Search results

Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this paper is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, to ensure secure behaviour. Research that focused on issues such as personality traits, trust, attitude and Security, Education, Training and Awareness (SETA) was considered.

This study built on a recontextualized version of the theory of planned behaviour to evaluate the influence that optimism bias has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses from a South African financial services organisation using partial least squares (PLS) path modelling.

This study found that overly optimistic employees were inclined to behave insecurely, while factors such as attitude and trust significantly influenced the intention to behave securely.

Our contribution to practice seeks to enhance the effectiveness of SETA by identifying and addressing the optimism bias weakness to deliver a more successful training outcome.

Our study enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and offers a contextual explanation of the resultant behaviour.

This paper aims to investigate how best to classify money laundering through online video games (i.e. virtual laundering). Currently, there is no taxonomy available for scholars and practitioners to refer to when discussing money laundering through online video games. Without a well-defined taxonomy it becomes difficult to reason through, formulate and implement effective regulatory measures, policies and security controls. As such, efforts to prevent and reduce virtual laundering incidence rates are hampered.

This paper proposes three mutually exclusive virtual laundering categorizations. However, instead of fixating on the processes undergirding individual instances of virtual laundering, it is argued that focusing on the initial locale of the illicit proceeds provides the appropriate framing within which to classify instances of virtual laundering. Thus, the act of classification becomes an ontological endeavour, rather than an attempt at elucidating an inherently varied process (as is common of the placement, layering and integration model).

A taxonomy is proposed that details three core virtual laundering processes. It is demonstrated how different virtual laundering categories have varied levels of associated risk, and thus, demand unique interventions.

To the best of the authors’ knowledge, this is the first taxonomy available in the knowledge base that systematically classifies instances of virtual laundering. The taxonomy is available for scholars and practitioners to use and apply when discussing how to regulate and formulate legislation, policies and appropriate security controls.

Information security (InfoSec) policy violations are of great concern to all organisations worldwide, especially in the financial industry. Although the importance of InfoSec policy has been highlighted for many decades, InfoSec breaches still occur due to a low level of employee compliance and a lack of engagement and competence in high-level management. However, previous studies have primarily investigated the behavioural aspects of InfoSec policy compliance at the individual level rather than the managerial factors involved in constructing InfoSec policy and developing its effectiveness. Thus, drawing on neo-institutional theory and a transformational leadership framework, this research investigated the influence of external mechanisms and transformational leadership on InfoSec policy effectiveness.

The research model was implemented using field survey data from professional managers in the financial sector.

The results reported that neo-institutional mechanisms and transformational leadership shape InfoSec policy effectiveness in an organisation.

This study broadens current InfoSec policy research from an individual level to a managerial perspective and enhances the existing literature on neo-institutional and transformational leadership in the context of InfoSec. It highlights the need to evaluate InfoSec policy based on external factors and to support transformational leadership styles that promote InfoSec policy enforcement and effectiveness.