Search results

This paper aims to identify the critical success factors in improving information security in Ghanaian firms.

Through an exploratory study of both public and private Ghanaian organizations. The study relied on a research model based on the technology–organization–environment (TOE) framework and a survey instrument to collect data from 525 employees. The data was analyzed using partial least squares-structural equation modeling (PLS-SEM).

The findings confirm the role of the technological, organizational and environmental contexts as significant determinants in the implementation of information security in Ghanaian organizations. Results from PLS-SEM analysis demonstrated a positive correlation between the technology component of information security initiative, organization’s internal efforts toward its acceptance and a successful implementation of information security in Ghanaian firms. Top management support and fund allocation among others will result in positive information security initiatives and positive attitudes toward securing the organization’s information assets.

The authors discussed the implications of the authors’ findings for research, practice and policy.

The results of this study will be useful for both governmental and non-governmental organizations in terms of best practices for increasing information security. Results from this study will aid organizations in developing countries to better understand their information security needs and identify the necessary procedures to address them.

This study contributes to filling the knowledge gap in organizational information security research and the TOE framework. Despite the TOE framework being one of the most influential theories in contemporary research of information system domains in an organizational context, there is not enough research linking the domains of information security and the TOE model.

This study aims to investigate the moderating role of sociodemographic factors, specifically age and education level, in the knowledge-attitude-behavior (KAB) model concerning information security awareness (ISA) amid growing technological threats.

This study uses a survey methodology, collecting data from 400 working individuals in Vietnam, to test the applicability of the KAB model and evaluate the moderating effects of age and education on the model’s established relationships. In addition, the theoretical model and hypotheses were evaluated using the partial least squares structural equation model (PLS-SEM) approach.

This research confirms the relationships posited in the KAB model. Notably, it shows that younger employees showcase a more positive attitude and behavior toward information security compared with their older counterparts. In addition, higher education levels strengthen the positive association between information security knowledge and attitude. The findings underscore the imperative for organizations to consider sociodemographic variables when formulating strategies to enhance ISA.

This study extends the KAB model by exploring the impact of sociodemographic factors, focusing on age and education in ISA. Overcoming the oversight in current literature, particularly in the context of technological threats, the research uses PLS-SEM and targets a specific demographic in Vietnam.

Social engineering is crucial in today’s digital landscape. As technology advances, malicious individuals exploit human judgment and trust. This study explores how age, education and occupation affect individuals’ awareness, skills and perceptions of social engineering.

A quantitative research approach was used to survey a diverse demographic of Egyptian society. The survey was conducted in February 2023, and the participants were sourced from various Egyptian social media pages covering different topics. The collected data was analyzed using descriptive and inferential statistics, including independent samples t-test and ANOVA, to compare awareness and skills across different groups.

The study revealed that younger individuals and those with higher education tend to research social engineering more frequently. Males display a higher level of awareness but score lower in terms of social and psychological consequences as well as types of attacks when compared to females. The type of attack cannot be predicted based on age. Higher education is linked to greater awareness and ability to defend against attacks. Different occupations have varying levels of awareness, skills, and psychosocial consequences. The study emphasizes the importance of increasing awareness, education and implementing cybersecurity measures.

This study’s originality lies in its focus on diverse Egyptian demographics, innovative recruitment via social media, comprehensive exploration of variables, statistical rigor, practical insights for cybersecurity education and diversity in educational and occupational backgrounds.

The Kingdom of Saudi Arabia (KSA) is embracing digital transformation and e-government services, aiming to improve efficiency, accessibility and citizen-centricity. Nonetheless, the country faces challenges such as evolving cyber threats. The purpose of this study is to investigate the factors influencing cybersecurity practices to ensure the reliability and security of e-government services.

This paper investigates the multifaceted dynamics of cybersecurity practices and their impact on the quality and effectiveness of e-government services. Five key factors explored include organizational culture, technology infrastructure, adherence to standards and regulations, employee training and awareness and financial investment in cybersecurity. This study used a quantitative method to gather data from 320 participants. The researcher collected 285 completed questionnaires, excluding unusable or incomplete responses, and analyzed the final data set using partial least squares structural equation modeling.

The findings show that financial investment in cybersecurity, employee training and awareness and adherence to cybersecurity regulations significantly influence the adoption of robust cybersecurity practices. However, the relationship between organizational culture and cybersecurity practices is less straightforward. The research establishes a strong positive correlation between cybersecurity practices and e-government service quality, highlighting the role of security in fostering public trust and user satisfaction and meeting the evolving needs of citizens and businesses.

This research contributes valuable empirical evidence to the fields of e-government and cybersecurity, offering insights that can inform evidence-based policy decisions and resource allocation. By understanding the nuanced dynamics at play, Saudi Arabia is better poised to fortify its digital governance infrastructure and provide secure, high-quality e-government services to its constituents.

Security education, training and awareness (SETA) programs are the key to addressing “people problems” in information systems (IS) security. Contrary to studies using conventional methods, the present study leveraged an “event” lens and dimensionalized employees' perceptions into three sub-dimensions: perceived novelty, perceived disruption and perceived criticality. Moreover, this research went a step further by examining how pedagogical and communication approaches to a SETA program affect employees' perceptions of the program. This study then investigated whether – and if so, how – these approaches impact employees' perceptions of the SETA program and their subsequent commitment to it.

Utilizing a factorial-based scenario survey, this study empirically tested a model of the above relationships via covariance-based structural equation modeling.

The results of this research showed that pedagogical approaches were more effective than communication approaches and that employees' perceptions of the SETA program accounted for a large variance in their commitment to SETA.

First, this research deepens understanding of the protection of information assets by elaborating on the different approaches that organizations can take to encourage employees' commitment to SETA. Second, the study enriches the SETA literature by theorizing a SETA program as an organizational “event”, which represents a major shift from the conventional approach. Third, the study adds to the theoretical knowledge of the event lens by extending it to the SETA context and investigating the relationship among three event strength components.

Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information technology (IT)-centric solutions to secure and strengthen their information security ecosystem. Unfortunately, they pay little attention to human resource management (HRM) solutions. This paper aims to address this gap and proposes an actionable human resource (HR)-centric and artificial intelligence (AI)-driven framework.

The paper highlights the dangers posed by insider threats and presents key findings from a Leximancer-based analysis of a rapid literature review on the role, nature and contribution of HRM for information security, especially in addressing insider threats. The study also discusses the limitations of these solutions and proposes an HR-in-the-loop model, driven by AI and machine learning to mitigate these limitations.

The paper argues that AI promises to offer many HRM-centric opportunities to fortify the information security architecture if used strategically and intelligently. The HR-in-the-loop model can ensure that the human factors are considered when designing information security solutions. By combining AI and machine learning with human expertise, this model can provide an effective and comprehensive approach to addressing insider threats.

The paper fills the research gap on the critical role of HR in securing and strengthening information security. It makes further contribution in identifying the limitations of HRM solutions in info security and how AI and machine learning can be leveraged to address these limitations to some extent.

This study aims to examine the moderating role of formalization in the relationship between human resources (HR) practices and work engagement (WE) in aviation industry employees. The research revealed the moderator role of formalization, which is still one of the most critical components for aviation industry workers.

In the study, the authors used the survey method. In this explanatory and cross-sectional study, the authors examined a data set collected from aviation industry employees (n = 226) in Turkey using the partial least squares (PLS) method and tried to moderate the formalization. The authors analyzed the moderator role of formalization in the relationship between HR practices and WE with SmartPLS 3.0 and HAYES Process Macro.

The results of the study explain the effect of HR practices on WE in the context of social exchange theory through formalization. Findings show that formalization is an essential factor in HR practices’ resulting in higher WE.

The study is cross-sectional. Research participants participated in the study voluntarily. This situation, in turn, may lead to a social desirability bias in participants' self-reported responses. To avoid this, the authors have prepared a standardized measurement tool. Again, since the authors do not request the names and institutions of the participants, confidentiality and anonymity are provided.

Research findings offer implications for companies and employees in developing economies, especially in the aviation sector. It refers to the necessity for companies aiming for a sustainable strategic position in the competitive aviation sector to attach importance to HR practices that will enable them to see their employees as a competitive advantage. In addition, the results emphasize the need for aviation industry companies to adopt an approach that considers both practices that can increase WE and formalization procedures that can affect employee behavior.

This research provides a comprehensive understanding to examine the interrelationships between HR, formalization and WE in the context of the mechanism of social change in the context of aviation industry workers. To the best of the authors’ knowledge, no other researcher has holistically addressed these links in general, particularly in a developing country. The findings significantly enrich the literature on HR practices and WE, particularly in the context of a developing country.

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.

This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.

Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.

Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

The COVID-19 pandemic necessitated a significant shift in how employees executed their professional responsibilities. Concurrently, the incidence of cybercrime experienced a noteworthy surge due to the increased utilisation of cyberspace. The abrupt transition to telecommuting altered the interpersonal dynamics inherent in traditional work environments. This paper aims to examine the impact of interpersonal factors on the cybercrime preventative measures adopted by telecommuting employees.

A conceptual model, grounded in the Theory of Interpersonal Behaviour, is evaluated through an online survey. The data set comprises responses from 209 employees in South Africa, and the analysis uses partial least squares structural equation modelling.

The results reveal substantial predictive power to explain cybercrime preventative behaviours. Notably, the study underscores the significant influence of habit and affect on intention and subsequent behaviour.

The results suggest that practitioners should give due attention to emotional dimensions (affect) as a catalyst for information security behaviour. The formulation of employees’ information security responsibilities should be pragmatic, fostering subconscious compliance to establish routine behaviour (habit).

This research underscores the pivotal roles played by habit and emotions in shaping behavioural patterns related to information security. Furthermore, it provides researchers with an illustrative model for operationalising these constructs within the realm of security. The results contribute additional perspectives on the repercussions of the COVID-19 pandemic on cybercrime preventative behaviours.

The purpose of this study was to investigate the roles of employee experience and top management commitment in the relationship between human resource (HR) records management culture and HR records privacy control in organisations in Ghana.

Structural equation modelling was used in analysing the data. Following the specification of the model, three main types of analyses were carried out. They were reflective measurement model analyses to test reliability and validity; formative measurement model analyses to test redundancy, collinearity, significance and relevance of the lower-order constructs; and structural model analyses to ascertain the explanatory and predictive powers of the model, significance of the hypotheses and their effect sizes.

The study confirmed that communication, privacy awareness and training and risk assessment are dimensions of HR records management culture. Concerning the hypotheses, it was established that HR records management culture is related to HR records privacy control. Also, the study showed that employee experience positively moderated the relationship HR records management culture has with HR records privacy control. However, top management commitment negatively moderated the relationship HR records management culture has with HR records privacy control.

Organisations committed to the privacy control of HR records need to ensure the retention of their employees, as the longer they stay with the organisation, the more they embody the HR records management culture which improves the privacy control of HR records. For top management commitment, it should be restricted to providing strategic direction for HR records privacy control, as the day-to-day influence of top management commitment on the HR records management culture does not improve the privacy control of HR records.

This study demonstrates that communication, privacy awareness and training and risk assessment are dimensions of HR record management culture. Also, the extent of employee experience and top management commitment required in the relationship between HR records management culture and HR records privacy control is revealed.