A descriptive review and classification of organizational information security awareness research

Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding

Simulation on off grid hybrid PV-battery system

With the growing usage of renewable energy sources (RES), solar photovoltaic (PV) systems have seen a considerable increase in their use over the last three decades, moving from freestanding to utility-connected PV systems. Off-grid is a type of power distribution system that makes use of renewable energy and is powered by a hybrid PV battery system. In this project the simulation on off grid hybrid PV battery system have been discussed. The system is modelled and simulate in MATLAB Simulink where a PV array with MPPT is connected to the DC bus with a battery storage system of 720 kWh, the performance of the PV system results shows an efficient MPPT where the modules output power at solar irradiance and ambient temperature of 1000 and 1500 W/m2 and 25 C temperature maintained at 2750 W which shows the MPPT efficiency is 98%

Information security policy compliance model for public sector

Technical aspect of security is inadequate to ensure information security within organization thus requires for adoption of information security policy. Policy without compliance from the employee of an organization would be useless where it requires desirable behaviours. Human are known to be the weakest link in information security thus factor that affect their intention towards compliance behaviour should be identified. The purpose of this research is to identify factors from recent researches that uses the most common compliance model used in social psychology and technological domain. These factors would then be built up into a proposed model where it will be validated with the survey questionnaire result from an IT department that consists of administrative and IT professionals. This research uses quantitative approach as it is the most used research design used in this domain and statistics software will be used to determine the frequencies, reliability, and the correlation of the factors towards compliance intention. According to 214 respondents, eleven factors have been concluded to have significant impact towards compliance intention that is perceived severity, perceived vulnerability, maladaptive rewards, response efficacy, self-efficacy, attitude, subjective norm, perceived usefulness, perceived ease of use, awareness and punishment while rewards have insignificant relation. The result from this research would support the proposed model that will act as a guidance in public sector to solve issues regarding employee behaviour that impacts information security policy compliance

A Conceptual Information Security Culture Framework for Higher Learning Institutions

Education institutions within and outside Ghana continue to experience mass information leakages at an alarming rate even with the huge investment made in information technology infrastructure to secure their information assets. The lack of organisational commitment to enhance the non-technical aspects of information security – thus, information security culture (ISC) – largely accounts for the consistent rise of security breaches in institutions like the educational institutions. Securing information assets goes beyond technical controls and encompasses people, technology, policy, and operations. The aim of this paper is to identify a comprehensive list of the factors of ISC and construct a conceptual ISC framework (InfoSeCulF) that can be used to provide guidance for the cultivation of a strong ISC in higher learning institutions to secure information assets. A scoping literature review was conducted to determine what constitutes a comprehensive list of factors for cultivating ISC in higher learning institutions. The study proposes a comprehensive list of factors and provides a conceptual framework (InfoSeCulF) which serves as guide for cultivating a strong ISC in institutions

Assessment of Information Security Culture in Higher Education

Information security programs are instituted by organizations to provide guidance to their users who handle their data and systems. The main goal of these programs is to protect the organization\u27s information assets through the creation and cultivation of a positive information security culture within the organization. As the collection and use of data expands in all economic sectors, the threat of data breach due to human error increases. Employee\u27s behavior towards information security is influenced by the organizations information security programs and the overall information security culture. This study examines the human factors of an information security program and their effect on the information security culture. These human factors consist of stringency of organizational policies, behavior deterrence, employee attitudes towards information security, training and awareness, and management support of the information security programs. A survey questionnaire was given to employees in the Florida College System to measure the human aspects of the information security programs. Confirmatory factor analysis (CFA) and Structural Equation Modeling (SEM) were used to investigate the relationships between the variables in the study using IBM® SPSS® Amos 24 software. The study results show that management support and behavior deterrence have a significant positive relationship with information security. Additionally, the results show no significant association between information security culture and organization policies, employee commitment and employee awareness. This suggests a need for further refinement of the model and the survey tool design to properly assess human factors of information security programs and their effects on the organizational security culture

Ausgewählte Chancen und Herausforderungen der digitalen Transformation für die Produktentwicklung und Unternehmensorganisation im Finanzdienstleistungssektor

Vor dem Hintergrund der digitalen Transformation sind Finanzdienstleistungsunternehmen auf unterschiedlichen Ebenen zahlreichen Chancen sowie Herausforderungen ausgesetzt. Während der Einsatz neuer Technologien die Optimierung bestehender Geschäftsprozesse sowie das Angebot digitalisierter Finanzdienstleistungen ermöglicht, geht dies zugleich mit veränderten Arbeitsbedingungen innerhalb der Unternehmensorganisation einher. Darüber hinaus sind Finanzdienstleister dazu angehalten die sich ändernden Kundenerwartungen bei den bisherigen Geschäftsaktivitäten sowie bei der Produktentwicklung zu berücksichtigen. Das Ziel der vorliegenden kumulativen Dissertation ist es, bestehende Forschungsdesiderate hinsichtlich der Auswirkungen der digitalen Transformation auf den Finanzdienstleistungssektor, differenziert nach der Kunden- und Produktperspektive sowie der internen Unternehmensperspektive, vertiefend zu analysieren. Das Technology-Organization-Environment (TOE)-Framework von DePietro et al. (1990) wird dabei als theoretischer Rahmen zur Einordnung und Strukturierung der Forschungsmodule verwendet. Die Ergebnisse der acht Module zeigen, dass die Kundenbedürfnisse und –erwartungen im Finanzdienstleistungssektor verstärkt von der digitalen Transformation beeinflusst werden. Dies zeigt sich in der Beratungstätigkeit bspw. durch das Angebot neuer Kundenkanäle sowie der aus dem steigenden Wettbewerbsdruck resultierenden erhöhten Preistransparenz. Im Rahmen der Produktentwicklung sind zudem u. a. ESG-Risiken und Silent Cyber-Risiken zu beachten. Aus der Analyse der Auswirkungen der digitalen Transformation auf die Unternehmensorganisation geht hervor, dass über den Einsatz digitaler Innovationen innerhalb des Backoffice die Realisation von Effizienzgewinnen sowie das Entgegenwirken eines Personalmangels möglich ist. Darüber hinaus wird in den Modulen der Einfluss des Faktors Mensch auf die Cyber-Sicherheit hervorgehoben. Während dieser einerseits als „schwächstes Glied“ und potenzielles Angriffsziel im Sicherheitskonstrukt der Unternehmen dargestellt wird, ist andererseits das Potenzial der Beschäftigten zur Frühwarnung zu berücksichtigen