Search results

The purpose of this study is to gain more insight into the impact of cybercrime incidents in the banking sector of Pakistan. This study investigates the significant contribution of information security awareness on the relationship of cybercrimes and organizational performance.

The impact of cybercrime incidents on organizational performance is investigated by further exploring the moderating effects of information security awareness. A sample of 302 employees in the banking industry of Pakistan was studied by using survey design.

Cybercrime incidents have negative impact on organizational performance, but information security awareness weakens the negative impact of cybercrimes on organizational performance.

The present study focuses on the banking sector so its finding cannot be generalized in other sectors. Further, in-depth comparative studies in other sectors with different cultural settings will help to authenticate the research findings.

Information security awareness weakens the negative impact of cybercrimes on organizational performance; therefore, it is important for banks’ HR managers to set up more security training courses to increase employees’ awareness on cybercrimes.

This study explores the impact of cybercrimes on banks’ performance with the moderating role of employees’ information security awareness. Linking these topics has created a new study within the cybercrimes discipline. The present study also enhances the understanding of employees’ role to combat the impact of cybercrimes on organizational performance.

Sound organisational governance does not occur naturally; it is a product of effective awareness. This study aims to examine the level of governance awareness among public hospitals' governance actors in Malawi.

The study uses semi-structured interviews to collect data that are analysed thematically.

The study found that governance awareness among the actors was low. Although the majority of the actors displayed a broad perspective, they, however, failed to clearly affirm the nexus of the governing organs – hospital board (or its equivalent) and hospital management. Furthermore, most were not aware of the existence of the country's self-regulatory framework for organisational governance. A possible compounding factor to the low level of awareness is their educational background that hardly recognises organisational governance as an essential component of their professional identity.

This is the first study to explore in-depth governance awareness in the context of public hospitals in developing countries. It highlights the need to develop strategies for creating effective governance awareness amongst the actors, which is often overlooked when carrying governance reforms.

This paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.

The research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.

The investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.

The main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.

Situation awareness theory is a primary mean to take decisions and actions in a dynamically changing environment. Nowadays, to implement situation awareness, theories and models in organizational scenarios have become an important research challenge. The purpose of this paper is to investigate the relationship between the situation awareness theory and cybernetics. Further, the aim is to use this relationship to check the feasibility of situation awareness-based information security risk management (ISRM) implementation in the organizational scenario.

To investigate the relationship between situation awareness theory and cybernetics, Endsley’s situation awareness theory and Norbert Wiener’s cybernetics concepts and philosophy have been used in the present work. For a detailed study, concepts, techniques and philosophy of the cybernetics have been extracted from the thesis of Norbert Wiener titled “The human use of human beings” and “Cybernetics or control and communication in the animal and the machine”.

The present paper demonstrates that relationship can be successfully established between cybernetics and situation awareness theory. Further, this relationship can be used to solve organizational implementation issues related to situation awareness based systems. To demonstrate relationship and solutions of implementation issues, two case studies related to ISRM are also incorporated in the present case study.

The present work bridges two parallel and prominent theories of situation awareness and cybernetics. It also demonstrates that combination of both the theories can be used to feasibly implement situation awareness based systems in organizations.

The purpose of this paper is to study the way information systems (IS) security researchers approach information security awareness and examine whether these approaches are consistent with the organization theory and IS approaches for the study of organizational processes.

Open coding analysis was performed on selected publications (articles, surveys, standards, and reports). The chosen publications were classified and the classification results are presented, based on a proposed typology.

The proposed typology allows us to identify different types of research models followed by security researchers and practitioners, and to infer a set of practical implications, for the benefit of those interested in empirically studying information security awareness.

The paper represents a pilot survey, performed in a selected number of publications.

The paper helps researchers and practitioners to distinguish the research models that can be adopted for the study of information security awareness organizational process, by identifying the key dimensions along which they differ.

The proposed typology provides a guide to identify the range of options available to researchers and practitioners when they design their work regarding the security awareness topic. Moreover, it can facilitate the communication between scholars in the field of security awareness.

The prevalence of artificial intelligence (AI) has considerably affected management and society. This paper aims to explore its potential impact on hospitality industry employees, bringing enlightenment to both employees and managers.

Data were collected from a survey of 432 employees who worked in full-service hotels in China. Structural equation modeling (SEM) was used to analyze the data.

Results presented a positive relationship between AI awareness and job burnout. No significant direct relationship was found between AI awareness and career competencies. Organizational commitment mediated the relationship between AI awareness and career competencies, as well as the relationship between AI awareness and job burnout.

This study contributes to human resource management in the hospitality industry to theoretical and practical aspects. Theoretically, it enriched both career theory and fit theory. Practically, this study reminds managers to pay attention to the adverse effect of AI on human capital. It also enlightens the manager to think of the positive effects that AI may bring. Managers should provide proper support to overcome AI’s threat to human resources.

Practically, this study reminds managers to pay attention to the adverse effect of AI on human capital. It also enlightens the manager to think of the positive effects that AI may bring. Managers should provide proper support to overcome AI’s threat to human resources.

The study aims to analyze the impact of AI from a career perspective. It provided theoretical support and evidence for hotel managers for the effects of AI awareness on hotel employees. The study conveys a potential topic of concern that the hospitality industry may face in the future.

This paper aims to explore the empirical literature on organizational resilience. The goal consists of identifying and understanding the indicators used to evaluate organizational resilience and instigating the development of indicators to assess resilience in other areas, such as project management and critical infrastructure.

A review of recent empirical studies is conducted to collect information on the indicators used to assess organizational resilience.

A range of interrelated indicators aiming to measure organizational resilience in two dimensions is shown in this literature review: awareness and adaptive capacity. Awareness is the ability of an organization to assess its environment and interpret the changes in its surroundings, both now and in the future, to be proactive and better manage possible disruptive events. On the other hand, adaptive capacity is the organization’s capacity to transform its structure, processes, culture, etc. for recovering once faced with a disruptive event. Awareness forms the main base of the organization’s adaptive capacity.

Organizational resilience contributes to the safe development of the built environment. This concept helps organizations to cope with disruptions. However, little research has been conducted on the indicators to assess organizational resilience, in different fields. Moreover, these indicators’ credibility is based on empirical studies.

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.

This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.

Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.

Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

The purpose of this paper is to increase understanding of employee information security awareness in a government sector setting and illuminate the problems that public sector organisations in a developing context face when seeking to establish an information security awareness programme.

An interpretive research design was followed to develop an empirically enriched understanding of information security awareness perceptions, aspirations, challenges and enablers in the context of Saudi Arabia as a developing country. The study adopts a single-case study approach, including face-to-face interviews with senior employees, as well as document analysis.

The paper theorises the importance of individual information security awareness, knowledge and behaviour and identifies a number of facilitating conditions: customisation to employee and organisational needs, interactivity, innovation, frequency, integration of both electronic and physical learning resources and rewarding the acquisition of in-depth security-related actionable knowledge.

This study is one of the first to examine information security awareness as a socio-technical process within a government sector organisation in a developing country context.

Effective information security management is a strategic issue for organizations to safeguard their information resources. Strategic value alignment is a proactive approach to manage value conflict in information security management. Applying a critical success factor (CSF) analysis approach, this paper aims to propose a CSF model based on a strategic alignment approach and test a model of the main factors that contributes to the success of information security management.

A theoretical model was proposed and empirically tested with data collected from a survey of managers who were involved in decision-making regarding their companies’ information security (N = 219). The research model was validated using partial least squares structural equation modeling approach.

Overall, the model was successful in capturing the main antecedents of information security management performance. The results suggest that with business alignment, top management support and organizational awareness of security risks and controls, effective information security controls can be developed, resulting in successful information security management.

Findings from this study provide several important contributions to both theory and practice. The theoretical model identifies and verifies key factors that impact the success of information security management at the organizational level from a strategic management perspective. It provides practical guidelines for organizations to make more effective information security management.