Identifying HRM Practices for Improving Information Security Performance

This article focuses on identifying key human resource management (HRM) practices necessary for improving information security performance from the perspective of IT professionals. The Importance-Performance Map Analysis (IPMA) via SmartPLS 3.0 was employed and 232 samples were collected from information technology (IT) professionals in 43 organizations. The analysis identified information security training, background checks and monitoring as very important HRM practices that could improve the performance of organizational information security. In particular, the study found training on mobile devices security and malware; background checks and monitoring of potential, current and former employees as of high importance but with low performance. Thus, these key areas need to be improved with top priority. Conversely, the study found accountability and employee relations as being overly emphasized by the organisations. The findings raised some useful implications and information for HR and IT leaders to consider in future information security strategy.

Identifying HRM Practices for Improving Information Security Performance

This article focuses on identifying key human resource management (HRM) practices necessary for improving information security performance from the perspective of IT professionals. The Importance-Performance Map Analysis (IPMA) via SmartPLS 3.0 was employed and 232 samples were collected from information technology (IT) professionals in 43 organizations. The analysis identified information security training, background checks and monitoring as very important HRM practices that could improve the performance of organizational information security. In particular, the study found training on mobile devices security and malware; background checks and monitoring of potential, current and former employees as of high importance but with low performance. Thus, these key areas need to be improved with top priority. Conversely, the study found accountability and employee relations as being overly emphasized by the organisations. The findings raised some useful implications and information for HR and IT leaders to consider in future information security strategy.

USING PSYCHOLOGICAL TRAININGS IN THE TRAINING OF LAW ENFORCEMENT OFFICERS

The article presents theoretical approaches to the definition of the concept of «psychological training» and the views of modern scientists on the use of training technologies in the training of law enforcement officers. Today, it is relevant and necessary to use modern psychological trainings for the development of personal and professional qualities of law enforcement officers. Psychological trainings include various methods of work: role plays, discussions, group problem solving, situation modeling, methods of feedback and reflection. The main advantages of the training are: development of a holistic system of such skills and abilities as the organization of positive interpersonal interaction in the community; acquisition of new knowledge about the future profession, development of skills and abilities to perform various types of communicative activities in standard and non-standard professional situations; instilling the ability to think critically and creatively in solving professional problems; analysis and selection of actions in professional situations; formation of personal judgments, assessments of the future profession; as well as teamwork skills. Psychotraining influences the increase of motivation to perform educational tasks and educational process, interests in subjects; contribute to a higher quality of knowledge acquisition and the purchase of new practical skills; adaptation of cadets to the conditions of study in the new social environment; solving a problem of a personal nature. In order to increase the efficiency of the process of education and training of law enforcement officers, as well as to create professionally necessary personal qualities, we propose to use them in the training of psycho-training staff. Such trainings can be: training of development of communicative skills, training of formation of emotional and volitional qualities, training of information security, training of psychological counteraction to information influence, training of formation of moral and psychological qualities, and also psychotraining of development of cases in critical and emergency situations.

Selected Aspects of Information Security Management in Entities Performing Medical Activity

The article is devoted to the issues related to an information security management in medical entities. The healthcare entities have been amongst the prime targets for hackers for several years. According to the IBM report “The 2016 X-Force Cyber Security Intelligence Index” in 2015 most of the attacks were carried out against these entities. The years 2016 and 2017 also witnessed spectacular cyberattacks, for example: medical records breach of 3.3 million people because of an unauthorized access to a server in the US, some WannaCry ransomware attacks on the UK hospitals, some MongoDB Database Leaks in the US or NotPetya ransomware attacks in the US hospitals. Entities performing medical activity are processing personal data concerning health that is classified as a “sensitive data” and needs a special protection. The article presents the results of the survey – interviews with IT managers (or designated persons) in entities performing medical activity in Lodz Voivodeship in Poland. The aim of the research was analysis and evaluation of information security management in these entities. The interviews had been performed between December, 2017 and January, 2018. As the results of the research, the ways of information security management were identified (in particular such aspects as: characteristics of the information security teams, information security management system auditing, risk management, information security incidents, budgets for information security, training and the General Data Protection Regulation implementation). The paper also describes the types of information that should be protected in healthcare entities and characteristic of surveyed entities that subordinate to the local government of Lodz Voivodeship in Poland.

Bibliometric Mapping of Research on User Training for Secure Use of Information Systems

Information systems are pervasive in organizations of all sizes. To use them securely, users must be properly trained. Because of the pervasiveness of information systems the number of scientific publications reporting on user training for secure use of information systems is increasing year by year. To overcome the issue of manually surveying such a vast body of knowledge and to keep up with research trends, we conducted bibliometric mapping of research on user training for secure use of information systems. A total of N = 1955 records published between 1991 and 2019 were retrieved from the Web of Science bibliographic database on 21 November 2019. Top contributing authors, organizations, countries and research field were identified with the Web of Science built-in results analysis tool. Additionally, keyword mapping was performed with VOSviewer software. The analysis of the network and overlay keyword maps revealed six clusters: healthcare, technology adoption, management, information security, technical solutions and physical security. The results of this study suggest attractive research directions to be pursued in the future, such as information security training in healthcare and individualized user training alternatives to one-size-fits-all user training approach.