Business Commons^™

The Effects Of Antecedents And Mediating Factors On Cybersecurity Protection Behavior, Ling Li, Li Xu, Wu He

Information Technology & Decision Sciences Faculty Publications

This paper identifies opportunities for potential theoretical and practical improvements in employees' awareness of cybersecurity and their motivational behavior to protect themselves and their organizations from cyberattacks using the protection motivation theory. In addition, it contributes to the literature by examining additional variables and mediators besides the core constructs of the Protection Motivation Model (PMT). This article uses empirical data and structural equation modeling to test the antecedents and mediators of employees' cybersecurity motivational behavior. The study offers theoretical and pragmatic guidance for cybersecurity programs. First, the model developed in this study can partially explain how people may change their …

An Empirical Examination Of The Impact Of Organizational Injustice And Negative Affect On Attitude And Non-Compliance With Information Security Policy, Celestine Kemah

CCE Theses and Dissertations

Employees’ non-compliance with Information Security (IS) policies is an important socio-organizational issue that represents a serious threat to the effective management of information security programs in organizations. Prior studies have demonstrated that information security policy (ISP) violation in the workplace is a common significant problem in organizations. Some of these studies have earmarked the importance of this problem by drawing upon cognitive processes to explain compliance with information security policies, while others have focused solely on factors related to non-compliance behavior, one of which is affect. Despite the findings from these studies, there is a dearth of extant literature that …

The Roles Of Positive And Negative Exemplars In Information Security Strategy, Richard Taylor

Richard Taylor

Common Criteria Meets Realpolitik Trust, Alliances, And Potential Betrayal, Jan Kallberg

Jan Kallberg

Common Criteria for Information Technology Security Evaluation has the ambition to be a global standard for IT-security certification. The issued certifications are mutually recognized between the signatories of the Common Criteria Recognition Arrangement. The key element in any form of mutual relationships is trust. A question raised in this paper is how far trust can be maintained in Common Criteria when additional signatories enter with conflicting geopolitical interests to earlier signatories. Other issues raised are control over production, the lack of permanent organization in the Common Criteria, which leads to concerns of being able to oversee the actual compliance. As …

An Exploration Of Human Resource Management Information Systems Security, Humayun Zafar, Jan Guynes Clark, Myung S. Ko

Humayun Zafar

In this exploratory study we investigate differences in perception between management and staff with regard to overall information security risk management and human resources security risk management at two Fortune 500 companies. This study is part of a much larger study with regard to organizational information security issues. To our knowledge, this is the first time the issue of security risk management has been discussed in the context of human resource systems. We found significant differences between management and staff perceptions regarding overall security risk management and human resources security risk management. Our findings lay the ground work for future …

Leadership And The Psychology Of Awareness: Three Theoretical Approaches To Information Security Management, Robert Holmberg, Mikael Sundstrom

Organization Management Journal

The authors argue that information security management (ISM) would benefit from studies that examine the social and psychological mechanisms that, when in evidence, generate employee awareness of information security (IS)-related issues. Properly instilled, IS awareness has the power to engender a proactive wariness beyond mechanical guidelines, however detailed. To study how awareness travels in complex organizations, the authors devise a framework to catch mechanisms grounded in psychological and sociological theories. To illustrate the framework, the authors then turn to an empirical study of a medium-sized company where they sound out managers for definitions of IS and ISM; for initiatives intended …

Protection-Motivated Behaviors Of Organizational Insiders, Michael C. Posey

Doctoral Dissertations

Protecting information from a wide variety of security threats is an important and sometimes daunting organizational activity. Instead of solely relying on technological advancements to help solve human problems, managers within firms must recognize and understand the roles that organizational insiders have in the protection of information. The systematic study of human influences on organizational information security is termed behavioral information security (Fagnot 2008; Stanton, Stam, Mastrangelo, and Jolton 2006), and it affirms that the protection of organizational information assets is best achieved when the detrimental behaviors of organizational insiders are effectively deterred and the beneficial activities of these individuals …

Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward

Australian Information Security Management Conference

A security policy which includes the appropriate phases of implementation, enforcement, auditing and review is vital to protecting an organisations information security. This paper examined the information security policy of a government organisation in response to a number of perceived shortcomings. The specific issues identified relating to the organisations security policy as a result of this investigation were as follows: a culture of ignoring policies, minimal awareness of policies, minimal policy enforcement, policy updating and review ad hoc at best, policy framework, lengthy policy development and approval process, no compliance program, no formal non-compliance reporting and an apparent inconsistent enforcement …

Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad

Australian Information Security Management Conference

Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is significant, many researchers have called for the creation of information security culture (ISC) in organizations to influence the actions and behaviour of employees towards better organizational information security. Although researchers have called for the creation of ISC to be embedded in organizations, nonetheless, literature suggests that little past research examining the relationship between the nature of OC and ISC. …