Explore the vast range of titles available.

\"Today's headlines are littered with cybersecurity breaches -- each more damning than the last. For too long, cybersecurity has been relegated to the corridors of IT. Every organization's weakest link in cybersecurity is its own employees, as hackers dupe them to get access to an organization's systems. Yet most employees have no idea how to help prevent attacks, why they should bother, or what to look for. But, with any manager or employee the next unsuspecting dupe, cybersecurity can no longer be someone else's problem, but the mandate of all. While many books serve as educational resources on the topic of cybersecurity, they stop short of explaining how employees take up arms in the fight against a pernicious threat. Doing so requires demystifying cybersecurity for the business audience, giving practical prescription to these users on how they can adopt smart cybersecurity habits in their function. To make the topic both accessible and practical, this book will move beyond simply identifying the problem and provide practical prescriptions, offering simple checklists and action plans than any manager in the organization can take to protect his organization from an unknown threat. Further, the book will be based on primary marketing research, including in-depth interviews among CIOs, CISOs and other functional business leaders (e.g., CMOs and CHROs) to measure the extent of the gap among these senior leaders in making cybersecurity a business priority\"-- Provided by publisher.

In today’s dynamic and competitive business environment, it is critical for firms to share information selectively and develop organizational resilience. However, only a few existing studies examine the relationships between information management and supply chain resilience. Aiming to bridge the gaps between both domains, we propose a model encompassing information security culture, information leakage, information sharing effectiveness and supply chain resilience and to derive insights from their inter-relationships in this research. A cross-sectional survey of the multi-national corporations and small and medium enterprises among their senior managers in the United Kingdom was carried out for data collection. The data set was analysed using a structural equation modelling approach. The results obtained validate the proposed model. The findings ascertain that information security culture and information leakage are negatively correlated, which influence the supply chain resilience. Specifically, information security and information leakage affect the effectiveness of information sharing, which in turn positively and negatively influence the supply chain resilience, respectively. This study posits that information security culture is instrumental to mitigate information leakage and foster effective information sharing to strengthen supply chain resilience.

\"As the Internet grows more sophisticated, it is creating new threats to democracy. Social media companies such as Facebook can sort us ever more efficiently into groups of the like-minded, creating echo chambers that amplify our views. It's no accident that on some occasions, people of different political views cannot even understand each other. It's also no surprise that terrorist groups have been able to exploit social media to deadly effect. Welcome to the age of #Republic. In this revealing book, Cass Sunstein, the New York Times bestselling author of Nudge and The World According to Star Wars, shows how today's Internet is driving political fragmentation, polarization, and even extremism--and what can be done about it. Thoroughly rethinking the critical relationship between democracy and the Internet, Sunstein describes how the online world creates \"cybercascades,\" exploits \"confirmation bias,\" and assists \"polarization entrepreneurs.\" And he explains why online fragmentation endangers the shared conversations, experiences, and understandings that are the lifeblood of democracy. In response, Sunstein proposes practical and legal changes to make the Internet friendlier to democratic deliberation. These changes would get us out of our information cocoons by increasing the frequency of unchosen, unplanned encounters and exposing us to people, places, things, and ideas that we would never have picked for our Twitter feed. #Republic need not be an ironic term. As Sunstein shows, it can be a rallying cry for the kind of democracy that citizens of diverse societies most need. \"-- Provided by publisher.

Purpose This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers. Design/methodology/approach The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy, market and bureaucracy. Findings The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance. Research limitations/implications The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance. Practical implications Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations. Originality/value Few information security policy compliance studies exist on the consequences of different organizational/information cultures.

Purpose The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company. Design/methodology/approach Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in. Findings Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved. Originality/value This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.

PurposeThe concept of information security culture, which recently gained increased attention, aims to comprehensively grasp socio-cultural mechanisms that have an impact on organizational security. Different measurement instruments have been developed to measure and assess information security culture using survey-based tools. However, the content, breadth and face validity of these scales vary greatly. This study aims to identify and provide an overview of the scales that are used to measure information security culture and to evaluate the rigor of reported scale development and validation procedures.Design/methodology/approachPapers that introduce a new or adapt an existing scale of information security culture were systematically reviewed to evaluate scales of information security culture. A standard search strategy was applied to identify 19 relevant scales, which were evaluated based on the framework of 16 criteria pertaining to the rigor of reported operationalization and the reported validity and reliability of the identified scales.FindingsThe results show that the rigor with which scales of information security culture are validated varies greatly and that none of the scales meet all the evaluation criteria. Moreover, most of the studies provide somewhat limited evidence of the validation of scales, indicating room for further improvement. Particularly, critical issues seem to be the lack of evidence regarding discriminant and criterion validity and incomplete documentation of the operationalization process.Research limitations/implicationsResearchers focusing on the human factor in information security need to reach a certain level of agreement on the essential elements of the concept of information security culture. Future studies need to build on existing scales, address their limitations and gain further evidence regarding the validity of scales of information security culture. Further research should also investigate the quality of definitions and make expert assessments of the content fit between concepts and items.Practical implicationsOrganizations that aim to assess the level of information security culture among employees can use the results of this systematic review to support the selection of an adequate measurement scale. However, caution is needed for scales that provide limited evidence of validation.Originality/valueThis is the first study that offers a critical evaluation of existing scales of information security culture. The results have decision-making value for researchers who intend to conduct survey-based examinations of information security culture.

PurposeOrganisational culture plays an important role in influencing employee compliance with information security policies. Creating a subculture of information security can assist in facilitating compliance. The purpose of this paper is to explain the nature of the combined influence of organisational culture and information security culture on employee information security compliance. This study also aims to explain the influence of organisational culture on information security culture.Design/methodology/approachA theoretical model was developed showing the relationships between organisational culture, information security culture and employee compliance. Using an online survey, data was collected from a sample of individuals who work in organisations having information security policies. The data was analysed with Partial Least Square Structural Equation Modelling (PLS-SEM) to test the model.FindingsOrganisational culture and information security culture have significant, yet similar influences on employee compliance. In addition, organisational culture has a strong causal influence on information security culture.Practical implicationsControl-oriented organisational cultures are conducive to information security compliant behaviour. For an information security subculture to be effectively embedded in an organisation's culture, the dominant organisational culture would have to be considered first.Originality/valueThis research provides empirical evidence that information security subculture is influenced by organisational culture. Compliance is best explained by their joint influence.

Purpose: This research aims to enhance practical organizational practices and academic research literature by critically investigating the latest findings in cybersecurity culture research through a systematic review of relevant literature and research.   Theoretical Framework:This work seeks to summarize key research developments in a research area that remains challenging for companies as they seek to build strong security cultures to protect their information (Tripwire, 2020). And reviewing the legal regulations that must be trained to protect institutions from cyber threats in the Kingdom of Bahrain and Saudi Arabia.   Design/Methodology/Approach: The methodology of this study implements a systematic literature review to assess the main components of cybersecurity culture and what good practice can help to build it professionally.    Findings: The main results find that current literature must move from a technical approach to information security to a socio-cultural one. Also, this study predicts that cybercrime will increase dramatically and cost the world trillions annually.    Research Practical and Social Implications: this study attempts to define human resource management's role in cybersecurity awareness training and therfore the managers can deveplo the necessary rules to secure the organizational information.   Originality/Value: The study is within the first studies  to  be  conducted  in  GCC countries.  Moreover, the  to build a cyber security culture is unique topic add on to the academic knowledge. Also, can motivate the future studies to focus on efficiently organizing security procedures and enhancing security readiness appraisal consequences by providing more perceptions of imminent threats and security hazards. 

PurposeThe purpose of this study is to examine factors, which influence information security culture among employees of telecommunications companies. The motivation for this study was the rise in the number of data breach incidents caused by the organizations’ own employees.Design/methodology/approachA total of 139 usable responses were collected via a Web-based questionnaire survey from employees of Malaysian telecommunications companies. Data were analysed by using SmartPLS 3.FindingsSecurity education, training and awareness (SETA) programmes and information security awareness were found to have a positive and significant impact on Information Security Culture. Additionally, self-reported employees’ security behaviour was found to act as a partial mediator on the relationship between information security awareness and information security culture.Research limitations/implicationsThe study was cross-sectional in nature. Therefore, it could not measure changes in population over time.Practical implicationsThe empirical data provides a new perspective on significant elements that influence information security culture in an emerging market. Organizations in the telecommunications industry can now recognize that SETA programmes and information security awareness have a significant impact on information security culture. Employees’ security behaviour also mediates the relationship between information security awareness and information security culture.Originality/valueThis is the first study to analyse the mediating effect of employees’ security behaviour on the relationship between information security awareness and information security culture in the Malaysian telecommunications context.

PurposeIn the face of information leakage, this study aims to demonstrate pathways to supply chain resilience (SCR) during information sharing by deploying organizational ethical climate (OEC) and information security culture (ISC) as non-punitive mitigation approaches.Design/methodology/approachThis empirical study was conducted to verify the framework using a questionnaire distributed to Malaysian multinational corporations (MNCs) of the manufacturing sector. The data were analysed using structural equation modeling (SEM) techniques with the AMOS software.FindingsThis study has confirmed the adverse impact of intentional and unintentional leakages on information sharing effectiveness. The findings showed ISC could reduce the impact of information leakage, but an OCE could not. This study provides evidence that information sharing effectiveness could impact SCR. The former is a mediator between information leakage and SCR, with information leakage moderated by information security culture. These findings convey that multinationals should set up an ISC to reduce information leakage and enhance their SCR.Originality/valuePrior studies lacked the explanation of the impact of mitigating factors on information leakage in information sharing effectiveness affecting SCR. A framework that explains the relationships add value to organizations making available strategic decisions to curb information leakage and manage SCR.