An examination of factors that influence the number of information security policy violations in Qatari organizations

Purpose – This paper aims to investigate factors that impact the number of information security policy violations in Qatari organizations and to examine the moderating effect of Hofstede’s cultural dimensions on the relationships between the independent factors and the number of information security policy violations. Design/methodology/approach – Grounded in related theories from the fields of criminology, behavioral psychology and theory of planned behavior, two components that affect the number of information security policy violations were identified. A quantitative approach was used by developing a questionnaire survey to collect the data. The research model was tested using 234 employees from different Qatari organizations. Findings – The results of the study indicate that trust, the impact of implementing information security policy on work environment and the clarity of the scope of the information security policy were significant factors in predicting the number of information security policy violations. The findings also reveal that cultural dimensions such as uncertainty avoidance and collectivism moderate the relationships between trust, clarity of policy scope and impact of information security policy on work environment and the number information security policy violations. Research limitations/implications – The generalizability of the results is limited because the sample of the study was drawn from only one developing country. Therefore, a plausible future research could be testing the proposed model in many developing and developed countries. Practical implications – The paper includes practical implications for developing and implementing security measures and policies in diversified work environments. Originality/value – This study fulfils a gap in investigating the factors that influence the number of information security policy violations and the moderating effect of cultural dimensions in developing countries such as Qatar.

Download Full-text

The hunt for computerized support in information security policy management

Information and Computer Security ◽

10.1108/ics-07-2019-0079 ◽

2020 ◽

Vol 28 (2) ◽

pp. 215-259 ◽

Cited By ~ 1

Author(s):

Elham Rostami ◽

Fredrik Karlsson ◽

Ella Kolkowska

Keyword(s):

Information Security ◽

Research Methods ◽

Security Policy ◽

Critical Discussion ◽

Future Research ◽

Management Process ◽

Management Research ◽

Information Security Policy ◽

Content Type ◽

Literature Reviews

Purpose The purpose of this paper is to survey existing information security policy (ISP) management research to scrutinise the extent to which manual and computerised support has been suggested, and the way in which the suggested support has been brought about. Design/methodology/approach The results are based on a literature review of ISP management research published between 1990 and 2017. Findings Existing research has focused mostly on manual support for managing ISPs. Very few papers have considered computerised support. The entire complexity of the ISP management process has received little attention. Existing research has not focused much on the interaction between the different ISP management phases. Few research methods have been used extensively and intervention-oriented research is rare. Research limitations/implications Future research should to a larger extent address the interaction between the ISP management phases, apply more intervention research to develop computerised support for ISP management, investigate to what extent computerised support can enhance integration of ISP management phases and reduce the complexity of such a management process. Practical implications The limited focus on computerised support for ISP management affects the kind of advice and artefacts the research community can offer to practitioners. Originality/value Today, there are no literature reviews on to what extent computerised support the ISP management process. Findings on how the complexity of ISP management has been addressed and the research methods used extend beyond the existing knowledge base, allowing for a critical discussion of existing research and future research needs.

Download Full-text

Building an awareness-centered information security policy compliance model

Industrial Management & Data Systems ◽

10.1108/imds-07-2019-0412 ◽

2019 ◽

Vol 120 (1) ◽

pp. 231-247 ◽

Cited By ~ 1

Author(s):

Alex Koohang ◽

Jonathan Anderson ◽

Jeretta Horn Nord ◽

Joanna Paliszkiewicz

Keyword(s):

Information Security ◽

Security Policy ◽

Path Modeling ◽

Information Security Policy ◽

Content Type ◽

Security Issues ◽

Compliance Model ◽

Security Compliance ◽

Trusting Beliefs ◽

Practical Implications

Purpose The purpose of this paper is to build an awareness-centered information security policy (ISP) compliance model, asserting that awareness is the key to ISP compliance and that awareness depends upon several variables that influence successful ISP compliance. Design/methodology/approach The authors built a model with seven constructs, i.e., leadership, trusting beliefs, information security issues awareness (ISIA), ISP awareness, understanding resource vulnerability, self-efficacy (SE) and intention to comply. Seven hypotheses were stated. A sample of 285 non-management employees was used from various organizations in the USA. The authors used path modeling to analyze the data. Findings The findings indicated that IS awareness depends on effective organizational leadership and elevated employees’ trusting beliefs. The understanding of resource vulnerability (URV) and SE are influenced by IS awareness resulting from effective leadership and elevated employees’ trusting beliefs which guide employees to comply with ISP requirements. Practical implications Practical implications were aimed at organizations embracing an awareness-centered information security compliance program to secure organizations’ assets against threats by implementing various security education and training awareness programs. Originality/value This paper asserts that awareness is central to ISP compliance. Leadership and trusting beliefs variables play significant roles in the information security awareness which in turn positively affect employees’ URV and SE variables leading employees to comply with the ISP requirements.

Download Full-text

Do employees in a “good” company comply better with information security policy? A corporate social responsibility perspective

Information Technology and People ◽

10.1108/itp-09-2017-0298 ◽

2019 ◽

Vol 32 (4) ◽

pp. 858-875 ◽

Cited By ~ 3

Author(s):

Hyungjin Lukas Kim ◽

Jinyoung Han

Keyword(s):

Corporate Social Responsibility ◽

Information Security ◽

Social Responsibility ◽

Security Policy ◽

Rational Choice Theory ◽

Information Security Policy ◽

Content Type ◽

Corporate Social ◽

The Impact ◽

The Relationship

Purpose The purpose of this paper is to investigate the impact of corporate social responsibility (CSR) on employees’ compliance behavior concerning information security policy (ISP). A research model includes CSR activities as an antecedent of ISP compliance and as a mediator of the relationship between ISP compliance intention and the perceived costs of compliance. Design/methodology/approach In total, 162 respondents were surveyed from organizations with more than 500 employees. This study used partial least squares (SmartPLS 3.0) to analyze and examine hypotheses. Findings The results show CSR’s influence as a mediator in the context of ISP compliance. In particular, moral CSR can affect employees’ ISP compliance intention positively and fully mediate the relationship between the costs of compliance and ISP compliance intention. Employees would like to comply with ISP when they recognize the benefits of ISP compliance and the costs of ISP noncompliance. Originality/value This study examines influential factors on ISP compliance considering cost-benefit factors from rational choice theory. Moreover, the study contributes to ISP compliance research by being the first attempt to consider CSR in an ISP compliance research context. The results provide insights on how to strategically implement CSR activities in terms of organizational information security.

Download Full-text

Post-occupancy evaluation of outdoor spaces on the campus of the Federal University of Juiz de Fora, Brazil

International Journal of Architectural Research Archnet-IJAR ◽

10.1108/arch-09-2020-0204 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Ana Clara Carvalho Tourinho ◽

Sabrina Andrade Barbosa ◽

Özgür Göçer ◽

Klaus Chaves Alberto

Keyword(s):

Critical Role ◽

Future Research ◽

Content Type ◽

University Campuses ◽

Post Occupancy Evaluation ◽

Outdoor Spaces ◽

The University ◽

The Impact ◽

Practical Implications

PurposeUsing the campus of a Brazilian university as case study, this research aims to identify which aspects of the outdoor spaces are the most significant in attracting people.Design/methodology/approachThis research relies on the application of different post-occupancy evaluation (POE) methods, including user tracking, behavioural mapping and questionnaires, on one plateau of the campus.FindingsThree group of aspects (socialization, proximity and infrastructure) were identified as key elements in explaining the impact of the campus physical characteristics on users’ behaviour. The results indicate that having characteristics of at least one group of aspects in those spaces can guarantee their vitality and, if there is presence of attributes of more than one group, liveliness can be increased.Research limitations/implicationsFurther studies should be conducted on an entire campus to identify other spatial elements in the three groups.Practical implicationsThis research contributes to the planning of future campuses and to solutions to the existed ones, indicating the most relevant spatial characteristics to be considered. Additionally, the combination of different methods may be useful to future research.Originality/valueMost of the investigations on the university campuses focus on the buildings, and little research has investigated the outdoor spaces, although they play a critical role in learning and academic life, where people establish social, cultural and personal relationships. In addition, studies using several POE allowed a consistent and complete diagnostic about the aspects of the campus, giving recommendations for future projects.

Download Full-text

Impact of web banner advertising frequency on attitude

Asia Pacific Journal of Marketing and Logistics ◽

10.1108/apjml-04-2017-0063 ◽

2018 ◽

Vol 30 (2) ◽

pp. 380-399 ◽

Cited By ~ 2

Author(s):

Rahim Hussain ◽

Ahmed Shahriar Ferdous ◽

Gillian Sullivan Mort

Keyword(s):

Online Advertising ◽

Repetition Effect ◽

Brand Attitude ◽

Moderating Effect ◽

Future Research ◽

Content Type ◽

Banner Advertisements ◽

Banner Advertisement ◽

High Level ◽

The Impact

Purpose The purpose of this paper is to examine whether advertising type (static or dynamic) and appeal (emotional or rational) moderate the relationship between web banner advertising frequency and consumer attitudinal response. Design/methodology/approach A laboratory experiment involving 400 participants was conducted to test for the moderating effect. Factorial ANOVA is used to measure brand attitude. Findings The results identified that the web banner advertisement type acted as a moderator between frequency and brand attitude. However, the moderating effect of banner advertisement appeal was found to be insignificant at a single banner advertisement frequency (i.e. exposure) but significantly different at a higher frequency. The study findings provide better directives for online marketers. Practical implications The major limitation is the fact that the impact of banner advertisement frequency was manipulated from one to five exposures. Future research needs to determine what happens after the fifth exposure, perhaps ten exposures or more, to determine the wear-out effect and in turn, to decide on the optimal frequency level in an effort to design more appropriate web communication strategies. Social implications The result shows that pop-up banner advertisements are intrusive, and that high level of exposures to pop-up banner advertisement could annoy online users. Thus, online advertisers should avoid repeating the pop-up banner advertisements because this could adversely affect the attitude towards the online advertising in general, and could also negatively influence attitudes towards the brand and ultimately effect online purchase. Originality/value This study contributes to the theory by providing more insights into the repetition effect, and comprehensive conclusions can be drawn based on the manipulation of banner advertisement frequency on different frequency levels. The research identifies that if the communication objective is to generate brand attitude, different strategies can be adopted depending on the banner advertisement type (pop-up vs static) and banner advertisement appeal (emotional vs rational).

Download Full-text

Impact of Deterrence and Inertia on Information Security Policy Changes

Journal of Information Systems ◽

10.2308/isys-52400 ◽

2019 ◽

Vol 34 (1) ◽

pp. 123-134

Author(s):

Kalana Malimage ◽

Nirmalee Raddatz ◽

Brad S. Trinkle ◽

Robert E. Crossler ◽

Rebecca Baaske

Keyword(s):

Information Security ◽

Security Policy ◽

Online Survey ◽

Security Policies ◽

Security Measures ◽

Policy Changes ◽

Information Security Policy ◽

Improve Compliance ◽

The Impact

ABSTRACT This study examines the impact of deterrence and inertia on information security policy changes. Corporations recognize the need to prioritize information security, which sometimes involves designing and implementing new security measures or policies. Using an online survey, we investigate the effect of deterrent sanctions and inertia on respondents' intentions to comply with modifications to company information security policies. We find that certainty and celerity associated with deterrent sanctions increase compliance intentions, while inertia decreases respondents' compliance intentions related to modified information security policies. Therefore, organizations must work to overcome employees' reluctance to change in order to improve compliance with security policy modifications. They may also consider implementing certain and timely sanctions for noncompliance.

Download Full-text

Science mapping: a bibliometric analysis of female entrepreneurship studies

Gender in Management An International Journal ◽

10.1108/gm-12-2019-0240 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Wei Deng ◽

Qiaozhuan Liang ◽

Jie Li ◽

Wei Wang

Keyword(s):

Network Analysis ◽

Intellectual Structure ◽

Future Research ◽

Female Entrepreneurship ◽

Science Mapping ◽

Content Type ◽

Entrepreneurship Research ◽

Bibliometric Review ◽

The Impact ◽

Practical Implications

Purpose This bibliometric review aims to display visually the intellectual communities (i.e. the cooperation networks among various countries, institutions, journals and individuals), the intellectual structure (i.e. the status quo and development trajectory of the intellectual base) and emerging hot topics of the female entrepreneurship research in 1975–2018. Based on the comprehensive review of the state-of-the-science, this paper aims to identify significant research gaps in extant studies and develop potential future research agendas that may catalyse new streams of female entrepreneurship research. Design/methodology/approach Bibliometric analysis via science mapping provides in-depth analyzes, highlights the intellectual structure and identifies hot topics. Using CiteSpace, co-citation networks of contributing countries, institutions, cited journals and authors are mapped first. Second, co-citation network analysis helps to identify the key “nodes” in the intellectual structure. The landscape view identifies main clusters from an overall perspective, while a timeline view delineates the characteristics and evolution of focal clusters. Major clusters are interpreted in detail with the help of foam tree graph processed by Carrot. Finally, the co-occurrence network analysis is conducted by using VOSviewer to examine hot topics and research frontiers Findings The findings show that the publications of female entrepreneurship increase exponentially. The major driving force of female entrepreneurship research is from the USA and England. In terms of intellectual structure, key concepts behind different clusters represent the major milestones in relation to individual determinants of female entrepreneurship, the impact of cultural and contextual factors on female entrepreneurship and female entrepreneurship in non-OECD countries, as well as the impact of family, social and institutional factors on the survival and exit of male and female enterprises. Hot topics include financing sources, the embeddedness nature, the impact and environmental factors of female entrepreneurship. Practical implications This study presents important practical implications. The findings suggest that intellectual communities of the female entrepreneurship field are relatively loose. Close contact and cooperation among different countries, institutions and researchers are lacking. To promote the evolution of the field, researchers who belong to different institutions in different countries may need to strengthen contact and cooperation. Additionally, papers in journals from the business and management discipline are most cited in this field, preventing new knowledge from other disciplines flowing into the female entrepreneurship field. Accordingly, female entrepreneurship research journals may need to expand their focus and combine knowledge from various domains. Originality/value This bibliometric review provides a more comprehensive, systematic and objective review of the female entrepreneurship field. Previous qualitative reviews are typically based on personal judgement, while a few quantitative reviews only describe statistical data. This study is based on thousands of citation data rather than a small number of papers pre-selected by the researcher, thus, is more data-grounded and less biased than prior reviews. It expands previous reviews by transparently visualizing the underlying structure and evolution of the field. Moreover, it highlights significant gaps in extant studies and develops future research agendas to catalyse new streams of research.

Download Full-text

Comparing the information security culture of employees who had read the information security policy and those who had not

Information and Computer Security ◽

10.1108/ics-12-2015-0048 ◽

2016 ◽

Vol 24 (2) ◽

pp. 139-151 ◽

Cited By ~ 20

Author(s):

Adéle Da Veiga

Keyword(s):

Information Security ◽

Security Policy ◽

Positive Influence ◽

Theoretical Research ◽

Information Security Policy ◽

Content Type ◽

Security Culture ◽

Targeted Interventions ◽

Information Security Culture ◽

Over Time

Purpose This study aims, firstly, to determine what influence the information security policy has on the information security culture by comparing the culture of employees who read the policy to those who do not, and, secondly, whether a stronger information security culture is embedded over time if more employees have read the information security policy. Design/methodology/approach An empirical study is conducted at four intervals over eight years across 12 countries using a validated information security culture assessment (ISCA) questionnaire. Findings The overall information security culture average scores as well as individual statements for all four survey assessments were significantly more positive for employees who had read the information security policy compared with employees who had not. The overall information security culture also improved from one assessment to the next. Research limitations/implications The information security culture should be measured and benchmarked over time to monitor change and identify and prioritise actions to improve the information security culture. If employees read the information security policy, it has a positive influence on the information security culture of an organisation. Practical implications Organisations should ensure that employees have read the information security policy to aid in minimising the human risk, related errors and incidents and, ultimately, to instil a stronger information security culture with a higher level of compliant behaviour. Originality/value This research confirms theoretical research indicating that the information security policy could influence the information security culture positively. It provides novel and statistical evidence illustrating that if employees read the information security policy, they have a stronger information security culture and that the culture can be improved through targeted interventions using an ISCA.

Download Full-text

Pro-Environmental Purchasing Behaviour during the economic crisis

Marketing Intelligence & Planning ◽

10.1108/mip-10-2012-0103 ◽

2014 ◽

Vol 32 (2) ◽

pp. 160-173 ◽

Cited By ~ 16

Author(s):

Irene Tilikidou ◽

Antonia Delistavrou

Keyword(s):

Economic Crisis ◽

Geographical Area ◽

Future Research ◽

Consumer Engagement ◽

Content Type ◽

Purchasing Behaviour ◽

Social Desirability Effect ◽

The Impact ◽

First Time ◽

Practical Implications

Purpose – Examination of Pro-Environmental Purchasing Behaviour (PPB) and its potential components. Investigation of the number and the size of relevant consumer segments. Determining the factors able to describe the segment of frequent pro-environmental purchasers. This paper aims to discuss these issues. Design/methodology/approach – Investigation of PPB as a total multi-item variable. Disclosure of the PPB components. Examination of the Purchase component and disclosure of its clusters. Focus on the cluster of frequent purchasers. Estimation of the demographic, attitudinal and psychographic variables able to describe and predict these consumers. Findings – Two components of PPB were found, namely Conservation (high consumer engagement in this) and Purchase (low consumer engagement in this). Inside the Purchase component of PPB three clusters were found, indicating, respectively, low, average and relatively high consumers’ involvement. Consumers in Cluster 3 (frequent pro-environmental purchasers) are fewer than in the past. They were found to be negatively influenced by environmental unconcern attitudes and Materialism, while they were positively affected by locus of control over politics and Universalism. Research limitations/implications – No demographic profile of frequent purchasers. Geographical area limited (a potential) generalisation of results. Social desirability effect. Future research with reference to evolutions in pro-environmental post-purchasing or non-purchasing behaviours during the years of economic crisis. Practical implications – Fewer consumers would buy ecological products if these were not comparable enough with the conventional products in terms of price and efficacy. Originality/value – First effort to explore the impact of the economic crisis on PPB in Greece. Encompassed new categories of ecological products. Revealed two components inside PPB (Purchase and Conservation) as well as number and size of consumer segments inside the Purchase component. Formulation of a partial profile of the frequent pro-environmental purchasers. Impact of Universalism on PPB was for the first time examined.

Download Full-text

The impact of the motivation for status on consumers’ perceptions of retailer sustainability: the moderating impact of collectivism and materialism

Journal of Consumer Marketing ◽

10.1108/jcm-03-2015-1351 ◽

2017 ◽

Vol 34 (4) ◽

pp. 292-305 ◽

Cited By ~ 11

Author(s):

Mertcan Tascioglu ◽

Jacqueline Kilsheimer Eastman ◽

Rajesh Iyer

Keyword(s):

Environmental Sustainability ◽

Generational Differences ◽

Age Groups ◽

Social Sustainability ◽

Cultural Dimensions ◽

Future Research ◽

Bandwagon Effect ◽

Content Type ◽

The Impact ◽

The Relationship

Purpose The purpose of the study is to investigate consumers’ perceptions of status motivations on retailers’ sustainability efforts and whether collectivism and materialism moderate this relationship. Design/methodology/approach A quantitative research methodology using survey data was used. Data were collected by administering questionnaires from millennial respondents (n = 386) from the USA and Turkey. Findings The results show that cultural value (collectivism) and materialism can serve as moderators of the effects of status motivation and sustainability. The findings indicate that the link between status motivation and sustainability perceptions (both environmental and social sustainability) is stronger for more collectivist consumers. In terms of materialism, while it did not moderate the relationship between status motivation and perceptions of environmental sustainability, it did moderate the relationship between status motivation and perceptions of social sustainability, particularly the uniqueness aspect of materialism. Research limitations/implications The stronger link between status motivation and both environmental and social sustainability for collectivists suggests that the bandwagon effect may be impacting their need for status. The stronger link between status motivation and social sustainability for those more materialistic suggests that their need for status may be more impacted by a snob effect as they want to appear unique. The use of college students is a limitation of this study, and future research needs to explore a wider range of age groups to determine if there are generational differences. Additionally, future research could examine other cultural dimensions such as power distance and masculinity versus femininity. Practical implications Findings from this research provide insights for retailers, especially those targeting the status and luxury market when developing their sustainability plans. An interest in sustainability may aid consumers in meeting their need for status, particularly for those status consumers who are more collectivist, as a means to fit in with their group. For more materialistic consumers, retailers may want to focus more on unique social sustainability efforts that are more publicly noticeable. Social implications Social sustainability, a topic not studied as frequently as environmental sustainability, has significant implications for consumers. The findings suggest that the link between status motivation and social sustainability is stronger for collectivists, suggesting a bandwagon effect. Additionally, the authors find that the link between status motivation and social sustainability is stronger for materialists, particularly the uniqueness dimension of materialism, suggesting a snob effect. Originality/value The originality of this study lies in the exploration of how status motivation impacts consumers’ perceptions of retailers’ environmental and social sustainability efforts and if these relationships are moderated by collectivism and materialism. Few studies have examined social sustainability, especially in terms of culture.

Download Full-text