Dying of a hundred good symptoms: why good security can still fail - a literature review and analysis

Loft, Paul; He, Ying; Janicke, Helge; Wagner, Isabel

doi:10.1080/17517575.2019.1605000

Cited by 8 publications

(4 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Significant empirical evidence from literature revealed that the ubiquitous alarming rate of digital data flow requires the deployment of data governance or data intelligence solutions, a situation theorized by [32], as the "datafication" of society, where digital data can easily be produced, stored and processed in a way that has no historical precedent. Significant empirical evidence from literature revealed that with the volume of data flow and the latest advances in technology, such as the Internet of Things (IoT), the digital universe is being threatened by cybercrime incidents that are on the rise globally [30], [32], and [43]. It is required that organizations take a holistic view as to how they secure information and services, since these technologies may have the least complexity and are unlikely to be innately secure [30] and [53].…”

Section: Literature Reviewmentioning

confidence: 99%

“…Significant empirical evidence from literature revealed that with the volume of data flow and the latest advances in technology, such as the Internet of Things (IoT), the digital universe is being threatened by cybercrime incidents that are on the rise globally [30], [32], and [43]. It is required that organizations take a holistic view as to how they secure information and services, since these technologies may have the least complexity and are unlikely to be innately secure [30] and [53]. DG is an emerging subject in information system security in recent years, following the dramatically increasing volume of data used within organizations and the critical role data play in business operations.…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Sustainable data governance in the era of global data security challenges in Nigeria: A narrative review

Aguboshim¹,

Obiokafor²,

Emenike³

2023

World J. Adv. Res. Rev.

View full text Add to dashboard Cite

Data are now valued as the new oil that powers the world economy. Globally, Big data technologies have intensified the need for Sustainable Data Governance (SDG). Significant empirical evidence from literature revealed that about 2.7 zettabytes of data now in the digital universe are being threatened by cybercrime incidents that are on the rise globally. Despite the importance of SDG and cyber security, only 67% of organizations globally deployed data governance or data intelligence solutions, while 46% including Nigeria had no formal governance strategy in place. This study highlights strategies to leverage good security measures for SDG. The authors adopted the Data Management Association (DAMA) International Guide to the Data Management Body of Knowledge (DMBOK) (DAMA-DMBOK) as a conceptual framework for this study. The narrative review methodology was adopted, where related research findings from peer-reviewed articles are used to draw holistic findings that revealed significant information on strategies for leveraging excellent security practices within SDG for economic empowerment. Results show that data governance, a fundamental part of cyber security, ensures that the right people have the right access, while Information Security ensures that Enterprise Data is safe and locked down. Cyber security is at the core of ensuring confidentiality, integrity, and availability of organizations’ data and leveraging data governance program that ensures that safe data is accessible across the organization in a controlled manner. The result of this study may increase understanding, and awareness of the need for information security to leverage SDG required for economic empowerment.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

Sustainable data governance in the era of global data security challenges in Nigeria: A narrative review

Aguboshim¹,

Obiokafor²,

Emenike³

2023

World J. Adv. Res. Rev.

View full text Add to dashboard Cite

show abstract

“…Trade-offs seem fair for the employee's choice of win-or-lose. Trade-off judgment is widely recognized in applying IS or IT to information security practices (Loft et al, 2021). From the employer's perspective, gain-promotion and loss-prevention mechanisms render an intentional trade-off between the gain from compliance and the loss from non-compliance, which may mistake the insider-centric approach, i.e., the employee rather than the employer is making the choice (accountability), to foster ISP compliance.…”

Section: An Imbalanced Trade-offmentioning

confidence: 99%

“…We consider the "dark side" phenomena of information security control as imposed inevitable barriers that aggregately discourage employees from developing compliance behaviour and even cause negative emotional response, such as technological invasion for monitoring personal freedom of information use (Tarafdar, Gupta, & Turel, 2013). Internal threat that stems from employees is the most significant factor of security failure (Loft, He, Janicke, & Wagner, 2021). We extend the notion by rethinking the role of employees in Chinese security practices that differ from Western contexts.…”

Section: Introductionmentioning

confidence: 99%

Believe It or Not

Shih

Lai

Guo

et al. 2022

Journal of Global Information Management

View full text Add to dashboard Cite

Most theories of information security policy (ISP), except a few focused on the insider-centric view, are grounded in the control-centric perspective, and most ISP compliance models stem from Western countries. Regulatory focus theory (RFT) proposes two modes of motivational regulation, promotion and prevention focused that are supposed to motivate employee compliance in a trade-off. Culture is crucial to the study of ISP that puts control over human connections. Chinese guanxi, a specific dimension of Chinese culture, is better understood underlying the trust-distrust frame. To bridge the theoretical gap between the control-centric and the insider-centric perspectives, we develop an ISP behavioral model by taking an integrated approach from RFT and the trust-distrust frame. We employed scenario-based events about information security misconduct in the workplace to examine employees’ compliance intention and non-violation choice of ISP upon counterfactual thinking. Our empirical results improve the theoretical and practical implications of security practices.

show abstract

To alert or alleviate? A natural experiment on the effect of anti-phishing laws on corporate IT and security investments

Wang,

Li,

Leung

et al. 2024

Decision Support Systems

View full text Add to dashboard Cite

Dying of a hundred good symptoms: why good security can still fail - a literature review and analysis

Cited by 8 publications

References 58 publications

Sustainable data governance in the era of global data security challenges in Nigeria: A narrative review

Sustainable data governance in the era of global data security challenges in Nigeria: A narrative review

Believe It or Not

To alert or alleviate? A natural experiment on the effect of anti-phishing laws on corporate IT and security investments

Contact Info

Product

Resources

About