The effect of resilience and job stress on information security awareness

2018 ◽  
Vol 26 (3) ◽  
pp. 277-289 ◽  
Author(s):  
Agata McCormac ◽  
Dragana Calic ◽  
Kathryn Parsons ◽  
Marcus Butavicius ◽  
Malcolm Pattinson ◽  
...  
Keyword(s):  
Information Security ◽  
Job Stress ◽  
The Body ◽  
Future Research ◽  
Security Awareness ◽  
Content Type ◽  
Information Security Awareness ◽  
Positive Effects ◽  
Human Aspects ◽  
The Relationship

Purpose The purpose of this study was to investigate the relationship between resilience, job stress and information security awareness (ISA). The study examined the effect of resilience and job stress on the three components that comprise ISA, namely, knowledge, attitude and behaviour. Design/methodology/approach A total of 1,048 working Australians completed an online questionnaire. ISA was measured with the Human Aspects of Information Security Questionnaire. Participants also completed the Brief Resilience Scale and the Job Stress Scale. Findings It was found that participants with greater resilience also had higher ISA and experienced lower levels of job stress. More specifically, individuals who reported higher levels of resilience had significantly better knowledge, attitude and behaviour. Similarly, participants who reported lower levels of job stress also reported significantly better knowledge, attitude and behaviour. Resilience plays an important mediating role in the relationship between job stress and ISA. This means that even if people have high levels of job stress, if they are better able to cope with or adapt to stress (i.e. have higher resilience), they are less likely to have lower ISA. Results of this study add to the body of literature emphasising the positive effects of resilience and suggest that resilience is associated with improved ISA and therefore more secure behaviour. Research limitations/implications Future research should focus on assessing the influence of resilience training in the workplace. Originality/value Given the constructive findings, it may be valuable to focus on the effect of organisational culture, and organisational security culture, on resilience, job stress and ISA.

Managing information security awareness at an Australian bank: a comparative study

2017 ◽  
Vol 25 (2) ◽  
pp. 181-189 ◽  
Author(s):  
Malcolm Pattinson ◽  
Marcus Butavicius ◽  
Kathryn Parsons ◽  
Agata McCormac ◽  
Dragana Calic
Keyword(s):  
Information Security ◽  
Learning Styles ◽  
International Standards ◽  
Future Research ◽  
Security Awareness ◽  
Web Based ◽  
Content Type ◽  
Information Security Awareness ◽  
Human Aspects ◽  
Major Factors

Purpose The aim of this study was first to confirm that a specific bank’s employees were generally more information security-aware than employees in other Australian industries and second to identify the major factors that contributed to this bank’s high levels of information security awareness (ISA). Design/methodology/approach A Web-based questionnaire (the Human Aspects of Information Security Questionnaire – HAIS-Q) was used in two separate studies to assess the ISA of individuals who used computers at their workplace. The first study assessed 198 employees at an Australian bank and the second study assessed 500 working Australians from various industries. Both studies used a Qualtrics-based questionnaire that was distributed via an email link. Findings The results showed that the average level of ISA among bank employees was consistently 20 per cent higher than that among general workforce participants in all focus areas and overall. There were no significant differences between the ISA scores for those who received more frequent training compared to those who received less frequent training. This result suggests that the frequency of training is not a contributing factor to an employee’s level of ISA. Research limitations/implications This current research did not investigate the information security (InfoSec) culture that prevailed within the bank in question because the objective of the research was to compare a bank’s employees with general workforce employees rather than compare organisations. The Research did not include questions relating to the type of training participants had received at work. Originality/value This study provided the bank’s InfoSec management with evidence that their multi-channelled InfoSec training regime was responsible for a substantially higher-than-average ISA for their employees. Future research of this nature should examine the effectiveness of various ISA programmes in light of individual differences and learning styles. This would form the basis of an adaptive control framework that would complement many of the current international standards, such as ISO’s 27000 series, NIST’s SP800 series and ISACA’s COBIT5.

Matching training to individual learning styles improves information security awareness

2019 ◽  
Vol 28 (1) ◽  
pp. 1-14 ◽  
Author(s):  
Malcolm Pattinson ◽  
Marcus Butavicius ◽  
Meredith Lillie ◽  
Beau Ciccarello ◽  
Kathryn Parsons ◽  
...  
Keyword(s):  
Information Security ◽  
Learning Styles ◽  
Cyber Security ◽  
Security Awareness ◽  
Content Type ◽  
Information Security Awareness ◽  
Security Controls ◽  
Human Aspects ◽  
Security Training ◽  
Different Types

Purpose This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA. Practical implications If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer. Originality/value A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.

Exploring the relationship between student mobile information security awareness and behavioural intent

2015 ◽  
Vol 23 (4) ◽  
pp. 406-420 ◽  
Author(s):  
Bukelwa Ngoqo ◽  
Stephen V. Flowerday
Keyword(s):  
Information Security ◽  
Mobile Phone ◽  
Undergraduate Students ◽  
Security Awareness ◽  
Human Errors ◽  
Content Type ◽  
Information Security Awareness ◽  
Student Information ◽  
Key Aspects ◽  
The Relationship

Purpose – The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely, awareness and behavioural intent. This paper proposes that the knowing-and-doing gap can possibly be reduced by addressing both awareness and behavioural intent. This research paper explores the relationship between student mobile phone user information security awareness and behavioural intent in a developmental university in South Africa. Design/methodology/approach – Information security awareness interventions were implemented in this action research study, and student information security behavioural intent was observed after each cycle. Findings – The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context, as most undergraduate students are offered a computer-related course which covers certain information security-related principles. Existing researchers in the field of information security still grapple with the “knowing-and-doing” gap, where user information security knowledge/awareness sometimes does not result in safer behavioural practises. Originality/value – Zhang et al. (2009) suggest that understanding human behaviour is important when dealing with the problems caused by human errors. Harnesk and Lindstrom (2011) expressed a concern that existing research does not address the interlinked relationship between anticipated security behaviour and the enactment of security procedures. This study acknowledges Choi et al. (2008) contribution in their discussions on the “knowing-and-doing gap” suggests a link between awareness and actual behaviour that is confirmed by the findings of this study.

Predicting information security culture among employees of telecommunication companies in an emerging market

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Nurul Asmui Azmi Md Azmi ◽  
Ai Ping Teoh ◽  
Ali Vafaei-Zadeh ◽  
Haniruzila Hanifah
Keyword(s):  
Information Security ◽  
Emerging Market ◽  
Mediating Effect ◽  
Security Awareness ◽  
Content Type ◽  
Security Culture ◽  
Information Security Awareness ◽  
The Relationship ◽  
Information Security Culture ◽  
Telecommunications Companies

Purpose The purpose of this study is to examine factors, which influence information security culture among employees of telecommunications companies. The motivation for this study was the rise in the number of data breach incidents caused by the organizations’ own employees. Design/methodology/approach A total of 139 usable responses were collected via a Web-based questionnaire survey from employees of Malaysian telecommunications companies. Data were analysed by using SmartPLS 3. Findings Security education, training and awareness (SETA) programmes and information security awareness were found to have a positive and significant impact on Information Security Culture. Additionally, self-reported employees’ security behaviour was found to act as a partial mediator on the relationship between information security awareness and information security culture. Research limitations/implications The study was cross-sectional in nature. Therefore, it could not measure changes in population over time. Practical implications The empirical data provides a new perspective on significant elements that influence information security culture in an emerging market. Organizations in the telecommunications industry can now recognize that SETA programmes and information security awareness have a significant impact on information security culture. Employees’ security behaviour also mediates the relationship between information security awareness and information security culture. Originality/value This is the first study to analyse the mediating effect of employees’ security behaviour on the relationship between information security awareness and information security culture in the Malaysian telecommunications context.

“What about users?”: Development and validation of the mobile information security awareness scale (MISAS)

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Fatih Erdoğdu ◽  
Seyfullah Gökoğlu ◽  
Mehmet Kara
Keyword(s):  
Factor Analysis ◽  
Information Security ◽  
Instant Messaging ◽  
Prototype Model ◽  
Security Awareness ◽  
Technical Aspects ◽  
Content Type ◽  
Information Security Awareness ◽  
Human Aspects ◽  
Mobile Information

PurposeThe current study aimed to develop and validate Mobile Information Security Awareness Scale (MISAS) based on the prototype model for measuring information security awareness and the relevant literature.Design/methodology/approachThe scale was developed and validated with the participation of 562 students from four universities. The construct validity of the scale was tested through exploratory factor analysis and confirmatory factor analysis.FindingsThe reliability of the scale was tested through corrected item-total correlations and Cronbach alpha. The MISAS includes six factors and 17 items. The identified factors were labeled as backup, instant messaging and navigation, password protection, update, access permission and using others' devices.Research limitations/implicationsThe scale included only the human aspects of mobile information security. The technical aspects are not within the scope of this study. For this reason, future studies might develop and validate a different scale focusing on the technical aspects of mobile information security.Originality/valueThe developed scale contributes to the literature on the human aspects of mobile information security.

We dreamed a dream that entrepreneurial ecosystems can promote sustainability

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Mario Raposo ◽  
Cristina I. Fernandes ◽  
Pedro M. Veiga
Keyword(s):  
Policy Formulation ◽  
Logistic Distribution ◽  
Future Research ◽  
Community Innovation Survey ◽  
Content Type ◽  
Positive Effects ◽  
Entrepreneurial Ecosystems ◽  
Future Research Agenda ◽  
Company Policy ◽  
The Relationship

PurposeResearch into the relationship between entrepreneurial ecosystems and sustainability has deepened in terms of both quantity and quality even while still remaining a fragmented and divergent field. Hence, the purpose of this study is to put forward empirical evidence to advance the literature on the relationship between entrepreneurial ecosystems and sustainability. To this end, the authors furthermore identify and highlight a future research agenda.Design/methodology/approachThe source of the empirical analysis in this article stems from the Community Innovation Survey, the leading statistical inquiry of innovation in companies carried out by Eurostat based upon the conceptual framework set out in the Oslo Manual. For modelling the variables, the authors applied binary regression based on logistic distribution.FindingsThe results of the research demonstrated how all of the variables considered for entrepreneurial ecosystems (co-operation with suppliers, co-operation with clients or customers, co-operation with universities; co-operation with government, public or private research institutes) return positive impacts on national sustainabilityResearch limitations/implicationsDespite the data spanning only the nine countries in the database, the results enable insights into the theory as the results serve to strengthen already existing considerations on the positive effects of entrepreneurial ecosystems for the sustainability of countries.Practical implicationsThe results of the research may generate important implications for company policy formulation. The identification of the relevance of the different actors in entrepreneurial ecosystems and their impact on sustainability may assist firms and policymakers to identify the leading actors and the resources necessary to sustaining their activities and thereby correspondingly establishing their priorities.Originality/valueThe research (1) both deepens the prevailing knowledge on this theme and fills a gap encountered in the existing literature; (2) in practical terms, for managers, entrepreneurs and politicians to better grasp how entrepreneurship constitutes a systemic phenomenon and these systems require approaching in terms of their impacts and greater contributions to obtaining sustainability.

Readiness for information security of teachers as a function of their personality traits and their assessment of threats

2020 ◽  
Vol 72 (5) ◽  
pp. 787-812
Author(s):  
Noa Aharony ◽  
Dan Bouhnik ◽  
Nurit Reich
Keyword(s):  
Information Security ◽  
Personality Traits ◽  
Cultural Change ◽  
Design Methodology ◽  
Educational Institutions ◽  
Security Awareness ◽  
Content Type ◽  
Information Security Awareness ◽  
Secure Information ◽  
The Impact

PurposeThis study examines the impact of personality traits on the degree of challenge experienced by individuals with respect to the threat on their information, the evaluation of their self-efficacy to secure the information and hence, their readiness to secure information.Design/methodology/approachThe study's population consisted of 157 teachers from various educational institutions across Israel. We used five questionnaires to gather data.FindingsFindings reveal a link between participants' personality traits, situation evaluation indicators and their readiness to secure information. Further, the greater subjects' information security awareness and familiarity with information security concepts, the better their application of the tools for securing information will be.Originality/valueThe importance of this research lies primarily in that it highlights the importance of individual differences while dealing with information security awareness. The findings constitute a theoretical and empirical basis for building tools toward guiding teachers to protect their information, as well as for devising educational and pedagogic programs for making a cultural change.

Recommendations for information security awareness training for college students

2014 ◽  
Vol 22 (1) ◽  
pp. 115-126 ◽  
Author(s):  
Eyong B. Kim
Keyword(s):  
College Students ◽  
Information Security ◽  
New England ◽  
Web Sites ◽  
Security Awareness ◽  
Awareness Training ◽  
Content Type ◽  
Information Security Awareness ◽  
The Status ◽  
Security Awareness Training

Purpose – The purpose of this paper is to survey the status of information security awareness among college students in order to develop effective information security awareness training (ISAT). Design/methodology/approach – Based on a review of the literature and theoretical standpoints as well as the National Institute of Standards and Technology Special Publication 800-50 report, the author developed a questionnaire to investigate the attitudes toward information security awareness of undergraduate and graduate students in a business college at a mid-sized university in New England. Based on that survey and the previous literature, suggestions for more effective ISAT are provided. Findings – College students understand the importance and the need for ISAT but many of them do not participate in it. However, security topics that are not commonly covered by any installed (or built-in) programs or web sites have a significant relationship with information security awareness. It seems that students learned security concepts piecemeal from variety of sources. Practical implications – Universities can assess their ISAT for students based on the findings of this study. Originality/value – If any universities want to improve their current ISAT, or establish it, the findings of this study offer some guidelines.

scholarly journals Information Security Awareness among Non-Academic Staff in the University of Ibadan, Nigeria

2019 ◽  
Vol 8 (2) ◽  
pp. 77-84
Author(s):  
H. T. AbdulRahman ◽  
S. O. Oladipupo
Keyword(s):  
Information Security ◽  
Survey Design ◽  
Academic Staff ◽  
Sampling Technique ◽  
Future Research ◽  
Security Awareness ◽  
Information Security Awareness ◽  
The University ◽  
University Of Ibadan ◽  
Ibadan Nigeria

This study applied the established factors from the existing literatures on information security awareness to investigate information security awareness among non-academic staff in the University of Ibadan, Nigeria. The objectives of this study are; to identify the factors that influence information security awareness and to determine the level of information security awareness among non-academic staff. This study employed a survey design. Stratified random sampling technique was utilized to select the respondents for the study. The study participants consist of non-academic staff in the University of Ibadan. A field survey of 300 respondents was carried out using questionnaire as the main instrument. Descriptive statistics was used for data analysis. Findings of this study revealed that information security awareness is significantly influenced by policy of information security, education of information security, knowledge of technology, and non-academic staff’s behavior. Furthermore, findings show that the level of information security awareness among non-academic staff in the University of Ibadan was high. Finally, findings were discussed and recommendations for the future research were also addressed.

Sign in / Sign up

Export Citation Format

Share Document