Search results

1 – 10 of 929
Article
Publication date: 12 September 2022

Janis Warner and Kamphol Wipawayangkool

IT security breaches plague organizations worldwide, yet there continues to be a paucity of comprehensive research models for protective technologies. This study aims to develop…

Abstract

Purpose

IT security breaches plague organizations worldwide, yet there continues to be a paucity of comprehensive research models for protective technologies. This study aims to develop an IT security user behavior model focusing on the protective technology anti-spyware which includes organizational climate, a theory of planned behavior (TPB) background variable and elicited salient user beliefs.

Design/methodology/approach

A multimethod approach, including interviews and a survey, is used to elicit salient user beliefs and test hypotheses of the influences of perceived IT security climate on those user beliefs and ultimately user behavioral intentions. Primary data were collected through interviews following the prescribed TPB methodology and an offline survey method with 254 valid responses recorded. Partial least squares was used to investigate the hypotheses.

Findings

The authors found that attitudinal beliefs – protecting organizational interests for data/privacy, preventing disruptions to work and control beliefs – monetary resources and time constraints mediate significant relationships between IT security climate and attitude and perceived behavioral control, respectively. Implications are discussed.

Originality/value

This study is the first, to the best of the authors’ knowledge, that uses both interviews and a survey to examine the relationships among IT security climate, elicited user beliefs and behavioral intentions in a TPB-based model for a protective technology.

Details

Journal of Systems and Information Technology, vol. 24 no. 4
Type: Research Article
ISSN: 1328-7265

Keywords

Article
Publication date: 10 July 2017

Erastus Karanja

The aim of this study is to advance research on the position of the CISO by investigating the role that CISOs play before and after an IT security breach. There is a dearth of…

2918

Abstract

Purpose

The aim of this study is to advance research on the position of the CISO by investigating the role that CISOs play before and after an IT security breach. There is a dearth of academic research literature on the role of a chief information security officer (CISO) in the management of Information Technology (IT) security. The limited research literature exists despite the increasing number and complexity of IT security breaches that lead to significant erosions in business value.

Design/methodology/approach

The study makes use of content analysis and agency theory to explore a sample of US firms that experienced IT security breaches between 2009 and 2015 and how these firms reacted to the IT security breaches.

Findings

The results indicate that following the IT security breaches, a number of the impacted firms adopted a reactive plan that entailed a re-organization of the existing IT security strategy and the hiring of a CISO. Also, there is no consensus on the CISO reporting structure since most of the firms that hired a CISO for the first time had the CISO report either to the Chief Executive Officer or Chief Information Officer.

Research limitations/implications

The findings will inform researchers, IT educators and industry practitioners on the roles of CISOs as well as advance research on how to mitigate IT security vulnerabilities.

Originality/value

The need for research that advances an understanding of how to effectively manage the security of IT resources is timely and is driven by the growing frequency and sophistication of the IT security breaches as well as the significant direct and indirect costs incurred by both the affected firms and their stakeholders.

Details

Information & Computer Security, vol. 25 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 October 2006

Maria Karyda, Evangelia Mitrou and Gerald Quirchmayr

This paper seeks to provide an overview of the major technical, organizational and legal issues pertaining to the outsourcing of IS/IT security services.

5872

Abstract

Purpose

This paper seeks to provide an overview of the major technical, organizational and legal issues pertaining to the outsourcing of IS/IT security services.

Design/methodology/approach

The paper uses a combined socio‐technical approach to explore the different aspects of IS/IT security outsourcing and suggests a framework for accommodating security and privacy requirements that arise in outsourcing arrangements.

Findings

Data protection requirements are a decisive factor for IS/IT security outsourcing, not only because they pose restrictions to management, but also because security and privacy concerns are commonly cited among the most important concerns prohibiting organizations from IS/IT outsourcing. New emerging trends such as outsourcing in third countries, pose significant new issues, with regard to meeting data protection requirements.

Originality/value

The paper illustrates the reasons for which the outsourcing of IS/IT security needs to be examined under a different perspective from traditional IS/IT outsourcing. It focuses on the specific issue of personal data protection requirements that must be accommodated, according to the European Union directive.

Details

Information Management & Computer Security, vol. 14 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 20 November 2009

Princely Ifinedo

The purpose of this paper is to add a layer of understanding to a previous survey of information technology (IT) security concerns and issues in global financial services…

2220

Abstract

Purpose

The purpose of this paper is to add a layer of understanding to a previous survey of information technology (IT) security concerns and issues in global financial services institutions (GFSI).

Design/methodology/approach

This paper uses data obtained from a secondary source. The dimensions of national culture used in this paper come from Hofstede's work. Two analyses are performed on the data. First, a non‐parametric test is conducted to determine whether there are significant differences on the 13 IT security concerns when the dimensions of national culture are used to group responses. Second, a correlation analysis is carried out between the study's variables.

Findings

First, the results indicate that the dimensions of national culture are not statistically important in differentiating responses and perceptions of IT security concerns across GFSI. Second, some of the dimensions of national culture are found to have significant correlations with a few of the IT security concerns investigated.

Research limitations/implications

The use of a secondary data source introduces some limitations. The views captured in the survey are those of management team, it is likely that end‐users' perceptions may vary considerably. Nonetheless, the main finding of the paper for corporate managers in the financial services industry is that IT security concerns appear to be uniform across cultures. Further, the data show that the dimension of uncertainty avoidance deserves further attention with regard to the assessment of security concerns in GFSI. This information may be useful for decision making and planning purposes in the financial services industry.

Originality/value

This paper is believed to be among the first to examine the impacts of national culture on IT security concerns in GFSI. The paper's conclusions may offer useful insights to corporate managers in the industry.

Details

Information Management & Computer Security, vol. 17 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 8 February 2022

Kwame Owusu Kwateng, Christopher Amanor and Francis Kamewor Tetteh

This study aims to empirically investigate the relationship between enterprise risk management (ERM) and information technology (IT) security within the financial sector.

1295

Abstract

Purpose

This study aims to empirically investigate the relationship between enterprise risk management (ERM) and information technology (IT) security within the financial sector.

Design/methodology/approach

Risk officers of financial institutions licensed by the Central Bank of Ghana constituted the sample frame. A structured questionnaire was used to elicit data from the respondents. The structural equation modeling method was employed to analyze the hypothesized model.

Findings

The results revealed that ERM has a strong positive substantial effect on IT security within financial institutions. However, organizational culture failed to moderate the relationship between ERM and IT security.

Practical implications

A well-managed risk helps to eliminate ineffective, archaic and redundant technology as the originator of rising perils and organizational concerns in today's corporate financial institutions since ERM established a substantially strong positive correlation among the variables.

Originality/value

ERM studies in the African context are rare. This paper adds to contemporary literature by providing a new perspective toward the understanding of the relationship between ERM and IT security, especially in the financial industry.

Details

Information & Computer Security, vol. 30 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 20 March 2009

Rodrigo Werlinger, Kirstie Hawkey and Konstantin Beznosov

The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and…

4859

Abstract

Purpose

The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors.

Design/methodology/approach

The data set consisted of 36 semi‐structured interviews with IT security practitioners from 17 organizations (academic, government, and private). The interviews were analyzed using qualitative description with constant comparison and inductive analysis of the data to identify the challenges that security practitioners face.

Findings

A total of 18 challenges that can affect IT security management within organizations are indentified and described. This analysis is grounded in related work to build an integrated framework of security challenges. The framework illustrates the interplay among human, organizational, and technological factors.

Practical implications

The framework can help organizations identify potential challenges when implementing security standards, and determine if they are using their security resources effectively to address the challenges. It also provides a way to understand the interplay of the different factors, for example, how the culture of the organization and decentralization of IT security trigger security issues that make security management more difficult. Several opportunities for researchers and developers to improve the technology and processes used to support adoption of security policies and standards within organizations are provided.

Originality/value

A comprehensive list of human, organizational, and technological challenges that security experts have to face within their organizations is presented. In addition, these challenges within a framework that illustrates the interplay between factors and the consequences of this interplay for organizations are integrated.

Details

Information Management & Computer Security, vol. 17 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 May 2003

Ashish Garg, Jeffrey Curtis and Hilary Halper

Internet security is a pervasive concern for all companies. However, developing the business case to support investments in IT security has been particularly challenging because…

7932

Abstract

Internet security is a pervasive concern for all companies. However, developing the business case to support investments in IT security has been particularly challenging because of difficulties in precisely quantifying the economic impact of a breach. Previous studies have attempted to quantify the magnitude of losses resulting from a breach in IT security, but reliance on self‐reported company data has resulted in widely varying estimates of limited credibility. Employing an event study methodology, this study offers an alternative approach and more rigorous evaluation of breaches in IT security. This attempt has revealed several new perspectives concerning the market reaction to IT security breaches. A final component of the study is the extension of the analysis to incorporate eSecurity vendors and a fuller exploration of market reactions before and after the denial of service attacks of February 2000. The key takeaway for corporate IT decision makers is that IT security breaches are extremely costly, and that the stock market has already factored in some level of optimal IT security investment by companies.

Details

Information Management & Computer Security, vol. 11 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 March 1990

Marco Kapp

As businesses continue to automate their activities and establishelectronic links with trading partners the IT security problem becomesboth more important to solve and more…

Abstract

As businesses continue to automate their activities and establish electronic links with trading partners the IT security problem becomes both more important to solve and more difficult to deal with. Virtually all companies have inadequacies in their present IT security arrangement, and suffer growing losses as a result. There is much that individual companies can, and should, do to eliminate these inadequacies, but some aspects of the problem are beyond the capacity of an individual company to solve. New initiatives, such as Coopers & Lybrand′s European Security Forum, have been established to address these issues.

Details

European Business Review, vol. 90 no. 3
Type: Research Article
ISSN: 0955-534X

Keywords

Article
Publication date: 10 October 2016

Hiep-Cong Pham, Jamal El-Den and Joan Richardson

This paper aims to extend current information security compliance research by adapting “work-stress model” of the extended Job Demands-Resources model to explore how security…

1007

Abstract

Purpose

This paper aims to extend current information security compliance research by adapting “work-stress model” of the extended Job Demands-Resources model to explore how security compliance demands, organization and personal resources influence end-user security compliance. The paper proposes that security compliance burnout and security engagement as the mediating factors between security compliance demands, organizational and personal resources and individual security compliance.

Design/methodology/approach

The authors used a multi-case in-depth interview method to explore the relevance and significance of security demands, organizational resources and personal resources on security compliance at work. Seventeen participants in three organizations including a bank, a university and an oil distribution company in Vietnam were interviewed during a four-month period.

Findings

The study identified three security demands, three security resources and two aspects of personal resources that influence security compliance. The study demonstrates that the security environment factors such as security demands and resources affected compliance burden and security engagement. Personal resources could play an integral role in moderating the impact of security environment on security compliance.

Research limitations/implications

The findings presented are not generalizable to the wider population of end-users in Vietnam due to the small sample size used in the interviews. Further quantitative studies need to measure the extent of each predictor on security compliance.

Originality/value

The originality of the research stems from proposing not only stress-based but also motivating factors from the security environment on security compliance. By using qualitative approach, the study provides more insight to understand the impact of the security environments on security compliance.

Details

Information & Computer Security, vol. 24 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 April 1996

Judith Vince

This paper will highlight the legal aspects of information security and copyright laws, as well as global networking, remote access, single sign‐on and Internet security in an…

Abstract

This paper will highlight the legal aspects of information security and copyright laws, as well as global networking, remote access, single sign‐on and Internet security in an international environment.

Details

Aslib Proceedings, vol. 48 no. 4
Type: Research Article
ISSN: 0001-253X

1 – 10 of 929