Big Data Analytics Adoption Factors in Improving Information Systems Security

This research measured determinants that influence the willingness of IT/IA professionals to recommend Big Data analytics to improve information systems security in an organization. A review of the literature as well as the works of prior researchers provided the basis for formulation of research questions. Results of this study found that security effectiveness, organizational need, and reliability play a role in the decision to recommend big data analytics to improve information security. This research has implications for both consumers and providers of big data analytics services through the identification of factors that influence IT/IA professionals. These factors aim to improve information systems security, and therefore, which service offerings are likely to meet the needs of these professionals and their organizations.

Conceptualizing the Domain and an Empirical Analysis of Operations Security Management

Operations security management integrates the activities of all the information systems security controls. It ensures that the entire computing environment is adequately secured. This chapter conducts an in-depth review of scholarly and practitioner works to conceptualize the domain of operations security management. Drawing upon the existing information systems security literature, the chapter classifies operations security management into 10 domains. Following, the chapter performs an empirical analysis to investigate the state-of-practice of operations security management in organizations. The findings show that the maturity level of operations security management is at the Level 3 (well-defined). The maturity levels range from Level 0 (not performed) to Level 5 (continuously improving). The results indicate that operations security processes are documented, approved, and implemented organization-wide. Backup and malware management are the most applied operations security controls, while logging, auditing, monitoring, and reviewing are the least implemented controls.

The Role of Human Resource Management in Enhancing Organizational Information Systems Security

Emerging human resource management (HRM) practices are focusing on background checks, training and development, employer-employee relations, responsibility and accountability, and monitoring of information systems security resources. Information systems security ensures that appropriate resources and adequate skills exist in the organization to effectively manage information security projects. This chapter examined the role of HRM in enhancing organizational information systems security. Using importance-performance map analysis, the study found training, background checks, and monitoring as crucial HRM practices that could enhance organizational information systems security. Moreover, four indicators, consisting of training on mobile devices security; malware management; background checks; and monitoring of potential, current, and former employees recorded high importance but with rather low performance. Consequently, these indicators should be improved. On the contrary, the organizations placed excessive focus on responsibility, accountability, and employee relations.

The Role of Human Resource Management in Enhancing Organizational Information Systems Security

Emerging human resource management (HRM) practices are focusing on background checks, training and development, employer-employee relations, responsibility and accountability, and monitoring of information systems security resources. Information systems security ensures that appropriate resources and adequate skills exist in the organization to effectively manage information security projects. This chapter examined the role of HRM in enhancing organizational information systems security. Using importance-performance map analysis, the study found training, background checks, and monitoring as crucial HRM practices that could enhance organizational information systems security. Moreover, four indicators, consisting of training on mobile devices security; malware management; background checks; and monitoring of potential, current, and former employees recorded high importance but with rather low performance. Consequently, these indicators should be improved. On the contrary, the organizations placed excessive focus on responsibility, accountability, and employee relations.

Exploring information systems security implications posed by BYOD for a financial services firm

This study explores information systems security implications posed by Bring Your Own Device concept in financial services firms. Thus, the findings and recommendations from this study will help financial services and other organisations to be cognisant of the importance of BYOD policy formulation. The use of BYOD has become prevalent in the workplace due to the increased dependence on the Internet and advancements in technologies. It is beneficial to the organisation in that employees buy, use and insure their own devices, thus, the organisation does not bear these costs. However, there is a huge cost to the company if the use and connection of BYODs to the company’s Information Technology infrastructure is not regulated and monitored. BYODs expose information and information systems assets to threat actors. Financial institutions handle very sensitive information, making them a target for data breach and the adoption of BYODs more hazardous. A qualitative research method was conducted with eight (8) purposefully selected participants working in the Risk, IT and Information Systems Security departments of the financial institution. Telephonic interviews were conducted in line with the national protocols of the global Corona Virus Disease-2019 (COVID-19) pandemic. The study revealed the absence of a BYOD policy and employees could use any number of personal devices without restrictions. Users were aware of information systems security policies and protocols because of the annual training and awareness programmes.

The financial impacts of information systems security breaches on publicly traded companies: reactions of different sectors

PurposeToday, information systems and technology provides a wide set of tools for companies to increase the efficiency of their businesses. Although technology offers many benefits to businesses, it also brings risks as the information systems security breaches. Security breaches and their financial impact is a constant concern of the researchers and practitioners. This paper explores information systems breaches and their financial impacts on the publicly traded companies in different sectors.Design/methodology/approachAfter a comprehensive data collection process, data from 192 events are analyzed by employing Event Study Methodology and a comparison of the results between the four highly affected sectors (Consumer Goods, Technology, Financial and Communications) is presented. The abnormal returns on the prices of stocks after the events are calculated with the Market Model. Also, the results of the Market Adjusted Model and Mean Adjusted Model are presented to support the results.FindingsWhile information systems security breaches have a significant negative impact on the Financials and the Technology sectors for all the event windows in the study ([−5, 0], [−5, 1], [−5, 5], and [−5, 10]), the significant negative impact is observed only on the [−5, 5] and [−5, 10] event windows for the Consumer Goods sector. No significant negative impact is observed in the Communications sector, in fact, the cumulative abnormal returns are positive for this sector.Originality/valueThe contribution of this paper to provide evidence about the financial impacts of the information systems breaches for businesses in different sectors. While there are studies that have previously focused on the information systems breaches and their financial impacts on businesses, to the best of our knowledge, this is the first study that compares this effect between the four highly impacted sectors. With a relatively larger sample size and broader event windows than the past studies in the literature, statistical evidence is provided to managers to justify their investments in information security and build preventive measures to secure the market value of their firms.

Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing

In public areas, employees are both consumers and producers in information. For sustainable usage of information, employees should be aware of information systems security (ISS). Information systems security (ISS) is critical in further developing public sector information systems, such as e-government. Most ISS breaches are committed by insiders rather than outsiders. This study investigates the applicability of adult social bond theory, which proposes social controls in the form of social bonds that provide deterrence based on the potential shame an employee would feel from committing an ISS breach. The proposed research model consists of four antecedents for adult social bonds: commitment, attachment, belief and job stability. Individual ISS compliance is set as the dependent variance and deterrence and shame are set as the mediators between social bonds and compliance. Analysis of 672 data points largely supports the research model, proving the applicability to ISS of social bonds and social control. Belief seems to have the strongest effect on individual compliance. Implications are discussed and further studies are proposed.