Search results

Organisational culture plays an important role in influencing employee compliance with information security policies. Creating a subculture of information security can assist in facilitating compliance. The purpose of this paper is to explain the nature of the combined influence of organisational culture and information security culture on employee information security compliance. This study also aims to explain the influence of organisational culture on information security culture.

A theoretical model was developed showing the relationships between organisational culture, information security culture and employee compliance. Using an online survey, data was collected from a sample of individuals who work in organisations having information security policies. The data was analysed with Partial Least Square Structural Equation Modelling (PLS-SEM) to test the model.

Organisational culture and information security culture have significant, yet similar influences on employee compliance. In addition, organisational culture has a strong causal influence on information security culture.

Control-oriented organisational cultures are conducive to information security compliant behaviour. For an information security subculture to be effectively embedded in an organisation's culture, the dominant organisational culture would have to be considered first.

This research provides empirical evidence that information security subculture is influenced by organisational culture. Compliance is best explained by their joint influence.

The landscape of teaching, learning and research has changed requiring the need for diverse information resources. Given the current budgetary constraints and financial conditions prevailing in many universities, sharing of information resources has become a necessity. The Interlibrary Loan (ILL) services have thus become an important service to meet the immediate needs of library users. The aim of this paper is to analyse the ILL services of the North-West University in South Africa from 2006 to 2016. Using statistical data, the paper shows the emerging pattern in borrowing and lending between institutions as well as determines the existence of correlations between borrowing and lending libraries. The results of this study show that ILL amongst libraries has decreased in the past 11 years. A need exists for increased awareness of ILL and there is need for technological innovations that will ensure that library users are able to request for information resources seamlessly.

This is a quantitative study that uses ILL data from the North-West University. Data were downloaded from the SABINET ILL system using the three NWU JC codes. They were then collated and uploaded on excel spreadsheets. In the main, the excel spreadsheets were used to interpret the data. Further, the Statistical Package for Social Sciences (SPSS) software, in particular Spearman’s Correlation Analysis, was used to test correlations between data from libraries that requested information resources from NWU and data from libraries that supplied information resources to NWU during this period using Rumsey’s guidelines to interpret the correlations.

The findings of the study reveal that ILL among libraries in South Africa had generally declined owing mostly to the proliferation of online resources resulting to changes in user information-seeking behaviour. The decline is despite the challenges of low budgets received by most libraries for the acquisition of information resources. It can also be concluded that public university libraries still value ILL as demonstrated by the high number of items requested from other libraries. The findings also reveal that most ILL activities were conducted by public universities.

It was not possible to obtain the list of titles that have been requested and also to obtain the user’s details. This would have enabled the authors to determine the type of titles that are being requested, and the users that request them.

ILL should continue to be enhanced in view of the challenge of dwindling library budgets against the escalating prices of information resources. There is also a need for user education so that they become aware of the ILL service. From experience, library users normally give up once they realize that what they wanted is not available through the local catalogue and this calls for librarians to create an awareness to users that ILL could help solve their frustrations.

These results show that ILL can play a significant role to level the playing field between the well-resourced libraries in urbanized regions or provinces and the poorly resourced ones in rural regions or provinces. This social justice aspect of ILL is probably the reason why better resourced libraries in South Africa have decided to remain in the scheme unlike other countries where better resourced libraries opted out of reciprocal arrangements with small and medium-sized institutions.

The study adds to a very limited number of studies emanating from Africa. A study of this nature has never been conducted in Africa, as previous studies were nationwide studies. As far as the authors know, this is the first study that uses ILL data to research the impact of the global financial crisis on libraries in Africa.

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined.

General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture.

This paper identifies the most important variables in cultivating a cyber security culture.

The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions.

Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors.

Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.

This research aims to determine whether the educational influence of the cybersecurity awareness campaign on the audience (their knowledge, behaviour and potential cybersecurity culture) matches the campaign’s educational objectives. The research focuses on the knowledge component of this metric by examining the awareness campaign audience’s interpretative role in processing the campaign content, through the lens of active audience theory (AAT).

Using reflective practices, this research examines a single longitudinal case study of a cybersecurity awareness and education campaign which aims to raise awareness amongst school learners. Artefacts from a single sample are examined.

Reflexive practices using theories such as active audience can assist in identifying deviations between the message a campaign intends to communicate and the message that the campaign audience receives.

Using this research approach, measurements could only be obtained for campaign messages depicted in artefacts. Future interventions should be designed to facilitate a more rigorous analysis of the audiences’ interpretation of all campaign messages using ATT.

This paper applied principles of ATT to examine the audience’s interpretative role in processing an awareness campaign’s content based on artifacts they created after exposure to the campaign. Conducting such analyses as part of a reflective process between cyber awareness/education campaign cycles provides a way to identify areas or topics within the campaign that require corrective action.

This paper aims to examine the individual and combined effects of organisational and behavioural factors on employees’ attitudes and intentions to establish an information security policy compliance culture (ISPCC) in organisations.

Based on factors derived from the organisational culture theory, social bond theory and accountability theory, a testable research model was developed and evaluated in an online survey that involves the use of a questionnaire to collect quantitative data from 313 employees, from ten different organisations in Ghana. The data collected were analysed using the partial least squares-structural equation modelling approach, involving the measurement and structural model tests.

The study reveals that the individual measures of accountability – identifiability (2.4%), expectations of evaluation (38.8%), awareness of monitoring (55.7%) and social presence (−41.2%) – had weak to moderate effects on employees’ attitudes towards information security policy compliance. However, the combined effect showed a significant influence. In addition, organisational factors – supportive organisational culture (15%), security compliance leadership (2%) and user involvement (63%) – showed positive effects on employees’ attitudes. Further, employees’ attitudes had a substantial influence (65%), while behavioural intentions demonstrated a weak effect (24%) on the establishment of an ISPCC in the organisation. The combined effect also had a substantial statistical influence on the establishment of an ISPCC in the organisation.

Given the findings of the study, information security practitioners should implement organisational and behavioural factors that will have an impact on compliance, in tandem, with the organisational effort to build a culture of compliance for information security policies.

The study provides new insights on how to address the problem of non-compliance with regard to the information security policy in organisations through the combined application of organisational and behavioural factors to establish an information security policy compliance culture, which has not been considered in any past research.

The purpose of this paper is to analyze the status quo of disaster risk reduction (DRR) policy and legislation in Cameroon.

Using a qualitative method, this paper examines historical data from sectoral administrative reports, plans, declarations, commitments and speeches, texts and peer-reviewed journals on disaster and risk management in Cameroon for the period 1967-2017. Empirical data from ten selected government sectors were used to analyze the status quo, together with quantitative data collected by using four instruments (i.e. HFA Priority 1 & 4, USAID Toolkit, GOAL Resilience Score and the Checklist on Law and DRR).

Findings show that Cameroon largely still practices disaster response through the Department of Civil Protection. Transparency and accountability are the sine qua non of the state, but the lack thereof causes improper implementation of DRR within development institutions. DRR is seen as an ad hoc activity, with the result that there is not effective institutional capacity for implementation. The need to develop a new national DRR framework is evident.

Analyzing the status quo of DRR in Cameroon could assist with the review and reevaluation of a new DRR framework within the Cameroonian territory.

This paper compares the effectiveness of in‐house developed computer‐based learning (CBL) materials with face‐to‐face teaching. Two groups of higher education students were randomly assigned to complete tutorial work in one highly structured topic of introductory accounting using either CBL materials (treatment group) or face‐to‐face teaching (control group). The effectiveness of both approaches was measured according to the students’ performance in a class test, in relation to their prior accounting knowledge and gender. The results showed that the students with no prior accounting knowledge who completed the CBL materials achieved a significantly higher test mark than the face‐to‐face teaching group. However, there was no significant difference in the marks of the students with prior accounting knowledge, and there was no difference on the basis of gender. The results of this South African study correspond to results in existing literature in other countries, and contribute to the overall knowledge of the effectiveness of CBL materials with respect to prior accounting knowledge and gender.

A cyberattack is an attempt by cybercriminals as individuals or organizations with unauthorized access using one or more computers and computer systems to steal, expose, change, disable or eliminate information, or to breach computer information systems, computer networks, and computer infrastructures. Cyberattackers gain a benefit from victims, which may be criminal such as stealing data or money, or political or personal such as revenge. In cyberattacks, various targets are possible. Some potential targets for businesses include business and customer financial data, customer lists, trade secrets, and login credentials.

Cyberattackers use a variety of methods to gain access to data, including malware such as viruses, worms, and spyware and phishing methods, man-in-the-middle attacks, denial-of-service attacks, SQL injection, zero-day exploit, and DNS tunneling.

Related to cyberattack, the term cyberwarfare is gaining popularity nowadays. Cyberwarfare is the use of cyberattacks by a state or an organization to cause harm as in warfare against another state's or organization's computer information systems, networks, and infrastructures.

Military, civil, and ideological motivations, or hacktivism can be used to launch a cyberwarfare. For these reasons, cyberwarfare may be used to conduct espionage, sabotage, propaganda, and economic disruption.

Considering highly digitalized business processes such as e-mails, digital banking, online conference, and digital manufacturing methods, damage of cyberwarfare to businesses and countries are unavoidable. As a result, developing strategies for defending against cyberattacks and cyberwarfare is critical for businesses. The concepts of cyberattack and cyberwarfare, as well as business strategies to be protected against them will be discussed in this chapter.