Search results
1 – 10 of over 1000Joshua Nterful, Ibrahim Osman Adam, Muftawu Dzang Alhassan, Abdallah Abdul-Salam and Abubakar Gbambegu Umar
This paper aims to identify the critical success factors in improving information security in Ghanaian firms.
Abstract
Purpose
This paper aims to identify the critical success factors in improving information security in Ghanaian firms.
Design/methodology/approach
Through an exploratory study of both public and private Ghanaian organizations. The study relied on a research model based on the technology–organization–environment (TOE) framework and a survey instrument to collect data from 525 employees. The data was analyzed using partial least squares-structural equation modeling (PLS-SEM).
Findings
The findings confirm the role of the technological, organizational and environmental contexts as significant determinants in the implementation of information security in Ghanaian organizations. Results from PLS-SEM analysis demonstrated a positive correlation between the technology component of information security initiative, organization’s internal efforts toward its acceptance and a successful implementation of information security in Ghanaian firms. Top management support and fund allocation among others will result in positive information security initiatives and positive attitudes toward securing the organization’s information assets.
Research limitations/implications
The authors discussed the implications of the authors’ findings for research, practice and policy.
Social implications
The results of this study will be useful for both governmental and non-governmental organizations in terms of best practices for increasing information security. Results from this study will aid organizations in developing countries to better understand their information security needs and identify the necessary procedures to address them.
Originality/value
This study contributes to filling the knowledge gap in organizational information security research and the TOE framework. Despite the TOE framework being one of the most influential theories in contemporary research of information system domains in an organizational context, there is not enough research linking the domains of information security and the TOE model.
Details
Keywords
Thai Pham and Farkhondeh Hassandoust
Information security (InfoSec) policy violations are of great concern to all organisations worldwide, especially in the financial industry. Although the importance of InfoSec…
Abstract
Purpose
Information security (InfoSec) policy violations are of great concern to all organisations worldwide, especially in the financial industry. Although the importance of InfoSec policy has been highlighted for many decades, InfoSec breaches still occur due to a low level of employee compliance and a lack of engagement and competence in high-level management. However, previous studies have primarily investigated the behavioural aspects of InfoSec policy compliance at the individual level rather than the managerial factors involved in constructing InfoSec policy and developing its effectiveness. Thus, drawing on neo-institutional theory and a transformational leadership framework, this research investigated the influence of external mechanisms and transformational leadership on InfoSec policy effectiveness.
Design/methodology/approach
The research model was implemented using field survey data from professional managers in the financial sector.
Findings
The results reported that neo-institutional mechanisms and transformational leadership shape InfoSec policy effectiveness in an organisation.
Originality/value
This study broadens current InfoSec policy research from an individual level to a managerial perspective and enhances the existing literature on neo-institutional and transformational leadership in the context of InfoSec. It highlights the need to evaluate InfoSec policy based on external factors and to support transformational leadership styles that promote InfoSec policy enforcement and effectiveness.
Details
Keywords
Binh Huu Nguyen and Huong Nguyen Quynh Le
This study aims to investigate the moderating role of sociodemographic factors, specifically age and education level, in the knowledge-attitude-behavior (KAB) model concerning…
Abstract
Purpose
This study aims to investigate the moderating role of sociodemographic factors, specifically age and education level, in the knowledge-attitude-behavior (KAB) model concerning information security awareness (ISA) amid growing technological threats.
Design/methodology/approach
This study uses a survey methodology, collecting data from 400 working individuals in Vietnam, to test the applicability of the KAB model and evaluate the moderating effects of age and education on the model’s established relationships. In addition, the theoretical model and hypotheses were evaluated using the partial least squares structural equation model (PLS-SEM) approach.
Findings
This research confirms the relationships posited in the KAB model. Notably, it shows that younger employees showcase a more positive attitude and behavior toward information security compared with their older counterparts. In addition, higher education levels strengthen the positive association between information security knowledge and attitude. The findings underscore the imperative for organizations to consider sociodemographic variables when formulating strategies to enhance ISA.
Originality/value
This study extends the KAB model by exploring the impact of sociodemographic factors, focusing on age and education in ISA. Overcoming the oversight in current literature, particularly in the context of technological threats, the research uses PLS-SEM and targets a specific demographic in Vietnam.
Details
Keywords
Dien Van Tran, Phuong V. Nguyen, Linh Phuong Le and Sam Thi Ngoc Nguyen
This paper aims to investigate the influence of cybersecurity awareness and compliance attitudes on the protective behaviours exhibited by employees. This study also aims to…
Abstract
Purpose
This paper aims to investigate the influence of cybersecurity awareness and compliance attitudes on the protective behaviours exhibited by employees. This study also aims to explore the complex correlation between the level of awareness about cybersecurity measures and attitudes towards compliance with these measures. Additionally, it looks at how these factors collectively impact employees’ behaviour to protect organisational assets and information.
Design/methodology/approach
This study uses a quantitative research methodology in which primary data are gathered using a survey questionnaire distributed to personnel employed at Vietnamese organisations. The data are analysed, and the validity of the measurement and structural equation model is assessed using a partial least squares–structural equation model approach after the collection of all the survey responses.
Findings
The provision of policies and security education, training and awareness programmes are strongly and positively associated with cybersecurity awareness. Moreover, cybersecurity awareness plays an important role in shaping attitudes and intentions towards information security policy compliance (ISPC). Attitude is positively associated with intention towards ISPC and employee protective behaviour. Finally, the intention towards ISPC is significant in shaping employee protective behaviour.
Originality/value
This study contributes to the understanding of the antecedents of cybersecurity in developing countries such as Vietnam. Furthermore, it provides a comprehensive framework for understanding intention and protective behaviour through cybersecurity awareness and compliance attitudes. By combining the theory of planned behaviour and protection motivation theory with institutional governance, this study extends previous research on the effects of these variables on employee protective behaviour.
Details
Keywords
Hassan Jamil, Tanveer Zia, Tahmid Nayeem, Monica T. Whitty and Steven D'Alessandro
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However…
Abstract
Purpose
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.
Design/methodology/approach
The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.
Findings
The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.
Originality/value
The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.
Details
Keywords
Sanjay Gupta, Sahil Raj, Aashish Garg and Swati Gupta
The primary purpose of this study is to examine the factors leading to shopping cart abandonment and construct a model depicting interrelationship among them using interpretive…
Abstract
Purpose
The primary purpose of this study is to examine the factors leading to shopping cart abandonment and construct a model depicting interrelationship among them using interpretive structural modeling (ISM) and Matriced Impact Croises Multiplication Appliquee an un Classement (MICMAC).
Design/methodology/approach
Initially, 20 factors leading to shopping cart abandonment were extracted through a systematic literature review and expert opinions. Fifteen factors were finalized using the importance index and CIMTC method, for which consistency has been checked in SPSS software through a statistical reliability test. Finally, ISM and MICMAC approach is used to develop a model depicting the contextual relationship among finalized factors of shopping cart abandonment.
Findings
The ISM model depicts a technical glitch (SC8), cash on delivery not available (SC4), bad checkout interface (SC9), just browsing (SC11), and lack of physical examination (SC12) are drivers or independent factors. Additionally, four quadrants have been formulated in MICMAC analysis based on their dependency and driving power. This facilitates technical managers of e-commerce companies to focus more on factors leading to shopping cart abandonment according to their dependency and driving power.
Research limitations/implications
Taking an expert’s opinion as a base may affect the results of the study due to biases based on subjectivity.
Practical implications
This study’s outcomes would accommodate practitioners, researchers, and multinational or national companies to indulge in e-commerce to anticipate factors restricting the general public from online shopping.
Originality/value
For the successful running of an e-commerce business and to retain the confidence of e-shoppers, every e-commerce company must make a strategy for controlling factors leading to shopping cart abandonment at the initial stage. So, this paper attempts to highlight the main factors leading to shopping cart abandonment and interrelate them using ISM and MICMAC approaches. It provides a clear path to technical heads, researchers, and consultants for handling these shopping cart abandonment factors.
Details
Keywords
Marcus Gerdin, Ella Kolkowska and Åke Grönlund
Research on employee non-/compliance to information security policies suffers from inconsistent results and there is an ongoing discussion about the dominating survey research…
Abstract
Purpose
Research on employee non-/compliance to information security policies suffers from inconsistent results and there is an ongoing discussion about the dominating survey research methodology and its potential effect on these results. This study aims to add to this discussion by investigating discrepancies between what the authors claim to measure (theoretical properties of variables) and what they actually measure (respondents’ interpretations of the operationalized variables). This study asks: How well do respondents’ interpretations of variables correspond to their theoretical definitions? What are the characteristics of any discrepancies between variable definitions and respondent interpretations?
Design/methodology/approach
This study is based on in-depth interviews with 17 respondents from the Swedish public sector to understand how they interpret questionnaire measurement items operationalizing the variables Perceived Severity from Protection Motivation Theory and Attitude from Theory of Planned Behavior.
Findings
The authors found that respondents’ interpretations in many cases differ substantially from the theoretical definitions. Overall, the authors found four principal ways in which respondents interpreted measurement items – referred to as property contextualization, extension, alteration and oscillation – each implying more or less (dis)alignment with the intended theoretical properties of the two variables examined.
Originality/value
The qualitative method used proved vital to better understand respondents’ interpretations which, in turn, is key for improving self-reporting measurement instruments. To the best of the authors’ knowledge, this study is a first step toward understanding how precise and uniform definitions of variables’ theoretical properties can be operationalized into effective measurement items.
Details
Keywords
Mustafa Saritepeci, Hatice Yildiz Durak, Gül Özüdoğru and Nilüfer Atman Uslu
Online privacy pertains to an individual’s capacity to regulate and oversee the gathering and distribution of online information. Conversely, online privacy concern (OPC) pertains…
Abstract
Purpose
Online privacy pertains to an individual’s capacity to regulate and oversee the gathering and distribution of online information. Conversely, online privacy concern (OPC) pertains to the protection of personal information, along with the worries or convictions concerning potential risks and unfavorable outcomes associated with its collection, utilization and distribution. With a holistic approach to these relationships, this study aims to model the relationships between digital literacy (DL), digital data security awareness (DDSA) and OPC and how these relationships vary by gender.
Design/methodology/approach
The participants of this study are 2,835 university students. Data collection tools in the study consist of personal information form and three different scales. Partial least squares (PLS), structural equation modeling (SEM) and multi-group analysis (MGA) were used to test the framework determined in the context of the research purpose and to validate the proposed hypotheses.
Findings
DL has a direct and positive effect on digital data security awareness (DDSA), and DDSA has a positive effect on OPC. According to the MGA results, the hypothesis put forward in both male and female sub-samples was supported. The effect of DDSA on OPC is higher for males.
Originality/value
This study highlights the positive role of DL and perception of data security on OPC. In addition, MGA findings by gender reveal some differences between men and women.
Peer review
The peer review history for this article is available at: https://publons.com/publon/10.1108/OIR-03-2023-0122
Details
Keywords
Himanshu Joshi and Deepak Chawla
The study investigates the influence of perceived security (PS) on behavioral intention (BI) via the trust attitude process and explores the moderating effects of gender. PS in…
Abstract
Purpose
The study investigates the influence of perceived security (PS) on behavioral intention (BI) via the trust attitude process and explores the moderating effects of gender. PS in mobile wallets enhances user trust (TR), attitude (ATT) and intention (INT). Using a multiple and serial mediation model, both TR and ATT were found to mediate the relationship between PS and BI.
Design/methodology/approach
Drawing on the stimulus-organism-response (S-O-R) theory, the proposed conceptual model comprises PS, TR, ATT and BI. An online survey was conducted with a cross-sectional sample of 744 mobile wallet users in India. Partial least squares structural equation modeling (PLS-SEM) was used to analyze the hypothesized relationships and test the mediation effects.
Findings
Results show that the stimulus, PS, has a positive and significant influence on TR and ATT, which eventually has a positive influence on BI. The research model explains 64.4 percent of the variance in BI. Further, both TR and ATT independently and parallelly mediate the relationship PS and BI. Lastly, gender is found to moderate the relationship between TR and BI and ATT and BI.
Practical implications
The research showed the importance of PS, TR and ATT towards mobile wallet adoption INTs. Further, the findings support the idea that developing TR and ATT is essential for shaping INTs. This suggests that mobile wallet service providers should invest in methods that not just enhance user TR but also reinforce a positive ATT towards the platform. To demonstrate TR, mobile wallet providers must ensure the confidentiality and privacy of user data, keep customer interests in mind and fulfill commitments. Lastly, for strengthening customer TR, excellent customer support is extremely important.
Originality/value
While prior researchers have majorly used technology acceptance model (TAM) and unified theory of acceptance and use of technology (UTAUT) models to explain adoption INTs, this study examines the relationship between PS, TR, ATT and BI through the lens of the SOR framework.
Details
Keywords
Chen Zhong, Hong Liu and Hwee-Joo Kam
Cybersecurity competitions can effectively develop skills, but engaging a wide learner spectrum is challenging. This study aims to investigate the perceptions of cybersecurity…
Abstract
Purpose
Cybersecurity competitions can effectively develop skills, but engaging a wide learner spectrum is challenging. This study aims to investigate the perceptions of cybersecurity competitions among Reddit users. These users constitute a substantial demographic of young individuals, often participating in communities oriented towards college students or cybersecurity enthusiasts. The authors specifically focus on novice learners who showed an interest in cybersecurity but have not participated in competitions. By understanding their views and concerns, the authors aim to devise strategies to encourage their continuous involvement in cybersecurity learning. The Reddit platform provides unique access to this significant demographic, contributing to enhancing and diversifying the cybersecurity workforce.
Design/methodology/approach
The authors propose to mine Reddit posts for information about learners’ attitudes, interests and experiences with cybersecurity competitions. To mine Reddit posts, the authors developed a text mining approach that integrates computational text mining and qualitative content analysis techniques, and the authors discussed the advantages of the integrated approach.
Findings
The authors' text mining approach was successful in extracting the major themes from the collected posts. The authors found that motivated learners would want to form a strategic way to facilitate their learning. In addition, hope and fear collide, which exposes the learners’ interests and challenges.
Originality/value
The authors discussed the findings to provide education and training experts with a thorough understanding of novice learners, allowing them to engage them in the cybersecurity industry.
Details