Search results

Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.

This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.

This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.

The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.

This paper aims to evaluate the impact of various preview modes on tourist attitudes and intentions to visit a destination based on consumers’ level of involvement in travel decision-making.

The study was conducted as a between-subjects one-factor [preview mode: static images vs 360-degree tour vs virtual reality (VR) mode] in a laboratory experiment setup to examine how consumers with different levels of involvement in travel decision-making respond to destination marketing toward three different preview modes.

The findings indicated that VR preview mode highly influences tourist attitudes and visit intentions toward a destination compared to static images and 360-degree tours. This effect is more significant among participants with higher levels of customer involvement. Finally, the results from the study offer empirical evidence of the effectiveness of VR in shaping user behavior compared to traditional preview modes.

The limitations are using a non-probability sampling method, a small sample size and affordable mobile-compatible VR headsets.

This study offers empirical evidence on the effectiveness of VR in shaping tourist behavior compared to traditional preview modes. It helps destination marketers develop appropriate strategies for promoting tourist destinations.

The novelty of this paper lies in understanding the effectiveness of VR in shaping tourist behavior with different levels of customer involvement in travel decision-making.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.

The authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.

The study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.

This research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.

Proposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.

The study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.

This paper aims to investigate cyber security awareness of the staff of Estonian libraries and gives an overview why libraries could be a target of cyber attacks and why librarians need cyber security at first place.

The data used in this paper is based on a review of relevant literature to provide an overview of the concept of cyber security, and the results of the original online survey created by the paper’s author, conducted among Estonian librarians. The online questionnaire was developed using the world-recognised human aspects of information security questionnaire (HAIS-Q), which is based on the knowledge-attitudes-behaviour (KAB) methodology. A total of 388 completed questionnaires were returned from employees of academic, specialised, public and school libraries. The results are interpreted on the basis of descriptive statistics and Kruger and Kearney approach.

The final score of library employees is 86, which is classified as good, but based on the result, two focus areas need more attention than previously, which are the use of devices and prevention and handling of incidents.

The cyber behaviour of library employees has not been widely studied in the world using HAIS-Q and KAB models, and to the best of the authors’ knowledge, no research has been previously carried out in the Estonian library context into cyber security awareness.

Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary organisation. This paper explores the reputation repair strategies undertaken by organisations in the event of becoming victims of cyber-attacks.

For developing the authors’ contribution in the context of the Internet service providers' industry, the authors draw on a qualitative case study of TalkTalk, a British telecommunications company providing business to business (B2B) and business to customer (B2C) Internet services, which was a victim of a “significant and sustained” cyber-attack in October 2015. Data for the enquiry is sourced from publicly available archival documents such as newspaper articles, press releases, podcasts and parliamentary hearings on the TalkTalk cyber-attack.

The findings suggest a dynamic interplay of technical and rhetorical responses in dealing with cyber-attacks. This plays out in the form of marshalling communication and mortification techniques, bolstering image and riding on leader reputation, which serially combine to strategically orchestrate reputational repair and stigma erasure in the event of a cyber-attack.

Analysing a prototypical case of an organisation in dire straits following a cyber-attack, the paper provides a systematic characterisation of the setting-in-motion of strategic responses to manage, revamp and ameliorate damaged reputation during cyber-attacks, which tend to negatively shape the evaluative perceptions of the organisation's salient audience.

The purpose of this paper is to investigate the cyber hygiene practices of remote workers.

This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory, developed within this paper’s context, to evaluate the cybersecurity measures adopted by organizations for remote workers. It was conducted on remote workers to examine their information security practices. The instrument was administered to a sample of 442 employees reached via the LinkedIn platform. Analyses were performed with SPSS v26, Python programming language and Seaborn library.

The findings indicate a significant correlation between the security measures implemented by companies and their employees’ cyber hygiene practices. A sector comparison revealed a significant difference in cyber hygiene levels between public and private sector workers.

This paper aims to provide policymakers with suggestions for enhancing the cyber hygiene of remote workers to facilitate compliance with corporate security protocols.

This paper’s conclusions highlight the importance of companies increasing their cybersecurity investments as remote work becomes more prevalent. This should consider not only corporate-level factors but also employees' information and computer security behaviors.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

This paper aims to identify aspects of how work-life interaction has changed in the post-pandemic situations and propose strategies of the security concept for living-working patterns in the post-pandemic interior as future disease prevention.

We conducted a systematic literature search and review to select previous research systematically and relate concepts by coding the data and synthesising the data critically. The systematic literature search and review considered 90 papers (35 were studied).

The findings identify three strategies: hybrid activity patterns, new layout for hybrid and changing behaviour and culture. Each strategy demonstrates the connection between the hybrid living-working interior spaces in the post-pandemic period and security-pandemic variables. The results on security design factors focused on interior control, detection and deterrence; connection to nature creates a safer environment to prevent further variables; and hybrid activity requires more elements to govern users' behaviour and culture.

Limitations of this study are as follows: excluded papers that are not written in English/Bahasa or do not have gold/green open access; some aspects were not discussed (such as social distancing); the articles included in this review are up to April 2023 (and there is the possibility of recent papers). Future studies can be developed to update building certification for post-pandemic interiors or research with psychological, social equity or family vitality issues.

The study offers strategies and the holistic relationship between the post-pandemic concept and security-pandemic design variables within the built environment, especially in the users' culture and behaviour context.

The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.

The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.

The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.

Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.

The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.