Search results

1 – 10 of over 11000
Article
Publication date: 4 March 2014

Teodor Sommestad, Jonas Hallberg, Kristoffer Lundholm and Johan Bengtsson

The purpose of this paper is to identify variables that influence compliance with information security policies of organizations and to identify how important these…

4333

Abstract

Purpose

The purpose of this paper is to identify variables that influence compliance with information security policies of organizations and to identify how important these variables are.

Design/methodology/approach

A systematic review of empirical studies described in extant literature is performed. This review found 29 studies meeting its inclusion criterion. The investigated variables in these studies and the effect size reported for them were extracted and analysed.

Findings

In the 29 studies, more than 60 variables have been studied in relation to security policy compliance and incompliance. Unfortunately, no clear winners can be found among the variables or the theories they are drawn from. Each of the variables only explains a small part of the variation in people's behaviour and when a variable has been investigated in multiple studies the findings often show a considerable variation.

Research limitations/implications

It is possible that the disparate findings of the reviewed studies can be explained by the sampling methods used in the studies, the treatment/control of extraneous variables and interplay between variables. These aspects ought to be addressed in future research efforts.

Practical implications

For decision makers who seek guidance on how to best achieve compliance with their information security policies should recognize that a large number of variables probably influence employees' compliance. In addition, both their influence strength and interplay are uncertain and largely unknown.

Originality/value

This is the first systematic review of research on variables that influence compliance with information security policies of organizations.

Details

Information Management & Computer Security, vol. 22 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 7 October 2013

Karin Hedström, Fredrik Karlsson and Ella Kolkowska

Employees' compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the…

1343

Abstract

Purpose

Employees' compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the usefulness of social action theory (SAT) for management of information security.

Design/methodology/approach

This research was carried out as a longitudinal case study at a Swedish hospital. Data were collected using a combination of interviews, information security documents, and observations. Data were analysed using a combination of a value-based compliance model and the taxonomy laid out in SAT to determine user rationality.

Findings

The paper argues that management of information security and design of countermeasures should be based on an understanding of users' rationale covering both intentional and unintentional non-compliance. The findings are presented in propositions with practical and theoretical implications: P1. Employees' non-compliance is predominantly based on means-end calculations and based on a practical rationality, P2. An information security investigation of employees' rationality should not be based on an a priori assumption about user intent, P3. Information security management and choice of countermeasures should be based on an understanding of the use rationale, and P4. Countermeasures should target intentional as well as unintentional non-compliance.

Originality/value

This work is an extension of Hedström et al. arguing for the importance of addressing user rationale for successful management of information security. The presented propositions can form a basis for information security management, making the objectives underlying the study presented in Hedström et al. more clear.

Details

Information Management & Computer Security, vol. 21 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 14 August 2017

Bang Nguyen and Lyndon Simkin

The purpose of this paper is to study what happens when firms misuse customers’ information and perceptions of unfairness arise because of privacy concerns. It explores a…

Abstract

Purpose

The purpose of this paper is to study what happens when firms misuse customers’ information and perceptions of unfairness arise because of privacy concerns. It explores a unifying theoretical framework of perceptions of unfairness, explained by the advantaged–disadvantaged (AD) continuum. It integrates the push, pull and mooring (PPM) model of migration for understanding the drivers of unfairness.

Design/methodology/approach

The paper is conceptual and develops a theoretical model based on extant research.

Findings

Using the PPM model, the paper explores the effects of information-based marketing tactics on the AD framework in the form of two types of customers. Findings from the review suggest that three variables have a leading direct effect on the AD customers. Traditionally, the fairness literature focuses on price, but findings show that service and communication variables impact customers’ unfairness perceptions. This paper examines the importance of these variables, in the context of an AD framework, to help explain unfairness and consider the implications.

Originality/value

To explain information misuse and unfairness perceptions, the paper develops a unifying theoretical framework of perceptions of unfairness, explained by linking the PPM model of migration with the AD continuum.

Details

The Bottom Line, vol. 30 no. 2
Type: Research Article
ISSN: 0888-045X

Keywords

Article
Publication date: 1 February 2005

Charles B. Foltz, Timothy Paul Cronan and Thomas W. Jones

This paper aims to examine the effectiveness of computer usage policies in university settings.

1521

Abstract

Purpose

This paper aims to examine the effectiveness of computer usage policies in university settings.

Design/methodology/approach

Students enrolled in business courses at three midwestern universities were divided, by class, into control and experimental groups. All subjects were asked to complete a survey regarding their awareness of university computer usage policies, consequences of misuse, and methods of policy distribution. The experimental group was exposed to sample computer usage policies. Two weeks later, all subjects were asked to complete the same survey again.

Findings

Results suggest that most students have not read their university computer usage policies. However, the presence of a computer usage policy does influence students who have read those policies, but a single exposure is insufficient to influence all subjects.

Research limitations/implications

The sample is limited to students from three universities.

Practical implications

Written policy statements alone cannot serve as a cornerstone of security; multiple factors must be used to communicate the content of the deterrents.

Originality/value

This study notes that the existence of computer usage policies within a university (or organization) does not ensure that all users are familiar with the content of those policies and the penalties imposed for their violation. Providing a copy of computer usage policies to students (or employees) and verbally highlighting major points are not sufficient exposure to eliminate indifference about computer misuse.

Details

Industrial Management & Data Systems, vol. 105 no. 2
Type: Research Article
ISSN: 0263-5577

Keywords

Article
Publication date: 18 September 2007

Brian A. Ochs

The purpose of this article is to analyze the SEC enforcement staff's recent scrutiny of the roles and responsibilities of securities firms for the protection of…

1313

Abstract

Purpose

The purpose of this article is to analyze the SEC enforcement staff's recent scrutiny of the roles and responsibilities of securities firms for the protection of confidential information.

Design/methodology/approach

The article reviews the SEC's implementation and enforcement of section 15(f) of the Exchange Act and section 204A of the Advisers Act. Part I discusses the legislative history of these provisions and reviews SEC and staff pronouncements relating to procedures for the protection of material nonpublic information. Part II discusses the potential consequences, from an enforcement perspective, of a firm's failure to satisfy the requirements of section 15(f) or section 204A. Part III describes the SEC's enforcement program in this area and distills guidance for securities firms from the SEC's actions.

Findings

Sections 15(f) and 204A require brokers, dealers, and investment advisers to “establish, maintain, and enforce written policies and procedures reasonably designed, taking into consideration the nature of such (broker, dealer, or investment adviser's) business, to prevent the misuse” of material nonpublic information. Thus, the statutory terms frame the issues in any SEC investigation. Does the firm maintain written procedures? Are the written procedures reasonably designed to safeguard material nonpublic information? In particular, are the procedures designed with a view toward the specific structure and business activities of the firm? Has the firm taken reasonable steps to enforce its written procedures?

Practical implications

Given the SEC's current enforcement emphasis in this area, it is essential that brokers, dealers, and investment advisers look critically at whether they are taking adequate steps to protect the confidential information they may handle on a daily basis.

Originality/value

The paper presents a practical guide by an experienced enforcement attorney.

Details

Journal of Investment Compliance, vol. 8 no. 3
Type: Research Article
ISSN: 1528-5812

Keywords

Article
Publication date: 1 December 2004

Hein S. Venter, Martin S. Olivier and Jan H.P. Eloff

It is well‐known that the primary threat against misuse of private data about individuals is present within the organisation; proposes a system that uses intrusion…

1048

Abstract

It is well‐known that the primary threat against misuse of private data about individuals is present within the organisation; proposes a system that uses intrusion detection system (IDS) technologies to help safeguard such private information. Current IDSs attempt to detect intrusions on a low level whereas the proposed privacy IDS (PIDS) attempts to detect intrusions on a higher level. Contains information about information privacy and privacy‐enhancing technologies, the role that a current IDS could play in a privacy system, and a framework for a privacy IDS. The system works by identifying anomalous behaviour and reacts by throttling access to the data and/or issuing reports. It is assumed that the private information is stored in a central networked repository. Uses the proposed PIDS on the border between this repository and the rest of the organisation to identify attempts to misuse such information. A practical prototype of the system needs to be implemented in order to determine and test the practical feasibility of the system. Provides a source of information and guidelines on how to implement a privacy IDS based on existing IDSs.

Details

Internet Research, vol. 14 no. 5
Type: Research Article
ISSN: 1066-2243

Keywords

Article
Publication date: 16 July 2018

Zilong Liu, Xuequn Wang and Jun Liu

Digital natives have become significant users of social network sites (SNSs); therefore, their disclosed personal information can be misused by SNS providers and/or other…

Abstract

Purpose

Digital natives have become significant users of social network sites (SNSs); therefore, their disclosed personal information can be misused by SNS providers and/or other users. The purpose of this paper is to understand how digital natives make their self-disclosure decisions on SNSs, as well as whether the concept of culture can still be relevant to digital natives.

Design/methodology/approach

The hypotheses were tested with survey data collected from the USA and China.

Findings

The results show that trust in SNSs and trust in SNS users are positively related to social rewards. Social rewards are positively related to intention to self-disclose, while privacy risk is positively related to privacy concerns. Further, culture significantly moderates the relationship between trust and social rewards.

Research limitations/implications

The study clarifies the effects of different types of trust on privacy in the context of SNSs. Further, the study shows the effects of culture when digital natives make self-disclosure decisions.

Practical implications

SNS providers also need to focus on different types of trust when operating in different cultural contexts. Further, SNS providers expanding their markets should emphasize social rewards to increase the likelihood of self-disclosure.

Originality/value

The results show that while culture can still be helpful to explain digital natives’ trust beliefs, digital natives have started to converge regarding their perceptions about privacy concerns and self-disclosure.

Details

Information Technology & People, vol. 32 no. 3
Type: Research Article
ISSN: 0959-3845

Keywords

Article
Publication date: 31 January 2020

Paul Hughes and Ian Hodgkinson

While the strategic management literature extols the virtues of engaging in strategic planning for superior performance, how a dynamic strategic planning capability can be…

Abstract

Purpose

While the strategic management literature extols the virtues of engaging in strategic planning for superior performance, how a dynamic strategic planning capability can be developed remains underexplored; a knowledge void addressed by the paper through applying knowledge-based theory.

Design/methodology/approach

A mail survey was sent to high technology firms randomly sampled from the Kompass Directory of UK businesses. Firms were sampled at the SBU level, given the focus on strategic planning capability.

Findings

An organization’s strategic planning capability derives from extensive information distribution and organizational memory. While learning values is non-significant, symbolic information use degrades the development of a strategic planning capability.

Research limitations/implications

By investigating the contributory activities that lead to strategic planning capability development, the findings establish how strategic planning materializes in organizations. Further, the differential effects found for knowledge management activities on strategic planning capability development extend empirical studies that suggest knowledge is always a central tenet of strategic planning.

Practical implications

A set of key knowledge activities is identified that managers must address for strategic planning capability development: strategic planning routines and values of search, analysis and assessment should be appropriately informed by investments in knowledge dissemination and memory on a continual basis. Meanwhile, information misuse compromises strategic planning capabilities, and managers must protect against out-of-context or manipulated information from infiltrating into organizational memory.

Originality/value

Despite the advent of the knowledge-based theory and its core premise that capabilities derive from knowledge management activities, little research has been conducted into demonstrating the knowledge-based antecedents of a strategic planning capability.

Details

European Business Review, vol. 33 no. 2
Type: Research Article
ISSN: 0955-534X

Keywords

Article
Publication date: 6 October 2021

Sheshadri Chatterjee, Ranjan Chaudhuri, Demetris Vrontis and Zahid Hussain

This study aims to empirically examine how consumer privacy concerns (CPC) impact smartphone usage for financial transactions. The study also investigates the moderating…

Abstract

Purpose

This study aims to empirically examine how consumer privacy concerns (CPC) impact smartphone usage for financial transactions. The study also investigates the moderating impact of regulations on this action.

Design/methodology/approach

With the inputs from literature and related privacy theories, a theoretical model was developed. The model was later empirically validated using the partial least squares structural equation modeling technique with 367 respondents from India.

Findings

The study finds that CPC significantly impacts on consumer behavior in using smartphones for financial transactions. The study also highlights that regulation has a moderating impact on consumer usage of smartphones for financial transactions.

Research limitations/implications

This study provides valuable inputs to smartphone service providers, practitioners, regulatory authorities and policymakers on appropriate and secure usage of smartphones by consumers, ensuring privacy protection while making financial transactions.

Originality/value

This study provides a unique model showing the antecedents of CPC to impact the behavioral reaction of smartphone users mediated through the ingredients of privacy calculus theory. Besides, this study analyzes the moderating effects of regulation on the use of smartphones for financial transactions. This is also a novel approach of this study.

Details

Journal of Consumer Marketing, vol. 40 no. 2
Type: Research Article
ISSN: 0736-3761

Keywords

Article
Publication date: 24 June 2021

Gajendra Liyanaarachchi, Sameer Deshpande and Scott Weaven

This paper advocates for banks to understand customers' online privacy concerns, use those insights to segment consumers and design tailored sales strategies to build a…

1389

Abstract

Purpose

This paper advocates for banks to understand customers' online privacy concerns, use those insights to segment consumers and design tailored sales strategies to build a mutual relationship through a social exchange that produces a competitive advantage.

Design/methodology/approach

A qualitative study involving 30 in-depth interviews with Australian and Asian millennials residing in Australia was conducted using a grounded theory approach to explore privacy concerns of online banking and determine the efficacy of their banks' existing sales strategy and practice.

Findings

The study revealed differences in customer perceptions of trust, confidence, responsibility and exchange. Adopting a power-dependency paradigm within a social exchange theoretical framework and power distance belief of national culture theory, the authors identified four consumer segments: exemplar, empiric, elevator and exponent. The authors propose a tailored consumer-centered sales strategy of communication, control, consolidation and collaboration.

Originality/value

The paper contributes to the research in services marketing, sales strategy and banking in three ways: first, the authors demonstrate the importance of the social exchange theory and national culture as a premise to develop a competitive advantage; second, the authors propose an innovative set of consumer segments in regards to online privacy concerns; and, third, the authors introduce four sales strategies tailored to each of the four segments.

Details

International Journal of Bank Marketing, vol. 39 no. 6
Type: Research Article
ISSN: 0265-2323

Keywords

1 – 10 of over 11000