Search results

This paper presents a qualitative study of penetration testing, the practice of attacking information systems to find security vulnerabilities and fixing them. The purpose of this paper is to understand whether and to what extent penetration testing can reveal various socio-organisational factors of information security in organisations. In doing so, the paper innovates theory by using Routine Activity Theory together with phenomenology of information systems concepts.

The articulation of Routine Activity Theory and phenomenology emerged inductively from the data analysis. The data consists of 24 qualitative interviews conducted with penetration testers, analysed with thematic analysis.

The starting assumption is that penetration testers are akin to offenders in a crime situation, dealing with targets and the absence of capable guardians. A key finding is that penetration testers described their targets as an installed base, highlighting how vulnerabilities, which make a target suitable, often emerge from properties of the existing built digital environments. This includes systems that are forgotten or lack ongoing maintenance. Moreover, penetration testers highlighted that although the testing is often predicated on planned methodologies, often they resort to serendipitous practices such as improvisation.

This paper contributes to theory, showing how Routine Activity Theory and phenomenological concepts can work together in the study of socio-organisational factors of information security. This contribution stems from considering that much research on information security focuses on the internal actions of organisations. The study of penetration testing as a proxy of real attacks allows novel insights into socio-organisational factors of information security in organisations.

The attempt to establish a common European framework for core platforms' duties and responsibilities toward other actors in the digital environment is at the core of the recent scholarly debate surrounding the Digital Markets Act (DMA) proposal. In particular, the everlasting juxtaposition between the “data power” – as emerging from recent cases (Section 2) – that dominant tech companies enjoy and the concept of consumer sovereignty (Section 3) lies at the core of the proposal's attempt to identify digital core platforms as market gatekeepers. Accordingly, this chapter critically investigates the divide between power imbalance and consumer sovereignty in light of the architecture designed by the DMA, with a specific focus on its effectiveness in identifying gatekeepers' power drivers (Section 4). After highlighting the main critical aspects of the pertinent rules, opportunities for fruitful developments are then identified through the reframing of some of the notions considered in the proposal, and namely the role of “lock-in” effects and “data accumulation” (Section 5). Lastly, this chapter suggests that the DMA advancements – while desirable – are bound to be fragmentary in the absence of a wider appraisal of the nature of data power imbalance dynamics in the modern digital markets (Section 6).

Although the emotion work of teaching has been part of the conversation for more than 30 years, it remains a side conversation, as sort of an afterthought to academics and the accepted mainstream point of teaching and learning. In this chapter, we reflect on what has occurred in the field in the decade since our book Emotion in school: Understanding how the hidden curriculum influences relationships, leadership, teaching and learning was published. We approach the topic through a lens of tensions that we perceive occurring in the field. Emotions in schools, for the most part, remain the hidden curriculum in that in many ways emotions are still downplayed in the classroom and have no space in teacher preparation programs. Teachers, students, administrators, and teacher educators alike are left to deal with the tensions that confront them that educational researchers have yet to resolve – tensions related to measurement (what are we measuring and why), related to how we define emotion and tensions related to practice. In this short chapter we do not have the space to address all tensions that might arise; we have chosen a few to provoke conversation and thoughts about where the field may go from here. Suggestions for beginning teachers and research for teacher preparation are offered.

Nurses who are more engaged in their work, and have the right job characteristics and positive organizational factors, are expected to perform better. The purpose of this study is to improve the performance in the healthcare sector in the United Arab Emirates (UAE), thus this study explored the job characteristics and organizational factors that affect work engagement and job performance of nurses.

Nurses (N = 2,369) working in the public healthcare sector in the UAE were asked to provide their perceptions on work engagement and its antecedents, their performance and how they perceive justice in their workplace.

Regardless of job demands, nurses’ job performance remained unaffected by demographic factors, which was a striking finding: nurses provide quality services and manage to accomplish their tasks, at any level of demand. Justice acted as a moderator of the relationship between job resources and work engagement, which was a new addition to the literature. Nurses with low overall perceptions of justice had stronger links between job resources and work engagement. Even if the level of justice was perceived as low, work engagement remained unaffected.

Work engagement is a critical issue, but has received little attention, with most focusing on its relationship with performance as the outcome variable. This paper has therefore enriched the literature and is significant in both country and sector.

The study directs attention to the psychological conditions experienced and knowledge management practices leveraged by faculty in higher education institutes (HEIs) to cope with the shift to emergency remote teaching caused by the COVID-19 pandemic. By focusing attention on faculty experiences during this transition, this study aims to examine an under-investigated effect of the pandemic in the Indian context.

Interpretative phenomenological analysis is used to analyze the data gathered in two waves through 40 in-depth interviews with 20 faculty members based in India over a year. The data were analyzed deductively using Kahn’s framework of engagement and robust coding protocols.

Eight subthemes across three psychological conditions (meaningfulness, availability and safety) were developed to discourse faculty experiences and challenges with emergency remote teaching related to their learning, identity, leveraged resources and support received from their employing educational institutes. The findings also present the coping strategies and knowledge management-related practices that the faculty used to adjust to each discussed challenge.

The study uses a longitudinal design and phenomenology as the analytical method, which offers a significant methodological contribution to the extant literature. Further, the study’s use of Kahn’s model to examine the faculty members’ transitions to emergency remote teaching in India offers novel insights into the COVID-19 pandemic’s effect on educational institutes in an under-investigated context.

Social media has played a pivotal role in polarizing views on Russia–Ukraine conflict. The effects of polarization in online interactions have been extensively studied in many contexts. This research aims to examine how multiple social media sources may act as an integrator of information and act as a platform for depolarizing behaviors.

This study analyzes the communications of 6,662 tweets related to the sanctions imposed on Russia by using textual analytics and predictive modeling.

The research findings reveal that the tweeting behavior of netizens was depolarized because of information from multiple social media sources. However, the influx of information from non-organizational sources such as trending topics and discussions has a depolarizing impact on the user’s pre-established attitude.

For policymakers, conflict mediators and observers, and members of society in general, there is a need for (1) continuous and consistent communication throughout the crisis, (2) transparency in the information being communicated and (3) public awareness of the polarized and conflicting information being provided from multiple actors that may be biased in the claims being made about the conflict crisis.

While previous research has examined Russia–Ukraine conflict from a variety of perspectives, this is the first study to examine how social media might be used to reduce attitude polarization during times of conflict.

The purpose of this study is to investigate the extent of digital surveillance by Arab authorities, which face risks and threats of surveillance, and how journalists seek to press freedom by using tools and techniques to communicate securely.

The study used focus group discussions with 14 journalists from Syria, Saudi Arabia, Libya, Yemen, Oman, Jordan and Egypt. While in Egypt, questionnaires were distributed to 199 journalists from both independent and semi-governmental outlets to investigate how Egyptian journalists interpret the new data protection law and its implications for press freedom.

The study indicated that journalists from these countries revealed severe censorship by their respective governments, an element inconsistent with the Arab Constitution. The recommendation of the study encourages media organisations to play a more active role in setting policies that make it easier for journalists to adopt and use digital security tools, while Egyptian journalists see the law as a barrier to media independence because it allows the government to exercise greater information control through digital policy and imposes regulatory rules on journalists.

The study identifies practical and theoretical issues in Arab legislation and may reveal practices of interest to scientists researching the balance between data protection, the right of access to information and media research as an example of contemporary government indirect or “soft” censorship methods.

To the best of the authors’ knowledge, this paper is one of the first research contributions to analyse the relationships between Arab authoritarians who used surveillance to restrict freedom of the press after the Arab Spring revolutions of 2011 to keep themselves in power as long as they could. In addition, Egypt's use of surveillance under new laws allowed the regimes to install software on the journalists’ phones that enabled them to read the files and emails and track their locations; accordingly, journalists can be targeted by the cyberattack and can be arrested.

The COVID-19 outbreak reached a critical stage when it became imperative for public health systems to act decisively and design potential behavioral operational strategies aimed at containing the pandemic. Isolation through social distancing played a key role in achieving this objective. This research study examines the factors affecting the intention of individuals toward social distancing in India.

A correlation study was conducted on residents from across Indian states (N = 499). Online questionnaires were floated, consisting of health belief model and theory of planned behavior model, with respect to social distancing behavior initially. Finally, structural equation modeling was used to test the hypotheses.

The results show that perceived susceptibility (PS), facilitating conditions (FC) and subjective norms are the major predictors of attitude toward social distancing, with the effect size of 0.277, 0.132 and 0.551, respectively. The result also confirms that the attitude toward social distancing, perceived usefulness of social distancing and subjective norms significantly predict the Intention of individuals to use social distancing with the effect size of 0.355, 0.197 and 0.385, respectively. The nonsignificant association of PS with social distancing intention (IN) (H1b) is rendering the fact that attitude (AT) mediates the relationship between PS and IN; similarly, the nonsignificant association of FC with IN (H5) renders the fact that AT mediates the relationship between FC and IN.

The results of the study are helpful to policymakers to handle operations management of nudges like social distancing.

The research is one of its kind that explores the behavioral aspects of handling social nudges through FC.

Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary organisation. This paper explores the reputation repair strategies undertaken by organisations in the event of becoming victims of cyber-attacks.

For developing the authors’ contribution in the context of the Internet service providers' industry, the authors draw on a qualitative case study of TalkTalk, a British telecommunications company providing business to business (B2B) and business to customer (B2C) Internet services, which was a victim of a “significant and sustained” cyber-attack in October 2015. Data for the enquiry is sourced from publicly available archival documents such as newspaper articles, press releases, podcasts and parliamentary hearings on the TalkTalk cyber-attack.

The findings suggest a dynamic interplay of technical and rhetorical responses in dealing with cyber-attacks. This plays out in the form of marshalling communication and mortification techniques, bolstering image and riding on leader reputation, which serially combine to strategically orchestrate reputational repair and stigma erasure in the event of a cyber-attack.

Analysing a prototypical case of an organisation in dire straits following a cyber-attack, the paper provides a systematic characterisation of the setting-in-motion of strategic responses to manage, revamp and ameliorate damaged reputation during cyber-attacks, which tend to negatively shape the evaluative perceptions of the organisation's salient audience.

This study aims to argue that user’s continued use behavior is contingent upon two perceptions (i.e. the app and the provider). This study examines the moderating effects of user’s perceptions of apps and providers on the effects of security and privacy concerns and investigate whether assurance mechanisms decrease such concerns.

This study conducts a scenario-based survey with 694 mobile cloud computing (MCC) app users to understand their perceptions and behaviors.

This study finds that while perceived value of data transfer to the cloud moderates the effects of security and privacy concerns on continued use behavior, trust only moderates the effect of privacy concerns. This study also finds that perceived effectiveness of security and privacy intervention impacts privacy concerns but does not decrease security concerns.

Prior mobile app studies mainly focused on mobile apps and did not investigate the perceptions of app providers along with app features in the same study. Furthermore, International Organization for Standardization 27018 certification and privacy policy notification are the interventions that exhibit data assurance mechanisms. However, it is unknown whether these interventions are able to decrease users’ security and privacy concerns after using MCC apps.