Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training.
DOCUMENT
In this paper we research the following question: What motivational factors relate, in which degree, to intentions on compliance to ISP and how could these insights be utilized to promote endusers compliance within a given organization? The goal of this research is to provide more insight in the motivational factors applicable to ISP and their influence on end-user behavior, thereby broadening knowledge regarding information systems security behaviors in organizations from the viewpoint of non-malicious abuse and offer a theoretical explanation and empirical support. The outcomes are also useful for practitioners to complement their security training and awareness programs, in the end helping enterprises better effectuate their information security policies. In this study an instrument is developed that can be used in practice to measure an organizational context on the effects of six motivational factors recognized. These applicable motivational factors are determined from literature and subsequently evaluated and refined by subject matter experts. A survey is developed, tested in a pilot, refined and conducted within four organizations. From the statistical analysis, findings are reported and conclusions on the hypothesis are drawn. Recommended Citation Straver, Peter and Ravesteyn, Pascal (2018) "End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors," Communications of the IIMA: Vol. 16 : Iss. 4 , Article 1. Available at: https://scholarworks.lib.csusb.edu/ciima/vol16/iss4/1
MULTIFILE
In May 2018, the new Dutch Intelligence and Security Services Act 2017 (Wet op de Inlichtingen- en veiligheidsdiensten, Wiv) will enter into force. It replaces the previous 2002 Act and incorporates many reforms to the information gathering powers of the two intelligence and security services as well as to the accountability and oversight mechanisms. Due to the technologyneutral approach, both the civil and the military intelligence services are now authorized to, for example, intercept communications in bulk, hack third parties, decrypt files, store DNA or use any other future innovative technology. Also, the national security legislation extends the possibilities for the indiscriminate collection of data, and for the processing, storage and analysis thereof. The process leading to the law includes substantial criticism from the various stakeholders involved. Upon publication of this report, an official consultative referendum is being organized on the new act. The aim of this policy brief is to provide an international audience with a comprehensive overview of the most relevant aspects of the act and its context. In addition, there is considerable focus on the checks and balances as well as the bottlenecks of the Dutch intelligence gathering reform. The selection of topics is based on the core issues addressed during the parliamentary debate and on the authors’ insights.
DOCUMENT
IT organizations and CEO‟s are, and should be, concerned these days about the (lack of) data confidentiality and the usage of „shadow‟ IT systems by employees. Not only does the company risk monetary loss or public embarrassment, the senior management might also risk personal fines or even imprisonment. Several trends reinforce the attention for these subjects, including the fact that an increasing number of people perform parts of their work tasks from home (RSA, 2007) and the increasing bandwidth available to internet users which makes them rely on the Internet for satisfying their business and personal computing needs (Desisto et al. 2008). Employee compliance with the existing IT security policies is therefore essential. This paper presents a study on factors that influence non-compliance behavior of employees in organizations. The factors found in literature are tested in a survey study amongst employees of a big-four accountancy firm in the Netherlands and Belgium. The study concludes that stricter IT governance and cultural aspects are the most important factors influencing non-compliance behavior.
DOCUMENT
Onderzoeksplatform ‘Connected Learning: ’Al ruim vijftien jaar houdt De Haagse Hogeschool zich bezig met onderzoek als deel van haar missie. Terwijl onderwijs vaak geworteld is in monodisciplinaire vakgebieden, kan met onderzoek wat makkelijker gekeken worden naar domeinen in de samenleving (zorg, veiligheid, ondernemen, etc.) waarin complexe problematiek steeds vaker wél dan niet een multidisciplinaire aanpak vereist. Bijna niemand werkt nog alleen of met alleen vakgenoten aan problemen of uitdagingen. En die veranderende beroepspraktijk is bij uitstek het domein van het hoger beroepsonderwijs. Daar leiden we voor op. Het onderzoeken van en experimenteren met nieuwe uitdagingen in de praktijk verbindt ons sterker met de samenleving, het stelt ons in staat om ons beroepsonderwijs te vernieuwen en geeft docenten, onderzoekers en studenten de kans om zich te ontwikkelen door samen te werken aan vragen en uitdagingen die de toekomst van de beroepspraktijk vorm geven. Veel onderzoek wordt uitgevoerd onder begeleiding van lectoren die samenwerken met docent-onderzoekers, studenten, en professionals in het werkveld aan veelal meerjarige onderzoeksagenda’s die lijn aanbrengen in verschillende deelactiviteiten. Een van de manieren waarop De Haagse Hogeschool onderzoek organiseert is in de vorm van onderzoeksplatforms die zich richten op verschillende domeinen van de samenleving. Wij zijn ‘Connected Learning’, een onderzoeksplatform dat zich richt op leren in de netwerksamenleving - in de samenleving zelf, maar ook in de beroepspraktijk en in ons onderwijs. Aangenaam. Wat wij doen? Daar gaat dit boek over, dus daar verklappen we hier nog niets over. Wat verwacht u als u nadenkt over onze naam? Enig idee? Geen idee? Benieuwd? Lees verder om te ontdekken wat ons inspireert, uitdaagt en nieuwsgierig maakt. Sommige van onze ideeën zijn doordacht en doorleefd omdat we er al jaren onderzoek naar doen, andere zijn nieuw en dagen ons uit om er grip op te krijgen. Wij geven met dit boek een beeld van waar we staan in 2018. Zie het als een eerste kennismaking, met de nadruk op ‘eerste’: we werken graag met veel en verschillende partners. Zie het als visitekaartje van onze onderzoeksagenda. We hopen van harte dat u zich als lezer uitgenodigd voelt om met ons samen op zoek te gaan—misschien wel naar een gezamenlijke toekomst. ‘Connected Learning’ Research Platform: For over fifteen years, The Hague University of Applied Sciences has been carrying out research as part of its mission. While education is often rooted in monodisciplinary subject areas, research allows for a broader look at areas of society (care, security, entrepreneurship etc.), where complex problems more often than not require a multidisciplinary approach. Today, barely anyone works on problems or challenges alone or solely with colleagues from within the same subject area. Universities of applied sciences are uniquely placed to deal with these changes in professional practices; after all, we train the professionals who will one day enter that field. Researching and experimenting with new challenges in professional practice allows us to connect more strongly with society, enables us to be innovative in our professional training and gives lecturers, researchers and students the opportunity to develop themselves by cooperating on the challenges and issues that will shape the future of that professional practice. Most research is carried out under the guidance of professors who cooperate with lecturers/researchers, students and the professional field, mainly on long-term research agendas that provide an outline for various sub-activities. One of the ways in which research is organised at The Hague University of Applied Sciences is in the form of research platforms that focus on various areas of society. We are ‘Connected Learning’, a research platform focusing on learning in the network society — in that society as such, but also in professional practice and our education. Nice to meet you! So, what do we do? That’s what this book is about, so we’re not going to give anything away just yet. Just thinking about our name, what do you expect we do? Any ideas? Or not a clue at all? If you’d like to find out, keep reading to find out what inspires us, what challenges we face and what drives our curiosity. Some of our ideas are well-established because we’ve been researching them for years, while other, newer ideas are more challenging to grasp. This book provides an overview of where we stand in 2018. You could see it as an initial introduction, with the emphasis on “initial”; we work with many different partners, and we enjoy doing so. Alternatively, you could see it as a calling card for our research agenda. We sincerely hope that, as a reader, you feel encouraged to join us in our quest — possibly towards a joint future.
DOCUMENT
From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
The sense of safety and security of older people is a widely acknowledged action domain for policy and practice in age-friendly cities. Despite an extensive body of knowledge on the matter, the theory is fragmented, and a classification is lacking. Therefore, this study investigated how older people experience the sense of safety and security in an age-friendly city. A total of four focus group sessions were organised in The Hague comprising 38 older people. Based on the outcomes of the sessions, the sense of safety and security was classified into two main domains: a sense of safety and security impacted by intentional acts and negligence (for instance, burglary and violence), and a sense of safety and security impacted by non-intentional acts (for instance, incidents, making mistakes online). Both domains manifest into three separate contexts, namely the home environment, the outdoor environment and traffic and the digital environment. In the discussions with older people on these derived domains, ideas for potential improvements and priorities were also explored, which included access to information on what older people can do themselves to improve their sense of safety and security, the enforcement of rules, and continuous efforts to develop digital skills to improve safety online. Original article at MDPI; DOI: https://doi.org/10.3390/ijerph19073960
MULTIFILE
This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/
DOCUMENT
The aim of this study was to understand the motives for using the Internet, and its associations with users' attitudes, social values, and relational involvement. Also, this study attempted to crossculturally compare the difference in the pattern of motives and the associations among three countries ' the US, the Netherlands, and S. Korea. The design of methods was based on examination and revision of uses and gratification approach toward Internet users. Findings from factor analysis revealed that information seeking and Self-Improvement were the dominant and common reasons for using the Internet across three countries. The differences in the composition of motives in each country were also reported. Strong correlations across countries were found between all the motives and satisfaction of the Internet. Expectation and positive evaluation of the Internet were also important attitudes associated with Internet use motives. Postmaterialist value showed strong association with motives of information seeking and Self-Improvement. Community involvement was significantly associated with Internet use motives in Korean users.
DOCUMENT
While many researchers have investigated soft skills for different roles related to business, engineering, healthcare and others, the soft skills needed by the chief information security officer (CISO) in a leadership position are not studied in-depth. This paper describes a first study aimed at filling this gap. In this multimethod research, both the business leaders perspective as well as an analysis of CISO job ads is studied. The methodology used to capture the business leaders perspective is via a Delphi study and the jobs adds are studied using a quantitative content analysis. With an increasing threat to information security for companies, the CISO role is moving from a technical role to an executive role. This executive function is responsible for information security across all layers of an organisation. To ensure compliance with the security policy among different groups within the company, such as employees, the board, and the IT department, the CISO must be able to adopt different postures. Soft skills are thus required to be able to assume this leadership role in the organisation. We found that when business leaders were asked about the most important soft skills the top three consisted out of 'communication', ‘leadership’ and 'interpersonal' skills while 'courtesy' was last on the list for a CISO leadership role.
MULTIFILE
