Information security conscious care behaviour formation in organizations

Computer Fraud & Security

Maple

2016

Self Cite

Information security breaches and privacy violations are major concerns of many organizations. Human behaviour, either intentionally or through negligence, is a great potential of risk to information assets. It is acknowledged that technology alone cannot guarantee a secure environment for information assets; human considerations should be taken into account as well as technological and procedural aspects. This article strives to present a useful classification of users' mistakes in the domain of information security. The outputs of this study shed some light for both academics and practitioners. IntroductionIt is well-understood that an information security breach can have serious consequences for an organization. Losing reputation, competitive advantage, funds, future revenue, productivity, intellectual property and in the worst scenario bankruptcy are some results of information security breaches. For example, the defence industry has usually several suppliers; they share information among each other to increase productivity. Information security leakage in such a sector can have serious impacts on national security. For these reasons, considering all aspects that can mitigate the risk of information security breaches is necessary. A remarkable portion of these threats relates to the human mistakes. Sharing password and user name with colleague, writing login information on a sticky paper and putting on monitor or desk, using social number as password, using simple password without special characters (dictionary words), downloading software from the Internet, carrying organizational data in external hard or pen drive, leaving systems logged-in while in unattendance, opening unknown email and its attachments, changing password through the email (phishing) and so forth are simple examples of employees' mistakes. Users' negligence, ignorance, lack of awareness, mischievousness, apathy and resistance are usually the reasons for information security breaches (Sohrabi Safa, Von Solms et al., 2016).

Section: Conscious Care Behaviourmentioning

confidence: 99%

Section: The Lack Of Awarenessmentioning

confidence: 99%

Human errors in the information security realm – and how to fix them

Computer Fraud & Security

Maple

2016

Self Cite

“…[18,23] utilised the TPB to show how the disposition to comply with OISPs is formed in the organisations. Safa, Sookhak [3] also used the TPB to explain the formation of information security conscious care behaviour in organisations. In another study, Cox [24] used the TPB to investigate the disregard of information security policies by users, even though they know the policies.…”

Section: Theory Of Planned Behaviourmentioning

confidence: 99%

“…In the modern environment, information security is the most important and controversial subject among experts [1]. Applying different strategies, such as acting based on information security organisational procedures and policies [2], information security conscious care behaviour [3], sharing information security knowledge [4,5] and information security collaboration in organisations [6], have been acknowledged to be useful in decreasing the vulnerability of information security incidents in companies. A novel conceptual model is presented in this study that depicts how collaboration develops and reduces the risk of information security incidents in organisations.…”

Section: Introductionmentioning

confidence: 99%

Information security collaboration formation in organisations

IET Information Security

Maple

Watson

et al. 2018

Collaboration between employees in the domain of information security efficiently mitigates the effect of information security attacks on organisations. Collaboration means working together to do or to fulfil a shared goal, the target of which in this paper is the protection of the information assets in organisations. Information Security Collaboration (ISC) aims to aggregate the employees' contribution against information security threats. This study clarifies how ISC is to be developed and how it helps to reduce the effect of attacks. The socialisation of collaboration in the domain of information security applies two essential theories: Social Bond Theory (SBT) and the Theory of Planned Behaviour (TPB). The results of the data analysis revealed that personal norms, involvement, and commitment significantly influence the employees' attitude towards ISC intention. However, contrary to our expectation, attachment does not influence the attitude of employees towards ISC. In addition, attitudes towards ISC, perceived behavioural control, and personal norms significantly affect the intention towards ISC. The findings also show that the intention for ISC and organisational support positively influence ISC, but that trust does not significantly affect ISC behaviour.

“…In addition, hackers use novel and creative methods to access information assets. Different kinds of phishing, social engineering, and misleading software are examples of methods typically used to achieve their target [2]. Users, intentionally or unintentionally, are a source of risk for information assets.…”

Section: Introductionmentioning

confidence: 99%

The information security landscape in the supply chain

Computer Fraud & Security

2017

Self Cite

Information security is an important issue in supply chain. Information security breaches have serious consequences for companies, such as loss of revenue, reputation, customers, business advantages, and, in the worst-case scenario, bankruptcy. On the other hand, collaboration and integration between different parties is necessary to increase productivity in the supply chain. However, increasing the flow of information increases the risk of information leakage. To mitigate the risk of information security breach in the supply chain we need to have a comprehensive view about information security. This research aims to investigate different dimensions of information security in the supply chain. A review of literature revealed that technological, managerial, organizational, psychological, educational and awareness aspects of information security play important roles in the security of information in supply chain.