Search results
1 – 10 of over 5000Hao Chen and Yufei Yuan
Protection motivation theory (PMT) explains that the intention to cope with information security risks is based on informed threat and coping appraisals. However, people cannot…
Abstract
Purpose
Protection motivation theory (PMT) explains that the intention to cope with information security risks is based on informed threat and coping appraisals. However, people cannot always make appropriate assessments due to possible ignorance and cognitive biases. This study proposes a research model that introduces four antecedent factors from ignorance and bias perspectives into the PMT model and empirically tests this model with data from a survey of electronic waste (e-waste) handling.
Design/methodology/approach
The data collected from 356 Chinese samples are analyzed via structural equation modeling (SEM).
Findings
The results revealed that for threat appraisal, optimistic bias leads to a lower perception of risks. However, factual ignorance (lack of knowledge of risks) does not significantly affect the perceived threat. For coping appraisal, practical ignorance (lack of knowledge of coping with risks) leads to low response efficacy and self-efficacy and high perceptions of coping cost, but the illusion of control overestimates response efficacy and self-efficacy.
Originality/value
First, this study addresses a new type of information security problem in e-waste handling. Second, this study extends the PMT model by exploring the roles of ignorance and bias as antecedents. Finally, the authors reinvestigate the basic constructs of PMT to identify how rational threat and coping assessments affect user intentions to cope with data security risks.
Details
Keywords
Abstract
Purpose
Based on the cognition–affect–conation pattern, this study explores the factors that affect the intention to use facial recognition services (FRS). The study adopts the driving factor perspective to examine how network externalities influence FRS use intention through the mediating role of satisfaction and the barrier factor perspective to analyze how perceived privacy risk affects FRS use intention through the mediating role of privacy cynicism.
Design/methodology/approach
The data collected from 478 Chinese FRS users are analyzed via partial least squares-based structural equation modeling (PLS-SEM).
Findings
The study produces the following results. (1) FRS use intention is motivated directly by the positive affective factor of satisfaction and the negative affective factor of privacy cynicism. (2) Satisfaction is affected by cognitive factors related to network externalities. Perceived complementarity and perceived compatibility, two indirect network externalities, positively affect satisfaction, whereas perceived critical mass, a direct network externality, does not significantly affect satisfaction. In addition, perceived privacy risk generates privacy cynicism. (3) Resistance to change positively moderates the relationship between privacy cynicism and intention to use FRS.
Originality/value
This study extends knowledge on people's use of FRS by exploring affect- and cognitive-based factors and finding that the affect-based factors (satisfaction and privacy cynicism) play fully mediating roles in the relationship between the cognitive-based factors and use intention. This study also expands the cognitive boundaries of FRS use by exploring the functional condition between affect-based factors and use intention, that is, the moderating role of resistance to use.
Details
Keywords
Tripti Singh, Allen C. Johnston, John D'Arcy and Peter D. Harms
The impact of stress on personal and work-related outcomes has been studied in the information systems (IS) literature across several professions. However, the cybersecurity…
Abstract
Purpose
The impact of stress on personal and work-related outcomes has been studied in the information systems (IS) literature across several professions. However, the cybersecurity profession has received little attention despite numerous reports suggesting stress is a leading cause of various adverse professional outcomes. Cybersecurity professionals work in a constantly changing adversarial threat landscape, are focused on enforcement rather than compliance, and are required to adhere to ever-changing industry mandates – a work environment that is stressful and has been likened to a war zone. Hence, this literature review aims to reveal gaps and trends in the current extant general workplace and IS-specific stress literature and illuminate potentially fruitful paths for future research focused on stress among cybersecurity professionals.
Design/methodology/approach
Using the systematic literature review process (Okoli and Schabram, 2010), the authors examined the current IS research that studies stress in organizations. A disciplinary corpus was generated from IS journals and conferences encompassing 30 years. The authors analyzed 293 articles from 21 journals and six conferences to retain 77 articles and four conference proceedings for literature review.
Findings
The findings reveal four key research opportunities. First, the demands experienced by cybersecurity professionals are distinct from the demands experienced by regular information technology (IT) professionals. Second, it is crucial to identify the appraisal process that cybersecurity professionals follow in assessing security demands. Third, there are many stress responses from cybersecurity professionals, not just negative responses. Fourth, future research should focus on stress-related outcomes such as employee productivity, job satisfaction, job turnover, etc., and not only security compliance among cybersecurity professionals.
Originality/value
This study is the first to provide a systematic synthesis of the IS stress literature to reveal gaps, trends and opportunities for future research focused on stress among cybersecurity professionals. The study presents several novel trends and research opportunities. It contends that the demands experienced by cybersecurity professionals are distinct from those experienced by regular IT professionals and scholars should seek to identify the key characteristics of these demands that influence their appraisal process. Also, there are many stress responses, not just negative responses, deserving increased attention and future research should focus on unexplored stress-related outcomes for cybersecurity professionals.
Details
Keywords
The objective of this chapter is to discuss how different techniques in Regional Science and Peace Science and the emerging techniques in Management Science can be used in…
Abstract
The objective of this chapter is to discuss how different techniques in Regional Science and Peace Science and the emerging techniques in Management Science can be used in analysing Disaster Management and Global pandemic with special reference to developing countries. It is necessary for me to first discuss the subjects of Disaster Management, Regional Science, Peace Science and Management Science. The objective of this chapter is to emphasise that the studies of Disaster Management should be more integrated with socioeconomic and geographical factors. The greatest disaster facing the world is the possibility of war, particularly nuclear war, and the preparation of the means of destruction through military spending.
Details
Keywords
Renata Konrad, Solomiya Sorokotyaha and Daniel Walker
Conflict and violence are the main drivers of globally escalating humanitarian needs. Local grassroots initiatives are pivotal in distributing humanitarian supplies in the acute…
Abstract
Purpose
Conflict and violence are the main drivers of globally escalating humanitarian needs. Local grassroots initiatives are pivotal in distributing humanitarian supplies in the acute response phase until more established humanitarian aid organizations can enter. Nevertheless, scant research exists regarding the role of grassroots associations in providing humanitarian assistance during a military conflict. The purpose of this paper is to understand the role of grassroots associations and identify important themes for effective operations.
Design/methodology/approach
This paper adopts a case-study approach of three Ukrainian grassroots associations that began operating in the immediate days of the full-scale invasion of Ukraine. The findings are based on analyzing primary sources, including interviews with Ukrainian volunteers, and are supported by secondary sources.
Findings
Grassroots associations have local contacts and a contextual understanding of population needs and can respond more rapidly and effectively than large intergovernmental agencies. Four critical themes regarding the operations of grassroots associations emerged: information management, inventory management, coordination and performance measurement. Grassroots humanitarian response operations during conflict are challenged by personal security risks, the unpredictability of unsolicited supplies, emerging volunteer roles, dynamic transportation routes and shifting demands.
Originality/value
Grassroots responses are central to humanitarian responses during the acute phase of a military conflict. By examining the operations of grassroots associations in the early months of the 2022 war in Ukraine, the authors provide a unique perspective on humanitarian logistics. Nonetheless, more inclusive models of humanitarian responses are needed to harness the capacities and resilience of grassroots operations in practice.
Details
Keywords
Effective information security management (ISM) contributes to building a healthy organizational digital ecology. However, few studies have built an analysis framework for…
Abstract
Purpose
Effective information security management (ISM) contributes to building a healthy organizational digital ecology. However, few studies have built an analysis framework for critical influencing factors to discuss the combined influence mechanism of multiple factors on ISM performance (ISMP). This study aims to explore the critical success factors and understand how these factors contribute to ISMP.
Design/methodology/approach
This study used a mixed-method approach to achieve this study’s research goals. In Study 1, the authors conducted a qualitative analysis to take a series of International Organization for Standardization/International Electrotechnical Commission standard documents as the basis to refine the critical factors that may influence organizations’ ISMP. In Study 2, the authors built a research model based on the organizational control perspective and used the survey-based partial least squares-based structural equation modeling (PLS-SEM) approach to understand the relationships between these factors in promoting ISMP. In Study 3, the authors used the fuzzy set qualitative comparative analysis (fsQCA) method to empirically analyze the complex mechanisms of how the combinations of the factors affect ISMP.
Findings
The following three research findings are obtained. First, based on the text-based qualitative analysis, the authors refined the critical success factors that may increase ISMP, including information security policies (ISP), top management support (TMS), alignment (ALI), information security risk assessment (IRA), information security awareness (ISA) and information security culture (ISC). Second, the PLS-SEM testing results confirmed TMS is the antecedent variable motivating organization’s formation (ISP) and information control (ISC) approaches; these two types of organization control approaches increase IRA, ISA and ALI and then promote ISMP directly and indirectly. Third, the fsQCA testing results found two configurations that can achieve high ISMP and one driving path that leads to non-high ISMP.
Originality/value
This study extends knowledge by exploring configuration factors to improve or impede the performances of organizations’ ISM. To the best of the authors’ knowledge, this study is one of the first to explore the use of the fsQCA approach in information security studies, and the results not only revealed causal associations between single factors but also highlighted the critical role of configuration factors in developing organizational ISMP. This study calls attention to information security managers of an organization should highlight the combined effect between the factors and reasonably allocate organizational resources to achieve high ISMP.
Details
Keywords
Călin Mihail Rangu, Leonardo Badea, Mircea Constantin Scheau, Larisa Găbudeanu, Iulian Panait and Valentin Radu
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented…
Abstract
Purpose
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.
Design/methodology/approach
The authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.
Findings
The study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.
Research limitations/implications
This research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.
Practical implications
Proposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.
Originality/value
The study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.
Details
Keywords
Rosemarie Santa González, Marilène Cherkesly, Teodor Gabriel Crainic and Marie-Eve Rancourt
This study aims to deepen the understanding of the challenges and implications entailed by deploying mobile clinics in conflict zones to reach populations affected by violence and…
Abstract
Purpose
This study aims to deepen the understanding of the challenges and implications entailed by deploying mobile clinics in conflict zones to reach populations affected by violence and cut off from health-care services.
Design/methodology/approach
This research combines an integrated literature review and an instrumental case study. The literature review comprises two targeted reviews to provide insights: one on conflict zones and one on mobile clinics. The case study describes the process and challenges faced throughout a mobile clinic deployment during and after the Iraq War. The data was gathered using mixed methods over a two-year period (2017–2018).
Findings
Armed conflicts directly impact the populations’ health and access to health care. Mobile clinic deployments are often used and recommended to provide health-care access to vulnerable populations cut off from health-care services. However, there is a dearth of peer-reviewed literature documenting decision support tools for mobile clinic deployments.
Originality/value
This study highlights the gaps in the literature and provides direction for future research to support the development of valuable insights and decision support tools for practitioners.
Details