A Thematic Review of User Compliance with Information Security Policies Literature

The adoption of computer and internet technology has greatly improved the way businesses operate. However the risk to the confidentiality, integrity and availability of organizational data and systems has greatly increased too. Information security is an ever present concern for all organizations. Financial estimates of the impact of security breaches to information and technology resources range from hundreds of billions to over one trillion dollars each year worldwide (D\u27Arcy et al., 2011b). Organizations have therefore developed a combination of technical, administrative, and physical controls to reduce this risk (D\u27Arcy et al., 2011a). Administrative measures include the development of information security policies, which are statements of the roles and responsibilities of the employee to safeguard the information technology resources of their organizations (Bulgurcu et al., 2010). Information security policy provisions include guidelines to employees on what they should do when interacting with information systems so as to secure the data and technology resources of their respective organizations

Employees’ Adherence to Information Security Policies: A Partial Replication

This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees’ adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics

Intention to Remain in a Computing Program: Exploring the Role of Passion and Grit

While there are many educational initiatives to promote computer programming (or coding)—the core of an IT major—to the masses of incoming students, we lack pedagogical strategies to retain IT students. This study explores how harmonious passion, obsessive passion, and grit influence computer programming attitude (i.e., coding affect, cognition and behavior), which can lead to student retention. Based on data collected from 109 undergraduate IT students enrolled in a programming course, our exploratory study reveals that harmonious passion leads to positive coding affect and cognition. Obsessive passion has a negative effect on coding affect but contributes significantly to coding behavior. The finding also shows that students who in a variety of coding behaviors are fueled by harmonious and obsessive passion, and grit. Coding affect and behaviors, therefore influence the intention to stay an IT major, suggesting that educators can change students’ computer programming attitude by fostering harmonious passion and grit as they engage in programming activities

How Effective are SETA Programs Anyway: Learning and Forgetting in Security Awareness Training

Prevalent security threats caused by human errors necessitate security education, training, and awareness (SETA) programs in organizations. Despite strong theoretical foundations in behavioral cybersecurity, field evidence on the effectiveness of SETA programs in mitigating actual threats is scarce. Specifically, with a broad range of cybersecurity knowledge crammed into in a single SETA session, it is unclear how effective different types of knowledge are in mitigating human errors in a longitudinal setting. his study investigates how knowledge gained through SETA programs affects human errors in cybersecurity to fill the longitudinal void. In a baseline experiment, we establish that SETA programs reduce phishing susceptibility by 50%, whereas the training intensity does not affect the rate. In a follow-up experiment, we find that SETA programs can increase employees’ cybersecurity knowledge by 12-17%, but the increment wears off within a month. Furthermore, technical-level knowledge decays faster than application-level knowledge. The longer “shelf-life” of application-level knowledge explains why training intensity makes no difference within a month. This study reveals a (relatively) more effective component of SETA programs and cast doubts on the overall effectiveness of SETA programs in the long run

Protection Motivation and Deterrence: Evidence from a Fortune 100 Company

This paper contains a conceptual replication of Herath and Rao (2009), who tested the Integrated Protection Motivation Theory (PMT) and General Deterrence Theory (GDT) model of security policy compliance under the umbrella of the Decomposed Theory of Planned Behavior (DTPB). This study replicates their research model except for the Response Cost construct. In contrast to the original study, all data for this replication comes from a single organization, and the survey instrument references a security policy specific to this organization, not generic security policies in multiple organizations. Our results, based on 437 observations, confirm some of the original findings but not all. Relationships stemming from Organizational Commitment, Resource Availability, Security Breach concern level and Subjective Norms are similar across both studies. The findings for other relationships drawn from PMT, GDT, and TPB are mixed. We believe that the evidence provided in this conceptual replication of the Integrated Model (Herath & Rao, 2009) supports the robustness of parts of the model. We encourage future research and practice to focus on replicating and confirming the parts of the model that are similar in both studies

Trustworthiness of Grounded Theory Methodology Research in Information Systems

Grounded Theory Methodology (GTM) is being used increasingly in the Information Systems (IS) discipline. However, some consumers of IS literature are skeptical of the findings in studies using this method. In this paper, we provide some steps that can be taken by researchers to improve the credibility of their work. This can be accomplished through increased trustworthiness of their research. The quality of quantitative research can be evaluated by examining the internal validity, external validity, reliability; similarly the trustworthiness of GTM studies can be evaluated by examining the credibility, transferability, dependability and confirmability of the study. We provide specific steps that can be taken to accomplish trustworthiness of GTM research and from IS literature; we summarize some of the GTM research that has applied these steps

A Design Science Approach to Virtual World Implementation of Trade Fairs

Virtual world technology platforms, which allow users from distant places to congregate virtually for entertainment or other purposes, are growing into useful tools for businesses and consumers. Besides other applications, the concept of same-time, different-place gatherings can also be used to organize virtual trade fairs that are complements or extensions of physical tradeshows. This paper describes a design-science approach to the development of a virtual world technolo-gy platform specifically aimed at creating virtual tradeshow events that bring show attendees and exhibitors together. After describing the design and development of the virtual world tech-nology platform and some of its applications, we report its implementation in a career fair setting organized to facilitate interaction between would-be employers and students at a university.. We also conducted a preliminary evaluation of the effectiveness and efficiency of this virtual event by surveying employers and attendees. Although the event effectiveness is rated aver-age, this exploratory analysis reveals that the virtual events are quite efficient in terms of use of resources. The overall effort to develop the virtual events is minimal as compared to the number of additional attendees that can participate in the event, reducing the cost per new lead gener-ated. As the technology evolves further to enhance richness of the interactions, these virtual events will become major applications of virtual worlds. Available at: https://aisel.aisnet.org/pajais/vol4/iss2/4

Trust in Mobile Banking: The Effect of Culture

Mobile banking is a new financial innovation that is gaining acceptance at varying levels in different parts of the world. Mobile banking is a technological innovation whose acceptance can be explained by the technology acceptance model in information systems. Furthermore, intentions to use a mobile banking service can be explained by an individual’s initial trust in the banker. Previous research has also established the role of culture in the acceptance and use of technology. Our study integrates all these three perspectives and examines them in order to understand their linkage to behavior

A randomised controlled trial of the effect of laryngeal mask airway manometry on postoperative sore throat in spontaneously breathing adult patients presenting for surgery at a university teaching hospital

Background: Laryngeal mask airways (LMAs) are widely used in anaesthesia and are considered to be generally safe. Postoperative sore throat (POST) is a frequent complication following LMA use and can be very distressing to patients. The use of an LMA cuff pressure of between 30 and 32cm of H20 in alleviating post-operative sore throat has not been investigated. Objective: To compare the occurrence of POST between the intervention group in which LMA cuff pressures were adjusted to 30-32cm of H20 and the control group in which only monitoring of LMA cuff pressures was done, to compare the severity of POST between the two study groups and to compare the LMA cuff pressures between the two study groups. Methods: Eighty consenting adult patients scheduled to receive general anaesthesia with use of an LMA were randomized into two groups of 40 patients each. Intervention group: LMA airway cuff pressures were adjusted to 30 to 32cm of H20. Control group: Only had LMA cuff pressures monitored throughout the surgery. All patients were interviewed postoperatively at two, six and twelve hours. Data of their baseline characteristics, occurrence and severity of POST was collected. If POST was present; a Numerical Rating Scale (NRS) was used to assess the severity. Cuff pressures between the two study groups were also determined. Results: The baseline demographic characteristics of the participants were similar. The use of manometry to limit LMA AMBU\uae AuraOnce\u2122 intracuff pressure to 30-32cm H2O reduced POST in surgical patient\u2019s by 62% at 2 hours and 6 hours (Risk Ratio 0.38 95%CI 0.21-0.69)in the intervention group. The median POST pain score in the intervention group was significantly lower than the control group with scores of 0 at 2, 6 and 12 hours post operatively. Routine practice of LMA cuff inflation by anesthesiologists is variable, and the intracuff pressures in the control group were higher than in the intervention group. (P<0.001) Conclusion: Among this population, reduction of LMA AMBU\uae AuraOnce\u2122 intracuff pressure to 30-32cm H2O reduces the occurrence and severity of POST. The LMA cuff pressures should be measured routinely using manometry and reducing the intracuff pressures to 30-32 cm of H20 recommended as best practice. DOI: https://dx.doi.org/10.4314/ahs.v19i1.47 Cite as: Waruingi D, Mung\u2019ayi V, Gisore E, Wanyonyi S. A randomised controlled trial of the effect of laryngeal mask airway manometry on postoperative sore throat in spontaneously breathing adult patients presenting for surgery at a university teaching hospital. Afri Health Sci. 2019;19(1). 1705-1715. https://dx.doi. org/10.4314/ ahs. v19i1.4