Information Security Behavioral Model: Towards Employees’ Knowledge and Attitude

Information Security has become a significant concern for today’s organizations. The internal security threats acts as the most curtail type of security threat within an organization. These internal security threats are a result of poor conduct of security behavior by the employees within an organization. If not deal properly, it may hamper the auditing of organization. Auditing plays an important role in the business environment. Before conducting auditing it is essential to examine the behavioral aspect of the employees. The objective of this paper is to take out this internal threat that acts as a security slack, out of an organization by using a well-structured approach to develop a security behavior model. To validate the proposed model a survey method is used. The survey method measures the knowledge and attitude of an individual employee towards information security to analyze the behavioral security aspect of the employee’s. Statistical Analysis of the result of survey indicates that the employees’ knowledge and his attitude towards information security derive his behavior towards achieving ultimate organizational goal and thus validates the proposed security model

How system complexity and organizational culture affect AIS misuse

The demands for more studies on precarious practices in the AIS environment indicate that employees pose greater threats than outsiders. Addressing internally-bred security pandemonium with external-threat-oriented solutions further complicates the matter. The real issue is obscured rather than solved. Based on theory of planned behaviour (TPB), organisational culture and complexity of an accounting information system (AIS) were introduced to see how these factors affect employees’ mal-intention when working with an organisation AIS. Using partial-least-square structural equation modelling (PLS-SEM) approach, it was found that culture and complexity acting as pure moderating variables affecting certain forms of predictor-criterion relationship in TPB model. Within the context of this study, the results explain how culture and system complexity induce or reduce the predictors’ effects on intention to misbehave

Dealing with Security Related Stress: Mindfulness on Countermeasures

Contemporary knowledge workers face information security-related stress and often struggle with responding to security threats. Employees deal with stress using different coping strategies. Some adopt avoidance coping mode to dissociate themselves with stress while some adopt approach coping mode to actively solve problems. We propose that being mindful on countermeasures of information security threats can ease stress and the negative impacts caused by stress. In addition, we also hypothesize the moderating effect of mindfulness on the relationships between security-related stress and two coping modes

A MODEL FOR EVALUATING INFORMATION SECURITY WITH A FOCUS ON THE USER

This study presents a theoretical model to evaluate the level of information security in an organizational environment with a focus on the knowledge, attitudes and behaviour of the end user, identifying the level and origin of the gap between the information security guidelines laid down by the company and the actual practices of its internal staff, third party partners and suppliers. The model is designed to assist in meeting the objectives and policies set for the management of information security by senior management, and contributes to maintaining an effective program of training and in raising awareness on information security

Implication of human attitude factors toward information security: awareness in Malaysia Public University

Without a doubt, the whole world faces many challenges regarding hacker or cracker exploitation; and spammer in various sector such as Internet security, software privacy, email, etc. While Malaysian government attempted to establish several cyber laws in order to encounter the problem, mainly as the guidance for technology user’s purpose, the danger in information exploitation still arise. The important factor that supports the successful of these policies implementation resides on how to raise the awareness among community. This process will give significance contribution to the effectiveness of policy implementation by its continuity through the communication chain and regularly information distribution. Government can’t overrule the importance of university policies in building the awareness among student at beginning phase. Therefore, some factors need to be identified first, from which level that might influence positively the awareness in university. It has the function to measure the level of awareness for the improvement and performance purpose. However, the problem will always occur in terms of evolving the human mind in utilizing technology services, which put information security susceptible to attack and there is no standard regulation to ensure that human attitude involved delivering the secure and safety result. So, we can conclude that human error could be as greatest risk if current organization’s policy doesn’t have the capability to control and manage it accordingly and frequently

SECURITY-RELATED STRESS – A NEGLECTED CONSTRUCT IN INFORMATION SYSTEMS STRESS LITERATURE

Means of information security, such as security policies or security education, training, and awareness programs, are suggested to enhance employees’ information security behavior. We posit that at the same time, exactly those security measures may have a negative effect, if employees perceive them, for instance, as difficult to understand, time-consuming, or an invasion of their privacy. However, focusing on pure technostress, information systems (IS) research so far has neglected stress induced by means of information security, although, there is first insight on the relevance of security-related stress for IS management. Therefore, in this research-in-progress, we employ the person-environment (PE) fit model to build on as well as expand the existing IS stress literature. We thereby develop a first comprehensive framework of security-related stress, which considers non-technological aspects of security-related stress of employees’ work, personal, and social environment. In doing so, we propose a multidimensional second-order construct and conceptualize how security-related stress affects employees’ productivity directly and indirectly by promoting their perceived level of technostress. The results of our study should help IS management to anticipate and consider the downfalls of information security requirements when formulating companies’ information security measurements, and thus limit the “dark side” of information security

A Reading Preference and Risk Taxonomy for Printed Proprietary Information Compromise in the Aerospace and Defense Industry

The protection of proprietary information that users print from their information systems is a significant concern. Researchers have repeatedly indicated that human behaviors and perception are important factors influencing the information security of organizations and have called for more research. In this study, we focused on the investigation of user reading preference, user perceived risk, and seven demographics in the context of compromising printed proprietary information. A Reading Preference and Risk (RPR) taxonomy was developed to classify users respective to potential risks to printed proprietary information. Results of a Webbased survey show that employees were dispersed across the RPR Taxonomy with 15.1% identified as potentially problematic. Our results also showed an overall reading preference for print materials and a high-perceived risk for compromising printed proprietary information. Significant differences between the constructs and demographics suggest that a user’s likelihood to compromise printed proprietary information is affected by frequency of user exposure, confidentiality level, and previous user experience with the compromise of proprietary information. Additionally, age, gender, and a user’s desire to retain e-training content in memory had a significant effect on user reading preference

Stress-Based IS Security Compliance: Towards a Conceptual Model

This study extends current behavioural information security compliance research by adapting the “work-stress model” of the Job Demands-Resources model to security behaviour. The paper proposes that users’ compliance burnout and security engagement are results of coping with security demands and receiving resources respectively. Compliance burnout would reduce security compliance while security engagement would increase it. The security compliance model developed in this study emphasises developing emotional and cognitive resources from IS users through effective provision of organisational resources and security requirements to promote desired security practice

Cybersecurity Continuity Risks: Lessons Learned from the COVID-19 Pandemic

The scope and breadth of the COVID-19 pandemic were unprecedented. This is especially true for business continuity and the related area of cybersecurity. Historically, business continuity and cybersecurity are viewed and researched as separate fields. This paper synthesizes the two disciplines as one, thus pointing out the need to address both topics simultaneously. This study identifies blind spots experienced by businesses as they navigated through the difficult time of the pandemic by using data collected during the height of the COVID-19 pandemic. One major shortcoming was that most continuity and cybersecurity plans focused on single-axis threats. The COVID-19 pandemic resulted in multi-axes threats, pointing out the need for new business strategies moving forward. We performed multiple regression analysis and constructed a correlation matrix to capture significant relationships between percentage loss of revenue and levels of concern for different business activities moving forward. We assessed the most pervasive issues Florida small businesses faced in October 2020 and broke these down by the number of citations, the total number of impacts cited, and industry affectedness. Key security risks are identified and specific mitigation recommendations are given

Enabling information security culture : influences and challenges for Australian SMEs

An effective information security culture is vital to the success of information systems governance, risk management and compliance. Small and medium size enterprises (SMEs) face special challenges developing an information security culture as they may lack the information security knowledge, skills and behaviours of large organisations. This paper reports the main findings from an interpretive study of key influences enabling an effective information security culture for Australian SMEs. The paper provides a framework depicting external and internal influences on SME information security culture and a set of key challenges in the Australian context. The findings highlight that SME owner attitudes and behaviour &ndash; in turn influenced by government involvement - strongly influence information security culture for Australian SMEs. A surprising finding is the potential influence of the Australian culture. Practical and theoretical implications are discussed.<br /