Search results
1 – 10 of over 66000Adelle Bish, Cameron Newton and Kim Johnston
This paper utilizes diffusion of innovation theory in order to investigate and understand the relationships between human resource (HR) policies on employee change-related…
Abstract
Purpose
This paper utilizes diffusion of innovation theory in order to investigate and understand the relationships between human resource (HR) policies on employee change-related outcomes. In addition, the purpose of this paper is to explore the role of leader vision at different hierarchical levels in the organization in terms of the relationship of HR policy with employee change-related outcomes.
Design/methodology/approach
This quantitative study was conducted in one large Australian government department undergoing major restructuring and cultural change. Data from 624 employees were analyzed in relation to knowledge of HR policies (awareness and clarity), leader vision (organizational and divisional), and change-related outcomes.
Findings
Policy knowledge (awareness and clarity) does not have a direct impact on employee change-related outcomes. It is the implementation of policies through the divisional leader that begins to enable favorable employee outcomes.
Research limitations/implications
Future research should employ a longitudinal design to investigate relationships over time, and also examine the importance of communication medium and individual preferences in relation to leader vision.
Originality/value
This research extends the application of diffusion of innovation theory and leader vision theory to investigate the relationship between HR policy, leader vision, and employees’ change-related outcomes.
Details
Keywords
Tejaswini Herath, Myung-Seong Yim, John D’Arcy, Kichan Nam and H.R. Rao
Employee security behaviors are the cornerstone for achieving holistic organizational information security. Recent studies in the information systems (IS) security literature have…
Abstract
Purpose
Employee security behaviors are the cornerstone for achieving holistic organizational information security. Recent studies in the information systems (IS) security literature have used neutralization and moral disengagement (MD) perspectives to examine employee rationalizations of noncompliant security behaviors. Extending this prior work, the purpose of this paper is to identify mechanisms of security education, training, and awareness (SETA) programs and deterrence as well as employees’ organizational commitment in influencing MD of security policy violations and develop a theoretical model to test the proposed relationships.
Design/methodology/approach
The authors validate and test the model using the data collected from six large multinational organizations in Korea using survey-based methodology. The model was empirically analyzed by structural equation modeling.
Findings
The results suggest that security policy awareness (PA) plays a central role in reducing MD of security policy violations and that the certainty of punishment and immediacy of enforcing penalties are instrumental toward reducing such MD; however, the higher severity of penalties does not have an influence. The findings also suggest that SETA programs are an important mechanism in creating security PA.
Originality/value
The paper expands the literature in IS security that has examined the role of moral evaluations. Drawing upon MD theory and social cognitive theory, the paper points to the central role of SETA and security PA in reducing MD of security policy violations, and ultimately the likelihood of this behavior. The paper not only contributes to theory but also provides important insights for practice.
Details
Keywords
Deborah Richards, Salma Banu Nazeer Khan, Paul Formosa and Sarah Bankins
To protect information and communication technology (ICT) infrastructure and resources against poor cyber hygiene behaviours, organisations commonly require internal users to…
Abstract
Purpose
To protect information and communication technology (ICT) infrastructure and resources against poor cyber hygiene behaviours, organisations commonly require internal users to confirm they will abide by an ICT Code of Conduct. Before commencing enrolment, university students sign ICT policies, however, individuals can ignore or act contrary to these policies. This study aims to evaluate whether students can apply ICT Codes of Conduct and explores viable approaches for ensuring that students understand how to act ethically and in accordance with such codes.
Design/methodology/approach
The authors designed a between-subjects experiment involving 260 students’ responses to five scenario-pairs that involve breach/non-breach of a university’s ICT policy following a priming intervention to heighten awareness of ICT policy or relevant ethical principles, with a control group receiving no priming.
Findings
This study found a significant difference in students’ responses to the breach versus non-breach cases, indicating their ability to apply the ICT Code of Conduct. Qualitative comments revealed the priming materials influenced their reasoning.
Research limitations/implications
The authors’ priming interventions were inadequate for improving breach recognition compared to the control group. More nuanced and targeted priming interventions are suggested for future studies.
Practical implications
Appropriate application of ICT Code of Conduct can be measured by collecting student/employee responses to breach/non-breach scenario pairs based on the Code and embedded with ethical principles.
Social implications
Shared awareness and protection of ICT resources.
Originality/value
Compliance with ICT Codes of Conduct by students is under-investigated. This study shows that code-based scenarios can measure understanding and suggest that targeted priming might offer a non-resource intensive training approach.
Details
Keywords
Lena Yuryna Connolly, Michael Lang, John Gathegi and Doug J. Tygar
This paper provides new insights about security behaviour in selected US and Irish organisations by investigating how organisational culture and procedural security…
Abstract
Purpose
This paper provides new insights about security behaviour in selected US and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee security actions. An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. While recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches, the extant security literature tends to focus on technical issues.
Design/methodology/approach
This paper builds on general deterrence theory and prior organisational culture literature. The methodology adapted for this study draws on the analytical grounded theory approach employing a constant comparative method.
Findings
This paper demonstrates that procedural security countermeasures and organisational culture tend to affect security behaviour in organisational settings.
Research limitations/implications
This paper fills the void in information security research and takes its place among the very few studies that focus on behavioural as opposed to technical issues.
Practical implications
This paper highlights the important role of procedural security countermeasures, information security awareness and organisational culture in managing illicit behaviour of employees.
Originality/value
This study extends general deterrence theory in a novel way by including information security awareness in the research model and by investigating both negative and positive behaviours.
Details
Keywords
Charles B. Foltz, Timothy Paul Cronan and Thomas W. Jones
This paper aims to examine the effectiveness of computer usage policies in university settings.
Abstract
Purpose
This paper aims to examine the effectiveness of computer usage policies in university settings.
Design/methodology/approach
Students enrolled in business courses at three midwestern universities were divided, by class, into control and experimental groups. All subjects were asked to complete a survey regarding their awareness of university computer usage policies, consequences of misuse, and methods of policy distribution. The experimental group was exposed to sample computer usage policies. Two weeks later, all subjects were asked to complete the same survey again.
Findings
Results suggest that most students have not read their university computer usage policies. However, the presence of a computer usage policy does influence students who have read those policies, but a single exposure is insufficient to influence all subjects.
Research limitations/implications
The sample is limited to students from three universities.
Practical implications
Written policy statements alone cannot serve as a cornerstone of security; multiple factors must be used to communicate the content of the deterrents.
Originality/value
This study notes that the existence of computer usage policies within a university (or organization) does not ensure that all users are familiar with the content of those policies and the penalties imposed for their violation. Providing a copy of computer usage policies to students (or employees) and verbally highlighting major points are not sufficient exposure to eliminate indifference about computer misuse.
Details
Keywords
Ahmet Meti Tmava and Sara Ryza
The number of open access repositories (OARs) has been growing globally, but faculty members have been reluctant to embrace OAR and submit their work. While there are studies that…
Abstract
Purpose
The number of open access repositories (OARs) has been growing globally, but faculty members have been reluctant to embrace OAR and submit their work. While there are studies that looked at sociotechnical factors that affect faculty participation in OARs, this study aims to explore how the individual characteristics of faculty might impact faculty willingness to deposit their work in an OAR.
Design/methodology/approach
The survey was distributed to all faculty at a large public university in the USA who were identified as having their primary job responsibilities in teaching and research. This study used a correlational analysis between faculty individual characteristics (i.e. age, rank, status and academic discipline) and their willingness to deposit their work.
Findings
The findings show that there is a difference in faculty familiarity with open access (OA) principles and faculty awareness of OA policy based on individual characteristics. Furthermore, these individual characteristics have a significant impact on faculty willingness to participate in OARs. While this study reveals a significant correlation between the faculty intent to deposit and the respondent’s academic discipline, rank and status, there are other factors that affect faculty intent to participate in OAR, such as familiarity with OA principles and awareness of institution’s OA Policy.
Research limitations/implications
There were no significant responses from the Colleges of Science or Health and Public Service and, therefore, did not yield any statistically significant results. Measuring the university’s promotion system was outside the scope of this research.
Practical implications
Results of this research can provide insight on how individual characteristics of faculty might impact their willingness to embrace OA publishing in general and OARs in particular.
Social implications
The findings from this research will be a valuable source of information for librarians and OA staff in developing more effective outreach programs to increase faculty participation in OA and OARs.
Originality/value
This study reveals that individual faculty traits do have an impact on faculty willingness to participate in OARs. The academic discipline was found to make the most significant difference in faculty intent to deposit their work in an OAR. However, due to the ever-changing landscape of OA publishing and the ongoing outreach efforts by librarians, the faculty members’ perception and participation in OARs is likely to evolve.
Details
Keywords
Alex Koohang, Jonathan Anderson, Jeretta Horn Nord and Joanna Paliszkiewicz
The purpose of this paper is to build an awareness-centered information security policy (ISP) compliance model, asserting that awareness is the key to ISP compliance and that…
Abstract
Purpose
The purpose of this paper is to build an awareness-centered information security policy (ISP) compliance model, asserting that awareness is the key to ISP compliance and that awareness depends upon several variables that influence successful ISP compliance.
Design/methodology/approach
The authors built a model with seven constructs, i.e., leadership, trusting beliefs, information security issues awareness (ISIA), ISP awareness, understanding resource vulnerability, self-efficacy (SE) and intention to comply. Seven hypotheses were stated. A sample of 285 non-management employees was used from various organizations in the USA. The authors used path modeling to analyze the data.
Findings
The findings indicated that IS awareness depends on effective organizational leadership and elevated employees’ trusting beliefs. The understanding of resource vulnerability (URV) and SE are influenced by IS awareness resulting from effective leadership and elevated employees’ trusting beliefs which guide employees to comply with ISP requirements.
Practical implications
Practical implications were aimed at organizations embracing an awareness-centered information security compliance program to secure organizations’ assets against threats by implementing various security education and training awareness programs.
Originality/value
This paper asserts that awareness is central to ISP compliance. Leadership and trusting beliefs variables play significant roles in the information security awareness which in turn positively affect employees’ URV and SE variables leading employees to comply with the ISP requirements.
Details
Keywords
YoungJu Shin and Nicole L. Johnson
To reduce the smoking rates and alleviate societal problems associated with smoking, health administrators and policy makers have attempted to promote and implement statewide…
Abstract
Purpose
To reduce the smoking rates and alleviate societal problems associated with smoking, health administrators and policy makers have attempted to promote and implement statewide smoking free policy. The present study examined how adults' awareness of and attitude toward the smoke-free air law, their perceived risks of secondhand smoke and current smoking status were associated with smoking attitude and behaviors.
Design/methodology/approach
As part of the Indiana Adult Tobacco Survey, 2,027 respondents participated in cross-sectional telephone surveys. A series of independent sample t-test and binary logistic regression analyses were performed.
Findings
Awareness of the state law was inversely related to negative attitude toward smoking behaviors. Individuals who reported favorable attitude toward the state smoke-free air law and higher risk perceptions of secondhand smoke showed negative attitude toward smoking behaviors. Non-smokers and former smokers were significantly different from current smokers with regard to attitude toward smoking. Negative attitude was significantly related to intention to quit smoking. Awareness of the state law, perceived risk and current smoking status were key determinants for anti-smoking attitude and behavior.
Originality/value
Findings highlight the importance of effective dissemination of the state law and recommend a strategic intervention design that invokes risk perceptions of secondhand smoke.
Details
Keywords
The purpose of this paper is to report on a study that investigated the information security culture in organisations in South Africa, with the aim of identifying key aspects of…
Abstract
Purpose
The purpose of this paper is to report on a study that investigated the information security culture in organisations in South Africa, with the aim of identifying key aspects of the culture. The unique aspects for building an information security culture were examined and presented in the form of an initial framework. These efforts are necessary to address the critical human aspect of information security in organisations where risky cyber behaviour is still experienced.
Design/methodology/approach
Literature was investigated with the focus on the main keywords security culture and information security. The information security culture aspects of different studies were compared and analysed to identify key elements of information security culture after which an initial framework was constructed. An online survey was then conducted in which respondents were asked to assess the importance of the elements and to record possible missing elements/aspects regarding their organisation’s information security culture to construct an enhanced framework.
Findings
A list of 21 unique security culture elements was identified from the literature. These elements/aspects were divided into three groups based on the frequency each was mentioned or discussed in studies. The number of times an element was found was interpreted as an indication of how important that element/aspect is. A further four aspects were added to the enhanced framework based on the results that emerged from the survey.
Originality/value
The value of this research is that an initial framework of information security culture aspects was constructed that can be used to ensure that an organisation incorporates all key aspects in its own information security culture. This framework was further enhanced from the results of the survey. The framework can also assist further studies related to the information security culture in organisations for improved security awareness and safer cyber behaviour of employees.
Details
Keywords
The purpose of this paper is to explore the police officer understandings of human trafficking and their awareness of relevant anti-trafficking policy and legislation, and…
Abstract
Purpose
The purpose of this paper is to explore the police officer understandings of human trafficking and their awareness of relevant anti-trafficking policy and legislation, and identify whether this awareness was confined to particular officer demographics.
Design/methodology/approach
The study utilised a mixed-methods design, drawing on data from an online survey of 87 police officers from an Australian state police agency.
Findings
Thematic analysis identified that, while the majority of participants held broad understandings of human trafficking consistent with the United Nations definition, a substantial number conflated the phenomenon with people smuggling. The majority of participants were also unaware of national anti-trafficking legislation and agency anti-trafficking policy, with constables significantly the least likely to be aware of these measures. Most of these officers, however, indicated they would take some form of case referral action in relation to a suspected case of trafficking, albeit across the sample these responses were inconsistent.
Practical implications
The findings underline the need for relevant training and concrete anti-trafficking policy within frontline agencies, which can facilitate the identification, investigation and referral of human trafficking cases.
Originality/value
While the Australian Federal Government’s response to human trafficking has been subject to ample critique, less attention has been paid to the supporting role played by state-level agencies and their frontline personnel. This paper demonstrates the practical barriers present within such agencies, identifying means to build a more effective response which may bolster the national anti-trafficking measures.