Increasingly sophisticated cyberattacks often systematically target organizational insiders. Their motivation for self-protection has therefore an important role in cybersecurity of organizations. ...Protection motivation studies in information security literature are largely based on the protection motivation theory (PMT) without proper adaptation to the organizational context. Additionally, only few studies consider the role of fear in protection motivation although PMT itself is based on fear appeals. This paper aims to revise PMT to better fit the organizational context of organizational insiders. A survey was conducted among academics (N = 255) at six Slovenian universities to reexamine threat appraisals of organizational insiders, and the mediating and moderating roles of fear of cyberattacks in protection motivation. CB-SEM analysis of survey data supports the distinction between appraisals of threats to the individual and to the organization. It also supports differentiating between perceived threats and fear of cyberattacks. Although we did not find support for the mediating role of fear of cyberattacks, perceived threats may mediate the association between perceived severity and vulnerability, and protection motivation. Only perceived vulnerability of the individual and perceived severity of consequences for the organization affect perceived threats. Perceived threats and measure efficacy influence protection motivation. Fear of cyberattacks dampens the positive relationship between self-efficacy and protection motivation. Self-efficacy influences protection motivation only when fear of cyberattacks is low. Interventions aiming to increase protection motivation need to focus on raising the perceived vulnerability of individuals, emphasizing the consequences for the organization, and increasing the efficacy of self-protective measures. Interventions aiming to improve self-efficacy may be effective only when there is low fear of cyberattacks and can be avoided when high fear of cyberattacks is expected.
Measuring the performance of information security is an essential part of the information security management system within organisations. Studies in the past mainly focused on establishing ...qualitative measurement approaches. Since these can lead to ambiguous conclusions, quantitative metrics are being increasingly proposed as a useful alternative. Nevertheless, the literature on quantitative approaches remains scarce. Thus, studies on the evaluation of information security performance are challenging, especially since many approaches are not tested in organisational settings. The paper aims to validate the model used for evaluating the performance of information security management system through a multidimensional socio-technical approach, in a real-world settings among medium-sized enterprises in Slovenia. The results indicate that information security is strategically defined and compliant, however, measures are primarily implemented at technical and operational levels, while its strategic management remains underdeveloped. We found that the biggest issues are related to information resources and risk management, where information security measurement-related activities proved to be particularly problematic. Even though enterprises do possess certain information security capabilities and are aware of the importance of information security, their current practices make it difficult for them to keep up with the fast-paced technological and security trends.
The emergence of a pandemic is usually accompanied by different measures–economic, social, preventive, and (self)protective. In the case of the COVID-19, several preventive measures were formally ...enforced by state authorities in the majority of countries worldwide. Thus, during the COVID-19 pandemic, the intertwining of formal and informal social control could be observed. Hence, in this study a cross-sectional design was chosen to explore the issue in Slovenia. To the best of our knowledge, this research is the first in the current literature to empirically test the general deterrence theory in pandemic circumstances (as external factors predicting individuals’ compliance with the COVID-19 preventive measures). The results suggest an important role of informal punishment, with perceived informal severity being the only statistically significant factor from the general deterrence theory. In contrast to external factors, internal factors play a significantly greater role in promoting people’s self-protective behavior in pandemic circumstances. During the unknown, the uncertain and delicate situations with which people have no previous experience, both personal beliefs about the effectiveness of measures and perceived self-efficacy are more important than fear of formal sanctions.
Despite the increasing use of domestic social robots by older adults, there remains a significant knowledge gap regarding attitudes, concerns, and potential adoption behavior in this population. This ...study aims to categorize older adults into distinct technology adoption groups based on their attitudes toward domestic social robots and their behavior in using the existing technology.
An exploratory qualitative research design was used, involving semi-structured interviews with 24 retired Slovenian older adults aged 65 years or older, conducted between 26 June and 14 September 2023.
Four distinct groups of older adults were identified: (1) Cautious Optimists, (2) Skeptical Traditionalists, (3) Positive Optimists, and (4) Technophiles based on eight characteristics.
These groups can be aligned with the categories of the Diffusion of Innovation Theory. Privacy and security concerns, influenced by varying levels of familiarity with the technology, pose barriers to adoption. Perceived utility and ease of use vary considerably between groups, highlighting the importance of taking into account the different older adults. The role of social influence in the adoption process is complex, with some groups being more receptive to external opinions, while others exhibit more autonomous decision-making.
Maintaining order and safety in a prison environment heavily depends on prison officers, who daily interact with prisoners and are constantly dealing with dangerous situations. Their task performance ...is vital for the organizational performance and the fulfillment of the prisons’ mission. For managing prison officers’ job performance efficiently, it is important to understand the associated factors; however, job performance in a prison environment remains completely unexplored in Slovenia. This article presents a study conducted among Slovenian prison officers (
n
= 201), which examined their task performance, its association with job attitudes, and the role of organizational and work-related factors. The study results showed that the prison officers’ task performance is associated with their job satisfaction, but not with their job involvement. Moreover, their job satisfaction is associated with perceived organizational justice, job stress, and the dangerousness of the job. Based on these findings, we demonstrated that task performance depends on several direct and indirect factors that prison management should prioritize, the key ones being stress reduction, strengthening the feeling of organizational justice, and the ability to deal with the job-related dangers successfully. This article highlights organizational and work-related factors important for improving the prison officers’ well-being at work.
Although agile methods gained popularity and became globally widespread, developing secure software with agile methods remains a challenge. Method elements (i.e., roles, activities, and artifacts) ...that aim to increase software security on one hand can reduce the characteristic agility of agile methods on the other. The overall aim of this paper is to provide small- and medium-sized enterprises (SMEs) with the means to improve the sustainability of their software development process in terms of software security despite their limitations, such as low capacity and/or financial resources. Although software engineering literature offers various security elements, there is one key research gap that hinders the ability to provide such means. It remains unclear not only how much individual security elements contribute to software security but also how they impact the agility and costs of software development. To address the gap, we identified security elements found in the literature and evaluated them for their impact on software security, agility, and costs in an international study among practitioners. Finally, we developed a novel lightweight approach for evaluating agile methods from a security perspective. The developed approach can help SMEs to adapt their software development to their needs.
Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key ...activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security.
Cybercrime is one of the most significant security challenges of the 21st century. However, official statistics do not provide insights into its prevalence and nature. Representative cross-sectional ...field studies may help fill this gap, focusing on differences between urban and rural technology users. We (a) investigated the association between the purpose of computers and other electronic device usage and perceived vulnerability, (b) compared the differences in the purpose of computers or other electronic device use and perceived vulnerability, and (c) compared the perceived cyber victimization between residents of rural and urban areas. We conducted a field study that resulted in a representative sample of the Republic of Slovenia in Europe. We found several significant differences in the purpose of technology use and perceived cyber victimization. Furthermore, the results indicate that the purpose of technology use is somehow associated with perceived vulnerability in cyberspace; however, such associations are different in cyberspace than in the material world.
Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research ...aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities.
Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model.
We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations.
To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.