Investigating the Role of Socio-organizational Factors in the Information Security Compliance in Organizations

The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become critical in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio-organizational factors at the organizational level for information security compliance

Organisational Security Culture and Information Security Compliance for E-Government Development: The Moderating Effect of Social Pressure

Rapid development of e-government has exposed critical public information to the possibility of cybercrime. Information security has become a critical issue that needs to be adequately addressed in e-government development. This paper develops an information security compliance model by drawing insights from organizational and institutional theory literature to examine how organizational security culture influences information security compliance in public organizations for e-government development. It also investigates the role of social pressure in moderating the relationship between information security culture and information security compliance. The study explores three specific dimensions of information security culture: management commitments, accountability and information security awareness. The result of a hierarchical regression analysis indicates that management commitments, accountability, information security awareness, and social pressure have a significant positive impact on information security compliance in public organizations. The moderating role of social pressure, however, is only significant in augmenting the relationship between accountability and information security compliance. This study contributes to the information security compliance research by highlighting the criticality of establishing an information security culture within public organisations to promote information security compliance

Integration of Grounded Theory and Case Study: An Exemplary Application from E-commerce Security Perception Research

This paper is written with two main aims: firstly, to justify the use of grounded theory (GT) as a data analysis method in a manner compatible with the case study strategy, by using Straussian GT in this integration. The need for this integration is vital, as no conceptual research specifies how grounded theory can be used as a method within an interpretive case study strategy in order to define a research methodology. The second aim is demonstrating the applicability of the proposed methodology, which has resulted from the integration, by providing a typical example of applying the methodology’s steps to the empirical research conducted in the area of the security perception of e-commerce

Siber riskler karşısında KOBİ'lerin bilgi güvenliği farkındalıklarını ölçen bir ölçek geliştirme: Gaziantep örneklemi

Globalleşen dünya ve İnternet teknolojisinin sağladığı avantajlardan sonra KOBİ’ler bölgesel şirketler olmaktan çıkıp global firmalar haline geldiler. İnternetin ve globalleşmenin sağladığı bu avantajlar aynı zaman da KOBİ’ler için yeni tehditlerin oluşmasına neden oldu. Bu nedenle, bu çalışma KOBİ’lerin bilgi güvenliği farkındalıklarını ölçmek için bir ölçek geliştirilmesi amacıyla yürütülmüştür. Bu ölçeğin İçerik/Kapsam geçerliği, Ölçüt-Bağımlı Geçerliliği ve Yapı Geçerliliği ispatlanmıştır. İç tutarlık Güvenirliği için Cronbach alfa katsayısı kullanılmıştır. Keşfedici ve Doğrulayıcı Faktör analizi yapılmıştır. Ölçekte 37 madde bulunmaktadır. Veriler Gaziantep’te farklı sektörlerde faaliyet gösteren 800 KOBİ çalışanın anket sorularına verdikleri cevaplardan elde edilmiştir.. Araştırma sonuçlarına göre bu ölçeğin dört alt boyutu vardır. Dört alt boyutun toplam varyansın %67,33’ünü açıklamıştır. Çalışmanın önemi KOBİ çalışanlarının çalıştıkları firmalarda bilgi güvenliği ile ilgili farkındalığın algılanmasını ölçmeye yönelik yeni, geçerli ve güvenirliği olan bir ölçek olmasıdır. Bu ölçek KOBİ’lerin bilgi güvenliği ile ilgili üzerinde durulması gereken hususlara yardımcı olabilir

New Fundamental Technologies in Data Mining

The progress of data mining technology and large public popularity establish a need for a comprehensive text on the subject. The series of books entitled by "Data Mining" address the need by presenting in-depth description of novel mining algorithms and many useful applications. In addition to understanding each section deeply, the two books present useful hints and strategies to solving problems in the following chapters. The contributing authors have highlighted many future research directions that will foster multi-disciplinary collaborations and hence will lead to significant development in the field of data mining

Electronic Contract Administration – Legal and Security Issues Research Report

This Report is a deliverable for the CRC for Construction Innovation research project 2005-025-A Electronic Contract Administration – Legal and Security Issues. It considers the security and legal risks that result from the increasing adoption of information and communication technologies (ICT) in the construction industry for e-contracting purposes and makes recommendations to minimise those risks

A Secure Quorum Based Multi-Tag RFID System

Radio Frequency Identification (RFID) technology has been expanded to be used in different fields that need automatic identifying and verifying of tagged objects without human intervention. RFID technology offers a great advantage in comparison with barcodes by providing accurate information, ease of use and reducing of labour cost. These advantages have been utilised by using passive RFID tags. Although RFID technology can enhance the efficiency of different RFID applications systems, researchers have reported issues regarding the use of RFID technology. These issues are making the technology vulnerable to many threats in terms of security and privacy. Different RFID solutions, based on different cryptography primitives, have been developed. Most of these protocols focus on the use of passive RFID tags. However, due to the computation feasibility in passive RFID tags, these tags might be vulnerable to some of the security and privacy threats. , e.g. unauthorised reader can read the information inside tags, illegitimate tags or cloned tags can be accessed by a reader. Moreover, most consideration of reserchers is focus on single tag authentication and mostly do not consider scenarios that need multi-tag such as supply chain management and healthcare management. Secret sharing schemes have been also proposed to overcome the key management problem in supply chain management. However, secret sharing schemes have some scalability limitations when applied with high numbers of RFID tags. This work is mainly focused on solving the problem of the security and privacy in multi-tag RFID based system. In this work firstly, we studied different RFID protocols such as symmetric key authentication protocols, authentication protocols based on elliptic curve cryptography, secret sharing schemes and multi-tag authentication protocols. Secondly, we consider the significant research into the mutual authentication of passive RFID tags. Therefore, a mutual authentication scheme that is based on zero-knowledge proof have been proposed . The main object of this work is to develop an ECC- RFID based system that enables multi-RFID tags to be authenticated with one reader by using different versions of ECC public key encryption schemes. The protocol are relied on using threshold cryptosystems that operate ECC to generate secret keys then distribute and stored secret keys among multi RFID tags. Finally, we provide performance measurement for the implementation of the proposed protocols.Ministry of higher education and scientific research, Baghdad-Ira

A compliance based framework for information security in e-government in Oman

The development of electronic government (e-government) in Oman has created new means for public organizations to deliver services, engage citizens, and improve workflows between public organizations. Such a development has opened the possibility that critical information in e-government systems can be exposed. This directly affects the confidence and trust of e-government stakeholders. Such confidence and trust are important to the continued development of e-government in Oman. As a result, the security of information has become a critical issue that needs to be adequately addressed in e-government development. This research aims to develop a compliance-based framework for information security in public organizations in e-government development in Oman. Specifically it aims to (a) identify the critical factors for effective information security compliance in public organizations in Oman, (b) develop a framework for information security compliance, and (c) provide the Omani government with some recommendations for effective information security compliance in public organizations for e-government development. To fulfill these research aims, a mixed-methods methodology is used. A conceptual framework is developed by hypothesizing the critical factors for effective information security compliance in organizations. With the use of survey data collected from public organizations in Oman, the conceptual framework is tested and validated using structural equation modeling. To further validate the identified critical factors, thematic analysis is carried out on the semi-structured interview data collected simultaneously. The quantitative findings and the qualitative findings are triangulated for better understanding information security compliance in public organizations for e-government development in Oman. The study reveals that management commitment, awareness and training, accountability, organizational loyalty, audit and monitoring, process integration, technology capability, technology compatibility, technology reliability, legal pressures, and social pressures are critical for effective information security compliance in public organizations for e-government development in Oman. Based on the critical factors identified, a new framework for information security compliance is developed. Such a framework consists of four main dimensions including (a) organizational security culture, (b) information security processes, (c) security technologies, and (d) environment pressures. This research contributes to the e-government and information security compliance research from both the theoretical and practical perspectives. From the theoretical perspective, this research demonstrates the applicability of socio-organizational factors for influencing information security compliance in public organizations for e-government development. From the practical perspective, this research provides an in-depth investigation of the critical factors for information security compliance, which provides the Omani government with useful guidelines on how to ensure information security in public organizations for e-government development. Such guidelines are also useful for other developing countries in their e-government development endeavors

Free Access to Public Information - More Transparency, Less Corruption: The Case of Republic of Macedonia

The traditional model of not transparent administration today disappears step by step. Citizens are increasingly becoming an equal entity with state institutions which have responsibility to ensure protection of their rights, accountability, openness and transparency in its operations - as the basic principles upon which rests the principle of good governance. Therefore, adoption of a law of free access to public information in many countries in the world which seek to enhance democracy in their societies today is a trend (process) that can not stop. Nowadays, countries that don’t have such a law can not claim that they have full democracy. One of the reasons for passing this law is reducing corruption. Corruption is based on secrecy. Citizens and institutions become corrupted when the public has no insight into their work. If the work of public institutions is transparent and offered for public inspection, then the chance for them to be corrupt is smaller. Republic of Macedonia has adopted the Law of free access to public information in 2006. This paper analyzes the law and its application; the situation in Macedonia after the adoption of the law; concluding that despite some inconsistencies, the law has contributed to increasing transparency and reducing corruption. Keywords: Free access, information, transparency, corruption