Search results

The purpose of this paper is to suggest that the information ethics (IE) of students appear to improve more through adoption of the technology mediated learning (TML) platform rather than face-to-face (FTF) approach. In addition, it shows the pattern changes in each scenario resulting from the ethics training and analyses them from the Confucian ethics perspective, indicating that researchers should consider this aspect in future models.

This study employed non-parametric methods to test the outcome of the “information ethics course” of two kinds of training platforms. FTF training: 193 students; TML training: 185 students.

The TML platform produces a more significant improvement in the students’ respect for rules, privacy, accessibility, and intellectual property (IP) cognition, rather than the FTF method. Based on the findings, two propositions (eight sub-propositions) are formulated and revised two sub-propositions.

However, this study has a few limitations that can be enhanced by further research in the future: first, the data were only collected from one university (National Pingtung University), thus, the external validity is not satisfactory for all Chinese context students. Second, it is necessary to collect both of scenario-based and qualitative data from different cultural context students (such as Mainland China, the USA, Europe, Arabia, etc.) and then compare their results, thereby making further contributions to the current study. Third, the study was intentionally used as the measure of progress in ethical understanding without highlighting the difference between intentionality and actual behavior.

Teachers should draw upon the principles of Ren, Yi, and Li, from the Confucian ethics perspective to encourage students to respect the IE for Chinese context students. In addition, emphasis should be placed on the ability of students to build their information ethics cognition through the cognitive information processing learning methods, which can enhance the “accessibility,” “accuracy,” “privacy,” and “IP” cognition of Chinese students in both the FTF and TML platform learning process. This will help to reduce students’ unethical behavior as they advance in their future careers.

The field of transportation research, and the World Conferences on Transport Research Society (WCTRS), has an illustrious history. The challenge today is to look to the future in a deep and thoughtful way, to identify emerging issues and opportunities for practice and for research.

This chapter identifies several critical issues in transportation research. We then explore one issue in depth, the need to increase individual and collaborative effectiveness.

This issue points to the need for a new direction in transportation research. Historically, transportation research has focussed on two major thrusts. The analysis thrust has focussed on predicting the consequences of a given transportation plan, project, or service proposal. Associated “design” research has dealt with algorithmic and heuristic techniques for finding “good” plans or policies. The policy thrust has focussed on the organizational issues and processes around making decisions on and implementing transportation plans, projects, or services. This thrust includes public policy issues and approaches, market structures and regulatory processes, organization design issues, distributional consequences, environmental policy issues, and related areas.

Today, we see the need to add a third major thrust to the field of transportation — cognition and action:

• to manage transportation services and enterprises better;

• to use analysis more effectively to inform and influence decisions;

• to use computer support more effectively in transportation organizations and enterprises.

to manage transportation services and enterprises better;

to use analysis more effectively to inform and influence decisions;

to use computer support more effectively in transportation organizations and enterprises.

Research in cognition and action examines how people think and act, and aims to develop aids to thinking and acting that result in significant improvements in peoples' behaviours and performance. Promising research directions draw on cognitive psychology and cognitive science, and especially empirical research on managerial cognition and problem-solving. We introduce the theory of cognitive informatics, describe some applications to transportation management, and discuss relevant software tools.

Leadership is a time-dependent process and a recent leadership research trend posits a central role of time-based variables. The dyadic tenure plays a keystone role in understanding leader–follower dynamics, especially as regards leader ethics. In line with this, from a social learning theory perspective, the authors propose a model that explains how and when ethical leaders' behaviors influence subordinates' moral disengagement.

With a sample of 220 employees, the present study tests the conditional indirect effect of ethical leadership on followers' moral disengagement via instrumental ethical climate (IEC), using dyadic tenure as the moderator variable. The analyses were conducted with Hayes PROCESS macro.

Results suggested that IEC fully mediates the relationship between ethical leadership and moral disengagement. Thus, when followers perceive low levels of ethical leadership, they notice higher levels of IEC, which is positively related to moral disengagement. However, IEC perception only influences moral disengagement when dyadic tenure approaches the third year.

This paper answers calls to include time-based variables in leadership studies. Hence, using dyadic tenure, this study gives support to previous propositions that were still awaiting empirical test.

Since the emergence of the Internet in the twentieth century and the rapid growth of different types of information technologies (IT), our lives, either personal or professional, have become digitised. Adoption and diffusion of IT enhance individuals and organisational performance, yet scholars discovered a dual nature of IT in which IT usage may have negative aspects too. First, the inability to cope with IT in a healthy manner creates stress in users, termed technostress. Second, digitisation and adoption of new technologies (e.g. IoT and multi-cloud environments) have increased vulnerabilities to information security (InfoSec) threats. Although organisations utilise counteraction strategies (e.g., security systems, security policies), end-users remain the top source of security incidents. Existing behavioural research has approached technostress and InfoSec independently. However, it is not clear how technology-stressors influence employees’ security-related behaviours. This chapter reviews the interaction effect of these concepts in detail by proposing a conceptual model that explains that technostress is the main reason for employees’ non-compliance with security policies in which users with high-level perceptions of technostress are more likely to violate InfoSec policies. Counteraction strategies to mitigate technostress and security threats are also discussed.

This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness.

In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training.

The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels.

Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA.

If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer.

A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.

Smart card-based E-payment systems are receiving increasing attention as the number of implementations is witnessed on the rise globally. Understanding of user adoption behavior of E-payment systems that employ smart card technology becomes a research area that is of particular value and interest to both IS researchers and professionals. However, research interest focuses mostly on why a smart card-based E-payment system results in a failure or how the system could have grown into a success. This signals the fact that researchers have not had much opportunity to critically review a smart card-based E-payment system that has gained wide support and overcome the hurdle of critical mass adoption. The Octopus in Hong Kong has provided a rare opportunity for investigating smart card-based E-payment system because of its unprecedented success. This research seeks to thoroughly analyze the Octopus from technology adoption behavior perspectives.

Cultural impacts on adoption behavior are one of the key areas that this research posits to investigate. Since the present research is conducted in Hong Kong where a majority of population is Chinese ethnicity and yet is westernized in a number of aspects, assuming that users in Hong Kong are characterized by eastern or western culture is less useful. Explicit cultural characteristics at individual level are tapped into here instead of applying generalization of cultural beliefs to users to more accurately reflect cultural bias. In this vein, the technology acceptance model (TAM) is adapted, extended, and tested for its applicability cross-culturally in Hong Kong on the Octopus. Four cultural dimensions developed by Hofstede are included in this study, namely uncertainty avoidance, masculinity, individualism, and Confucian Dynamism (long-term orientation), to explore their influence on usage behavior through the mediation of perceived usefulness.

TAM is also integrated with the innovation diffusion theory (IDT) to borrow two constructs in relation to innovative characteristics, namely relative advantage and compatibility, in order to enhance the explanatory power of the proposed research model. Besides, the normative accountability of the research model is strengthened by embracing two social influences, namely subjective norm and image. As the last antecedent to perceived usefulness, prior experience serves to bring in the time variation factor to allow level of prior experience to exert both direct and moderating effects on perceived usefulness.

The resulting research model is analyzed by partial least squares (PLS)-based Structural Equation Modeling (SEM) approach. The research findings reveal that all cultural dimensions demonstrate direct effect on perceived usefulness though the influence of uncertainty avoidance is found marginally significant. Other constructs on innovative characteristics and social influences are validated to be significant as hypothesized. Prior experience does indeed significantly moderate the two influences that perceived usefulness receives from relative advantage and compatibility, respectively. The research model has demonstrated convincing explanatory power and so may be employed for further studies in other contexts. In particular, cultural effects play a key role in contributing to the uniqueness of the model, enabling it to be an effective tool to help critically understand increasingly internationalized IS system development and implementation efforts. This research also suggests several practical implications in view of the findings that could better inform managerial decisions for designing, implementing, or promoting smart card-based E-payment system.

Situation awareness theory is a primary mean to take decisions and actions in a dynamically changing environment. Nowadays, to implement situation awareness, theories and models in organizational scenarios have become an important research challenge. The purpose of this paper is to investigate the relationship between the situation awareness theory and cybernetics. Further, the aim is to use this relationship to check the feasibility of situation awareness-based information security risk management (ISRM) implementation in the organizational scenario.

To investigate the relationship between situation awareness theory and cybernetics, Endsley’s situation awareness theory and Norbert Wiener’s cybernetics concepts and philosophy have been used in the present work. For a detailed study, concepts, techniques and philosophy of the cybernetics have been extracted from the thesis of Norbert Wiener titled “The human use of human beings” and “Cybernetics or control and communication in the animal and the machine”.

The present paper demonstrates that relationship can be successfully established between cybernetics and situation awareness theory. Further, this relationship can be used to solve organizational implementation issues related to situation awareness based systems. To demonstrate relationship and solutions of implementation issues, two case studies related to ISRM are also incorporated in the present case study.

The present work bridges two parallel and prominent theories of situation awareness and cybernetics. It also demonstrates that combination of both the theories can be used to feasibly implement situation awareness based systems in organizations.

The purpose of this paper is to identify variables that influence compliance with information security policies of organizations and to identify how important these variables are.

A systematic review of empirical studies described in extant literature is performed. This review found 29 studies meeting its inclusion criterion. The investigated variables in these studies and the effect size reported for them were extracted and analysed.

In the 29 studies, more than 60 variables have been studied in relation to security policy compliance and incompliance. Unfortunately, no clear winners can be found among the variables or the theories they are drawn from. Each of the variables only explains a small part of the variation in people's behaviour and when a variable has been investigated in multiple studies the findings often show a considerable variation.

It is possible that the disparate findings of the reviewed studies can be explained by the sampling methods used in the studies, the treatment/control of extraneous variables and interplay between variables. These aspects ought to be addressed in future research efforts.

For decision makers who seek guidance on how to best achieve compliance with their information security policies should recognize that a large number of variables probably influence employees' compliance. In addition, both their influence strength and interplay are uncertain and largely unknown.

This is the first systematic review of research on variables that influence compliance with information security policies of organizations.

The purpose of this paper is to investigate the relations among job resources, value conflicts, information security climate and information security behaviour in the nuclear industry.

Longitudinal questionnaire data on information security climate and psychosocial working conditions were collected from two organisations in Sweden (response rate 62% and 59%, respectively).

A high occurrence of value conflicts decreased the participative information security behaviour, while psychosocial job resources and high job demands had positive effects on such behaviour. High rule-compliant information security behaviour led to fewer perceived value conflicts. When job resources were high, high job demands had a positive effect on rule compliance. Information security climate had a strong and positive cross-sectional relationship with information security behaviour but no longitudinal influence on behaviour. This suggests that the time interval, one year between measurements, may have been too long and events between measurements may have masked the causal process.

As one of very few longitudinal studies of information security, this study illuminated causal relationships regarding information security behaviour that have not been possible to identify in previous cross-sectional research. This enables better understanding of psychosocial phenomena and processes of importance for information security. This study does not provide conclusive results but indicates new important directions for research.

Recent global security surveys indicate that security training and awareness programs are not working as well as they could be and that investments made by organizations are inadequate. The purpose of the paper is to increase understanding of this phenomenon and illuminate the problems that organizations face when trying to establish an information security awareness program.

Following an interpretive approach the authors apply a case study method and employ actor network theory (ANT) and the due process for analyzing findings.

The paper contributes to both understanding and managing security awareness programs in organizations, by providing a framework that enables the analysis of awareness activities and interactions with the various organizational processes and events.

The application of ANT still remains a challenge for researchers since no practical method or guide exists. In this paper the application of ANT through the due process model extension is enhanced and practically presented. This exploration highlights the fact that information security awareness initiatives involve different stakeholders, with often conflicting interests. Practitioners must acquire, additionally to technical skills, communication, negotiation and management skills in order to address the related organizational and managerial issues. Moreover, the results of this inquiry reveal that the role of artifacts used within the awareness process is not neutral but can actively affect it.

This study is one of the first to examine information security awareness as a managerial and socio‐technical process within an organizational context.