Information Security Policy Compliance: A User Acceptance Perspective

Compliance with information security policies (ISPs) is a key factor in reducing an organization’s information security risks. As such, understanding employees’ compliance behavior with ISPs is an important first step to leverage knowledge worker assets in efforts targeted toward reducing information security risks. This study adapts the Technology Acceptance Model (TAM) to examine users’ behavioral intention to comply with ISPs. The impact of information security awareness on behavioral intentions to comply is also considered in the research model. This is a research in progress, and an instrument is being developed to conduct a survey study to gather data from employees in the banking sector in Jordan

Information Systems and Its’ Abuse by Employees of Nigeria Bank

Information and Communication Technology (ICT) plays a vital role in every sector of life. Studies have shown that ICT usage in many sectors has been solely abused. This study investigates the abuse of information system in Nigerian Banks. Employees’ perception of abuse of information systems was sought using copies of a structured questionnaire. Findings show that unauthorized access of information or programs via a computer had the highest pick as abuse of information system, followed by unauthorized copying or altering of data or programs, then theft of telecommunications or computer equipment, and so on. In conclusion, it was observed that Unethical practices through the abuse of information system result in lesser productivity, decimation of corporate assets, non-compliance with privacy regulations, legal liabilities, network bandwidth and resources exposure. Thus, deploying comprehensive preventive procedures can help organisations guard against abuse of its information systems. Keywords: Abuse, Information systems, Nigerian banks and Ethics

Too Much of a Good Thing? An Investigation of the Negative Consequences of Information Security in a Healthcare Setting

Information security is becoming a prime concern for individuals and organizations. This is especially true in healthcare settings where widespread adoption of integrated health information systems means that a vast amount of highly sensitive information on patients is accessible through many interaction points across the care delivery network. In this research in progress, we seek to uncover how individuals react when they perceive that their security environment is stressful. To do so, we conducted a case study using an inductive approach based on semi-structured interviews with 41 participants. The preliminary analysis of some of our interviews showed that too much security in a health setting can bring in negative consequences like evoking negative emotions in users toward the system, increased dissatisfaction, and increase of inappropriate workarounds, which can lead to ineffective usage of the system and eventually can put patients’ health at risk

The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria

This study examines the determinant factors of information security practices towards organizational performance among Nigerian banks. To achieve this, a framework that consists of technological, organizational, and environmental (TOE) factors is proposed using information security culture as a mediator of TOE factors. The framework identifies the factors influencing information security practices among Nigerian bankers. Findings using TOE will eventually lead to the improvement of organizational performance through the establishment of information security culture among Nigerian banks. Thus, the use of information security practices will assist in reducing human factors such as errors, failures, internal incidents and social engineering attacks. A questionnaire survey was designed to obtain data on information security culture, organizational performance, organizational, environmental and technological factors. Multiple regression was used to test for the relationship between organizational performance, information security culture, TOE factors and the reliability and validity of the data. The findings indicated that perceived technology advancement, information security policy and procedure, international security standard, information security awareness, perceived training programs, motivation of employee and perceived job roles and responsibilities significantly influence the organizational performance. The remaining variables have no statistically significant influence on organizational performance. Also, this study found that information security culture significantly mediates the relationship between organizational performance and TOE factors. Thus, the result of this study shows that the objectives of this study were achieved

Adopsi E-Commerce Dalam Mendukung Perkembangan Usaha Mikro Kecil Dan Menengah (UMKM) Di Masa Pandemi Covid-19

The Covid-19 pandemic struck Indonesia and also the rest of the world, which has a huge impact in the Micro, Small and Medium Enterprises (MSMEs). It is necessary to have a big movement to revive the economic passion in Indonesia, especially MSMEs, one of which is by utilizing e-commerce. This paper presents a conceptual framework for adopting e-commerce. Based on the results of a review of several articles, it was concluded that three factors could be used to adopt e-commerce, including, organizational characteristics, environmental characteristics, and leadership characteristics. To test the benefits and ease of using e-commerce, it can use the Technology Acceptance Model (TAM) theory

Impact of Protection Motivation and Deterrence on IS Security Policy Compliance: A Multi-Cultural View

IS security policy non-compliance is a problem experienced globally. Organizations have implemented formal and informal sanctions to enforce policy compliance. Sanctions can be positive (rewards) or negative (punishment) and may influence employees differently across different cultures. We propose an examination of antecedents that influence IS security policy compliance utilizing Protection Motivation Theory (PMT) and Deterrence Theory in a global context. Using six different countries, we plan to find if protection motivation and deterrence factors differ among different cultures through the influence of Hofstede’s cultural dimensions

A Review of Information Systems Security Management: An Integrated Framework

As information has been a basic commodity and strategic asset, information systems (IS) security has become increasingly important to organizations. This paper conducts a review on the prior literature that has studied non-technical factors of IS security issues from organizational perspective rather than individual level. Five key concepts are studied: IS security management, organizational factors, human factors, strategic planning, and IS security policies. By integrating the main concepts that are reflected in the literature, this paper proposes an integrated framework which provides a comprehensive look at effective IS security management. Four propositions are developed. This framework is intended to provide guidance for organizations and security practitioners that need to implement their IS security management effectively

Management attitudes toward information security in Omani public sector organisations

The incorporation of ICT in public sector organisations is progressing rapidly in Oman where the government sees this as a means to enhance the delivery of online services. In this context, preserving the security of information, and making Information Security a core organisational aspect in public sector organisations, requires attention from management. Our research is the first known attempt to gauge management attitudes toward Information Security in Oman. We also consider how such attitudes influence Information Security governance. In addressing these issues, we review current compliance with Information Security procedures in Omani public sector organisations, review management attitudes toward Information Security governance practices, and explore how management attitudes toward Information Security impact upon these aspects

A Reformed Information Security Management System (R-ISMS)

An Information Security Management System (ISMS) specifies the instruments and methods that an administration/management level of an institution uses to comprehensibly manage the tasks and activities aimed at achieving information security. ISMS evolved as a systematic and structured approach to managing information following advances in IT infrastructure, services and applications so that they remain secure. While there are various implemented ISMS frameworks, researchers continually try to emphasize and increase human participation in ensuring information security. The aim of this research study is to develop an algorithm-based model to facilitate effective ISMS services for organizations. This algorithm-based ISMS model employed Information Technology General Controls (ITGC) technique as an expansion of the vistas of known ISMS frameworks, to improve information security control in organizations. The purpose of refinement is to make the frameworks more easily understood, implemented, and measured in organizations by stakeholders.Microsoft Office Visio 2010 software was used in designing the reformed model. Bactracking and Branch-and-bound algorithms were used in developing the model. The model utilises the above named methods to address the problem of inadequate management systems for information security. The results of this study showed that, with the level of usability, International Organization for Standardization (ISO) standards are more easily implemented and well recognized by stakeholders (top management, staff, suppliers, customers/clients, regulators) unlike the other security frameworks.  In conclusion, this study showed that R-ISMS is a customized algorithm model that assists organizations to enhance the ability in monitoring the performance of their activities, policies and procedures. Keywords:Information Security Management Systems (ISMSs), Reformed ISMS, International Organization for Standardization/International Electrotechnical Commission (ISO/IEC),  Backtracking / Branch-and-bound algorithms