Search results
1 – 10 of over 1000Hiep Cong Pham, Linda Brennan, Lukas Parker, Nhat Tram Phan-Le, Irfan Ulhaq, Mathews Zanda Nkhoma and Minh Nhat Nguyen
Understanding the behavioral change process of system users to adopt safe security practices is important to the success of an organization’s cybersecurity program. This study…
Abstract
Purpose
Understanding the behavioral change process of system users to adopt safe security practices is important to the success of an organization’s cybersecurity program. This study aims to explore how the 7Ps (product, price, promotion, place, physical evidence, process and people) marketing mix, as part of an internal social marketing approach, can be used to gain an understanding of employees’ interactions within an organization’s cybersecurity environment. This understanding could inform the design of servicescapes and behavioral infrastructure to promote and maintain cybersecurity compliance.
Design/methodology/approach
This study adopted an inductive qualitative approach using in-depth interviews with employees in several Vietnamese organizations. Discussions were centered on employee experiences and their perceptions of cybersecurity initiatives, as well as the impact of initiatives on compliance behavior. Responses were then categorized under the 7Ps marketing mix framework.
Findings
The study shows that assessing a cybersecurity program using the 7P mix enables the systematic capture of users’ security compliance and acceptance of IT systems. Additionally, understanding the interactions between system elements permits the design of behavioral infrastructure to enhance security efforts. Results also show that user engagement is essential in developing secure systems. User engagement requires developing shared objectives, localized communications, co-designing of efficient processes and understanding the “pain points” of security compliance. The knowledge developed from this research provides a framework for those managing cybersecurity systems and enables the design human-centered systems conducive to compliance.
Originality/value
The study is one of the first to use a cross-disciplinary social marketing approach to examine how employees experience and comply with security initiatives. Previous studies have mostly focused on determinants of compliance behavior without providing a clear platform for management action. Internal social marketing using 7Ps provides a simple but innovative approach to reexamine existing compliance approaches. Findings from the study could leverage proven successful marketing techniques to promote security compliance.
Details
Keywords
Dien Van Tran, Phuong Van Nguyen, Anh Thi Chau Nguyen, Demetris Vrontis and Phuong Uyen Dinh
This study aims to investigate the impact of employees’ engagement in government social media (GSM) on their cybersecurity compliance attitude, protection motivation and…
Abstract
Purpose
This study aims to investigate the impact of employees’ engagement in government social media (GSM) on their cybersecurity compliance attitude, protection motivation and protective behavior, thereby contributing to effective cybersecurity practices at organizations.
Design/methodology/approach
A quantitative cross-sectional field survey was conducted to collect primary data in big cities and large provinces in Vietnam. The final data set of 323 responses was analyzed using the partial least squares-structural equation modeling approach to interpret the results and test research hypotheses.
Findings
Engagement in GSM positively influences employees’ cybersecurity compliance attitude (ATT). Perceived threat vulnerability and response efficacy also contribute to a positive compliance attitude, although self-efficacy has a negative impact. Moreover, the cybersecurity compliance ATT significantly explains the information protection motivation, which in turn influences employee protective behaviors. However, the relationship between compliance attitude and protective behaviors is weak, unlike previous studies that found a strong correlation.
Originality/value
Although recent studies have explored specific information security practices in corporate and home contexts, the influence of GSM on individuals’ cybersecurity behaviors has received limited attention because of its novelty. This study contributes to the existing body of knowledge by investigating the impact of GSM on cybersecurity behaviors. This study provides significant contributions to understanding social media’s effects of social media on individuals’ cultivation processes, by expanding upon the protective motivation theory and cultivation theory. The results lead to practical suggestions for organizational managers and policymakers so that they can enhance their understanding of the importance of cybersecurity, encourage the implementation of self-defense strategies and highlight the significance of threat and coping evaluations in influencing attitudes and motivations.
Details
Keywords
This study aims to assess the essential elements of internal organisational capability that influence the cybersecurity effectiveness of a construction firm. An extended McKinsey…
Abstract
Purpose
This study aims to assess the essential elements of internal organisational capability that influence the cybersecurity effectiveness of a construction firm. An extended McKinsey 7S model is used to analyse the relationship between a construction firm's cybersecurity effectiveness and nine internal capability elements: shared values, strategy, structure, systems, staff, style, skills, relationships with third parties and regulatory compliance.
Design/methodology/approach
Based on a quantitative research strategy, this study collected data through a cross-sectional survey of professionals working in the construction sector in the United Kingdom (UK). The collected data was analysed using descriptive and inferential statistical methods.
Findings
The findings underlined systems, regulatory compliance, staff and third-party relationships as the most significant elements of internal organisational capability influencing a construction firm's cybersecurity effectiveness, organised in order of importance.
Research limitations/implications
Future research possibilities are proposed including the extension of the proposed diagnostic model to consider additional external factors, examining it under varying industrial relationship conditions and developing a dynamic framework that helps improve cybersecurity capability levels while overseeing execution outcomes to ensure success.
Practical implications
The extended McKinsey 7S model can be used as a diagnostic tool to assess the organisation's internal capabilities and evaluate the effectiveness of implemented changes. This can provide specific ways for construction firms to enhance their cybersecurity effectiveness.
Originality/value
This study contributes to the field of cybersecurity in the construction industry by empirically assessing the effectiveness of cybersecurity in UK construction firms using an extended McKinsey 7S model. The study highlights the importance of two additional elements, third-party relationships and construction firm regulatory compliance, which were overlooked in the original McKinsey 7S model. By utilising this model, the study develops a concise research model of essential elements of internal organisational capability that influence cybersecurity effectiveness in construction firms.
Details
Keywords
Tze Yin Khaw, Azlan Amran and Ai Ping Teoh
This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity…
Abstract
Purpose
This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity practices within organizations for cybersecurity risk management through a systematic literature review (SLR) approach.
Design/methodology/approach
This SLR adhered to RepOrting Standards for Systematics Evidence Syntheses (ROSES) publication standards and used various research approaches. The study’s article selection process involved using Scopus, one of the most important scientific databases, to review articles published between 2014 and 2023.
Findings
This review identified the four main themes: individual factors, organizational factors, technological factors and governmental role. In addition, nine subthemes that relate to these primary topics were established.
Originality/value
This research sheds light on the multifaceted nature of cybersecurity by exploring factors influencing implementation and developing an improvement framework, offering valuable insights for researchers to advance theoretical developments, assisting industry practitioners in tailoring cybersecurity strategies to their needs and providing policymakers with a basis for creating more effective cybersecurity regulations and standards.
Details
Keywords
The Kingdom of Saudi Arabia (KSA) is embracing digital transformation and e-government services, aiming to improve efficiency, accessibility and citizen-centricity. Nonetheless…
Abstract
Purpose
The Kingdom of Saudi Arabia (KSA) is embracing digital transformation and e-government services, aiming to improve efficiency, accessibility and citizen-centricity. Nonetheless, the country faces challenges such as evolving cyber threats. The purpose of this study is to investigate the factors influencing cybersecurity practices to ensure the reliability and security of e-government services.
Design/methodology/approach
This paper investigates the multifaceted dynamics of cybersecurity practices and their impact on the quality and effectiveness of e-government services. Five key factors explored include organizational culture, technology infrastructure, adherence to standards and regulations, employee training and awareness and financial investment in cybersecurity. This study used a quantitative method to gather data from 320 participants. The researcher collected 285 completed questionnaires, excluding unusable or incomplete responses, and analyzed the final data set using partial least squares structural equation modeling.
Findings
The findings show that financial investment in cybersecurity, employee training and awareness and adherence to cybersecurity regulations significantly influence the adoption of robust cybersecurity practices. However, the relationship between organizational culture and cybersecurity practices is less straightforward. The research establishes a strong positive correlation between cybersecurity practices and e-government service quality, highlighting the role of security in fostering public trust and user satisfaction and meeting the evolving needs of citizens and businesses.
Originality/value
This research contributes valuable empirical evidence to the fields of e-government and cybersecurity, offering insights that can inform evidence-based policy decisions and resource allocation. By understanding the nuanced dynamics at play, Saudi Arabia is better poised to fortify its digital governance infrastructure and provide secure, high-quality e-government services to its constituents.
Details
Keywords
Khalid Shaheen and Ali Hussein Zolait
This study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can…
Abstract
Purpose
This study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can impact the cybersecurity of government entities in the Kingdom of Bahrain.
Design/methodology/approach
The authors used a quantitative and qualitative approach. The data were collected by conducting semi-structured interviews with the information technology experts in the Bahrain Government entities participating in the CTP. Also, quantitative data was obtained through a questionnaire distributed to relevant people in the information technology field.
Findings
The findings of this study suggest that the CTP had a significant impact on the cybersecurity assurance of the government entities that participated in the CTP; it increased the employees’ awareness, reduced the number of cyberattacks and optimized the available resources. The findings also highlighted the role of top management in the success of the implementation of the CTP. The results also ensure that the CTP’s maturity model affected the cybersecurity compliance of an organization and the implementation of cybersecurity policies and controls.
Practical implications
This study enhances cybersecurity researchers’ and practitioners’ understanding of the impact of the CTP and its components and evaluates its influence on Bahrain’s cybersecurity assurance.
Originality/value
This study implies that to achieve better cybersecurity, managers should focus on implementing the policies and controls provided by cybersecurity frameworks to enhance cybersecurity assurance.
Details
Keywords
Peter Dornheim and Ruediger Zarnekow
The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated…
Abstract
Purpose
The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.
Design/methodology/approach
Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.
Findings
Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.
Originality/value
This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.
Details
Keywords
This follows the ransomware attack on Colonial Pipeline in May. As criminal and state-sponsored cyberattacks intensify, the administration is focusing on threats to US critical…
Details
DOI: 10.1108/OXAN-DB263000
ISSN: 2633-304X
Keywords
Geographic
Topical
V. Gerard Comizio, Behnam Dayanim and Laura Bain
To provide financial institutions an overview of the developments in cybersecurity regulation of financial institutions during 2015 by the United States, the United Kingdom, and…
Abstract
Purpose
To provide financial institutions an overview of the developments in cybersecurity regulation of financial institutions during 2015 by the United States, the United Kingdom, and the European Union, as well as guidance for developing effective cyber-risk management programs in light of evolving cyber-threats and cyber-regulatory expectations.
Design/methodology/approach
Reviews US, UK and EU regulatory developments in the cybersecurity area and provides several best practice tips financial institutions should consider and implement to improve their cybersecurity compliance programs.
Findings
While cyber-threats and financial regulators’ expectations for cyber-security are constantly evolving, recent guidance and enforcement efforts by the US, UK and EU illustrate the need for financial institutions to develop effective cybersecurity programs that address current regulatory compliance requirements and prepare for emergency cyber responses.
Practical implications
Financial institutions should utilize the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool to assess their cyber-risk profile and cyber-preparedness.
Originality/value
Practical guidance from experienced financial regulatory and privacy lawyers that provides a survey of the current regulatory environment and recommendations for cyber-security compliance.
Details
Keywords
Thomas Stafford, George Deitz and Yaojie Li
The purpose of the study is to investigate the role of information security policy compliance and the role of information systems auditing in identifying non-compliance in the…
Abstract
Purpose
The purpose of the study is to investigate the role of information security policy compliance and the role of information systems auditing in identifying non-compliance in the workplace, with specific focus on the role of non-malicious insiders who unknowingly or innocuously thwart corporate information security (IS) directives by engaging in unsafe computing practices. The ameliorative effects of auditor-identified training and motivational programs to emphasize pro-security behaviors are explored.
Design/methodology/approach
This study applies qualitative case analysis of technology user security perceptions combined with interpretive analysis of depth interviews with auditors to examine and explain the rubrics of non-malicious technology user behaviors in violation of cybersecurity directives, to determine the ways in which auditors can best assist management in overcoming the problems associated with security complacency among users.
Findings
Enterprise risk management benefits from audits that identify technology users who either feel invulnerable to cyber threats and exploits or feel that workplace exigencies augur for expedient workarounds of formal cybersecurity policies.
Research limitations/implications
Implications for consideration of CyberComplacency and Cybersecurity Loafing expand the insider threat perspective beyond the traditional malicious insider perspective.
Practical implications
Implications for consideration of CyberComplacency and Cybersecurity Loafing include broadened perspectives for the consultative role of IS audit in the firm.
Social implications
CyberComplacency is a practice that has great potential for harm in all walks of life. A better understanding of these potential harms is beneficial.
Originality/value
This study is the first to characterize CyberComplacency as computer users who feel they operate invulnerable platforms and are subsequently motivated to engage in less cybersecurity diligence than the company would desire. This study is also the first to characterize the notion of Cybersecurity Loafing to describe technically competent workers who take unauthorized but expedient steps around certain security polices in the name of workgroup efficiency.
Details