Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training.
DOCUMENT
IT organizations and CEO‟s are, and should be, concerned these days about the (lack of) data confidentiality and the usage of „shadow‟ IT systems by employees. Not only does the company risk monetary loss or public embarrassment, the senior management might also risk personal fines or even imprisonment. Several trends reinforce the attention for these subjects, including the fact that an increasing number of people perform parts of their work tasks from home (RSA, 2007) and the increasing bandwidth available to internet users which makes them rely on the Internet for satisfying their business and personal computing needs (Desisto et al. 2008). Employee compliance with the existing IT security policies is therefore essential. This paper presents a study on factors that influence non-compliance behavior of employees in organizations. The factors found in literature are tested in a survey study amongst employees of a big-four accountancy firm in the Netherlands and Belgium. The study concludes that stricter IT governance and cultural aspects are the most important factors influencing non-compliance behavior.
DOCUMENT
In this paper we research the following question: What motivational factors relate, in which degree, to intentions on compliance to ISP and how could these insights be utilized to promote endusers compliance within a given organization? The goal of this research is to provide more insight in the motivational factors applicable to ISP and their influence on end-user behavior, thereby broadening knowledge regarding information systems security behaviors in organizations from the viewpoint of non-malicious abuse and offer a theoretical explanation and empirical support. The outcomes are also useful for practitioners to complement their security training and awareness programs, in the end helping enterprises better effectuate their information security policies. In this study an instrument is developed that can be used in practice to measure an organizational context on the effects of six motivational factors recognized. These applicable motivational factors are determined from literature and subsequently evaluated and refined by subject matter experts. A survey is developed, tested in a pilot, refined and conducted within four organizations. From the statistical analysis, findings are reported and conclusions on the hypothesis are drawn. Recommended Citation Straver, Peter and Ravesteyn, Pascal (2018) "End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors," Communications of the IIMA: Vol. 16 : Iss. 4 , Article 1. Available at: https://scholarworks.lib.csusb.edu/ciima/vol16/iss4/1
MULTIFILE
Why are risk decisions sometimes rather irrational and biased than rational and effective? Can we educate and train vocational students and professionals in safety and security management to let them make smarter risk decisions? This paper starts with a theoretical and practical analysis. From research literature and theory we develop a two-phase process model of biased risk decision making, focussing on two critical professional competences: risk intelligence and risk skill. Risk intelligence applies to risk analysis on a mainly cognitive level, whereas risk skill covers the application of risk intelligence in the ultimate phase of risk decision making: whether or not a professional risk manager decides to intervene, how and how well. According to both phases of risk analysis and risk decision making the main problems are described and illustrated with examples from safety and security practice. It seems to be all about systematically biased reckoning and reasoning.
DOCUMENT
This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/
DOCUMENT
The purpose of this study is to analyze the relationship between sustainable performance and risk management, whereby sustainability (innovation), interdisciplinarity and leadership give new insights into the traditional perspectives on performance and risk management in the field of accounting and finance.
MULTIFILE
In today’s world, information security is a trending as well as a crucial topic for both individuals and organizations. Cyber attacks cause financial loss for businesses with data breaches and production loss. Data breaches can result in loss of reputation, reduced customer loyalty, and fines. Also due to cyber attacks, business continuity is affected so that organizations cannot provide continuous production. Therefore, organizations should reduce cyber risks by managing their information security. For this purpose, they may use ISO/IEC 27001 Information Security Management Standard. ISO/IEC 27001:2013 includes 114 controls that are in both technical and organizational level. However, in the practice of security management, individuals’ information security behavior could be underestimated. Herein, technology alone cannot guarantee the safety of information assets in organizations, thereby a range of human aspects should be taken into consideration. In this study, the importance of security behavior with respect to ISO/IEC 27001 information security management implementation is presented. The present study extensively analyses the data collected from a survey of 630 people. The results of reliability measures and confirmatory factor analysis support the scale of the study.
MULTIFILE
From the article: "Abstract Maintenance processes of Dutch housing associations are often still organized in a traditional manner. Contracts are based on lowest price instead of ‘best quality for lowest price’ considering users’ demands. Dutch housing associations acknowledge the need to improve their maintenance processes in order to lower maintenance cost, but are not sure how. In this research, this problem is addressed by investigating different supply chain partnering principles and the role of information management. The main question is “How can the organisation of maintenance processes of Dutch housing associations, in different supply chain partnering principles and the related information management, be improved?” The answer is sought through case study research."
DOCUMENT
Purpose: The purpose of this study is to find determinants about risk resilience and develop a new risk resilience approach for (agricultural) enterprises. This approach creates the ability to respond resiliently to major environmental challenges and changes in the short term and adjust the management of the organization, and to learn and transform to adapt to the new environment in the long term while creating multiple value creation. Design/methodology: The authors present a new risk resilience approach for multiple value creation of (agricultural) enterprises, which consists of a main process starting with strategy design, followed by an environmental analysis, stakeholder collaboration, implement ESG goals, defining risk expose & response options, and report, learn & evaluate. In each step the organizational perspective, as well as the value chain/area perspective is considered and aligned. The authors have used focus groups and analysed literature from and outside the field of finance and accounting, to design this new approach. Findings: Researchers propose a new risk resilience approach for (agricultural) enterprises, based on a narrative about transforming to multiple value creation, founded determinants of risk resilience, competitive advantage and agricultural resilience. Originality and value: This study contributes by conceptualizing risk resilience for (agricultural) enterprises, by looking through a lens of multiple value creation in a dynamic context and based on insights from different fields, actual ESG knowledge, and determinants for risk resilience, competitive advantage and agricultural resilience.
DOCUMENT
