Effects of Security Knowledge, Self-Control, and Countermeasures on Cybersecurity Behaviors

Ifinedo, Princely

doi:10.1080/08874417.2022.2065553

Cited by 8 publications

(4 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Awareness of cyber threats is necessary for a robust cybersecurity framework (Ifinedo, 2023). This sub-cluster explores how individuals learn about cyber incidents and their understanding of digital threats.…”

Section: Awarenessmentioning

confidence: 99%

Building Cybersecurity Capacities in Zambia’s Business Sector: Guideline for SMEs

Saar,

Dagada

2024

iccws

View full text Add to dashboard Cite

This research explores cybersecurity awareness and implementation within Zambia’s small and medium-sized enterprises (SMEs), a sector increasingly targeted by cyberattacks that lead to substantial financial losses. The study’s primary aim was to enhance cyber awareness and develop actionable guidelines for SMEs in Zambia. Utilising an interpretivist philosophy and inductive approach, the methodology encompassed semi-structured interviews, cross-sectional analysis, and a comprehensive review of CISA, ENISA guidelines, and Zambia’s Data Protection Act. Findings indicate a notable deficit in cybersecurity training and awareness among SMEs. Key concerns include inadequate data security measures, a lack of formal cybersecurity policies, and a reliance on basic tools like antivirus software. In response, the study formulated targeted guidelines, emphasising the integration of cyber awareness into SME governance and risk management. These guidelines have garnered significant interest from Zambian government entities, highlighting their potential influence on national cybersecurity policy. The study contributes theoretically by contextualising international cybersecurity standards within Zambia’s unique SME landscape. Methodologically, it pioneers a Cyber Awareness Framework tailored to Zambian SMEs, underscoring the critical role of human factors in cybersecurity. Practically, the research has sparked engagement among SMEs and government bodies, demonstrating its applicability and potential for shaping policy. However, limitations include reliance on outdated demographic data and a focus on digitally enabled SMEs, potentially overlooking broader IT governance aspects and less digitized businesses. Future research should aim for comprehensive, up-to-date analysis across all SME sectors, contributing to a more inclusive and resilient cybersecurity landscape in Zambia.

show abstract

Section: Awarenessmentioning

confidence: 99%

Building Cybersecurity Capacities in Zambia’s Business Sector: Guideline for SMEs

Saar,

Dagada

2024

iccws

View full text Add to dashboard Cite

show abstract

“…Information security researchers have also begun to recognize the importance of security knowledge and security motivation (Crossler and B elanger, 2019). Knowledge is necessary, because security requires the knowledge to act (Chen et al, 2018;Cram et al, 2019;Ifinedo, 2022;Silic and Lowry, 2020). Motivation is important because knowledge alone is not sufficient to actually perform the tasks (Lebek et al, 2014;Lowry et al, 2015;Menard et al, 2017).…”

Section: Information Security As a Safety Practicementioning

confidence: 99%

“…However, knowledge is only a modest predictor of security compliance (Cram et al, 2019). From a theoretical perspective, knowledge is necessary because employees need to know what security behaviors are important and how to implement them (Cram et al, 2019;Ifinedo, 2022;Silic and Lowry, 2020). Without knowledge, employees are unable to act (Cram et al, 2019).…”

Section: Proximal Factorsmentioning

confidence: 99%

See 1 more Smart Citation

Employees are not the weakest link: an occupational safety view of information security

Dennis

2024

OCJ

View full text Add to dashboard Cite

PurposeI adapt the Integrated Model of Workplace Safety (Christian et al., 2009) to information security and highlight the need to understand additional factors that influence security compliance and additional security outcomes that need to be studied (i.e. security participation).Research limitations/implicationsThis model argues that distal factors in four major categories (employee characteristics, job characteristics, workgroup characteristics and organizational characteristics) influence two proximal factors (security motivation and security knowledge) and the security event itself, which together influence two important outcomes (security compliance and security participation).Practical implicationsSafety is a systems design issue, not an employee compliance issue. When employees make poor safety decisions, it is not the employee who is at fault; instead, the system is at fault because it induced the employee to make a poor decision and enabled the decision to have negative consequences.Social implicationsSecurity compliance is as much a workgroup issue as an individual issue.Originality/valueI believe that by reframing information security from a compliance issue to a systems design issue, we can dramatically improve security.

show abstract

Assessing cybersecurity awareness among bank employees: A multi-stage analytical approach using PLS-SEM, ANN, and fsQCA in a developing country context

Chanda,

Vafaei-Zadeh,

Hanifah

et al. 2025

Computers & Security

View full text Add to dashboard Cite

Effects of Security Knowledge, Self-Control, and Countermeasures on Cybersecurity Behaviors

Cited by 8 publications

References 45 publications

Building Cybersecurity Capacities in Zambia’s Business Sector: Guideline for SMEs

Building Cybersecurity Capacities in Zambia’s Business Sector: Guideline for SMEs

Employees are not the weakest link: an occupational safety view of information security

Assessing cybersecurity awareness among bank employees: A multi-stage analytical approach using PLS-SEM, ANN, and fsQCA in a developing country context

Contact Info

Product

Resources

About