Lovisa Göransson Ording, Shang Gao and Weifeng Chen
The purpose of this paper is to investigate what role literature-based inputs have on the information security policy (ISP) development in practice.
Abstract
Purpose
The purpose of this paper is to investigate what role literature-based inputs have on the information security policy (ISP) development in practice.
Design/methodology/approach
A literature review is carried out to identify commonly used inputs for ISP development in theory firstly. Secondly, through the lens of institutional theory, an interpretive approach is adapted to study the influence of literature-based inputs in the ISP development in practice. Semi-structured interviews with senior experienced information security officers and managers from the public sector in Sweden are carried out for this research.
Findings
According to the literature review, 10 inputs for ISP development have been identified. The results from the interviews indicate that the role inputs have on the ISP development serves as more than a rational tool, where organisational context, institutional pressures and the search for legitimacy play an important role.
Research limitations/implications
From the institutional perspective, this study signifies the influence of inputs on ISP development can be derived from institutionalised rules or practices established by higher authorities; actions and practices that are perceived as successful and often used by other organisations; the beliefs of what is viewed as appropriate to meet the specific pressures from stakeholders.
Practical implications
This research recommends five practical implications for practitioners working with the ISP development. These recommendations aim to create an understanding of how an ISP could be developed, considering more than the rational functionalist perspective.
Originality/value
To the best of the authors’ knowledge, it is the first of its kind in examining the role of literature-based inputs in ISP development in practice through the lens of institutional theory.
Details
Keywords
Elham Rostami, Fredrik Karlsson and Shang Gao
This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs).
Abstract
Purpose
This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs).
Design/methodology/approach
This study used a design science research approach, drawing on design knowledge from the field of situational method engineering. The conceptual model was developed as a unified modeling language class diagram using existing ISPs from public agencies in Sweden.
Findings
This study’s demonstration as proof of concept indicates that the conceptual model can be used to create free-standing modules that provide guidance about information security in relation to a specific work task and that these modules can be used across multiple tailored ISPs. Thus, the model can be considered as a step toward developing software to tailor ISPs.
Research limitations/implications
The proposed conceptual model bears several short- and long-term implications for research. In the short term, the model can act as a foundation for developing software to design tailored ISPs. In the long term, having software that enables tailorable ISPs will allow researchers to do new types of studies, such as evaluating the software's effectiveness in the ISP development process.
Practical implications
Practitioners can use the model to develop software that assist information security managers in designing tailored ISPs. Such a tool can offer the opportunity for information security managers to design more purposeful ISPs.
Originality/value
The proposed model offers a detailed and well-elaborated starting point for developing software that supports modularizing and tailoring of ISPs.
Details
Keywords
The purpose of the research is to investigate users’ adoption of blockchain-based games in China.
Abstract
Purpose
The purpose of the research is to investigate users’ adoption of blockchain-based games in China.
Design/methodology/approach
This research applied existing technology diffusion theories to develop a research model to examine users’ adoption of blockchain-based games. As a result, a research model with nine research hypotheses was developed. The developed research model was empirically tested using data collected from a survey of 210 blockchain-based games users. Structural equation modeling was applied to analyse the collected data.
Findings
The results indicated that seven of nine research hypotheses were supported. It was found that trust, perceived usefulness, perceived enjoyment and perceived ease of use were key determinants for users’ behavioural intention to use blockchain-based games. The most influential relationship in the research model appeared to be the effect of perceived usefulness on users’ behavioural intention to use blockchain-based games. However, subjective norms did not have significant positive impacts on users’ behavioural intention to use blockchain-based games.
Practical implications
The regulatory support from governmental authorities is essential to provide additional legal certainty to build users’ trust in playing blockchain-based games. Blockchain-based games providers should arrange the training program targeted to the general users to enhance their understanding of the key features associated with blockchain-based games. Blockchain-based games developers should come up with good design solutions to maximize user enjoyment with blockchain-based games by considering additional entertainment elements.
Originality/value
To the best of the authors’ knowledge, this study is first of its kind in investigating the adoption of blockchain-based games from users’ perspectives. This study contributes to the existing literature on the adoption of blockchain technology.
Details
Keywords
Jan-Halvard Bergquist, Samantha Tinet and Shang Gao
The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.
Abstract
Purpose
The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.
Design/methodology/approach
To address the purpose of this research, a case study in a Swedish municipality was conducted. Data was collected through a mixture of techniques such as literature, document and website review. Empirical data was collected through interviews with 11 employees working within 7 different sections of the municipality.
Findings
This study resulted in an information classification model that is tailored to the specific needs of Swedish municipalities. In addition, a set of steps for tailoring an information classification model to suit a specific public organization are recommended. The findings also indicate that for a successful information classification it is necessary to educate the employees about the basics of information security and classification and create an understandable and unified information security language.
Practical implications
This study also highlights that to have a tailored information classification model, it is imperative to understand the value of information and what kind of consequences a violation of established information security principles could have through the perspectives of the employees.
Originality/value
It is the first of its kind in tailoring an information classification model to the specific needs of a Swedish municipality. The model provided by this study can be used as a tool to facilitate a common ground for classifying information within all Swedish municipalities, thereby contributing the first step toward a Swedish municipal model for information classification.
Details
Keywords
Garret Murray, Malin Falkeling and Shang Gao
The purpose of this paper is to provide an overview of the trends and challenges relating to research into the human aspects of ransomware.
Abstract
Purpose
The purpose of this paper is to provide an overview of the trends and challenges relating to research into the human aspects of ransomware.
Design/methodology/approach
A systematic mapping study was carried out to investigate the trends in studies into the human aspects of ransomware, identify challenges encountered by researchers and propose directions for future research. For each of the identified papers from this study, the authors mapped the year of publication, the type of paper, research strategy and data generation method, types of participants included, theories incorporated and lastly, the authors mapped the challenges encountered by the researchers.
Findings
Fifty-nine papers published between 2006 and 2022 are included in the study. The findings indicate that literature on the human aspects of ransomware was scarce prior to 2016. The most-used participant groups in this area are students and cybersecurity professionals, and most studies rely on a survey strategy using the questionnaire to collect data. In addition, many papers did not use theories for their research, but from those that did, game theory was used most often. Furthermore, the most reported challenge is that being hit with ransomware is a sensitive topic, which results in individuals and organisations being reluctant to share their experiences.
Research limitations/implications
This mapping study reveals that the body of literature in the area of human aspects of ransomware has increased over the past couple of years. The findings highlight that being transparent about ransomware attacks, when possible, can help others. Moreover, senior management plays an important role in shaping the information security culture of an organisation, whether to have a culture of transparency or of secrecy.
Originality/value
This study is the first of its kind of systematic mapping studies contributing to the body of knowledge on the human aspects of ransomware.
Details
Keywords
Shang-Han Gao and Sheng-Long Nong
This paper aims to analyze the pressure distribution of rectangular aerostatic thrust bearing with a single air supply inlet using the complex potential theory and conformal…
Abstract
Purpose
This paper aims to analyze the pressure distribution of rectangular aerostatic thrust bearing with a single air supply inlet using the complex potential theory and conformal mapping.
Design/methodology/approach
The Möbius transform is used to map the interior of a rectangle onto the interior of a unit circle, from which the pressure distribution and load carrying capacity are obtained. The calculation results are verified by finite difference method.
Findings
The constructed Möbius formula is very effective for the performance characteristics researches for the rectangular thrust bearing with a single air supply inlet. In addition, it is also noted that to obtain the optimized load carrying capacity, the square thrust bearing can be adopted.
Originality/value
The Möbius transform is found suitable to describe the pressure distribution of the rectangular thrust bearing with a single air supply inlet.
Details
Keywords
Ke Zhang, Almudena González del Valle-Brena, Ignacio Ramos Riera and Jingli Zhao
The study aims to understand how cultural route heritage is conceptualized and managed in China by systematically reviewing the research literature on Chinese cultural route…
Abstract
Purpose
The study aims to understand how cultural route heritage is conceptualized and managed in China by systematically reviewing the research literature on Chinese cultural route heritage (CRH). The study intends to inspire further discussion on the theoretical and practical development of cultural routes since the development is still at a liminal stage in China.
Design/methodology/approach
A total of 253 research articles related to Chinese cultural rote heritage from major Chinese and English research databases China National Knowledge Infrastructure (CNKI), Web of Science (WOS) and Scopus have been comprehensively identified and reviewed for the purpose of the study.
Findings
Four major themes of research on Chinese CRH have been identified: conceptual evaluation, list of the routes and characteristics of the routes, conservation and utilization. The results revealed that China has very rich resources in CRH, many of which were formed a long time ago, which exist across vast geographic regions and have assumed multiple functions and undergone dynamic reciprocal exchanges among diverse cultures and ethnicities.
Practical implications
The paper summarizes some major obstacles faced by CRH in China and proposes a strategic model to address the need for a more sustainable development of CRH in the Chinese context.
Originality/value
The paper offers a comprehensive overview of CRH in China and discusses practical issues in management and development of heritage great in size, number and complexity.