Emerald | Information Management & Computer Security | Table of Contents http://www.emeraldinsight.com/0968-5227.htm Table of contents from the most recently published issue of Information Management & Computer Security Journal en-gb Tue, 04 Mar 2014 00:00:00 +0000 2013 Emerald Group Publishing Limited editorial@emeraldinsight.com support@emeraldinsight.com 60 Emerald | Information Management & Computer Security | Table of Contents http://www.emeraldinsight.com/common_assets/img/covers_journal/imcscover.gif http://www.emeraldinsight.com/0968-5227.htm 120 157 Perceived significance of information security governance to predict the information security service quality in software service industry: An empirical analysis http://www.emeraldinsight.com/journals.htm?issn=0968-5227&volume=22&issue=1&articleid=17104140&show=abstract http://www.emeraldinsight.com/10.1108/IMCS-01-2013-0002 <strong>Abstract</strong><br /><br /><B>Purpose</B> – Information security is a growing concern in society, across businesses and government. As the offshore IT services market continues to grow providing numerous benefits, there are also perceived risks with respect to the quality of information security delivered in the supply chain. This paper aims to examine, as a case, the perceptions of Indian software services provider (service provider) employees with respect to information security governance and its impact on information security service quality that is delivered to customers. <B>Design/methodology/approach</B> – The paper provides a framework built upon the existing dimensions and instruments for total quality management and service quality, suitably modified to reflect the context of information security. SmartPLS, a structural equation modelling technique, has been used to analyse field survey data collected from across various Indian cities and companies. <B>Findings</B> – Significant finding is that information security governance in an IT outsourcing company providing software services has a highly significant impact on the information security service quality, which can be predicted. The paper also establishes that there is a positive relationship collectively between elements of information security governance and information security service quality. <B>Research limitations/implications</B> – Since data used in this study were taken solely from the responses of employees of outsourced service companies in India, it does not show if this translates into service improvements as perceived by the customer. <B>Practical implications</B> – Information security governance should be made an integral part of corporate governance and is an effective strategic technique, if software outsourcing business enterprises want to achieve a competitive edge, provide client satisfaction and create trust. <B>Originality/value</B> – The paper presents empirical data validation of the connection between information security governance and quality of service. Article literatinetwork@emeraldinsight.com (Sanjay Bahl, O.P. Wali) Tue, 04 Mar 2014 00:00:00 +0000 Information security in the South Australian real estate industry: A study of 40 real estate organisations http://www.emeraldinsight.com/journals.htm?issn=0968-5227&volume=22&issue=1&articleid=17104141&show=abstract http://www.emeraldinsight.com/10.1108/IMCS-10-2012-0060 <strong>Abstract</strong><br /><br /><B>Purpose</B> – Opportunities for malicious cyber activities have expanded with the globalisation and advancements in information and communication technology. Such activities will increasingly affect the security of businesses with online presence and/or connected to the internet. Although the real estate sector is a potential attack vector for and target of malicious cyber activities, it is an understudied industry. This paper aims to contribute to a better understanding of the information security threats, awareness, and risk management standards currently employed by the real estate sector in South Australia. <B>Design/methodology/approach</B> – The current study comprises both quantitative and qualitative methodologies, which include 20 survey questionnaires and 20 face-to-face interviews conducted in South Australia. <B>Findings</B> – There is a lack of understanding about the true magnitude of malicious cyber activities and its impact on the real estate sector, as illustrated in the findings of 40 real estate organisations in South Australia. The findings and the escalating complexities of the online environment underscore the need for regular ongoing training programs for basic online security (including new cybercrime trends) and the promotion of a culture of information security (e.g. when using smart mobile devices to store and access sensitive data) among staff. Such initiatives will enable staff employed in the (South Australian) real estate sector to maintain the current knowledge of the latest cybercrime activities and the best cyber security protection measures available. <B>Originality/value</B> – This is the first academic study focusing on the real estate organisations in South Australia. The findings will contribute to the evidence on the information security threats faced by the sector as well as in develop sector-specific information security risk management guidelines. Article literatinetwork@emeraldinsight.com (Deepa Mani, Kim-Kwang Raymond Choo, Sameera Mubarak) Tue, 04 Mar 2014 00:00:00 +0000 Variables influencing information security policy compliance: A systematic review of quantitative studies http://www.emeraldinsight.com/journals.htm?issn=0968-5227&volume=22&issue=1&articleid=17104142&show=abstract http://www.emeraldinsight.com/10.1108/IMCS-08-2012-0045 <strong>Abstract</strong><br /><br /><B>Purpose</B> – The purpose of this paper is to identify variables that influence compliance with information security policies of organizations and to identify how important these variables are. <B>Design/methodology/approach</B> – A systematic review of empirical studies described in extant literature is performed. This review found 29 studies meeting its inclusion criterion. The investigated variables in these studies and the effect size reported for them were extracted and analysed. <B>Findings</B> – In the 29 studies, more than 60 variables have been studied in relation to security policy compliance and incompliance. Unfortunately, no clear winners can be found among the variables or the theories they are drawn from. Each of the variables only explains a small part of the variation in people's behaviour and when a variable has been investigated in multiple studies the findings often show a considerable variation. <B>Research limitations/implications</B> – It is possible that the disparate findings of the reviewed studies can be explained by the sampling methods used in the studies, the treatment/control of extraneous variables and interplay between variables. These aspects ought to be addressed in future research efforts. <B>Practical implications</B> – For decision makers who seek guidance on how to best achieve compliance with their information security policies should recognize that a large number of variables probably influence employees' compliance. In addition, both their influence strength and interplay are uncertain and largely unknown. <B>Originality/value</B> – This is the first systematic review of research on variables that influence compliance with information security policies of organizations. Article literatinetwork@emeraldinsight.com (Teodor Sommestad, Jonas Hallberg, Kristoffer Lundholm, Johan Bengtsson) Tue, 04 Mar 2014 00:00:00 +0000 E-commerce assurance models and trustworthiness issues: an empirical study http://www.emeraldinsight.com/journals.htm?issn=0968-5227&volume=22&issue=1&articleid=17104143&show=abstract http://www.emeraldinsight.com/10.1108/IMCS-01-2013-0001 <strong>Abstract</strong><br /><br /><B>Purpose</B> – The internet provides a mechanism by which buyers and sellers meet in order to exchange goods and services online with the utmost convenience. However, there are many risks associated with the internet which, if left unattended, could continue deterring the adoption of e-commerce. These risks ultimately diminish online consumer trust in e-commerce. Web assurance models have been designed in an attempt to encourage online consumer trust through assurance. Unfortunately, many of these models have been inadequate in certain areas and this research aims to improve on them. <B>Design/methodology/approach</B> – It presents a comprehensive empirical survey on trustworthiness issues and e-commerce assurance models and proposes a new compliance-based e-commerce assurance model that integrates adaptive legislation, adaptive e-commerce-related standards and cooperative rating. The intelligent cooperative rating is based on the analytic hierarchy process and page-ranking techniques. <B>Findings</B> – Some findings of this research study influence the thinking that some of the untrustworthy sites are posing as trustworthy sites because they display web seals. The findings can be used as a reference guide to understand e-commerce assurance models, as well as the effectiveness of ensuring the trustworthiness of these models. <B>Practical implications</B> – The research presents deployment analysis on the use of the proposed compliance model through real life scenarios categorized as trustworthy and untrustworthy e-commerce web sites. <B>Originality/value</B> – This research is relevant to information management and computer security in e-commerce as a development of a newly proposed e-commerce assurance model for trustworthiness safety inspections and knowledge generation as a reference guide to understand e-commerce trustworthiness in general and e-commerce assurance models in particular detail. Article literatinetwork@emeraldinsight.com (Thembekile Mayayise, Isaac Olusegun Osunmakinde) Tue, 04 Mar 2014 00:00:00 +0000 Mobile device security considerations for small- and medium-sized enterprise business mobility http://www.emeraldinsight.com/journals.htm?issn=0968-5227&volume=22&issue=1&articleid=17104144&show=abstract http://www.emeraldinsight.com/10.1108/IMCS-03-2013-0019 <strong>Abstract</strong><br /><br /><B>Purpose</B> – This paper's purpose is to identify and accentuate the dilemma faced by small- to medium-sized enterprises (SMEs) who use mobile devices as part of their mobility business strategy. While large enterprises have the resources to implement emerging security recommendations for mobile devices, such as smartphones and tablets, SMEs often lack the IT resources and capabilities needed. The SME mobile device business dilemma is to invest in more expensive maximum security technologies, invest in less expensive minimum security technologies with increased risk, or postpone the business mobility strategy in order to protect enterprise and customer data and information. This paper investigates mobile device security and the implications of security recommendations for SMEs. <B>Design/methodology/approach</B> – This conceptual paper reviews mobile device security research, identifies increased security risks, and recommends security practices for SMEs. <B>Findings</B> – This paper identifies emerging mobile device security risks and provides a set of minimum mobile device security recommendations practical for SMEs. However, SMEs would still have increased security risks versus large enterprises who can implement maximum mobile device security recommendations. SMEs are faced with a dilemma: embrace the mobility business strategy and adopt and invest in the necessary security technology, implement minimum precautions with increased risk, or give up their mobility business strategy. <B>Practical implications</B> – This paper develops a practical list of minimum mobile device security recommendations for SMEs. It also increases the awareness of potential security risks for SMEs from mobile devices. <B>Originality/value</B> – This paper expands previous research investigating SME adoption of computers, broadband internet-based services, and Wi-Fi by adding mobile devices. It describes the SME competitive advantages from adopting mobile devices for enterprise business mobility, while accentuating the increased business risks and implications for SMEs. Article literatinetwork@emeraldinsight.com (Mark A. Harris, Karen P. Patten) Tue, 04 Mar 2014 00:00:00 +0000 Recommendations for information security awareness training for college students http://www.emeraldinsight.com/journals.htm?issn=0968-5227&volume=22&issue=1&articleid=17104145&show=abstract http://www.emeraldinsight.com/10.1108/IMCS-01-2013-0005 <strong>Abstract</strong><br /><br /><B>Purpose</B> – The purpose of this paper is to survey the status of information security awareness among college students in order to develop effective information security awareness training (ISAT). <B>Design/methodology/approach</B> – Based on a review of the literature and theoretical standpoints as well as the National Institute of Standards and Technology Special Publication 800-50 report, the author developed a questionnaire to investigate the attitudes toward information security awareness of undergraduate and graduate students in a business college at a mid-sized university in New England. Based on that survey and the previous literature, suggestions for more effective ISAT are provided. <B>Findings</B> – College students understand the importance and the need for ISAT but many of them do not participate in it. However, security topics that are not commonly covered by any installed (or built-in) programs or web sites have a significant relationship with information security awareness. It seems that students learned security concepts piecemeal from variety of sources. <B>Practical implications</B> – Universities can assess their ISAT for students based on the findings of this study. <B>Originality/value</B> – If any universities want to improve their current ISAT, or establish it, the findings of this study offer some guidelines. Article literatinetwork@emeraldinsight.com (Eyong B. Kim) Tue, 04 Mar 2014 00:00:00 +0000