Search results

The importance of the security-political strategies of Africa's subregional organisations was accentuated in 2002 with the launching of the African Union's Common African Defence and Security Policy (CADSP), which will include, among other things, the establishment of a Continental Early Warning System and an African Standby Force. From that point on, subregional organisations were to be the building blocks of an all-African approach to security politics. The strategies of these organisations range from the top-down approach of the Economic Community of West African States (ECOWAS) to the bottom-up approach of the Intergovernmental Authority on Development (IGAD). Taking into account the particular characteristics of Africa's regional conflicts, this article examines the relevance for the CADSP of the approaches to conflict prevention and resolution of the latter two organisations. It analyses, first, the challenges facing the African Standby Force through an examination of ECOWAS's security-political strategy, and, second, the challenges facing the Continental Early Warning System through a look at IGAD's strategies. It suggests that two main issues are of critical relevance for the success of the CADSP. First is the lack of compatibility between the all-African strategy and the strategies of the various subregional organisations. Second is the lack of compatibility between formal processes of integration and trans-state regionalism within the continent. Although formal processes of integration are important, informal processes often play a much stronger role, undermining much of the progress made by the formal processes.

This paper aims to examine the influence of organization culture on the effectiveness of implementing information security management (ISM).

Based on a literature review, a model of the relationship between organizational culture and ISM was formulated, and both organizational culture characteristics and ISM effectiveness were measured empirically to investigate how various organizational culture traits influenced ISM principles, by administrating questionnaires to respondents in organizations with significant use of information systems.

Four regression models were derived to quantify the impacts of organizational culture traits on the effectiveness of implementing ISM. Whilst the control‐oriented organizational culture traits, effectiveness and consistency, have strong effect on the ISM principles of confidentiality, integrity, availability and accountability, the flexibility‐oriented organizational culture traits, cooperativeness and innovativeness, are not significantly associated with the ISM principles with one exception that cooperativeness is negatively related to confidentiality.

The sample is limited to the organizational factors in Taiwan. It is suggested to replicate this study in other countries to reconfirm the result before adopting its general implications. Owing to the highly intrusive nature of ISM surveys, a cautious approach with rapport and trust is a key success factor in conducting empirical studies on ISM.

A culture conducive to information security practice is extremely important for organizations since the human dimension of information security cannot totally be solved by technical and management measures. For understanding and improving the organization behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM.

A research model was proposed to study the impacts of organizational factors on ISM, after a broad survey on related researches. The validated model and its corresponding study results can be referenced by enterprise managers and decision makers to make favorable tactics for achieving their goals of ISM – mitigating information security risks.

This paper aims to identify the critical success factors in improving information security in Ghanaian firms.

Through an exploratory study of both public and private Ghanaian organizations. The study relied on a research model based on the technology–organization–environment (TOE) framework and a survey instrument to collect data from 525 employees. The data was analyzed using partial least squares-structural equation modeling (PLS-SEM).

The findings confirm the role of the technological, organizational and environmental contexts as significant determinants in the implementation of information security in Ghanaian organizations. Results from PLS-SEM analysis demonstrated a positive correlation between the technology component of information security initiative, organization’s internal efforts toward its acceptance and a successful implementation of information security in Ghanaian firms. Top management support and fund allocation among others will result in positive information security initiatives and positive attitudes toward securing the organization’s information assets.

The authors discussed the implications of the authors’ findings for research, practice and policy.

The results of this study will be useful for both governmental and non-governmental organizations in terms of best practices for increasing information security. Results from this study will aid organizations in developing countries to better understand their information security needs and identify the necessary procedures to address them.

This study contributes to filling the knowledge gap in organizational information security research and the TOE framework. Despite the TOE framework being one of the most influential theories in contemporary research of information system domains in an organizational context, there is not enough research linking the domains of information security and the TOE model.

With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been assumed to be an effective managerial measure to elevate an organization's security level. This paper attempts to investigate the dominant factors for an organization to build an ISP, and whether an ISP may elevate an organization's security level?

A survey was designed and the data were collected from 165 chief information officers in Taiwan.

The empirical results show that some organizational characteristics (business type and MIS/IS department size) might be good predictors for the ISP adoption and that the functions, contents, implementation and procedures of an ISP may significantly contribute to managers' perceived elevation of information security.

Building or adopting an ISP is examined empirically to be an effective managerial measure to elevate its security level in Taiwan, and that the building of an information security should focus on the comprehensiveness of its contents, procedures and implementation items, rather than on the documents only.

Few empirical studies have been conducted so far to examine the effectiveness of an ISP, thus the value of this paper is high.

This paper aims to examine the individual and combined effects of organisational and behavioural factors on employees’ attitudes and intentions to establish an information security policy compliance culture (ISPCC) in organisations.

Based on factors derived from the organisational culture theory, social bond theory and accountability theory, a testable research model was developed and evaluated in an online survey that involves the use of a questionnaire to collect quantitative data from 313 employees, from ten different organisations in Ghana. The data collected were analysed using the partial least squares-structural equation modelling approach, involving the measurement and structural model tests.

The study reveals that the individual measures of accountability – identifiability (2.4%), expectations of evaluation (38.8%), awareness of monitoring (55.7%) and social presence (−41.2%) – had weak to moderate effects on employees’ attitudes towards information security policy compliance. However, the combined effect showed a significant influence. In addition, organisational factors – supportive organisational culture (15%), security compliance leadership (2%) and user involvement (63%) – showed positive effects on employees’ attitudes. Further, employees’ attitudes had a substantial influence (65%), while behavioural intentions demonstrated a weak effect (24%) on the establishment of an ISPCC in the organisation. The combined effect also had a substantial statistical influence on the establishment of an ISPCC in the organisation.

Given the findings of the study, information security practitioners should implement organisational and behavioural factors that will have an impact on compliance, in tandem, with the organisational effort to build a culture of compliance for information security policies.

The study provides new insights on how to address the problem of non-compliance with regard to the information security policy in organisations through the combined application of organisational and behavioural factors to establish an information security policy compliance culture, which has not been considered in any past research.

This paper aims to examine the influence of organization factors on the effectiveness of implementing BS7799, an information security management (ISM) standard.

Based on literature review, a research model was formulated by extracting the antecedents of ISM, and an empirical study was conducted to show how the organizational factors influence organizations in carrying out BS7799.

The study result revealed that there were significant impacts of organizational factors, including IT competence of business managers, environment uncertainty, industry type, and organization size, on the effectiveness of implementing ISM.

The sample is limited to the organizational factors in Taiwan. It is suggested to replicate this study in other countries to reconfirm the result before adopting its general implications. Owing to the highly intrusive nature of ISM surveys, a cautious approach with rapport and trust is a key success factor in conducting empirical studies on ISM.

IT competence is conducive to ISM implementation through subjective norms, leadership, belief, and behavior of ISM activities. Environmental uncertainty positively influences the need for greater innovation, which increases the dependence on IT, and therefore makes the effectiveness of ISM more desirable. Companies in an industry sensitive to security threats should pay more attentions to ISM practice. Corporate executives should also realize the size difference for adopting appropriate ISM strategies.

A research model was proposed to study the impacts of organizational factors on ISM, after a broad survey on related researches. The validated model and its corresponding study results can be referenced by enterprise managers and decision makers to make favorable tactics for achieving their goals of ISM.

The purpose of this paper is to examine social media security risks and existing mitigation techniques in order to gather insights and develop best practices to help organizations address social media security risks more effectively.

This paper begins by reviewing the disparate discussions in literature on social media security risks and mitigation techniques. Based on an extensive review, some key insights were identified and summarized to help organizations more effectively address social media security risks.

Many organizations do not have effective social media security policy in place and are unsure of how to develop effective social media security strategies to mitigate social media security risks. This paper provides guidance to organizations to mitigate social media security risks that may threaten the organizations.

The paper consolidates the fragmented discussion in literature and provides an in‐depth review of social media security risks and mitigation techniques. Practical insights are identified and summarized from an extensive literature review. Sharing these insights has the potential to encourage more discussion on best practices for reducing the risks of social media to organizations.

An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their utility. That analysis is performed according to the particular set of challenges and requirements experienced by very large organizations. Examples of such organizations include multinational corporations, the governments of large nations and global investment banks.

The author performs a gap analysis of a number of security management practices. The examination is focused on the question of whether these practices are both useful and practical when used within very large organizations.

The author identifies a number of information security management practices that are considered to be “best practice” in the general case but that are suboptimal at the margin represented by very large organizations. A number of alternative management practices are proposed that compensate for the identified weaknesses.

Quoting from the conclusion of the paper: We have seen in our analysis within this paper that some best practices can experience what economists refer to as diminishing marginal utility. As the target organization drifts from the typical use-case the amount of value-added declines and can potentially enter negative territory. We have also examined the degree of innovation in the practice of security management and the extent to which the literature can support practical, real-world activities. In both the areas, we have identified a number of opportunities to perform further work.

There is an increasing movement towards emergent organizations and an adaptation of Web‐based information systems (IS). Such trends raise new requirements for security policy development. One such requirement is that information security policy formulation must become federated and emergent. However, existing security policy approaches do not pay much attention to policy formulation at all – much less IS policy formulation for emergent organizations. To improve the situation, an information security meta‐policy is put forth. The meta‐policy establishes how policies are created, implemented and enforced in order to assure that all policies in the organization have features to ensure swift implementation and timely, ongoing validation.

The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors.

The data set consisted of 36 semi‐structured interviews with IT security practitioners from 17 organizations (academic, government, and private). The interviews were analyzed using qualitative description with constant comparison and inductive analysis of the data to identify the challenges that security practitioners face.

A total of 18 challenges that can affect IT security management within organizations are indentified and described. This analysis is grounded in related work to build an integrated framework of security challenges. The framework illustrates the interplay among human, organizational, and technological factors.

The framework can help organizations identify potential challenges when implementing security standards, and determine if they are using their security resources effectively to address the challenges. It also provides a way to understand the interplay of the different factors, for example, how the culture of the organization and decentralization of IT security trigger security issues that make security management more difficult. Several opportunities for researchers and developers to improve the technology and processes used to support adoption of security policies and standards within organizations are provided.

A comprehensive list of human, organizational, and technological challenges that security experts have to face within their organizations is presented. In addition, these challenges within a framework that illustrates the interplay between factors and the consequences of this interplay for organizations are integrated.