Search results
1 – 10 of over 1000Tuğçe Karayel, Bahadır Aktaş and Adem Akbıyık
The purpose of this paper is to investigate the cyber hygiene practices of remote workers.
Abstract
Purpose
The purpose of this paper is to investigate the cyber hygiene practices of remote workers.
Design/methodology/approach
This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory, developed within this paper’s context, to evaluate the cybersecurity measures adopted by organizations for remote workers. It was conducted on remote workers to examine their information security practices. The instrument was administered to a sample of 442 employees reached via the LinkedIn platform. Analyses were performed with SPSS v26, Python programming language and Seaborn library.
Findings
The findings indicate a significant correlation between the security measures implemented by companies and their employees’ cyber hygiene practices. A sector comparison revealed a significant difference in cyber hygiene levels between public and private sector workers.
Research limitations/implications
This paper aims to provide policymakers with suggestions for enhancing the cyber hygiene of remote workers to facilitate compliance with corporate security protocols.
Originality/value
This paper’s conclusions highlight the importance of companies increasing their cybersecurity investments as remote work becomes more prevalent. This should consider not only corporate-level factors but also employees' information and computer security behaviors.
Details
Keywords
Hassan Jamil, Tanveer Zia, Tahmid Nayeem, Monica T. Whitty and Steven D'Alessandro
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However…
Abstract
Purpose
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.
Design/methodology/approach
The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.
Findings
The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.
Originality/value
The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.
Details
Keywords
A research line has emerged that is concerned with investigating human factors in information systems and cyber-security in organizations using various behavioural and…
Abstract
Purpose
A research line has emerged that is concerned with investigating human factors in information systems and cyber-security in organizations using various behavioural and socio-cognitive theories. This study aims to explore human and contextual factors influencing cyber security behaviour in organizations while drawing implications for cyber-security in higher education institutions.
Design/methodology/approach
A systematic literature review has been implemented. The reviewed studies have revealed various human and contextual factors that influence cyber-security behaviour in organizations, notably higher education institutions.
Research limitations/implications
This review study offers practical implications for constructing and keeping a robust cyber-security organizational culture in higher education institutions for the sustainable development goals of cyber-security training and education.
Originality/value
The value of the current review arises in that it presents a comprehensive account of human factors affecting cyber-security in organizations, a topic that is rarely investigated in previous related literature. Furthermore, the current review sheds light on cyber-security in higher education from the weakest link perspective. Simultaneously, the study contributes to relevant literature by gaining insight into human factors and socio-technological controls related to cyber-security in higher education institutions.
Details
Keywords
Khalid Shaheen and Ali Hussein Zolait
This study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can…
Abstract
Purpose
This study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can impact the cybersecurity of government entities in the Kingdom of Bahrain.
Design/methodology/approach
The authors used a quantitative and qualitative approach. The data were collected by conducting semi-structured interviews with the information technology experts in the Bahrain Government entities participating in the CTP. Also, quantitative data was obtained through a questionnaire distributed to relevant people in the information technology field.
Findings
The findings of this study suggest that the CTP had a significant impact on the cybersecurity assurance of the government entities that participated in the CTP; it increased the employees’ awareness, reduced the number of cyberattacks and optimized the available resources. The findings also highlighted the role of top management in the success of the implementation of the CTP. The results also ensure that the CTP’s maturity model affected the cybersecurity compliance of an organization and the implementation of cybersecurity policies and controls.
Practical implications
This study enhances cybersecurity researchers’ and practitioners’ understanding of the impact of the CTP and its components and evaluates its influence on Bahrain’s cybersecurity assurance.
Originality/value
This study implies that to achieve better cybersecurity, managers should focus on implementing the policies and controls provided by cybersecurity frameworks to enhance cybersecurity assurance.
Details
Keywords
Hedaia-t-Allah Nabil Abd Al Ghaffar
The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.
Abstract
Purpose
The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.
Design/methodology/approach
The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.
Findings
The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.
Practical implications
Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.
Originality/value
The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.
Details
Keywords
Sze Ling Ng, Sajad Rezaei, Naser Valaei and Mohammad Iranmanesh
The objective of this study is to examine the drivers of retail apps satisfaction and continuance intention. An integrative theoretical framework was developed based on the IS…
Abstract
Purpose
The objective of this study is to examine the drivers of retail apps satisfaction and continuance intention. An integrative theoretical framework was developed based on the IS success model, E-S-QUAL and expectancy and disconfirmation model to explain retail apps users’ satisfaction and continuance intention.
Design/methodology/approach
A total of 359 useable data were collected from the targeted Malaysian respondents who had experience in using retail apps services. Data were analysed using the partial least squares technique.
Findings
The results indicate that system quality and e-service quality positively influence retail apps usage satisfaction and have positive direct and indirect effects through satisfaction on continuance intention. The price level has a negative effect on retail apps usage satisfaction. Even though price level has no direct effect on continuance intention to use retail apps, it has an indirect effect on continuance intention through satisfaction.
Originality/value
Although the success of a marketing channel mainly depends on its continuance usage rather than first-time usage, few studies have paid attention to retail apps services. This study contributes to the advancement of knowledge on retail apps by explaining the roles of system quality, e-service quality and price level on retail apps satisfaction and continuance intention. Interestingly, the findings of multi-group analysis imply that female Gen Y app users are more satisfied than males while such differences do not impact their continuance intention to use the retail apps. The findings also suggested that frequency of using apps has no relevance to retail apps user satisfaction, but highly relevant to their continuance intention to use retail Apps services.
Details
Keywords
Zahrotush Sholikhah, Wiwiek Rabiatul Adawiyah, Bambang Agus Pramuka and Eka Pariyanti
Although the academic literature provides extensive insight into the motivations for the unethical use of information technology in online classes, little is known about how…
Abstract
Purpose
Although the academic literature provides extensive insight into the motivations for the unethical use of information technology in online classes, little is known about how perceived justice, the opportunity to cheat and spiritual legitimacy mitigate unethical behavior among young academics. The purposes of this study are two folds: first, to determine how perceived lecturers’ justice and opportunity to cheat may mitigate academic misconduct in online classes, and second, to evaluate the moderating effect of spiritual power on the relationship between perceived lecturers’ justice and opportunity to cheat and academic misconduct.
Design/methodology/approach
This research was conducted at universities in three Southeast Asia countries, including Indonesia, Malaysia and Thailand, with a total of 339 respondents. The research questionnaire was distributed using Google Forms. The analytical method used to test the research hypothesis is moderated regression analysis (MRA).
Findings
The findings of this study reveal that spirituality moderates the relationship between lecturer justice and the opportunity to cheat online. Even though the justice level of the lecturer is low, individuals with relatively high spirituality will show much less cheating behavior than when there is a low level of lecturer justice and a low level of student spirituality, and vice versa.
Research limitations/implications
Cheating occurs when students develop an intention to cheat, which leads to actual involvement in cheating, meaning that theoretically, the findings extend the fraud triangle theory. In addition, the practical implications of this research are that lecturers need to conduct fair teaching, such as transparency of exam conditions, assessment, the right to an opinion and supervision during exams, consequently, the students cannot cheat. Spirituality is also an essential factor that can reduce online cheating, so instilling spirituality in specific courses is a fruitful solution.
Originality/value
The contributions of this study are twofold. First, this study gives testable theories on how spiritual help works. Second, this study offers tailored and more humanistic assistance, such as a mechanism that adjusts to the academic world’s usage of more positive technologies. This study contributes to the literature on online cheating in higher education across three Southeast Asian nations (Indonesia, Malaysia and Thailand).
Details
Keywords
Haengmi Kim, Jaeyoung An and Choong C. Lee
Upon the realization of the need for guideline in cross-organizational data integration, in an exploratory manner, this study developed a public data governance framework…
Abstract
Purpose
Upon the realization of the need for guideline in cross-organizational data integration, in an exploratory manner, this study developed a public data governance framework, specifically, the governance for integrated public data (GIPD) framework and identified the influential factors of its successful implementation. This framework was then subjected to an analysis of a real data integration case in the South Korean public sector to test its efficacy.
Design/methodology/approach
To develop the GIPD framework, the authors conducted an extensive meta study, focus group interviews and the analytic hierarchy process involving field experts. Further, the authors performed topic modeling on documents from Korean research and development data integration projects, and compared the extracted factors to those of the GIPD to illustrate the latter's usefulness in a real case.
Findings
Legislation, policy goals and strategies, operation organization, decision-making council, financial support size and objective, system development and operation, data integration, data generation, system/data standardization and master data management were derived as the 10 important factors in implementing the GIPD framework. The illustrative case of Korea revealed that decision-making council, financial support size and objective, legislation, data generation and data integration were insufficient.
Research limitations/implications
Although this study reveals important findings, it has a few limitations. First, the potential factors for data governance might vary depending on the attribute of the “interviewee” (such as their career or experience period) and the goal and area of GIPD framework building. Second, the inherent limitation of topic modeling in determining topics from groups of extracted keywords means that topics may be interpreted in various ways, depending on the perspective of the expert.
Practical implications
This study is highly significant in that it provides a starting point for discussions on the issue of data integration among public institutions. Therefore, although this study examined public data governance based on R&D data, it will contribute to providing a sufficient guideline for any type of inter-institutional data governance framework, what to discuss and how to discuss between institutions.
Originality/value
The findings are expected to provide a roadmap to formulate practical guidelines on inter-institutional data cooperation and a diagnostic matrix to improve the existing data governance system, especially in the public sector, from the existing practice of empirical analysis using a mixed methodology approach.
Details
Keywords
Călin Mihail Rangu, Leonardo Badea, Mircea Constantin Scheau, Larisa Găbudeanu, Iulian Panait and Valentin Radu
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented…
Abstract
Purpose
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.
Design/methodology/approach
The authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.
Findings
The study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.
Research limitations/implications
This research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.
Practical implications
Proposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.
Originality/value
The study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.
Details
Keywords
Eylem Thron, Shamal Faily, Huseyin Dogan and Martin Freer
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at…
Abstract
Purpose
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.
Design/methodology/approach
Overall, 26 interviews were conducted with 21 participants from industry and academia.
Findings
The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.
Originality/value
The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.
Details