Search results
1 – 10 of 133Siqi Hu, Carol Hsu and Zhongyun Zhou
Security education, training and awareness (SETA) programs are the key to addressing “people problems” in information systems (IS) security. Contrary to studies using conventional…
Abstract
Purpose
Security education, training and awareness (SETA) programs are the key to addressing “people problems” in information systems (IS) security. Contrary to studies using conventional methods, the present study leveraged an “event” lens and dimensionalized employees' perceptions into three sub-dimensions: perceived novelty, perceived disruption and perceived criticality. Moreover, this research went a step further by examining how pedagogical and communication approaches to a SETA program affect employees' perceptions of the program. This study then investigated whether – and if so, how – these approaches impact employees' perceptions of the SETA program and their subsequent commitment to it.
Design/methodology/approach
Utilizing a factorial-based scenario survey, this study empirically tested a model of the above relationships via covariance-based structural equation modeling.
Findings
The results of this research showed that pedagogical approaches were more effective than communication approaches and that employees' perceptions of the SETA program accounted for a large variance in their commitment to SETA.
Originality/value
First, this research deepens understanding of the protection of information assets by elaborating on the different approaches that organizations can take to encourage employees' commitment to SETA. Second, the study enriches the SETA literature by theorizing a SETA program as an organizational “event”, which represents a major shift from the conventional approach. Third, the study adds to the theoretical knowledge of the event lens by extending it to the SETA context and investigating the relationship among three event strength components.
Details
Keywords
Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and…
Abstract
Purpose
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.
Design/methodology/approach
This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.
Findings
This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.
Originality/value
The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.
Details
Keywords
Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony
This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA…
Abstract
Purpose
This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.
Design/methodology/approach
This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.
Findings
In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.
Originality/value
This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.
Details
Keywords
Morné Owen, Stephen V. Flowerday and Karl van der Schyff
Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this…
Abstract
Purpose
Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this paper is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, to ensure secure behaviour. Research that focused on issues such as personality traits, trust, attitude and Security, Education, Training and Awareness (SETA) was considered.
Design/methodology/approach
This study built on a recontextualized version of the theory of planned behaviour to evaluate the influence that optimism bias has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses from a South African financial services organisation using partial least squares (PLS) path modelling.
Findings
This study found that overly optimistic employees were inclined to behave insecurely, while factors such as attitude and trust significantly influenced the intention to behave securely.
Practical implications
Our contribution to practice seeks to enhance the effectiveness of SETA by identifying and addressing the optimism bias weakness to deliver a more successful training outcome.
Originality/value
Our study enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and offers a contextual explanation of the resultant behaviour.
Details
Keywords
Dien Van Tran, Phuong V. Nguyen, Linh Phuong Le and Sam Thi Ngoc Nguyen
This paper aims to investigate the influence of cybersecurity awareness and compliance attitudes on the protective behaviours exhibited by employees. This study also aims to…
Abstract
Purpose
This paper aims to investigate the influence of cybersecurity awareness and compliance attitudes on the protective behaviours exhibited by employees. This study also aims to explore the complex correlation between the level of awareness about cybersecurity measures and attitudes towards compliance with these measures. Additionally, it looks at how these factors collectively impact employees’ behaviour to protect organisational assets and information.
Design/methodology/approach
This study uses a quantitative research methodology in which primary data are gathered using a survey questionnaire distributed to personnel employed at Vietnamese organisations. The data are analysed, and the validity of the measurement and structural equation model is assessed using a partial least squares–structural equation model approach after the collection of all the survey responses.
Findings
The provision of policies and security education, training and awareness programmes are strongly and positively associated with cybersecurity awareness. Moreover, cybersecurity awareness plays an important role in shaping attitudes and intentions towards information security policy compliance (ISPC). Attitude is positively associated with intention towards ISPC and employee protective behaviour. Finally, the intention towards ISPC is significant in shaping employee protective behaviour.
Originality/value
This study contributes to the understanding of the antecedents of cybersecurity in developing countries such as Vietnam. Furthermore, it provides a comprehensive framework for understanding intention and protective behaviour through cybersecurity awareness and compliance attitudes. By combining the theory of planned behaviour and protection motivation theory with institutional governance, this study extends previous research on the effects of these variables on employee protective behaviour.
Details
Keywords
Pramukh Nanjundaswamy Vasist and Satish Krishnan
This study aims to establish a comprehensive understanding of the intricacies of how individuals engage with deepfakes, focusing on limiting adverse effects and capitalizing on…
Abstract
Purpose
This study aims to establish a comprehensive understanding of the intricacies of how individuals engage with deepfakes, focusing on limiting adverse effects and capitalizing on their benefits.
Design/methodology/approach
This study conducted a meta-synthesis of qualitative studies on deepfakes, incorporating study-specific analysis followed by a cross-study synthesis.
Findings
Based on the meta-synthesis, the study developed an integrated conceptual framework based on the perspectives from the social shaping of technology theory embedding deepfake-related assertions, motivations, the subtleties of digital platforms, and deepfake-related repercussions.
Research limitations/implications
The study offers crucial insights into the evolving nature of deepfakes as a socio-technical phenomenon and the significance of platform dynamics in deepfake production. It enables researchers to comprehend the cascading effects of deepfakes and positions them to evaluate deepfake-related risks and associated mitigation mechanisms.
Practical implications
The framework that emerges from the study illustrates the influence of platforms on the evolution of deepfakes and assists platform stakeholders in introducing effective platform governance structures to combat the relentless proliferation of deepfakes and their consequences, as well as providing guidance for governments and policymakers to collaborate with platform leaders to set guardrails for deepfake engagement.
Originality/value
Deepfakes have been extensively contested for both their beneficial and negative applications and have been accused of heralding an imminent epistemic threat that has been downplayed by some quarters. This diversity of viewpoints necessitates a comprehensive understanding of the phenomenon. In responding to this call, this is one of the first to establish a comprehensive, theoretically informed perspective on how individuals produce, process, and engage with deepfakes through a meta-synthesis of qualitative literature on deepfakes.
Details
Keywords
Thai Pham and Farkhondeh Hassandoust
Information security (InfoSec) policy violations are of great concern to all organisations worldwide, especially in the financial industry. Although the importance of InfoSec…
Abstract
Purpose
Information security (InfoSec) policy violations are of great concern to all organisations worldwide, especially in the financial industry. Although the importance of InfoSec policy has been highlighted for many decades, InfoSec breaches still occur due to a low level of employee compliance and a lack of engagement and competence in high-level management. However, previous studies have primarily investigated the behavioural aspects of InfoSec policy compliance at the individual level rather than the managerial factors involved in constructing InfoSec policy and developing its effectiveness. Thus, drawing on neo-institutional theory and a transformational leadership framework, this research investigated the influence of external mechanisms and transformational leadership on InfoSec policy effectiveness.
Design/methodology/approach
The research model was implemented using field survey data from professional managers in the financial sector.
Findings
The results reported that neo-institutional mechanisms and transformational leadership shape InfoSec policy effectiveness in an organisation.
Originality/value
This study broadens current InfoSec policy research from an individual level to a managerial perspective and enhances the existing literature on neo-institutional and transformational leadership in the context of InfoSec. It highlights the need to evaluate InfoSec policy based on external factors and to support transformational leadership styles that promote InfoSec policy enforcement and effectiveness.
Details
Keywords
Carmel Marock, Sindile Moitse and Josephilda Nhlapo-Hlope
This chapter maps out and provides a rapid assessment of, the successes and shortcomings of key national interventions on youth employment in South Africa. It focuses on…
Abstract
This chapter maps out and provides a rapid assessment of, the successes and shortcomings of key national interventions on youth employment in South Africa. It focuses on programmes intended for young people aged 15–34 years of age, considering the specific needs of 15–24 year olds as compared 25–34 year olds and the particular needs of young women, youth with different educational qualifications, youth from the rural areas, youth with disabilities as well as youth from varied socio-economic backgrounds and social issues. The conceptual framework underpinning this chapter informs the way in which the data has been categorised and analysed. The framework is underpinned by a core assumption, that, while unemployment is a national challenge in South Africa, there are particular challenges that specifically affect youth. This requires a youth employment strategy that addresses the needs of different cohorts of young people and specifically addresses the myriad of ways in which young people transition into the labour market. The chapter further proposes that we need to understand that enabling successful Labour Market Transitions necessitate a strategy that can overcome ‘failures’ with respect to both supply and demand as well as ‘failures’ of alignment between supply and demand.
Details
Keywords
Gregor Petrič and Špela Orehek
Expressing views on organizational information security (IS) by employees is vital for improving security processes, policies and trainings, while non-communication may conceal…
Abstract
Purpose
Expressing views on organizational information security (IS) by employees is vital for improving security processes, policies and trainings, while non-communication may conceal the true state of the human factor of IS and lead to security breaches. The purpose of this paper is to introduce the concept of opinion expressing about organizational IS, provide an explanatory model based on the theory of spiral of silence and offer its empirical validation.
Design/methodology/approach
Data from a web-based survey among the employees of one the universities in the European Union (n = 504) was analyzed with regression analysis to investigate the proposed hypotheses.
Findings
The study reveals that employees with positive opinions about IS will be more willing to share their opinions with coworkers and management. However, when employees perceive that their pro-IS opinions are not shared by other coworkers, they will remain silent, which increases the risk of problematic opinions spreading throughout the organization.
Research limitations/implications
The study highlights the need to focus on the communication perspectives of organizational information security, an area often overlooked in the human factor of information security research.
Practical implications
The results highlight the need to examine the gap between the dominant climate of opinion about IS in the organization and the display of compliant IS behaviors in order to strengthen IS endeavors. Organizations are encouraged to facilitate open dialogue about IS processes, policies and training and implement mechanisms for considering employees’ feedback in order to improve the organization’s IS.
Originality/value
The study contributes to a growing body of research that moves beyond viewing employees merely as subjects of compliance, recognizing instead their agency in IS issues that can enhance organizational resilience. To the best of the authors’ knowledge, this is the first study to apply the spiral of silence theory in the IS field, thereby helping to overcome the lack of communication science perspectives in organizational IS research.
Details
Keywords
Ruksana Banu, Preeti Shrivastava and Mohamed Salman
The effect of e-learning success relies on the learning management system and its effectiveness provided to the learners. As a result, higher education institutions (HEIs) are…
Abstract
Purpose
The effect of e-learning success relies on the learning management system and its effectiveness provided to the learners. As a result, higher education institutions (HEIs) are expanding using various e-learning platforms and focusing on system and information quality. This study adopts the ISS (information system success) model to assess students' perception of e-learning system success (e-LSS).
Design/methodology/approach
A quantitative research approach was used to analyse 151 students' perceptions collected from HEIs in Oman. The survey instrument was built on prior research related to DeLone and McLean’s ISS model, and expert opinion was involved for validation. The snowball sampling method was used to collect the data, and participants' anonymity and confidentiality were maintained as part of the ethical process. The reliability of data was tested using Cronbach's alpha analysis. A statistical tool like correlation was used to examine the relationship between the study variables (system quality, information quality, user satisfaction and e-LSS).
Findings
This study’s results revealed that students positively perceived system usage, and users' satisfaction with e-learning systems (e-LSs) was high. Moreover, the correlation results indicated that the system and information quality aspects of e-learning significantly influence e-LSS.
Practical implications
The study results on students' perspective towards e-learning information systems can be advantageous to HEIs and various stakeholders like policymakers, and e-learning platforms. It may support and assist the HEIs and corporate firms in deciding on e-learning platforms for students and learners, respectively. Moreover, the consolidated findings will contribute to the existing literature on e-learning success factors from students’ perspectives.
Originality/value
This study examines the students' perception of e-LSS in Oman HEIs and advocates prospects for further in-depth study and analysis.
Details