Search results

Information security policies (ISPs) are used by organizations to communicate rules on the use of information systems (IS). Research studies show that compliance with the ISPs is not a straightforward issue and that several factors influence individual behavior toward ISP compliance, such as security awareness or individual perception of security threats. The purpose of this paper is to investigate the competencies associated with users’ ISP compliance behavior.

In order to reveal the competencies that are associated with the users’ ISP compliance behavior, the authors systematically analyze the ISP compliance literature and the authors develop an ISP compliance competency model. The authors then target to explore if IS users are equipped with these competencies; to do so, the authors analyze professional competence models from various industry sectors and compare the competencies that they include with the developed ISP compliance competencies.

The authors identify the competencies associated with ISP compliance and the authors provide evidence on the lack of attention in information security responsibilities demonstrated in professional competence frameworks.

ISP compliance research has focused on identifying the antecedents of ISP compliance behavior. The authors offer an ISP compliance competency model and guide researchers in investigating the issue further by focusing on the professional competencies that are necessary for IS users.

The findings offer new contributions to practitioners by highlighting the lack of attention on the information security responsibilities demonstrated in professional competence frameworks. The paper also provides implications for the design of information security awareness programs and information security management systems in organizations.

To the best of the authors’ knowledge, the paper is the first study that addresses ISP compliance behavior from a professional competence perspective.

The present study intends to foster understanding of how a traditional manufacturer can utilize the “simple rules” approach of managerial heuristics to facilitate its smart solution development (SSD) process.

The study uses an in-depth single case research strategy and 25 senior manager interviews to understand the application of simple rules in smart solution development.

The findings reveal process, boundary, preference, schedule, and stop rules as the dominant managerial heuristics in the case and identify how the manufacturer applies these rules during the innovation process phases of ideation, incubation, transformation, and industrialization for attaining project outcomes.

The study contributes to the new service development (NSD) literature by shedding light on simple rules and how managers may apply them to facilitate SSD. The main limitations stem from applying the qualitative case study approach and the interpretative nature of the study, which produces novel insights but prevents direct generalization to other empirical cases.

The resulting framework provides guidelines for managers on how to establish formal and clear simple rules that enable industrial solution providers to approach decision-making in smart solution development in a more agile manner.

The study comprises one of the first attempts to investigate managerial heuristics in the context of SSD and puts forward a plea for further NSD research applying psychological conceptualizations to enrich the simple rules perspective.