Business Commons^™

Assessing Employees’ Cybersecurity Attitude Based On Working And Cybersecurity Threat Experience, Norshima Humaidi, Melissa Shahrom

The African Journal of Information Systems

Many cybersecurity problems are caused by human error, which is a worry in the commercial sector. Due to their attitude towards cybersecurity, many employees in the firm do not work in a way that safeguards data. This study seeks to examine employees' cybersecurity attitudes with a focus on their work experience and exposure to cybersecurity threats. Data were gathered through a survey conducted in targeted business firms located in the Klang Valley area, Malaysia. Utilizing ANOVA and two-sample tests, the study analysed 245 data samples to evaluate the hypotheses. The results show significant distinctions in employees' cybersecurity attitudes in relation …

Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid

Journal of Cybersecurity Education, Research and Practice

The scope and breadth of the COVID-19 pandemic were unprecedented. This is especially true for business continuity and the related area of cybersecurity. Historically, business continuity and cybersecurity are viewed and researched as separate fields. This paper synthesizes the two disciplines as one, thus pointing out the need to address both topics simultaneously. This study identifies blind spots experienced by businesses as they navigated through the difficult time of the pandemic by using data collected during the height of the COVID-19 pandemic. One major shortcoming was that most continuity and cybersecurity plans focused on single-axis threats. The COVID-19 pandemic resulted …

Principles Of Information Security, Alison Hedrick

KSU Distinguished Course Repository

An introduction to the various technical and administrative aspects of Information Security and Assurance. This course provides the foundation for understanding the key issues associated with protecting information assets, determining the levels of protection and response to security incidents, and designing a consistent, reasonable information security system, with appropriate intrusion detection and reporting features.

Evolving Information Security Governance Practices From Evolving Technologies: Focus On Covid-19 Lockdowns, Cosmas Ngwenya, Kennedy Njenga

The African Journal of Information Systems

This paper contemporizes evolving information security (IS) governance practices during the coronavirus pandemic (Covid-19) in South Africa. Using post-structuralism as a lens, we offer distinct insights regarding how information systems and technologies are evolving and the impact they present to the governance of IS systems during intermittent lockdowns. An online self-administered questionnaire was designed and distributed using Google forms to elicit data around evolution. A link was emailed to 160 respondents fitting pre-defined criteria. Data was exported to a statistical analysis software for analysis. Our results present an important relationship between technology evolutions and IS threats and that changes in …

The Informed Human Firewall: The Impact Of Knowledge Dimensions On Employees' Secure Behavior, Ashraf Mady

PhD in Business Administration Dissertations

Organizations implement a variety of knowledge mechanisms such as information security education, training, and awareness (SETA) programs and information security policies to influence employees’ secure behavior. However, skills gained through these knowledge mechanisms have not always translated to secure behavior. Protection motivation theory (PMT) is a widely used and accepted theory in information security behavioral research. Nevertheless, information security research has not examined the impact of knowledge mechanisms on PMT psychological processes. This study explains the key psychological processes that influence employees’ secure behavior and seeks to understand how organizational knowledge mechanisms influence these key psychological processes that form threats …

An Organizational Communication Approach To Information Security, Kofi Arhin, Gamel O. Wiredu

The African Journal of Information Systems

Organizations thrive on efficient information management systems as they support activities. Hence, these systems need to be protected from attacks that threaten their existence and use. Although non-technical information security ideas have been espoused by researchers, they have excluded the role of organizational communication. As such, this study explains information security from an organizational communication perspective. Drawing upon a framework of discourse and organizational change, we analyze an empirical case of how information security in an organization is implicated by communicative actions, deep structures, and communication traits. The analysis reveals that (1) prevention of security breaches is achieved by structures …

A Toolkit Approach To Information Security Awareness And Education, Peter Korovessis, Steven Furnell, Maria Papadaki, Paul Haskell-Dowland

Journal of Cybersecurity Education, Research and Practice

In today’s business environment where all operations are enabled by technology, information security has become an established discipline as more and more businesses realize its value. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. Towards this goal the research will appreciate the importance of information security awareness by illustrating the need for more effective user training. Further to that it proposes and develops an information security toolkit as a prototype awareness raising initiative. Apart from the elements of …

Threats To Information Protection - Industry And Academic Perspectives: An Annotated Bibliography, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Threats to information assets have always been a concern to those responsible for making information useful and defending its value. The concepts of threat, threat agent, threat events and threat sources have evolved in recent years have very precise definitions. A summary of threat classification models used in academic research is provided along with a summary of recent industry threat assessment reports. Finally, the results from a recent study, 2015 SEC/CISE Threats to Information Protection Report Including a Current Snapshot of the State of the Industry, are given.

A Framework To Manage Sensitive Information During Its Migration Between Software Platforms, Olusegun Ademolu Ajigini, John Andrew Van Der Poll, Jan H. Kroeze Phd

The African Journal of Information Systems

Software migrations are mostly performed by organisations using migration teams. Such migration teams need to be aware of how sensitive information ought to be handled and protected during the implementation of the migration projects. There is a need to ensure that sensitive information is identified, classified and protected during the migration process.

This paper suggests how sensitive information in organisations can be handled and protected during migrations, by using the migration from proprietary software to open source software to develop a management framework that can be used to manage such a migration process. The research employed a sequential explanatory mixed …

Threats To Information Security Revisited, Michael Whitman, Herbert J. Mattord

Faculty and Research Publications

The battle for the protection of information assets continues to rage at all organizations, big and small. In the ever-changing world of information security, new threats emerge, and old threats remain potent risks to poorly prepared organizations. It is critical to the ongoing protection of valuable information assets to understand these threats, new and old. This study seeks to inform organizations and researchers about the characteristics of specific threat categories and the relative dangers they pose. In addition, the study provides updated findings of a study conducted in 2002. New findings reveal the more things change, the more they stay …

A Call To Is Educators To Respond To The Voices Of Women In Information Security, Amy B. Woszczynski, Sherri Shade

Faculty and Research Publications

Much prior research has examined the dearth of women in the IT industry. The purpose of this study is to examine the perceptions of women in IT within the context of information security and assurance. This paper describes results from a study of a relatively new career path to see if there are female-friendly opportunities that have not existed in previous IT career paths. Research methodology focuses on a qualitative analysis of in-depth interviews with women who are self-described information security professionals. A primary goal of the study is to understand the perceptions of women in information security and determine …

Enemy At The Gate: Threats To Information Security, Michael E. Whitman

Faculty and Research Publications

A firm can build more effective security strategies by identifying and ranking the severity of potential threats to its IS efforts.