Search results

1 – 10 of over 65000
To view the access options for this content please click here
Book part

Tilman Brück, Olaf J. de Groot and Neil T. N. Ferguson

The purpose of this study is to define the interactions that determine how secure a society is from terrorism and to propose a method for measuring the threat of terrorism…

Abstract

Purpose

The purpose of this study is to define the interactions that determine how secure a society is from terrorism and to propose a method for measuring the threat of terrorism in an objective and spatio-temporally comparable manner.

Methodology/approach

Game-theoretic analysis of the determinants of security and discussion of how to implement these interactions into a measure of security.

Findings

We show that governments concerned with popularity have an incentive to over-invest in security and that, in certain situations, this leads to a deterioration in net security position. Our discussion provides an implementable means for measuring the levels of threat and protection, as well as individuals’ perceptions of both, which we propose can be combined into an objective and scientific measure of security.

Research limitations/implications

The implication for researchers is the suggestion that efficiency, as well as scale of counter-terrorism, is important in determining a country’s overall security position. Furthermore, we suggest that individuals’ perceptions are at least as important in determining suitable counter-terrorism policy as objective measures of protection and threat. The limitations of this research are found in the vast data requirements that any attempt to measure security will need.

Originality/value of the chapter

We propose the first method for objectively measuring the net security position of a country, using economic and econometric means.

To view the access options for this content please click here
Article

Fredrik Karlsson, Martin Karlsson and Joachim Åström

This paper aims to investigate two different types of compliance measures: the first measure is a value-monistic compliance measure, whereas the second is a…

Abstract

Purpose

This paper aims to investigate two different types of compliance measures: the first measure is a value-monistic compliance measure, whereas the second is a value-pluralistic measure, which introduces the idea of competing organisational imperatives.

Design/methodology/approach

A survey was developed using two sets of items to measure compliance. The survey was sent to 600 white-collar workers and analysed through ordinary least squares.

Findings

The results suggest that when using the value-monistic measure, employees’ compliance was a function of employees’ intentions to comply, their self-efficacy and awareness of information security policies. In addition, compliance was not related to the occurrence of conflicts between information security and other organisational imperatives. However, when the dependent variable was changed to a value-pluralistic measure, the results suggest that employees’ compliance was, to a great extent, a function of the occurrence of conflicts between information security and other organisational imperatives, indirect conflicts with other organisational values.

Research limitations/implications

The results are based on small survey; yet, the findings are interesting and justify further investigation. The results suggest that relevant organisational imperatives and value systems, along with information security values, should be included in measures for employees’ compliance with information security policies.

Practical implications

Practitioners and researchers should be aware that there is a difference in measuring employees’ compliance using value monistic and value pluralism measurements.

Originality/value

Few studies exist that critically compare the two different compliance measures for the same population.

Details

Information & Computer Security, vol. 25 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Book part

David Magaña-Lemus and Jorge Lara-Álvarez

Food security is an essential measure of welfare, especially for low-income families in developing countries. Policy makers should be aware of the harm food insecurity has…

Abstract

Purpose

Food security is an essential measure of welfare, especially for low-income families in developing countries. Policy makers should be aware of the harm food insecurity has on vulnerable households. This chapter empirically addresses the problems of measuring and monitoring food security in Mexico.

Methodology/approach

We identify the macro and micro approaches for measuring food security. The macro approach uses variables at the country level. Usually, this information is available on a yearly basis, is easy to implement, and can be compared across countries. The micro approach uses household questionnaires to collect food security information. Our analysis suggests that a macro approach will not be as precise as the micro approach due to inequality (agroclimatic, social, and economic).

Findings

Empirical experience suggests that food insecurity and its severity can be captured at the household level using the Food Insecurity Experiences Questionnaire. This questionnaire allows us to calculate food security measurements that closely follow the food security definition.

Originality/value

From a public policy perspective, the different methodologies for measurement do not consider all the dimensions of food security as defined by the term. This chapter examines which approach provides the best measurement of food security.

Details

Food Security in an Uncertain World
Type: Book
ISBN: 978-1-78560-213-9

Keywords

Content available
Article

Špela Orehek and Gregor Petrič

The concept of information security culture, which recently gained increased attention, aims to comprehensively grasp socio-cultural mechanisms that have an impact on…

Abstract

Purpose

The concept of information security culture, which recently gained increased attention, aims to comprehensively grasp socio-cultural mechanisms that have an impact on organizational security. Different measurement instruments have been developed to measure and assess information security culture using survey-based tools. However, the content, breadth and face validity of these scales vary greatly. This study aims to identify and provide an overview of the scales that are used to measure information security culture and to evaluate the rigor of reported scale development and validation procedures.

Design/methodology/approach

Papers that introduce a new or adapt an existing scale of information security culture were systematically reviewed to evaluate scales of information security culture. A standard search strategy was applied to identify 19 relevant scales, which were evaluated based on the framework of 16 criteria pertaining to the rigor of reported operationalization and the reported validity and reliability of the identified scales.

Findings

The results show that the rigor with which scales of information security culture are validated varies greatly and that none of the scales meet all the evaluation criteria. Moreover, most of the studies provide somewhat limited evidence of the validation of scales, indicating room for further improvement. Particularly, critical issues seem to be the lack of evidence regarding discriminant and criterion validity and incomplete documentation of the operationalization process.

Research limitations/implications

Researchers focusing on the human factor in information security need to reach a certain level of agreement on the essential elements of the concept of information security culture. Future studies need to build on existing scales, address their limitations and gain further evidence regarding the validity of scales of information security culture. Further research should also investigate the quality of definitions and make expert assessments of the content fit between concepts and items.

Practical implications

Organizations that aim to assess the level of information security culture among employees can use the results of this systematic review to support the selection of an adequate measurement scale. However, caution is needed for scales that provide limited evidence of validation.

Originality/value

This is the first study that offers a critical evaluation of existing scales of information security culture. The results have decision-making value for researchers who intend to conduct survey-based examinations of information security culture.

Details

Information & Computer Security, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article

Ahmad Abu‐Musa

This paper seeks to empirically examine the existence and implementation of information security governance (ISG) in Saudi organizations.

Abstract

Purpose

This paper seeks to empirically examine the existence and implementation of information security governance (ISG) in Saudi organizations.

Design/methodology/approach

An empirical survey, using a self‐administered questionnaire, is conducted to explore and evaluate the current status and the main features of ISG in the Saudi environment. The questionnaire is developed based on ISG guidelines for boards of directors and executive management issued by the Information Technology (IT) Governance Institute and other related materials available in the literature. A total of 167 valid questionnaires are collected and processed using the Statistical Package for Social Sciences, version 16.

Findings

The results of the study reveal that although the majority of Saudi organizations recognize the importance of ISG as an integrant factor for the success of IT and corporate governance, most of them have no clear information security strategies or written information security policy statements. The majority of Saudi organizations have no disaster recovery plans to deal with information security incidents and emergencies; information security roles and responsibilities are not clearly defined and communicated. The results also show that alignment between ISG and the organization's overall business strategy is relatively poor and not adequately implemented. The results also show that risk assessment procedures are not adequately and effectively implemented, ISG is not a regular item in the board's agenda, and there are no properly functioning ISG processes or performance‐measuring systems in the majority of Saudi organizations. Accordingly, appropriate actions should be taken to improve implementing and measuring the ISG performance in Saudi organizations.

Originality/value

From a practical standpoint, managers and practitioners alike stand to gain from the findings of this study. The results of the paper enable them to better understand and evaluate ISG and to champion IT development for business success in Saudi organizations.

Details

Information Management & Computer Security, vol. 18 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article

Khaled A. Alshare, Peggy L. Lane and Michael R. Lane

The purpose of this case study is to examine the factors that impact higher education employees’ violations of information security policy by developing a research model…

Abstract

Purpose

The purpose of this case study is to examine the factors that impact higher education employees’ violations of information security policy by developing a research model based on grounded theories such as deterrence theory, neutralization theory and justice theory.

Design/methodology/approach

The research model was tested using 195 usable responses. After conducting model validation, the hypotheses were tested using multiple linear regression.

Findings

The results of the study revealed that procedural justice, distributive justice, severity and celerity of sanction, privacy, responsibility and organizational security culture were significant predictors of violations of information security measures. Only interactional justice was not significant.

Research limitations/implications

As with any exploratory case study, this research has limitations such as the self-reported information and the method of measuring the violation of information security measures. The method of measuring information security violations has been a challenge for researchers. Of course, the best method is to capture the actual behavior. Another limitation to this case study which might have affected the results is the significant number of faculty members in the respondent pool. The shared governance culture of faculty members on a US university campus might bias the results more than in a company environment. Caution should be applied when generalizing the results of this case study.

Practical implications

The findings validate past research and should encourage managers to ensure employees are involved with developing and implementing information security measures. Additionally, the information security measures should be applied consistently and in a timely manner. Past research has focused more on the certainty and severity of sanctions and not as much on the celerity or swiftness of applying sanctions. The results of this research indicate there is a need to be timely (swift) in applying sanctions. The importance of information security should be grounded in company culture. Employees should have a strong sense of treating company data as they would want their own data to be treated.

Social implications

Engaging employees in developing and implementing information security measures will reduce employees’ violations. Additionally, giving employees the assurance that all are given the same treatment when it comes to applying sanctions will reduce the violations.

Originality/value

Setting and enforcing in a timely manner a solid sanction system will help in preventing information security violations. Moreover, creating a culture that fosters information security will help in positively affecting the employees’ perceptions toward privacy and responsibility, which in turn, impacts information security violations. This case study applies some existing theories in the context of the US higher education environment. The results of this case study contributed to the extension of existing theories by including new factors, on one hand, and confirming previous findings, on the other hand.

To view the access options for this content please click here
Article

Michelle S. Dojutrek, Samuel Labi and J. Eric Dietz

Transportation project evaluation and prioritization use traditional performance measures including travel time, safety, user costs, economic efficiency and environmental…

Abstract

Purpose

Transportation project evaluation and prioritization use traditional performance measures including travel time, safety, user costs, economic efficiency and environmental quality. The project impacts in terms of enhancing the infrastructure resilience or mitigating the consequences of infrastructure damage in the event of disaster occurrence are rarely considered in project evaluation. This paper aims to present a methodology to address this issue so that in prioritizing investments, infrastructure with low security can receive the attention they deserve. Second, the methodology can be used for prioritizing candidate investments from a budget that is dedicated specifically to security enhancement.

Design/methodology/approach

In defining security as the absence of risk of damage from threats due to inherent structural or functional resilience, this paper uses security-related considerations in investment prioritization, thus introducing robustness in such evaluation. As this leads to an increase in the number of performance criteria in the evaluation, the paper adopts a multi-criteria analysis approach. The paper’s methodology quantifies the overall security level for an infrastructure in terms of the threats it faces, its resilience to damage and the consequences in the event of the infrastructure damage.

Findings

The paper demonstrates that it is feasible to develop a security-related measure that can be used as a performance criterion in the evaluation of general transportation projects or projects dedicated specifically toward security improvement. Through a case study, the paper applies the methodology by measuring the risk (and hence, security) of each for multiple infrastructure assets. On the basis of the multiple types of impacts including risk impacts (i.e. increase in security) because of each candidate investment, the paper shows how to prioritize security investments across the multiple infrastructure assets using multi-criteria analysis.

Originality/value

The overall framework consists of the traditional steps in risk management, and the paper’s specific contribution is in the part of the framework that measures the risk. The paper shows how infrastructure security can be quantified and incorporated in the project evaluation process.

Details

International Journal of Disaster Resilience in the Built Environment, vol. 7 no. 3
Type: Research Article
ISSN: 1759-5908

Keywords

To view the access options for this content please click here
Article

Richard Dobbins

Sees the objective of teaching financial management to be to helpmanagers and potential managers to make sensible investment andfinancing decisions. Acknowledges that…

Abstract

Sees the objective of teaching financial management to be to help managers and potential managers to make sensible investment and financing decisions. Acknowledges that financial theory teaches that investment and financing decisions should be based on cash flow and risk. Provides information on payback period; return on capital employed, earnings per share effect, working capital, profit planning, standard costing, financial statement planning and ratio analysis. Seeks to combine the practical rules of thumb of the traditionalists with the ideas of the financial theorists to form a balanced approach to practical financial management for MBA students, financial managers and undergraduates.

Details

Management Decision, vol. 31 no. 2
Type: Research Article
ISSN: 0025-1747

Keywords

To view the access options for this content please click here
Book part

Dragan Miljkovic

This chapter proposes a novel nonnormative approach to evaluating quality, effectiveness, and efficiency of food security.

Abstract

Purpose

This chapter proposes a novel nonnormative approach to evaluating quality, effectiveness, and efficiency of food security.

Methodology/approach

On the demand side, we consider the quality, effectiveness, and efficiency of the food security system, whose mechanisms should be evaluated by their impact on the quality of life of an endangered population. On the supply side, the motives of food aid donors and food security providers (directly and via policy mechanisms) are discussed in the context of the deservingness heuristic.

Findings

The model illustrates three problems with measuring food security-related quality of life: peoples’ different expectations, the different points at which people stand on their food security trajectory, and the potential for an evolving reference value of peoples’ expectations. The deservingness heuristic is the mechanism behind the domestic and international food security aid that occurs via evolutionary forces, or cultural, institutional, and ideological forces.

Social implications

Food security is a problem that requires a humanistic approach rooted in the evolutionary process/development of the human race. Food security can be misused by the food aid/welfare recipients for their own purposes. Likewise, food security programs by food aid/welfare donors can be targeted unethically when used to achieve the ideological, institutional, and political goals of the donors. Differentiating between the behavioral causes of providing food security may be helpful in predicting whether aid/welfare will be provided to the needy at all.

Details

Food Security in an Uncertain World
Type: Book
ISBN: 978-1-78560-213-9

Keywords

To view the access options for this content please click here
Article

Janne Merete Hagen, Eirik Albrechtsen and Jan Hovden

The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.

Abstract

Purpose

The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.

Design/methodology/approach

A survey was designed and data were collected from information security managers in a selection of Norwegian organizations.

Findings

Technical‐administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness‐creating activities are applied by the organizations to a considerably lesser extent, but are at the same time these are assessed as being more effective organizational measures than technical‐administrative ones. Consequently, the study shows an inverse relationship between the implementation of organizational information security measures and assessed effectiveness of the organizational information security measures.

Originality/value

Provides insight into the non‐technological side of information security. While most other studies look at the effectiveness of single organizational security measures, the present study considers combinations of organizational security measures.

Details

Information Management & Computer Security, vol. 16 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 10 of over 65000