...Hsiao-Ting Tseng; Waqar Nadeem; M. Sam Hajli; Mauricio Featherman; Nick Hajli Purpose Consumers may enjoy the information sharing and social support made available when a social media platform is used for pre-purchase research; however, do consumers reevaluate the privacy and security...

...Stefano De Paoli; Jason Johnstone Purpose This paper presents a qualitative study of penetration testing, the practice of attacking information systems to find security vulnerabilities and fixing them. The purpose of this paper is to understand whether and to what extent penetration testing can...

...Andrea Kő; Gábor Tarján; Ariel Mitev Purpose This paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors...

...Areej Alyami; David Sammon; Karen Neville; Carolanne Mahony Purpose This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence...

... to the cloud where users lack direct control. This study aims to investigate why users disclose information to MCC apps despite privacy concerns and examine the effect of security and assurance mechanisms (i.e. privacy policies and ISO/IEC 27018 certification) on users’ perceptions and information disclosure...

...Jeffrey P. Kaleta; Jong Seok Lee; Sungjin Yoo Purpose The purpose of this paper is to focus on a potential tradeoff between security and usability in people’s use of online passwords – in general, complex passwords are secure and desirable but difficult to use (i.e. difficult to memorize) whereas...

... study of the DDoS attacks on the Australian census. DDoS is a security reality of the twenty-first century and this case study illustrates the significance of cognitive biases and their impact on developing effective decisions and conducting regular risk assessments in managing cyberattacks. 15 11...

... that SNS users are technology savvy and able to protect their personal information which is accessed and shared by online vendors and third-party companies (Osatuyi, 2015). While users view SNS as the responsible agent in ensuring security, SNS themselves argue that the information security breaches...

...Hyungjin Lukas Kim; Jinyoung Han Purpose The purpose of this paper is to investigate the impact of corporate social responsibility (CSR) on employees’ compliance behavior concerning information security policy (ISP). A research model includes CSR activities as an antecedent of ISP compliance...

... recommendations against phishing. The study has thrown light on the benefits of stage theorizing and how its approach to targeted recommendations can be useful in IS security research. Alain Tambe Ebot can be contacted at: tambealain@gmail.com 16 12 2017 16 04 2018 12 07 2018 01 08...

... within Information System Security Association participated in a three-round Delphi study for aggregating and condensing expert opinions. Three rounds moved participants toward consensus for solutions to counteract social engineering attacks in organizations. Findings Three significant issues...

...Aggeliki Tsohou; Philipp Holtkamp Purpose Information security policies (ISPs) are used by organizations to communicate rules on the use of information systems (IS). Research studies show that compliance with the ISPs is not a straightforward issue and that several factors influence individual...

... the same from happening to their children. We can perhaps draw upon the theory of reasoned actions to form the framework of this hypothesis. © Emerald Publishing Limited 2018 Emerald Publishing Limited Licensed re-use rights only Access control Trust Self-efficacy Security Finally...

... information security policies. In so doing, the authors seek to develop a theory of value-driven information security compliance. Design/methodology/approach An interpretive, grounded theory research approach has been adopted to generate a qualitative data set, based upon the results of 55 interviews...

... described in this section. Case study Security Literature review Multilevel research Industry statistics make it clear that computer crime and abuse continue to plague operators of information systems (IS). Computer abuse is defined as “unauthorized, deliberate, and internally recognizable...

...Cheolho Yoon; Hyungon Kim Purpose – In organizations today, protecting information and computer assets from attacks or disaster has become one of the top managerial issues. The purpose of this paper is to propose and empirically test a comprehensive model of computer security behaviors...