Search results
1 – 10 of 373Siqi Hu, Carol Hsu and Zhongyun Zhou
Security education, training and awareness (SETA) programs are the key to addressing “people problems” in information systems (IS) security. Contrary to studies using conventional…
Abstract
Purpose
Security education, training and awareness (SETA) programs are the key to addressing “people problems” in information systems (IS) security. Contrary to studies using conventional methods, the present study leveraged an “event” lens and dimensionalized employees' perceptions into three sub-dimensions: perceived novelty, perceived disruption and perceived criticality. Moreover, this research went a step further by examining how pedagogical and communication approaches to a SETA program affect employees' perceptions of the program. This study then investigated whether – and if so, how – these approaches impact employees' perceptions of the SETA program and their subsequent commitment to it.
Design/methodology/approach
Utilizing a factorial-based scenario survey, this study empirically tested a model of the above relationships via covariance-based structural equation modeling.
Findings
The results of this research showed that pedagogical approaches were more effective than communication approaches and that employees' perceptions of the SETA program accounted for a large variance in their commitment to SETA.
Originality/value
First, this research deepens understanding of the protection of information assets by elaborating on the different approaches that organizations can take to encourage employees' commitment to SETA. Second, the study enriches the SETA literature by theorizing a SETA program as an organizational “event”, which represents a major shift from the conventional approach. Third, the study adds to the theoretical knowledge of the event lens by extending it to the SETA context and investigating the relationship among three event strength components.
Details
Keywords
Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and…
Abstract
Purpose
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.
Design/methodology/approach
This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.
Findings
This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.
Originality/value
The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.
Details
Keywords
Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony
This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA…
Abstract
Purpose
This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.
Design/methodology/approach
This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.
Findings
In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.
Originality/value
This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.
Details
Keywords
Tejaswini Herath, Myung-Seong Yim, John D’Arcy, Kichan Nam and H.R. Rao
Employee security behaviors are the cornerstone for achieving holistic organizational information security. Recent studies in the information systems (IS) security literature have…
Abstract
Purpose
Employee security behaviors are the cornerstone for achieving holistic organizational information security. Recent studies in the information systems (IS) security literature have used neutralization and moral disengagement (MD) perspectives to examine employee rationalizations of noncompliant security behaviors. Extending this prior work, the purpose of this paper is to identify mechanisms of security education, training, and awareness (SETA) programs and deterrence as well as employees’ organizational commitment in influencing MD of security policy violations and develop a theoretical model to test the proposed relationships.
Design/methodology/approach
The authors validate and test the model using the data collected from six large multinational organizations in Korea using survey-based methodology. The model was empirically analyzed by structural equation modeling.
Findings
The results suggest that security policy awareness (PA) plays a central role in reducing MD of security policy violations and that the certainty of punishment and immediacy of enforcing penalties are instrumental toward reducing such MD; however, the higher severity of penalties does not have an influence. The findings also suggest that SETA programs are an important mechanism in creating security PA.
Originality/value
The paper expands the literature in IS security that has examined the role of moral evaluations. Drawing upon MD theory and social cognitive theory, the paper points to the central role of SETA and security PA in reducing MD of security policy violations, and ultimately the likelihood of this behavior. The paper not only contributes to theory but also provides important insights for practice.
Details
Keywords
Cheddi Kiravu, Moses T. Oladiran and Kamen Yanev
The conceptualisation of technology adoption has largely been based on the Bass or some Bass-derived model – notably, the logistic model. Logistic-type models offer limited…
Abstract
Purpose
The conceptualisation of technology adoption has largely been based on the Bass or some Bass-derived model – notably, the logistic model. Logistic-type models offer limited insights regarding the adoption process dynamics or the utility value of their results. The purpose of this paper is to outline an alternative technology adoption framework based on complex adaptive networks.
Design/methodology/approach
An agent-based methodological approach is proposed. In it the actors, factors, goals, and adaptive learning influences driving solar energy technology adoption (SETA) process are first substantiated by empirical evidence gathered using field questionnaires and then incorporated in the simulation of a dynamic complex adaptive network of SETA. The complex adaptive network model is based on simple heuristic rules applied using a modified preferential attachment scheme within a NetLogo simulation environment.
Findings
The interim results suggest an emergent network where prominent hub “driver” agents underlining the robustness of the model are statistically discernible.
Research limitations/implications
The research is limited to solar photovoltaic and solar water heating technology adoption in Botswana households; however, its results are far-reaching.
Practical implications
These results can be related to sustainable energy policy design. There, targeted incentive mechanisms can be formulated against the backdrop of the identified environmental factors and actors; the aim being to accelerate and cascade SETA.
Social implications
The results could also be cascaded to other sectors and other non-solar technologies, thus providing a general alternative framework for enabling the widespread adoption of technologies.
Originality/value
This research therefore represents a novel way of utilizing the new science of networks to accelerate SETA.
Details
Keywords
Arnesh Telukdarie, Megashnee Munsamy, Popopo Jonas Mohlala, Lesego Lydia Monnapula and Radhakrishnan Viswanathan
The purpose of this research is to investigate sustainable strategies for skills development that is specific to the youth of South Africa. International and South African data…
Abstract
Purpose
The purpose of this research is to investigate sustainable strategies for skills development that is specific to the youth of South Africa. International and South African data are statistically analysed and quantified to provide inputs for the systems dynamics (SD)-based predictive skills model. The skills model simulates the impact of barriers and drivers on youth skills development towards identification of focus areas for improvement.
Design/methodology/approach
The research adopts a mixed-methods approach. The study begins with an explorative literature study on skills development, with the findings applied in developing (1) South African specific research instruments for small, medium and micro enterprises (SMMEs) and skills programme grant recipients and (2) a conceptual framework of the SD predictive skills model. The responses to the South African specific instruments are analysed via confirmatory factor analysis (CFA), which quantifies the input coefficients to the system dynamics model. To quantify the global inputs for the SD model, an in-depth literature review of the global skills development initiatives is conducted. The SD model output on skills, for the South African inputs, is comparatively evaluated against global inputs.
Findings
The paper details the results of the literature analysis, instrument analyses, CFA and SD model. The instrument results rank experience, skills and interactions with experts and work-based learning as most important. South African and global learners identify networking as the primary medium for identifying training and employment opportunities. South African and global learners also identify qualifications and work-based experience as key to finding employment. The quantified results of the SA and global analysis are used as inputs in the SD model to deliver a forecasting tool. The SD model finds that the global data provide for better development of the skills base than the South African inputs. The key focus areas identified for improvement in South Africa include networking, work-based experience and a reduction in administrative requirements.
Originality/value
The research's originality resides in the ability to predict the impact of drivers and barriers on skills development. This research sought to transform qualitative global and South African inputs into a consolidated, predictive systems-based model. The SD model can be adopted as an indicator of drivers and barriers focused towards the optimisation of skills development.
Details
Keywords
The study aims to investigate some of the interventions which have been introduced by the South African Government through its various agencies (Sector Education Training…
Abstract
Purpose
The study aims to investigate some of the interventions which have been introduced by the South African Government through its various agencies (Sector Education Training Authorities or SETA, for example) to support youth entrepreneurship and explore the challenges these agencies face, namely policy development, operational and pedagogic impediments.
Design/methodology/approach
The approach used to collect data was twofold; first, desk research was conducted on selected work in the area of entrepreneurial education and training. The second source of information was from empirical investigations on the impact made by the various Sector Education Training Authorities (SETAs) in supporting small, medium and micro enterprises (SME) levy payers in skills development. In addition to the information from SETAs, data are also used from impact assessment studies conducted for the South African Department of Trade and Industry and the Department of Science and Technology.
Findings
The study found that there are no inter‐disciplinary approaches in entrepreneurship training that make entrepreneurship education accessible to all students, and where appropriate, create teams for the development and exploitation of business ideas. Another finding is the fact that business/engineering students with different backgrounds are not connected.
Originality/value
This study has explored the nature of youth entrepreneurial education development through well‐designed entrepreneurial development efforts. An appropriate scheme in terms of cultivating an entrepreneurial spirit around training and concentrating efforts on supporting the growth of new ventures is suggested.
Details
Keywords
Kazuhisa Seta, Kei Tachibana, Ikuyo Fujisawa and Motohide Umano
Our research aim is to propose a support model for problem‐solving oriented learning (PSOL) and implement a humancentric system that supports learners and thereby develops their…
Abstract
Our research aim is to propose a support model for problem‐solving oriented learning (PSOL) and implement a humancentric system that supports learners and thereby develops their ability. We propose a human‐centric interactive framework for PSOL by employing the research results in the educational psychology field. The characteristic of our research is that our system understands the principle knowledge to support users through human‐computer interactions. It is very important to clarify the principle knowledge of the target application domain and develop the system based on it. We call the principle knowledge as ontology. By embedding ontology into the basis of a system, we can implement a more positive navigation function. In this paper, we analyze the learners’ cognitive activities in PSOL, propose a support model that encourages self‐regulated planning processes, and illustrate an interactive environment for making effective problem‐solving and learning processes based on the ontology.
Details
Keywords
Nurul Asmui Azmi Md Azmi, Ai Ping Teoh, Ali Vafaei-Zadeh and Haniruzila Hanifah
The purpose of this study is to examine factors, which influence information security culture among employees of telecommunications companies. The motivation for this study was…
Abstract
Purpose
The purpose of this study is to examine factors, which influence information security culture among employees of telecommunications companies. The motivation for this study was the rise in the number of data breach incidents caused by the organizations’ own employees.
Design/methodology/approach
A total of 139 usable responses were collected via a Web-based questionnaire survey from employees of Malaysian telecommunications companies. Data were analysed by using SmartPLS 3.
Findings
Security education, training and awareness (SETA) programmes and information security awareness were found to have a positive and significant impact on Information Security Culture. Additionally, self-reported employees’ security behaviour was found to act as a partial mediator on the relationship between information security awareness and information security culture.
Research limitations/implications
The study was cross-sectional in nature. Therefore, it could not measure changes in population over time.
Practical implications
The empirical data provides a new perspective on significant elements that influence information security culture in an emerging market. Organizations in the telecommunications industry can now recognize that SETA programmes and information security awareness have a significant impact on information security culture. Employees’ security behaviour also mediates the relationship between information security awareness and information security culture.
Originality/value
This is the first study to analyse the mediating effect of employees’ security behaviour on the relationship between information security awareness and information security culture in the Malaysian telecommunications context.
Details
Keywords
Abstract
Details