Search results
1 – 10 of 87Deborah Richards, Salma Banu Nazeer Khan, Paul Formosa and Sarah Bankins
To protect information and communication technology (ICT) infrastructure and resources against poor cyber hygiene behaviours, organisations commonly require internal users to…
Abstract
Purpose
To protect information and communication technology (ICT) infrastructure and resources against poor cyber hygiene behaviours, organisations commonly require internal users to confirm they will abide by an ICT Code of Conduct. Before commencing enrolment, university students sign ICT policies, however, individuals can ignore or act contrary to these policies. This study aims to evaluate whether students can apply ICT Codes of Conduct and explores viable approaches for ensuring that students understand how to act ethically and in accordance with such codes.
Design/methodology/approach
The authors designed a between-subjects experiment involving 260 students’ responses to five scenario-pairs that involve breach/non-breach of a university’s ICT policy following a priming intervention to heighten awareness of ICT policy or relevant ethical principles, with a control group receiving no priming.
Findings
This study found a significant difference in students’ responses to the breach versus non-breach cases, indicating their ability to apply the ICT Code of Conduct. Qualitative comments revealed the priming materials influenced their reasoning.
Research limitations/implications
The authors’ priming interventions were inadequate for improving breach recognition compared to the control group. More nuanced and targeted priming interventions are suggested for future studies.
Practical implications
Appropriate application of ICT Code of Conduct can be measured by collecting student/employee responses to breach/non-breach scenario pairs based on the Code and embedded with ethical principles.
Social implications
Shared awareness and protection of ICT resources.
Originality/value
Compliance with ICT Codes of Conduct by students is under-investigated. This study shows that code-based scenarios can measure understanding and suggest that targeted priming might offer a non-resource intensive training approach.
Details
Keywords
Peter Dornheim and Ruediger Zarnekow
The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated…
Abstract
Purpose
The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.
Design/methodology/approach
Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.
Findings
Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.
Originality/value
This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.
Details
Keywords
Martina Neri, Federico Niccolini and Luigi Martino
Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known…
Abstract
Purpose
Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.
Design/methodology/approach
This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.
Findings
Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.
Originality/value
Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.
Details
Keywords
Bakhtiar Sadeghi, Deborah Richards, Paul Formosa, Mitchell McEwan, Muhammad Hassan Ali Bajwa, Michael Hitchens and Malcolm Ryan
Cybersecurity vulnerabilities are often due to human users acting according to their own ethical priorities. With the goal of providing tailored training to cybersecurity…
Abstract
Purpose
Cybersecurity vulnerabilities are often due to human users acting according to their own ethical priorities. With the goal of providing tailored training to cybersecurity professionals, the authors conducted a study to uncover profiles of human factors that influence which ethical principles are valued highest following exposure to ethical dilemmas presented in a cybersecurity game.
Design/methodology/approach
The authors’ game first sensitises players (cybersecurity trainees) to five cybersecurity ethical principles (beneficence, non-maleficence, justice, autonomy and explicability) and then allows the player to explore their application in multiple cybersecurity scenarios. After playing the game, players rank the five ethical principles in terms of importance. A total of 250 first-year cybersecurity students played the game. To develop profiles, the authors collected players' demographics, knowledge about ethics, personality, moral stance and values.
Findings
The authors built models to predict the importance of each of the five ethical principles. The analyses show that, generally, the main driver influencing the priority given to specific ethical principles is cultural background, followed by the personality traits of extraversion and conscientiousness. The importance of the ingroup was also a prominent factor.
Originality/value
Cybersecurity professionals need to understand the impact of users' ethical choices. To provide ethics training, the profiles uncovered will be used to build artificially intelligent (AI) non-player characters (NPCs) to expose the player to multiple viewpoints. The NPCs will adapt their training according to the predicted players’ viewpoint.
Details
Keywords
This paper explores the convergence of Education 4.0 and Industry 4.0 and presents a Twin Peaks model for their seamless integration.
Abstract
Purpose
This paper explores the convergence of Education 4.0 and Industry 4.0 and presents a Twin Peaks model for their seamless integration.
Design/methodology/approach
A high-level literature review is conducted to identify and discuss the important challenges and opportunities offered by both Education 4.0 and Industry 4.0. A novel Twin Peaks model is devised for the convergence of these domains and to cope with the challenges effectively.
Findings
The proposed Twin Peak model for the convergence of Education 4.0 and Industry 4.0 suggests that the development of these two domains is interdependent. It emphasizes ethical considerations, inclusivity and understanding the concerns of stakeholders from both education and industry. We have also explained how continuous incremental adaptation within the proposed Twin Peaks model might assist in addressing concerns of one sector with the opportunities of the other.
Originality/value
First, Education 4.0 and Industry 4.0 are reviewed in terms of opportunities and challenges they present. Second, a novel Twin Peaks model for the convergence of Education 4.0 and Industry 4.0 is presented. The proposed discovers that the convergence is adaptive, iterative and must be ethically sound while considering the broader societal implications of the digital transformation. Third, this study also acts as a torch-bearer for the necessity for more research of this kind to guarantee that our educational ecosystem is adaptable and capable of producing the skills required for success in the era of IR4.0.
Details
Keywords
Kavya Sharma, Xinhui Zhan, Fiona Fui-Hoon Nah, Keng Siau and Maggie X. Cheng
Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research…
Abstract
Purpose
Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.
Design/methodology/approach
A 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).
Findings
The findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.
Originality/value
This research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.
Details
Keywords
Ornella Tanga Tambwe, Clinton Ohis Aigbavboa and Opeoluwa Akinradewo
Data represents a critical resource that enables construction companies’ success; thus, its management is very important. The purpose of this study is to assess the benefits of…
Abstract
Purpose
Data represents a critical resource that enables construction companies’ success; thus, its management is very important. The purpose of this study is to assess the benefits of construction data risks management (DRM) in the construction industry (CI).
Design/methodology/approach
This study adopted a quantitative method and collected data from various South African construction professionals with the aid of an e-questionnaire. These professionals involve electrical engineers, quantity surveyors, architects and mechanical, as well as civil engineers involved under a firm, or organisation within the province of Gauteng, South Africa. Standard deviation, mean item score, non-parametric Kruskal–Wallis H test and exploratory factor analysis were used to analyse the retrieved data.
Findings
The findings revealed that DRM enhances project and company data availability, promotes confidentiality and enhances integrity, which are the primary benefits of DRM that enable the success of project delivery.
Research limitations/implications
The research was carried out only in the province of Gauteng due to COVID-19 travel limitations.
Practical implications
The construction companies will have their data permanently in their possession and no interruption will be seen due to data unavailability, which, in turn, will allow long-term and overall pleasant project outcomes.
Originality/value
This study seeks to address the benefits of DRM in the CI to give additional knowledge on risk management within the built environment to promote success in every project.
Details
Keywords
Kanthana Ditkaew and Muttanachai Suttipun
The main objective of this study is to examine the impact of audit data analytics (ADA) on audit quality (AQ) and audit review continuity (ARC).
Abstract
Purpose
The main objective of this study is to examine the impact of audit data analytics (ADA) on audit quality (AQ) and audit review continuity (ARC).
Design/methodology/approach
Using 452 CPAs in Thailand as samples, mail questionnaires were used and sent to collect the data. Descriptive analysis, correlation matrix and path analysis were used to analyze the data.
Findings
The results of this study indicated that audit data analytics had a positive impact on AQ and ARC. Cybersecurity, used as a moderator in this study, was found to be the interaction between ADA, AQ and review continuity.
Practical implications
Auditors and audit firms can consider using big data in their data analytics to improve AQ and ARC.
Originality/value
Resource advantage theory has been used in this study to explain the impact of ADA on AQ and ARC in Thailand.
Details
Keywords
Marc K. Peter, Lucia Wuersch, Alfred Wong and Alain Neher
The purpose of this study is to better understand technology adoption and working from home (WFH) behaviour of micro and small enterprises (MSE) with 4 to 49 employees during the…
Abstract
Purpose
The purpose of this study is to better understand technology adoption and working from home (WFH) behaviour of micro and small enterprises (MSE) with 4 to 49 employees during the first (2020) and second (2021) COVID-19 lockdowns in Switzerland.
Design/methodology/approach
This study uses two data sets gathered using computer-assisted telephone interviewing surveys conducted with 503 managing directors of Swiss MSEs after the first and 506 MDs after the second COVID-19 lockdown period.
Findings
The study revealed that during the COVID-19 pandemic, WFH arrangements are related to the adoption of technology by Swiss industry groups. Furthermore, industry characteristics and technology adoption strategies are also associated with the long-term prospect of WFH. The overall result confirms the predominant role of technology pioneers.
Research limitations/implications
The study focuses on MSEs in Switzerland during a specific period. The data set includes mainly quantitative data. Future studies could investigate larger enterprises in international contexts, integrating employees’ viewpoints founded on long-term gathered qualitative data. The implications of this study include predictions about future WFH behaviour in Swiss MSEs.
Originality/value
To the best of the authors’ knowledge, this is the first study collecting data in Swiss MSEs after the two COVID-19 lockdowns in 2020 and 2021. As a result, this study offers a unique perspective on a specific business segment, which accounts for around 70% of global employment.
Details