Search results

The purpose of the study is to investigate the role of information security policy compliance and the role of information systems auditing in identifying non-compliance in the workplace, with specific focus on the role of non-malicious insiders who unknowingly or innocuously thwart corporate information security (IS) directives by engaging in unsafe computing practices. The ameliorative effects of auditor-identified training and motivational programs to emphasize pro-security behaviors are explored.

This study applies qualitative case analysis of technology user security perceptions combined with interpretive analysis of depth interviews with auditors to examine and explain the rubrics of non-malicious technology user behaviors in violation of cybersecurity directives, to determine the ways in which auditors can best assist management in overcoming the problems associated with security complacency among users.

Enterprise risk management benefits from audits that identify technology users who either feel invulnerable to cyber threats and exploits or feel that workplace exigencies augur for expedient workarounds of formal cybersecurity policies.

Implications for consideration of CyberComplacency and Cybersecurity Loafing expand the insider threat perspective beyond the traditional malicious insider perspective.

Implications for consideration of CyberComplacency and Cybersecurity Loafing include broadened perspectives for the consultative role of IS audit in the firm.

CyberComplacency is a practice that has great potential for harm in all walks of life. A better understanding of these potential harms is beneficial.

This study is the first to characterize CyberComplacency as computer users who feel they operate invulnerable platforms and are subsequently motivated to engage in less cybersecurity diligence than the company would desire. This study is also the first to characterize the notion of Cybersecurity Loafing to describe technically competent workers who take unauthorized but expedient steps around certain security polices in the name of workgroup efficiency.

An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their utility. That analysis is performed according to the particular set of challenges and requirements experienced by very large organizations. Examples of such organizations include multinational corporations, the governments of large nations and global investment banks.

The author performs a gap analysis of a number of security management practices. The examination is focused on the question of whether these practices are both useful and practical when used within very large organizations.

The author identifies a number of information security management practices that are considered to be “best practice” in the general case but that are suboptimal at the margin represented by very large organizations. A number of alternative management practices are proposed that compensate for the identified weaknesses.

Quoting from the conclusion of the paper: We have seen in our analysis within this paper that some best practices can experience what economists refer to as diminishing marginal utility. As the target organization drifts from the typical use-case the amount of value-added declines and can potentially enter negative territory. We have also examined the degree of innovation in the practice of security management and the extent to which the literature can support practical, real-world activities. In both the areas, we have identified a number of opportunities to perform further work.

This study aims to investigate the differences in security-conscious (group A) and regular (group B) users’ behaviors and practices on mobile devices.

A survey was used to investigate the differences in behaviors and practices of security-conscious users (group A) and regular users (group B) on mobile devices. Each group will have 50 participants for a total of 100.

The analysis revealed differences in the behaviors and practices of security-conscious and regular users. The results indicated that security-conscious users engage in behaviors and practices that are more secure on mobile devices when compared with regular users.

The results will help recommend the best behaviors and practices for mobile device users, increasing mobile device security.

The results will help society to be more aware of security behaviors and practices on mobile devices.

This study answers the call for addressing the weaknesses and vulnerabilities in mobile device security. It develops a research instrument to measure the differences in behaviors and practices of security-conscious and regular mobile device users.

The purpose of this paper is to empirically validate the conjectural relationship between managerial information security awareness (MISA) and managerial actions toward information security (MATIS).

A model is developed and the relationship between MISA and MATIS is tested using a large set of empirical data collected across different types and sizes of enterprises. The hypotheses of the research model are tested with regression analysis.

The results of the study provide empirical support that MATIS is directly and positively related to MISA.

The R², an estimate of the proportion of the total variation in the data set that is explained by the model, is relatively low. This fact implies that there are other constructs in addition to MISA that play a crucial role in determining MATIS. The paper suggests that intention to act and the risk‐cost tradeoff of the MATIS are other possible constructs that should be incorporated into future research. The conceptual model employed as a theoretical basis also suggests that other factors such as the environment in which an organization operates (e.g. industry) also plays a major role in determining information security decisions independently of MISA. Other possible limitations include the use of secondary data in the study.

The results indicate that developing strategies to raise an organization's MISA should impact MATIS and thus improve information security performance.

The study provides empirical evidence supporting the unproven link between MISA and MATIS.

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.

Computer security is now recognised as an important consideration in modern business, with a variety of guidelines and standards currently available to enable different business environments to be properly protected. However, financial and operational constraints often exist which influence the practicality of these recommendations. New baseline security methods such as Australian and New Zealand Standard (AS/NZS) 4444 and British Standard (BS) 7799 represent minimal standards which organisations can use to improve their security. The aim of the paper is to look at the effectiveness of baseline security standards through the use of an evaluation criteria, which assesses their effectiveness.

This paper aims to present recently published resources on information literacy and library instruction providing an introductory overview and a selected annotated bibliography of publications covering all library types.

This paper introduces and annotates English-language periodical articles, monographs, dissertations and other materials on library instruction and information literacy published in 2016.

The paper provides information about each source, describes the characteristics of current scholarship and highlights sources that contain unique or significant scholarly contributions.

The information may be used by librarians and interested parties as a quick reference to literature on library instruction and information literacy.

Visual analytics is increasingly becoming a prominent technology for organizations seeking to gain knowledge and actionable insights from heterogeneous and big data to support decision-making. Whilst a broad range of visual analytics platforms exists, limited research has been conducted to explore the specific factors that influence their adoption in organizations. The purpose of this paper is to develop a framework for visual analytics adoption that synthesizes the factors related to the specific nature and characteristics of visual analytics technology.

This study applies a directed content analysis approach to online evaluation reviews of visual analytics platforms to identify the salient determinants of visual analytics adoption in organizations from the standpoint of practitioners. The online reviews were gathered from Gartner.com, and included a sample of 1,320 reviews for six widely adopted visual analytics platforms.

Based on the content analysis of online reviews, 34 factors emerged as key predictors of visual analytics adoption in organizations. These factors were synthesized into a conceptual framework of visual analytics adoption based on the diffusion of innovations theory and technology–organization–environment framework. The findings of this study demonstrated that the decision to adopt visual analytics technologies is not merely based on the technological factors. Various organizational and environmental factors have also significant influences on visual analytics adoption in organizations.

This study extends the previous work on technology adoption by developing an adoption framework that is aligned with the specific nature and characteristics of visual analytics technology and the factors involved to increase the utilization and business value of visual analytics in organizations.

This study highlights several factors that organizations should consider to facilitate the broad adoption of visual analytics technologies among IT and business professionals.

This study is among the first to use the online evaluation reviews to systematically explore the main factors involved in the acceptance and adoption of visual analytics technologies in organizations. Thus, it has potential to provide theoretical foundations for further research in this important and emerging field. The development of an integrative model synthesizing the salient determinants of visual analytics adoption in enterprises should ultimately allow both information systems researchers and practitioners to better understand how and why users form perceptions to accept and engage in the adoption of visual analytics tools and applications.

This paper aims to update the cybersecurity-related accounting literature by synthesizing 39 recent theoretical and empirical studies on the topic. Furthermore, the paper provides a set of categories into which the studies fit.

This is a synthesis paper that summarizes the research literature on cybersecurity, introducing knowledge from the extant research and revealing areas requiring further examination.

This synthesis identifies a research framework that consists of the following research themes: cybersecurity and information sharing, cybersecurity investments, internal auditing and controls related to cybersecurity, disclosure of cybersecurity activities and security threats and security breaches.

Academics, practitioners and the public would benefit from a research framework that categorizes the research topics related to cybersecurity in the accounting field. This type of analysis is vital to enhance the understanding of the academic research on cybersecurity and can be used to support the identification of new lines for future research.

This is the first literature analysis of cybersecurity in the accounting field, and it has significant implications for research and practice by detailing, for example, the benefits of and obstacles to information sharing. This synthesis also highlights the importance of the model for cybersecurity investments. Further, the review emphasizes the role of internal auditing and controls to improve cybersecurity.

Introduces a one‐year research project, based on a questionnaire survey of nearly 300 archives and record offices, and interviews with librarians, archivists and conservationists. Posits that the research will gather and analyse information on written preservation policies and strategies; reprography policies; environmental control; housekeeping routines; staff training; user education; security; disaster management; and statistics for preservation planning. Initial findings highlight concern regarding the increasing emphasis on user services and damage caused by photocopying; the problem of disintegrating collections printed or written on poor quality paper; the central role of microform as a surrogate medium; interest in the feasibility of establishing a central repository for microfilm; and interest in the surrogacy potential of digitization. Expects that the research will produce good practice guidelines for libraries, archives and record offices and will result in detailed recommendations as to what a national preservation policy might contain and the issues it should consider, thus pointing the way towards a national preservation policy and significantly strengthening the case for it.