key2022052516415575100_ref028","first-page":"2056","article-title":"Key elements of an information security culture in organisations","volume":"27","year":"2018","journal-title":"Information and Computer Security"},{"key":"key2022052516415575100_ref029","volume-title":"Qualitative Evaluation and Research Methods","year":"1990"},{"key":"key2022052516415575100_ref030","article-title":"Organisationsklimatets betydelse f\u00f6r informationss\u00e4kerhet","volume-title":"Informationss\u00e4kerhet Och S\u00e4kerhetskultur (Information Security and Safety Culture)","year":"2017"},{"issue":"3","key":"key2022052516415575100_ref031","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1504\/IJBSR.2015.071828","article-title":"Organisational dualities: an integrated review","volume":"9","year":"2015","journal-title":"International Journal of Business and Systems Research"},{"issue":"4","key":"key2022052516415575100_ref032","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1111\/j.1744-6570.1975.tb01386.x","article-title":"Organizational climates: an essay","volume":"28","year":"1975","journal-title":"Personnel Psychology"},{"key":"key2022052516415575100_ref033","volume-title":"Organizational Climate and Culture","year":"1990"},{"issue":"3","key":"key2022052516415575100_ref034","doi-asserted-by":"publisher","DOI":"10.1037\/ap1000090","article-title":"Organizational climate and culture: reflections on the history of the construct in JAP","volume":"102","year":"2017","journal-title":"Journal of Applied Psychology"},{"issue":"1","key":"key2022052516415575100_ref035","article-title":"Professional culture, information security and healthcare quality \u2013 an interview study physicians\u2019 and nurses\u2019 perspectives on value conflicts in the use of electronic information systems","volume":"4","year":"2018","journal-title":"Safety in Health"},{"issue":"7","key":"key2022052516415575100_ref036","doi-asserted-by":"crossref","first-page":"296","DOI":"10.1016\/j.im.2011.07.002","article-title":"Out of fear or desire? Toward a better understanding of employees\u2019 motivation to follow is security policies","volume":"48","year":"2011","journal-title":"Information and Management"},{"issue":"C","key":"key2022052516415575100_ref037","first-page":"102387","article-title":"Developing a cyber security culture: current practices and future needs","volume":"109","year":"2021","journal-title":"Computers and Security"},{"issue":"4","key":"key2022052516415575100_ref038","doi-asserted-by":"crossref","first-page":"476","DOI":"10.1016\/j.cose.2009.10.005","article-title":"Information security culture: a management perspective","volume":"29","year":"2010","journal-title":"Computers and Security"},{"key":"key2022052516415575100_ref039","volume-title":"Introducing Qualitative Research in Psychology","year":"2013"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-09-2021-0139\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-09-2021-0139\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:12Z","timestamp":1753406592000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/30\/3\/346-363\/189706"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,21]]},"references-count":40,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2021,12,21]]},"published-print":{"date-parts":[[2022,5,27]]}},"alternative-id":["10.1108\/ICS-09-2021-0139"],"URL":"https:\/\/doi.org\/10.1108\/ics-09-2021-0139","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2021,12,21]]}}}