Search results
1 – 3 of 3Gregor Petrič and Špela Orehek
Expressing views on organizational information security (IS) by employees is vital for improving security processes, policies and trainings, while non-communication may conceal…
Abstract
Purpose
Expressing views on organizational information security (IS) by employees is vital for improving security processes, policies and trainings, while non-communication may conceal the true state of the human factor of IS and lead to security breaches. The purpose of this paper is to introduce the concept of opinion expressing about organizational IS, provide an explanatory model based on the theory of spiral of silence and offer its empirical validation.
Design/methodology/approach
Data from a web-based survey among the employees of one the universities in the European Union (n = 504) was analyzed with regression analysis to investigate the proposed hypotheses.
Findings
The study reveals that employees with positive opinions about IS will be more willing to share their opinions with coworkers and management. However, when employees perceive that their pro-IS opinions are not shared by other coworkers, they will remain silent, which increases the risk of problematic opinions spreading throughout the organization.
Research limitations/implications
The study highlights the need to focus on the communication perspectives of organizational information security, an area often overlooked in the human factor of information security research.
Practical implications
The results highlight the need to examine the gap between the dominant climate of opinion about IS in the organization and the display of compliant IS behaviors in order to strengthen IS endeavors. Organizations are encouraged to facilitate open dialogue about IS processes, policies and training and implement mechanisms for considering employees’ feedback in order to improve the organization’s IS.
Originality/value
The study contributes to a growing body of research that moves beyond viewing employees merely as subjects of compliance, recognizing instead their agency in IS issues that can enhance organizational resilience. To the best of the authors’ knowledge, this is the first study to apply the spiral of silence theory in the IS field, thereby helping to overcome the lack of communication science perspectives in organizational IS research.
Details
Keywords
Špela Orehek and Gregor Petrič
The concept of information security culture, which recently gained increased attention, aims to comprehensively grasp socio-cultural mechanisms that have an impact on…
Abstract
Purpose
The concept of information security culture, which recently gained increased attention, aims to comprehensively grasp socio-cultural mechanisms that have an impact on organizational security. Different measurement instruments have been developed to measure and assess information security culture using survey-based tools. However, the content, breadth and face validity of these scales vary greatly. This study aims to identify and provide an overview of the scales that are used to measure information security culture and to evaluate the rigor of reported scale development and validation procedures.
Design/methodology/approach
Papers that introduce a new or adapt an existing scale of information security culture were systematically reviewed to evaluate scales of information security culture. A standard search strategy was applied to identify 19 relevant scales, which were evaluated based on the framework of 16 criteria pertaining to the rigor of reported operationalization and the reported validity and reliability of the identified scales.
Findings
The results show that the rigor with which scales of information security culture are validated varies greatly and that none of the scales meet all the evaluation criteria. Moreover, most of the studies provide somewhat limited evidence of the validation of scales, indicating room for further improvement. Particularly, critical issues seem to be the lack of evidence regarding discriminant and criterion validity and incomplete documentation of the operationalization process.
Research limitations/implications
Researchers focusing on the human factor in information security need to reach a certain level of agreement on the essential elements of the concept of information security culture. Future studies need to build on existing scales, address their limitations and gain further evidence regarding the validity of scales of information security culture. Further research should also investigate the quality of definitions and make expert assessments of the content fit between concepts and items.
Practical implications
Organizations that aim to assess the level of information security culture among employees can use the results of this systematic review to support the selection of an adequate measurement scale. However, caution is needed for scales that provide limited evidence of validation.
Originality/value
This is the first study that offers a critical evaluation of existing scales of information security culture. The results have decision-making value for researchers who intend to conduct survey-based examinations of information security culture.
Details
Keywords
Gregor Petrič and Andraž Petrovčič
The purpose of this paper is to investigate how decisions of managers and administrators of online communities on norms and rules affect the sense of virtual community (SOVC)…
Abstract
Purpose
The purpose of this paper is to investigate how decisions of managers and administrators of online communities on norms and rules affect the sense of virtual community (SOVC), which is an important factor of the quality of online information.
Design/methodology/approach
The study followed a two-level research design based on 970 online community members, nested within 36 online communities. Data collection consisted of two stages: first a web survey of a sample of online community members was conducted, followed by a web survey of administrators of the same online communities. A two-level hierarchical regression analysis was used to test the hypotheses.
Findings
The empirical results suggest that prominence of rules under the condition of members’ participation in their creation, presence of reputation mechanisms, and content moderation contribute significantly to the SOVC , while presence of lighter sanctions and interactive moderation do not.
Research limitations/implications
Since this study is based on web forums, the validity of the proposed hypotheses for other types of online communities cannot be firmly established. Additional elements of online community management could be considered for a stronger system-level explanation of the SOVC.
Practical implications
The study demonstrates that online community administrators need to be considerate in creating and enforcing norms, as their decisions have an impact on the SOVC and consequently on the quality of online information.
Originality/value
The literature considers many factors of the SOVC but none of the previous studies have considered how community management is associated with this phenomenon.
Details