Search results

The security issue in supply chains is among the most pressing concerns that firms are currently facing. As a preliminary attempt to address this lack of empirical research, the primary purpose of this paper is to explore the relationship between security practices and the security operational performance with respect to security culture as a moderator.

With the resource-based view of the firm as the theoretical underpinning, the study utilizes survey data to test the propositions derived from the security literature and partial least squares for the analysis.

The research reveals four crucial practices of supply chain security that collectively affect a firm’s security operational performance among Malaysian service providers. It is also interesting to observe that security culture positively moderates the relationship between facility management and the security operational performance of the firm.

Firms in emerging countries need to realize that supply chain security practices can result in significant benefits to their firms that can give them additional incentives to adopt these initiatives. This study may also help policymakers in emerging countries, in general, in setting appropriate policies and strategies, and Malaysia, in particular, for ensuring that it is a secure location for exporting cargo and giving assurance to the local and international investors to continue their investment.

This study will assist supply chain managers and logisticians to re-examine their existing supply chain security model by considering the selected supply chain security practices, which have a significant impact on supply chain security operational performance. Individual firms need to strategize their business model with the inclusion of security aspects, which will surely create a competitive advantage over other players in the logistics industry. Firms can develop the best appropriate supply chain security model that will benefit the firm, customers, and business partners, such as suppliers and local authorities.

The study highlights is the important role of the supply chain security practices to deliver high quality of service in terms of supply chain security operational performance in emerging countries. In addition, it offers an empirical analysis of the moderating role of security culture on the relationship between supply chain security practices and security operational performance.

The manner in which information is used and communicated in the medical environment has been revolutionized by the introduction of electronic storage, manipulation and communication of information. This change has brought with it many challenges in information security. This research seeks to propose a practical application, the capability maturity model (CMM), to meet the needs of medical information security practice.

This paper builds on previous work by the author using the Tactical Information Governance for Security model developed for the medical setting. An essential element of this model is the ability to assess current capability of a practice to meet the needs of security and to identify how improvements can be made. Existing CMM models are reviewed to inform construction of an operational framework for capability assessment.

An operational capability framework for assessing security capability in medical practice, based on CMM principles, is presented. An example of the use of this framework is modelled using backup to provide proof of concept.

In an environment that is reliant on doctors and non‐technical staff to implement security, an operational framework to improve practice though capability evaluation is needed. The framework presents activities in simple, non‐technical terms and separates these activities into discrete sections resulting in improvement that can be easily managed and implemented.

The operational framework developed demonstrates how practical security practice improvement can be achieved in a medical environment, whilst meeting strategic objectives, best practice and external validation. This paper develops this process through exploration and application of existing CMMs.

The study examines organizational security culture as the driver of supply chain security (SCS) practices (information management security, facility management security and human resource security). Additionally, the study examines the minimization of occurrence of supply chain disruption as the outcome of SCS practices.

A research model grounded on the contingency theory and the dynamic capabilities theory was developed and tested using partial least squares structural equation modelling (PLS-SEM). Data was obtained from 110 manufacturing and service firms in Ghana.

It was revealed that organizational security culture has a positive and a significant impact on information management security, facility management security and human resource security as hypothesized. In addition, facility management security significantly minimized supply chain disruption occurrence as hypothesized but information management security and human resource security did not.

To the best of the researchers' knowledge, this is the first study that examines organizational security culture as the driver of SCS practices. Additionally, the study is novel in examining the interplay between organizational security culture, SCS practices and supply chain disruption.

This paper aims to present empirical results exemplifying challenges related to information security faced by small and medium enterprises (SMEs). It uses guidelines based on work system theory (WST) to frame the results, thereby illustrating why the mere existence of corporate security policies or general security training often is insufficient for establishing and maintaining information security.

This research was designed to produce a better appreciation and understanding of potential issues or gaps in security practices in SMEs. The research team interviewed 187 employees of 39 SMEs in the UK. All of those employees had access to sensitive information. Gathering information through interviews (instead of formal security documentation) made it possible to assess security practices from employees’ point of view.

Corporate policies that highlight information security are often disconnected from actual work practices and routines and often do not receive high priority in everyday work practices. A vast majority of the interviewed employees are not involved in risk assessment or in the development of security practices. Security practices remain an illusory activity in their real-world contexts.

This paper focuses only on closed-ended questions related to the following topics: awareness of existing security policy; information security practices and management and information security involvement.

The empirical findings show that corporate information security policies in SMEs often are insufficient for maintaining security unless those policies are integrated with visible and recognized work practices in work systems that use or produce sensitive information. The interpretation based on WST provides guidelines for enhancing information system security.

Beyond merely reporting empirical results, this research uses WST to interpret the results in a way that has direct implications for practitioners and for researchers.

As information and communication technologies become a critical component of firms’ infrastructures and information establishes itself as a key business resource as well as driver, people start to realise that there is more than the functionality of the new information systems that is significant. Business or organisational transactions over new media require stability, one factor of which is information security. Information systems development practices have changed in line with the evolution of technology offerings as well as the nature of systems developed. Nevertheless, as this paper establishes, most contemporary development practices do not accommodate sufficiently security concerns. Beyond the literature evidence, reports on empirical study results indicating that practitioners deal with security issues by applying conventional risk analysis practices after the system is developed. Addresses the lack of a defined discipline for security concerns integration in systems development by using field study results recording development practices that are currently in use to illustrate their deficiencies, to point to required enhancements of practice and to propose a list of desired features that contemporary development practices should incorporate to address security concerns.

Sharing information security best practices between experts via knowledge management systems is valuable for improving information security practices, exchanging expertise, mitigating security risks, spreading knowledge, reducing costs and saving efforts. The purpose of this paper is developing a conceptual model to enhance the transfer of information security best practices between professionals in virtual communities through a Web-based knowledge management system to exchange their successful experience in handling different information security situations.

The model is validated by surveying 17 experts’ reviews on the correctness of the model’s structure and its related components through applying deep rich peer debriefing to test suitability. Quantitative data has been collected to achieve confirmatory results.

The resulting model incorporates five main components that support the formal mechanism for the acquisition and dissemination of knowledge: identification, classification, storage, validation and sharing. The success of knowledge sharing is highly dependent on the active collaboration of community members and highly influenced by motivation. Validating transferred knowledge is vital for ensuring the credibility of the system.

To the best of the author’s knowledge, this paper is one of the first to highlight the role of integrating knowledge management to enhance the effective share and reuse of information security best practices knowledge. The research results can support researchers investigating the topic and generate trustworthy literature to guide information security virtual community developers.

For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence less experience in handling security threats like malware as compared to users of other countries who have gone through the learning curve of handling such security threats using other Internet-enabled devices such as laptop and desktop. Because of this, the inexperienced Indian smartphone user may be vulnerable to Internet-related security breaches, as compared to the citizens of developed economies. Hence, it is essential to understand the attitude, behaviour and security practices of smartphone users in India. Limited research is available about the security behaviour of smartphone users in India as the majority of research in this domain is done outside India.

In this empirical study, the researchers identified 28 cybersecurity behaviours and practices through a survey of relevant literature. An online survey of identified cybersecurity behaviours and practices was administered to 300 smartphone users. Frequency analysis of the respondent data was done to understand the adoption of recommended cybersecurity behaviours and practices. Pearson’s chi-square with 5% level of significance has been used to test the hypotheses. Post hoc analysis with Bonferroni correction was conducted for statistically significant associations.

Overall, the respondents did not exhibit good cybersecurity behaviour. Respondents have adopted some of the most popular security features of the smartphone such as the use of screen lock. However, respondents have not adopted or are not aware of the technical security controls such as encryption and remote wipe. Statistically significant differences were found between the cybersecurity behaviour and practices and independent variables such as gender, age, mobile operating system (OS) and mother tongue. Respondents reported high level of motivation to protect their device and data, whereas they reported moderate level of threat awareness and the ability to protect to their device and data. Results of the comparative analysis with a similar study in China and the USA are also reported in this study.

The main limitations of this study are as follows: the respondents' perceptions about their cybersecurity behaviours and practices were measured as opposed to their actual behaviours and practices and the generalizability of the study is limited because the sample size is small as compared to the total number of smartphone users in India.

The findings of this study may be useful for the design of effective cybersecurity prevention and intervention programs for general smartphone users of India.

This study provides an insight about cybersecurity behaviour of smartphone users in India. To the knowledge of the researchers, this is the first study to collect such quantitative data of smartphone users in India for a better understanding of the cybersecurity behaviours and practices. This study identified 28 cybersecurity behaviours and practices, which smartphone users should follow to improve cybersecurity.

As part of their continuing efforts to establish effective information security management (ISM) practices, information security researchers and practitioners have proposed and developed many different information security standards and guidelines. Building on these previous efforts, the purpose of this study is to put forth a framework for ISM.

This framework is derived from the development of an a priori set of objectives and practices as suggested by literature, standards, and reports found in academia and practice; the refinement of these objectives and practices based on survey data obtained from 354 certified information security professionals; and the examination of interrelationships between the objectives and practices.

The empirical analysis suggests: four factors (information integrity, confidentiality, accountability, and availability) serve as critical information security objectives; most of the security areas and items covered under ISO 17799 are valid with one new area – “external” or “inter‐organizational information security”; and for moderately information‐sensitive organizations, “confidentiality” has the highest correlation with ISM practices; for highly information‐sensitive organizations, “confidentiality”, “accountability”, and “integrity” are the major ISM objectives. The most important contributor to information security objectives is “access control”.

This study contributes to the domain of information security research by developing a parsimonious set of security objectives and practices grounded in the findings of previous works in academia and practical literature.

These findings provide insights for business managers and information security professionals attempting to implement ISM programs within their respective organizational settings.

This paper fulfills a need in the information security community for a parsimonious set of objectives and practices based on the many guidelines and standards available in both academia and practice.

The purpose of this paper to investigate the current information systems security (ISS) practices of the social software application (SSA) users via the internet.

The paper opted for a systematic literature review survey on ISS and its practices in SSAs between 2010 and 2015. The study includes a set of 39 papers from among 1,990 retrieved papers published in 35 high-impact journals. The selected papers were filtered using the Publish or Perish software by Harzing and Journal Citation Report (JCR) with an inclusion criterion of least one citation per article.

The practice of ISS is driven by the need to protect the confidentiality, integrity, and availability of the data from being tampered. It is coherent with the current practice as reported by many researchers in this study. Four important factors lead to the ISS practice in SSA: protection tools offered, ownership, user behaviour, and security policy.

The paper highlights the implication of successful ISS practices is having clear security purpose and security supported environment (user behaviour and security protection tools) and governance (security policy and ownership) protection tools offered, ownership, user behaviour, and security policy towards ISS practice by the users.

This paper fulfils an identified need to study how to enable ISS practice.

This study aims to investigate the differences in security-conscious (group A) and regular (group B) users’ behaviors and practices on mobile devices.

A survey was used to investigate the differences in behaviors and practices of security-conscious users (group A) and regular users (group B) on mobile devices. Each group will have 50 participants for a total of 100.

The analysis revealed differences in the behaviors and practices of security-conscious and regular users. The results indicated that security-conscious users engage in behaviors and practices that are more secure on mobile devices when compared with regular users.

The results will help recommend the best behaviors and practices for mobile device users, increasing mobile device security.

The results will help society to be more aware of security behaviors and practices on mobile devices.

This study answers the call for addressing the weaknesses and vulnerabilities in mobile device security. It develops a research instrument to measure the differences in behaviors and practices of security-conscious and regular mobile device users.