Search results
1 – 10 of over 1000Nhlanhla Boyfriend Wilton Mlitwa and Dwain Birch
The purpose of this paper is to investigate the effectiveness of intrusion detection systems as an access control supplement in protecting electronic information resources and…
Abstract
Purpose
The purpose of this paper is to investigate the effectiveness of intrusion detection systems as an access control supplement in protecting electronic information resources and networks in information‐centric organisations. The study focuses on the strengths and vulnerabilities of intrusion detection systems (IDSs).
Design/methodology/approach
A qualitative case study is conducted with a retail organisation, and an educational institution in Cape Town, South Africa. Using purposive sampling, interviews are held with network administrators of sample institutions to unpack security priorities and the functionalities of IDSs, the significance of the system in concept, whether it is understood within network departments, the cost factor, and its value in securing networks against all possible security challenges. The activity theory is applied as a lens to understanding the security process, and to inform a future security frameworks and research initiatives.
Findings
The findings are clear. Although IDSs have vulnerabilities, they offer an added cushion to conventional network access control efforts. Access control for example, guards the gate but IDSs are the watchdogs in your yard, and IDS closes a gap in a network security that only IDSs can. It alerts you of a potential attacker, enabling you to respond promptly, in whichever way you like. It does however, require deliberate reaction against a detected intrusion to be effective, but remains a useful security tool that should become standard to all network security initiatives. A framework presenting network security as a work activity – with actors who are guided by goals – is offered to guide planning, implementations of network security and further research in future.
Originality/value
Security awareness is crucial to effective e‐citizenry, but complacency could be a threat. As a unique contribution, the paper presents an activity‐theory work‐activity framework of analysing network security. Further, the paper presents original, industry‐specific interview findings, raising awareness that existing security measures need to be viewed as a continuous work‐activity whose planning and implementations are embedded on goals and processes towards pursued outcomes. Access controls themselves should be monitored. They should be supplemented by effective intrusion detection systems if unauthorised access is to be effectively minimised.
Details
Keywords
Masike Malatji, Sune Von Solms and Annlizé Marnewick
This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal…
Abstract
Purpose
This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices.
Design/methodology/approach
The socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced.
Findings
The results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment.
Practical implications
This research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation.
Originality/value
The application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.
Details
Keywords
Annika Lantz and Peter Friedrich
The presented instrument for competence assessment is used in an attempt to make a systematic assessment of what and how much has been learned by an individual employee at a…
Abstract
The presented instrument for competence assessment is used in an attempt to make a systematic assessment of what and how much has been learned by an individual employee at a certain point of time in his/her career within an enterprise. Competencies in different work areas are treated: handling functional work tasks, managing disturbances, prioritising, co‐operating, organising, and achieving quality and environmental targets. All competencies are assessed on a scale measuring level of competence as cognitive complexity. Application of the instrument involves conducting a structured interview where the means‐goal relationship in different work activities is investigated in detail. A quantitative analysis of level of competence in each work area, ranging from behavioural routines to the extent to which an individual contributes to developing and changing his/her task, is then performed. The results of two different tests of inter‐rater reliability and six tests of validity (content, face and criterion validity) are presented. It is concluded that the instrument is adequately valid and reliable.
Details
Keywords
Addresses the standardization of the measurements and the labels for concepts commonly used in the study of work organizations. As a reference handbook and research tool, seeks to…
Abstract
Addresses the standardization of the measurements and the labels for concepts commonly used in the study of work organizations. As a reference handbook and research tool, seeks to improve measurement in the study of work organizations and to facilitate the teaching of introductory courses in this subject. Focuses solely on work organizations, that is, social systems in which members work for money. Defines measurement and distinguishes four levels: nominal, ordinal, interval and ratio. Selects specific measures on the basis of quality, diversity, simplicity and availability and evaluates each measure for its validity and reliability. Employs a set of 38 concepts ‐ ranging from “absenteeism” to “turnover” as the handbook’s frame of reference. Concludes by reviewing organizational measurement over the past 30 years and recommending future measurement reseach.
Details
Keywords
Mikael Sundström and Robert Holmberg
The purpose of this paper is to study a class of issues that in spite of recognised needs and explicit managerial demands have proven hard to have “stick” in organisations…
Abstract
Purpose
The purpose of this paper is to study a class of issues that in spite of recognised needs and explicit managerial demands have proven hard to have “stick” in organisations (information security is used as an example). It offers a theory-driven rationale why superficially different issue areas can indeed be considered as instances of the identified class, and builds on complexity leadership theory (CLT) to explain how the related strategic challenges can be explained and possibly alleviated.
Design/methodology/approach
A. Kenneth Rice’s notion of organisations’ “primary task” is used to home in on its opposite that is here labelled “peripherality”. Existing strands of organisation research that can be related to this notion are then revisited to ground the fundamental concept theoretically. The CLT is finally used to provide a detailed understanding of the underlying dynamics.
Findings
The paper explains how and why certain issue areas seem resistant to common managerial intervention methods even though it would seem that organisational members are in fact favouring proposed changes (a state that would normally increase the chances of success). It also offers ideas how these challenges may fruitfully be approached.
Originality/value
Problems related to the suggested “peripherality” class of issues have thus far been approached as wholly unrelated (and for that reason as idiosyncratic). The proposed framework offers a hitherto never attempted way systematically to link these challenges – and so structure and concentrate discussion about possibly common remedies.
Details
Keywords
Sherly de Yong, Murni Rachmawati and Ima Defiana
This paper aims to identify aspects of how work-life interaction has changed in the post-pandemic situations and propose strategies of the security concept for living-working…
Abstract
Purpose
This paper aims to identify aspects of how work-life interaction has changed in the post-pandemic situations and propose strategies of the security concept for living-working patterns in the post-pandemic interior as future disease prevention.
Design/methodology/approach
We conducted a systematic literature search and review to select previous research systematically and relate concepts by coding the data and synthesising the data critically. The systematic literature search and review considered 90 papers (35 were studied).
Findings
The findings identify three strategies: hybrid activity patterns, new layout for hybrid and changing behaviour and culture. Each strategy demonstrates the connection between the hybrid living-working interior spaces in the post-pandemic period and security-pandemic variables. The results on security design factors focused on interior control, detection and deterrence; connection to nature creates a safer environment to prevent further variables; and hybrid activity requires more elements to govern users' behaviour and culture.
Research limitations/implications
Limitations of this study are as follows: excluded papers that are not written in English/Bahasa or do not have gold/green open access; some aspects were not discussed (such as social distancing); the articles included in this review are up to April 2023 (and there is the possibility of recent papers). Future studies can be developed to update building certification for post-pandemic interiors or research with psychological, social equity or family vitality issues.
Originality/value
The study offers strategies and the holistic relationship between the post-pandemic concept and security-pandemic design variables within the built environment, especially in the users' culture and behaviour context.
Details
Keywords
Thiagarajan Ramakrishnan, Dwight M. Hite, Joseph H. Schuessler and Victor Prybutok
Information security is a growing issue that impacts organizations in virtually all industries, and data breaches impact millions of customers and cost organizations millions of…
Abstract
Purpose
Information security is a growing issue that impacts organizations in virtually all industries, and data breaches impact millions of customers and cost organizations millions of dollars. Within the past several years alone, huge data breaches have been experienced by organizations such as Marriot, Equifax, eBay, JP Morgan Chase, Home Depot, Target and Yahoo, the latter of which impacted three billion users. This study aims to examine the utilization of pre-employment screening to identify potential hires that may require enhanced information security training to avoid such costs.
Design/methodology/approach
The authors hypothesize that an individual’s work ethic predicts a person’s information security behavior. The authors test this hypothesis using structural equation modeling with bootstrapping techniques.
Findings
Data analysis suggests that certain dimensions of work ethic do indeed predict information security posture, and thus, simple pre-employment screening techniques (i.e. questionnaires) can aid in identifying potential security threats.
Practical implications
The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires.
Originality/value
The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires.
Details
Keywords
Intrinsic motivation occurs due to positive reactions that arise directly from engagement in work activities. Scholars have asserted that intrinsic motivation plays an important…
Abstract
Intrinsic motivation occurs due to positive reactions that arise directly from engagement in work activities. Scholars have asserted that intrinsic motivation plays an important role in organizational phenomena such as creativity (George, 2007), leadership (Piccolo & Colquitt, 2006), and performance (Gagné & Deci, 2005). We review the research literature on intrinsic motivation and provide an overview and integration of the leading theories. We then develop a conceptual model in which positive affect serves as a primary cause of intrinsic motivation. We discuss how affect alone may induce intrinsic motivation, how affect may lead to nonconscious experiences of intrinsic motivation, and how affect and cognitions may work in concert to produce the strongest and most persistent intrinsic motivation experiences. We conclude by suggesting new avenues for research that might be pursued using this cognitive–affective model of intrinsic motivation.
The purpose of this study is to explore the use and continued intention to use six social media applications (SMAs) (i.e., Facebook, Twitter, YouTube, LinkedIn, Skype and…
Abstract
Purpose
The purpose of this study is to explore the use and continued intention to use six social media applications (SMAs) (i.e., Facebook, Twitter, YouTube, LinkedIn, Skype and Instagram) by small- and medium-sized enterprises (SMEs) in Kuwait.
Design/methodology/approach
A survey of 357 SMEs in Kuwait was conducted to achieve the study objectives.
Findings
The study results showed that SMEs mostly used application was Facebook (by more than three quarters of the SMEs), and the least used one was LinkedIn (by around 6 per cent of the SMEs). Also, approximately third of the SMEs used YouTube, Instagram and Twitter. Of those, more than one third used these applications daily. The study also found that both gaining popularity and enjoyment were the main motivations for using all six applications by SMEs. Moreover, the study found that the applications were mostly used for information, communication and marketing.
Research limitations/implications
SMEs used and have continued intention to use SMAs for their enjoyment and usefulness, because other SMEs use them and because of their complementarity. In light of the results, several recommendations were suggested to increase the use and continued intention to use SMAs by SMEs in Kuwait. For academics, it may give them an idea of the extent to which SMEs use SMAs in doing work activities, which they can use as a starting point to investigate other factors that might influence the use SMAs by SMEs.
Practical implications
For practitioners especially SMEs owners and managers, it may help to encourage them to use the SMAs and to raise their awareness of the benefits of these applications to their work.
Social implications
The findings generally suggest that SMEs need ongoing support from the government, industry or any bodies that are interested in the development of SMEs. This support includes providing a more comprehensive view about SMAs such as raising the awareness of SMEs about the potential benefits of some of these applications such as YouTube, Skype and LinkedIn and conducting training courses that help SMEs to set up rules, procedures and strategies on how to use these various applications.
Originality/value
SMAs have a number of characteristics that make it a suitable option for doing SMEs’ work activities. Therefore, SMAs could provide SMEs with opportunities for interaction and communication with customers and suppliers. Although the literature describes the different aspects of these applications and their potential benefits for people in general and industry in particular, little research has attempted to explore the actual use of these applications especially by SMEs in developing countries in general and in Kuwait in particular.
Dan Harnesk and John Lindström
The purpose of this paper is to broaden the understanding about security behaviour by developing a security behaviour typology based on the concepts of discipline and agility.
Abstract
Purpose
The purpose of this paper is to broaden the understanding about security behaviour by developing a security behaviour typology based on the concepts of discipline and agility.
Design/methodology/approach
A case study was designed to analyze security behaviours in one public nursing centre. The inquiry was organized around the themes discipline and agility, culture, and security processes in order to get an in‐depth understanding of the complex relationship between security management, referred to as discipline, and security in use, referred to as agility.
Findings
The paper shows that security behaviour can be shaped by discipline and agility and that both can exist collectively if organizations consider the constitutional and existential aspects of information security (IS) management.
Practical implications
This research makes a pivotal stand for the issue how security behaviours narrate a broad picture to enhance IS management. In particular, this will improve design of IS training and awareness programs.
Originality/value
This research is relevant to IS management in organizations, particularly as behavioural and cultural aspects are becoming increasingly significant for maintaining and also designing systemic IS management.
Details