1
|
Pahlavanpour O, Gao S. A systematic mapping study on gamification within information security awareness programs. Heliyon 2024; 10:e38474. [PMID: 39398049 PMCID: PMC11467640 DOI: 10.1016/j.heliyon.2024.e38474] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/20/2023] [Revised: 09/23/2024] [Accepted: 09/24/2024] [Indexed: 10/15/2024] Open
Abstract
Information security awareness (ISA) has become a vital issue for organizations, as security breaches are usually attributed to human errors. ISP programs are effective ways to educate employees and enhance their information security knowledge. Gamification is a new concept in the area of ISA programs and it has been proven to be one of the most effective and proper ISA methods in both the private and public sectors. Despite a growing interest in employing gamification as an ISP program in recent years, there is a lack of study to provide a comprehensive overview of gamification within ISA programs and identify trends, patterns, and research gaps in this area in order to direct future research. To bridge this gap, a systematic mapping study is adopted as a research methodology. A total of 69 papers were selected and classified by document type, year of publication, research type, research contribution, gamification type, gamification in terms of adaptivity based on the target group, and gamification in terms of the use of artificial intelligence (AI) in order to make it user-tailored. The mapping study revealed that the published papers in this area were split between journals and conference papers with a higher proportion published in conference proceedings. Regarding the publication trend, from 2015 to 2022, gamification within ISA programs has come across to researchers' attention. The identified two main research types were evaluation research and validation research and the vast majority of the contribution type was tools. Moreover, content gamification has been used more commonly in ISA programs than structural gamification. Furthermore, the finding indicated that there were clear gaps in employing adaptive gamification, dynamic adaptive gamification and AI-based adaptive gamification, which makes these areas significant for future research.
Collapse
Affiliation(s)
| | - Shang Gao
- Department of Informatics, Örebro University, Örebro, Sweden
| |
Collapse
|
2
|
Gurcan F. What are developers talking about information security? A large-scale study using semantic analysis of Q&A posts. PeerJ Comput Sci 2024; 10:e1954. [PMID: 38660176 PMCID: PMC11041951 DOI: 10.7717/peerj-cs.1954] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/18/2024] [Accepted: 03/03/2024] [Indexed: 04/26/2024]
Abstract
Background Digitalization and rapid technological improvement in the present day bring numerous benefits, but they also raise the complexity and diversity of cyber security risks, putting critical information security issues on the agenda. Growing issues and worries about information security endanger not only the security of individuals and organizations but also global social and economic stability. Methods This study investigates the issues and challenges regarding information security by analyzing all the postings on ISSE (Information Security Stack Exchange), a Q&A website focused on information security. In order to identify the primary topics addressed in postings shared on the ISSE platform, we employed a probabilistic topic modeling method called latent Dirichlet allocation (LDA), which is generative in nature and relies on unsupervised machine learning processes. Results Through this investigation, a total of 38 topics were identified, demonstrating the present state of information security issues and challenges. Considering these topics, a comprehensive taxonomy of seven categories was devised to address information security issues, taking into account their backgrounds and perspectives. Subsequently, we conducted an examination of the prevalence and complexity of the matters at hand. In addition, we have defined the prevailing technologies utilized in the realm of information security, including tasks, certifications, standards, methods, tools, threats, and defenses. We have provided a number of implications for different stakeholders, including academics, developers, educators, and practitioners, who are working towards advancing the field of information security.
Collapse
Affiliation(s)
- Fatih Gurcan
- Department of Management Information Systems, Faculty of Economics and Administrative Sciences, Karadeniz Technical University, Trabzon, Turkey
| |
Collapse
|
3
|
Sukumar A, Mahdiraji HA, Jafari-Sadeghi V. Cyber risk assessment in small and medium-sized enterprises: A multilevel decision-making approach for small e-tailors. RISK ANALYSIS : AN OFFICIAL PUBLICATION OF THE SOCIETY FOR RISK ANALYSIS 2023; 43:2082-2098. [PMID: 36627823 DOI: 10.1111/risa.14092] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/09/2020] [Revised: 09/29/2022] [Accepted: 12/07/2022] [Indexed: 06/17/2023]
Abstract
The role played by information and communication technologies in today's businesses cannot be underestimated. While such technological advancements provide numerous advantages and opportunities, they are known to thread organizations with new challenges such as cyberattacks. This is particularly important for small and medium-sized enterprises (SMEs) that are deemed to be the least mature and highly vulnerable to cybersecurity risks. Thus, this research is set to assess the cyber risks in online retailing SMEs (e-tailing SMEs). Therefore, this article employs a sample of 124 small e-tailers in the United Kingdom and takes advantage of a multi-criteria decision analysis (MCDA) method. Indeed, we identified a total number of 28 identified cyber-oriented risks in five exhaustive themes of "security," "dependency," "employee," "strategic," and "legal" risks. Subsequently, an integrated approach using step-wise weight assessment ratio analysis (SWARA) and best-worst method (BWM) has been employed to develop a pathway of risk assessment. As such, the current study outlines a novel approach toward cybersecurity risk management for e-tailing SMEs and discusses its effectiveness and contributions to the cyber risk management literature.
Collapse
Affiliation(s)
- Arun Sukumar
- Bristol Business School, University of the West of England, Bristol, UK
| | | | | |
Collapse
|
4
|
Plachkinova M, Knapp K. Least Privilege across People, Process, and Technology: Endpoint Security Framework. JOURNAL OF COMPUTER INFORMATION SYSTEMS 2022. [DOI: 10.1080/08874417.2022.2128937] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/17/2022]
Affiliation(s)
- Miloslava Plachkinova
- Department of Information Systems and Security, Kennesaw State University, Kennesaw, GA, USA
| | - Kenneth Knapp
- Center for Cybersecurity, Anderson University, Anderson, SC, USA
| |
Collapse
|
5
|
Gale M, Bongiovanni I, Slapnicar S. Governing cybersecurity from the boardroom: Challenges, drivers, and ways ahead. Comput Secur 2022. [DOI: 10.1016/j.cose.2022.102840] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/03/2022]
|
6
|
Stewart H. Digital Transformation Security Challenges. JOURNAL OF COMPUTER INFORMATION SYSTEMS 2022. [DOI: 10.1080/08874417.2022.2115953] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/14/2022]
|
7
|
Schinagl S, Shahim A, Khapova S. Paradoxical tensions in the implementation of digital security governance: Toward an ambidextrous approach to governing digital security. Comput Secur 2022. [DOI: 10.1016/j.cose.2022.102903] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/25/2022]
|
8
|
Du Y, Xu Y, Wang X, Liu L, Ma P. EEG temporal-spatial transformer for person identification. Sci Rep 2022; 12:14378. [PMID: 35999245 PMCID: PMC9399234 DOI: 10.1038/s41598-022-18502-3] [Citation(s) in RCA: 4] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/11/2022] [Accepted: 08/12/2022] [Indexed: 11/09/2022] Open
Abstract
An increasing number of studies have been devoted to electroencephalogram (EEG) identity recognition since EEG signals are not easily stolen. Most of the existing studies on EEG person identification have only addressed brain signals in a single state, depending upon specific and repetitive sensory stimuli. However, in reality, human states are diverse and rapidly changing, which limits their practicality in realistic settings. Among many potential solutions, transformer is widely used and achieves an excellent performance in natural language processing, which demonstrates the outstanding ability of the attention mechanism to model temporal signals. In this paper, we propose a transformer-based approach for the EEG person identification task that extracts features in the temporal and spatial domains using a self-attention mechanism. We conduct an extensive study to evaluate the generalization ability of the proposed method among different states. Our method is compared with the most advanced EEG biometrics techniques and the results show that our method reaches state-of-the-art results. Notably, we do not need to extract any features manually.
Collapse
Affiliation(s)
- Yang Du
- Big Data Center, Nanfang Hospital, Southern Medical University, Guangzhou, 510515, China
| | - Yongling Xu
- Brainup Research Lab, Naolu Technology Co., Ltd., Beijing, 100124, China
| | - Xiaoan Wang
- Brainup Research Lab, Naolu Technology Co., Ltd., Beijing, 100124, China.
| | - Li Liu
- Big Data Center, Nanfang Hospital, Southern Medical University, Guangzhou, 510515, China.
| | - Pengcheng Ma
- Big Data Center, Nanfang Hospital, Southern Medical University, Guangzhou, 510515, China.
| |
Collapse
|
9
|
Ou CX, Zhang X, Angelopoulos S, Davison RM, Janse N. Security breaches and organization response strategy: Exploring consumers’ threat and coping appraisals. INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT 2022. [DOI: 10.1016/j.ijinfomgt.2022.102498] [Citation(s) in RCA: 4] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/28/2022]
|
10
|
CAESAR8: an Agile Enterprise Architecture Approach to Managing Information Security Risks. Comput Secur 2022. [DOI: 10.1016/j.cose.2022.102877] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/21/2022]
|
11
|
Manickam S, Rahef Nuiaa R, Hakem Alsaeedi A, Alyasseri ZAA, Mohammed MA, Jaber MM. An enhanced mechanism for detection of Domain Name System‐based distributed reflection denial of service attacks depending on modified metaheuristic algorithms and adaptive thresholding techniques. IET NETWORKS 2022. [DOI: 10.1049/ntw2.12043] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/20/2022]
Affiliation(s)
- Selvakumar Manickam
- National Advanced IPv6 Centre (NAv6) Universiti Sains Malaysia Minden Malaysia
| | - Riyadh Rahef Nuiaa
- National Advanced IPv6 Centre (NAv6) Universiti Sains Malaysia Minden Malaysia
- Department of Computer College of Education for Pure Sciences Wasit University Wasit Iraq
| | - Ali Hakem Alsaeedi
- College of Computer Science and Information Technology Universitas of Al‐Qadisiyah Al Diwaniyah Iraq
| | - Zaid Abdi Alkareem Alyasseri
- ECE Department Faculty of Engineering University of Kufa Kufa Najaf Iraq
- Information Technology Research and Development Center (ITRDC) University of Kufa Kufa Najaf Iraq
- College of Engineering University of WarithAl‐Anbiyaa Karbala Iraq
| | - Mazin Abed Mohammed
- College of Computer Science and Information Technology University of Anbar Ramadi Iraq
| | - Mustafa Musa Jaber
- Department of Computer Science Dijlah University College Baghdad Iraq
- Department of Medical Instruments Engineering Techniques Al‐Farahidi University Baghdad Iraq
| |
Collapse
|
12
|
Yeoh W, Wang S, Popovič A, Chowdhury NH. A systematic synthesis of critical success factors for cybersecurity. Comput Secur 2022. [DOI: 10.1016/j.cose.2022.102724] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
|
13
|
Khan NF, Yaqoob A, Khan MS, Ikram N. The Cybersecurity Behavioral Research: A Tertiary Study. Comput Secur 2022. [DOI: 10.1016/j.cose.2022.102826] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/27/2022]
|
14
|
Guggenmos F, Häckel B, Ollig P, Stahl B. Security First, Security by Design, or Security Pragmatism – Strategic Roles of IT Security in Digitalization Projects. Comput Secur 2022. [DOI: 10.1016/j.cose.2022.102747] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
|
15
|
Ahmad Wani T, Mendoza A, Gray K, Smolenaers F. BYOD usage and security behaviour of hospital clinical staff: an Australian survey. Int J Med Inform 2022; 165:104839. [DOI: 10.1016/j.ijmedinf.2022.104839] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/03/2022] [Revised: 07/13/2022] [Accepted: 07/20/2022] [Indexed: 11/25/2022]
|
16
|
Nord J, Sargent CS, Koohang A, Marotta A. Predictors of Success in Information Security Policy Compliance. JOURNAL OF COMPUTER INFORMATION SYSTEMS 2022. [DOI: 10.1080/08874417.2022.2067795] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/18/2022]
Affiliation(s)
- Jeretta Nord
- Oklahoma State University, Stillwater, Oklahoma, USA
| | | | | | | |
Collapse
|
17
|
Wani TA, Mendoza A, Gray K, Smolenaers F. Status of Bring-Your-Own-Device (BYOD) Security Practices in Australian Hospitals – A National Survey. HEALTH POLICY AND TECHNOLOGY 2022. [DOI: 10.1016/j.hlpt.2022.100627] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
|
18
|
Bergquist JH, Tinet S, Gao S. An information classification model for public sector organizations in Sweden: a case study of a Swedish municipality. INFORMATION AND COMPUTER SECURITY 2022. [DOI: 10.1108/ics-03-2021-0032] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
Purpose
The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.
Design/methodology/approach
To address the purpose of this research, a case study in a Swedish municipality was conducted. Data was collected through a mixture of techniques such as literature, document and website review. Empirical data was collected through interviews with 11 employees working within 7 different sections of the municipality.
Findings
This study resulted in an information classification model that is tailored to the specific needs of Swedish municipalities. In addition, a set of steps for tailoring an information classification model to suit a specific public organization are recommended. The findings also indicate that for a successful information classification it is necessary to educate the employees about the basics of information security and classification and create an understandable and unified information security language.
Practical implications
This study also highlights that to have a tailored information classification model, it is imperative to understand the value of information and what kind of consequences a violation of established information security principles could have through the perspectives of the employees.
Originality/value
It is the first of its kind in tailoring an information classification model to the specific needs of a Swedish municipality. The model provided by this study can be used as a tool to facilitate a common ground for classifying information within all Swedish municipalities, thereby contributing the first step toward a Swedish municipal model for information classification.
Collapse
|
19
|
Goel L, Zhang JZ, Williamson S. IT assimilation: construct, measurement, and implications in cybersecurity. ENTERP INF SYST-UK 2022. [DOI: 10.1080/17517575.2022.2052187] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/18/2022]
Affiliation(s)
- Lakshmi Goel
- Department of Management, University of North Florida, Jacksonville, Florida, United States
| | - Justin Zuopeng Zhang
- Department of Management, University of North Florida, Jacksonville, Florida, United States
| | - Steven Williamson
- Department of Management, University of North Florida, Jacksonville, Florida, United States
| |
Collapse
|
20
|
Bongiovanni I, Renaud K, Brydon H, Blignaut R, Cavallo A. A quantification mechanism for assessing adherence to information security governance guidelines. INFORMATION AND COMPUTER SECURITY 2022. [DOI: 10.1108/ics-08-2021-0112] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
Purpose
Boards of Directors and other organisational leaders make decisions about the information security governance systems to implement in their companies. The increasing number of cyber-breaches targeting businesses makes this activity inescapable. Recently, researchers have published comprehensive lists of recommended cyber measures, specifically to inform organisational boards. However, the young cybersecurity industry has still to confirm and refine these guidelines. As a starting point, it would be helpful for organisational leaders to know what other organisations are doing in terms of using these guidelines. In an ideal world, bespoke surveys would be developed to gauge adherence to guidelines, but this is not always feasible. What we often do have is data from existing cybersecurity surveys. The authors argue that such data could be repurposed to quantify adherence to existing information security guidelines, and this paper aims to propose, and test, an original methodology to do so.
Design/methodology/approach
The authors propose a quantification mechanism to measure the degree of adherence to a set of published information security governance recommendations and guidelines targeted at organisational leaders. The authors test their quantification mechanism using a data set collected in a survey of 156 Italian companies on information security and privacy.
Findings
The evaluation of the proposed mechanism appears to align with findings in the literature, indicating the validity of the present approach. An analysis of how different industries rank in terms of their adherence to the selected set of recommendations and guidelines confirms the usability of our repurposed data set to measure adherence.
Originality/value
To the best of the authors’ knowledge, a quantification mechanism as the one proposed in this study has never been proposed, and tested, in the literature. It suggests a way to repurpose survey data to determine the extent to which companies are implementing measures recommended by published cybersecurity guidelines. This way, the proposed mechanism responds to increasing calls for the adoption of research practices that minimise waste of resources and enhance research sustainability.
Collapse
|
21
|
A systematic framework to explore the determinants of information security policy development and outcomes. INFORMATION AND COMPUTER SECURITY 2022. [DOI: 10.1108/ics-06-2021-0076] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
Purpose
This paper aims to develop an effective information security policy (ISP), which is an important mechanism to combat insider threats.
Design/methodology/approach
A general framework based on the Nine-Five-circle was proposed for developing, implementing and evaluating an organisation's ISP.
Findings
The proposed framework outlines the steps involved in developing, implementing and evaluating a successful ISP.
Research limitations/implications
The study took place in Germany, and most of the data was collected virtually due to the different locations of the organisation.
Practical implications
In practice, this study can be a guide for managers to design a robust ISP that employees will read and follow.
Social implications
Employee compliance with the ISP is a critical aspect in any organisation and therefore a rigorous strategy based on a systematic approach is required.
Originality/value
The main contribution of the paper is the application of a comprehensive and coherent model that can be the first step in defining a “checklist” for creating and managing ISPs.
Collapse
|
22
|
Singh N, Krishnaswamy V, Zhang JZ. Intellectual structure of cybersecurity research in enterprise information systems. ENTERP INF SYST-UK 2022. [DOI: 10.1080/17517575.2022.2025545] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 01/03/2023]
Affiliation(s)
- Nitin Singh
- Information Systems & Business Analytics, Indian Institute of Management Ranchi, Ranchi, India
| | | | - Justin Zuopeng Zhang
- Information Systems Management, University of North Florida, Jacksonville, FL, USA
| |
Collapse
|
23
|
Zhang H, Hong X, Li Q, Gong Y, Liu S. Exploring the Intellectual Structure and International Cooperation in Information Management. JOURNAL OF GLOBAL INFORMATION MANAGEMENT 2021. [DOI: 10.4018/jgim.294577] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 01/12/2023]
Abstract
To make a comprehensive literature review and identify the development trends, this study maps the intellectual structure of the research information management based on co-keyword analysis, the 2-tuple linguistic technique, and social network analysis. This study reveals the intellectual structure by analyzing the topological structure, conceptual structure, and strategic diagram. From the perspective of topological structure, the research of the information management field can be divided into three layers including the nucleus layer, middle layer, and marginal layer. In terms of the conceptual structure, the research of information management can be divided into four sub-fields including health information management, information systems, information technology, and information management application. The four subfields can be repartitioned into seven clusters by using a 2-tuple linguistic model, which means that the 2-tuple linguistic model can improve co-keyword analysis.
Collapse
Affiliation(s)
- Huaige Zhang
- Guangdong University of Finance and Economics, China
| | - Xianpei Hong
- Guangdong University of Finance and Economics, China
| | - Qing Li
- Huazhong Agricultural University, China
| | | | - Shan Liu
- Xi'an Jiaotong University, China
| |
Collapse
|
24
|
The Effective Factors on Continuity of Corporate Information Security Management: Based on TOE Framework. INFORMATION 2021. [DOI: 10.3390/info12110446] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022] Open
Abstract
In the Fourth Industrial Revolution era, data-based business management activities among enterprises proliferated are mainly based on digital transformation. In this change, the information security system and its operation are emphasized as essential business activities of enterprises the research aims to verify the relationship among the influence factors of corporate information security management based on the TOE framework. This study analyzes the effects of technical, organizational, and environmental factors on the intention, strengthening, and continuity of information security management. To this, a survey was conducted on professional individuals who are working in areas related to information security in organizations, and 107 questionnaires were collected and analyzed. According to major results of the analysis on adopted hypotheses. In results, as to the intention of information security management, organization and environment factors were influential. In the other side, technology and environment factors were affected to the strengthening of information security management. Hence this study pointed out that the environmental factors are most significant for the information security administration of an organization. In addition, it turned out that the strengthening of information security management was influential on the continuity of information security management more significantly than the intention of information security management.
Collapse
|
25
|
A framework for ID fraud prevention policies in E-tailing sector. Comput Secur 2021. [DOI: 10.1016/j.cose.2021.102403] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/21/2022]
|
26
|
Kim TY, Cho SB. Optimizing CNN-LSTM neural networks with PSO for anomalous query access control. Neurocomputing 2021. [DOI: 10.1016/j.neucom.2020.07.154] [Citation(s) in RCA: 12] [Impact Index Per Article: 4.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/28/2022]
|
27
|
The Impact of Organizational Practices on the Information Security Management Performance. INFORMATION 2021. [DOI: 10.3390/info12100398] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/16/2022] Open
Abstract
Information explosion and pressures are leading organizations to invest heavily in information security to ensure that information technology decisions align with business goals and manage risks. Limited studies have been done using small- and-medium-sized enterprises (SMEs) in the manufacturing sector. Furthermore, a small number of parameters have been used in the previous studies. This research aims to examine and analyze the effect of security organizational practices on information security management performance with many parameters. A model has been developed together with hypotheses to evaluate the impact of organizational practices on information security management performance. The data is collected from 171 UK employees at manufacturing SMEs that had already implemented security policies. The structure equation model is employed via the SPSS Amos 22 tool for the evaluation of results. Our results state that security training, knowledge sharing, security education, and security visibility significantly impact information security performance. In addition, this study highlights a significant impact of both security training and knowledge sharing on trust in the organization. Business leaders and decision-makers can reference the proposed model and the corresponding study results to develop favourable tactics to achieve their goals regarding information security management.
Collapse
|
28
|
Arbanas K, Spremic M, Zajdela Hrustek N. Holistic framework for evaluating and improving information security culture. ASLIB J INFORM MANAG 2021. [DOI: 10.1108/ajim-02-2021-0037] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
PurposeThe objective of this research was to propose and validate a holistic framework for information security culture evaluation, built around a novel approach, which includes technological, organizational and social issues. The framework's validity and reliability were determined with the help of experts in the information security field and by using multivariate statistical methods.Design/methodology/approachThe conceptual framework was constructed upon a detailed literature review and validated using a range of methods: first, measuring instrument was developed, and then content and construct validity of measuring instrument was confirmed via experts' opinion and by closed map sorting method. Convergent validity was confirmed by factor analysis, while the reliability of the measuring instrument was tested using Cronbach's alpha coefficient to measure internal consistency.FindingsThe proposed framework was validated based upon the results of empirical research and the usage of multivariate analysis. The resulting framework ultimately consists of 46 items (manifest variables), describing eight factors (first level latent variables), grouped into three categories (second level latent variables). These three categories were built around technological, organizational and social issues.Originality/valueThis paper contributes to the body of knowledge in information security culture by developing and validating holistic framework for information security culture evaluation, which does not observe information security culture in only one aspect but takes into account its organizational, sociological and technical component.
Collapse
|
29
|
Edu AS, Agoyi M, Agozie D. Digital security vulnerabilities and threats implications for financial institutions deploying digital technology platforms and application: FMEA and FTOPSIS analysis. PeerJ Comput Sci 2021; 7:e658. [PMID: 34435101 PMCID: PMC8356653 DOI: 10.7717/peerj-cs.658] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/08/2021] [Accepted: 07/12/2021] [Indexed: 05/24/2023]
Abstract
Digital disruptions have led to the integration of applications, platforms, and infrastructure. They assist in business operations, promoting open digital collaborations, and perhaps even the integration of the Internet of Things (IoTs), Big Data Analytics, and Cloud Computing to support data sourcing, data analytics, and storage synchronously on a single platform. Notwithstanding the benefits derived from digital technology integration (including IoTs, Big Data Analytics, and Cloud Computing), digital vulnerabilities and threats have become a more significant concern for users. We addressed these challenges from an information systems perspective and have noted that more research is needed identifying potential vulnerabilities and threats affecting the integration of IoTs, BDA and CC for data management. We conducted a step-by-step analysis of the potential vulnerabilities and threats affecting the integration of IoTs, Big Data Analytics, and Cloud Computing for data management. We combined multi-dimensional analysis, Failure Mode Effect Analysis, and Fuzzy Technique for Order of Preference by Similarity for Ideal Solution to evaluate and rank the potential vulnerabilities and threats. We surveyed 234 security experts from the banking industry with adequate knowledge in IoTs, Big Data Analytics, and Cloud Computing. Based on the closeness of the coefficients, we determined that insufficient use of backup electric generators, firewall protection failures, and no information security audits are high-ranking vulnerabilities and threats affecting integration. This study is an extension of discussions on the integration of digital applications and platforms for data management and the pervasive vulnerabilities and threats arising from that. A detailed review and classification of these threats and vulnerabilities are vital for sustaining businesses' digital integration.
Collapse
Affiliation(s)
- Abeeku Sam Edu
- Management Information Systems, Cyprus International University, Nicosai, Cyprus
| | - Mary Agoyi
- Information Technology, Cyprus International University, Nicosia, Cyprus
| | - Divine Agozie
- Management Information Systems, Cyprus International University, Nicosai, Cyprus
| |
Collapse
|
30
|
Kuo KM, Talley PC, Lin DYM. Hospital Staff's Adherence to Information Security Policy: A Quest for the Antecedents of Deterrence Variables. INQUIRY: The Journal of Health Care Organization, Provision, and Financing 2021; 58:469580211029599. [PMID: 34229507 PMCID: PMC8576356 DOI: 10.1177/00469580211029599] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Key Words] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
Information security has come to the forefront as an organizational priority
since information systems are considered as some of the most important assets
for achieving competitive advantages. Despite huge capital expenditures devoted
to information security, the occurrence of security breaches is still very much
on the rise. More studies are thus required to inform organizations with a
better insight on how to adequately promote information security. To address
this issue, this study investigates important factors influencing hospital
staff’s adherence to Information Security Policy (ISP). Deterrence theory is
adopted as the theoretical underpinning, in which punishment severity and
punishment certainty are recognized as the most significant predictors of ISP
adherence. Further, this study attempts to identify the antecedents of
punishment severity and punishment certainty by drawing from upper echelon
theory and well-acknowledged international standards of IS security practices. A
survey approach was used to collect 299 valid responses from a large Taiwanese
healthcare system, and hypotheses were tested by applying partial least
squares-based structural equation modeling. Our empirical results show that
Security Education, Training, and Awareness (SETA) programs, combined with
internal auditing effectiveness are significant predictors of punishment
severity and punishment certainty, while top management support is not. Further,
punishment severity and punishment certainty are significant predictors of
hospital staff’s ISP adherence intention. Our study highlights the importance of
SETA programs and internal auditing for reinforcing hospital staff’s perceptions
on punishment concerning ISP violation, hospitals can thus propose better
internal strategies to improve their staff’s ISP compliance intention
accordingly.
Collapse
|
31
|
Pollini A, Callari TC, Tedeschi A, Ruscio D, Save L, Chiarugi F, Guerri D. Leveraging human factors in cybersecurity: an integrated methodological approach. COGNITION, TECHNOLOGY & WORK (ONLINE) 2021; 24:371-390. [PMID: 34149309 PMCID: PMC8195225 DOI: 10.1007/s10111-021-00683-y] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 01/06/2021] [Accepted: 05/24/2021] [Indexed: 06/12/2023]
Abstract
Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users' cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top-down and bottom-up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations' management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.
Collapse
Affiliation(s)
- Alessandro Pollini
- BSD Design, Via Lazzaretto, 19, 20124 Milano, IT Italy
- Deep Blue Srl, Via Manin, 53, 00185 Rome, IT Italy
| | - Tiziana C. Callari
- Socio-Technical Centre, Leeds University Business School, University of Leeds, Maurice Keyworth Building, Leeds, LS2 9JT UK
| | | | | | - Luca Save
- Deep Blue Srl, Via Manin, 53, 00185 Rome, IT Italy
| | | | - Davide Guerri
- Dedalus, Via di Collodi, 6, 50141 Florence, IT Italy
| |
Collapse
|
32
|
Sari PK, Prasetio A, Candiwan, Handayani PW, Hidayanto AN, Syauqina S, Astuti EF, Tallei FP. Information security cultural differences among health care facilities in Indonesia. Heliyon 2021; 7:e07248. [PMID: 34179533 PMCID: PMC8214091 DOI: 10.1016/j.heliyon.2021.e07248] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/24/2020] [Revised: 11/17/2020] [Accepted: 06/03/2021] [Indexed: 11/16/2022] Open
Abstract
Background Health information security (IS) breaches are increasing with the use of information technology for health care services, and a strong security culture is important for driving employees' information asset protection behavior. Objective This study aimed to analyze differences in information security cultures (ISCs) across health care providers based on factors drawn from the ISC model. Methods We used twelve factors to measure the ISCs of health care providers. This research applied a survey method with the Kruskal-Wallis H Test and the Mann-Whitney U Test as data analysis techniques. We collected the data through a questionnaire distributed to 470 employees of health care facilities (i.e. hospitals, community health centers, and primary care clinics) in Indonesia. Results The results revealed the differences between health care provider types for 9 of the 12 security culture factors. Top management support, change management, and knowledge were the differentiating factors between all types of health care providers. Organizational culture and security compliance only differed in primary care clinics. Meanwhile, security behavior, soft issues and workplace independence, information security policies, training, and awareness only differed in hospitals. Conclusion The results indicated that each type of health care provider required different approaches to develop an ISC considering the above factors. They provided insight for top management to design suitable programs for cultivating ISCs in their institutions.
Collapse
Affiliation(s)
- Puspita Kencana Sari
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia.,Faculty of Computer Science, Universitas Indonesia, Depok, Indonesia
| | - Adhi Prasetio
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia
| | - Candiwan
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia
| | | | | | - Syaza Syauqina
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia
| | - Eka Fuji Astuti
- Faculty of Economics and Business, Telkom University, Bandung, Indonesia
| | | |
Collapse
|
33
|
Stacey P, Taylor R, Olowosule O, Spanaki K. Emotional reactions and coping responses of employees to a cyber-attack: A case study. INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT 2021. [DOI: 10.1016/j.ijinfomgt.2020.102298] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/22/2022]
|
34
|
Sharma A, Rana NP, Nunkoo R. Fifty years of information management research: A conceptual structure analysis using structural topic modeling. INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT 2021. [DOI: 10.1016/j.ijinfomgt.2021.102316] [Citation(s) in RCA: 25] [Impact Index Per Article: 8.3] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 12/22/2022]
|
35
|
Evaluating the cyber security readiness of organizations and its influence on performance. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2021. [DOI: 10.1016/j.jisa.2020.102726] [Citation(s) in RCA: 10] [Impact Index Per Article: 3.3] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/19/2022]
|
36
|
Information Security Behavior and Information Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance. APPLIED SCIENCES-BASEL 2021. [DOI: 10.3390/app11083383] [Citation(s) in RCA: 21] [Impact Index Per Article: 7.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
Abstract
A grave concern to an organization’s information security is employees’ behavior when they do not value information security policy compliance (ISPC). Most ISPC studies evaluate compliance and noncompliance behaviors separately. However, the literature lacks a comprehensive understanding of the factors that transform the employees’ behavior from noncompliance to compliance. Therefore, we conducted a systematic literature review (SLR), highlighting the studies done concerning information security behavior (ISB) towards ISPC in multiple settings: research frameworks, research designs, and research methodologies over the last decade. We found that ISPC research focused more on compliance behaviors than noncompliance behaviors. Value conflicts, security-related stress, and neutralization, among many other factors, provided significant evidence towards noncompliance. At the same time, internal/external and protection motivations proved positively significant towards compliance behaviors. Employees perceive internal and external motivations from their social circle, management behaviors, and organizational culture to adopt security-aware behaviors. Deterrence techniques, management behaviors, culture, and information security awareness play a vital role in transforming employees’ noncompliance into compliance behaviors. This SLR’s motivation is to synthesize the literature on ISPC and ISB, identifying the behavioral transformation process from noncompliance to compliance. This SLR contributes to information system security literature by providing a behavior transformation process model based on the existing ISPC literature.
Collapse
|
37
|
Forty years of the International Journal of Information Management: A bibliometric analysis. INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT 2021. [DOI: 10.1016/j.ijinfomgt.2020.102307] [Citation(s) in RCA: 37] [Impact Index Per Article: 12.3] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
|
38
|
Lee L, Charles V. The impact of consumers’ perceptions regarding the ethics of online retailers and promotional strategy on their repurchase intention. INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT 2021. [DOI: 10.1016/j.ijinfomgt.2020.102264] [Citation(s) in RCA: 18] [Impact Index Per Article: 6.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
|
39
|
Polkinghorne S, Given LM. Holistic information research: From rhetoric to paradigm. J Assoc Inf Sci Technol 2021. [DOI: 10.1002/asi.24450] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/11/2022]
Affiliation(s)
| | - Lisa M. Given
- Swinburne University of Technology Hawthorn Victoria Australia
| |
Collapse
|
40
|
Ahmadi S, Ershadi MJ. Investigating the role of social networking technology on the organizational agility: a structural equation modeling approach. JOURNAL OF ADVANCES IN MANAGEMENT RESEARCH 2021. [DOI: 10.1108/jamr-04-2020-0052] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
PurposeThe current extensive business ecosystem, characterized by technological advances and development, impressive customers, and increasing social concerns, has exerted great pressure on business organizations. Among different business values for affording this pressure, organizational agility is a critical factor that should be carefully incorporated in business processes. The main purpose of the present study is to investigate the role of social networking technology, as a crucial collaborative tool, on organizational agility.Design/methodology/approachA model based on structural equations was designed in this regard. The constructs of this model are quality of service, varieties of services, costs and speed of service as independent variables and also agility management as a dependent variable. Based on the conceptual model, a questionnaire was prepared and distributed among the experts of social networking technology and agility management. Based on Cochran's formula the sample size was 384. The response rate was 100%. The main statistical measures such as Chi-square ratio to the degree of freedom, Non-soft Fitness Index (RMSEA), Goodness of Fit Index (GFI) and Modified fitness index (AGFI) were employed for analyzing the model.FindingsResults of obtained data indicated that a variety of services as the main factor of social networking technology has the most impact on the agility of a company. Then, the speed of service, service quality and costs were ranked respectively in second to fourth. Providing information technology (IT) service perceptions, promoting the service climate and thorough identification of IT requirements are the main critical success factors for maintaining a robust impact of social networking technology on organizational agility. Moreover, a well-designed enterprise structure alongside employing newly developed IT infrastructures such as cloud computing certainly improves the capabilities of organizations to improve their agility.Originality/valueAlthough the literature suggests a positive impact among IT or social networks on organizational agility, it is deficient in relation to considering the impact of social networking. Furthermore, a structural equation model (SEM) is used for assessing unobservable latent constructs and their related interrelationship.
Collapse
|
41
|
Ameen N, Tarhini A, Shah MH, Madichie N, Paul J, Choudrie J. Keeping customers' data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce. COMPUTERS IN HUMAN BEHAVIOR 2021. [DOI: 10.1016/j.chb.2020.106531] [Citation(s) in RCA: 25] [Impact Index Per Article: 8.3] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
|
42
|
Khan F, Kim JH, Mathiassen L, Moore R. DATA BREACH MANAGEMENT: AN INTEGRATED RISK MODEL. INFORMATION & MANAGEMENT 2021. [DOI: 10.1016/j.im.2020.103392] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/28/2022]
|
43
|
Georgiadou A, Mouzakitis S, Bounas K, Askounis D. A Cyber-Security Culture Framework for Assessing Organization Readiness. JOURNAL OF COMPUTER INFORMATION SYSTEMS 2020. [DOI: 10.1080/08874417.2020.1845583] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/22/2022]
|
44
|
Palanisamy R, Norman AA, Kiah MLM. Compliance with bring your own device security policies in organizations: A systematic literature review. Comput Secur 2020. [DOI: 10.1016/j.cose.2020.101998] [Citation(s) in RCA: 9] [Impact Index Per Article: 2.3] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/29/2022]
|
45
|
Teixeira da Silva JA. On the fate of social networking sites of deceased academics in the Covid-19 era and beyond. CURRENT RESEARCH IN BEHAVIORAL SCIENCES 2020. [PMID: 37519628 PMCID: PMC8963909 DOI: 10.1016/j.crbeha.2020.100007] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/26/2022] Open
Abstract
The Covid-19 pandemic has brought about unprecedented death, and among those touched by this virus are academics who have, at some point in their career, lost their lives, or academic institutes or countries who have lost valuable intellectual contributors. In the shadows of their deaths, it is incumbent upon us - as members of academia and the public - to somberly reflect on the realities of living close to, or alongside, death. One aspect that has not been widely discussed, but that seems to be more pertinent now than ever, is the fate of social media accounts, institutional websites, social networking sites, and other publicly available sites of deceased academics. A deceased academic continues to have responsibilities beyond their death because their work and legendary status may be posthumously challenged at any point in the future. Faced with challenges, absent an active voice that might be able to offer a suitable response, and considering the "fallible" nature of science, that legendary status and literature could change, for example, via the postmortem correction or retraction of their academic papers. While many academics have likely not reflected too deeply - or at all - on this issue, they would do well to ponder on this topic now, especially in these unprecedented times of Covid-19.
Collapse
|
46
|
Barlette Y, Jaouen A, Baillette P. Bring Your Own Device (BYOD) as reversed IT adoption: Insights into managers' coping strategies. INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT 2020; 56:102212. [PMID: 32934432 PMCID: PMC7484736 DOI: 10.1016/j.ijinfomgt.2020.102212] [Citation(s) in RCA: 11] [Impact Index Per Article: 2.8] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/28/2020] [Revised: 08/04/2020] [Accepted: 08/04/2020] [Indexed: 11/01/2022]
Abstract
The adoption of Bring Your Own Device (BYOD), initiated by employees, refers to the provision and use of personal mobile devices and applications for both private and business purposes. This bottom-up phenomenon, not initiated by managers, corresponds to a reversed IT adoption logic that simultaneously entails business opportunities and threats. Managers are thus confronted with this unchosen BYOD usage by employees and consequently adopt different coping strategies. This research aims to investigate the adaptation strategies embraced by managers to cope with the BYOD phenomenon. To this end, we operationalized the coping model of user adaptation (CMUA) in the organizational decision-making context to conduct a survey addressing 337 top managers. Our main results indicate that the impact of the CMUA constructs varies according to the period (pre- or post-implementation). The coping strategies differ between those who have already implemented measures to regulate BYOD usage and those who have not. We contribute to theory by integrating the perception of BYOD-related opportunities and threats and by shedding light on the decisional processes in the adoption of coping strategies. The managerial contributions of this research correspond to the improved protection of corporate information and the maximization of BYOD-related benefits.
Collapse
Affiliation(s)
- Yves Barlette
- Montpellier Business School, 2300 Avenue des Moulins, 34185, Montpellier cedex 4, France
| | - Annabelle Jaouen
- Montpellier Business School, 2300 Avenue des Moulins, 34185, Montpellier cedex 4, France
| | - Paméla Baillette
- University of Bordeaux, IRGO Research Center, 35 Avenue Abadie, CS51412, 33072, Bordeaux cedex, France
| |
Collapse
|
47
|
Chang SI, Chang LM, Liao JC. Risk factors of enterprise internal control under the internet of things governance: A qualitative research approach. INFORMATION & MANAGEMENT 2020. [DOI: 10.1016/j.im.2020.103335] [Citation(s) in RCA: 14] [Impact Index Per Article: 3.5] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/16/2022]
|
48
|
|
49
|
Lian JW. Understanding cloud-based BYOD information security protection behaviour in smart business: in perspective of perceived value. ENTERP INF SYST-UK 2020. [DOI: 10.1080/17517575.2020.1791966] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/23/2022]
Affiliation(s)
- Jiunn-Woei Lian
- Department of Information Management, National Taichung University of Science and Technology, Taichung, Taiwan
| |
Collapse
|
50
|
Wani TA, Mendoza A, Gray K. Hospital Bring-Your-Own-Device Security Challenges and Solutions: Systematic Review of Gray Literature. JMIR Mhealth Uhealth 2020; 8:e18175. [PMID: 32554388 PMCID: PMC7333072 DOI: 10.2196/18175] [Citation(s) in RCA: 16] [Impact Index Per Article: 4.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/09/2020] [Revised: 04/08/2020] [Accepted: 04/09/2020] [Indexed: 12/16/2022] Open
Abstract
BACKGROUND As familiarity with and convenience of using personal devices in hospitals help improve the productivity, efficiency, and workflow of hospital staff, the health care bring-your-own-device (BYOD) market is growing consistently. However, security concerns owing to the lack of control over the personal mobile devices of staff, which may contain sensitive data such as personal health information of patients, make it one of the biggest health care information technology (IT) challenges for hospital administrations. OBJECTIVE Given that the hospital BYOD security has not been adequately addressed in peer-reviewed literature, the aim of this paper was to identify key security challenges associated with hospital BYOD usage as well as relevant solutions that can cater to the identified issues by reviewing gray literature. Therefore, this research will provide additional practical insights from current BYOD practices. METHODS A comprehensive gray literature review was conducted, which followed the stepwise guidelines and quality assessment criteria set out by Garousi et al. The searched literature included tier 1 sources such as health care cybersecurity market reports, white papers, guidelines, policies, and frameworks as well as tier 2 sources such as credible and reputed health IT magazines, databases, and news articles. Moreover, a deductive thematic analysis was conducted to organize the findings based on Schlarman's People Policy Technology model, promoting a holistic understanding of hospitals' BYOD security issues and solutions. RESULTS A total of 51 sources were found to match the designed eligibility criteria. From these studies, several sociotechnical issues were identified. The major challenges identified were the use of devices with insufficient security controls by hospital staff, lack of control or visibility for the management to maintain security requirements, lack of awareness among hospital staff, lack of direction or guidance for BYOD usage, poor user experience, maintenance of legal requirements, shortage of cybersecurity skills, and loss of devices. Although technologies such as mobile device management, unified endpoint management, containerization, and virtual private network allow better BYOD security management in hospitals, policies and people management measures such as strong security culture and staff awareness and training improve staff commitment in protecting hospital data. CONCLUSIONS The findings suggest that to optimize BYOD security management in hospitals, all 3 dimensions of the security process (people, policy, and technology) need to be given equal emphasis. As the nature of cybersecurity attacks is becoming more complex, all dimensions should work in close alignment with each other. This means that with the modernization of BYOD technology, BYOD strategy, governance, education, and relevant policies and procedures also need to adapt accordingly.
Collapse
Affiliation(s)
- Tafheem Ahmad Wani
- School of Computing and Information Systems, The University of Melbourne, Melbourne, Australia
| | - Antonette Mendoza
- School of Computing and Information Systems, The University of Melbourne, Melbourne, Australia
| | - Kathleen Gray
- Centre for Digital Transformation of Health, The University of Melbourne, Melbourne, Australia
| |
Collapse
|