Search results

This study aims to elicit an understanding of creativity and innovation to enable a totally aligned information security culture. A model is proposed to encourage creativity and innovation as part of the information security culture.

The study first applied a theoretical approach with a scoping literature review using the preferred reporting items for systematic reviews and meta-analyses method to propose a conceptual model for engendering employee creativity and innovation as part of the information security culture. A qualitative research method was further applied with expert interviews and qualitative data analysis in Atlas.ti to validate and refine the conceptual model.

A refined and validated information security culture model enabled through creativity and innovation is presented. The input from the expert panel was used to extend the model by 18 elements highlighting that the risk appetite of an organisation defines how much creativity and innovation can be tolerated to reach a balance with the potential risks it might introduce. Embedding creativity and innovation as part of the organisational culture to facilitate it further as part of the information security culture can aid in combating cyber threats and incidents; however, it should be managed through a decision-making process while governed within policies that define the boundaries of creativity and innovation in information security.

The research serves as a point of reference for further research about the influence of creativity and innovation in information security culture which can be investigated through structural equation modelling.

This study offers novel insights for managerial practice to encourage creativity and innovation as part of information security.

The research proposes a novel concept of introducing creativity and innovation as part of the information security culture and presents a novel model to facilitate this.

The purpose of this article is to examine the information culture of a medium-sized municipality in Belgium. Public information/records is/are one of the most important instruments of citizens' control of public authorities. The principle of Public Access gives citizens a right to access public records, while the Privacy Act protects the integrity of the citizens. Municipalities are institutions that intensely interact with the citizens. Therefore, the way they handle the information that is generated during this interaction is of crucial importance to the efficient service delivery, safeguarding the rights of the citizens that they serve and for sustaining the open governance structure that promotes the principles of accountability and transparency.

The author employed a case study approach in order to establish the attitudes and norms the organizational employees had towards the management of information/records. She also applied the information culture assessment framework developed by Oliver during the design of the research questions.

Information culture affects the way public information/records are managed. Though investments are being made in information systems to facilitate the capture and management of information/records, the people issues are equally as crucial. E-Government development will require an information culture that promotes effective creation, use and management of information, if its goal of efficient and transparent public administrations is to be achieved.

The originality of this study lies in the application of the information culture assessment framework that was developed by Oliver. The framework facilitates the formulation of questions using its three layers to tease out the information required by a researcher in an attempt to draw conclusions regarding the attitudes, norms and the value the interviewees attach to information/records.

The purpose of this paper is to explore the concept of information culture in Mainland China and apply the information culture framework to an organizational setting.

The foundation for the research is provided by a review of Chinese and English language literature and a case study of a university library was conducted, involving semi-structured interviews.

The information culture framework facilitated identification of factors not recognized in previous information culture research, including uniquely Chinese factors of egocentrism, guanxi (relationships), mianzi (face), hexie (harmony) and renqing (mutual benefit). A further finding highlighted the profound differences between archives and library institutions in China.

The paper provides the first step toward further exploring features of Chinese organizational culture which will not only influence information management practices but also highlight the issues relating to collaboration between libraries and archives in China.

This study aims to investigate the effects of organizational culture factors on the selection of software process development models and develops a conceptual model for selecting and adopting process development models with an organizational culture approach, using 12 criteria and their sub-criteria defined in Fey and Denison’s model (12 criteria).

The research hypotheses were investigated using statistical analysis, and then the criteria and sub-criteria were selected based on Fey and Denison’s model and the experts’ viewpoints. Afterward, the organizational culture of the selected company was measured using the data from 2016 and 2017, based on Fey and Denison’s questionnaire. Due to the correlation between the criteria, using the decision-making trial and evaluation technique, the correlation between sub-criteria were determined, and by analytical network process method and using Super-Decision software, the process development model was preferred to the 12 common models in information systems development.

Results indicated a significant and positive effect of organizational culture factors (except the core values factor) on the selection of development models. Also, by changing the value of organizational culture, the selected process development model changed either. Sensitivity analysis performed on the sub-criteria implied that by changing and improving some sub-criteria, the organization will be ready and willing to use the agile or risk-based models such as spiral and win-win models. Concerning units where the mentioned indicators were at moderate and low limits, models such as waterfall, V-shaped and incremental worked more appropriately.

While many studies were performed in comparing development models and investigating their strengths and weaknesses, and the impact of organizational culture on the success of information technology projects, literature indicated that the impact of organizational sub-culture prevailing in the selection of development process models has not been investigated. In this study, new factors and indicators were addressed affecting the selection of development models with a focus on organizational culture. Correlation among the factors and indicators was also investigated and, finally, a conceptual model was proposed for proper adoption of the models and methodologies of system development.

The objective of this research was to propose and validate a holistic framework for information security culture evaluation, built around a novel approach, which includes technological, organizational and social issues. The framework's validity and reliability were determined with the help of experts in the information security field and by using multivariate statistical methods.

The conceptual framework was constructed upon a detailed literature review and validated using a range of methods: first, measuring instrument was developed, and then content and construct validity of measuring instrument was confirmed via experts' opinion and by closed map sorting method. Convergent validity was confirmed by factor analysis, while the reliability of the measuring instrument was tested using Cronbach's alpha coefficient to measure internal consistency.

The proposed framework was validated based upon the results of empirical research and the usage of multivariate analysis. The resulting framework ultimately consists of 46 items (manifest variables), describing eight factors (first level latent variables), grouped into three categories (second level latent variables). These three categories were built around technological, organizational and social issues.

This paper contributes to the body of knowledge in information security culture by developing and validating holistic framework for information security culture evaluation, which does not observe information security culture in only one aspect but takes into account its organizational, sociological and technical component.

The purpose of this paper is to use information culture assessment tools (from work by Curry and Moore) to examine the information culture within a regulated, government environment. In particular, it aims to study the relationship between records management training provided to staff, staff self‐perceptions of records management competencies and compliance with a formal records management program.

The survey employs a questionnaire to gather the data from a provincial government ministry in Ontario, Canada. A questionnaire was used for data collection from a sample of 350 records management personnel from a population of 3,510 in five divisions of the ministry. A total of 207 participants responded and the copies of their questionnaire were found valid for analysis. The response rate realized was 66.7 percent.

The results from this study show that the there is a potential relationship between formal training delivered to staff, and the self‐perceived level of records management competency, namely that the more training staff receive, the more staff perceive the need for further training, and the greater level of compliance with the records management program. However, as the records management training strategy is informal in nature, it is difficult to determine a holistic influence of the training program on the organization's information culture.

The study is based on one ministry with an informal training records management strategy in place. The findings may not apply to organizations where there is a more formal training strategy. The findings should also be tested in private sector organizational settings.

Knowledge and understanding of the features of information culture will assist with identifying gaps in addressing the challenges of organizational record management training and its effect on compliance with organizational information and record management programs.

This research adds to the body of knowledge about information culture and user‐information behavior, particularly in regards to connections between training and compliance in government organizations. This paper provides evidence from an original study.

The purpose of this paper is to discuss the problem of information and knowledge management (IKM) in higher education institutions. The research aims to determine the way in which the knowledge resources of a higher education institution are managed. The author intends to define how the information system is shaped and how information and knowledge are used in the reporting processes and for decision-making efficiency.

In total, 38 university administration employees from six higher education institutions in Poland participated in the study. Information barriers and benefits resulting from the implementation of the central reporting system “POL-on” were identified by using the sense-making technique. The purpose of the interviews was to determine the procedural and behavioural conditions of the reporting and decision-making processes in higher education institutions in Poland.

This paper suggests four characteristics of IKM in higher education institutions. A link between the information culture of the institution, its size and structure as well as the adopted model of IKM is demonstrated.

The main contribution of this paper is to introduce a framework for studying the IKM in higher education institutions from the perspective of information culture. Higher education institutions have developed different styles of striving for efficiency regarding decision making and reporting in administration. The IM and KM are now proved to be an integrated process in administrative activities of higher education institutions.

Rich, interactive media are becoming extremely common in internet recruitment systems. The paper investigates the role of media richness in applicants’ ability to learn information relevant to making an application decision. The authors examine these relationships in the context of two competing theories, namely media richness theory and cognitive load theory, which predict opposite relationships with information acquisition. The paper aims to discuss these issues.

Participants (n=471) either viewed a traditional web site or visited an interactive virtual world that contained information about an organization's culture, benefits, location, and job openings. Culture information was manipulated to either portray a highly teams-oriented culture or a highly individual-oriented culture.

Participants who viewed the low-richness site recalled more factual information about the organization; this effect was mediated by subjective mental workload. Richness was not related to differences in culture-related information acquisition.

These findings suggest that richer media (such as interactive virtual environments) may not be as effective as less rich media in conveying information. Specifically, the interactive elements may detract focus away from the information an organization wishes to portray. This may lead to wasted time on the part of applicants and organizations in the form of under- or over-qualified applications or a failure to follow instructions.

This study is among the first to use a cognitive load theory framework to suggest that richer media may not always achieve their desired effect.

The purpose of this paper is to report findings from an investigation on the information culture and recordkeeping in two Chinese companies, exploring the interaction between information culture and recordkeeping.

On the basis of systematic literature review, this research investigates the information culture and recordkeeping in two Chinese companies by conducting in-depth interviews with the staff of the two companies.

The attitude of the leadership and the staff towards records and information is different in the result-oriented information culture and rule-following culture. If a company aims to stay innovative and competitive, an information culture that can facilitate the good governance of records and information should be developed, and information professionals can play a key role in working towards this.

As a qualitative study of information culture and recordkeeping in Chinese companies, this paper provides the insight into the interaction between information culture and recordkeeping, demonstrates the impact of information culture on information governance and identifies the factors influencing information culture in an organization.

This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers.

The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy, market and bureaucracy.

The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance.

The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance.

Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations.

Few information security policy compliance studies exist on the consequences of different organizational/information cultures.