Search results
1 – 10 of over 3000Hao Chen, Mengya Liu and Tu Lyu
This study aims to explore the emotion-based mediator of information security fatigue in the relationship between employees’ information security–related stress (SRS) and…
Abstract
Purpose
This study aims to explore the emotion-based mediator of information security fatigue in the relationship between employees’ information security–related stress (SRS) and information security policy (ISP) compliance intention and the effects of psychological capital (PsyCap) on relieving SRS and promoting compliance.
Design/methodology/approach
The authors tested a series of hypotheses by applying partial least squares–based structural equation modeling to survey data from 488 employees in Chinese enterprises.
Findings
The results suggest that the relationship between SRS and ISP compliance intention is fully mediated by information security fatigue. Employees’ SRS promotes their information security fatigue, which reduces their intention to follow ISPs. In addition, employees with high PsyCap may experience low levels of SRS and information security fatigue, which promotes their willingness to comply with ISPs.
Originality/value
This study extends knowledge by introducing information security fatigue and PsyCap to the field of information security management, and it calls attention to the effects on information security behaviors of employee emotions and positive psychological resources in an organization. The authors reveal the emotion-based mediating effect of information security fatigue and the positive influence of PsyCap in information security management.
Details
Keywords
Hao Chen, Ying Li, Lirong Chen and Jin Yin
While the bring-your-own-device (BYOD) trend provides benefits for employees, it also poses security risks to organizations. This study explores whether and how employees decide…
Abstract
Purpose
While the bring-your-own-device (BYOD) trend provides benefits for employees, it also poses security risks to organizations. This study explores whether and how employees decide to adopt BYOD practices when they encounter information security–related conflict.
Design/methodology/approach
Using survey data from 235 employees of Chinese enterprises and applying partial least squares based structural equation modeling (PLS-SEM), we test a series of hypotheses.
Findings
The results suggest that information security–related conflict elicits information security fatigue among employees. As their information security fatigue increases, employees become less likely to adopt BYOD practices. In addition, information security–related conflict has an indirect effect on employee's BYOD adoption through the full mediation of information security fatigue.
Practical implications
This study provides practical implications to adopt BYOD in the workplace through conflict management measures and emotion management strategies. Conflict management measures focused on the reducing of four facets of information security–related conflict, such as improve organization's privacy policies and help employees to build security habits. Emotion management strategies highlighted the solutions to reduce fatigue through easing conflict, such as involving employees in the development or update of information security policies to voice their demands of privacy and other rights.
Originality/value
Our study extends knowledge by focusing on the barriers to employees' BYOD adoption when considering information security in the workplace. Specifically, this study takes a conflict perspective and builds a multi-faceted construct of information security–related conflict. Our study also extends information security behavior research by revealing an emotion-based mediation effect, that of information security fatigue, to explore the mechanism underlying the influence of information security–related conflict on employee behavior.
Details
Keywords
Anusha Bhana and Jacques Ophoff
Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and…
Abstract
Purpose
Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees to manage security-related risks. The purpose of this research is to explore the homeostatic mechanism proposed by risk homeostasis theory (RHT), as well as security fatigue, in an organisational context.
Design/methodology/approach
A case study approach was used to investigate the topic, focusing on data specialists who regularly work with sensitive information assets. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company.
Findings
A thematic analysis of the data revealed risk perceptions, behavioural adjustments and indicators of security fatigue. The findings provide examples of how these concepts manifest in practice and confirm the relevance of RHT in the security domain.
Originality/value
This research illuminates homeostatic mechanisms in an organisational security context. It also illustrates links with security fatigue and how this could further impact risk. Examples and indicators of security fatigue can assist organisations with risk management, creating “employee-friendly” policies and procedures, choosing appropriate technical security solutions and tailoring security education, training and awareness activities.
Details
Keywords
Wayne D. Kearney and Hennie A. Kruger
The purpose of this paper is to discuss and theorise on the appropriateness and potential impact of risk homeostasis in the context of information security.
Abstract
Purpose
The purpose of this paper is to discuss and theorise on the appropriateness and potential impact of risk homeostasis in the context of information security.
Design/methodology/approach
The discussion is mainly based on a literature survey backed up by illustrative empirical examples.
Findings
Risk homeostasis in the context of information security is an under-explored topic. The principles, assumptions and methodology of a risk homeostasis framework offer new insights and knowledge to explain and predict contradictory human behaviour in information security.
Practical implications
The paper shows that explanations for contradictory human behaviour (e.g. the privacy paradox) would gain from considering risk homeostasis as an information security risk management model. The ideas discussed open up the prospect to theorise on risk homeostasis as a framework in information security and should form a basis for further research and practical implementations. On a more practical level, it offers decision makers useful information and new insights that could be advantageous in a strategic security planning process.
Originality/value
This is the first systematic comprehensive review of risk homeostasis in the context of information security behaviour and readers of the paper will find new theories, guidelines and insights on risk homeostasis.
Details
Keywords
The purpose of this study is to perform an exploratory investigation into the feasibility of behavioural threshold analysis as a possible aid in security awareness campaigns.
Abstract
Purpose
The purpose of this study is to perform an exploratory investigation into the feasibility of behavioural threshold analysis as a possible aid in security awareness campaigns.
Design/methodology/approach
Generic behavioural threshold analysis is presented and then applied in the domain of information security by collecting data on the behavioural thresholds of individuals in a group setting and how the individuals influence each other when it comes to security behaviour.
Findings
Initial experimental results show that behavioural threshold analysis is feasible in the context of information security and may provide useful guidelines on how to construct information security awareness programmes.
Practical implications
Threshold analysis may contribute in a number of ways to information security, e.g. identification of security issues that are susceptible to peer pressure and easily influenced by peer behaviour; serve as a countermeasure against security fatigue; contribute to the economics of information security awareness programmes; track progress of security awareness campaigns; and provide a new measure for determining the importance of security awareness issues.
Originality/value
This paper describes the very first experiment to test the behavioural threshold analysis concepts in the context of information security.
Details
Keywords
Jie Tang, Umair Akram and Wenjing Shi
Mobile Applications (App) privacy has become a prominent social problem. Compared with privacy concerns, this study examines a relatively novel concept of privacy fatigue and…
Abstract
Purpose
Mobile Applications (App) privacy has become a prominent social problem. Compared with privacy concerns, this study examines a relatively novel concept of privacy fatigue and explores its effect on the users’ intention to disclose their personal information via mobile Apps. In addition, the personality traits are proposed as antecedents that will induce the personal perception of privacy fatigue and privacy concerns differently.
Design/methodology/approach
Data were collected from 426 respondents. Structure equation modeling was used to test the hypotheses.
Findings
The findings describe that App users’ intention toward personal information disclosure is determined by privacy fatigue and privacy concerns, but the former has a greater impact. With minor exceptions, the two factors are also influenced by different personality traits. Specifically, neuroticism has positive effects on privacy fatigue, but agreeableness and extraversion have presented the opposite results on the two variables.
Practical implications
This research is very scarce to examine the joint effects of privacy fatigue, privacy concerns and personality traits on App users’ disclosing intention. In doing so, these results will be of benefit to App providers and platform managers and can be the basis for a variety of follow-up studies.
Originality/value
While previous research just focuses on privacy concerns, this study explores the critical roles of privacy fatigue and opens up a new avenue of emotion-attitude analysis that can further increase the specificity and richness of users’ privacy research. Additionally, implications for personality traits as antecedents in the impact of App users’ privacy emotions and attitudes are discussed.
Details
Keywords
Ofir Turel, Christian Matt, Manuel Trenz, Christy M.K. Cheung, John D’Arcy*, Hamed Qahri-Saremi* and Monideepa Tarafdar*
Digital technologies have diffused into many personal life domains. This has created many new phenomena that require systematic theorizing, testing and understanding. Such…
Abstract
Purpose
Digital technologies have diffused into many personal life domains. This has created many new phenomena that require systematic theorizing, testing and understanding. Such phenomena have been studied under the Digitization of the Individual (DOTI) umbrella and have been discussed in the DOTI pre-International Conference on Information Systems workshop for the last three years (from 2015 to 2017). While prior years have focused on a variety of issues, this year (2018) we decided to put special emphasis on negative effects of the DOTI, i.e., “the dark side” of the DOTI.
Design/methodology/approach
This manuscript reports on a panel of three experts (in alphabetical order: John D’Arcy, Hamed Qahri-Saremi and Monideepa Tarafdar) who presented their past research in this domain, as well as their outlook for future research and methodologies in research on the DOTI.
Findings
The authors introduce the topic, chronicle the responses of the panelists to the questions the authors posed, and summarize and discuss their response, such that readers can develop a good idea regarding next steps in research on the dark side of the DOTI.
Originality/value
The authors introduce the topic of the dark sides of DOTI and point readers to promising research directions and methodologies for further exploring this relatively uncharted field of research.
Details
Keywords
T. Derek Halling and Douglas C. Hahn
The purpose of this paper is to transform a user‐authentication process for a document delivery and borrowing service into a simplified and unified logon access method consistent…
Abstract
Purpose
The purpose of this paper is to transform a user‐authentication process for a document delivery and borrowing service into a simplified and unified logon access method consistent with other library services by leveraging a University Lightweight Directory Access Protocol (LDAP).
Design/methodology/approach
Data fields were analyzed from the Texas A&M University Libraries' interlibrary loan and document delivery application (ILLiad) to determine the unique information that was critical to maintain account security and historical usage. As an added feature, plans were made and implemented to provide account authentication with another system entity through the use of Shibboleth software.
Findings
The campus LDAP proved a popular added feature. Since the implementation of the new authentication and authorization methods, usage of the service has increased even though the number of actual live accounts has decreased. Account security and user affiliation statistics were greatly improved.
Practical implications
More efficient authentication and authorization processes increased the effectiveness of the document delivery service. Use of the LDAP protocol and Shibboleth software enhanced the authentication process for both the library and the user. Eliminating the need for a separate set of credentials for use of the document delivery service reduced the potential for password fatigue.
Originality/value
The creation and implementation of different technologies to further refine migration and systematic processes. A guide to the steps taken to facilitate moving from one authentication method to a more advanced system leveraging Shibboleth and .ASP for quality assurance.
Details
Keywords
Mohsen Mahdinia, Mohsen Sadeghi Yarandi, Hossein Fallah and Ahmad Soltanzadeh
Several variables can affect work stress. This study aims to model the cause-and-effect relationships among different variables that can predict work stress based on one of the…
Abstract
Purpose
Several variables can affect work stress. This study aims to model the cause-and-effect relationships among different variables that can predict work stress based on one of the most important fuzzy multicriteria decision-making methods used to investigate the cause-and-effect relationships among variables.
Design/methodology/approach
This study was conducted in 2020, including 17 experts in safety management, occupational health and work psychology, based on the fuzzy decision-making trial and evaluation laboratory method as a robust approach to identify the cause-and-effect relationships among different variables.
Findings
Shift work, lack of job satisfaction, mental health, mental overload, fatigue, job security, sleep disorders, environmental discomfort, work pressure, job knowledge (this could mean expertise/level of qualifications/familiarity with the job), work complexity and role conflict were found to be the most significant variables affecting work stress. Moreover, the cause-and-effect model of relationships among variables showed that shift work and lack of job satisfaction are root causes, and mental health, fatigue, mental workload, sleep disorder and environmental discomfort are direct causes.
Originality/value
Although the results of this study demonstrate that work stress can be influenced by 12 different variables, the modeling results show that some variables, such as shift work and lack of job satisfaction, can directly or indirectly impact other variables and thus result in work stress.
Details
Keywords
Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony
This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA…
Abstract
Purpose
This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.
Design/methodology/approach
This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.
Findings
In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.
Originality/value
This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.
Details