Search results

This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.

A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.

The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.

The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.

The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.

The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.

This pan-Canadian study examines the information practices of STEM-trained immigrant women to Canada as they navigate workfinding and workplace integration. Our study focuses on a population of highly skilled immigrant women from across Canada and uses an information practice lens to examine their lived experiences of migration and labour market integration. As highly trained STEM professionals in pursuit of employment, our participants have specific needs and challenges, and as we explore these, we consider the intersection of their information practices with government policies, settlement services and the hiring practices of STEM employers.

We conducted a qualitative study using in-depth interviews with 74 immigrant women across 13 Canadian provinces and territories to understand the nature of their engagement with employment-seeking in STEM sectors. This article reports the findings related to the settlement and information experiences of the immigrant women as they navigate new information landscapes.

As immigrants, as women and as STEM professionals, the experiences of the 74 participants reflect both marginality and privilege. The reality of their intersectional identities is that these women may not be well-served by broader settlement resources targeting newcomers, but neither are the specific conventions of networking and job-seeking in the STEM sectors in Canada fully apparent or accessible to them. The findings also point to the broader systemic and contextual factors that participants have to navigate and that shape in a major way their workfinding journeys.

The findings of this pan-Canadian study have theoretical and practical implications for policy and research. Through interviews with these STEM professionals, we highlight the barriers and challenges of an under-studied category of migrants (the highly skilled and “desirable” type of immigrants). We provide a critical discussion of their settlement experiences and expose the idiosyncrasies of a system that claims to value skilled talent while structurally making it very difficult to deliver on its promises to recruit and retain highly qualified personnel. Our findings point to specific aspects of these skilled professionals’ experiences, as well as the broader systemic and contextual factors that shape their workfinding journey.

The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.

Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.

Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.

This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.

This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity practices within organizations for cybersecurity risk management through a systematic literature review (SLR) approach.

This SLR adhered to RepOrting Standards for Systematics Evidence Syntheses (ROSES) publication standards and used various research approaches. The study’s article selection process involved using Scopus, one of the most important scientific databases, to review articles published between 2014 and 2023.

This review identified the four main themes: individual factors, organizational factors, technological factors and governmental role. In addition, nine subthemes that relate to these primary topics were established.

This research sheds light on the multifaceted nature of cybersecurity by exploring factors influencing implementation and developing an improvement framework, offering valuable insights for researchers to advance theoretical developments, assisting industry practitioners in tailoring cybersecurity strategies to their needs and providing policymakers with a basis for creating more effective cybersecurity regulations and standards.

The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society.

This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness.

The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively.

The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others.

This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

Because of growing corporate tax scandals, there is an enhanced focus on corporate taxation by governments, institutions and the general public. Transparency in tax matters has been identified as critical for effectively managing and promoting socially responsible tax behaviour. This study aims to explore the impact of ownership structure, board and audit committee characteristics on corporate tax responsibility (CTR) disclosure.

This research collected data from the annual reports of Pakistani-listed firms over 12 years, from 2009 to 2020. Consequently, the data set encompasses a total of 1,800 firm-year observations. This study uses regression analysis to test the relationship between corporate governance and CTR disclosure.

The results show that board gender diversity, managerial ownership and audit committee independence promote tax responsibility disclosure. In contrast, family board membership, CEO duality, foreign ownership and family ownership negatively impact tax responsibility disclosure. Additional analyses reveal the specific information categories that produce the overall effects on tax responsibility disclosure and assess the moderating impact of family firms on the governance and CTR disclosure nexus.

Corporations can use the results to encourage practices that enhance transparency and improve the quality of disclosures. Regulatory authorities can use the findings to stipulate better protocols. Doing so will be vital for developing countries such as Pakistan to improve tax revenue and cultivate economic growth.

While this research represents, to the best of the authors’ knowledge, one of the first empirical investigations of the association between corporate governance and CTR, the results contribute to the corporate governance literature and offer fresh insights into CTR, an emerging dimension of corporate social responsibility.

Security education, training and awareness (SETA) programs are the key to addressing “people problems” in information systems (IS) security. Contrary to studies using conventional methods, the present study leveraged an “event” lens and dimensionalized employees' perceptions into three sub-dimensions: perceived novelty, perceived disruption and perceived criticality. Moreover, this research went a step further by examining how pedagogical and communication approaches to a SETA program affect employees' perceptions of the program. This study then investigated whether – and if so, how – these approaches impact employees' perceptions of the SETA program and their subsequent commitment to it.

Utilizing a factorial-based scenario survey, this study empirically tested a model of the above relationships via covariance-based structural equation modeling.

The results of this research showed that pedagogical approaches were more effective than communication approaches and that employees' perceptions of the SETA program accounted for a large variance in their commitment to SETA.

First, this research deepens understanding of the protection of information assets by elaborating on the different approaches that organizations can take to encourage employees' commitment to SETA. Second, the study enriches the SETA literature by theorizing a SETA program as an organizational “event”, which represents a major shift from the conventional approach. Third, the study adds to the theoretical knowledge of the event lens by extending it to the SETA context and investigating the relationship among three event strength components.

The adoption of residential rooftop solar panel systems (SPS) in India is at a nascent stage. Therefore, this study aimed to examine the factors affecting consumers’ intention to purchase SPS by expanding the theory of planned behavior (TPB) with three environmental psychology factors. The study was targeted at potential users’ intention to purchase SPS, thus it further explored the moderating role of perceived government subsidy policy (PGSP) in determining consumers’ purchase intention of SPS.

Using G*power software, the minimum sample size of 189 was calculated; accordingly, 292 valid responses were gathered from potential users of SPS from three Indian states, namely Rajasthan, Punjab and Haryana, via an online questionnaire survey with the help of purposive sampling method. Structural equation modeling technique of partial least squares was employed to analyze the data.

Results demonstrated that attitude, subjective norms, perceived behavioral control, perceived consumer effectiveness (PCE) and PGSP significantly influence purchase intention of SPS. Green trust and green self-identity did not influence the purchase intention of SPS. Further, PGSP strengthens the effect of attitude, green trust, PCE on purchase intention of SPS while it weakens the effect of subjective norms on purchase intention of SPS.

This study contributes to the existing literature by integrating green trust, green self-identity, PCE and PGSP into the TPB model to better understand factors affecting consumers’ purchase intention towards SPS in India.

Research on employee non-/compliance to information security policies suffers from inconsistent results and there is an ongoing discussion about the dominating survey research methodology and its potential effect on these results. This study aims to add to this discussion by investigating discrepancies between what the authors claim to measure (theoretical properties of variables) and what they actually measure (respondents’ interpretations of the operationalized variables). This study asks: How well do respondents’ interpretations of variables correspond to their theoretical definitions? What are the characteristics of any discrepancies between variable definitions and respondent interpretations?

This study is based on in-depth interviews with 17 respondents from the Swedish public sector to understand how they interpret questionnaire measurement items operationalizing the variables Perceived Severity from Protection Motivation Theory and Attitude from Theory of Planned Behavior.

The authors found that respondents’ interpretations in many cases differ substantially from the theoretical definitions. Overall, the authors found four principal ways in which respondents interpreted measurement items – referred to as property contextualization, extension, alteration and oscillation – each implying more or less (dis)alignment with the intended theoretical properties of the two variables examined.

The qualitative method used proved vital to better understand respondents’ interpretations which, in turn, is key for improving self-reporting measurement instruments. To the best of the authors’ knowledge, this study is a first step toward understanding how precise and uniform definitions of variables’ theoretical properties can be operationalized into effective measurement items.