Search results

1 – 3 of 3
Open Access
Article
Publication date: 1 August 2023

Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony

Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and…

1471

Abstract

Purpose

Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.

Design/methodology/approach

This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.

Findings

This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.

Originality/value

The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.

Details

Information & Computer Security, vol. 32 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Open Access
Article
Publication date: 30 March 2023

Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony

This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA…

3006

Abstract

Purpose

This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.

Design/methodology/approach

This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.

Findings

In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.

Originality/value

This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.

Details

Information Technology & People, vol. 36 no. 8
Type: Research Article
ISSN: 0959-3845

Keywords

Article
Publication date: 9 January 2023

Stephen McCarthy, Wendy Rowan, Carolanne Mahony and Antoine Vergne

Social media platforms are a pervasive technology that continues to define the modern world. While social media has brought many benefits to society in terms of connection and…

1021

Abstract

Purpose

Social media platforms are a pervasive technology that continues to define the modern world. While social media has brought many benefits to society in terms of connection and content sharing, numerous concerns remain for the governance of social media platforms going forward, including (but not limited to) the spread of misinformation, hate speech and online surveillance. However, the voice of citizens and other non-experts is often missing from such conversations in information systems literature, which has led to an alleged gap between research and the everyday life of citizens.

Design/methodology/approach

The authors address this gap by presenting findings from 16 h of online dialog with 25 citizens on social media platform governance. The online dialog was undertaken as part of a worldwide consultation project called “We, the internet”, which sought to provide citizens with a voice on a range of topics such as “Digitalization and Me,” “My Data, Your Data, Our Data” and “A Strong Digital Public Sphere.” Five phases of thematic analysis were undertaken by the authors to code the corpus of qualitative data.

Findings

Drawing on the Theory of Communicative Action, the authors discuss three dialogical processes critical to citizen discourse: lifeworld reasoning, rationalization and moral action. The findings point toward citizens’ perspectives of current and future issues associated with social media platform governance, including concerns around the multiplicity of digital identities, consent for vulnerable groups and transparency in content moderation. The findings also reveal citizens’ rationalization of the dilemmas faced in addressing these issues going forward, including tensions such as digital accountability vs data privacy, protection vs inclusion and algorithmic censorship vs free speech.

Originality/value

Based on outcomes from this dialogical process, moral actions in the form of policy recommendations are proposed by citizens and for citizens. The authors find that tackling these dark sides of digitalization is something too important to be left to “Big Tech” and equally requires an understanding of citizens’ perspectives to ensure an informed and positive imprint for change.

Details

Internet Research, vol. 33 no. 6
Type: Research Article
ISSN: 1066-2243

Keywords

Access

Year

Last 12 months (3)

Content type

1 – 3 of 3