THE IMPACT OF POSITIVE ORGANISATIONAL CULTURE VALUES ON INFORMATION SECURITY MANAGEMENT IN THE COMPANY

Objective: The purpose of this article is to identify the positive values of the organisational culture, which have an impact on the effectiveness of information security management in the company. Methods: The study was performed based on a case study. The study was divided into two stages. The first stage consisted of conducting an interview with a person responsible for the information security in the studied company. While the second stage assumed obtaining the opinions of employees regarding the organisational culture and the positive values influencing the information security in the company. Based on the literature review, a survey questionnaire was prepared, which was used in the survey. The study was conducted in a company employing 35 people. Conclusions: The article highlights the important role of the positive values of the organisational culture, which impact the information security management in the company. Positive values have a big impact on maintaining the appropriate level of information security in the company. Originality/Value: The analysis of the obtained results shows that cultivating positive values in the company impacts the effectiveness of information security management. The study suggests that the development of positive values in the company creates not only the positive atmosphere at work, but it also affects the observance of procedures and rules in the field of information security.

Modeling inertia causatives:validating in the password manager adoption context

Cyber criminals are benefiting from the fact that people do not take the required precautions to protect their devices and communications. It is the equivalent of leaving their home’s front door unlocked and unguarded, something no one would do. Many efforts are made by governments and other bodies to raise awareness, but this often seems to fall on deaf ears. People seem to resist changing their existing cyber security practices: they demonstrate inertia. Here, we propose a model and instrument for investigating the factors that contribute towards this phenomenon

Listen to Your Doppelganger! Global Cultural Empathy for Educators: A Literature Review Based Conceptual Model

Our student populations\u27 diversity now includes African Americans, Native Americans, and Latinos, as classrooms represent various cultural backgrounds. This shift in student population dynamics brings fresh challenges to educator\u27s unpreparedness to identify with the unique cultural identities of international students. The cultural dissonance that international students face compounds this challenge since the cultural unawareness and misconceptions may be generated from both educators and student groups. The Doppelganger Inspired Change Effect model or DICE discussed in this article is inspired by an extensive literature review. It elucidates a process of fostering global cultural empathy and preparedness of educators by linking such preparedness to evaluating negative attitudinal influences that may block people from changing their thinking, negatively impacting global empathy preparedness. This is a valid linkage given the influence culture has on attitudes and vice versa and is true in developing global empathy, which is crucial for training educators

Perception of the importance of IT security in the Spanish hotel industry

Ante un mundo empresarial cada vez más dependiente de las Tecnologías de la Información y las Comunicaciones (TIC), es conveniente que la seguridad informática tenga un hueco importante en estas empresas para el buen funcionamiento de las mismas. Por este motivo, este artículo analiza esta área pero en el sector hotelero, un sector que hoy día no se puede concebir sin el uso de las TIC. Este estudio analiza la percepción (por parte de las empresas) de la seguridad informática en el sector hotelero español a través de encuesta en 2 periodos, con un horizonte temporal de 10 años, y utilizando como marco comparativo el sector empresarial español en general. Obteniendo como resultados, la mayor concienciación por esta seguridad informática en el sector hotelero a lo largo del tiempo, ya que, en el primer periodo temporal, la diferencia entre este sector y las empresas españolas en general era bastante amplia.In a business world increasingly dependent on Information Technology and Communications (ICT), it is desirable that IT security has an important place in these companies for their operation. For this reason, this paper analyzes this area but in the hotel sector, a sector that today can not be conceived without the use of ICT. This study analyzes the perception (by the companies) of IT security in the Spanish hotel industry through surveys in 2 periods (with a time horizon of 10 years) and using as comparative framework the Spanish business sector in general. Obtaining as a result, the increased awareness for this IT security in the hotel industry across the time, as the difference between this sector and the Spanish business sector in general was quite spacious in the first time period

Education in IT Security: A Case Study in Banking Industry

The banking industry has been changing incessantlyand facing new combination of risks. Data protection andcorporate security is now one of the major issues in bankingindustry. As the rapid changing on technologies from time totime, the industry should be aware on new technologies in orderto protect information assets and prevent fraud activities. Thispaper begins with literature study of information security issuesand followed by focused-group interviews with five participantswithin the industry and survey analysis of “The global state ofInformation Security survey 2013” which published byPriceWaterhouseCoopers (PWC). Trends and questions werediscussed as well as possible solution. The study suggests that ITsecurity education should be made to different level of staffs suchas executives, professional and general staffs. Besides, thebanking industry should increase company-wide securityawareness and the importance of corporate security which keepthe information and physical assets secure and in a proper way

Modeling inertia causatives

Cyber criminals are benefiting from the fact that people do not take the required precautions to protect their devices and communications. It is the equivalent of leaving their home's front door unlocked and unguarded, something no one would do. Many efforts are made by governments and other bodies to raise awareness, but this often seems to fall on deaf ears. People seem to resist changing their existing cyber security practices: they demonstrate inertia. Here, we propose a model and instrument for investigating the factors that contribute towards this phenomenon

A Risk-Driven Investment Model for Analysing Human Factors in Information Security

Information systems are of high importance in organisations because of the revolutionary industrial transformation undergone by digital and electronic platforms. A wide range of factors and issues forming the current business environments have created an unprecedented level of uncertainty and exposure to risks in all areas of strategic and operational activities in organisations including IT management and information security. Subsequently, securing these systems, which keep assets safe, serves organisational objectives. The Information Security System (ISS) is a process that organisations can adopt to achieve information security goals. It has gained the attention of academics, businesses, governments, security and IT professionals in recent years. Like any other system, the ISS is highly dependent on human factors as people are the primary concern of such systems and their roles should be taken into consideration. However, identifying reasoning and analysing human factors is a complex task. This is due to the fact that human factors are hugely subjective in nature and depend greatly on the specific organisational context. Every ISS development has unique demands both in terms of human factor specifications and organisational expectations. Developing an ISS often involves a notable proportion of risk due to the nature of technology and business demands; therefore, responding to these demands and technological challenges is critical. Furthermore, every business decision has inherent risk, and it is crucial to understand and make decisions based on the cost and potential value of that risk. Most research is solely concentrated upon the role of human factors in information security without addressing interrelated issues such as risk, cost and return of investment in security. The central focus and novelty of this research is to develop a risk-driven investment model within the security system framework. This model will support the analysis and reasoning of human factors in the information system development process. It contemplates risk, cost and the return of investment on security controls. The model will consider concepts from Requirements Engineering (RE), Security Tropos and organisational context. This model draws from the following theories and techniques: Socio-technical theory, Requirements Engineering (RE), SWOT analysis, Delphi Expert Panel technique and Force Field Analysis (FFA). The findings underline that the roles of human factors in ISSs are not being fully recognised or embedded in organisations and there is a lack of formalisation of main human factors in information security risk management processes. The study results should confirm that a diverse level of understanding of human factors impacts security systems. Security policies and guidelines do not reflect this reality. Moreover, information security has been perceived as being solely the domain of IT departments and not a collective responsibility, with the importance of the support of senior management ignored. A further key finding is the validation of all components of the Security Risk-Driven Model (RIDIM). Model components were found to be iterative and interdependent. The RIDIM model provides a significant opportunity to identify, assess and address these elements. Some elements of ISSs offered in this research can be used to evaluate the role of human factors in enterprise information security; therefore, the research presents some aspects of computer science and information system features to introduce a solution for a business-oriented problem. The question of how to address the psychological dimensions of human factors related to information security would, however, be a rich topic of research on its own. The risk-driven investment model provides tangible methods and values of relevant variables that define the human factors, risk and return on investment that contribute to organisations’ information security systems. Such values and measures need to be interpreted in the context of organisational culture and the risk management model. Further research into the implementation of these measurements and evaluations for improving organisational risk management is required

Unsolicited sexual images: “It’s only a picture, what’s the harm?”

Digital exhibitionism in the form of unsolicited sexual images, has become so commonplace that recipients are failing to see them as a category of sexual harassment. The aim of this study is to examine the experience response of receiving an unsolicited sexual image and assess if the action response is sufficient to those experiences. The study targets at-risk groups with the intent to convince policy writers to offer protections with the support of legislative powers. 108 female students from Murdoch University participated in a self-report online survey, using Qualtrics, that included quantitative Likert scales and qualitative answers on the frequency, response, result, reaction, and general feeling about receiving unsolicited sexual images. A scale was developed which resulted in three subscales of amusement, victimisation, and retribution. Qualitative results were analysed using NVivo software. Findings showed that there is a high frequency of the receipt of unsolicited sexual images, that generational responses differ in retributive action, and that overall action responses are inadequate to the harms they cause. The need for policy creation and legislative protections that are equal to current exhibitionist laws was evident, along with the need for public education to create a societal awareness and confidence to report online abusive behaviours