Understanding And Measuring Information Security Culture

The purpose of the current paper was to develop a measurement of information security culture. Our literature analysis indicated a lack of clear conceptualization and distinction between factors that constitute information security culture and factors that influence information security culture. A sequential mixed method consisting of a qualitative phase to explore the conceptualisation of information security culture, and a quantitative phase to validate the model is adopted for this research. Eight interviews with information security experts in eight different Saudi organisations were conducted, revealing that security culture can be constituted as reflection of security awareness and security ownership. Additionally, the qualitative interviews have revealed that factors that influence security culture are top management involvement, policy enforcement, and training. These factors were confirmed formed the basis for our initial information security culture model, which was operationalised and tested in different Saudi Arabian organisations. Using data from two hundred and fifty-four valid responses, we demonstrated the validity and reliability of the information security culture model. We were further able to demonstrate the validity of the model in a nomological net, as well as provide some preliminary findings on the factors that influence information security culture

Deliver security awareness training, then repeat:{deliver; measure efficacy}

Organisational information security policy contents are disseminated by awareness and training drives. Its success is usually judged based on immediate post-training self-reports which are usually subject to social desirability bias. Such self-reports are generally positive, but they cannot act as a proxy for actual subsequent behaviours.This study aims to formulate and test a more comprehensive way of measuring the efficacy of these awareness and training drives, called ASTUTE. We commenced by delivering security training. We then assessed security awareness (post-training), and followed up by measuring actual behaviours. When we measured actual behaviours after a single delivery of security awareness training, the conversion from intention to behaviour was half of the desired 100%. We then proceeded to deliver the training again, another two times.The repeated training significantly reduced the gap between self-reported intention and actual secure behaviours

Personal Values of Japanese Business Managers

Researchers have spent many years examining the Japanese business culture, but there is limited empirical evidence about the personal values of Japanese business managers. The research of these authors confirms some previous conclusions, but also might detect new attitudes in Japan at the dawn of the 21st century

Identifying the relevance of personal values to e-government portals' success: insights from a Delphi study

Most governments around the world have put considerable financial resources into the development of e-government systems. They have been making significant efforts to provide information and services online. However, previous research shows that the rate of adoption and success of e-government systems vary significantly across countries. It is argued here that culture can be an important factor affecting e- government success. This paper aims to explore the relevance of personal values to the e-government success from an individual user’s perspective. The ten basic values identified by Schwartz were used. A Delphi study was carried out with a group of experts to identify the most relevant personal values to the e-government success from an individual’s point of view. The findings suggest that four of the ten values, namely Self-direction, Security, Stimulation, and Tradition, most likely affect the success. The findings provide a basis for developing a comprehensive e-government evaluation framework to be validated using a large scale survey in Saudi Arabia

A descriptive review and classification of organizational information security awareness research

Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding

The elicitation of key performance indicators of e-government providers: A bottom-up approach

Copyright @ 2013 EMCIS.Delivering an adequate e-Government service (e-service) is becoming more of a necessity in today's digital world. In order to improve e-services and increase the engagement of both users' and providers' side, studies on the performance evaluation of such provided e-services are taking places. However a clear identification of the key performance indicators from the e-Government providers’ side is not well explored. This shortcoming hampers the conduct of a holistic evaluation of an e-service provision from the perspective of its stakeholders in order to improve e-services as well as to increase e-services take-ups. In this paper, a systematic process to identify indicators is implemented based on a bottom-up approach. The process used three focus-group meetings with providers, users, and academics in Qatar, Lebanon and UK to collect, identify and validate key indicators from the perspective of e-services’ providers. The approach resulted in the identification of five factors levels (service, technology, employees, policy and management and social responsibilities) with fifteen sub-categories of SMART variables. Hence, leading to the development of a new model, STEPS, that can fully explain and predict e-government success from the providers’ point of view. It will work as a strategic management tool to align various stakeholders on common goal and values based on evidence based evaluation of e-services using smart measurable indicators for the improvement of an e-service at the engagement level in the field of e-government. In addition, other fields can benefit from the outcome of this work, such as logistics service providers, who make their services available across new and existing relationships between the Internet commerce firms, their customers, and their vendors

ERP implementation methodologies and frameworks: a literature review

Enterprise Resource Planning (ERP) implementation is a complex and vibrant process, one that involves a combination of technological and organizational interactions. Often an ERP implementation project is the single largest IT project that an organization has ever launched and requires a mutual fit of system and organization. Also the concept of an ERP implementation supporting business processes across many different departments is not a generic, rigid and uniform concept and depends on variety of factors. As a result, the issues addressing the ERP implementation process have been one of the major concerns in industry. Therefore ERP implementation receives attention from practitioners and scholars and both, business as well as academic literature is abundant and not always very conclusive or coherent. However, research on ERP systems so far has been mainly focused on diffusion, use and impact issues. Less attention has been given to the methods used during the configuration and the implementation of ERP systems, even though they are commonly used in practice, they still remain largely unexplored and undocumented in Information Systems research. So, the academic relevance of this research is the contribution to the existing body of scientific knowledge. An annotated brief literature review is done in order to evaluate the current state of the existing academic literature. The purpose is to present a systematic overview of relevant ERP implementation methodologies and frameworks as a desire for achieving a better taxonomy of ERP implementation methodologies. This paper is useful to researchers who are interested in ERP implementation methodologies and frameworks. Results will serve as an input for a classification of the existing ERP implementation methodologies and frameworks. Also, this paper aims also at the professional ERP community involved in the process of ERP implementation by promoting a better understanding of ERP implementation methodologies and frameworks, its variety and history