Readiness for information security of teachers as a function of their personality traits and their assessment of threats

PurposeThis study examines the impact of personality traits on the degree of challenge experienced by individuals with respect to the threat on their information, the evaluation of their self-efficacy to secure the information and hence, their readiness to secure information.Design/methodology/approachThe study's population consisted of 157 teachers from various educational institutions across Israel. We used five questionnaires to gather data.FindingsFindings reveal a link between participants' personality traits, situation evaluation indicators and their readiness to secure information. Further, the greater subjects' information security awareness and familiarity with information security concepts, the better their application of the tools for securing information will be.Originality/valueThe importance of this research lies primarily in that it highlights the importance of individual differences while dealing with information security awareness. The findings constitute a theoretical and empirical basis for building tools toward guiding teachers to protect their information, as well as for devising educational and pedagogic programs for making a cultural change.

Download Full-text

Cybercrime: an emerging threat to the banking sector of Pakistan

Journal of Financial Crime ◽

10.1108/jfc-11-2017-0118 ◽

2019 ◽

Vol 26 (1) ◽

pp. 50-60 ◽

Cited By ~ 2

Author(s):

Muhammad Shoukat Malik ◽

Urooj Islam

Keyword(s):

Information Security ◽

Organizational Performance ◽

Banking Sector ◽

Negative Impact ◽

Survey Design ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Hr Managers ◽

The Impact

Purpose The purpose of this study is to gain more insight into the impact of cybercrime incidents in the banking sector of Pakistan. This study investigates the significant contribution of information security awareness on the relationship of cybercrimes and organizational performance. Design/methodology/approach The impact of cybercrime incidents on organizational performance is investigated by further exploring the moderating effects of information security awareness. A sample of 302 employees in the banking industry of Pakistan was studied by using survey design. Findings Cybercrime incidents have negative impact on organizational performance, but information security awareness weakens the negative impact of cybercrimes on organizational performance. Research limitations/implications The present study focuses on the banking sector so its finding cannot be generalized in other sectors. Further, in-depth comparative studies in other sectors with different cultural settings will help to authenticate the research findings. Practical implications Information security awareness weakens the negative impact of cybercrimes on organizational performance; therefore, it is important for banks’ HR managers to set up more security training courses to increase employees’ awareness on cybercrimes. Originality/value This study explores the impact of cybercrimes on banks’ performance with the moderating role of employees’ information security awareness. Linking these topics has created a new study within the cybercrimes discipline. The present study also enhances the understanding of employees’ role to combat the impact of cybercrimes on organizational performance.

Download Full-text

The impact of information richness on information security awareness training effectiveness

Computers & Education ◽

10.1016/j.compedu.2008.06.011 ◽

2009 ◽

Vol 52 (1) ◽

pp. 92-100 ◽

Cited By ~ 87

Author(s):

R.S. Shaw ◽

Charlie C. Chen ◽

Albert L. Harris ◽

Hui-Jou Huang

Keyword(s):

Information Security ◽

Training Effectiveness ◽

Security Awareness ◽

Awareness Training ◽

Information Security Awareness ◽

Information Richness ◽

Security Awareness Training ◽

The Impact

Download Full-text

Fear of Missing Out Predicts Employee Information Security Awareness Above Personality Traits, Age, and Gender

Cyberpsychology Behavior and Social Networking ◽

10.1089/cyber.2019.0703 ◽

2020 ◽

Vol 23 (7) ◽

pp. 459-464

Author(s):

Lee Hadlington ◽

Jens Binder ◽

Natalia Stanulewicz

Keyword(s):

Information Security ◽

Personality Traits ◽

Security Awareness ◽

Age And Gender ◽

Fear Of Missing Out ◽

Information Security Awareness ◽

Employee Information ◽

And Gender

Download Full-text

Recommendations for information security awareness training for college students

Information Management & Computer Security ◽

10.1108/imcs-01-2013-0005 ◽

2014 ◽

Vol 22 (1) ◽

pp. 115-126 ◽

Cited By ~ 33

Author(s):

Eyong B. Kim

Keyword(s):

College Students ◽

Information Security ◽

New England ◽

Web Sites ◽

Security Awareness ◽

Awareness Training ◽

Content Type ◽

Information Security Awareness ◽

The Status ◽

Security Awareness Training

Purpose – The purpose of this paper is to survey the status of information security awareness among college students in order to develop effective information security awareness training (ISAT). Design/methodology/approach – Based on a review of the literature and theoretical standpoints as well as the National Institute of Standards and Technology Special Publication 800-50 report, the author developed a questionnaire to investigate the attitudes toward information security awareness of undergraduate and graduate students in a business college at a mid-sized university in New England. Based on that survey and the previous literature, suggestions for more effective ISAT are provided. Findings – College students understand the importance and the need for ISAT but many of them do not participate in it. However, security topics that are not commonly covered by any installed (or built-in) programs or web sites have a significant relationship with information security awareness. It seems that students learned security concepts piecemeal from variety of sources. Practical implications – Universities can assess their ISAT for students based on the findings of this study. Originality/value – If any universities want to improve their current ISAT, or establish it, the findings of this study offer some guidelines.

Download Full-text

Factors affecting organizational adoption and acceptance of computer-based security awareness training tools

Information and Computer Security ◽

10.1108/ics-12-2020-0200 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Laila Dahabiyeh

Keyword(s):

Information Security ◽

Online Reviews ◽

Security Awareness ◽

Key Factors ◽

Awareness Training ◽

Organizational Adoption ◽

Content Type ◽

Information Security Awareness ◽

Computer Based ◽

Security Awareness Training

Purpose As insiders remain to be a main reason behind security breaches, effective information security awareness campaigns become critical in protecting organizations from security incidents. The purpose of this paper is to identify factors that influence organizational adoption and acceptance of computer-based security awareness training tools. Design/methodology/approach The paper uses content analysis of online reviews of the top ten computer-based security awareness training tools that received Gartner peer insights Customers’ Choice 2019 award. Findings This study identifies nine critical adoption and success factors. These are synthesized into a conceptual framework based on the technology–organization–environment framework. The findings reveal that technological, organizational and environmental factors come into play in adoption decisions but with varying degrees of importance. Practical implications This study highlights key factors that technology vendors should take into consideration when designing computer-based security awareness training tools to increase adoption rates. Originality/value This research offers a novel contribution to the literature on information security awareness delivery methods by identifying key factors that influence organizational adoption and acceptance of computer-based security awareness training tools. Those factors were identified using content analysis of online reviews, which is a new methodological approach to the information security awareness literature.

Download Full-text

Modeling anti-malware use intention of university students in a developing country using the theory of planned behavior

Kybernetes ◽

10.1108/k-05-2018-0226 ◽

2019 ◽

Vol 48 (8) ◽

pp. 1565-1585

Author(s):

Ali Vafaei-Zadeh ◽

Ramayah Thurasamy ◽

Haniruzila Hanifah

Keyword(s):

Information Security ◽

Theory Of Planned Behavior ◽

Planned Behavior ◽

Price Level ◽

Subjective Norms ◽

Intention To Use ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Perceived Price

Purpose This paper aims to investigate the impact of perceived price level and information security awareness on computer users’ attitude. Moreover, this study aims to investigate the effect of attitude, subjective norms and perceived behavioral control (PBC) on intention to use anti-malware software. Design/methodology/approach Data were collected using a structured questionnaire from 225 students of five public universities in Malaysia. Purposive sampling technique was used in this study. AMOS 24 was used to test the research framework using a two-step approach. Findings Findings give support to some of the hypotheses developed with R2 values of 0.521 for attitude and 0.740 for intention. Perceived price level had a negative effect on attitude while information security awareness had a positive effect on attitude and intention. Attitude, subjective norms and PBC were all positively related to intention, but perceived price level did not affect intention. This suggests that benefits of using anti-malware are more than its price value. Therefore, the price has no direct effect on intention to use. Research limitations/implications University computer networks are as open and inviting as their campuses. Therefore, this research can be helpful to the universities to safeguard their networks and encourage the students to use anti-malware. However, using anti-malware software will enable an individual to identify and prioritize security risks, quickly detect and mitigate security breaches, improve the understanding of security gaps and safeguard the sensitive data by minimizing the risks related to malware. Originality/value This study ventured to model the information security behavior of anti-malware usage by individual users by using the theory of planned behavior with the addition of two new variables, perceived price level and information security awareness to explain the behavior better.

Download Full-text

Information security awareness in a developing country context: insights from the government sector in Saudi Arabia

Information Technology and People ◽

10.1108/itp-06-2019-0269 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Raneem AlMindeel ◽

Jorge Tiago Martins

Keyword(s):

Saudi Arabia ◽

Information Security ◽

Developing Country ◽

Single Case ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Study Approach ◽

Government Sector ◽

The Government

PurposeThe purpose of this paper is to increase understanding of employee information security awareness in a government sector setting and illuminate the problems that public sector organisations in a developing context face when seeking to establish an information security awareness programme.Design/methodology/approachAn interpretive research design was followed to develop an empirically enriched understanding of information security awareness perceptions, aspirations, challenges and enablers in the context of Saudi Arabia as a developing country. The study adopts a single-case study approach, including face-to-face interviews with senior employees, as well as document analysis.FindingsThe paper theorises the importance of individual information security awareness, knowledge and behaviour and identifies a number of facilitating conditions: customisation to employee and organisational needs, interactivity, innovation, frequency, integration of both electronic and physical learning resources and rewarding the acquisition of in-depth security-related actionable knowledge.Originality/valueThis study is one of the first to examine information security awareness as a socio-technical process within a government sector organisation in a developing country context.

Download Full-text

Matching training to individual learning styles improves information security awareness

Information and Computer Security ◽

10.1108/ics-01-2019-0022 ◽

2019 ◽

Vol 28 (1) ◽

pp. 1-14 ◽

Cited By ~ 2

Author(s):

Malcolm Pattinson ◽

Marcus Butavicius ◽

Meredith Lillie ◽

Beau Ciccarello ◽

Kathryn Parsons ◽

...

Keyword(s):

Information Security ◽

Learning Styles ◽

Cyber Security ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Security Controls ◽

Human Aspects ◽

Security Training ◽

Different Types

Purpose This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA. Practical implications If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer. Originality/value A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.

Download Full-text

Organisational culture, procedural countermeasures, and employee security behaviour

Information and Computer Security ◽

10.1108/ics-03-2017-0013 ◽

2017 ◽

Vol 25 (2) ◽

pp. 118-136 ◽

Cited By ~ 16

Author(s):

Lena Yuryna Connolly ◽

Michael Lang ◽

John Gathegi ◽

Doug J. Tygar

Keyword(s):

Information Security ◽

Organisational Culture ◽

Security Awareness ◽

Deterrence Theory ◽

Content Type ◽

General Deterrence ◽

Information Security Awareness ◽

Security Breaches ◽

Technical Issues ◽

Security Countermeasures

Purpose This paper provides new insights about security behaviour in selected US and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee security actions. An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. While recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches, the extant security literature tends to focus on technical issues. Design/methodology/approach This paper builds on general deterrence theory and prior organisational culture literature. The methodology adapted for this study draws on the analytical grounded theory approach employing a constant comparative method. Findings This paper demonstrates that procedural security countermeasures and organisational culture tend to affect security behaviour in organisational settings. Research limitations/implications This paper fills the void in information security research and takes its place among the very few studies that focus on behavioural as opposed to technical issues. Practical implications This paper highlights the important role of procedural security countermeasures, information security awareness and organisational culture in managing illicit behaviour of employees. Originality/value This study extends general deterrence theory in a novel way by including information security awareness in the research model and by investigating both negative and positive behaviours.

Download Full-text

Managing information security awareness at an Australian bank: a comparative study

Information and Computer Security ◽

10.1108/ics-03-2017-0017 ◽

2017 ◽

Vol 25 (2) ◽

pp. 181-189 ◽

Cited By ~ 6

Author(s):

Malcolm Pattinson ◽

Marcus Butavicius ◽

Kathryn Parsons ◽

Agata McCormac ◽

Dragana Calic

Keyword(s):

Information Security ◽

Learning Styles ◽

International Standards ◽

Future Research ◽

Security Awareness ◽

Web Based ◽

Content Type ◽

Information Security Awareness ◽

Human Aspects ◽

Major Factors

Purpose The aim of this study was first to confirm that a specific bank’s employees were generally more information security-aware than employees in other Australian industries and second to identify the major factors that contributed to this bank’s high levels of information security awareness (ISA). Design/methodology/approach A Web-based questionnaire (the Human Aspects of Information Security Questionnaire – HAIS-Q) was used in two separate studies to assess the ISA of individuals who used computers at their workplace. The first study assessed 198 employees at an Australian bank and the second study assessed 500 working Australians from various industries. Both studies used a Qualtrics-based questionnaire that was distributed via an email link. Findings The results showed that the average level of ISA among bank employees was consistently 20 per cent higher than that among general workforce participants in all focus areas and overall. There were no significant differences between the ISA scores for those who received more frequent training compared to those who received less frequent training. This result suggests that the frequency of training is not a contributing factor to an employee’s level of ISA. Research limitations/implications This current research did not investigate the information security (InfoSec) culture that prevailed within the bank in question because the objective of the research was to compare a bank’s employees with general workforce employees rather than compare organisations. The Research did not include questions relating to the type of training participants had received at work. Originality/value This study provided the bank’s InfoSec management with evidence that their multi-channelled InfoSec training regime was responsible for a substantially higher-than-average ISA for their employees. Future research of this nature should examine the effectiveness of various ISA programmes in light of individual differences and learning styles. This would form the basis of an adaptive control framework that would complement many of the current international standards, such as ISO’s 27000 series, NIST’s SP800 series and ISACA’s COBIT5.

Download Full-text