Abstract

In this paper we present a Value Sensitive Approach (VSA) to information systems security (ISS) within organizations. The approach helps to identify organizational and individual values, since we believe that objectives suitable for each organization can be identified by eliciting these values. We then discuss how organizational goals, strategies and culture together with individual values decide what relevant security issues for this particular organization are. We then discuss how organizational goals, strategies and culture, together with individual values decide the relevant security issues for a particular organization. Different methods to observe and identify values are discussed and evaluated. Then two different methods for identifying values are presented. Values – focused thinking is presented as a method for identifying values that guide decision makers and security managers. Scenarios are presented as a method to elicit values from actor groups who are less used to thinking in terms of information security issues. The Value Sensitive Approach to ISS presented in this paper will contribute to the ongoing research efforts to view security problems from a more holistic, socio-organizational perspective.

Share

COinS