Search results

Learning at the local level is an important contributor to safe and resilient communities. The purpose of this article is therefore to explore what motivates municipalities in Norway to learn from disasters and how they learn from them. This purpose has been fulfilled by (1) addressing the process of learning from disasters occurring within municipalities, and (2) learning from disasters in other municipalities, in particular from the terrorist incidents that occurred in Oslo on 22 July 2011.

An interview study was conducted of individuals responsible for municipal emergency preparedness.

Unwanted events that occur outside municipal borders only trigger learning processes if they are geographically proximate. Events occurring within the geographical borders of the municipality represent greater potential for learning than those occurring outside its borders. Availability of resources for municipal civil protection activities is another factor that has an impact on learning.

The local level plays a key role in generating and maintaining adequate civil protection and emergency preparedness in society. Although the literature on learning from disasters is extensive, learning processes at the local level have been given little attention. This article thus contributes to the existing body of knowledge by studying learning processes following disasters at the local level.

The purpose of this paper is to measure and discuss the long‐term effects of an e‐learning tool aiming at improving the information security knowledge, awareness, and behaviour of employees.

The intervention study had two assessments of knowledge and attitudes among employees: one survey, one week before the intervention, and one survey eight months after the intervention. The population was divided into an intervention group and a control group, where the only separated the groups was participation in the intervention (i.e. the e‐learning tool).

The study documents that the effects of the intervention on security awareness and behavior partly remains more than half a year after the intervention, but that the detailed knowledge on information security issues diminished during the period. The study also discusses how such courseware can contribute to long‐term organizational learning compared with human interventions such as action research. Both human resource management and internal promotion are necessary input in the process to successfully educate and train employees in information security.

One weakness of concern is the low response rate of 37 in the final analysis.

The study can document that short‐time effects of software supported information security awareness on employees' knowledge, behaviour, and awareness diminish over time. It is thus important to maintain and continually perform information security awareness. More interventions studies, following the same principles as presented in this paper, of other user‐directed measures is needed, to test and document the effects of different measures.

The paper is innovative in the area of information security research as it shows how an information security intervention can be measured.

The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.

A survey was designed and data were collected from information security managers in a selection of Norwegian organizations.

Technical‐administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness‐creating activities are applied by the organizations to a considerably lesser extent, but are at the same time these are assessed as being more effective organizational measures than technical‐administrative ones. Consequently, the study shows an inverse relationship between the implementation of organizational information security measures and assessed effectiveness of the organizational information security measures.

Provides insight into the non‐technological side of information security. While most other studies look at the effectiveness of single organizational security measures, the present study considers combinations of organizational security measures.

The purpose of this paper is to measure and discuss the effects of an e‐learning tool aiming at improving the information security knowledge, awareness, and behaviour of employees.

The intervention study has a pre‐ and post‐assessment of knowledge and attitudes among employees. In total, 1,897 employees responded to a survey before and after the intervention. The population is divided into an intervention group and a control group, where the only thing that separates the groups is participation in the intervention (i.e. the e‐learning tool).

The study documents significant short‐time improvements in security knowledge, awareness, and behavior of members of the intervention group.

The study looks at short‐time effects of the intervention. The paper has done a follow‐up study of the long‐term effects, which is also submitted to Information Management & Computer Security.

The study can document that software that support Information Security Awareness programs have a short‐time effect on employees' knowledge, behaviour, and awareness; more interventions studies, following the same principles as presented in this paper, of other user‐directed measures are needed, to test and document the effects of different measures.

The paper is innovative in the area of information security research as it shows how the effects of an information security intervention can be measured.

This paper aims to discuss whether recent theoretical and practical approaches within industrial safety management might be applicable to, and solve challenges experienced in, the field of information security, specifically related to incident management.

A literature review was carried out.

Principles, research and experiences on the issues of plans, training and learning in the context of industrial safety management would be suitable for adoption into the field of information security incident management and aid in addressing current challenges.

There are a number of reasons why approaches from industrial safety management have something to offer to information security incident management: the former field is more mature and has longer traditions, there is more organizational research on industrial safety issues than on information security issues so far, individual awareness is higher for industrial safety risks and worker participation in systematic industrial safety work is ensured by law. More organizational research on information security issues and continuous strengthening of individual security awareness would push information security to further maturity levels where current challenges are solved.

This paper shows that the field of information security incident management would gain from closer collaborations with industrial safety management, both in research and in practical loss prevention in organizations. The ideas discussed in this paper form a basis for further research on practical implementations and case studies.

The main audience of this paper includes information security researchers and practitioners, as they will find inspirational theories and experiences to bring into their daily work and future projects.