Search results

1 – 10 of 572
Open Access
Article
Publication date: 2 August 2021

Botong Xue, Feng Xu, Xin Luo and Merrill Warkentin

A growing number of studies have investigated the effect of ethical leadership on behavioral outcome of employees. However, considering the important role of ethics in IS…

2457

Abstract

Purpose

A growing number of studies have investigated the effect of ethical leadership on behavioral outcome of employees. However, considering the important role of ethics in IS security, the security literature lacks a theoretical and empirical investigation of the relationship between ethical leadership and employees' security behavior, such as information security policy (ISP) violation. Drawing on social learning and social exchange theories, this paper empirically tests the impact of ethical leadership on employees' ISP violation intention through both information security climate (i.e. from a moral manager's perspective) and affective commitment (i.e. from a moral person's perspective).

Design/methodology/approach

The research was developed based on social learning theory and social exchange theory. To measure the variables in the model, the authors used and adapted measurement items from previous studies. The authors conducted a scenario-based survey with 339 valid responses to test and validate the research model.

Findings

Results indicated that information security climate fully mediates the relationship between ethical leadership and ISP violation intention. The authors also found that information security climate enhances the negative effect of affective commitment on ISP violation intention.

Originality/value

This research contributes to the literature of information security by introducing the role of ethical leadership and integrating two theories into our research model. This study also calls attention to how information security climate and affective commitment mediate the relationship between ethical leadership and employees' ISP violation intention. The theory-driven study provides important pragmatic guidance for enhancing the understanding of the importance of ethical leadership in information systems security research.

Details

Organizational Cybersecurity Journal: Practice, Process and People, vol. 1 no. 1
Type: Research Article
ISSN: 2635-0270

Keywords

Open Access
Article
Publication date: 1 February 2024

Meenakshi Handa, Ronika Bhalla and Parul Ahuja

Increasing incidents of privacy invasion on social networking sites (SNS) are intensifying the concerns among stakeholders about the misuse of personal data. However, there seems…

Abstract

Purpose

Increasing incidents of privacy invasion on social networking sites (SNS) are intensifying the concerns among stakeholders about the misuse of personal data. However, there seems to be limited research on exploring the impact of specific privacy concerns on users’ intention to engage in various privacy protection behaviors. This study aims to examine the role of social privacy concerns, institutional privacy concerns and privacy self-efficacy as antecedents of privacy protection–related control activities intention among young adults active on SNS.

Design/methodology/approach

Data collected from 284 young adults active on SNS was analyzed through partial least squares structural equation modeling using Smart PLS.

Findings

The results indicate that institutional privacy concerns, social privacy concerns and privacy self-efficacy positively influence the control activities intention of SNS users. The extent of privacy self-efficacy and privacy protection-related control activities intention differs among users based on gender.

Research limitations/implications

This study is limited to a population of young adults in the age group of 18–25 years.

Practical implications

The findings of this study form the basis for specific recommendations addressing the different types of privacy concerns experienced by social media users, promoting responsible privacy control behaviors on online platforms and discouraging the possible misuse of information by third parties.

Originality/value

This study validates a theoretical framework that can contribute to future investigations concerning the use of SNS. The study findings form the basis for a set of practical recommendations for policymakers, SNS platforms and users.

Details

Vilakshan - XIMB Journal of Management, vol. 21 no. 1
Type: Research Article
ISSN: 0973-1954

Keywords

Open Access
Article
Publication date: 20 October 2022

Deborah Richards, Salma Banu Nazeer Khan, Paul Formosa and Sarah Bankins

To protect information and communication technology (ICT) infrastructure and resources against poor cyber hygiene behaviours, organisations commonly require internal users to…

Abstract

Purpose

To protect information and communication technology (ICT) infrastructure and resources against poor cyber hygiene behaviours, organisations commonly require internal users to confirm they will abide by an ICT Code of Conduct. Before commencing enrolment, university students sign ICT policies, however, individuals can ignore or act contrary to these policies. This study aims to evaluate whether students can apply ICT Codes of Conduct and explores viable approaches for ensuring that students understand how to act ethically and in accordance with such codes.

Design/methodology/approach

The authors designed a between-subjects experiment involving 260 students’ responses to five scenario-pairs that involve breach/non-breach of a university’s ICT policy following a priming intervention to heighten awareness of ICT policy or relevant ethical principles, with a control group receiving no priming.

Findings

This study found a significant difference in students’ responses to the breach versus non-breach cases, indicating their ability to apply the ICT Code of Conduct. Qualitative comments revealed the priming materials influenced their reasoning.

Research limitations/implications

The authors’ priming interventions were inadequate for improving breach recognition compared to the control group. More nuanced and targeted priming interventions are suggested for future studies.

Practical implications

Appropriate application of ICT Code of Conduct can be measured by collecting student/employee responses to breach/non-breach scenario pairs based on the Code and embedded with ethical principles.

Social implications

Shared awareness and protection of ICT resources.

Originality/value

Compliance with ICT Codes of Conduct by students is under-investigated. This study shows that code-based scenarios can measure understanding and suggest that targeted priming might offer a non-resource intensive training approach.

Details

Organizational Cybersecurity Journal: Practice, Process and People, vol. 2 no. 2
Type: Research Article
ISSN: 2635-0270

Keywords

Open Access
Article
Publication date: 20 October 2021

Mikko Vermanen, Minna M. Rantanen and Ville Harkke

This study aims to investigate the ethical issues related to the internet of Things (IoT) deployment in small- and medium-sized enterprises (SMEs) from an individual employee's…

2905

Abstract

Purpose

This study aims to investigate the ethical issues related to the internet of Things (IoT) deployment in small- and medium-sized enterprises (SMEs) from an individual employee's perspective. To provide researchers and practitioners with concrete tools for examining these matters, an ethical framework dedicated to IoT is introduced.

Design/methodology/approach

First, the applicability of Mason's original privacy, accuracy, property and accessibility (PAPA) framework is studied in the IoT context. Second, issue category additions are proposed based on the identified coverage limitations of PAPA.

Findings

While the original PAPA framework can be utilised as a generic ethical evaluation tool, it lacks coverage of several IoT-specific issue areas. To thoroughly address the ethical risks associated with IoT, two additional categories are introduced.

Research limitations/implications

The new framework requires further validation to ensure its applicability and to identify potential modification requirements in continuously evolving IoT ecosystems.

Practical implications

Considering the lack of ethical IoT frameworks, this study provides organisations with a practical framework for analysing the ethical issues in IoT deployment.

Social implications

Ethical standards for IoT have not been sufficiently addressed in the current literature and frameworks, making the ethical considerations dependent on subjective stances. Thus, there is an acute demand for a practical framework that outlines the general ethical standards, helping its users to thoroughly address the potential ethical issues.

Originality/value

While the use of IoT keeps growing in SMEs, there is an apparent lack of ethical guidelines. This study contributes to the gap by introducing a preliminary framework for both practical use and further theoretical development.

Details

Internet Research, vol. 32 no. 7
Type: Research Article
ISSN: 1066-2243

Keywords

Open Access
Article
Publication date: 22 August 2022

Euodia Vermeulen and Sara Grobbelaar

In this article we aim to understand how the network formed by fitness tracking devices and associated apps as a subset of the broader health-related Internet of things is capable…

Abstract

Purpose

In this article we aim to understand how the network formed by fitness tracking devices and associated apps as a subset of the broader health-related Internet of things is capable of spreading information.

Design/methodology/approach

The authors used a combination of a content analysis, network analysis, community detection and simulation. A sample of 922 health-related apps (including manufacturers' apps and developers) were collected through snowball sampling after an initial content analysis from a Google search for fitness tracking devices.

Findings

The network of fitness apps is disassortative with high-degree nodes connecting to low-degree nodes, follow a power-law degree distribution and present with low community structure. Information spreads faster through the network than an artificial small-world network and fastest when nodes with high degree centrality are the seeds.

Practical implications

This capability to spread information holds implications for both intended and unintended data sharing.

Originality/value

The analysis confirms and supports evidence of widespread mobility of data between fitness and health apps that were initially reported in earlier work and in addition provides evidence for the dynamic diffusion capability of the network based on its structure. The structure of the network enables the duality of the purpose of data sharing.

Details

Information Technology & People, vol. 35 no. 8
Type: Research Article
ISSN: 0959-3845

Keywords

Open Access
Book part
Publication date: 9 December 2021

Hartmut Aden

Since the European Union’s (EU) Charter of Fundamental Rights became binding in 2009, data protection has attained the status of a fundamental right (Article 8) throughout the EU…

Abstract

Since the European Union’s (EU) Charter of Fundamental Rights became binding in 2009, data protection has attained the status of a fundamental right (Article 8) throughout the EU. This chapter discusses the relevance of data protection in the context of security. It shows that data protection has been of particular relevance in the German context – not only against the backdrop of rapidly evolving information technology, but also of the historical experiences with political regimes collecting information in order to oppress citizens.

Details

Ethical Issues in Covert, Security and Surveillance Research
Type: Book
ISBN: 978-1-80262-414-4

Keywords

Open Access
Article
Publication date: 27 July 2021

Masatoshi Fujii, Chie Hosomi and Yoshiaki Nose

This study aims to fill the gap in previous research that focuses on the superficial aspects of equity crowdfunding (ECF) campaigns and financial practices by examining financial…

2115

Abstract

Purpose

This study aims to fill the gap in previous research that focuses on the superficial aspects of equity crowdfunding (ECF) campaigns and financial practices by examining financial literacy aspects, such as due diligence and valuation, in terms of factors that influence Japanese individual investors' investments in ECF.

Design/methodology/approach

The status of information disclosure in ECF campaigns is checked. In addition, the feasibility of the initial due diligence and valuation using this information is verified. Specifically, the lack of financial literacy hypothesis is developed and (1) expected market capitalization in the final fiscal year of the business plan and (2) expected returns on investment (IRR: internal rate of return) are estimated.

Findings

ECF campaigns in Japan disclose information equivalent to that obtained by professional venture capitalists. Analysis of the disclosed business plan allows for initial due diligence and valuation. By contrast, due diligence reveals that some projects are unlikely to be listed even if their business plans are met, and others have low IRRs. In addition, a stock acquisition rights project, in which even professional investors are unable to calculate IRRs, is completed at the same rate as a common stock project; this suggests that individual investors lack financial literacy.

Originality/value

Analyzing ECF from financial literacy aspects, such as due diligence and valuation, is unique. Such aspects are essential for private equity investments but have not been addressed in previous studies.

Details

Journal of Capital Markets Studies, vol. 5 no. 1
Type: Research Article
ISSN: 2514-4774

Keywords

Open Access
Book part
Publication date: 9 December 2021

Mark Taylor and Richard Kirkham

A policy of surveillance which interferes with the fundamental right to a private life requires credible justification and a supportive evidence base. The authority for such…

Abstract

A policy of surveillance which interferes with the fundamental right to a private life requires credible justification and a supportive evidence base. The authority for such interference should be clearly detailed in law, overseen by a transparent process and not left to the vagaries of administrative discretion. If a state surveils those it governs and claims the interference to be in the public interest, then the evidence base on which that claim stands and the operative conception of public interest should be subject to critical examination. Unfortunately, there is an inconsistency in the regulatory burden associated with access to confidential patient information for non-health-related surveillance purposes and access for health-related surveillance or research purposes. This inconsistency represents a systemic weakness to inform or challenge an evidence-based policy of non-health-related surveillance. This inconsistency is unjustified and undermines the qualities recognised to be necessary to maintain a trustworthy confidential public health service. Taking the withdrawn Memorandum of Understanding (MoU) between NHS Digital and the Home Office as a worked example, this chapter demonstrates how the capacity of the law to constrain the arbitrary or unwarranted exercise of power through judicial review is not sufficient to level the playing field. The authors recommend ‘levelling up’ in procedural oversight, and adopting independent mechanisms equivalent to those adopted for establishing the operative conceptions of public interest in the context of health research to non-health-related surveillance purposes.

Details

Ethical Issues in Covert, Security and Surveillance Research
Type: Book
ISBN: 978-1-80262-414-4

Keywords

Open Access
Book part
Publication date: 4 June 2021

Anne Cheung

Doxing refers to the intentional public release by a third party of personal data without consent, often with the intent to humiliate, intimidate, harass, or punish the individual…

Abstract

Doxing refers to the intentional public release by a third party of personal data without consent, often with the intent to humiliate, intimidate, harass, or punish the individual concerned. Intuitively, it is tempting to condemn doxing as a crude form of cyber violence that weaponizes personal data. When it is used as a strategy of resistance by the powerless to hold the powerful accountable, however, a more nuanced understanding is called for. This chapter focuses on the doxing phenomenon in Hong Kong, where doxing incidents against police officers and their family members have skyrocketed since 2019 (a 75-fold increase over 2018). It contends that doxing for political purposes is closely related to digital vigilantism, signifying a loss of confidence in the ruling authority and a yearning for an alternative form of justice. The chapter therefore argues that public interest should be recognized as a legal defense in doxing cases when those discharging or entrusted with public duty are the targets. Equally, it is important to confine the categories of personal data disclosed to information necessary to reveal the alleged wrongdoer or wrongdoing. Only in this way can a fair balance be struck between privacy, freedom of expression, and public interest.

Details

The Emerald International Handbook of Technology-Facilitated Violence and Abuse
Type: Book
ISBN: 978-1-83982-849-2

Keywords

Open Access
Article
Publication date: 11 April 2022

Grace Fox, Theo Lynn and Pierangelo Rosati

The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU…

3571

Abstract

Purpose

The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU citizens. This paper presents the GDPR privacy label and uses two empirical studies to examine the effectiveness of this approach in influencing consumers' privacy perceptions and related behavioral intentions.

Design/methodology/approach

The paper tests the efficacy of two GDPR privacy label designs, a consent-based label and a static label. Study 1 examines the effects of each label on perceptions of risk, control and privacy. Study 2 investigates the influence of consumers' privacy perceptions on perceived trustworthiness and willingness to interact with the organization.

Findings

The findings support the potential of GDPR privacy labels for positively influencing perceptions of risk, control, privacy and trustworthiness and enhancing consumers' willingness to transact and disclose data to online organizations.

Practical implications

The findings are useful for organizations required to comply with the GDPR and present a solution to requirements for transparent communications and explicit consent.

Originality/value

This study examines and demonstrates the efficacy of visualized privacy policies in impacting consumer privacy perceptions and behavioral intentions.

Details

Information Technology & People, vol. 35 no. 8
Type: Research Article
ISSN: 0959-3845

Keywords

1 – 10 of 572