In a world of rapid technological advances, information privacy and security plays a crucial role, as we see every day in the news the data breaches that expose critical information of individuals and organizations. What to protect in information security and privacy with risk mitigation measures is difficult to define, as objectives based on values differ across organizations and individuals. In this study we argue that information privacy and security objectives should be gathered based on a value-based approach in order to achieve due care among stakeholders and to be able to justify risk mitigation measures.

Adler, F. (1956). The value concept in sociology. American Journal of Sociology. Vol 62. 272-79

Bachika, R. and Schulz, M. S. (2011). Values and culture in the social shaping of the future. Current Sociology. Vol 59(2) 107-118

Catton, W. R. (1954). Propaganda effectiveness as a function of human values (Doctoral dissertation, University of Washington).

Dhillon, G. and Torkzadeh G. (2006). Value-focused assessment of information system security in organizations. Information Systems Journal 16(3), 293–314.

Dhillon, G. and R. Chowdhuri (2013). Individual values for protecting identity in social networks. Thirty Fourth International Conference on Information Systems.

Dhillon, G., Oliveira, T., and Syed, R. (2018). Value-based information privacy objectives for Internet Commerce. Computers in Human Behavior, 87, 292-307.

Dhillon, G. and Smith, K. J. (2018). Defining Objectives for Preventing Cyberstalking. Journal of Business Ethics.

Gregory, R. and Keeney, R. L. (1994). Creating policy alternatives using stakeholder values. Management Science 40(8), 1035–1048.

Hunter, M. G. (1997). The use of RepGrids to gather data about information systems analysts. Information Systems Journal, 7, 67-81.

Kahneman, D. and Lovallo, D. (1993). Timid choices and bold forecasts: A cognitive perspective on risk taking. Management Science, 39(1), 17-31.

Kahneman, D. and Tversky, A. (1982). The psychology of preferences. Scientific American, 246(1), 160-173.

Keeney, R. L. (1988), Structuring objectives for problems of public interest. Operations Research 36(3), 396–405.

Keeney, R. L. (1992). Value-focused thinking: a path to creative decision-making. Cambridge, Mass.: Harvard University Press.

Keeney, R. L. (1994). Creativity Decision Making with Value-Focused Thinking. Sloan ManagementReview/Summer pp. 33–41.

Keeney, R. L. (1996). Value-focused thinking: Identifying decision opportunities and creating alternatives. European Journal of operational Research, 92(3), 537-549.

Keeney, R. L. (2004). Making better decision makers. Decision Analysis 1(4), 193-204.

Parsons, T. 1951. The Social System. NY: Free Press. 575 pp.

Mishra, S. and Dhillon G. (2008). Defining Internal Control Objectives for Information Systems Security: A Value Focused Assessment. European Conference on Information Systems. pp. 1334–1345.

Phythian, G. J. and King, M. (1992). Developing an Expert System for tender enquiry evaluation: a case study. European Journal of Operational Research, 56(1), 15-29.

Nunes, S., Dhillon, G., and Caldeira, M. (2015). Value Focused Approach to Information Systems Risk Management. Conferência da Associação Portuguesa de Sistemas de Informação (Vol. 15, No. 15, pp. 103-115).

Sheng, H., K and Nah, F. F.-H. (2010). ‘Understanding the values of mobile technology in education: a value-focused thinking approach’. ACM SIGMIS Database 41(2), 25–44.

Spates, J. L. (1983). The sociology of values. Annual review of sociology, 9(1), 27-49.