Search results

The purpose of this paper is to increase understanding of employee information security awareness in a government sector setting and illuminate the problems that public sector organisations in a developing context face when seeking to establish an information security awareness programme.

An interpretive research design was followed to develop an empirically enriched understanding of information security awareness perceptions, aspirations, challenges and enablers in the context of Saudi Arabia as a developing country. The study adopts a single-case study approach, including face-to-face interviews with senior employees, as well as document analysis.

The paper theorises the importance of individual information security awareness, knowledge and behaviour and identifies a number of facilitating conditions: customisation to employee and organisational needs, interactivity, innovation, frequency, integration of both electronic and physical learning resources and rewarding the acquisition of in-depth security-related actionable knowledge.

This study is one of the first to examine information security awareness as a socio-technical process within a government sector organisation in a developing country context.

This chapter aims to (1) examine the effect of full-time employees’ STARA awareness on innovative work behavioural intentions in US casual dining restaurants; (2) investigate the mediating roles of employees’ challenge–hindrance appraisals of STARA awareness on the relationship between their STARA awareness and innovative work behavioural intentions; (3) compare the group differences between management employees and non-management employees; and (4) provide recommendations for the casual dining restaurants.

This chapter employed an online survey to collect data from 609 full-time employees in US casual dining restaurants, including 306 management employees and 303 non-management employees. Partial least squares–structural equation modelling was applied for data analysis. The results reveal that the high levels of employees’ STARA awareness raise innovative work behavioural intentions through the mediations of challenge appraisal of STARA awareness.

The proposed conceptual framework and empirical findings in this chapter enrich the literature of cognitive appraisal theory, transactional model and stress, two-dimensional stressor framework, and person-environment fit theory. Employees’ challenge appraisal of STARA awareness makes the job insecurity stressor to drive innovative work behavioural intentions. As STARA adoption deepens in casual dining restaurants, managers need to be aware of full-time employees’ stress and psychological responses towards STARA adoption. Restaurants are suggested to provide employees with adequate resources and support to help employees’ professional competency growth. The capable employees will appraise the job insecurity stressor induced by STARA adoption as an opportunity and be motivated to perform innovatively in the workplace. The casual dining restaurants may enjoy a competitive advantage in the market through value-added innovative activities.

This study aims to investigate whether and how artificial intelligence (AI) awareness affects work withdrawal.

This survey garners participation from a total of 305 hotel employees in China. The proposed hypotheses are examined using Hayes’s PROCESS macro.

The results indicate that AI awareness could positively affect work withdrawal. Negative work-related rumination and emotional exhaustion respectively mediate this relationship. Furthermore, negative work-related rumination and emotional exhaustion act as chain mediators between AI awareness and work withdrawal.

Given the growing adoption of AI technology in the hospitality industry, it is imperative that managers intensify their scrutiny of the psychological changes experienced by frontline service employees and allocate more resources to mitigating the impact of AI on their work withdrawal.

This study contributes to the burgeoning literature on AI by elucidating the chain mediating roles of negative work-related rumination and emotional exhaustion. It also makes a significant forward in examining mediating mechanisms, notably the chain-mediated mechanism, through which AI awareness impacts employee outcomes.

The purpose of this paper is to build an awareness-centered information security policy (ISP) compliance model, asserting that awareness is the key to ISP compliance and that awareness depends upon several variables that influence successful ISP compliance.

The authors built a model with seven constructs, i.e., leadership, trusting beliefs, information security issues awareness (ISIA), ISP awareness, understanding resource vulnerability, self-efficacy (SE) and intention to comply. Seven hypotheses were stated. A sample of 285 non-management employees was used from various organizations in the USA. The authors used path modeling to analyze the data.

The findings indicated that IS awareness depends on effective organizational leadership and elevated employees’ trusting beliefs. The understanding of resource vulnerability (URV) and SE are influenced by IS awareness resulting from effective leadership and elevated employees’ trusting beliefs which guide employees to comply with ISP requirements.

Practical implications were aimed at organizations embracing an awareness-centered information security compliance program to secure organizations’ assets against threats by implementing various security education and training awareness programs.

This paper asserts that awareness is central to ISP compliance. Leadership and trusting beliefs variables play significant roles in the information security awareness which in turn positively affect employees’ URV and SE variables leading employees to comply with the ISP requirements.

The uncontrolled spread of COVID-19 has forced employees to use telework technologies and platforms to perform different tasks, that is, “mandatory telework”. COVID-19 is a unique situation that has shocked economies and societies and led to a reshaping of the perception of employees and firms about work practices. However, due to the recent nature of the phenomenon, it is not usually understood how employees would cope with this forced change. Thus, the study aims to explore COVID-19 awareness and employees’ behavior toward mandatory telework.

A sample of 201 Danish employees was selected to examine the research questions using partial least square (PLS) structural equation modeling.

The findings show that COVID-19 awareness reduces technological anxiety and increases positive attitudes and job satisfaction. The authors have also found the full and partially mediating role of attitude and technological anxiety on the relationship between COVID-19 awareness and job satisfaction.

The study employed the theoretical lens of job demands-resources theory to understand COVID-19 awareness and technological anxiety dynamics on employees’ attitudes toward mandatory telework and job satisfaction during the pandemic.

Drawing on the conservation of resources theory, this study aims to apply a mixed-method to enrich the literature by investigating interrelationships among training, environmental triggers (environmental knowledge, awareness and concern) and employees' intention to carry out environmental activities.

This research applied a mixed-method carried out in Vietnam. By using the time-lagged data, Study 1 (quantitative research) was employed to test hypotheses. With Study 2 (qualitative research), four in-depth interviews were conducted to gain insight into a few unexpected findings from Study 1.

Study 1 indicates that environmental training is critical to directly boost not only the three environmental triggers but also employees' intention to engage in environmental activities. The findings further point out that environmental concern and awareness mediate the relationship between environmental training and employees' intention to engage in environmental activities. Unexpectedly, connections from environmental concern and awareness to employees' intentions were not moderated by environmental knowledge. The findings of Study 2 shed light on the role of environmental knowledge.

Based on the conservation of resources and social exchange theories, the research contributes to the existing literature by providing a better understanding of how environmental training stimulates employees' intention to implement environmental activities. The findings may be helpful for managers to encourage employees to contribute to organizations' green objectives.

This article surveys why libraries are vulnerable to social engineering attacks and how to manage risks of human-caused cyber threats on organizational level; investigates Estonian library staff awareness of information security and shares recommendations concerning focus areas that should be given more attention in the future.

The data used in this paper is based on an overview of relevant literature highlighting the theoretical points and giving the reasons why human factor is considered the weakest link in information security and cyber security and studying how to mitigate the related risks in the organisation. To perform the survey, a web questionnaire was designed which included 63 sentences and was developed based on the knowledge-attitude-behaviour (KAB) model supported by Kruger and Kearney and Human Aspects of Information Security Questionnaire (HAIS-Q) designed by Parsons et al.

The research results show that the information security awareness of library employees is at a good level; however, awareness in two focus areas needs special attention and should be improved. The output of this study is the mapping of seven focus areas of information security policy in libraries based on the HAIS-Q framework and the KAB model.

The cyber awareness of library employees has not been studied in the world using HAIS-Q and KAB model, and to the best of the authors’ knowledge, no research has been previously carried out in the Estonian library context into cyber security awareness.

This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.

This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.

In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.

This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.

The purpose of this paper is to measure and discuss the effects of an e‐learning tool aiming at improving the information security knowledge, awareness, and behaviour of employees.

The intervention study has a pre‐ and post‐assessment of knowledge and attitudes among employees. In total, 1,897 employees responded to a survey before and after the intervention. The population is divided into an intervention group and a control group, where the only thing that separates the groups is participation in the intervention (i.e. the e‐learning tool).

The study documents significant short‐time improvements in security knowledge, awareness, and behavior of members of the intervention group.

The study looks at short‐time effects of the intervention. The paper has done a follow‐up study of the long‐term effects, which is also submitted to Information Management & Computer Security.

The study can document that software that support Information Security Awareness programs have a short‐time effect on employees' knowledge, behaviour, and awareness; more interventions studies, following the same principles as presented in this paper, of other user‐directed measures are needed, to test and document the effects of different measures.

The paper is innovative in the area of information security research as it shows how the effects of an information security intervention can be measured.

The purpose of this paper is to propose a theory of information security intelligence and examine the effects of managers’ information security intelligence (MISI) on employees’ procedural countermeasure awareness and information security policy (ISP) compliance intention.

A survey approach and structural equation modeling is utilized. Partial least squares (WarpPLS 6.0) and nonlinear algorithm are employed to analyze and examine the hypotheses. In total, 324 employees from companies in South Korea participated in the survey, which was conducted by a professional survey service company.

MISI positively affects employees’ awareness of information security procedural countermeasures; information security knowledge and problem-solving skills have positive effects on procedural countermeasures awareness; MISI increases employees’ compliance intention through procedural countermeasure awareness; and information security procedural countermeasures positively affect employees’ ISP compliance intention.

This study proposes a theory of information security intelligence and examines its impacts on employees’ compliance intentions. The study highlights the mediating role of information security procedural countermeasures between information security intelligence and employees’ compliance intentions.

Managers should improve and explicitly demonstrate information security knowledge and problem-solving skills to increase employees’ ISP compliance intention. To protect the organization’s intellectual capital, managers should champion the development and promotion of PCM, rather than leave these functions to the information security group.

This is the first empirical study to propose and validate MISI.