A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP ...violations, yet studies using this theory have produced mixed results. Past research has indicated that cultural differences may be one reason for these inconsistent findings and have hence called for cross-cultural research on deterrence in information security. To address this gap, we formulated a model including deterrence, moral beliefs, shame, and neutralization techniques and tested it with the employees from 48 countries working for a large multinational company.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Purpose
Information security of an organization is influenced by the deployed policy and procedures. Information security policy reflects the organization’s attitude to the protection of its ...information assets. The purpose of this paper is to investigate the status of the information security policy at a subset of Saudi’s organizations by understanding the perceptions of their information technology’s employees.
Design/methodology/approach
A descriptive and statistical approach has been used to describe the collected data and characteristics of the IT employees and managers to understand the information security policy at the surveyed organizations. The author believes that understanding the IT employees’ views gives a better understanding of the organization’s status of information security policy.
Findings
It has been found that most of the surveyed organizations have established information security policy and deployed fair technology; however, many of such policies are not enforced and publicized effectively and efficiently which degraded the deployed technology for such protection. In addition, the clarity and the comprehensibility of such policies are questionable as indicated by most of the IT employees’ responses. A comparison with similar studies at Middle Eastern and European countries has shown similar findings and shares the same concerns.
Originality/value
The findings of this research suggest that the Saudi Communications and Information Technology Commission should develop a national framework for information security to guide the governmental and non-governmental organizations as well as the information security practitioners on the good information security practices in terms of policy and procedures to help the organizations to avoid any vulnerability that may lead to violations on the security of their information.
Optical multiplexing plays an important role in applications such as optical data storage, document security, molecular probes and bead assays for personalized medicine. Conventional fluorescent ...colour coding is limited by spectral overlap and background interference, restricting the number of distinguishable identities. Here, we show that tunable luminescent lifetimes τ in the microsecond region can be exploited to code individual upconversion nanocrystals. In a single colour band, one can generate more than ten nanocrystal populations with distinct lifetimes ranging from 25.6 µs to 662.4 µs and decode their well-separated lifetime identities, which are independent of both colour and intensity. Such 'τ-dots' potentially suit multichannel bioimaging, high-throughput cytometry quantification, high-density data storage, as well as security codes to combat counterfeiting. This demonstration extends the optical multiplexing capability by adding the temporal dimension of luminescent signals, opening new opportunities in the life sciences, medicine and data security.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
Although organizational information security investment has attracted a great deal of attention from academia and industry, there is a lack of studies on the decision maker's overconfidence. This ...paper examines the relationship between overconfidence of executives, information security investment and information security performance. The study shows that overconfidence is negatively associated with information security investment and an inverted U-shaped curvilinear relationship existed between information security investment and information security performance. Furthermore, to illustrate the robustness of our results, the suppressing effect and the serial mediating role between overconfidence, information security investment and information security performance are tested finally.
Full text
Available for:
BFBNIB, GIS, IJS, KISLJ, NUK, PNG, UL, UM, UPUK
Bank handles private information like customer financial transactions and personal data. There was a 63% increase in cyberattacks attempted against Bank XYZ in 2021, and 1,323 attempted attacks on ...corporate email Bank XYZ. Therefore, implementing security awareness training for all employees is crucial for Bank XYZ. The information security awareness program must be assessed to determine the program's efficiency and the level of information security awareness among employees. Therefore, this study assesses the information security awareness at Bank XYZ, especially the Information Technology (IT) Directorate using the Human Aspect of Information Security Questionnaire (HAIS-Q) method. The findings of this study revealed that employees at Bank XYZ in the information security work unit had a "Good" level of awareness. In contrast, the results from other IT work units were “Medium”. Based on the assessment results, Bank XYZ's security awareness strategy recommendation is to align awareness content with information security policies and procedures, use a variety of media awareness, and focus on the "Internet Use" and "Information Handling" awareness areas. As a way of determining the achievement of information security Key Performance Indicators (KPI), security awareness measurement must be done regularly, for example, once a year.
The relationship between security culture and Information Security Awareness (ISA) has received preliminary support; however, its interplay with organisational culture is yet to be empirically ...investigated. Therefore, this study explored the relationship between ISA, organisational culture, and security culture. A total of 508 working Australians completed an online questionnaire. ISA was measured using the Human Aspects of Information Security Questionnaire (HAIS-Q); organisational culture was measured using the Denison Organisational Culture Survey (DOCS); and security culture was assessed through the Organisational Security Culture Measure. Our results showed that while organisational culture and security culture were correlated with ISA, security culture played an important mediating relationship between organisational culture and ISA. This suggests that organisations should focus on security culture rather than organisational culture to improve ISA, saving time and resources. Future research could further extend current findings by also considering national culture.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Information hiding is the science of concealing a secret message or watermark inside a cover media (a host file/message) for providing various security purposes such as content authentication, ...integrity verification, covert communication, and so on.
Operating systems and programmes are more protected these days and attackers have shifted their attention to human elements to break into the organisation's information systems. As the number and ...frequency of cyber-attacks designed to take advantage of unsuspecting personnel are increasing, the significance of the human factor in information security management cannot be understated. In order to counter cyber-attacks designed to exploit human factors in information security chain, information security awareness with an objective to reduce information security risks that occur due to human related vulnerabilities is paramount. This paper discusses and evaluates the effects of various information security awareness delivery methods used in improving end-users' information security awareness and behaviour. There are a wide range of information security awareness delivery methods such as web-based training materials, contextual training and embedded training. In spite of efforts to increase information security awareness, research is scant regarding effective information security awareness delivery methods. To this end, this study focuses on determining the security awareness delivery method that is most successful in providing information security awareness and which delivery method is preferred by users. We conducted information security awareness using text-based, game-based and video-based delivery methods with the aim of determining user preferences. Our study suggests that a combined delivery methods are better than individual security awareness delivery method.
Full text
Available for:
BFBNIB, DOBA, GIS, IJS, IZUM, KILJ, KISLJ, NUK, PILJ, PNG, SAZU, UILJ, UKNU, UL, UM, UPUK
Background. The object of the research is information security event logs. The subject of the research is the methods of signature analysis and profiling of information security events. The purpose ...of the research is to identify the shortcomings of the above methods in identifying information security incidents and to develop a method that eliminates the identified shortcomings. Materials and methods. The analysis of information security events was carried out using the methods of signature analysis, digital profiling and a new graphic-analytical method proposed in the framework of the study. Results. The shortcomings of the methods of signature analysis and profiling of information security events are determined. Identified types of information security incidents that are not included in the visibility of the above methods. The application of the proposed graphic-analytical method makes it possible to eliminate the identified shortcomings, identify unknown types of information security incidents, and expand the functionality of information security monitoring systems in general. Conclusions. The use of the proposed graphic-analytical method for analyzing information security events makes it possible to identify information security incidents that are not included in the visibility zone of signature methods and profiling methods, and also to use them to gain knowledge about the system under study, which is impossible with a visual analysis of the journal itself. The results of applying the method can be further used to identify information security incidents in real time.
The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information ...security, these two concepts are not totally analogous. Moreover, the paper posits that cyber security goes beyond the boundaries of traditional information security to include not only the protection of information resources, but also that of other assets, including the person him/herself. In information security, reference to the human factor usually relates to the role(s) of humans in the security process. In cyber security this factor has an additional dimension, namely, the humans as potential targets of cyber attacks or even unknowingly participating in a cyber attack. This additional dimension has ethical implications for society as a whole, since the protection of certain vulnerable groups, for example children, could be seen as a societal responsibility.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK