Search results
1 – 10 of 531Eylem Thron, Shamal Faily, Huseyin Dogan and Martin Freer
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at…
Abstract
Purpose
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.
Design/methodology/approach
Overall, 26 interviews were conducted with 21 participants from industry and academia.
Findings
The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.
Originality/value
The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.
Details
Keywords
Morné Owen, Stephen V. Flowerday and Karl van der Schyff
Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this…
Abstract
Purpose
Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this paper is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, to ensure secure behaviour. Research that focused on issues such as personality traits, trust, attitude and Security, Education, Training and Awareness (SETA) was considered.
Design/methodology/approach
This study built on a recontextualized version of the theory of planned behaviour to evaluate the influence that optimism bias has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses from a South African financial services organisation using partial least squares (PLS) path modelling.
Findings
This study found that overly optimistic employees were inclined to behave insecurely, while factors such as attitude and trust significantly influenced the intention to behave securely.
Practical implications
Our contribution to practice seeks to enhance the effectiveness of SETA by identifying and addressing the optimism bias weakness to deliver a more successful training outcome.
Originality/value
Our study enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and offers a contextual explanation of the resultant behaviour.
Details
Keywords
Hedaia-t-Allah Nabil Abd Al Ghaffar
The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.
Abstract
Purpose
The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.
Design/methodology/approach
The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.
Findings
The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.
Practical implications
Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.
Originality/value
The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.
Details
Keywords
Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and…
Abstract
Purpose
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.
Design/methodology/approach
This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.
Findings
This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.
Originality/value
The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.
Details
Keywords
Elham Rostami and Fredrik Karlsson
This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for…
Abstract
Purpose
This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.
Design/methodology/approach
A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.
Findings
The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.
Research limitations/implications
The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.
Practical implications
The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.
Originality/value
The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.
Details
Keywords
Marcus Gerdin, Ella Kolkowska and Åke Grönlund
Research on employee non-/compliance to information security policies suffers from inconsistent results and there is an ongoing discussion about the dominating survey research…
Abstract
Purpose
Research on employee non-/compliance to information security policies suffers from inconsistent results and there is an ongoing discussion about the dominating survey research methodology and its potential effect on these results. This study aims to add to this discussion by investigating discrepancies between what the authors claim to measure (theoretical properties of variables) and what they actually measure (respondents’ interpretations of the operationalized variables). This study asks: How well do respondents’ interpretations of variables correspond to their theoretical definitions? What are the characteristics of any discrepancies between variable definitions and respondent interpretations?
Design/methodology/approach
This study is based on in-depth interviews with 17 respondents from the Swedish public sector to understand how they interpret questionnaire measurement items operationalizing the variables Perceived Severity from Protection Motivation Theory and Attitude from Theory of Planned Behavior.
Findings
The authors found that respondents’ interpretations in many cases differ substantially from the theoretical definitions. Overall, the authors found four principal ways in which respondents interpreted measurement items – referred to as property contextualization, extension, alteration and oscillation – each implying more or less (dis)alignment with the intended theoretical properties of the two variables examined.
Originality/value
The qualitative method used proved vital to better understand respondents’ interpretations which, in turn, is key for improving self-reporting measurement instruments. To the best of the authors’ knowledge, this study is a first step toward understanding how precise and uniform definitions of variables’ theoretical properties can be operationalized into effective measurement items.
Details
Keywords
Asif Hasan, Amer Ali Alenazy, Sufyan Habib and Shahid Husain
This study investigates the factors influencing citizen attitudes toward e-government services and their effects on the adoption of e-government services in Saudi Arabia. It sheds…
Abstract
Purpose
This study investigates the factors influencing citizen attitudes toward e-government services and their effects on the adoption of e-government services in Saudi Arabia. It sheds light on the moderating role of citizen motivation in the relationship between factors influencing citizen attitudes in favor of e-government services and their adoption and usage behavior in the Saudi Arabian context. The study analyzes both the drivers propelling the uptake and the barriers impeding it.
Design/methodology/approach
A descriptive research design was employed in this study, which surveyed 487 respondents from Jeddah and Madina cities and the surrounding region. The research identifies key drivers, including cultural factors, digital literacy, government policy and interventions, privacy and security, technical infrastructure, support services and citizen trust, alongside barriers such as concerns about data security and digital literacy.
Findings
The findings reveal the complex interplay of these factors in shaping citizen attitudes toward e-government services and their effects on adoption in Saudi Arabia. The study indicates that citizen motivation toward e-government services moderates the relationship between, adoption and usage behavior.
Originality/value
This study contributes valuable insights for policymakers and practitioners by offering a nuanced perspective on e-government service adoption in the Saudi Arabian context. It enhances our understanding of the factors influencing citizen attitudes and their impact on e-government adoption, highlighting the importance of citizen motivation as a moderating factor in this relationship.
Details
Keywords
Italo Cesidio Fantozzi, Sebastiano Di Luozzo and Massimiliano Maria Schiraldi
The purpose of the study is to identify the soft skills and abilities that are crucial to success in the fields of operations management (OM) and supply chain management (SCM)…
Abstract
Purpose
The purpose of the study is to identify the soft skills and abilities that are crucial to success in the fields of operations management (OM) and supply chain management (SCM), using the O*NET database and the classification of a set of professional figures integrating values for task skills and abilities needed to operate successfully in these professions.
Design/methodology/approach
The study used the O*NET database to identify the soft skills and abilities required for success in OM and SCM industries. Correlation analysis was conducted to determine the tasks required for the job roles and their characteristics in terms of abilities and soft skills. ANOVA analysis was used to validate the findings. The study aims to help companies define specific assessments and tests for OM and SCM roles to measure individual attitudes and correlate them with the job position.
Findings
As a result of the work, a set of soft skills and abilities was defined that allow, through correlation analysis, to explain a large number of activities required to work in the operations and SCM (OSCM) environment.
Research limitations/implications
The work is inherently affected by the database used for the professional figures mapped and the scores that are attributed within O*NET to the analyzed elements.
Practical implications
The information resulting from this study can help companies develop specific assessments and tests for the roles of OM and SCM to measure individual attitudes and correlate them with the requirements of the job position. The study aims to address the need to identify soft skills in the human sphere and determine which of them have the most significant impact on the OM and SCM professions.
Originality/value
The originality of this study lies in its approach to identify the set of soft skills and abilities that determine success in the OM and SCM industries. The study used the O*NET database to correlate the tasks required for specific job roles with their corresponding soft skills and abilities. Furthermore, the study used ANOVA analysis to validate the findings in other sectors mapped by the same database. The identified soft skills and abilities can help companies develop specific assessments and tests for OM and SCM roles to measure individual attitudes and correlate them with the requirements of the job position. In addressing the necessity for enhanced clarity in the domain of human factor, this study contributes to identifying key success factors. Subsequent research can further investigate their practical application within companies to formulate targeted growth strategies and make appropriate resource selections for vacant positions.
Details
Keywords
Edward Ayebeng Botchway, Kofi Agyekum, Hayford Pittri and Anthony Lamina
This study explores the importance of and vulnerabilities in deploying physical access control (PAC) devices in a typical university setting.
Abstract
Purpose
This study explores the importance of and vulnerabilities in deploying physical access control (PAC) devices in a typical university setting.
Design/methodology/approach
The study adopts face-to-face and telephone interviews. This study uses a semi-structured interview guide to solicit the views of 25 interviewees on the subject under consideration. Qualitative responses to the interview are thematically analyzed using NVivo 11 Pro analysis application software.
Findings
The findings reveal five importance and seven vulnerabilities in the deployment of PAC devices in the institution. Key among the importance of deploying the devices are “prevent unwanted premise access or intrusions,” “prevent disruptions to university/staff operations on campus” and “protect students and staff from outside intruders.” Key among the identified vulnerabilities are “tailgating”, “delay in emergent cases” and “power outage may affect its usage.”
Originality/value
This study offers insight into a rare area of study, especially in the Sub-Saharan Africa region. Furthermore, the study contributes to the state-of-the-art importance and vulnerabilities in deploying PAC devices in daily human activities. The study is valuable in that it has the potential to establish a foundation for future studies that may delve into investigating issues associated with the deployment of PAC devices.
Details
Keywords
This study aimed to identify and analyse the key factors influencing the adoption of e-government services and to discern their implications for various stakeholders, from…
Abstract
Purpose
This study aimed to identify and analyse the key factors influencing the adoption of e-government services and to discern their implications for various stakeholders, from policymakers to platform developers.
Design/methodology/approach
Through a comprehensive review of existing literature and detailed analysis of multiple studies, this research organised the influential factors based on their effect: highest, direct and indirect. The study also integrated findings to present a consolidated view of e-government adoption drivers.
Findings
The research found that users' behaviour, attitude, optimism bias and subjective norms significantly shape their approach to e-government platforms. Trust in e-Government (TEG) emerged as a critical determinant, with security perceptions being of paramount importance. Additionally, non-technical factors, such as cultural, religious and social influences, play a substantial role in e-government adoption decisions. The study also highlighted the importance of performance expectancy, effect expectancy and other determinants influencing e-government adoption.
Originality/value
While numerous studies have explored e-government adoption, this research offers a novel classification based on the relative effects of each determinant. Integrating findings from diverse studies and emphasising non-technical factors introduce an interdisciplinary approach, bridging the gap between information technology and fields like sociology, anthropology and behavioural sciences. This integrative lens provides a fresh perspective on the topic, encouraging more holistic strategies for enhancing e-government adoption globally.
Details