Search results

The purpose of this study is to define the interactions that determine how secure a society is from terrorism and to propose a method for measuring the threat of terrorism in an objective and spatio-temporally comparable manner.

Game-theoretic analysis of the determinants of security and discussion of how to implement these interactions into a measure of security.

We show that governments concerned with popularity have an incentive to over-invest in security and that, in certain situations, this leads to a deterioration in net security position. Our discussion provides an implementable means for measuring the levels of threat and protection, as well as individuals’ perceptions of both, which we propose can be combined into an objective and scientific measure of security.

The implication for researchers is the suggestion that efficiency, as well as scale of counter-terrorism, is important in determining a country’s overall security position. Furthermore, we suggest that individuals’ perceptions are at least as important in determining suitable counter-terrorism policy as objective measures of protection and threat. The limitations of this research are found in the vast data requirements that any attempt to measure security will need.

We propose the first method for objectively measuring the net security position of a country, using economic and econometric means.

The purpose of this paper is to develop a guide for managing the provision of on-campus student housing facilities (SHFs) security and safety measures.

This study adopted a mixed-method approach; the questionnaire was used as an instrument to collect quantitative data, whereas the interview was used to collect qualitative data. Descriptive and inferential statistics and importance-performance analysis models were used to analyse the quantitative data, whereas content analysis was used for the qualitative data.

This study found that students rated the satisfaction of all the SHFs safety and security measures below the level of importance. Three categories of performance level (i.e. poor, average and good) were determined. It also became evident that most of the measures were performing averagely, quite a number were poorly performing and few were performing well.

Data was collected from only one university; therefore, the findings of the research may not be generalised. A study that expands the number of participating universities is recommended.

The guide developed can be used by the facility and/or hostel managers to ensure appropriate management of SHFs security and safety measures. The guide can also assist to ensure that all the essential safety measures are provided when designing, constructing or upgrading SHFs. It would also aid in the development of policy frameworks for SHFs security and safety.

Although several studies have been conducted on SHFs, studies that mainly focussed on prioritising SHFs security and safety measures are lacking. With this paper, the authors also demonstrate the practicality of the use of the IPA model to aid the process of developing improvement priorities.

The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.

A survey was designed and data were collected from information security managers in a selection of Norwegian organizations.

Technical‐administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness‐creating activities are applied by the organizations to a considerably lesser extent, but are at the same time these are assessed as being more effective organizational measures than technical‐administrative ones. Consequently, the study shows an inverse relationship between the implementation of organizational information security measures and assessed effectiveness of the organizational information security measures.

Provides insight into the non‐technological side of information security. While most other studies look at the effectiveness of single organizational security measures, the present study considers combinations of organizational security measures.

Security, safety, environment and health have become an integral part of facility management (FM). Therefore, FM departments within organisations are required to put measures in place to safeguard facility users. This paper thus aims to investigate and compare the safety and security measures that are provided in the student housing of two universities in South Africa.

A mixed method approach was adopted; interview was used to collect qualitative data, whereas a questionnaire was used as an instrument to collect quantitative data. Content analysis was used to analyse the qualitative data, whereas both descriptive and inferential statistics were used to analyse the quantitative data.

It became evident that university B had a better provision of safety and security measures in the student housing than university A. The study also found that both universities had some lapses in the safety and security measures provided in the student housing. Measures that were lacking in both universities were weapon detector, closed-circuit television (CCTV), water sprinkler system, burglar bars on the doors, lift for disabled students, disabled toilet facility, traffic light, tags for vehicles, first aid box, accident book and medically trained personnel.

Data were collected from only two universities, making it difficult to generalise the findings of the research. For a broader perspective, a study that expands the number of participating universities is recommended.

The facility management and safety department in the universities can use the recommendations to improve on the safety and security measures required in the student housing. Moreover, the recommendations can contribute to the development of policy frameworks for student housing safety.

There is a paucity of studies on student housing safety/security worldwide, and South Africa in particular. With this study, the authors contribute to the body of knowledge in this area of research.

The objective of this research was to propose and validate a holistic framework for information security culture evaluation, built around a novel approach, which includes technological, organizational and social issues. The framework's validity and reliability were determined with the help of experts in the information security field and by using multivariate statistical methods.

The conceptual framework was constructed upon a detailed literature review and validated using a range of methods: first, measuring instrument was developed, and then content and construct validity of measuring instrument was confirmed via experts' opinion and by closed map sorting method. Convergent validity was confirmed by factor analysis, while the reliability of the measuring instrument was tested using Cronbach's alpha coefficient to measure internal consistency.

The proposed framework was validated based upon the results of empirical research and the usage of multivariate analysis. The resulting framework ultimately consists of 46 items (manifest variables), describing eight factors (first level latent variables), grouped into three categories (second level latent variables). These three categories were built around technological, organizational and social issues.

This paper contributes to the body of knowledge in information security culture by developing and validating holistic framework for information security culture evaluation, which does not observe information security culture in only one aspect but takes into account its organizational, sociological and technical component.

This paper seeks to investigate which factors influence user attitudes toward different levels of security measures for protecting data of differing importance. The paper also examines user characteristics including IT proficiency and risk propensity, which give rise to individual differences in such attitudes.

To capture user attitudes toward a security measure, a construct called “information security readiness” (ISR) and its corresponding measurement items were developed. Observations were collected from a laboratory experiment based on a 2×3 factorial design, with data criticality and security level as the treatment variables. The participants were undergraduate students of a major American university. The moderating effect of data criticality on the relationship between security level and ISR was tested with multi‐group structural equation modeling. In addition to the treatment variables, IT proficiency and risk propensity were included as covariates in the analysis.

The results revealed a nonlinear relationship between security level and ISR. For data of high criticality, enhancing security level had a positive impact on ISR, but only up to the point perceived as appropriate by the participants. For data of low criticality, the enhancement of security level was perceived as unnecessary. In addition, IT proficiency was found to be a significant covariate, especially when data criticality was high.

In practice, the specification of a security measure requires a trade‐off between the utility of the data protected and the usability of the security method. The measure of ISR provides a means to locate the equilibrium by examining user attitudes across different security levels in relation to a particular level of data criticality. The significance of IT proficiency demonstrates the importance of user training.

This study introduces the ISR construct to capture evaluation, power, and activity dimensions underlying an individual's cognitive beliefs, affective responses, and behavioral inclinations toward the adoption of security measures. The results provide interesting insights into the role of interaction between security level and data criticality in influencing ISR.

This paper aims to investigate two different types of compliance measures: the first measure is a value-monistic compliance measure, whereas the second is a value-pluralistic measure, which introduces the idea of competing organisational imperatives.

A survey was developed using two sets of items to measure compliance. The survey was sent to 600 white-collar workers and analysed through ordinary least squares.

The results suggest that when using the value-monistic measure, employees’ compliance was a function of employees’ intentions to comply, their self-efficacy and awareness of information security policies. In addition, compliance was not related to the occurrence of conflicts between information security and other organisational imperatives. However, when the dependent variable was changed to a value-pluralistic measure, the results suggest that employees’ compliance was, to a great extent, a function of the occurrence of conflicts between information security and other organisational imperatives, indirect conflicts with other organisational values.

The results are based on small survey; yet, the findings are interesting and justify further investigation. The results suggest that relevant organisational imperatives and value systems, along with information security values, should be included in measures for employees’ compliance with information security policies.

Practitioners and researchers should be aware that there is a difference in measuring employees’ compliance using value monistic and value pluralism measurements.

Few studies exist that critically compare the two different compliance measures for the same population.

The authors position security measures and payment culture as key determinants of perceived security (PS) and trust. The purpose of this paper is to empirically investigate how PS and trust affect users’ attitude toward mobile payment use and why mobile payment has developed differently in the USA and in China.

Empirical data were collected from a survey conducted both in China and in the USA. The whole sample consists of 186 Chinese and 196 Americans. Partial least squares analysis was conducted to test the proposed relationships and multigroup comparison analysis was performed to examine the differences in the coefficients of those relationships between Chinese and the US model.

The findings show that payment culture (measured by coverage of mobile payment context (CMPC) and uncertainty avoidance (UA)) and security measures (measured by security technology protection (STP), security rules and policies (SRP), and security responsibility commitment (SRC)) have significantly positive impacts on the PS and trust, except that the positive impact of security on trust is not supported. The impacts of CMPC and PS on trust in the USA are significantly smaller than those in China, whereas the impacts of security measures and UA on PS and trust do not show significant differences between the two countries.

Respondents of this study are selected from young educated population, the major users of mobile payment in 2015. However, recently with the increasing penetration of mobile payment, major mobile payment users are not only limited to young educated population, and thus there may be new findings after extending the range of respondents’ age. Since the research subjects in this study are the mobile payment of China and the USA, the authors could also expect different findings when the research subjects are extended or changed to other countries because of different mobile payment cultures across countries.

Findings in this paper will help mobile payment service providers to know the determinants of their users’ behavior intention and to take measures to improve these determinants, and these findings can also provide mobile payment service providers with insights into the differences in mobile payment use between the two countries and suggestions of measures that they can take to increase users’ attitude toward mobile payment use. Furthermore, the findings of this paper also help these providers globalize efficiently by paying more attention to those antecedents.

The findings in this paper show that there is no difference in the impacts of UA and security measures on PS and trust between China and the USA. However, the impacts of PS and CMPC on trust in China are significantly higher than those in the USA. This is because that globalization has made people from different countries hold similar UA, whereas the CMPC, a construct refers to the business environment of mobile payment, is still very different between China and the USA.

This study extends prior studies of attitude toward mobile payment use through proposing that security measures and payment culture are key determinants of PS and trust and examining the role of PS and trust on the attitude. Furthermore, the empirical findings will not only provide mobile payment service providers with important insights into the differences in mobile payment adoption between the two countries, but also help these providers globalize efficiently by paying more attention to those antecedents.

Recent highly publicized acts of violence and shootings on campus have prompted numerous crime prevention suggestions including having an armed presence in the schools. The purpose of this paper is to assess the impact of protective measures, policies, and school/neighborhood characteristics on school violence.

The data used in this study were part of the School Survey on Crime and Safety collected in 2006. The dependent measures of school violence include reports of violence, threatened attack with a weapon, attack with weapon, and gun possession. The sample was divided into high schools and all other grades to consider differences in levels of school violence among grade levels in relation to various law enforcement security measures, school security measures, and school characteristics.

Findings revealed mixed and often counterproductive results for law enforcement and school security efforts to control school violence. School characteristics, such as reports of bullying, location, and gang activity yielded numerous statistically significant findings. Policy recommendations and suggestions for future research are provided.

This study differs from much of the previous literature, which typically examines student and administrator attitudes about victimization and crime prevention. The current study examines detailed information on the actual effects of school violence prevention efforts. Furthermore, this study moves beyond most other works (that typically focus on high schools) as it considers school safety approaches by different grade levels.

The purpose of this case study is to examine the factors that impact higher education employees’ violations of information security policy by developing a research model based on grounded theories such as deterrence theory, neutralization theory and justice theory.

The research model was tested using 195 usable responses. After conducting model validation, the hypotheses were tested using multiple linear regression.

The results of the study revealed that procedural justice, distributive justice, severity and celerity of sanction, privacy, responsibility and organizational security culture were significant predictors of violations of information security measures. Only interactional justice was not significant.

As with any exploratory case study, this research has limitations such as the self-reported information and the method of measuring the violation of information security measures. The method of measuring information security violations has been a challenge for researchers. Of course, the best method is to capture the actual behavior. Another limitation to this case study which might have affected the results is the significant number of faculty members in the respondent pool. The shared governance culture of faculty members on a US university campus might bias the results more than in a company environment. Caution should be applied when generalizing the results of this case study.

The findings validate past research and should encourage managers to ensure employees are involved with developing and implementing information security measures. Additionally, the information security measures should be applied consistently and in a timely manner. Past research has focused more on the certainty and severity of sanctions and not as much on the celerity or swiftness of applying sanctions. The results of this research indicate there is a need to be timely (swift) in applying sanctions. The importance of information security should be grounded in company culture. Employees should have a strong sense of treating company data as they would want their own data to be treated.

Engaging employees in developing and implementing information security measures will reduce employees’ violations. Additionally, giving employees the assurance that all are given the same treatment when it comes to applying sanctions will reduce the violations.

Setting and enforcing in a timely manner a solid sanction system will help in preventing information security violations. Moreover, creating a culture that fosters information security will help in positively affecting the employees’ perceptions toward privacy and responsibility, which in turn, impacts information security violations. This case study applies some existing theories in the context of the US higher education environment. The results of this case study contributed to the extension of existing theories by including new factors, on one hand, and confirming previous findings, on the other hand.