Search results

This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.

This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.

In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.

This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.

This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.

This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.

The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.

This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.

Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.

Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

This paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.

The research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.

The investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.

The main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.

The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.

Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.

Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.

This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.

COVID-19 remains a public health emergency of international concern. Efforts at the global and national levels are being made to control its spread. The Nigerian Correctional Service is also proactive in the fight against the disease by organizing COVID-19 awareness training for correctional officers. We conducted a pre- and post-test assessment of COVID-19 knowledge among correctional officers in Enugu State Command to determine the impact of awareness training on their knowledge level. The study also assessed correctional officers’ attitude and preventive practices towards the disease.

The mean knowledge score was 19.34 out of 25, and the awareness training significantly improved the participants’ COVID-19 knowledge. We found a significant moderate, positive correlation between knowledge and attitude/practice, and a significantly higher knowledge level among those with higher educational qualifications.

Regular hand washing with soap and water (87.9%), wearing face masks (84.4%), and social distancing (83%) were practiced by the majority of the participants. The majority of the participants (53.2%) received COVID-19 information from multiple sources including the Nigeria Centre for Disease Control and the World Health Organization.

Humanity is facing an unprecedented challenge of climate crises. Rapid changes to the physical environment and living conditions will be accompanied by challenges to mental health and well-being. Consequently, education for sustainable development should also include coping strategies for stress and anxiety. Adding intra-personal skills to the curriculum, such as self-reflection and mindfulness training, could aid in this education. This case study aims to explore the barriers to and drivers for fostering inner transitions through intra-personal skills training and mindfulness.

This case study from Lund University, Sweden, constitutes a critical case for investigating inner transitions in education. Data collection was designed around semi-structured qualitative interviews, to investigate the barriers to and drivers for intra-personal skills and mindfulness in education for sustainable development at all institutional levels of the university.

The results indicate that education for sustainable development already includes elements of introspection, albeit informally. However, there is a lack in a fundamental understanding of intra-personal skills and how they relate to other key competences for sustainable development. To make intra-personal skills training a formal component of the education, it must receive the full support from all levels of the university.

The study outlines general recommendations for universities to challenge existing policies while also finding ways to work around them. In the meantime, universities should make intra-personal skills training an informal learning activity. Recognizing that the students’ prior knowledge in this area is a potential asset, universities should collaborate with their students to support student-led intra-personal skills training.

Mindfulness is gaining popularity in the business world as a way to improve mental health and productivity in employees. However, the application of mindfulness for employees in the hospitality sector is still in its nascent stage. This paper aims to synthesize the evidence on the effectiveness of mindfulness practice on employees in this high-pressure service industry.

This narrative review identifies and integrates insights from journal articles researching mindfulness in the hospitality industry. Synthesis and reflective description of the literature reveal an exigent need for practice, policy-making and future research.

This review paper describes mindfulness-based interventions used in the literature. It shows how the practice of mindfulness stimulates a culture of well-being and effectiveness at work, consequently having a positive impact on the customer and the organization. It points to the role of mindfulness in helping hospitality employees deal with stress, depression, anxiety, burnout and emotional labor peculiar to this industry, lowering absenteeism levels and turnover intention.

This paper has implications for hospitality managerial practice, human resource (HR) policy development, employees at all levels in the hospitality industry, business coaches/trainers, educationists, students pursuing hospitality management and researchers.

This first review article on mindfulness in the hospitality industry lays the foundation to accentuate the need and benefits of prioritizing mindfulness in this sector. It provides directions for future research, application in HR management in hospitality and designing effective interventions.

Considering the potential of Collaborative International Online Learning (COIL) for cross-boundaries interacting and collaborating effectively, this study aims to explore the intercultural awareness of pre-service language teachers after participating in a COIL project.

Following a quantitative research approach and an exploratory cross-sectional method, the authors administered a 13-item questionnaire to unveil the perceptions of 64 future language teachers from Spain after their online experience with counterparts from the USA.

Participants consider that COIL may have enhanced their intercultural and global awareness and equipped them with valuable skills and knowledge for the future, being women more positive than men. Moreover, the results also suggest that those participants who have not traveled abroad consider COIL to be a good opportunity to compensate for the lack of knowledge or experience with other cultures resulting from not having had the opportunity to visit other countries.

COIL needs to be seen as a powerful tool to promote global learning, intercultural understanding and the development of skills among students that will be vital for success in today’s interconnected world. Nevertheless, universities and teacher training centers need to rethink the preparation of future teachers for the increasing demands to prepare students for the requirements of the global world, and to do so, they need to consider that COIL may offer them significant benefits.

This work offers an interesting exploration of teachers’ attitudes toward COIL, providing insights into the potential of online collaboration for developing intercultural awareness.