Search results

Security education, training and awareness (SETA) programs are the key to addressing “people problems” in information systems (IS) security. Contrary to studies using conventional methods, the present study leveraged an “event” lens and dimensionalized employees' perceptions into three sub-dimensions: perceived novelty, perceived disruption and perceived criticality. Moreover, this research went a step further by examining how pedagogical and communication approaches to a SETA program affect employees' perceptions of the program. This study then investigated whether – and if so, how – these approaches impact employees' perceptions of the SETA program and their subsequent commitment to it.

Utilizing a factorial-based scenario survey, this study empirically tested a model of the above relationships via covariance-based structural equation modeling.

The results of this research showed that pedagogical approaches were more effective than communication approaches and that employees' perceptions of the SETA program accounted for a large variance in their commitment to SETA.

First, this research deepens understanding of the protection of information assets by elaborating on the different approaches that organizations can take to encourage employees' commitment to SETA. Second, the study enriches the SETA literature by theorizing a SETA program as an organizational “event”, which represents a major shift from the conventional approach. Third, the study adds to the theoretical knowledge of the event lens by extending it to the SETA context and investigating the relationship among three event strength components.

Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.

This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.

This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.

The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.

This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.

This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.

In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.

This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.

This study aims to establish a comprehensive understanding of the intricacies of how individuals engage with deepfakes, focusing on limiting adverse effects and capitalizing on their benefits.

This study conducted a meta-synthesis of qualitative studies on deepfakes, incorporating study-specific analysis followed by a cross-study synthesis.

Based on the meta-synthesis, the study developed an integrated conceptual framework based on the perspectives from the social shaping of technology theory embedding deepfake-related assertions, motivations, the subtleties of digital platforms, and deepfake-related repercussions.

The study offers crucial insights into the evolving nature of deepfakes as a socio-technical phenomenon and the significance of platform dynamics in deepfake production. It enables researchers to comprehend the cascading effects of deepfakes and positions them to evaluate deepfake-related risks and associated mitigation mechanisms.

The framework that emerges from the study illustrates the influence of platforms on the evolution of deepfakes and assists platform stakeholders in introducing effective platform governance structures to combat the relentless proliferation of deepfakes and their consequences, as well as providing guidance for governments and policymakers to collaborate with platform leaders to set guardrails for deepfake engagement.

Deepfakes have been extensively contested for both their beneficial and negative applications and have been accused of heralding an imminent epistemic threat that has been downplayed by some quarters. This diversity of viewpoints necessitates a comprehensive understanding of the phenomenon. In responding to this call, this is one of the first to establish a comprehensive, theoretically informed perspective on how individuals produce, process, and engage with deepfakes through a meta-synthesis of qualitative literature on deepfakes.

Information security (InfoSec) policy violations are of great concern to all organisations worldwide, especially in the financial industry. Although the importance of InfoSec policy has been highlighted for many decades, InfoSec breaches still occur due to a low level of employee compliance and a lack of engagement and competence in high-level management. However, previous studies have primarily investigated the behavioural aspects of InfoSec policy compliance at the individual level rather than the managerial factors involved in constructing InfoSec policy and developing its effectiveness. Thus, drawing on neo-institutional theory and a transformational leadership framework, this research investigated the influence of external mechanisms and transformational leadership on InfoSec policy effectiveness.

The research model was implemented using field survey data from professional managers in the financial sector.

The results reported that neo-institutional mechanisms and transformational leadership shape InfoSec policy effectiveness in an organisation.

This study broadens current InfoSec policy research from an individual level to a managerial perspective and enhances the existing literature on neo-institutional and transformational leadership in the context of InfoSec. It highlights the need to evaluate InfoSec policy based on external factors and to support transformational leadership styles that promote InfoSec policy enforcement and effectiveness.

This chapter maps out and provides a rapid assessment of, the successes and shortcomings of key national interventions on youth employment in South Africa. It focuses on programmes intended for young people aged 15–34 years of age, considering the specific needs of 15–24 year olds as compared 25–34 year olds and the particular needs of young women, youth with different educational qualifications, youth from the rural areas, youth with disabilities as well as youth from varied socio-economic backgrounds and social issues. The conceptual framework underpinning this chapter informs the way in which the data has been categorised and analysed. The framework is underpinned by a core assumption, that, while unemployment is a national challenge in South Africa, there are particular challenges that specifically affect youth. This requires a youth employment strategy that addresses the needs of different cohorts of young people and specifically addresses the myriad of ways in which young people transition into the labour market. The chapter further proposes that we need to understand that enabling successful Labour Market Transitions necessitate a strategy that can overcome ‘failures’ with respect to both supply and demand as well as ‘failures’ of alignment between supply and demand.

The effect of e-learning success relies on the learning management system and its effectiveness provided to the learners. As a result, higher education institutions (HEIs) are expanding using various e-learning platforms and focusing on system and information quality. This study adopts the ISS (information system success) model to assess students' perception of e-learning system success (e-LSS).

A quantitative research approach was used to analyse 151 students' perceptions collected from HEIs in Oman. The survey instrument was built on prior research related to DeLone and McLean’s ISS model, and expert opinion was involved for validation. The snowball sampling method was used to collect the data, and participants' anonymity and confidentiality were maintained as part of the ethical process. The reliability of data was tested using Cronbach's alpha analysis. A statistical tool like correlation was used to examine the relationship between the study variables (system quality, information quality, user satisfaction and e-LSS).

This study’s results revealed that students positively perceived system usage, and users' satisfaction with e-learning systems (e-LSs) was high. Moreover, the correlation results indicated that the system and information quality aspects of e-learning significantly influence e-LSS.

The study results on students' perspective towards e-learning information systems can be advantageous to HEIs and various stakeholders like policymakers, and e-learning platforms. It may support and assist the HEIs and corporate firms in deciding on e-learning platforms for students and learners, respectively. Moreover, the consolidated findings will contribute to the existing literature on e-learning success factors from students’ perspectives.

This study examines the students' perception of e-LSS in Oman HEIs and advocates prospects for further in-depth study and analysis.

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.

This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.

Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.

Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

The e-learning-based approach is critical in keeping the wheels of education turning in the face of the COVID-19 epidemic. In this scenario, analyzing the implementation of the e-learning system is required to properly grasp the needs. The purpose of this paper is to demonstrate the relationship between technical system quality, information quality, service quality, educational system quality, support system quality, learner quality, instructor quality, perceived satisfaction, perceived usefulness, e-learning system use and benefits.

This study was carried out by giving online questionnaires to students attending private institutions in Indonesia. A total of 593 students participated in the study and provided responses. The structural equation model, which is supported by the program WarpPLS7.0, is used to analyze the data.

Maintaining the quality of the technological system, the information system, the learners and the educational system can help achieve the goal of increasing perceived utility. In the meanwhile, factors such as inadequate service quality, educational system quality, support system quality and teacher quality can all pose challenges to perceived levels of satisfaction. To get the most out of e-learning apps, users' expectations about how fun, useful and easy to use they are need to be met.

This study was carried out in the midst of the COVID-19 epidemic with a restricted number of participants from Indonesian institutions of higher education. This research has the potential to be expanded into a variety of different types of higher education in the future.

The main thing that will determine whether an e-learning system model works is the quality of the learners.

The institution should think about changing the material offered in the e-learning system to make it easier for students to grasp by describing the current material and providing digital handouts of lecturers' explanations. This study expanded the e-learning system success model and applied it to the evaluation of e-learning deployment in Indonesian higher education. This study will improve student comprehension of the e-learning model and contribute to the body of knowledge about e-learning applications and technology.

Firms use Relative Performance Information (RPI) to improve employee performance; however, differences in employees’ remote work environments call into question whether RPI improves performance in remote work arrangements. By manipulating RPI provision across sections, the authors examine whether RPI improves performance in remote work arrangements using a field experiment in introductory accounting courses taught during the COVID-19 pandemic. The authors found that RPI improves performance in a remote work setting, as students receiving RPI achieved higher exam scores and increased their exam scores to a greater extent than students who did not receive RPI. The authors also found that lower performers improved performance more than higher performers in response to RPI, and the effect of RPI was more pronounced in those closest to meaningful thresholds. These results inform practice on the expected benefits of implementing RPI in a remote work setting.