178,150 research outputs found

    Exploring the Factors That Contribute Towards Information Security Policy Compliance Culture

    Get PDF
    There is over-reliance on information systems to run virtually all aspects of modern institutions. This has put more burden on information security managers to come up with more robust and efficient ways to enhance information security policy compliance. Therefore, despite existing efforts in the area of information security management, there remains a critical need for more research to be done. The existing research has also concentrated on hypothesis testing rather than a qualitative approach. So, there is an existential methodology gap that can give another alternative result that still needs to be covered. That is why we embarked on exploring the factors that influence information security compliance in organizations. The research was conducted in two universities with a diverse population. The research design was exploratory, encompassing qualitative in-depth case interviews with grounded theory as the analysis strategy. A total of 20 interviews were conducted and each analysis was done after every few batches of interviews in line with grounded theory principles. A theoretical model was generated and discussed. Implications for the research were also discussed and recommendations made. The study found individual factors, organizational factors, and external influence to be important factors in strategizing how to increase compliance with policies. The results also showed that practitioners need to factor in a combination of elements in their strategies in order to enhance compliance with information security policies. Keywords: Information Security Policy Compliance Culture, Theoretical Model, Grounded Theory, Information systems security DOI: 10.7176/IKM/10-5-05 Publication date:August 31st 202

    Security dialogues: building better relationships between security and business

    Get PDF
    In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff

    Securing intellectual capital:an exploratory study in Australian universities

    Get PDF
    Purpose – To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.Design/methodology/approach – We gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. We conducted interviews with key stakeholders in Australian universities in order to validate these links.Findings – Our investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.Research implications – There is a need to acknowledge the different roles played by actors within the university, and the relevance of information security to IC-related preservation.Practical implications – Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.Originality/value – This is one of the first studies to explore the connections between data and information security and the three core components of IC’s knowledge security in the university context

    The vulnerability of public spaces: challenges for UK hospitals under the 'new' terrorist threat

    Get PDF
    This article considers the challenges for hospitals in the United Kingdom that arise from the threats of mass-casualty terrorism. Whilst much has been written about the role of health care as a rescuer in terrorist attacks and other mass-casualty crises, little has been written about health care as a victim within a mass-emergency setting. Yet, health care is a key component of any nation's contingency planning and an erosion of its capabilities would have a significant impact on the generation of a wider crisis following a mass-casualty event. This article seeks to highlight the nature of the challenges facing elements of UK health care, with a focus on hospitals both as essential contingency responders under the United Kingdom's civil contingencies legislation and as potential victims of terrorism. It seeks to explore the potential gaps that exist between the task demands facing hospitals and the vulnerabilities that exist within them

    From big data to big performance – exploring the potential of big data for enhancing public organizations’ performance : a systematic literature review

    Get PDF
    This article examines the possibilities for increasing organizational performance in the public sector using Big Data by conducting a systematic literature review. It includes the results of 36 scientific articles published between January 2012 and July 2019. The results show a tendency to explain the relationship between big data and organizational performance through the Resource-Based View of the Firm or the Dynamic Capabilities View, arguing that perfor-mance improvement in an organization stems from unique capabilities. In addition, the results show that Big Data performance improvement is influenced by better organizational decision making. Finally, it identifies three dimensions that seem to play a role in this process: the human dimension, the organizational dimension, and the data dimension. From these findings, implications for both practice and theory are derived

    A descriptive review and classification of organizational information security awareness research

    Get PDF
    Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding

    The enemy has passed through the gate: insider threats, the dark triad, and the challenges around security

    Get PDF
    Purpose – The purpose of this paper is to highlight the potential role that the so-called “toxic triangle” (Padilla et al., 2007) can play in undermining the processes around effectiveness. It is the interaction between leaders, organisational members, and the environmental context in which those interactions occur that has the potential to generate dysfunctional behaviours and processes. The paper seeks to set out a set of issues that would seem to be worthy of further consideration within the Journal and which deal with the relationships between organisational effectiveness and the threats from insiders.<p></p> Design/methodology/approach – The paper adopts a systems approach to the threats from insiders and the manner in which it impacts on organisation effectiveness. The ultimate goal of the paper is to stimulate further debate and discussion around the issues.<p></p> Findings – The paper adds to the discussions around effectiveness by highlighting how senior managers can create the conditions in which failure can occur through the erosion of controls, poor decision making, and the creation of a culture that has the potential to generate failure. Within this setting, insiders can serve to trigger a series of failures by their actions and for which the controls in place are either ineffective or have been by-passed as a result of insider knowledge.<p></p> Research limitations/implications – The issues raised in this paper need to be tested empirically as a means of providing a clear evidence base in support of their relationships with the generation of organisational ineffectiveness.<p></p> Practical implications – The paper aims to raise awareness and stimulate thinking by practising managers around the role that the “toxic triangle” of issues can play in creating the conditions by which organisations can incubate the potential for crisis.<p></p> Originality/value – The paper seeks to bring together a disparate body of published work within the context of “organisational effectiveness” and sets out a series of dark characteristics that organisations need to consider if they are to avoid failure. The paper argues the case that effectiveness can be a fragile construct and that the mechanisms that generate failure also need to be actively considered when discussing what effectiveness means in practice.<p></p&gt

    Information systems evaluation: Navigating through the problem domain

    Get PDF
    Information systems (IS) make it possible to improve organizational efficiency and effectiveness, which can provide competitive advantage. There is, however, a great deal of difficulty reported in the normative literature when it comes to the evaluation of investments in IS, with companies often finding themselves unable to assess the full implications of their IS infrastructure. Although many of the savings resulting from IS are considered suitable for inclusion within traditional accountancy frameworks, it is the intangible and non-financial benefits, together with indirect project costs that complicate the justification process. In exploring this phenomenon, the paper reviews the normative literature in the area of IS evaluation, and then proposes a set of conjectures. These were tested within a case study to analyze the investment justification process of a manufacturing IS investment. The idiosyncrasies of the case study and problems experienced during its attempts to evaluate, implement, and realize the holistic implications of the IS investment are presented and critically analyzed. The paper concludes by identifying lessons learnt and thus, proposes a number of empirical findings for consideration by decisionmakers during the investment evaluation process
    corecore