Information and Computer Security: Volume 23 Issue 2

Organizational objectives for information security governance: a value focused assessment

Sushma Mishra

The purpose of this study is to develop theoretically grounded and empirically derived organizational security governance (OSG) objectives. Developing organizational security…

Managing perceived risk for customer retention in e-commerce: The role of switching costs

Yung-Shen Yen

This paper aims to explore how perceived risk affects customer loyalty in e-commerce and how switching costs mediate in the relationship between perceived risk and customer…

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

Li-Hsing Ho, Ming-Tsai Hsu, Tieh-Min Yen

The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide…

Investigating personal determinants of phishing and the effect of national culture

Waldo Rocha Flores, Hannes Holm, Marcus Nohlberg, Mathias Ekstedt

The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to…

The sufficiency of the theory of planned behavior for explaining information security policy compliance

Teodor Sommestad, Henrik Karlzén, Jonas Hallberg

This paper aims to challenge the assumption that the theory of planned behaviour (TPB) includes all constructs that explain information security policy compliance and investigates…

A comprehensive security control selection model for inter-dependent organizational assets structure

Maryam Shahpasand, Mehdi Shajari, Seyed Alireza Hashemi Golpaygani, Hoda Ghavamipoor

This paper aims to propose a comprehensive model to find out the most preventive subset of security controls against potential security attacks inside the limited budget…