Empowering Adolescents Through Instilling Information Security Culture in Zimbabwean Schools

There is an excellent opportunity to ensure that information security culture (ISU) is embedded in school children before they are employed in the industry. However, for the majority of time spent in primary and secondary school education, pupils are alienated from supervised use of technology, making it difficult to teach pupils proper use of technology. Thus, there is no deliberate effort to empower and impart ISC to school pupils in Zimbabwe. The purpose of this study is to develop a framework for instilling information security culture in secondary school pupils. Based on the literature, the first version of the framework was developed and subjected to a focus group for review. Data from this focus group was analysed, resulting in a second improved version of the framework. Consequently, it was shown that the framework was relevant, useful, and applicable within Zimbabwean settings.

End-user perceptions on information security

Information is a vital asset needed by many organizations to function effectively. However, this asset can easily be compromised thus its protection is crucial to the efficacy of an organization. A common information security breach used is social engineering. Social engineering is the use of manipulative and deceptive techniques against the inherent nature of human beings to access sensitive and confidential information to achieve an illicit action or omission of action. Through a qualitative inquiry, this article investigated the perceptions of employees concerning social engineering in the workplace to extract practical lessons from local businesses located in Gauteng Province, South Africa.The findings confirm that human beings should be at the forefront of defense against social engineering attacks and advocates for a multi-inter-trans-disciplinary social engineering protection model to practically assist organizations in developing a healthy and effective information security culture.

PRIORITY DIRECTIONS FOR THE DEVELOPMENT OF PROFESSIONAL ORIENTATION OF CADETS OF MILITARY INSTITUTES ON INFORMATION SECURITY

Представлены результаты экспертной оценки мероприятий, способствующих развитию профессиональной направленности на информационную безопасность, а также характеристик качеств (свойств) личности, способствующих развитию культуры информационной безопасности. Объектом исследования является профессиональная направленность на информационную безопасность. Целью представленной статьи является выявление эффективных направлений развития профессиональной направленности на информационную безопасность. Для достижения указанной цели использовались следующие методы исследования: опрос, экспертная оценка, корреляционный анализ. Результаты экспертной оценки позволили выявить наиболее эффективные мероприятия, способствующие развитию профессиональной направленности на информационную безопасность. Корреляционный анализ полученных результатов позволил определить явные зависимости между рассматриваемыми качествами личности и выделить три основных блока качеств личности: «Понимание информационной безопасности», «Профессионально важные качества» и «Общекультурные компетенции». Перечисленные блоки позволяют подобрать диагностические средства для оценки результативности реализации программы воспитательной работы по развитию профессиональной направленности на информационную безопасность. This article presents the results of an expert assessment of the activities that contribute to the development of professional orientation to information security, as well as the characteristics of the qualities (properties) of a person that contribute to the development of an information security culture. The object of the study is a professional orientation to information security. The purpose of the presented article is to identify effective directions for the development of professional orientation to information security. To achieve this goal, the following research methods were used: survey, expert assessment, correlation analysis. The results of the expert assessment made it possible to identify the most effective measures that contribute to the development of professional orientation to information security. The correlation analysis of the obtained results allowed us to determine the obvious dependencies between the considered personality qualities and to identify 3 main blocks of personality qualities: «Understanding of information security», «Professionally important qualities» and «General Cultural competencies». These blocks allow you to select diagnostic tools to assess the effectiveness of the implementation of the educational work program for the development of professional orientation to information security.

Influence of Information Security Culture on the Information Security Governance Capabilities (Case Study: PT XYZ)

Objective – To analyze the relationship between a company’s information security approach/culture with its information security governance capabilities based on COBIT 5 framework and provide recommendations that can be used to improve the company's information security capabilities per COBIT 5 standard. Methodology – The research uses qualitative and quantitative methods by conducting interviews and distributing questionnaires to 3 members of the IT Department at PT XYZ. Findings – The research found that the measured COBIT 5 processes (APO13 and DSS05) failed to reach the expected target (level 4), with each DSS05 and APO13 can only reach level 1 and 2 respectively. In addition, several flaws were also found in the company’s information security culturethat may have contributed directly or indirectly to the current state of the company’s information security capabilities. Novelty – In this study, the researchers expand the previous study on information security culture conducted in 2010 by performing a security audit on a company's IT department to analyze the connection between corporate culture, especially information security culture and the capability level of information security governance. The company thus can make improvements or corrections to its information security approach/culture based on the recommendations provided with COBIT 5 framework. Keywords: Capability Level; COBIT; Governance; Information Security Culture.

Holistic framework for evaluating and improving information security culture

PurposeThe objective of this research was to propose and validate a holistic framework for information security culture evaluation, built around a novel approach, which includes technological, organizational and social issues. The framework's validity and reliability were determined with the help of experts in the information security field and by using multivariate statistical methods.Design/methodology/approachThe conceptual framework was constructed upon a detailed literature review and validated using a range of methods: first, measuring instrument was developed, and then content and construct validity of measuring instrument was confirmed via experts' opinion and by closed map sorting method. Convergent validity was confirmed by factor analysis, while the reliability of the measuring instrument was tested using Cronbach's alpha coefficient to measure internal consistency.FindingsThe proposed framework was validated based upon the results of empirical research and the usage of multivariate analysis. The resulting framework ultimately consists of 46 items (manifest variables), describing eight factors (first level latent variables), grouped into three categories (second level latent variables). These three categories were built around technological, organizational and social issues.Originality/valueThis paper contributes to the body of knowledge in information security culture by developing and validating holistic framework for information security culture evaluation, which does not observe information security culture in only one aspect but takes into account its organizational, sociological and technical component.

Predicting information security culture among employees of telecommunication companies in an emerging market

Purpose The purpose of this study is to examine factors, which influence information security culture among employees of telecommunications companies. The motivation for this study was the rise in the number of data breach incidents caused by the organizations’ own employees. Design/methodology/approach A total of 139 usable responses were collected via a Web-based questionnaire survey from employees of Malaysian telecommunications companies. Data were analysed by using SmartPLS 3. Findings Security education, training and awareness (SETA) programmes and information security awareness were found to have a positive and significant impact on Information Security Culture. Additionally, self-reported employees’ security behaviour was found to act as a partial mediator on the relationship between information security awareness and information security culture. Research limitations/implications The study was cross-sectional in nature. Therefore, it could not measure changes in population over time. Practical implications The empirical data provides a new perspective on significant elements that influence information security culture in an emerging market. Organizations in the telecommunications industry can now recognize that SETA programmes and information security awareness have a significant impact on information security culture. Employees’ security behaviour also mediates the relationship between information security awareness and information security culture. Originality/value This is the first study to analyse the mediating effect of employees’ security behaviour on the relationship between information security awareness and information security culture in the Malaysian telecommunications context.

Enhancing supply chain resilience by counteracting the Achilles heel of information sharing

PurposeIn the face of information leakage, this study aims to demonstrate pathways to supply chain resilience (SCR) during information sharing by deploying organizational ethical climate (OEC) and information security culture (ISC) as non-punitive mitigation approaches.Design/methodology/approachThis empirical study was conducted to verify the framework using a questionnaire distributed to Malaysian multinational corporations (MNCs) of the manufacturing sector. The data were analysed using structural equation modeling (SEM) techniques with the AMOS software.FindingsThis study has confirmed the adverse impact of intentional and unintentional leakages on information sharing effectiveness. The findings showed ISC could reduce the impact of information leakage, but an OCE could not. This study provides evidence that information sharing effectiveness could impact SCR. The former is a mediator between information leakage and SCR, with information leakage moderated by information security culture. These findings convey that multinationals should set up an ISC to reduce information leakage and enhance their SCR.Originality/valuePrior studies lacked the explanation of the impact of mitigating factors on information leakage in information sharing effectiveness affecting SCR. A framework that explains the relationships add value to organizations making available strategic decisions to curb information leakage and manage SCR.

HIGHER EDUCATION PROSPECTS AND ISSUES OF DEVELOPING INFORMATION SECURITY CULTURE AMONG STUDENTS (ON THE EXAMPLE OF FERGANA REGION)

Мақолада Фарғона вилоятида олий таълимнинг ривожланиш тенденциялари, кадрлар тайёрлаш соҳасига қўйилаётган замонавий талаблар, шунингдек, бўлажак мутахассисларда ахборот хавфсизлиги маданиятини ривожлантириш, унинг лойиҳа ва моделини ишлаб чиқиш ҳамда таълим тизимга илғор тажрибаларни жорий этиш каби масалалар тадқиқи этилган.