A study of employees' attitudes towards organisational information security policies in the UK and Oman

There is a need to understand what makes information security successful in an organization. What are the threats that the organization must deal with and what are the criteria of a beneficial information security policy? Policies are in place, but why employees are not complying? This study is the first step in trying to highlight effective approaches and strategies that might help organizations to achieve good information security through looking at success factors for the implementation. This dissertation will focus on human factors by looking at what concerns employees about information security. It will explore the importance of information security policy in organizations, and employee’s attitudes to compliance with organizations' policies. This research has been divided into four stages. Each stage was developed in light of the results from the previous stage. The first two stages were conducted in the Sultanate of Oman in order to use a population just starting out in the information security area. Stage one started with a qualitative semi-structured interview to explore and identify factors contributing towards successful implementation of information security in an organization. The results suggested a number of factors organizations needed to consider to implement information security successfully. The second stage of the research was based on the first stage’s results. After analysing the outcomes from the semi-structured interviews a quantitative questionnaire was developed to explore for information security policy. The findings did suggest that the more issues the organization covers in their security policy the more effective their policy is likely to be. The more an organization reports adoption of such criteria in their security policy, the more they report a highly effective security policy. The more the organization implements the ‘success factors’ the more effective they feel their security policy will be. The third stage was conducted in the UK at Glasgow University because employees are somewhat familiar with the idea of information security. It was based on the findings derived from the analysis of the quantitative questionnaire at stage two. The findings revealed different reasons for employee’s non-compliance to organization security policy as well as the impact of non-compliance. The fourth stage consolidates the findings of the three studies and brings them together to give recommendations about how to formulate a security policy to encourage compliance and therefore reduce security threats

“This is the way ‘I’ create my passwords ...":does the endowment effect deter people from changing the way they create their passwords?

The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their over-estimating the \value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect.In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines

Three Essays on Information-Securing in Organizations

This dissertation is intended to interpret, analyze, and explain the interplay between organizational structure and organizational information systems security by mapping structural contingency theory into three qualitative studies. The research motivation can be attributed in two ways. First, Johnson and Goetz\u27s (2007) conception of embedding information in organizations as part of their field research interviewing security executives serves as a methodological inspiration for the series of three studies reported here. The point that security should be infused into organization activities instead of serving as a bolted-on function is a central tenet guiding the development of this dissertation. Second, a macro approach is employed in the studies reported here, aimed at a theoretical expansion from existing behavioral security studies which typically take a micro perspective, while mitigating potential theoretical reductionism due to a predominant research concentration on individual components of organizational information security instead of the holistic function of the firm. Hence, this dissertation contributes to the behavioral organizational security research by positing a theoretical construct of information-securing, an organizational security process which is essentially characterized by dualism, dynamism, and democratism. With a macro organizational perspective on the elements of information securing, organizations can effectively discover and leverage organization-wide resources, efforts, and knowledge to cope with security contingencies. The first study of this dissertation is designed to investigate the nature of employees’ extra-role behaviors. This study investigated how employees might sometimes take steps beyond the requirements of the organizational-level security policy in order to facilitate effective workgroup operation and to assist less-skilled colleagues. The second study of this dissertation conducts an interpretive study of the role of information systems auditing in improving information security policy compliance in the workplace, with a specific focus on the role of non-malicious insiders who unknowingly or innocuously thwart corporate information security directives by engaging in unsafe computing practices. The last study of the dissertation explores the interplay between organizational structures and security activities. The organizational perspective of security bureaucracies is developed with three specific bureaucratic archetypes to define the evolutionary stages of the firm’s progress through evolving from coercive rule-based enforcement regimes to fully enabled and employee-centric security cultures in the workplace. Borrowing from Weberian metaphors, the characterization of security bureaucracies evolving from an “iron cage” to an “iron shield” is developed. These three studies revolving around the general notion of information-securing are deemed to be a promising start of a new stream of organizational IS security research. In order to enrich and extend our IS security literature, the perspective advocated in this dissertation suggests a shift in the epistemological paradigm of security behaviors in organizations from the prevailing micro views to macro perspectives which will result in very useful new perspectives on security management, security behaviors and security outcomes in organizations. GS Form 14 (8/10) APPROVAL FOR SCHOLAR

중국 직장인들의 리더십 선호: 탐색적 연구

학위논문(석사) -- 서울대학교대학원 : 국제대학원 국제학과(국제협력전공), 2023. 2. 정영록.The purpose of this qualitative study was to explore Chinese employees desired leadership practices that improve their performance in the workplace from the lived experiences of Chinese employees. The primary focus was on the authoritarianism and the benevolence in Chinese workplace. This study entailed 7 semi-structured interviews of Chinese employees. The researchs sample was 7 Chinese employees in food processing industry. The three research questions guiding this study included: (1) What do Chinese employees identify as desired leadership practice that increase their performance in the workplace? (2) How do benevolence dimensions of leadership affect employee performance? (3) How do the authoritarian leadership affect employee performance? Data were recognized based on themes that emerged from the interview responses to each question, which are leadership preference, perception of power difference, perception of authoritarianism, perception of benevolence and morality, and perception of personal relationships with managers. Results of the study showed that benevolence and morality are highly related to greater performance, while authoritarianism is related to lower levels of OCBs. The findings supported the need for leaders who work with Chinese employees to emphasize benevolence and morality over authoritarian behaviors and establish trusting relationships with their employees in an effort to positively affect employee performance. This study further demonstrated that humility was also considered as desirable leadership trait among Chinese workers. This study adds to the field of Asian leadership, which contributes to explore Chinses employees leadership preference as well as the understanding of the acceptance of power distance and the effects of nonwork relationship with leaders on employees performance. These results will be useful for 21st-century leaders active in Asian context especially if they work with the current Chinese employees in the workforce.본 질적 연구의 목적은 중국 직장인들의 경험을 바탕으로 직장 내 성과를 향상시키는 중국 직장인들이 선호하는 리더십 관행을 탐색하는 것이다. 초점은 중국 직장의 권위주의와 자애 행위에 있다. 이 연구는 중국 직장인들을 대상으로 7개의 반구조적 인터뷰를 수반했다. 이 연구의 참가자는 식품 산업에서 종사하는 중국 직장인 7명이었다. 본 연구를 지도하는 세 가지 연구 질문은 다음과 같다: (1) 중국 직장인들이 직장에서 그들의 성과를 향상시키는 바람직한 리더십 관행은 무엇인가? (2) 리더십의 자애 행위는 직원의 성과에 어떤 영향을 미치는가? (3) 권위주의적 리더십은 직원의 성과에 어떤 영향을 미치는가? 인터뷰를 통해 각 질문에 대한 응답에서 나타난 주제를 바탕으로 리더십 선호, 권력 차이에 대한 인식, 권위주의에 대한 인식, 자애와 도덕 행위에 대한 인식, 경영자와의 개인적 관계에 대한 인식 등을 데이터로 추출하였다. 연구 결과에 따르면 자애심과 도덕성은 더 높은 수준의 성과와 강한 관련이 있는 반면 권위주의는 더 낮은 수준의 OCB와 관련이 있는 것으로 나타났다. 연구결과는 중국 직장인들과 함께 일하는 리더들이 권위주의적 행동보다 자애와 도덕성을 강조하고 직원들과의 신뢰관계를 구축하여 직원들의 성과에 긍정적인 영향을 미칠 필요성을 뒷받침하였다. 그리고 겸손 또한 중국 직장인들이 생각하는 바람직한 리더 특성으로 확인되었다. 이 연구는 중국 직장인들의 리더십 선호를 탐색하고, 권력 차이에 수용과 리더와의 비업무적관계가 직장인의 업무성과에 미치는 영향에 대한 이해에 기여하며 아시아 리더십에도 기여합니다. 이러한 결과는 아시아 에서 활동하는 21세기 리더들에게 특히 현재 중국 직장인들과 함께 일하는 매니저에게 유용할 것이다.Table of Contents 5 I. INTRODUCTION 6 II. RESEARCH QUESTIONS AND OBJECTIVES 7 Research Questions 7 Objectives 7 Hypothesis 7 Significance of the Study 7 III. ANALYTICAL FRAMEWORK 9 Literature Review 9 Leadership Review 9 Paternalistic Leadership 11 Follower Outcome 14 Organizational Citizenship Behavior 15 Summary 16 Methodology 17 Population and Sample Size 18 Setting 19 Analysis of Research Questions 19 Data Collection 20 Data Analysis 21 Ethical Considerations 22 IV. ANALYSIS 24 Samples 24 Findings and Results 25 Leadership preference 25 Perception of power difference 27 Perception of authoritarianism 29 Perception of benevolence and morality 33 Perception of personal relationships with managers 35 Participants OCBs 38 Summary 42 V. IMPLICATIONS & LIMITATIONS 45 Implications 45 Limitations 46 Conclusion 46 VI. REFERENCES 48석

Strategies for Reducing Nonprofit Organizations\u27 Employee Turnover

Employee turnover is an inherent challenge encountered by managers at nonprofit organizations. The purpose of this single case study was to explore the strategies some community-based organization managers used to reduce employee turnover in western New York. Five organizational managers were selected who had successfully implemented strategies to reduce employee turnover. Herzberg\u27s 2-factor theory was the conceptual framework for this doctoral study. Data collection occurred through semistructured interviews and review of organizational documents. Data analysis involved collecting data, organizing the data into codes and themes, and interpreting and revealing information about the themes. Member checking and methodological triangulation increased the validity and reliability of the study. The 3 themes that emerged from the study were building positive relationships to promote communication, offering employee training and advancement, and recognizing that compensation is an important factor but does not influence employee behavior. Recommendations for action include redesigning processes to change organizational culture and implementing strategies to mitigate employee resignations. The findings from this study may contribute to social change, because organizational managers could use the study results to reduce employee turnover, which could lead to increased service quality in communities

From Weakest Link to Security Hero: Transforming Staff Security Behavior

Practitioners, researchers and policy-makers involved with cyber security often talk about “security hygiene:” ways to encourage users of computer technology to use safe and secure behavior online. But how do we persuade workers to follow simple, fundamental processes to protect themselves and others? These issues are raised by behavioral scientists, to encourage worker, passenger and patient compliance. In this paper, we explore and summarize findings in social psychology about moral values and habit formation, and then integrate them into suggestions for transforming staff security behavior online

Motivating Information Security Awareness (isa): An Action Research Study

The goal of the study was to identify and analyze specific environmental and social conditions that motivate middle management to advocate for Information Security Awareness (ISA), as well as to see if exposure to new information security knowledge would change their behavior. Using a mixed-method action research approach, a group of managers shared their awareness knowledge, advocacy behaviors, and challenges influencing their engagement in information security awareness advocacy. Post workshop feedback confirmed the effectiveness of the Action Research workshops in increasing ISA advocacy behaviors. The action research workshops provided an opportunity for the participants to increase their security knowledge and recommend improvements in ISA advocacy practices. Thirty-eight (38) managers, divided among four workshops, participated in the study. Within the research activities, I presented the group with an awareness knowledge self-assessment survey, which captured the managers\u27 view of their own information security knowledge, a sample information security awareness presentation brought context to the workshop, and a group discussion similar to a focus group provided the environment for discussions. During these activities, the managers expressed recommended changes they could drive to improve ISA advocacy. The workshop activities concluded with a closing discussion seeking commitment from the managers to act on the recommendations to improve ISA advocacy. These engagements of learning, and sharing their awareness, supported the main goal of leveraging action research. The findings support the Action Research workshops were an effective tool to increase the participants learning, to improve the practice of ISA advocacy, and to socialize the topic of information security. The key lessons learned from the research contribute to the overall body of knowledge in the information security awareness discipline as follows. Key finding 1: the feedback on self-reflective levels of knowledge in information security awareness indicated managers are not sufficiently exposed to ISA content. Key finding 2: the self-reflection on advocacy behaviors projected positive attitudes and increased motivation to propose and take actions toward sharing ISA with employees and peers. Key finding 3: the main challenges discovered show that managers need more guidance, increased awareness knowledge, more organizational support, and the creation of a climate that supports advocacy behaviors. Key finding 4: the Action Research workshop contributed to participants learning, and to improvements to information security practices through participants\u27 new behaviors to increase ISA advocacy. Participants reported they learned and used the ISA topics discussed during the workshop with their friends, family, peers, and employees after the workshop. The key thesis findings led to the following recommendations to help organizations foster a climate that supports ongoing advocacy behaviors. The recommended activities include: helping managers understand the importance of their engagement in advocacy behavior; obtaining resources that increase information security awareness and knowledge; planning and sharing activities that promote ISA sharing; and, communication the expectation for advocacy behaviors and the resources available to support sharing information security awareness

Onward and Upward: A Phenomenological Study of School Leaders as They Prepare to Lead and Manage Change

The purpose of this transcendental phenomenological study was to explore the experiences of school leaders as they develop their capacity to lead and manage change. The central research question that guided this study is: What are the experiences of school leaders in Virginia as they develop their capacity to lead and manage change? The theoretical framework that guided this study was Mezirow’s theory of transformative learning as it applies to how school leaders incorporate new learning about how to lead and manage change with their own experiences and understandings. The design was a transcendental phenomenological study of school leaders in Virginia who have completed a state-approved program in administration and supervision and hold an endorsement in administration and supervision. Data were collected through rich interviews with participants, letters of advice, and focus groups. Responses were coded and analyzed to generate themes from the data and identify common experiences. Twelve themes emerged from the data: (a) knowability, (b) leadership, (c) practical value, (d) experience, (e) mindset, (f) mentors, (g) professional development, (h) communication, (i) trust, (j) clarity, (k) competency, and (l) feedback. The themes fell into three categories: perceptions about ASPs, training, and effective behaviors. The study findings are discussed, along with limitations of the study, implications for practice, and recommendations for future research

How effective entrepreneurs bring success to their organization

This study is important for individuals to investigate the actions that entrepreneurs take to facilitate successful business results that meet its goals and objectives. This research identifies the importance of leadership skills on the effectiveness of business and society overall. The purpose of this study is to describe the actions effective leaders take to articulate a successful vision, establish an industry through financial support, understand different cultures, deal with global industries, and make employees more efficient. The research questions addressed in this study are focused on issues that entrepreneurs face while building an organization and the implications of the actions and decisions of leaders in entrepreneurial companies. Data were gathered through interviews with successful entrepreneurial leaders. The outcome of the study showed that there were several ways to build and improve a business and help entrepreneurs to obtain financial support through many resources

Writing Program Directors\u27 Perceptions of Factors Promoting Writing Programs

Although California grows more socially and ethnically diverse, and its public universities serve this changing population, spending in higher education has been cut over the past few years. In this context, crucial departments such as writing programs, which offer all students the opportunity to build their communication skills while bringing their unique perspectives to traditional theories, have been under pressure for their higher cost than traditional lecture-style and new online courses. Further, writing programs are not always perceived as a source of institutional prestige. This study starts with critical pedagogy: the idea that education is social change. The study then assumes writing programs enable critical pedagogy by engaging students’ own experiences while teaching students the tools of communicating effectively to help drive social change for themselves and their communities. Leaders at California universities thus effectively promote or restrict critical pedagogy by cutting or growing writing programs. Using the lens of leadership theory, the decisions of these leaders ultimately demonstrates how they value student voices and engagement and the long-term social impact of their institution. At five public California universities, writing program directors were interviewed and institutional reviews performed to evaluate local leadership practices. Key factors that supported writing programs were an emphasis on workforce development and a student-centered mission. Universities with an emphasis on research and on increasing their selectivity tended to put pressure on their writing programs. From the perspective of leadership theory, servant leaders aligned with a strong writing program whereas transformational leaders yielded mixed results, depending on whether the mission of the institution prioritized the writing programs. Writing programs provide two essential benefits to students. First, writing is an essential skill for participating in the workforce and obtaining access to economic and social capital. Second, writing programs, although not ensuring critical pedagogy will take place at the university, help enable access to empowerment for driving social change to serve communities through active engagement with academic theory. For California public universities to adapt to the increasing diversity and evolving educational needs of students, writing programs need to remain funded and active