Search results

This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.

Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices.

The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services.

As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.

Information and digital literacy have recently received much interest, and they are being viewed as critical strategic organisational resources and skills that employees need to obtain in order to function at their workplaces. Yet, the role of employees' literacy seems to be neglected in current literature. This paper aims to explore the roles that information and digital literacy play on the employees' perception in relation to usefulness and ease of use of digital technologies and consequently their intention to use technology in the practices they perform at the workplace.

This paper builds a conceptual model with key constructs (information literacy and digital literacy) as new antecedents to the technology acceptance model and aims to establish that information literacy and digital literacy are indirect determinants of employees' intention to use digital technologies at the workplace. The data set used in this paper comprises of 121 respondents and structural equation modelling was used.

The findings reveal that both information literacy and digital literacy have a direct impact on perceived ease of use of technology but not on the perceive usefulness. The findings also show that both literacies have an indirect impact on the intention to use digital technology at work via attitude towards use.

Managers and decision-makers should pay close attention to the literacy levels of their staff. Because literacies are such an important skillset in the digital age, managers and chief information officers may want to start by identifying which work groups or individuals require literacy training and instruction, and then provide specific and relevant training or literacy interventions to help those who lack sufficient literacy.

This is one of the first studies to consider information literacy and digital literacy as new antecedents of the technology acceptance model at the workplace environment.