Search results

In identifying both the topics of interest and key limitations of the extant organizational security research, both opportunities for future research as well as some underlying challenges for conducting this research may be revealed.

To identify the leading organizational cybersecurity research topics of interest and their key limitations, the author conducted a topic modeling analysis of the organizational level studies published in the Association for Information Systems (AIS) senior scholars' “basket of eight journals” (Association for Information Systems, 2022) over the past five years.

Leading topics include (1) organizational security research concerns governance and strategic level decision-making and their role in shaping organizational security successes and failures, (2) cybercriminals and organizations' ability to monitor and detect them from both within and outside the firm; (3) cost, liability and security negligence, (4) organizations' innovation dispositions for security products and services and (5) organizational breach response efficacy; while key limitations of this study include the following: (1) scholars' ability to propose and assess strategic and operational level threat response recommendations, (2) their understanding how influence is formed and maintained among employees and groups and (3) their measurement instruments and models.

Organizations remained plagued by an ever-emerging set of threats to the security of their digital and informational assets. New threats are regularly discovered and remedies to existing threats are continually proven ineffective against these new threats. Providing an orientation to the current research on organizational security can help advance their security efforts.

The impact of stress on personal and work-related outcomes has been studied in the information systems (IS) literature across several professions. However, the cybersecurity profession has received little attention despite numerous reports suggesting stress is a leading cause of various adverse professional outcomes. Cybersecurity professionals work in a constantly changing adversarial threat landscape, are focused on enforcement rather than compliance, and are required to adhere to ever-changing industry mandates – a work environment that is stressful and has been likened to a war zone. Hence, this literature review aims to reveal gaps and trends in the current extant general workplace and IS-specific stress literature and illuminate potentially fruitful paths for future research focused on stress among cybersecurity professionals.

Using the systematic literature review process (Okoli and Schabram, 2010), the authors examined the current IS research that studies stress in organizations. A disciplinary corpus was generated from IS journals and conferences encompassing 30 years. The authors analyzed 293 articles from 21 journals and six conferences to retain 77 articles and four conference proceedings for literature review.

The findings reveal four key research opportunities. First, the demands experienced by cybersecurity professionals are distinct from the demands experienced by regular information technology (IT) professionals. Second, it is crucial to identify the appraisal process that cybersecurity professionals follow in assessing security demands. Third, there are many stress responses from cybersecurity professionals, not just negative responses. Fourth, future research should focus on stress-related outcomes such as employee productivity, job satisfaction, job turnover, etc., and not only security compliance among cybersecurity professionals.

This study is the first to provide a systematic synthesis of the IS stress literature to reveal gaps, trends and opportunities for future research focused on stress among cybersecurity professionals. The study presents several novel trends and research opportunities. It contends that the demands experienced by cybersecurity professionals are distinct from those experienced by regular IT professionals and scholars should seek to identify the key characteristics of these demands that influence their appraisal process. Also, there are many stress responses, not just negative responses, deserving increased attention and future research should focus on unexplored stress-related outcomes for cybersecurity professionals.

Accurate values for infiltration rate are important to reliably estimate heat losses from buildings. Infiltration rate is rarely measured directly, and instead is usually estimated using algorithms or data from fan pressurisation tests. However, there is growing evidence that the commonly used methods for estimating infiltration rate are inaccurate in UK dwellings. Furthermore, most prior research was conducted during the winter season or relies on single measurements in each dwelling. Infiltration rates also affect the likelihood and severity of summertime overheating. The purpose of this work is to measure infiltration rates in summer, to compare this to different infiltration estimation methods, and to quantify the differences.

Fifteen whole house tracer gas tests were undertaken in the same test house during spring and summer to measure the whole building infiltration rate. Eleven infiltration estimation methods were used to predict infiltration rate, and these were compared to the measured values. Most, but not all, infiltration estimation methods relied on data from fan pressurisation (blower door) tests. A further four tracer gas tests were also done with trickle vents open to allow for comment on indoor air quality, but not compared to infiltration estimation methods.

The eleven estimation methods predicted infiltration rates between 64 and 208% higher than measured. The ASHRAE Enhanced derived infiltration rate (0.41 ach) was closest to the measured value of 0.25 ach, but still significantly different. The infiltration rate predicted by the “divide-by-20” rule of thumb, which is commonly used in the UK, was second furthest from the measured value at 0.73 ach. Indoor air quality is likely to be unsatisfactory in summer when windows are closed, even if trickle vents are open.

The findings have implications for those using dynamic thermal modelling to predict summertime overheating who, in the absence of a directly measured value for infiltration rate (i.e. by tracer gas), currently commonly use infiltration estimation methods such as the “divide-by-20” rule. Therefore, infiltration may be overestimated resulting in overheating risk and indoor air quality being incorrectly predicted.

Direct measurement of air infiltration rate is rare, especially multiple tests in a single home. Past measurements have invariably focused on the winter heating season. This work is original in that the tracer gas technique used to measure infiltration rate many times in a single dwelling during the summer. This work is also original in that it quantifies both the infiltration rate and its variability, and compares these to values produced by eleven infiltration estimation methods.

A growing number of studies have investigated the effect of ethical leadership on behavioral outcome of employees. However, considering the important role of ethics in IS security, the security literature lacks a theoretical and empirical investigation of the relationship between ethical leadership and employees' security behavior, such as information security policy (ISP) violation. Drawing on social learning and social exchange theories, this paper empirically tests the impact of ethical leadership on employees' ISP violation intention through both information security climate (i.e. from a moral manager's perspective) and affective commitment (i.e. from a moral person's perspective).

The research was developed based on social learning theory and social exchange theory. To measure the variables in the model, the authors used and adapted measurement items from previous studies. The authors conducted a scenario-based survey with 339 valid responses to test and validate the research model.

Results indicated that information security climate fully mediates the relationship between ethical leadership and ISP violation intention. The authors also found that information security climate enhances the negative effect of affective commitment on ISP violation intention.

This research contributes to the literature of information security by introducing the role of ethical leadership and integrating two theories into our research model. This study also calls attention to how information security climate and affective commitment mediate the relationship between ethical leadership and employees' ISP violation intention. The theory-driven study provides important pragmatic guidance for enhancing the understanding of the importance of ethical leadership in information systems security research.

Approaches to solving sustainability problems require a specific problem-solving mode, encompassing the complexity, fuzziness and interdisciplinary nature of the problem. This paper aims to promote a complex systems’ view of addressing sustainability problems, in particular through the tool of network science, and provides an outline of an interdisciplinary training workshop.

The topic of the workshop is the analysis of the Sustainable Development Goals (SDGs) as a political action plan. The authors are interested in the synergies and trade-offs between the goals, which are investigated through the structure of the underlying network. The authors use a teaching approach aligned with sustainable education and transformative learning.

Methodologies from network science are experienced as valuable tools to familiarise students with complexity and to handle the proposed case study.

To the best of the authors’ knowledge, this is the first work which uses network terminology and approaches to teach sustainability problems. This work highlights the potential of network science in sustainability education and contributes to accessible material.

Climate change poses diverse, often fundamental, challenges to livelihoods of island peoples. The purpose of this study is to demonstrate that these challenges must be better understood before effective and sustainable adaptation is possible.

Understanding past livelihood impacts from climate change can help design and operationalize future interventions. In addition, globalization has had uneven effects on island countries/jurisdictions, producing situations especially in archipelagoes where there are significant differences between core and peripheral communities. This approach overcomes the problems that have characterized many recent interventions for climate-change adaptation in island contexts which have resulted in uneven and at best only marginal livelihood improvements in preparedness for future climate change.

Island contexts have a range of unique vulnerability and resilience characteristics that help explain recent and proposed responses to climate change. These include the sensitivity of coastal fringes to climate-environmental changes: and in island societies, the comparatively high degrees of social coherence, closeness to nature and spirituality that are uncommon in western contexts.

Enhanced understanding of island environmental and social contexts, as well as insights from past climate impacts and peripherality, all contribute to more effective and sustainable future interventions for adaptation.

The need for more effective and sustainable adaptation in island contexts is becoming ever more exigent as the pace of twenty-first-century climate change increases.

This paper aims to investigate the effect of voluntary non-financial reporting on the evaluation of audit risk from the auditors’ viewpoint in a post-crisis period. Furthermore, this paper analyses whether auditors perceive that voluntary non-financial reporting impacts audit risk differently for old clients as compared with new clients.

This study is conducted on a sample of Italian audit firms through a paper-based questionnaire. Both Big4 and non-Big4 audit firms have been included in the sample.

Results show that integrated reporting is perceived to be the most relevant reporting method and intellectual capital statement the least relevant. Surprisingly, empirical findings over the sample period show that auditors do not perceive statistically significant differences between old and new clients.

Auditors can identify opportunities to adapt their assessment model to include voluntary non-financial report information. Moreover, they can use different assessment models regarding the research variables in the case of new and old clients.

Empirical findings highlight the growing role of voluntary non-financial reporting in the auditors’ perception of their client’s audit risk. All the observed voluntary non-financial reporting forms, except for intellectual capital, are considered as relevant by auditors in the evaluation of their client’s audit risk when compared to an indifference point. In addition, findings reveal that female auditors perceive a reduced gap in the relevance between integrated reports and intellectual capital reports compared to their counterparts.