Search results

Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.

This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.

This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.

The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.

This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.

This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.

In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.

This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.

This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.

Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.

Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

Skilled graduates delivered through vocational programmes are critical to ensure the future growth of emerging economies. This study explored students' reflections and experiences of online teaching and learning (T&L) during the COVID-19 pandemic in South Africa. The study specifically focused on the transferable skills students acquired and their relevance to working in the local retail and hospitality industries.

Following a case study research design, this study retrospectively delved into the multi-perspectives of students enrolled in vocational programmes. A total of 145 students completed reflective questions via a Qualtrics link regarding the topic in question. Student reflections were grouped and analysed for recurring themes using Atlas.ti. Through thematic analysis, two topical themes emerged related to transferable skills development and the usefulness of skills for future work.

The findings suggest that although students had to rely on online classes during the COVID-19 pandemic, they still developed vital transferable skills, including communication, teamwork, organisational, self-management, flexibility, technology, metacognition and problem-solving.

The findings offer valuable input into planning and developing student-centric online courses to facilitate the development of desired transferable skills. Findings could also guide best T&L practices regarding how education and training across digital platforms could be used to ensure that graduates are prepared to navigate the future complexities of working in ever-changing globalised industries.

This study provides new insights into the evolution of T&L and how unexpected situations could provide an opportunity to hone desired skills and prepare students for employment and the 21st century workplace.

The study compares how work-integrated learning (WIL) placement positioning, duration, assessment strategies and environment at three Southern African universities influence engineering students' academic and employability outcomes.

The study used a qualitative case study approach that drew on the principles of collaborative autoethnography (CAE). The researchers reflected on WIL placement practices, structure, assessment, environment and outcomes at their universities and then analysed the reflections using comparative descriptive techniques.

The study reports no uniformity among the universities in positioning WIL placement in the curriculum. It is done during end-of-year vacations, between the penultimate and final year or in the last year. The study found WIL placement positioning does not influence academic outcomes; however, the influence on employability outcomes needs further investigation. Components of WIL placement assessment are similar, presentations, logbooks and reports. However, there are differences in the weightings of the various assessment components and the contribution of the industry supervisor. There is a growing trend towards placing students within universities to mitigate the challenges of limited opportunities of placements available in the industry. The impact of this also needs to be further investigated. Lastly, there are policy-related challenges in placing international students. Work restrictions on student visas limit international students’ access to WIL placement. Southern African universities need to lobby the waivers to student visa restrictions that limit their participation in WIL programs if there are to succeed in their internationalisation efforts.

The study highlights the gaps in understanding Southern African universities' WIL placement practices, particularly relating to the positioning of WIL placement in the curriculum, the assessment methods used and the theory to work integration and employability outcomes.

There is a global concern about the effectiveness of vocational education and training (VET) programmes in developing job-related skills and competencies for real-world environments for disadvantaged and unemployed youths. Experiential learning (EL) is a major component of VET programmes. This article aims to examine the effects of facilitating VET through EL theory to promote youths' skills acquisition. The study looks at the effects of material resources on the use of experiential learning theory (ELT), the types of EL and the contribution of ELT to VET programmes.

The research design mainly entails a qualitative research design and research method to allow the researcher to view the reality as is experienced from the inside out by the trainees and training centre managers on important data for a thorough understanding. The study participants were 512 young trainees who completed different training courses from the VET programmes and 24 centre managers in the KwaZulu-Natal province of South Africa.

The findings reveal that the use of ELT in VET programmes helped the trainees to gain real-world skills, hence contributing to their empowerment in terms of work experience and competence for their future employment. Based on the findings, the study concludes that ELT is an effective instrument to promote VET programmes for disadvantaged and unemployed youths.

The practical and social implications of the findings are that, while disadvantaged youths cannot access and afford higher education, public and private sectors can remedy their situation by providing non-school-based technical and vocational training to help such youths enter the labour market. The findings will motivate the providers of skills development for unemployed youths to use ELT in designing course curricula, planning resources and directing teaching-learning approaches to help trainees to acquire skills and competencies to perform tasks close to real-work situations.

The socio-economic implication of the article is that skills development plays an important role in poverty reduction. Investing in the skills development of citizens is vital to raise the incomes of poor groups and to reduce poverty (ILO, 2018). Although the causes of unemployment have also to do with economic factors in a country, skills development is an essential ingredient in developing capacities for labour market entry and increased income generation of a vulnerable group of people.

The article is significant because the study provides new insights into the use of ELT in VET programmes to improve their effectiveness in developing job-related skills and competencies for real-world environments for disadvantaged and unemployed youths. The study contributes to the body of knowledge by establishing a solid base for the evidence-informed practice of the effects of facilitating the VET programme through ELT to promote skills acquisition for the employment of unemployed and disadvantaged youths.

Several studies have shown that the mechanism of labour-intensive construction (LIC) projects can mitigate high unemployment and create skilled development, especially in developing nations. The guidelines and practices for implementation may have faced some encumbrances in some countries. Whether the current guidelines and practices for municipal infrastructure support agent (MISA) to execute LIC projects face hindrances in South Africa has yet to receive in-depth studies. Thus, this study attempts to proffer policy solutions to improve the proposed revised guidelines and practices for MISA in LIC project execution in South Africa.

The study's objectives were accomplished via a combination of 16 virtual interviews of built environment professionals and government officials involved in LIC project execution in South Africa and supported by the analysed documents. A thematic approach was used to analyse the data and presented two main themes.

Findings show lax enforcement of discretionary funds, lax institutional capacity and inadequate individual skills, among others, as the gaps in existing South Africa's LIC guidelines and practices. Also, policy solutions to address the gaps were proffered.

The suggested feasible policies will improve the proposed revised guidelines and practices for MISA in LIC project execution in South Africa. This guide will promote the development of individual skills, institutional capacities and increase employment across South Africa.

This study promotes the use of LIC to create employment and contribute to proffering measures that will improve the proposed revised third edition of the guidelines and practices for MISA to execute LIC.

In identifying both the topics of interest and key limitations of the extant organizational security research, both opportunities for future research as well as some underlying challenges for conducting this research may be revealed.

To identify the leading organizational cybersecurity research topics of interest and their key limitations, the author conducted a topic modeling analysis of the organizational level studies published in the Association for Information Systems (AIS) senior scholars' “basket of eight journals” (Association for Information Systems, 2022) over the past five years.

Leading topics include (1) organizational security research concerns governance and strategic level decision-making and their role in shaping organizational security successes and failures, (2) cybercriminals and organizations' ability to monitor and detect them from both within and outside the firm; (3) cost, liability and security negligence, (4) organizations' innovation dispositions for security products and services and (5) organizational breach response efficacy; while key limitations of this study include the following: (1) scholars' ability to propose and assess strategic and operational level threat response recommendations, (2) their understanding how influence is formed and maintained among employees and groups and (3) their measurement instruments and models.

Organizations remained plagued by an ever-emerging set of threats to the security of their digital and informational assets. New threats are regularly discovered and remedies to existing threats are continually proven ineffective against these new threats. Providing an orientation to the current research on organizational security can help advance their security efforts.

Social media has been gaining importance in recent years as an integral part of entrepreneurs’ business and marketing strategies. At the same time, the entrepreneurial use of social media can lead to dark and negative consequences. This aspect has received less attention in the literature so far. The purpose of this study is to advice entrepreneurial practitioners to balance the sides of pros and cons as being an inherent reality to acknowledge the full scenario of business life and the interplay of diverse influences.

The qualitative interviews focused on the dark side experiences of micro-entrepreneurs on social media and on strategies to protect their private identities and businesses from those dark side effects. For the theoretical classification of dark side experiences, the framework of Baccarella et al. (2018) was used and adapted based on the experiences reported.

To the best of the authors’ knowledge, the study is one of the first to provide an understanding of the negative experiences micro-entrepreneurs face on social media. The research showed the relevance of five out of the seven dark-side building blocks and identified time as a further influential aspect. Thereby, the authors learn to comprehend the negative sides of social media for micro-operated businesses. The findings highlight the need to understand entrepreneurial social media use with simultaneously negative hazards and economic and social challenges. Addressing the entanglement of the entrepreneurial and private selves of micro-entrepreneurs, the findings demonstrate entrepreneur’s attempts of distancing or cleaning the negativity from their private identities and their businesses.

This paper problematizes dark sides as critical elements in entrepreneurial practice, which are too often neglected when discussing entrepreneurial marketing in general and entrepreneurship in social media specifically. The self is always captured between two sides, including the problematic (“dark”) and the bright.

This paper proposes a holistic, proactive and adaptive approach to cybersecurity from a service lens, given the continuously evolving cyber-attack techniques, threat and vulnerability landscape that often overshadow existing cybersecurity approaches.

Through an extensive literature review of relevant concepts and analysis of existing cybersecurity frameworks, standards and best practices, a logical argument is made to produce a dynamic end-to-end cybersecurity service system model.

Cyberspace has provided great value for businesses and individuals. The COVID-19 pandemic has significantly motivated the move to cyberspace by organizations. However, the extension to cyberspace comes with additional risks as traditional protection techniques are insufficient and isolated, generally focused on an organization's perimeter with little attention to what is out there. More so, cyberattacks continue to grow in complexity creating overwhelming consequences. Existing cybersecurity approaches and best practices are limited in scope, and implementation strategies, differing in strength and focus, at different levels of granularity. Nevertheless, the need for a proactive, adaptive and responsive cybersecurity solution is recognized.

This paper presents a model that promises proactive, adaptive and responsive end-to-end cybersecurity. The proposed cybersecurity continuity and management model premised on a service system, leveraging on lessons learned from existing solutions, takes a holistic analytical view of service activities from source (service provider) to destination (Customer) to ensure end-to-end security, whether internally (within an organization) or externally.