... and private Ghanaian organizations. The study relied on a research model based on the technology–organization–environment (TOE) framework and a survey instrument to collect data from 525 employees. The data was analyzed using partial least squares-structural equation modeling (PLS-SEM). Findings...

... on the results that emerged from the survey. Originality/value The value of this research is that an initial framework of information security culture aspects was constructed that can be used to ensure that an organisation incorporates all key aspects in its own information security culture. This framework...

... of different quality depending on the protection needs of the organization. The authors developed decision support mechanisms which use the formal control descriptions as input to support the decision-maker at identifying the most appropriate countermeasure strategy based on cost and risk reduction potential...

... of the organisation, informs views of whistleblowing and whistleblowers (Park et al., 2008 ; Miceli and Near, 1984). As Andrade (2015) has shown, “internal” whistleblowers are often accepted by managers and colleagues, while “external” whistleblowers are frequently seen as disloyal. A key question...

... information security managers in a selection of Norwegian organizations. Findings Technical‐administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness...

... improvement of internal controls. Changes to the environment should be carefully analyzed, monitored, and documented throughout the life of the change activity. IT auditing is obligatory. Personal responsibility and accountability for the way that the firm is organized and not just for the decisions...

... policy for information systems. © Emerald Group Publishing Limited 2004 Data security Organizations Role conflict Today it is very important for various organizations to exert effective access control on their information systems. Not only does it monitor the invalid intruders...

... required. © MCB UP Limited 2001 Risk analysis Security Information Organizations Risk analysis was introduced to the traditional computer discipline to assist in the process of securing computer assets from threats to these. For many years, risk analysis was regarded as the main...

... used for computerised systems. This meant that technical specialists were the main influences on system development. Senior management delegated the responsibility of developing information systems to a small team of technical experts within the organisation, allowing them control over the process...