Information and Computer Security: Volume 27 Issue 3

From theory to practice: guidelines for enhancing information security management

Ioanna Topa, Maria Karyda

This study aims to identify the implications of security behaviour determinants for security management to propose respective guidelines which can be integrated with…

Published incidents and their proportions of human error

Mark Glenn Evans, Ying He, Iryna Yevseyeva, Helge Janicke

This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of…

Revisiting information security risk management challenges: a practice perspective

Erik Bergström, Martin Lundgren, Åsa Ericson

The study aims to revisit six previously defined challenges in information security risk management to provide insights into new challenges based on current practices.

Contrasting cybersecurity implementation frameworks (CIF) from three countries

Adenekan Dedeke, Katherine Masterson

This paper aims to explore the evolution of a trend in which countries are developing or adopting cybersecurity implementation frameworks that are intended to be used…

Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)

Maria Bada, Jason R.C. Nurse

The purpose of this study is to focus on organisation’s cybersecurity strategy and propose a high-level programme for cybersecurity education and awareness to be used when…

A conceptual model and empirical assessment of HR security risk management

Peace Kumah, Winfred Yaokumah, Eric Saviour Aryee Okai

This study aims to develop a conceptual model and assess the extent to which pre-, during- and post-employment HR security controls are applied in organizations to manage…

Security gaps assessment of smart grid based SCADA systems

Abdul Wahid Mir, Ramkumar Ketti Ramachandran

Supervisory control and data acquisition (SCADA) systems security is of paramount importance, and there should be a holistic approach to it, as any gap in the security…

Understanding passwords – a taxonomy of password creation strategies

Joakim Kävrestad, Fredrik Eriksson, Marcus Nohlberg

Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords…

Information protection behaviors: morality and organizational criticality

Nancy K. Lankton, Charles Stivason, Anil Gurung

Organizational insiders play a critical role in protecting sensitive information. Prior research finds that moral beliefs influence compliance decisions. Yet, it is less…