Search results

This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.

A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.

The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.

The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.

The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.

The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.

Effective information security management (ISM) contributes to building a healthy organizational digital ecology. However, few studies have built an analysis framework for critical influencing factors to discuss the combined influence mechanism of multiple factors on ISM performance (ISMP). This study aims to explore the critical success factors and understand how these factors contribute to ISMP.

This study used a mixed-method approach to achieve this study’s research goals. In Study 1, the authors conducted a qualitative analysis to take a series of International Organization for Standardization/International Electrotechnical Commission standard documents as the basis to refine the critical factors that may influence organizations’ ISMP. In Study 2, the authors built a research model based on the organizational control perspective and used the survey-based partial least squares-based structural equation modeling (PLS-SEM) approach to understand the relationships between these factors in promoting ISMP. In Study 3, the authors used the fuzzy set qualitative comparative analysis (fsQCA) method to empirically analyze the complex mechanisms of how the combinations of the factors affect ISMP.

The following three research findings are obtained. First, based on the text-based qualitative analysis, the authors refined the critical success factors that may increase ISMP, including information security policies (ISP), top management support (TMS), alignment (ALI), information security risk assessment (IRA), information security awareness (ISA) and information security culture (ISC). Second, the PLS-SEM testing results confirmed TMS is the antecedent variable motivating organization’s formation (ISP) and information control (ISC) approaches; these two types of organization control approaches increase IRA, ISA and ALI and then promote ISMP directly and indirectly. Third, the fsQCA testing results found two configurations that can achieve high ISMP and one driving path that leads to non-high ISMP.

This study extends knowledge by exploring configuration factors to improve or impede the performances of organizations’ ISM. To the best of the authors’ knowledge, this study is one of the first to explore the use of the fsQCA approach in information security studies, and the results not only revealed causal associations between single factors but also highlighted the critical role of configuration factors in developing organizational ISMP. This study calls attention to information security managers of an organization should highlight the combined effect between the factors and reasonably allocate organizational resources to achieve high ISMP.

The purpose of this study is twofold. On the one hand, it studies the impact of IFRS 9 adoption on the firm value; and on the other hand, it investigates the impact of the classification of financial assets on the firm value.

The study covers a sample of 55 listed banks in the Middle Eastern and North African (MENA) region. Data is collected for three years (2017–2019).

The findings show that banks’ value is not impacted by IFRS 9 adoption but by financial assets’ classification. Firm value is positively affected by fair value through other comprehensive income assets, while it is negatively affected by amortized cost and fair value through profit or loss assets. The results of the additional analysis show consistent outcomes.

This research reveals important managerial implications. Priority should be given to the financial assets’ classification strategy following the adoption of IFRS 9 to boost the market valuation of banks. It may be useful for investors, managers and regulators in their decision-making.

This study enriches previous research as IFRS 9 is a new standard, and its adoption consequences need to be investigated. A few recent studies have focused on IFRS 9 as a whole or on other parts of IFRS 9, namely, the impairment regime and hedge accounting and concern developed contexts. However, this research adds to the knowledge of capital market studies by investigating the application of IFRS 9 in terms of classification in the MENA region.

The purpose of this paper is to investigate the cyber hygiene practices of remote workers.

This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory, developed within this paper’s context, to evaluate the cybersecurity measures adopted by organizations for remote workers. It was conducted on remote workers to examine their information security practices. The instrument was administered to a sample of 442 employees reached via the LinkedIn platform. Analyses were performed with SPSS v26, Python programming language and Seaborn library.

The findings indicate a significant correlation between the security measures implemented by companies and their employees’ cyber hygiene practices. A sector comparison revealed a significant difference in cyber hygiene levels between public and private sector workers.

This paper aims to provide policymakers with suggestions for enhancing the cyber hygiene of remote workers to facilitate compliance with corporate security protocols.

This paper’s conclusions highlight the importance of companies increasing their cybersecurity investments as remote work becomes more prevalent. This should consider not only corporate-level factors but also employees' information and computer security behaviors.

Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary organisation. This paper explores the reputation repair strategies undertaken by organisations in the event of becoming victims of cyber-attacks.

For developing the authors’ contribution in the context of the Internet service providers' industry, the authors draw on a qualitative case study of TalkTalk, a British telecommunications company providing business to business (B2B) and business to customer (B2C) Internet services, which was a victim of a “significant and sustained” cyber-attack in October 2015. Data for the enquiry is sourced from publicly available archival documents such as newspaper articles, press releases, podcasts and parliamentary hearings on the TalkTalk cyber-attack.

The findings suggest a dynamic interplay of technical and rhetorical responses in dealing with cyber-attacks. This plays out in the form of marshalling communication and mortification techniques, bolstering image and riding on leader reputation, which serially combine to strategically orchestrate reputational repair and stigma erasure in the event of a cyber-attack.

Analysing a prototypical case of an organisation in dire straits following a cyber-attack, the paper provides a systematic characterisation of the setting-in-motion of strategic responses to manage, revamp and ameliorate damaged reputation during cyber-attacks, which tend to negatively shape the evaluative perceptions of the organisation's salient audience.

Trust plays a crucial role in overcoming uncertainty and reducing risks. Uncovering the trust mechanism in the sharing economy may enable sharing platforms to design more effective marketing strategies. However, existing studies have inconsistent conclusions on the trust mechanism in the sharing economy. Therefore, this study aims to investigate the antecedents and consequences of different dimensions of trust (trust in platform and trust in peers) in the sharing economy.

First, we conducted a meta-analysis of 57 related articles. We tested 13 antecedents of trust in platform (e.g. economic benefits, enjoyment, and information quality) and eight antecedents of trust in peers (e.g. offline service quality and providers’ reputation), as well as their consequences. Then, we conducted subgroup analyses to test the moderating effects of economic development level (Developed vs Developing), gender (Female-dominant vs Male-dominant), platform type (Accommodation vs Transportation), role type (Obtainers vs Providers), and uncertainty avoidance (Strong vs Weak).

The results confirm that all antecedents and consequences significantly affect trust in platform or peers to varying degrees. Moreover, trust in platform greatly enhances trust in peers. Besides, the results of the moderating effect analyses demonstrate the variability of antecedents and consequences of trust under different subgroups.

This paper provides a clear and holistic view of the trust mechanism in the sharing economy from an object-based trust perspective. The findings may offer insights into trust-building in the sharing economy.

The study explores the potential barriers to data science (DS) implementation in organizations and identifies the key barriers. The identified barriers were explored for their interconnectedness and characteristics. This study aims to help organizations formulate apt DS strategies by providing a close-to-reality DS implementation framework of barriers, in conjunction with extant literature and practitioners' viewpoints.

The authors synthesized 100 distinct barriers through systematic literature review (SLR) under the individual, organizational and governmental taxonomies. In discussions with 48 industry experts through semi-structured interviews, 14 key barriers were identified. The selected barriers were explored for their pair-wise relationships using interpretive structural modeling (ISM) and fuzzy Matriced’ Impacts Croise's Multiplication Appliquée a UN Classement (MICMAC) analyses in formulating the hierarchical framework.

The lack of awareness and data-related challenges are identified as the most prominent barriers, followed by non-alignment with organizational strategy, lack of competency with vendors and premature governmental arrangements, and classified as independent variables. The non-commitment of top-management team (TMT), significant investment costs, lack of swiftness in change management and a low tolerance for complexity and initial failures are recognized as the linkage variables. Employee reluctance, mid-level managerial resistance, a dearth of adequate skills and knowledge and working in silos depend on the rest of the identified barriers. The perceived threat to society is classified as the autonomous variable.

The study augments theoretical understanding from the literature with the practical viewpoints of industry experts in enhancing the knowledge of the DS ecosystem. The research offers organizations a generic framework to combat hindrances to DS initiatives strategically.

This study aims to present a framework for automatically collecting, cleaning and analyzing text (news articles, in this case) to provide valuable decision-making information to destination management organizations. Keeping a record of certain aspects of the projected destination image of an attraction (Cancun in this study) will grant the design of better strategies for the promotion and administration of destinations without the time-consuming effort of manually evaluating high quantities of textual information.

Using Web scraping, news articles were collected from the USA, Mexico and Canada over an interval of one year. The documents were analyzed using an automatic topic modeling method known as Latent Dirichlet Allocation and a coherence analysis to determine the number of themes present in each collection. With the data provided, the authors were able to extract valuable information to understand how Cancun is presented to the countries.

It was found that in all countries, Cancun is an important destination to travel and vacation; however, given the period defined for this study (from July 2021 to July 2022), an important part of the articles analyzed was concerned with the sanitary measures derived from the COVID-19 pandemic. Besides, given the rise of violence and the threat of organized crime, many articles from the three countries are focused on warning potential tourists about the risks of traveling to Cancun.

The examination of the relevant literature revealed that similar analyses are manually performed by the experts on a set of predefined categories. Although those approaches are methodologically sound, the logistic effort and the time used could become prohibitively expensive, precluding carrying out this analysis frequently. Additionally, the preestablished categories to be studied in press articles may distort the results. For these reasons, the proposed framework automatically allows for gathering valuable information for decision-making in an unbiased manner.

This paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance cybersecurity (CS).

The questionnaire was used to collect data for 97 internal auditors (IAu) from the Gulf Cooperation Council countries. The authors used partial least squares (PLS) to test the hypotheses.

The results show a positive effect of the ADRIA on each of the organisational proactive measures, human proactive measures and technical proactive measures to enhance CS. The study also found a positive effect of the confirmatory role of IA on both human proactive measures and technical proactive measures to enhance CS. No effect of the confirmatory role of IA on the organisational proactive measures is found.

This study focused on only three proactive measures to enhance CS, and this study was limited to the opinions of IAu. In addition, the study was limited to using regression analysis according to the PLS method.

The results of this study show that managers need to consider the influential role of IA as a value-adding activity in reducing CS risks and activating proactive measures. Also, IAu must expand its capabilities, skills and knowledge in CS auditing to provide a bold view of cyber threats. At the same time, the institutions responsible for preparing IA standards should develop standards and guidelines that help IAu to play assurance and advisory roles.

To the best of the authors’ knowledge, this is the first study of its kind that deals with the impact of the assurance and ADRIA on proactive measures to enhance CS. In addition, the study determines the nature of the advisory role and the assurance role of IA to strengthen CS.

While the potential for digital innovation (DI) to transform organizational practices is widely acknowledged in the information systems (IS) literature, there is very limited understanding on the socio-political nature of institutional interactions that determine DI and affect organizational practices in social cash organizations. Drawing on the neo-institutionalist vision, the purpose of the study is to examine the unique set of institutional exchanges that influence the transition to digital social cash payments that give rise to new institutional arrangements in social cash organizations.

The paper draws on an in-depth case study of a government social cash organization in Pakistan. Qualitative data were collected using 30 semi-structured interviews from key organizational members and stakeholders.

The results suggest that DI is determined by the novel intersections between the coercive (techno-economic, regulatory), normative (socio-organizational), mimetic (international) and covert power (political) forces. Hence, DI is not a technologically deterministic output, but rather a complex socio-political process enacted through dialogue, negotiation and conflict between institutional actors. Technology is socially embedded through the process of institutionalization that is coupled by the deinstitutionalization of established organizational practices for progressive transformation.

The research has implications for government social cash organizations especially in the Global South. Empirically, the authors gained rare access to, and support from a government-backed social cash organization in Pakistan (an understudied country in the Global South), which made the data and the consequent analyses even invaluable. This made the empirical contribution within this geographical setting even more worthy, since this case study has received little attention from indigenous scholars in the past. The empirical findings showcased a unique set of contextual factors that were subject to BISP and interpreted through an account of socio-cultural sensitivities.

The paper provides practical implications for policymakers and practitioners, emphasizing the need to address institutional challenges, including covert power, during the implementation of digitalization projects in the public sector. The paper has certain potential for inspiring future e-government related (or public sector focused) studies. The paper may guide both private and government policy-makers and practitioners in presenting how to overcome certain institutional challenges while planning and implementing large scale multi-stakeholder digitization projects in similar country contexts. So while there is scope of linking the digitization of public sector organizations to anti-corruption measures in other Global South countries, the paper may not be that straightforward with the private sector involvement.

The paper offers rich social insights on the institutional interchanges that occur between the social actors for the innovation of technology. Especially, the paper highlights the social-embeddedness nature of technology that underpins the institutionalization of new organizational practices. These have implications on how DI is viewed as a socio-political process of change.

This study contributes to neo-institutional theory by theorizing covert power as a political force that complements the neo-institutional framework. This force is subtle but also resistive for some political actors as the force shifts the equilibrium of power between different institutional actors. Furthermore, the paper presents the social and practical implications that guide policymakers and practitioners by taking into consideration the unique institutional challenges, such as covert power, while implementing large scale digital projects in the social cash sector.