Search results
1 – 10 of over 10000Elham Rostami, Fredrik Karlsson and Shang Gao
This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs).
Abstract
Purpose
This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs).
Design/methodology/approach
This study used a design science research approach, drawing on design knowledge from the field of situational method engineering. The conceptual model was developed as a unified modeling language class diagram using existing ISPs from public agencies in Sweden.
Findings
This study’s demonstration as proof of concept indicates that the conceptual model can be used to create free-standing modules that provide guidance about information security in relation to a specific work task and that these modules can be used across multiple tailored ISPs. Thus, the model can be considered as a step toward developing software to tailor ISPs.
Research limitations/implications
The proposed conceptual model bears several short- and long-term implications for research. In the short term, the model can act as a foundation for developing software to design tailored ISPs. In the long term, having software that enables tailorable ISPs will allow researchers to do new types of studies, such as evaluating the software's effectiveness in the ISP development process.
Practical implications
Practitioners can use the model to develop software that assist information security managers in designing tailored ISPs. Such a tool can offer the opportunity for information security managers to design more purposeful ISPs.
Originality/value
The proposed model offers a detailed and well-elaborated starting point for developing software that supports modularizing and tailoring of ISPs.
Details
Keywords
Martin Karlsson, Fredrik Karlsson, Joachim Åström and Thomas Denk
This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers.
Abstract
Purpose
This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers.
Design/methodology/approach
The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy, market and bureaucracy.
Findings
The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance.
Research limitations/implications
The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance.
Practical implications
Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations.
Originality/value
Few information security policy compliance studies exist on the consequences of different organizational/information cultures.
Details
Keywords
Elham Rostami, Fredrik Karlsson and Ella Kolkowska
The purpose of this paper is to survey existing information security policy (ISP) management research to scrutinise the extent to which manual and computerised support has been…
Abstract
Purpose
The purpose of this paper is to survey existing information security policy (ISP) management research to scrutinise the extent to which manual and computerised support has been suggested, and the way in which the suggested support has been brought about.
Design/methodology/approach
The results are based on a literature review of ISP management research published between 1990 and 2017.
Findings
Existing research has focused mostly on manual support for managing ISPs. Very few papers have considered computerised support. The entire complexity of the ISP management process has received little attention. Existing research has not focused much on the interaction between the different ISP management phases. Few research methods have been used extensively and intervention-oriented research is rare.
Research limitations/implications
Future research should to a larger extent address the interaction between the ISP management phases, apply more intervention research to develop computerised support for ISP management, investigate to what extent computerised support can enhance integration of ISP management phases and reduce the complexity of such a management process.
Practical implications
The limited focus on computerised support for ISP management affects the kind of advice and artefacts the research community can offer to practitioners.
Originality/value
Today, there are no literature reviews on to what extent computerised support the ISP management process. Findings on how the complexity of ISP management has been addressed and the research methods used extend beyond the existing knowledge base, allowing for a critical discussion of existing research and future research needs.
Details
Keywords
Rob Vluggen, Relus Kuijpers, Janjaap Semeijn and Cees J. Gelderman
Social return on investment (SROI) is a systematic way of incorporating social values of different stakeholders into public sector decision-making on sustainability. This study…
Abstract
Purpose
Social return on investment (SROI) is a systematic way of incorporating social values of different stakeholders into public sector decision-making on sustainability. This study aims to identify salient factors that influence SROI implementation.
Design/methodology/approach
The interactions of four Dutch municipalities and their social enterprises were examined, by analyzing relevant documents and interviewing key actors.
Findings
External forces appear to have little influence on SROI implementation. Management systems, legal restrictions in relation to privacy and the administrative burden appear to hinder SROI implementation. Findings suggest that trust among the parties involved and their representatives is a major driver for SROI development. SROI is not measured well enough, which complicates analyzing and reporting its development.
Research limitations/implications
Achieving collaboration through trust is a characteristic of stewardship theory, and therefore useful for studying social sustainability. Combining agency and stewardship theory provides useful insights concerning the application of control mechanisms versus empowerment.
Practical implications
Barriers can be overcome by informing and engaging suppliers in SROI initiatives. Furthermore, findings of this study suggest that it is easier for municipalities to incorporate SROI when social firm activities are insourced. An independent procurement function stimulates SROI development. Engaged professionals can make the difference in SROI policy implementation, more so than written policies.
Social implications
SROI enables social sustainability. SROI can be used by public agencies to provide meaningful activities for the long-term unemployed and underprivileged adolescents.
Originality/value
The study is the first empirical work that relates public procurement to SROI implementation and its effect on suppliers. The findings provide valuable insights into government influence on social enterprises.
Details
Keywords
Songhee Kim, Jaeuk Khil and Yu Kyung Lee
This paper aims to investigate the impact of corporate dividend policy on the capital structure in the Korean stock market. To distinctly discern the voluntariness of changes in…
Abstract
This paper aims to investigate the impact of corporate dividend policy on the capital structure in the Korean stock market. To distinctly discern the voluntariness of changes in corporate dividend policy, we analyze companies that, following a substantial increase, do not reduce dividends for the subsequent two years or, after a significant decrease, do not raise dividends for the following two years. Our empirical findings indicate that companies that increase dividends experience a significant decrease in both book and market leverage, even after controlling for variables such as target leverage ratios. This result suggests that a large increase in dividends can effectively reduce information asymmetry, leading to a lower cost of equity. On the contrary, after a decrease in dividends, both book leverage and market leverage significantly increase, revealing a symmetric relationship between dividend policy and capital structure. In conclusion, large dividend increases in Korean companies not only reduce information asymmetry but also lower the cost of equity capital, resulting in observable changes in the leverage ratio.
Details
Keywords
Elham Rostami and Fredrik Karlsson
This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for…
Abstract
Purpose
This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.
Design/methodology/approach
A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.
Findings
The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.
Research limitations/implications
The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.
Practical implications
The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.
Originality/value
The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.
Details
Keywords
This study aims to investigate how a policy framework can be applied in the use of artificial intelligence (AI) for the management of records at the Council for Scientific and…
Abstract
Purpose
This study aims to investigate how a policy framework can be applied in the use of artificial intelligence (AI) for the management of records at the Council for Scientific and Industrial Research (CSIR) in South Africa. A policy and legal framework enables the records divisions to protect, administer and make their records available in a safe and professional way. Policies play a crucial role in ensuring that records are properly managed.
Design/methodology/approach
Convergent mixed-methods research was conducted, and data were collected using interviews and questionnaires. Data were analysed thematically and statistically and presented in tables and figures.
Findings
The study reveals that the policy framework should also include the application of AI for the management of records. Therefore, this study further concludes that the CSIR should review their policy framework to ensure the application of AI for the management of records is accommodated.
Originality/value
The study proposed a framework to guide the application of the policy framework in using AI for the management of records at CSIR. It is hoped that the proposed framework will serve as a guideline for the implementation of a policy framework in the utilisation of AI in the archives and records management sector.
Details
Keywords
Lovisa Göransson Ording, Shang Gao and Weifeng Chen
The purpose of this paper is to investigate what role literature-based inputs have on the information security policy (ISP) development in practice.
Abstract
Purpose
The purpose of this paper is to investigate what role literature-based inputs have on the information security policy (ISP) development in practice.
Design/methodology/approach
A literature review is carried out to identify commonly used inputs for ISP development in theory firstly. Secondly, through the lens of institutional theory, an interpretive approach is adapted to study the influence of literature-based inputs in the ISP development in practice. Semi-structured interviews with senior experienced information security officers and managers from the public sector in Sweden are carried out for this research.
Findings
According to the literature review, 10 inputs for ISP development have been identified. The results from the interviews indicate that the role inputs have on the ISP development serves as more than a rational tool, where organisational context, institutional pressures and the search for legitimacy play an important role.
Research limitations/implications
From the institutional perspective, this study signifies the influence of inputs on ISP development can be derived from institutionalised rules or practices established by higher authorities; actions and practices that are perceived as successful and often used by other organisations; the beliefs of what is viewed as appropriate to meet the specific pressures from stakeholders.
Practical implications
This research recommends five practical implications for practitioners working with the ISP development. These recommendations aim to create an understanding of how an ISP could be developed, considering more than the rational functionalist perspective.
Originality/value
To the best of the authors’ knowledge, it is the first of its kind in examining the role of literature-based inputs in ISP development in practice through the lens of institutional theory.
Details
Keywords
Redeemer Krah and Gerard Mertens
The study investigates the influence of financial transparency on citizens' trust and revenue paying behaviour of citizens of local governments in sub-Saharan Africa. It relies on…
Abstract
Purpose
The study investigates the influence of financial transparency on citizens' trust and revenue paying behaviour of citizens of local governments in sub-Saharan Africa. It relies on the theories of stewardship and public choice in explaining the relationship between financial transparency, trust and willingness to pay.
Design/methodology/approach
The study applied a Partial Least Square Structural Equation Model (PLS-SEM) to survey data of 404 respondents selected from four Metropolitan and Municipal Assemblies of Ghana to test the hypotheses of the study.
Findings
It establishes the fact that financial transparency positively influences trust of citizens in local government and their willingness to pay taxes and levies. The study also found that both financial transparency and trust are low in the local governments of Ghana.
Practical implications
The study emphasises the importance of financial transparency in improving trust and willingness to pay. Thus, local governments are encouraged to seek innovative ways to enhance the quality and access to financial information by the citizens.
Originality/value
While prior studies focus on the measurement and determinant of financial transparency, this study links financial transparency to revenue mobilisation in the local government of sub-Saharan Africa.
Details
Keywords
Lemma Lessa and Daniel Gebrehawariat
This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an…
Abstract
Purpose
This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.
Design/methodology/approach
Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.
Findings
The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.
Originality/value
This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.
Details