{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T14:36:44Z","timestamp":1777905404596,"version":"3.51.4"},"reference-count":63,"publisher":"Riga Technical University","issue":"46","license":[{"start":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T00:00:00Z","timestamp":1777507200000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J. Complex Syst. Inform. Model. Q."],"abstract":"<jats:p>Employee compliance with Information Security Policies (ISPs) depends on communicating clear and comprehensible content. However, existing research has shown that many ISPs are of poor communicative quality. Large Language Models (LLMs) could enhance ISPs if fine-tuned on high-quality data, but to do such fine-tuning requires a conceptual model for classifying the data and evaluating the resulting text. Therefore, as a step in this direction, the aim of this article is to develop a conceptual model of ISPs using Speech Act Theory as a theoretical lens to enable assessments of the communicative quality of ISPs. We used conceptual modeling and document analysis to develop the model based on 600 ISP statements from ten British National Health Service ISPs. We used selected parts from the SEQUAL framework to evaluate the model. The evaluation pointed to potential areas for improving the model\u2019s semantic, empirical, physical, and deontic qualities. By incorporating these improvements, the final class diagram contains 21 classes, six of which address ISP statement quality as speech acts.<\/jats:p>","DOI":"10.7250\/csimq.2026-46.03","type":"journal-article","created":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T12:47:32Z","timestamp":1777639652000},"page":"45-66","source":"Crossref","is-referenced-by-count":0,"title":["Advancing a Speech Act-Based Model to Improve Future Quality of Information Security Policies Using Large Language Models"],"prefix":"10.7250","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3265-7627","authenticated-orcid":false,"given":"Fredrik","family":"Karlsson","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3722-6797","authenticated-orcid":false,"given":"Shang","family":"Gao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4830-1876","authenticated-orcid":false,"given":"John","family":"Krogstie","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-9207-3236","authenticated-orcid":false,"given":"Leila","family":"Aro-Sati","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"4297","published-online":{"date-parts":[[2026,4,30]]},"reference":[{"key":"3514","doi-asserted-by":"crossref","unstructured":"B. K\u00f6r and B. Metin, \u201cUnderstanding human aspects for an effective information security management implementation,\u201d International Journal of Applied Decision Sciences, vol. 14, no. 2, pp. 105\u2013122, 2021. Available: https:\/\/doi.org\/10.1504\/IJADS.2021.113532","DOI":"10.1504\/IJADS.2021.113532"},{"key":"3515","doi-asserted-by":"crossref","unstructured":"M. J. Culnan and C. C. Williams, \u201cHow Ethics Can Enhance Organizational Privacy: Lessons from the Choicepoint and TJX Data Breaches,\u201d MIS Quarterly, vol. 33, no. 4, pp. 673\u2013687, 2009. Available: https:\/\/doi.org\/10.2307\/20650322","DOI":"10.2307\/20650322"},{"key":"3516","doi-asserted-by":"crossref","unstructured":"E. Kolkowska, F. Karlsson, and K. Hedstr\u00f6m, \u201cTowards analysing the rationale of information security noncompliance: Devising a Value-Based Compliance analysis method,\u201d Journal of Strategic Information Systems, vol. 26, no. 1, pp. 39\u201357, 2017. Available: https:\/\/doi.org\/10.1016\/j.jsis.2016.08.005","DOI":"10.1016\/j.jsis.2016.08.005"},{"key":"3517","unstructured":"G. Dhillon, Information Security \u2013 Text & Cases. Edition 2.0 ed. Burlington, USA: Prospect Press, 2017."},{"key":"3518","unstructured":"Truesec, \u201cThreat Intelligence Report 2023,\u201d Truesec, Stockholm, Sweden, 2023."},{"key":"3519","unstructured":"Crowdstrike, \u201c2025 Global Threat Report,\u201d Crowdstrike Inc, 2025."},{"key":"3520","doi-asserted-by":"crossref","unstructured":"S. Chatterjee, X. Gao, S. Sarkar, and C. Uzmanoglu, \u201cReacting to the scope of a data breach: The differential role of fear and anger,\u201d Journal of Business Research, vol. 101, pp. 183\u2013193, 2019. Available: https:\/\/doi.org\/10.1016\/j.jbusres.2019.04.024","DOI":"10.1016\/j.jbusres.2019.04.024"},{"key":"3521","doi-asserted-by":"crossref","unstructured":"K. D. Loch, H. H. Carr, and M. E. Warkentin, \u201cThreats to information systems: today\u2019s reality, yesterday\u2019s understanding,\u201d MIS Quarterly, vol. 16, no. 2, pp. 173\u2013186, 1992. Available: https:\/\/doi.org\/10.2307\/249574","DOI":"10.2307\/249574"},{"key":"3522","doi-asserted-by":"crossref","unstructured":"N. H. Chowdhury, M. T. Adam, and G. Skinner, \u201cThe impact of time pressure on cybersecurity behaviour: a systematic literature review,\u201d Behav. Inf. Technol., vol. 38, no. 12, pp. 1290\u20131308, 2019. Available: https:\/\/doi.org\/10.1080\/0144929X.2019.1583769","DOI":"10.1080\/0144929X.2019.1583769"},{"key":"3523","doi-asserted-by":"crossref","unstructured":"K. H\u00f6ne and J. H. P. Eloff, \u201cInformation security policy \u2013 what do international information security standards say?\u201d Computers & Security, vol. 21, no. 5, pp. 402\u2013409, 2002. Available: https:\/\/doi.org\/10.1016\/S0167-4048(02)00504-7","DOI":"10.1016\/S0167-4048(02)00504-7"},{"key":"3524","doi-asserted-by":"crossref","unstructured":"S. Goel and I. N. Chengalur-Smith, \u201cMetrics for characterizing the form of security policies,\u201d Journal of Strategic Information Systems, vol. 19, no. 4, pp. 281\u2013295, 2010. Available: https:\/\/doi.org\/10.1016\/j.jsis.2010.10.002","DOI":"10.1016\/j.jsis.2010.10.002"},{"key":"3525","doi-asserted-by":"crossref","unstructured":"R. Baskerville and M. Siponen, \u201cAn information security meta-policy for emergent organizations,\u201d Logistics Information Management, vol. 15, no. 5\/6, pp. 337\u2013346, 2002. Available: https:\/\/doi.org\/10.1108\/09576050210447019","DOI":"10.1108\/09576050210447019"},{"key":"3526","doi-asserted-by":"crossref","unstructured":"W. A. Cram, J. G. Proudfoot, and J. D\u2019Arcy, \u201cOrganizational information security policies: a review and research framework,\u201d European Journal of Information Systems, vol. 26, no. 6, pp. 605\u2013641, 2017. Available: https:\/\/doi.org\/10.1057\/s41303-017-0059-9","DOI":"10.1057\/s41303-017-0059-9"},{"key":"3527","unstructured":"M. E. Whitman, \u201cSecurity Policy \u2013 From Design to Maintenance,\u201d in Information Security \u2013 Policy, Processes, and Practices, 2008, pp. 123\u2013151."},{"key":"3528","doi-asserted-by":"crossref","unstructured":"S. V. Flowerday and T. Tuyikeze, \u201cInformation security policy development and implementation: The what, how and who,\u201d Computers & Security, vol. 61, pp. 169\u2013183, 2016. Available: https:\/\/doi.org\/10.1016\/j.cose.2016.06.002","DOI":"10.1016\/j.cose.2016.06.002"},{"key":"3529","doi-asserted-by":"crossref","unstructured":"M. Siponen and A. Vance, \u201cNeutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations,\u201d MIS Quarterly, vol. 34, no. 3, pp. 487\u2013502, 2010. Available: https:\/\/doi.org\/10.2307\/25750688","DOI":"10.2307\/25750688"},{"key":"3530","unstructured":"Ponemon, \u201cCost of insider threats global report,\u201d Ponemon Institute, North Traverse City, 2020. Available: https:\/\/www.ibm.com\/downloads\/documents\/us-en\/107a02e94cc8f836"},{"key":"3531","doi-asserted-by":"crossref","unstructured":"E. Rostami, F. Karlsson, E. Kolkowska, and S. Gao, \u201cTowards software for tailoring information security policies to organisations\u2019 different target groups,\u201d Computers & Security, vol. 159, Article 104687, 2025. Available: https:\/\/doi.org\/10.1016\/j.cose.2025.104687","DOI":"10.1016\/j.cose.2025.104687"},{"key":"3532","doi-asserted-by":"crossref","unstructured":"K. H\u00f6ne and J. H. P. Eloff, \u201cWhat makes an effective information security policy?\u201d Network Security, vol. 6, no. 1, pp. 14\u201316, 2002. Available: https:\/\/doi.org\/10.1016\/S1353-4858(02)06011-7","DOI":"10.1016\/S1353-4858(02)06011-7"},{"key":"3533","doi-asserted-by":"crossref","unstructured":"I. Lopes and P. Oliveira, \u201cApplying Action Research in the Formulation of Information Security Policies,\u201d in New Contributions in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol. 353, pp. 513\u2013522, 2015. Available: https:\/\/doi.org\/10.1007\/978-3-319-16486-1_50","DOI":"10.1007\/978-3-319-16486-1_50"},{"key":"3534","doi-asserted-by":"crossref","unstructured":"F. Karlsson, K. Hedstr\u00f6m, and G. Goldkuhl, \u201cPractice-based discourse analysis of information security policies,\u201d Computers & Security, vol. 67, pp. 267\u2013279, 2017. Available: https:\/\/doi.org\/10.1016\/j.cose.2016.12.012","DOI":"10.1016\/j.cose.2016.12.012"},{"key":"3535","doi-asserted-by":"crossref","unstructured":"E. Rostami and F. Karlsson, \u201cQualitative Content Analysis of Actionable Advice in Information Security Policies \u2013 Introducing the Keyword Loss of Specificity Metric,\u201d Information & Computer Security, vol. 32, no. 4, pp. 492\u2013508, 2024. Available: https:\/\/doi.org\/10.1108\/ICS-10-2023-0187","DOI":"10.1108\/ICS-10-2023-0187"},{"key":"3536","doi-asserted-by":"crossref","unstructured":"B. C. Stahl, N. F. Doherty, and M. Shaw, \u201cInformation security policies in the UK healthcare sector: a critical evaluation,\u201d Information Systems Journal, vol. 22, pp. 77\u201394, 2012. Available: https:\/\/doi.org\/10.1111\/j.1365-2575.2011.00378.x","DOI":"10.1111\/j.1365-2575.2011.00378.x"},{"key":"3537","unstructured":"ISO, \u201cISO\/IEC 27002:2022 Information security, cybersecurity and privacy protection \u2013 Information security controls,\u201d International Organization for Standardization (ISO), 2022."},{"key":"3538","doi-asserted-by":"crossref","unstructured":"C. Sundt, \u201cInformation security and the law,\u201d Information Security Technical Report, vol. 11, no. 1, pp. 2\u20139, 2006. Available: https:\/\/doi.org\/10.1016\/j.istr.2005.11.003","DOI":"10.1016\/j.istr.2005.11.003"},{"key":"3539","doi-asserted-by":"crossref","unstructured":"I. Trummer, \u201cFrom BERT to GPT-3 codex: harnessing the potential of very large language models for data management,\u201d in Proceedings of the VLDB Endowment, vol. 15, no. 12, 2022, pp. 3770\u20133773. Available: https:\/\/doi.org\/10.14778\/3554821.3554896","DOI":"10.14778\/3554821.3554896"},{"key":"3540","doi-asserted-by":"crossref","unstructured":"M. Abdullah, A. Madain, and Y. Jararweh, \u201cChatGPT: Fundamentals, Applications and Social Impacts,\u201d 2022 Ninth International Conference on Social Networks Analysis, Management and Security (SNAMS), 2022, pp. 1\u20138. Available: https:\/\/doi.org\/10.1109\/SNAMS58071.2022.10062688","DOI":"10.1109\/SNAMS58071.2022.10062688"},{"key":"3541","doi-asserted-by":"crossref","unstructured":"F. Karlsson, S. Gao, J. Krogstie, and L. Aro-Sati, \u201cTowards a Speech Act-Based Model to Enable Future Quality Improvements of Information Security Policies Using Large Language Models,\u201d Perspectives in Business Informatics Research. BIR 2025. Lecture Notes in Business Information Processing, vol. 562, 2025, pp. 349\u2013364. Available: https:\/\/doi.org\/10.1007\/978-3-032-04375-7_22","DOI":"10.1007\/978-3-032-04375-7_22"},{"key":"3542","doi-asserted-by":"crossref","unstructured":"J. R. Searle, \u201cA Classification of Illocutionary Acts,\u201d Language in Society, vol. 5, no. 1, pp. 1\u201323, 1976. Available: https:\/\/doi.org\/10.1017\/S0047404500006837","DOI":"10.1017\/S0047404500006837"},{"key":"3543","unstructured":"M. Alshaikh, S. B. Maynard, A. Ahmad, and S. Chang, \u201cInformation Security Policy: A Management Practice Perspective,\u201d Australasian Conference on Information Systems, 2015."},{"key":"3544","doi-asserted-by":"crossref","unstructured":"N. Doherty and H. Fulford, \u201cAligning the information security policy with the strategic information systems plan,\u201d Computer & Security, vol. 25, no. 1, pp. 55\u201363, 2006. Available: https:\/\/doi.org\/10.1016\/j.cose.2005.09.009","DOI":"10.1016\/j.cose.2005.09.009"},{"key":"3545","doi-asserted-by":"crossref","unstructured":"E. Rostami, F. Karlsson, and G. Shang, \u201cPolicy components \u2013 a conceptual model for modularizing and tailoring of information security policies,\u201d Information & Computer Security, vol. 31, no. 3, pp. 331\u2013352, 2023. Available: https:\/\/doi.org\/10.1108\/ICS-10-2022-0160","DOI":"10.1108\/ICS-10-2022-0160"},{"key":"3546","doi-asserted-by":"crossref","unstructured":"E. Rostami, M. Hanif, F. Karlsson, and S. Gao, \u201cDefining Actionable Advice in Information Security Policies - Guiding Employees to Strengthen Digital Sovereignty of Organizations,\u201d Procedia Computer Science, vol. 254, pp. 30\u201338, 2025. Available: https:\/\/doi.org\/10.1016\/j.procs.2025.02.061","DOI":"10.1016\/j.procs.2025.02.061"},{"key":"3547","doi-asserted-by":"crossref","unstructured":"E. Rostami, F. Karlsson, and S. Gao, \u201cRequirements for computerized tools to design information security policies,\u201d Computers & Security, vol. 99, Article 102063, 2020. Available: https:\/\/doi.org\/10.1016\/j.cose.2020.102063","DOI":"10.1016\/j.cose.2020.102063"},{"key":"3548","unstructured":"S. Diver, \u201cInformation Security Policy \u2013 A Development Guide for Large and Small Companies,\u201d SANS Institute, 2021."},{"key":"3549","unstructured":"NIST, \u201cInformation Security Handbook: A Guide for Managers,\u201d National Institute of Standards and Technology, Gaithersburg, USA, 2006."},{"key":"3550","doi-asserted-by":"crossref","unstructured":"T. R. Peltier, Information Security Policies and Procedures \u2013 A Practitioner\u2019s Reference. Second Edition, Boca Raton, 2004. Available: https:\/\/doi.org\/10.1201\/9780203488737","DOI":"10.1201\/9780203488737"},{"key":"3551","unstructured":"C. R. Smith, \u201cThe Definitive Guide to Writing Effective Information Security Policies and Procedures,\u201d Createspace, 2010."},{"key":"3552","doi-asserted-by":"crossref","unstructured":"Y. Yao, J. Duan, K. Xu, Y. Cai, Z. Sun, and Y. Zhang, \u201cA survey on large language model (LLM) security and privacy: The Good, The Bad, and The Ugly,\u201d High-Confidence Computing, vol. 4, no. 2, Article 100211, 2024. Available: https:\/\/doi.org\/10.1016\/j.hcc.2024.100211","DOI":"10.1016\/j.hcc.2024.100211"},{"key":"3553","doi-asserted-by":"crossref","unstructured":"J. Yang et al., \u201cHarnessing the Power of LLMs in Practice: A Survey on ChatGPT and Beyond,\u201d ACM Transactions on Knowledge Discovery from Data, vol. 18, no. 6, pp. 1\u201332, 2024. Available: https:\/\/doi.org\/10.1145\/3649506","DOI":"10.1145\/3649506"},{"key":"3554","doi-asserted-by":"crossref","unstructured":"L. Yun, S. Yun, and H. Xue, \u201cImproving citizen-government interactions with generative artificial intelligence: Novel human-computer interaction strategies for policy understanding through large language models,\u201d PLoS ONE, vol. 19, no. 12, 2024. Available: https:\/\/doi.org\/10.1371\/journal.pone.0311410","DOI":"10.1371\/journal.pone.0311410"},{"key":"3555","doi-asserted-by":"crossref","unstructured":"S. Lawal, X. Zhao, A. Rios, R. Krishnan, and D. Ferraiolo, \u201cTranslating Natural Language Specifications into Access Control Policies by Leveraging Large Language Models,\u201d 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), pp. 361\u2013370, 2024. Available: https:\/\/doi.org\/10.1109\/TPS-ISA62245.2024.00048","DOI":"10.1109\/TPS-ISA62245.2024.00048"},{"key":"3556","doi-asserted-by":"crossref","unstructured":"E. Quevedo et al., \u201cCreation and Analysis of a Natural Language Understanding Dataset for DoD Cybersecurity Policies (CSIAC-DoDIN V1. 0),\u201d 2023 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 91\u201398, 2023. Available: https:\/\/doi.org\/10.1109\/CSCI62032.2023.00021","DOI":"10.1109\/CSCI62032.2023.00021"},{"key":"3557","doi-asserted-by":"crossref","unstructured":"S. Deldari et al., \u201cAuditNet: A Conversational AI-based Security Assistant,\u201d Adjunct Proceedings of the 26th International Conference on Mobile Human-Computer Interaction (MobileHCI \u201924 Adjunct), pp. 1\u20134, 2024. Available: https:\/\/doi.org\/10.1145\/3640471.3680444","DOI":"10.1145\/3640471.3680444"},{"key":"3558","doi-asserted-by":"crossref","unstructured":"D. Najafali, J. M. Camacho, E. Reiche, L. G. Galbraith, S. D. Morrison, and A. H. Dorafshar, \u201cTruth or lies? The pitfalls and limitations of ChatGPT in systematic review creation,\u201d Aesthetic Surgery Journal, vol. 43, no. 8, pp. NP654-NP655, 2023. Available: https:\/\/doi.org\/10.1093\/asj\/sjad108","DOI":"10.1093\/asj\/sjad093"},{"key":"3559","doi-asserted-by":"crossref","unstructured":"G. Goldkuhl and E. Braf, \u201cOrganisational Ability: Constituents and Congruencies,\u201d in Knowledge Management in the SocioTechnical World, pp. 30\u201342, 2002. Available: https:\/\/doi.org\/10.1007\/978-1-4471-0187-1_4","DOI":"10.1007\/978-1-4471-0187-1_4"},{"key":"3560","unstructured":"J. L. Austin, How to do Things with Words. Cambridge: Oxford University Press, 1962."},{"key":"3561","doi-asserted-by":"crossref","unstructured":"J. R. Searle, Speech Acts: An Essay in the Philosophy of Language. Cambridge: Cambridge University Press, 1969. Available: https:\/\/doi.org\/10.1017\/CBO9781139173438","DOI":"10.1017\/CBO9781139173438"},{"key":"3562","doi-asserted-by":"crossref","unstructured":"J. R. Searle and D. Vanderveken, \u201cSpeech acts and illocutionary logic,\u201d in Logic, Thought and Action. Logic, Epistemology, and the Unity of Science, vol. 2, pp. 109\u2013132, 1985. Available: https:\/\/doi.org\/10.1007\/1-4020-3167-X_5","DOI":"10.1007\/1-4020-3167-X_5"},{"key":"3563","doi-asserted-by":"crossref","unstructured":"T. Holtgraves, \u201cThe production and perception of implicit performatives,\u201d Journal of Pragmatics, vol. 37, no. 12, pp. 2024\u20132043, 2005. Available: https:\/\/doi.org\/10.1016\/j.pragma.2005.03.005","DOI":"10.1016\/j.pragma.2005.03.005"},{"key":"3564","doi-asserted-by":"crossref","unstructured":"J. R. Searle, Expression and Meaning: Studies in the Theory of Speech Acts. Cambridge: Cambridge University Press, 1979. Available: https:\/\/doi.org\/10.1017\/CBO9780511609213","DOI":"10.1017\/CBO9780511609213"},{"key":"3565","doi-asserted-by":"crossref","unstructured":"R. Gasparatou, \u201cHow to do things with words: Speech acts in education,\u201d Educational Philosophy and Theory, vol. 50, no. 5, pp. 510\u2013518, 2018. Available: https:\/\/doi.org\/10.1080\/00131857.2017.1382353","DOI":"10.1080\/00131857.2017.1382353"},{"key":"3566","doi-asserted-by":"crossref","unstructured":"J. V. Schmidt, \u201cCan Artificial Agents be Authors?\u201d Philosophy & Technology, vol. 38, no. 1, pp. 1\u201325, 2025. Available: https:\/\/doi.org\/10.1007\/s13347-025-00839-y","DOI":"10.1007\/s13347-025-00839-y"},{"key":"3567","doi-asserted-by":"crossref","unstructured":"O. I. Lindland, G. Sindre, and A. Solvberg, \u201cUnderstanding quality in conceptual modeling,\u201d IEEE Software, vol. 11, no. 2, pp. 42\u201349, 1994. Available: https:\/\/doi.org\/10.1109\/52.268955","DOI":"10.1109\/52.268955"},{"key":"3568","doi-asserted-by":"crossref","unstructured":"J. Krogstie, Quality in Business Process Modeling. Springer, 2016. Available: https:\/\/doi.org\/10.1007\/978-3-319-42512-2","DOI":"10.1007\/978-3-319-42512-2"},{"key":"3569","doi-asserted-by":"crossref","unstructured":"J. Krogstie, Model-Based Development and Evolution of Information Systems: A Quality Approach. Springer, 2012. Available: https:\/\/doi.org\/10.1007\/978-1-4471-2936-3","DOI":"10.1007\/978-1-4471-2936-3"},{"key":"3570","doi-asserted-by":"crossref","unstructured":"B. Thalheim, \u201cThe Science of Conceptual Modelling,\u201d Database and Expert Systems Applications. DEXA 2011. Lecture Notes in Computer Science, vol. 6860, 2011, pp. 12\u201326. Available: https:\/\/doi.org\/10.1007\/978-3-642-23088-2_2","DOI":"10.1007\/978-3-642-23088-2_2"},{"key":"3571","doi-asserted-by":"crossref","unstructured":"G. A. Bowen, \u201cDocument Analysis as a Qualitative Research Method,\u201d Qualitative Research Journal, vol. 9, no. 2, pp. 27\u201340, 2009. Available: https:\/\/doi.org\/10.3316\/QRJ0902027","DOI":"10.3316\/QRJ0902027"},{"key":"3572","doi-asserted-by":"crossref","unstructured":"M. E. Duffy, \u201cMethodological triangulation: a vehicle for merging quantitative and qualitative research methods,\u201d Image: The Journal of Nursing Scholarship, vol. 19, no. 3, pp. 130\u2013133, 1987. Available: https:\/\/doi.org\/10.1111\/j.1547-5069.1987.tb00609.x","DOI":"10.1111\/j.1547-5069.1987.tb00609.x"},{"key":"3573","unstructured":"E. Rostami, \u201cTailoring information security policies - computerized tool and a design theory,\u201d Ph.D. dissertation, Department of Informatics, \u00d6rebro University, \u00d6rebro, 2023."},{"key":"3574","unstructured":"E. G. Guba and Y. S. Lincoln, Fourth Generation Evaluation. SAGE Publications, 1989."},{"key":"3575","doi-asserted-by":"crossref","unstructured":"Y. S. Lincoln and E. G. Guba, Naturalistic Inquiry. Sage Publications, 1985.","DOI":"10.1016\/0147-1767(85)90062-8"},{"key":"3576","doi-asserted-by":"crossref","unstructured":"D. S. Collingridge and E. E. Gantt, \u201cThe Quality of Qualitative Research,\u201d American Journal of Medical Quality, vol. 23, no. 5, pp. 389\u2013395, 2008, Available: https:\/\/doi.org\/10.1177\/1062860608320646","DOI":"10.1177\/1062860608320646"}],"container-title":["Complex Systems Informatics and Modeling Quarterly"],"original-title":[],"link":[{"URL":"https:\/\/csimq-journals.rtu.lv\/csimq\/article\/download\/csimq.2026-46.03\/299","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/csimq-journals.rtu.lv\/csimq\/article\/download\/csimq.2026-46.03\/299","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T12:47:49Z","timestamp":1777639669000},"score":1,"resource":{"primary":{"URL":"https:\/\/csimq-journals.rtu.lv\/csimq\/article\/view\/csimq.2026-46.03"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,30]]},"references-count":63,"journal-issue":{"issue":"46","published-online":{"date-parts":[[2026,4,30]]}},"URL":"https:\/\/doi.org\/10.7250\/csimq.2026-46.03","relation":{},"ISSN":["2255-9922"],"issn-type":[{"value":"2255-9922","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,30]]}}}