Cybercrime: an emerging threat to the banking sector of Pakistan

Purpose The purpose of this study is to gain more insight into the impact of cybercrime incidents in the banking sector of Pakistan. This study investigates the significant contribution of information security awareness on the relationship of cybercrimes and organizational performance. Design/methodology/approach The impact of cybercrime incidents on organizational performance is investigated by further exploring the moderating effects of information security awareness. A sample of 302 employees in the banking industry of Pakistan was studied by using survey design. Findings Cybercrime incidents have negative impact on organizational performance, but information security awareness weakens the negative impact of cybercrimes on organizational performance. Research limitations/implications The present study focuses on the banking sector so its finding cannot be generalized in other sectors. Further, in-depth comparative studies in other sectors with different cultural settings will help to authenticate the research findings. Practical implications Information security awareness weakens the negative impact of cybercrimes on organizational performance; therefore, it is important for banks’ HR managers to set up more security training courses to increase employees’ awareness on cybercrimes. Originality/value This study explores the impact of cybercrimes on banks’ performance with the moderating role of employees’ information security awareness. Linking these topics has created a new study within the cybercrimes discipline. The present study also enhances the understanding of employees’ role to combat the impact of cybercrimes on organizational performance.

Download Full-text

Readiness for information security of teachers as a function of their personality traits and their assessment of threats

Aslib Journal of Information Management ◽

10.1108/ajim-12-2019-0371 ◽

2020 ◽

Vol 72 (5) ◽

pp. 787-812

Author(s):

Noa Aharony ◽

Dan Bouhnik ◽

Nurit Reich

Keyword(s):

Information Security ◽

Personality Traits ◽

Cultural Change ◽

Design Methodology ◽

Educational Institutions ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Secure Information ◽

The Impact

PurposeThis study examines the impact of personality traits on the degree of challenge experienced by individuals with respect to the threat on their information, the evaluation of their self-efficacy to secure the information and hence, their readiness to secure information.Design/methodology/approachThe study's population consisted of 157 teachers from various educational institutions across Israel. We used five questionnaires to gather data.FindingsFindings reveal a link between participants' personality traits, situation evaluation indicators and their readiness to secure information. Further, the greater subjects' information security awareness and familiarity with information security concepts, the better their application of the tools for securing information will be.Originality/valueThe importance of this research lies primarily in that it highlights the importance of individual differences while dealing with information security awareness. The findings constitute a theoretical and empirical basis for building tools toward guiding teachers to protect their information, as well as for devising educational and pedagogic programs for making a cultural change.

Download Full-text

The impact of information richness on information security awareness training effectiveness

Computers & Education ◽

10.1016/j.compedu.2008.06.011 ◽

2009 ◽

Vol 52 (1) ◽

pp. 92-100 ◽

Cited By ~ 87

Author(s):

R.S. Shaw ◽

Charlie C. Chen ◽

Albert L. Harris ◽

Hui-Jou Huang

Keyword(s):

Information Security ◽

Training Effectiveness ◽

Security Awareness ◽

Awareness Training ◽

Information Security Awareness ◽

Information Richness ◽

Security Awareness Training ◽

The Impact

Download Full-text

Recommendations for information security awareness training for college students

Information Management & Computer Security ◽

10.1108/imcs-01-2013-0005 ◽

2014 ◽

Vol 22 (1) ◽

pp. 115-126 ◽

Cited By ~ 33

Author(s):

Eyong B. Kim

Keyword(s):

College Students ◽

Information Security ◽

New England ◽

Web Sites ◽

Security Awareness ◽

Awareness Training ◽

Content Type ◽

Information Security Awareness ◽

The Status ◽

Security Awareness Training

Purpose – The purpose of this paper is to survey the status of information security awareness among college students in order to develop effective information security awareness training (ISAT). Design/methodology/approach – Based on a review of the literature and theoretical standpoints as well as the National Institute of Standards and Technology Special Publication 800-50 report, the author developed a questionnaire to investigate the attitudes toward information security awareness of undergraduate and graduate students in a business college at a mid-sized university in New England. Based on that survey and the previous literature, suggestions for more effective ISAT are provided. Findings – College students understand the importance and the need for ISAT but many of them do not participate in it. However, security topics that are not commonly covered by any installed (or built-in) programs or web sites have a significant relationship with information security awareness. It seems that students learned security concepts piecemeal from variety of sources. Practical implications – Universities can assess their ISAT for students based on the findings of this study. Originality/value – If any universities want to improve their current ISAT, or establish it, the findings of this study offer some guidelines.

Download Full-text

Information Security Awareness among Non-Academic Staff in the University of Ibadan, Nigeria

Asian Journal of Computer Science and Technology ◽

10.51983/ajcst-2019.8.2.2136 ◽

2019 ◽

Vol 8 (2) ◽

pp. 77-84

Author(s):

H. T. AbdulRahman ◽

S. O. Oladipupo

Keyword(s):

Information Security ◽

Survey Design ◽

Academic Staff ◽

Sampling Technique ◽

Future Research ◽

Security Awareness ◽

Information Security Awareness ◽

The University ◽

University Of Ibadan ◽

Ibadan Nigeria

This study applied the established factors from the existing literatures on information security awareness to investigate information security awareness among non-academic staff in the University of Ibadan, Nigeria. The objectives of this study are; to identify the factors that influence information security awareness and to determine the level of information security awareness among non-academic staff. This study employed a survey design. Stratified random sampling technique was utilized to select the respondents for the study. The study participants consist of non-academic staff in the University of Ibadan. A field survey of 300 respondents was carried out using questionnaire as the main instrument. Descriptive statistics was used for data analysis. Findings of this study revealed that information security awareness is significantly influenced by policy of information security, education of information security, knowledge of technology, and non-academic staff’s behavior. Furthermore, findings show that the level of information security awareness among non-academic staff in the University of Ibadan was high. Finally, findings were discussed and recommendations for the future research were also addressed.

Download Full-text

Factors affecting organizational adoption and acceptance of computer-based security awareness training tools

Information and Computer Security ◽

10.1108/ics-12-2020-0200 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Laila Dahabiyeh

Keyword(s):

Information Security ◽

Online Reviews ◽

Security Awareness ◽

Key Factors ◽

Awareness Training ◽

Organizational Adoption ◽

Content Type ◽

Information Security Awareness ◽

Computer Based ◽

Security Awareness Training

Purpose As insiders remain to be a main reason behind security breaches, effective information security awareness campaigns become critical in protecting organizations from security incidents. The purpose of this paper is to identify factors that influence organizational adoption and acceptance of computer-based security awareness training tools. Design/methodology/approach The paper uses content analysis of online reviews of the top ten computer-based security awareness training tools that received Gartner peer insights Customers’ Choice 2019 award. Findings This study identifies nine critical adoption and success factors. These are synthesized into a conceptual framework based on the technology–organization–environment framework. The findings reveal that technological, organizational and environmental factors come into play in adoption decisions but with varying degrees of importance. Practical implications This study highlights key factors that technology vendors should take into consideration when designing computer-based security awareness training tools to increase adoption rates. Originality/value This research offers a novel contribution to the literature on information security awareness delivery methods by identifying key factors that influence organizational adoption and acceptance of computer-based security awareness training tools. Those factors were identified using content analysis of online reviews, which is a new methodological approach to the information security awareness literature.

Download Full-text

Impact of internal and external CSR on organizational performance with moderating role of culture: empirical evidence from Chinese banking sector

International Journal of Bank Marketing ◽

10.1108/ijbm-04-2020-0215 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Abdul Waheed ◽

Qingyu Zhang ◽

Abaid Ullah Zafar ◽

Hashim Zameer ◽

Muhammad Ashfaq ◽

...

Keyword(s):

Organizational Performance ◽

Banking Sector ◽

Content Type ◽

Managerial Implications ◽

Corporate Social ◽

The Impact ◽

The Relationship ◽

Moderating Role ◽

Chinese Banking

PurposeThis study investigates the impact of corporate social responsibility (CSR) on organizational performance, especially competitive performance (CP) along with moderating role of the organizational culture (OC) from the banking sector of China. Drawing on the stakeholder theory, the first goal is to examine the relationships between CSR and organizational CP. Second, the purpose is to evaluate the moderation of OC between the relationship of CSR and CP, respectively.Design/methodology/approachSEM using SmartPLS was majorly engaged to ascertain the relationship and to inquire the assumed hypotheses. The convenience sampling was engaged to collect the data from the Chinese banking market with the help of students, colleagues and personal visits.FindingsThe findings exhibited that CSR both external and internal CSR has significant correlations on organizational CP within banking sector of China. Second, the findings revealed a positive moderation influence of OC between the relationships of CSR and organizational CP. The comprehensive analysis of each factor of CSR on organizational CP was autonomously inspected to understand the insights which ensure that how the incorporation of CSR and OC activities may improve organizational CP.Research limitations/implicationsThis study faces numerous limitations related to sample and geographic locations that assure new work possibilities for researchers across the world.Practical implicationsThis study equips insightful information for management on how organizations can obtain CP by consolidating CSR and OC activities as their more productive strategic tools. This article endows with potential theoretical and managerial implications with empirical addition to concerned literature of OC, CSR and organizational CP.Social implicationsUnderstanding OC and CSR activities can provide interesting and helpful insights for the personnel to perform well within the banking institutes.Originality/valueThe topic of CSR and culture has been known as the evolving concept that is getting strong concern for the researchers. The additional work particularly empirical is yet required to explore the insights on CSR and OC themes worldwide, especially in developing nations.

Download Full-text

Modeling anti-malware use intention of university students in a developing country using the theory of planned behavior

Kybernetes ◽

10.1108/k-05-2018-0226 ◽

2019 ◽

Vol 48 (8) ◽

pp. 1565-1585

Author(s):

Ali Vafaei-Zadeh ◽

Ramayah Thurasamy ◽

Haniruzila Hanifah

Keyword(s):

Information Security ◽

Theory Of Planned Behavior ◽

Planned Behavior ◽

Price Level ◽

Subjective Norms ◽

Intention To Use ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Perceived Price

Purpose This paper aims to investigate the impact of perceived price level and information security awareness on computer users’ attitude. Moreover, this study aims to investigate the effect of attitude, subjective norms and perceived behavioral control (PBC) on intention to use anti-malware software. Design/methodology/approach Data were collected using a structured questionnaire from 225 students of five public universities in Malaysia. Purposive sampling technique was used in this study. AMOS 24 was used to test the research framework using a two-step approach. Findings Findings give support to some of the hypotheses developed with R2 values of 0.521 for attitude and 0.740 for intention. Perceived price level had a negative effect on attitude while information security awareness had a positive effect on attitude and intention. Attitude, subjective norms and PBC were all positively related to intention, but perceived price level did not affect intention. This suggests that benefits of using anti-malware are more than its price value. Therefore, the price has no direct effect on intention to use. Research limitations/implications University computer networks are as open and inviting as their campuses. Therefore, this research can be helpful to the universities to safeguard their networks and encourage the students to use anti-malware. However, using anti-malware software will enable an individual to identify and prioritize security risks, quickly detect and mitigate security breaches, improve the understanding of security gaps and safeguard the sensitive data by minimizing the risks related to malware. Originality/value This study ventured to model the information security behavior of anti-malware usage by individual users by using the theory of planned behavior with the addition of two new variables, perceived price level and information security awareness to explain the behavior better.

Download Full-text

Information security awareness in a developing country context: insights from the government sector in Saudi Arabia

Information Technology and People ◽

10.1108/itp-06-2019-0269 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Raneem AlMindeel ◽

Jorge Tiago Martins

Keyword(s):

Saudi Arabia ◽

Information Security ◽

Developing Country ◽

Single Case ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Study Approach ◽

Government Sector ◽

The Government

PurposeThe purpose of this paper is to increase understanding of employee information security awareness in a government sector setting and illuminate the problems that public sector organisations in a developing context face when seeking to establish an information security awareness programme.Design/methodology/approachAn interpretive research design was followed to develop an empirically enriched understanding of information security awareness perceptions, aspirations, challenges and enablers in the context of Saudi Arabia as a developing country. The study adopts a single-case study approach, including face-to-face interviews with senior employees, as well as document analysis.FindingsThe paper theorises the importance of individual information security awareness, knowledge and behaviour and identifies a number of facilitating conditions: customisation to employee and organisational needs, interactivity, innovation, frequency, integration of both electronic and physical learning resources and rewarding the acquisition of in-depth security-related actionable knowledge.Originality/valueThis study is one of the first to examine information security awareness as a socio-technical process within a government sector organisation in a developing country context.

Download Full-text

Matching training to individual learning styles improves information security awareness

Information and Computer Security ◽

10.1108/ics-01-2019-0022 ◽

2019 ◽

Vol 28 (1) ◽

pp. 1-14 ◽

Cited By ~ 2

Author(s):

Malcolm Pattinson ◽

Marcus Butavicius ◽

Meredith Lillie ◽

Beau Ciccarello ◽

Kathryn Parsons ◽

...

Keyword(s):

Information Security ◽

Learning Styles ◽

Cyber Security ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Security Controls ◽

Human Aspects ◽

Security Training ◽

Different Types

Purpose This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA. Practical implications If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer. Originality/value A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.

Download Full-text

Organisational culture, procedural countermeasures, and employee security behaviour

Information and Computer Security ◽

10.1108/ics-03-2017-0013 ◽

2017 ◽

Vol 25 (2) ◽

pp. 118-136 ◽

Cited By ~ 16

Author(s):

Lena Yuryna Connolly ◽

Michael Lang ◽

John Gathegi ◽

Doug J. Tygar

Keyword(s):

Information Security ◽

Organisational Culture ◽

Security Awareness ◽

Deterrence Theory ◽

Content Type ◽

General Deterrence ◽

Information Security Awareness ◽

Security Breaches ◽

Technical Issues ◽

Security Countermeasures

Purpose This paper provides new insights about security behaviour in selected US and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee security actions. An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. While recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches, the extant security literature tends to focus on technical issues. Design/methodology/approach This paper builds on general deterrence theory and prior organisational culture literature. The methodology adapted for this study draws on the analytical grounded theory approach employing a constant comparative method. Findings This paper demonstrates that procedural security countermeasures and organisational culture tend to affect security behaviour in organisational settings. Research limitations/implications This paper fills the void in information security research and takes its place among the very few studies that focus on behavioural as opposed to technical issues. Practical implications This paper highlights the important role of procedural security countermeasures, information security awareness and organisational culture in managing illicit behaviour of employees. Originality/value This study extends general deterrence theory in a novel way by including information security awareness in the research model and by investigating both negative and positive behaviours.

Download Full-text