Search results
1 – 10 of over 1000The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is…
Abstract
Purpose
The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society.
Design/methodology/approach
This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness.
Findings
The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively.
Social implications
The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others.
Originality/value
This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.
Details
Keywords
This paper aims to investigate cyber security awareness of the staff of Estonian libraries and gives an overview why libraries could be a target of cyber attacks and why…
Abstract
Purpose
This paper aims to investigate cyber security awareness of the staff of Estonian libraries and gives an overview why libraries could be a target of cyber attacks and why librarians need cyber security at first place.
Design/methodology/approach
The data used in this paper is based on a review of relevant literature to provide an overview of the concept of cyber security, and the results of the original online survey created by the paper’s author, conducted among Estonian librarians. The online questionnaire was developed using the world-recognised human aspects of information security questionnaire (HAIS-Q), which is based on the knowledge-attitudes-behaviour (KAB) methodology. A total of 388 completed questionnaires were returned from employees of academic, specialised, public and school libraries. The results are interpreted on the basis of descriptive statistics and Kruger and Kearney approach.
Findings
The final score of library employees is 86, which is classified as good, but based on the result, two focus areas need more attention than previously, which are the use of devices and prevention and handling of incidents.
Originality/value
The cyber behaviour of library employees has not been widely studied in the world using HAIS-Q and KAB models, and to the best of the authors’ knowledge, no research has been previously carried out in the Estonian library context into cyber security awareness.
Details
Keywords
Thi Huyen Pham, Thuy-Anh Phan, Phuong-Anh Trinh, Xuan Bach Mai and Quynh-Chi Le
This study aims to ascertain the impact of data collecting awareness on perceived information security concerns and information-sharing behavior on social networking sites.
Abstract
Purpose
This study aims to ascertain the impact of data collecting awareness on perceived information security concerns and information-sharing behavior on social networking sites.
Design/methodology/approach
Based on communication privacy management theory, the study forecasted the relationship between information-sharing behavior and awareness of data collecting purposes, data collection tactics and perceived security risk using structural equation modeling analysis and one-way ANOVA. The sample size of 521 young social media users in Vietnam, ages 18 to 34, was made up of 26.7% men and 73.3% women. When constructing the questionnaire survey method with lone source respondents, the individual’s unique awareness and experiences with using online social networks (OSNs) were taken into account.
Findings
The results of the investigation demonstrate a significant relationship between information-sharing and awareness of data collecting, perceptions of information security threats and behavior. Social media users have used OSN privacy settings and paid attention to the sharing restriction because they are concerned about data harvesting.
Research limitations/implications
This study was conducted among young Vietnamese social media users, reflecting specific characteristics prevalent in the Vietnamese environment, and hence may be invalid in other nations’ circumstances.
Practical implications
Social media platform providers should improve user connectivity by implementing transparent privacy policies that allow users to choose how their data are used; have clear privacy statements and specific policies governing the use of social media users’ data that respect users’ consent to use their data; and thoroughly communicate how they collect and use user data while promptly detecting any potential vulnerabilities within their systems.
Originality/value
The authors ascertain that the material presented in this manuscript will not infringe upon any statutory copyright and that the manuscript will not be submitted elsewhere while under Journal of Information, Communication and Ethics in Society review.
Details
Keywords
Mustafa Saritepeci, Hatice Yildiz Durak, Gül Özüdoğru and Nilüfer Atman Uslu
Online privacy pertains to an individual’s capacity to regulate and oversee the gathering and distribution of online information. Conversely, online privacy concern (OPC) pertains…
Abstract
Purpose
Online privacy pertains to an individual’s capacity to regulate and oversee the gathering and distribution of online information. Conversely, online privacy concern (OPC) pertains to the protection of personal information, along with the worries or convictions concerning potential risks and unfavorable outcomes associated with its collection, utilization and distribution. With a holistic approach to these relationships, this study aims to model the relationships between digital literacy (DL), digital data security awareness (DDSA) and OPC and how these relationships vary by gender.
Design/methodology/approach
The participants of this study are 2,835 university students. Data collection tools in the study consist of personal information form and three different scales. Partial least squares (PLS), structural equation modeling (SEM) and multi-group analysis (MGA) were used to test the framework determined in the context of the research purpose and to validate the proposed hypotheses.
Findings
DL has a direct and positive effect on digital data security awareness (DDSA), and DDSA has a positive effect on OPC. According to the MGA results, the hypothesis put forward in both male and female sub-samples was supported. The effect of DDSA on OPC is higher for males.
Originality/value
This study highlights the positive role of DL and perception of data security on OPC. In addition, MGA findings by gender reveal some differences between men and women.
Peer review
The peer review history for this article is available at: https://publons.com/publon/10.1108/OIR-03-2023-0122
Details
Keywords
Binh Huu Nguyen and Huong Nguyen Quynh Le
This study aims to investigate the moderating role of sociodemographic factors, specifically age and education level, in the knowledge-attitude-behavior (KAB) model concerning…
Abstract
Purpose
This study aims to investigate the moderating role of sociodemographic factors, specifically age and education level, in the knowledge-attitude-behavior (KAB) model concerning information security awareness (ISA) amid growing technological threats.
Design/methodology/approach
This study uses a survey methodology, collecting data from 400 working individuals in Vietnam, to test the applicability of the KAB model and evaluate the moderating effects of age and education on the model’s established relationships. In addition, the theoretical model and hypotheses were evaluated using the partial least squares structural equation model (PLS-SEM) approach.
Findings
This research confirms the relationships posited in the KAB model. Notably, it shows that younger employees showcase a more positive attitude and behavior toward information security compared with their older counterparts. In addition, higher education levels strengthen the positive association between information security knowledge and attitude. The findings underscore the imperative for organizations to consider sociodemographic variables when formulating strategies to enhance ISA.
Originality/value
This study extends the KAB model by exploring the impact of sociodemographic factors, focusing on age and education in ISA. Overcoming the oversight in current literature, particularly in the context of technological threats, the research uses PLS-SEM and targets a specific demographic in Vietnam.
Details
Keywords
Ahmed Shehata and Metwaly Eldakar
Social engineering is crucial in today’s digital landscape. As technology advances, malicious individuals exploit human judgment and trust. This study explores how age, education…
Abstract
Purpose
Social engineering is crucial in today’s digital landscape. As technology advances, malicious individuals exploit human judgment and trust. This study explores how age, education and occupation affect individuals’ awareness, skills and perceptions of social engineering.
Design/methodology/approach
A quantitative research approach was used to survey a diverse demographic of Egyptian society. The survey was conducted in February 2023, and the participants were sourced from various Egyptian social media pages covering different topics. The collected data was analyzed using descriptive and inferential statistics, including independent samples t-test and ANOVA, to compare awareness and skills across different groups.
Findings
The study revealed that younger individuals and those with higher education tend to research social engineering more frequently. Males display a higher level of awareness but score lower in terms of social and psychological consequences as well as types of attacks when compared to females. The type of attack cannot be predicted based on age. Higher education is linked to greater awareness and ability to defend against attacks. Different occupations have varying levels of awareness, skills, and psychosocial consequences. The study emphasizes the importance of increasing awareness, education and implementing cybersecurity measures.
Originality/value
This study’s originality lies in its focus on diverse Egyptian demographics, innovative recruitment via social media, comprehensive exploration of variables, statistical rigor, practical insights for cybersecurity education and diversity in educational and occupational backgrounds.
Details
Keywords
A research line has emerged that is concerned with investigating human factors in information systems and cyber-security in organizations using various behavioural and…
Abstract
Purpose
A research line has emerged that is concerned with investigating human factors in information systems and cyber-security in organizations using various behavioural and socio-cognitive theories. This study aims to explore human and contextual factors influencing cyber security behaviour in organizations while drawing implications for cyber-security in higher education institutions.
Design/methodology/approach
A systematic literature review has been implemented. The reviewed studies have revealed various human and contextual factors that influence cyber-security behaviour in organizations, notably higher education institutions.
Research limitations/implications
This review study offers practical implications for constructing and keeping a robust cyber-security organizational culture in higher education institutions for the sustainable development goals of cyber-security training and education.
Originality/value
The value of the current review arises in that it presents a comprehensive account of human factors affecting cyber-security in organizations, a topic that is rarely investigated in previous related literature. Furthermore, the current review sheds light on cyber-security in higher education from the weakest link perspective. Simultaneously, the study contributes to relevant literature by gaining insight into human factors and socio-technological controls related to cyber-security in higher education institutions.
Details
Keywords
Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and…
Abstract
Purpose
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.
Design/methodology/approach
This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.
Findings
This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.
Originality/value
The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.
Details
Keywords
Tuğçe Karayel, Bahadır Aktaş and Adem Akbıyık
The purpose of this paper is to investigate the cyber hygiene practices of remote workers.
Abstract
Purpose
The purpose of this paper is to investigate the cyber hygiene practices of remote workers.
Design/methodology/approach
This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory, developed within this paper’s context, to evaluate the cybersecurity measures adopted by organizations for remote workers. It was conducted on remote workers to examine their information security practices. The instrument was administered to a sample of 442 employees reached via the LinkedIn platform. Analyses were performed with SPSS v26, Python programming language and Seaborn library.
Findings
The findings indicate a significant correlation between the security measures implemented by companies and their employees’ cyber hygiene practices. A sector comparison revealed a significant difference in cyber hygiene levels between public and private sector workers.
Research limitations/implications
This paper aims to provide policymakers with suggestions for enhancing the cyber hygiene of remote workers to facilitate compliance with corporate security protocols.
Originality/value
This paper’s conclusions highlight the importance of companies increasing their cybersecurity investments as remote work becomes more prevalent. This should consider not only corporate-level factors but also employees' information and computer security behaviors.
Details
Keywords
Mohan Thite and Ramanathan Iyer
Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information…
Abstract
Purpose
Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information technology (IT)-centric solutions to secure and strengthen their information security ecosystem. Unfortunately, they pay little attention to human resource management (HRM) solutions. This paper aims to address this gap and proposes an actionable human resource (HR)-centric and artificial intelligence (AI)-driven framework.
Design/methodology/approach
The paper highlights the dangers posed by insider threats and presents key findings from a Leximancer-based analysis of a rapid literature review on the role, nature and contribution of HRM for information security, especially in addressing insider threats. The study also discusses the limitations of these solutions and proposes an HR-in-the-loop model, driven by AI and machine learning to mitigate these limitations.
Findings
The paper argues that AI promises to offer many HRM-centric opportunities to fortify the information security architecture if used strategically and intelligently. The HR-in-the-loop model can ensure that the human factors are considered when designing information security solutions. By combining AI and machine learning with human expertise, this model can provide an effective and comprehensive approach to addressing insider threats.
Originality/value
The paper fills the research gap on the critical role of HR in securing and strengthening information security. It makes further contribution in identifying the limitations of HRM solutions in info security and how AI and machine learning can be leveraged to address these limitations to some extent.
Details