Search results

This paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.

The research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.

The investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.

The main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.

This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.

This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.

In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.

This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.

This study explores the importance of and vulnerabilities in deploying physical access control (PAC) devices in a typical university setting.

The study adopts face-to-face and telephone interviews. This study uses a semi-structured interview guide to solicit the views of 25 interviewees on the subject under consideration. Qualitative responses to the interview are thematically analyzed using NVivo 11 Pro analysis application software.

The findings reveal five importance and seven vulnerabilities in the deployment of PAC devices in the institution. Key among the importance of deploying the devices are “prevent unwanted premise access or intrusions,” “prevent disruptions to university/staff operations on campus” and “protect students and staff from outside intruders.” Key among the identified vulnerabilities are “tailgating”, “delay in emergent cases” and “power outage may affect its usage.”

This study offers insight into a rare area of study, especially in the Sub-Saharan Africa region. Furthermore, the study contributes to the state-of-the-art importance and vulnerabilities in deploying PAC devices in daily human activities. The study is valuable in that it has the potential to establish a foundation for future studies that may delve into investigating issues associated with the deployment of PAC devices.

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.

This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.

Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.

Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

The purpose of this paper is to outline how the EU figures out the importance of strengthening its relations with Egypt as one of the most strategic countries in the region to keep the union secured and stable. The paper also assesses to what extent the EU succeeds to promote democracy in Egypt.

The EU pursues its policy through a series of both bilateral and multilateral agreements with Egypt aiming at positioning their relations in a strategic context. The research adopted different approaches as descriptive and analytical ones.

Following the Arab uprisings, the EU was caught by surprise and announced a paradigm shift in its relations and introduced a set of policies to foster democracy promotion that witnessed some successes but with extremely modest results in some areas compared to the costs of the process. The EU succeeded in important reforms in trade liberalization while it did not bring clear changes in the political arena in Egypt.

The findings of this paper convey that the Arab uprisings were a wake-up call for the EU. It was the right time for the EU to conduct such a strategic and sincere reflection based on the role it wants to play in the changing region. In addition, findings prove that the EU’s response to revolutionary events has been weak and hesitant, and the EU has not an effective role in promoting democracy in Egypt.

Digitalization, innovation and changing customer requirements drive the continuous improvement of an organization's business processes. IT demand management (ITDM) as a methodology supports the holistic governance of IT and the corresponding business process change (BPC), by allocating resources to meet a company's requirements and strategic objectives. As ITDM decision-makers are not fully aware of how the as-is business processes operate and interact, making informed decisions that positively impact the to-be process is a key challenge.

In this paper, the authors address this challenge by developing a novel approach that integrates process mining and ITDM. To this end, the authors conduct an action research study where the researchers participated in the design, creation and evaluation of the approach. The proposed approach is illustrated using two sample demands of an insurance claims process. These demands are used to construct the artefact in multiple research circles and to validate the approach in practice. The authors applied learning and reflection methods for incrementally adjusting this study’s approach.

The study shows that the utilization of process mining activities during process changes on an operational level contributes to (1) increasing accuracy and efficiency of ITDM; (2) timely identification of potential risks and dependencies and (3) support of testing and acceptance of IT demands.

The implementation of this study’s approach improved ITDM practice. It appropriately addressed the information needs of decision-makers and unveiled the effects and consequences of process changes. Furthermore, providing a clearer picture of the process dependencies clarified the responsibilities and the interfaces at the intra- and inter-process level.

It is important to note that insider trading is currently outlawed under the Securities Act 17 of 2004 (Chapter 24: 25) as amended (Securities Act) in Zimbabwe. This Act enumerates some practices that may give rise to insider trading liability in the Zimbabwean financial markets. Nonetheless, numerous challenges, such as the lack of adequate financial resources, the lack of sufficient persons with the relevant skills and expertise on the part of the enforcement authorities, lack of political will, inadequacy of insider trading provisions, poor cooperation and collaboration between the relevant authorities and the ongoing coronavirus (Covid-19) pandemic have negatively impeded the effective regulation and combating of insider trading in Zimbabwe. To this end, the author explores the stated challenges and recommend measures that could be used by regulatory bodies and other relevant enforcement authorities to enhance the regulation and combating of insider trading in the Zimbabwean financial markets. This study aims to enhance the detection and combating of insider trading in Zimbabwe.

A qualitative research methodology is used through the analysis of relevant legislation and case law.

It is hoped that the findings and recommendations made in this study will be considered by the Zimbabwean policymakers.

The study does not use empirical research methodology.

The findings and recommendations made in this study could enhance the combating of insider trading activities in Zimbabwe.

The study seeks to curb insider trading in the Zimbabwean financial markets and financial institutions in the wake of the covid-19 pandemic-related regulatory and enforcement challenges.

The study provides original research on the regulation and combating of insider trading activities in Zimbabwe.

The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.

The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.

The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.

Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.

The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.

The purpose of this study is to examine how the tourism economy affects local food availability, access, utilization and stability in dessert-prone agricultural heritage sites. Specifically, the study aims to explore the relationship between the tourism industry and local agricultural practices and how this connection influences food security in the Siwa Oasis, located in the Western Desert of Egypt.

The study employs a qualitative exploratory research design using in-depth interviews and focus groups to investigate the impact of the tourism economy on food security and identify potential benefits and limitations for food security in the region.

The research reveals that the tourism economy in Siwa Oasis has only a marginal contribution to food security. The study highlights a lack of a strong connection between the tourism industry and local agricultural practices within the heritage site. As a result, the potential benefits and synergies that could be achieved between tourism and agriculture have not been fully realized, leading to a limited impact on food stability.

This study primarily relies on qualitative data from Siwa Oasis, Egypt, which may limit the generalizability of findings beyond this specific context. Additionally, while the study provides valuable insights into the complex relationship between tourism and food security, it does not quantitatively measure the magnitude of tourism's impact. Future research could incorporate quantitative methods for a more comprehensive understanding of this relationship in diverse desert-prone regions. Finally, the study highlights the need for more integrated approaches to enhance food security through tourism, but the specific strategies and policy recommendations require further investigation and adaptation to local contexts.

This study underscores the need for tourism development strategies that prioritize food security in desert-prone areas like Siwa Oasis. Policymakers and stakeholders should promote sustainable tourism practices that enhance local agriculture, create diversified income sources and foster equitable benefits for communities. Moreover, recognizing the seasonal nature of tourism, interventions to address food shortages during off-peak periods are crucial. Efforts should also focus on skill development and gender-inclusive opportunities within the tourism sector to ensure broader community participation. Additionally, collaborations between tourism and agriculture should be encouraged to optimize food availability and stability while preserving cultural food traditions.

This study adds original insights by examining the specific impact of the tourism economy on food security in dessert-prone agricultural heritage sites. The study's originality lies in its exploration of the untapped potential for synergy between the tourism and agricultural sectors and the implications for local food security. This research contributes to understanding how tourism can improve food security in specific contexts and provides valuable insights into sustainable development in heritage sites.