Abstract:We are currently living in an age, where the use of the Internet has become second nature to millions of people. Not only do businesses depend on the Internet for all types of electronic transactions, but more and more home users are experiencing the immense benefit of the Internet.However, this dependence and use of the Internet bring new and dangerous risks. This is due to increasing attempts from unauthorised third parties to compromise private information for their own benefit -the whole wide area of cyber crime.It is therefore essential that all users understand the risks of using the Internet, the importance of securing their personal information and the consequences if this is not done properly.It is well known that home users are specifically vulnerable, and that cyber criminals have such users squarely in their target. This vulnerability of home users are due to many factors, but one of the most important ones is the fact that such home users are in many cases not aware of the risks of using the Internet, and often venture into cyber space without any awareness preparation for this journey.This paper specifically investigates the position of the home user, and proposes a new model, The E-Awareness Model (E-AM), in which home users can be forced to acquaint themselves with the risks involved in venturing into cyber space. The E-AM consists of two components : the awareness component housed in the E-Awareness Portal, and the enforcement component.This model proposes a way to improve information security awareness amongst home users by presenting some information security content and enforcing the absorption of this content.The main difference between the presented model and other existing information security awareness models, is that in the presented model the acquiring/absorption of the awareness content is compulsory -the user is forced to proceed via the E-Awareness Portal without the option of bypassing it.
Purpose This paper aims to establish that employees’ non-compliance with information security policy (ISP) could be addressed by nurturing ISP compliance culture through the promotion of factors such as supportive organizational culture, end-user involvement and compliance leadership to influence employees’ attitudes and behaviour intentions towards ISP in organizations. This paper also aims to develop a testable research model that might be useful for future researchers in predicting employees’ behavioural intentions. Design/methodology/approach In view of the study’s aim, a research model to show how three key constructs can influence the attitudes and behaviours of employees towards the establishment of security policy compliance culture (ISPCC) was developed and validated in an empirical field survey. Findings The study found that factors such as supportive organizational culture and end-user involvement significantly influenced employees’ attitudes towards compliance with ISP. However, leadership showed the weakest influence on attitudes towards compliance. The overall results showed that employees’ attitudes and behavioural intentions towards ISP compliance together influenced the establishment of ISPCC for ISP compliance in organizations. Practical implications Organizations should influence employees’ attitudes towards compliance with ISP by providing effective ISP leadership, encouraging end-user involvement during the draft and update of ISP and nurturing a culture that is conducive for ISP compliance. Originality/value The study provides some insights on how to effectively address the problem of non-compliance with ISP in organizations through the establishment of ISPCC, which has not been considered in any past research.
This research investigated the current maturity levels of cybersafety in South African schools. The maturity level indicates if schools are prepared to assist relevant role players (teachers and learners) in establishing a cybersafety culture within the school environment. The research study measured the maturity levels of cybersafety in 24 South African schools by evaluating the four main elements that are needed to improve cybersafety within schools. These elements are (1) leadership and policies, (2) infrastructure, (3) education, and (4) standards and inspection. The study used a UK-approved measurement tool (360safe) to measure the cybersafety maturity of schools within South Africa, using five levels of compliance (Level 1: full compliance, to Level 5: no compliance). The data analysis clearly indicated that all the schools that participated in the study had a significantly low level of cybersafety maturity and compliance. Schools are starting to adopt technology as part of their educational and social approach to prepare learners for the future, but there is a clear lack of supporting cybersafety awareness, policies, practices and procedures within South African schools. The research proposed a step-by-step approach involving a ten-phase cybersafety plan to empower schools to create and grow their own cybersafety culture.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.