Relationship between stakeholders information value perception and information security behaviour
|
|
- Tabitha Perry
- 6 years ago
- Views:
Transcription
1 Relationship between stakeholders information value perception and information security behaviour Sharul Tajuddin 1,2,a), Wendy Olphert 1, b) and Neil Doherty 1,c) 1 (Loughborough University, Centre for Information Management, Loughborough, LE11 3TU, Leicestershire, UK) 2 (Institut Teknologi Brunei, School of Computing and Informatics, Brunei Darussalam) a) Corresponding author: s.t.haji-tajuddin@lboro.ac.uk b) c.w.olphert@lboro.ac.uk c) n.f.doherty@lboro.ac.uk Abstract. The study, reported in this paper, aims to explore the relationship between the stakeholders perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information security behaviours. This study seeks to address this gap in the research. Data will be presented from a pilot study consisting of interviews with 6 participants from public organisations in Brunei Darussalam which illustrate the nature of the value assignment process, together with an initial model of the relationship between perceived information value and information security behaviours. INTRODUCTION This paper is the starting point of our work on information security compliance. It describes our early ideas and distinguishes our approach from other work. An interpretive framework was developed to represent the ideas as an alternative approach towards understanding compliance behaviour with information security countermeasures. Information Security is a concept that formed from the recognition that information is valuable and that it requires protection. The ISO defines information as an asset, which, like other important business assets, is essential to an organisation s business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation, hence it requires protection [1]. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedure such as password control and enforcement of organisational policy on information handling procedures. The efficiency of the implemented processes and mechanism depends a lot on the stakeholder s decision as to whether they use the processes and mechanisms or not. To help ensure that stakeholders are willing to use the countermeasures in place, many organisations are spending large sums of money to train and educate their stakeholders and to set up an information security awareness environment in the organisation. Despite the appreciation of the current information security landscape and the cautious approaches by organisations towards achieving appropriate information security, information security breaches and incidents are on
2 the rise. Such breaches may lead to loss or misuse of information, personal records, or other data. Some resulted in the loss of millions of data records; some affected millions of people, and some cost the affected businesses financially [2]. 2. BACKGROUND RESEARCH/RELATED WORK Information value Information has become the representative of organisations values and knowledge; information acts as a transforming agent in organisational development by facilitating organisational learning. Many organisations have developed their information into a rich repository of knowledge that has had great impacts in achieving their objectives. The more organisations see information security as an integral part of their business processes and the dependency on information increases, the more they value information as an important asset to their activity [3], [4]. Value that is derived from its capacity to support decisions or control processes by the furnishing of information [5] have brought about its commodification, in the sense that it has a market value, and it is appropriable. This phenomenon signifies information is appreciated more if it contributes positively to the organisation objectives thus warranting appropriate protection over it. Information Security It has become the focus of businesses and governments to address information security, not only because of the demand of their business processes but also because of the need to adhere to regulations and legislation. Examples of such regulations and legislation are The Data Protection Act; the Financial Services Authority regulations; the European Commission (EC) Data Protection Directive; the Sarbanes-Oxley Act of the United States; and a few others.it is also a de facto standard for organisations business processes and corporate governances to conform to the International Organisation for Standardization (ISO) to earn international recognition. Achieving such standards may portray that the organisation as having a good reputation in their obligation to uphold information security and provide appropriate protection for their information. [6,7] postulate that working towards international standards such as ISO will help improve the organisation s information security. Well established information security models such as the CIA triads [8], Parkerian Hexad [9] and Information Assurance (IA) [10] predominantly focus on the technical aspects of information security and do not clearly define the importance of human elements of information security. Human contributions to the success and efficiency of information security are not explicitly defined. Goals outlined by these models are left to the individual or organisations to translate and find effective ways in which to attain them. Despite the advancements in technology, the availability of guidelines and policies and properly designed organisational strategy, people are still required to use the technology, observe good practices and comply with the organisation s policies and strategies. A new, socio-technical approach that includes not only technology design, but also other important elements such as processes, organisational strategy and people is in need. The socio-technical approach is about harnessing the people's strengths and technical aspects of organisational structure and processes in order to achieve joint optimization. Information Security Behaviour Information Security behaviour has been the subject of studies by many researchers with the aim to understand why stakeholders behave the way they do in a wide variety of information security contexts. There are many models provided by various information scientists that attempt to explain this behaviour and predict how specific behaviour is constructed [14] Such models typically have their roots into theories such as the theory of planned behaviour (TPB) and theory of reasoned action (TRA) popularised by [15]. They propose that behaviour towards information security is a result of stakeholders decision-making processes based on factors such as knowledge, awareness and experience. It is therefore expected that stakeholders who receive any form of awareness, education and training (AET) initiatives would demonstrate better security behaviour than stakeholders who do not receive any [16]. This notion leads to an indication that human behaviour is a key area for information security and contributes significantly to the
3 effectiveness of information security. Some research suggests that most information security incidents are the result of careless employees who do not comply with organisational security procedures or policies. This carelessness, therefore, can place the organisations assets and business in danger [17]. Similarly, a study by [18] supports the suggestion by [19,20] that as human and organisational factors play a significant role in information security, vulnerabilities are not to be blamed on technological problems alone. The relation of vulnerabilities with human behaviour led to researchers such as [25, 26] to postulate that humans are the weakest link' in information security, a conclusion similarly reached by the consultancy firm PriceWaterhouseCoopers in their 2012 survey of information security breaches in 414 United Kingdom organisations. It is due to this realization that much research has been dedicated to finding solutions on how to improve human compliance with information security countermeasures. Some of the areas that are being studied include human decision-making when facing with information security issues [12], [27], determinants of human intention to behave [14, 28, 29 30] and how intention to behave can be used to predict the choice of actual behaviour [31]. Perceived value The term perceived value is a common term used in the marketing field. Controlling the perceived value of a product increases the viability for purchasing the product [32]. Perceived value is an important determinant of consumer shopping behaviour [33] in which the value assigned by consumers to certain products greatly determines the likelihood of a purchase. In the context of this study, stakeholders' perceived value describes the value assigned by stakeholders to particular information. As a result of initial review of current literature, the research postulates that perceived value in relation to information could potentially be created based on variables such as its importance, the sensitivity of the information, and/or the influence of organisational and national culture. It is postulated that the higher the value assigned by stakeholders to certain information, the more protection is expected, and compliance with protection and security countermeasures will increase. It is also deemed that the perceived value of information will always be relative and contextual in nature and be influenced by others perceptions. A group of stakeholders might have a collective perception of the value of a piece of information which is accepted as the actual value of that information but a quantified actual value might never be achieved. Factors that influence Information Security behaviour Many studies have extracted, adapted and tested various constructs, determinants and antecedents believed to have influence on human intention to behave and predictions of the actual behaviour. Studies by [14, 19, 20, 29, 30, 34] found that the individual's perception of social normative pressures has a positive impact on the individual's intention to behave. The same studies also found out that the individual's perception of their ability to manage and cope with the situation faced (coping appraisal) also has the same impact on the individual s intention to behave. [28] study found out that self-efficacy coupled with a positive change in employees' perception of the current organisational information security climate (state) had a positive impact on employee s compliant behaviour. [23] posit that benefit and cost of compliance, as well as non-compliance, can influence employee's attitudes to information security. A study by [12] suggests that stakeholders' actual and anticipated costs and benefits of their behaviour largely influence their intention to comply with information security countermeasures. They further suggest that when stakeholders perceive that the costs are likely to outweigh the benefits, the likely outcome is that they will circumvent security. Other researchers have studied various ways for improving information security compliance. [35] has worked on involving stakeholders in information security design, [36, 37] used e-learning and interactive computer-based learning to improve awareness. [38, 39] suggest that better communication and discussion of information security amongst employees will help improve behaviour towards information security. [30, 40] found that deterrence methods are effective in influencing employee compliance behaviour. Further, [41, 42] suggest that in order to have an effective improvement information security, the organisation s culture needs to be changed to foster a more holistic view of information security. Researchers such as [43] have looked into persuasive technology to influence stakeholders to choose more appropriate behaviour when faced with information security issues. Other factors,
4 including elements of human characteristics and traits have been studied to understand the act of compliance phenomena (Shropshire et al., 2006). Such characteristics and traits include: thinking before acting, delaying gratification, following norms and rules, and planning, organizing, and prioritizing tasks and agreeableness, friendliness, pro-social and communal orientation towards others are positively related to Information Security compliance behaviour. [27] assume that risky computing behaviour is a result of individual choices that are at least weakly guided by considerations of the probability and desirability of consequences, and propose that conscious thought about consequences plays some role in guiding risky behaviour. The model proposed by [27] postulates that the antecedents of a stakeholder s choice process are the stakeholder s perceptions of several factors such as availability and usability of safe practices, probability of negative consequences, significance of negative consequences, ease of recovery, and beliefs regarding peer behaviour. The stakeholder's perceptions of these factors are formed based on the knowledge of the stakeholder about the factors constructed from various information sources such as training attended, news and media, through communication from peers and friends, policies and procedures as well as personal experience. [45] in their study to explain privacy disclosure behaviour on social network sites combine theory of planned behaviour (TPB) [46] with privacy calculus theory [47]. [46] suggests that behaviour can be explained by behavioural beliefs, normative beliefs, and self-efficacy as antecedents of attitudes, subjective norms, and perceived behavioural control, respectively. This finding may also be relevant to the use of information security countermeasures; that is, if the stakeholder perceives the value of information they are handling as high they might equally see the need for the protection of the information as high. Although there has been much research on this issue, the question why stakeholders engage in risky behaviour is still valid and perplexes researchers. Providing answers to this question will help information security personnel in their quest to improve the situation. To better understand stakeholder decision making on behaviour in the context of information security, we present in this paper an interpretative model that seeks explanation from a different perspective to that investigated by other researchers. The model assumes that the decision made by stakeholders on their compliance behaviour is relative to a perceived value they assign to the information. PROPOSED MODEL A preliminary interpretative model is proposed, which describes the possible relationship between stakeholders behaviour with information security countermeasures and the process of assigning value to information, particularly towards the compliance with information security policies (ISP). The proposed model, which is depicted in figure 1, comprises two main components; the inner circles and the outer square tabs. FIGURE 1. Proposed interpretive model for the study
5 The inner circles depict the process of how stakeholders form their information security compliance behaviour. The assumption is that it starts with a stakeholder assigning value to the information they are working with. At this stage, the value is based on the stakeholder s perceived assessments of existing situations and knowledge. The assigned value of the information or information value translates into the stakeholder s information security behaviour." In the next half of the cycle, existing information security behaviours are predicted to influence the actual value of the information. These representations in turn feed into commonly accepted information value. The cycle of value assigning process is predicted to be significantly influenced by four major variables: importance metrics, security metrics, value dimensions and cultural impacts. The outer square tabs represent the various level of stakeholders in an organisation that according to [35] will have a different view of the information valuation process and who may be differently influenced by the variables mentioned above as well as the management s objectives and structures. This model raises numerous issues regarding the relationships of its various components and its overall efficacy in predicting stakeholder behaviour. The model aims to help understand how stakeholders choose to behave towards compliance with information security countermeasures. It is believed that the value placed on information will have a significant impact on how stakeholders choose to behave. So, it is important to understand the process by which stakeholders perceive information value and how the perceived information value can influence and affect their decision to behave. Particularly, it is of interest to explore the mediating relationship of stakeholders perceived value of information with information security compliance. On the other hand, it is postulated that stakeholders actual behaviour towards information security compliance may significantly impact the value of information. Based on the assumptions outlined above, it is postulated, that stakeholder's perceived value of information will have a significant impact on how they judge to behave towards complying or not complying with information security countermeasures instigated to protect that information. It is also postulated that what stakeholders believe the value of the information to be will have an impact on how they choose to behave. This helps to derive the assumptions that the higher the perceived value of information, the higher the likelihood of compliance with information security countermeasures; conversely the better protection of information by stakeholders will have an impact on the perceived value of the information. It is also noted that other issues such as the importance and sensitivity of information, cultural factors, as well as other value dimensions, may have an impact on how value to information is created by the stakeholder. In the light of these findings, it is also the objective of this study to explore how these variables may influence the information value creation' process in an organisation. The value dimensions factors used in this study are factors that may influence stakeholders preference judgment as described by [48] in the context of consumer value creation towards satisfaction on product and services. [48] suggests that consumers construct value from different dimensions such as economic, social, altruistic and aesthetic value. The researchers believe that some of these dimensions of value would have a similar impact on stakeholders information security compliance decisions. 4.0 PILOT STUDY RESULTS AND DISCUSSION To begin investigating the validity of this framework, we have designed a two-phase study. In the initial phase, semi-structured interviews will be to explore the following questions: What is information value according to information security stakeholders and how is it being signified? What value creating processes and value creation activities might significantly influence perceived value? What is the impact of perceived information value on stakeholders information security behaviour? What is the impact of actual value of the information on the perceived information value? What is the impact of organisational and national culture on how stakeholders appreciate information value?
6 Before carrying out the data collection interviews a series of pilot interviews were carried out. The purpose of the pilot interviews was to benchmark or be a testing ground' to measure the feasibility of the interview structures and questions. Five Brunei government s staffs that are currently in the United Kingdom were interviewed. The pilot results show very positive indicators that support the model under investigation. The following is a summary of findings grouped under some common themes. Themes used are mostly pre-determined from the model but some surfaced during the analysis of the data. Value of information Responses for this theme indicate that the process of assigning value to information varies by the context in terms of how, where and why the information is being utilised. Some of the values assigned to information are categorised under monetary value, national security and self-esteem. These themes indicate the various dimensions that are considered important to the stakeholders; the less the information is perceived to have a beneficial effect for the respondents, the less attention is paid to its protection and security. The information that relates to the above categories is seen to have higher value than others. Importance Metrics The importance of information to the development of the respondent's work is also undeniable. Stakeholders are appreciative when they clearly recognize how information explicitly facilitates the accomplishment of their tasks. One way this is expressed, is in terms of the importance of information to help in securing promotion. Promotion is associated with being able to respect and handle information appropriately, and efficiency and effectiveness of rendering services. There is also a notion that indicates that importance of information relates to the level of responsibilities and hierarchical level in the organisation, for example, lower level staff such as clerks are seen to have less responsibility towards information as they are perceived as not to handle important data or information. Confidentiality and Sensitivity of Information Confidentiality and sensitivity of information are two themes that are seen to have great potential in influencing value assignment to information. Some information is considered to be sensitive because it concerns family dignity or national secrets, other types are considered sensitive because such information will cause confusion, havoc and fear when not handled and protected appropriately, which might end up in civil unrest. It is for these reasons that the respondents think that protection of such information become more important. Cultural Impacts Cultural norms that include peer pressure are also seen as factors that can influence how much stakeholders value information and information protection. Due to family ties and the feeling of responsibility people are willing to bend rules to share information or give access to others. Responding to a request by prominent person in the community for sensitive information is seen as a reason to breach rules, respecting ranks in some organisations is also another source of rule breaching. The belief that sharing is caring is seen as an embedded cultural value in this national context (Brunei Darussalam), and most of the time cannot be ignored. CONCLUSIONS AND FURTHER WORK The research is exploratory by nature and takes a pragmatic approach. Despite being at the early stage of the study, positive indications emerge in support of some of the assumptions in the interpretative model. This is evidenced from the responses of interviewees categorised into the various themes. On the other hand, evidence to support the assumption that "the actual behaviour performed by stakeholders will have an impact on the value of the information" does not clearly surface from the pilot results. This is an aspect that will be investigated in further detail in the next phase of the study. The initial findings from the pilot study provide support to carry on with the full-scale study. It is expected that more themes and patterns will emerge from the data collected in the full-scale study and would empirically populate the proposed interpretive model so that it may be used in facilitating predictions on stakeholders information security behaviour. The interviews for the next phase are planned to involve 46 employees at different levels of responsibilities from various government departments and institutions within the 12 government ministries in Brunei Darussalam. Three
7 levels of responsibilities as depicted by the model (square tabs) in figure 1 are chosen to be one of the demographic divisions of the interviewees. These are sub-categorised as IT/IS personnel, Information Owner/Manager (further sub-categorized as Manager and Supervisor) and general stakeholders. Where possible, one representative from each category in each ministry will be selected. REFERENCES [1] M. Gerber and R. Von Solms, Management of risk in the information age, Comput. Secur., vol. 24, no. 1, pp , Feb [2] J. Widman, 10 Massive Security Breaches, Information week Security, [3] E. Orna, Information strategy in practice. Gower Publishing Limited, 2004, p [4] T. H. Davenport and La. Prusak, Working Knowledge, how organizations mange what they know. USA: Harvard Business School Press, 2000, p [5] A. Mowshowitz, On the market value of information commodities. I. The nature of information and information commodities, J. Am. Soc. Inf. Sci., vol. 43, no. 3, pp , Apr [6] Rossouw von solms, Information Management & Computer Security Information security management ( 1 ): why information security is so important, Inf. Manag. Comput. Secur., vol. 6, no. 4, pp , [7] N. F. Doherty and H. Fulford, Aligning the information security policy with the strategic information systems plan, Comput. Secur., vol. 25, no. 1, pp , Feb [8] Y. Cherdantseva and J. Hilton, Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals., [Online]. Available: [Accessed: 14-Sep-2012]. [9] G. S. Dardick, Cyber Forensics Assurance, in Australian Digital Forensics Conference, [10] K. S. Wilson, Conflicts Among the Pillars of Information Assurance, IEE Comput. Soc., no. August, pp , [11] A. Adams and A. Sasse, User are not the enemy, Commun. ACM, vol. 42, no. 12, pp , [12] A. Beautement, M. A. Sasse, and M. Wonham, The Compliance Budget : Managing Security Behaviour in Organisations, Security, [13] S. El Aoufi, Economic Evaluation of Information Security, Vrije University Amsterdam, [14] M. Siponen, A. Vance, and R. Willison, New Insights for an Old Problem: Explaining Software Piracy through Neutralization Theory, MIS Q., vol. 34, no. 3, pp , [15] M. Fishbein and Ic. Ajzen, Predicting and Changing Behaviour: The Reasoned Action Approach. Tylor & Francis, 2011, p [16] P. Puhakainen and M. Siponen, Imporving employees compliance through information system security training: an action research study, MIS Q., vol. 34, no. 4, pp , [17] J. M. Stanton, K. R. Stam, P. Mastrangelo, and J. Jolton, Analysis of end user security behaviors, Comput. Secur., vol. 24, no. 2, pp , Mar [18] S. Kraemer, P. Carayon, and J. Clem, Human and organizational factors in computer and information security: Pathways to vulnerabilities, Comput. Secur., vol. 28, no. 7, pp , Oct [19] M. T. Siponen and H. Oinas-kukkonen, A review of Information Security Issues and Respective Contributions, DATA BASE Adv. Inf. Syst., vol. 38, no. 1, pp , [20] S. Pahnila, M. Siponen, and A. Mahmood, Which Factors Explain Employees Adherence to Information Security Policies? An Empirical Study, in Pacific Asia Conference on information system, [21] L. Muniandy and B. Muniandy, State of Cyber Security and the Factors Governing its Protection in Malaysia, Int. J. Appl. Sci. Technol., vol. 2, no. 4, pp , [22] Eric Savitz, Humans: The Weakest Link In Information Security - Forbes, pp , [23] B. Bulgurcu, C. Hasan, and I. Benbasat, Information security policy compliance: an empirical study of rationaly based beliefs and information security awareness, MIS Q. Exec., vol. 34, no. 3, pp , [24] G. Notoatmodjo, Exploring the Weakest Link : A Study of Personal Password Security, no. December, [25] J. V. Harrison, Enhancing network security by preventing user-initiated malware execution, Int. Conf. Inf. Technol. Coding Comput. - Vol. II, pp Vol. 2, 2005.
8 [26] M. A. Sasse, S. Brostoff, and D. Weirich, Transforming the weakest link a human/computer interaction approach to usable and effective security, BT Technol. J., vol. 19, no. 3, p. 122, [27] K. Aytes and T. Conolly, A Research Model for Investigating Human Behavior Related to Computer Security, in AMCIS 2003 Proceedings, [28] M. Chan, I. Woon, and A. Kankanhalli, Perceptions of Information Security at the Workplace : Linking Information Security Climate to Compliant Behavior Mark Chan National University of Singapore Irene Woon School of Computing, National University of Singapore Atreyi Kankanhalli School of Com, J. Inf. Priv. Secur., vol. 1, no. 3, pp , [29] T. Herath and H. R. Rao, Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness, Decis. Support Syst., vol. 47, no. 2, pp , May [30] P. Ifinedo, Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory, Comput. Secur., vol. 31, no. 1, pp , Feb [31] N. Mohamed and I. H. Ahmad, Information privacy concerns, antecedents and privacy measure use in social networking sites: Evidence from Malaysia, Comput. Human Behav., vol. 28, no. 6, pp , Nov [32] S. P. Rajh, Comparison of perceived value structural models, Mark. Sci. J. Crotia, vol. 24, no. 1, pp , [33] A. Eggert and W. Ulaga, Customer perceived value: a substitute for satisfaction in business markets?, J. Bus. Ind. Mark., vol. 17, no. 2/3, pp , [34] M. Siponen, S. Pahnila, and A. Mahmood, Factors Influencing Protection Motivation and IS Security Policy Compliance. IEEE, 2006, pp [35] E. Albrechtsen, A qualitative study of users view on information security, Comput. Secur., vol. 26, no. 4, pp , Jun [36] C. Chen, R. S. Shaw, and S. Yang, Mitigating Information Security Risks by Increasing User Security Awareness : A Case Study of an Information Security Awareness System, Inf. Secur., vol. 24, no. 1, pp. 1 14, [37] S. M. Furnell, M. Gennatou, and P. S. Dowland, A prototype tool for information security awareness and training, Logist. Inf. Manag., vol. 15, no. 5/6, pp , [38] S. Hansche, Designing a Security Awareness Program: Part 1, Inf. Syst. Secur., vol. 9, no. 6, pp. 1 9, Jan [39] ENISA, The new users guide: How to raise information security awareness (EN) ENISA [40] M. Siponen and A. Vance, Neutralization: New insights into the problem of employee information systems security policy violations, MIS Q., vol. 34, no. 3, pp , [41] E. M. Power, Developing a Culture of Privacy: A Case Study, vol. 5, no. 6. IEEE Computer Society, 2007, pp [42] R. Power and D. Forte, Case Study: a bold new approach to awareness and education, and how it met an ignoble fate, Comput. Fraud Secur., vol. 2006, no. 5, pp. 7 10, May [43] A. C. Yeo, M. Rahim, and Y. Y. Ren, Use of Persuasive Technology to Change End- Users IT Security Aware Behaviour : A Pilot Study, Int. J. Hum. Soc. Sci., vol. 4, no. 9, pp , [44] J. Shropshire, A. Johnston, M. Schmidt, and A. C. Johnston, Personality and IT security : An application of the five-factor model Personality and IT security : An application of the five-factor model, in AMCIS 2006 Proceedings, [45] X. Li and X. Chen, Factors Affecting Privacy Disclosure on Social Network Sites: An Integrated Model, 2010 Int. Conf. Multimed. Inf. Netw. Secur., pp , [46] I. Ajzen, The Theory of Planned Behavior, Organ. Behav. Hum. Decis. Process., vol. 50, pp , [47] E. F. Stone and D. L. Stone, Privacy in organizatios: theoretical issues, research findings, and protection mechanism, Management, vol. 8, pp , [48] Morris B. Holbrook, The Nature of Customer Value: An Axiology of Services in the Consumption Experience., in Service Quality: New Directions in Theory and Practice., R. Rust and R. Oliver, Eds. CA: Thousand Oaks, 1994, pp
A Theory of Employee Compliance with Information Security
Association for Information Systems AIS Electronic Library (AISeL) MWAIS 2014 Proceedings Midwest (MWAIS) 5-15-2014 A Theory of Employee Compliance with Information Security David Sikolia dsikoli@ilstu.edu,
More informationDiscussion of Technostress Impact on Employees Information Security Behaviour
Discussion of Technostress Impact on Employees Information Security Behaviour Masterarbeit zur Erlangung des akademischen Grades Master of Science (M.Sc.) im Masterstudiengang Wirtschaftswissenschaft der
More informationImpact of Protection Motivation and Deterrence on IS Security Policy Compliance: A Multi- Cultural View
Association for Information Systems AIS Electronic Library (AISeL) WISP 2012 Proceedings Pre-ICIS Workshop on Information Security and Privacy (SIGSEC) Winter 12-15-2012 Impact of Protection Motivation
More informationInformation Security Policy Compliance: A User Acceptance Perspective
Association for Information Systems AIS Electronic Library (AISeL) MWAIS 2011 Proceedings Midwest (MWAIS) 5-20-2011 Information Security Policy Compliance: A User Acceptance Perspective Ahmad Al-Omari,
More informationToward Developing a Theory of End User Information Security Competence
Toward Developing a Theory of End User Information Security Competence Canchu Lin University of Toledo Canchu.lin@rockets.toledo.edu Anand S. Kunnathur University of Toledo anand.kunnathur@utoledo.edu
More informationAIS Electronic Library (AISeL) Association for Information Systems. Stefan Bauer Vienna University of Economics and Business,
Association for Information Systems AIS Electronic Library (AISeL) CONF-IRM 2013 Proceedings International Conference on Information Resources Management (CONF-IRM) 5-2013 IT operational risk awareness
More informationEnd-user IT Security Policy Compliance: A Confidence-Building Measures Approach
End-user IT Security Policy Compliance: A Confidence-Building Measures Approach Abstract Research-in-Progress Emmanuel Ayaburi The University of Texas at San Antonio emmanuel.ayaburi@utsa.edu Corporate
More informationMotivating Employees to Comply with Information Security Policies
Association for Information Systems AIS Electronic Library (AISeL) MWAIS 2016 Proceedings Midwest (MWAIS) Spring 5-19-2016 Motivating Employees to Comply with Information Security Policies David Sikolia
More informationChapter Learning Objectives After studying this chapter you should be able to:
Chapter Learning Objectives After studying this chapter you should be able to: 1. Characterize the nature of motivation, including its importance and basic historical perspectives. 2. Identify and describe
More informationInvestigating Continuous Security Compliance Behavior: Insights from Information Systems Continuance Model
Investigating Continuous Security Compliance Behavior: Insights from Information Systems Continuance Model Full Paper Javad Abed Gurpreet Dhillon Virginia Commonwealth University Virginia Commonwealth
More informationSafety Perception / Cultural Surveys
Safety Perception / Cultural Surveys believes in incorporating safety, health, environmental and system management principles that address total integration, thus ensuring continuous improvement, equal
More informationInformation Security Governance and Internal Audits: A Processual Model
Association for Information Systems AIS Electronic Library (AISeL) SAIS 2007 Proceedings Southern (SAIS) 3-1-2007 Information Security Governance and Internal Audits: A Processual Model Sushma Mishra mishras@vcu.edu
More informationKnowledge Management System Adoption and Practice in Taiwan Life Insurance Industry: Analysis via Partial Least Squares
Association for Information Systems AIS Electronic Library (AISeL) PACIS 2007 Proceedings Pacific Asia Conference on Information Systems (PACIS) 2007 Knowledge Management System Adoption and Practice in
More informationSocial Media Malware: Determinants of Users Intention to Share Potentially Infected Posts
Social Media Malware: Determinants of Users Intention to Share Potentially Infected Posts Emergent Research Forum Paper Sonia Camacho Universidad de los Andes so-camac@uniandes.edu.co Abstract Malware
More informationSolution Evaluation. Chapter Study Group Learning Materials
Chapter Study Group Learning Materials 1 2015, International Institute of Business Analysis (IIBA ). Permission is granted to IIBA Chapters to use and modify this content to support chapter activities.
More informationRequirements Analysis and Design Definition. Chapter Study Group Learning Materials
Requirements Analysis and Design Definition Chapter Study Group Learning Materials 2015, International Institute of Business Analysis (IIBA ). Permission is granted to IIBA Chapters to use and modify this
More information"IT Governance Helping Business Survival
"IT Governance Helping Business Survival Steve Crutchley CEO & Founder Consult2Comply www.consult2comply.com Introduction Steve Crutchley Founder & CEO of Consult2Comply 39 Years IT & Business Experience
More informationIT Security Policies and Employee Compliance: The Effects of Organizational Environment
IT Security Policies and Employee Compliance: The Effects of Organizational Environment Kendal Stephens LaFleur, Narasimha Shashidhar Department of Computer Science Sam Houston State University Huntsville,
More informationKnowledge of Security Protocols and Acceptance of E-commerce
Knowledge of Security Protocols and Acceptance of E-commerce Sumendra Singh, Faculty of Business and IT, Webster University, Thailand. E-mail: singh89sumendra@gmail.com Leslie Klieb, Faculty of Business
More informationInternalization of Information Security Policy and Information Security Practice: A Comparison with Compliance
Proceedings of the 51 st Hawaii International Conference on System Sciences 2018 Internalization of Information Security Policy and Information Security Practice: A Comparison with Compliance Minjung Park
More informationStrategy Analysis. Chapter Study Group Learning Materials
Chapter Study Group Learning Materials 2015, International Institute of Business Analysis (IIBA ). Permission is granted to IIBA Chapters to use and modify this content to support chapter activities. All
More informationHigh Impact Internal Audit Leadership. Contents are subject to change. For the latest updates visit
High Impact Internal Audit Leadership Page 1 of 7 Why Attend Today s chief audit executives, their deputies and internal audit managers need to work closely with business leaders, boards, audit committees,
More informationINTEGRITY MANAGEMENT CONTINUOUS IMPROVEMENT. Foundation for an Effective Safety Culture
INTEGRITY MANAGEMENT CONTINUOUS IMPROVEMENT Foundation for an Effective Safety Culture June 2011 Foundation for an Effective Safety Culture describes the key elements of organizational culture and business
More informationFIFTEEN MINUTES OF SHAME: A MULTILEVEL APPROACH OF THE ANTECEDENTS AND EFFECTS OF CORPORATE ACCOUNTING SCANDALS JESUS RODOLFO JIMENEZ-ANDRADE
FIFTEEN MINUTES OF SHAME: A MULTILEVEL APPROACH OF THE ANTECEDENTS AND EFFECTS OF CORPORATE ACCOUNTING SCANDALS by JESUS RODOLFO JIMENEZ-ANDRADE Executive summary corresponding to the full document submitted
More informationTITAN People Management Framework
TITAN People Management Framework Our Vision Throughout our long history, TITAN has been a people driven organization, recognizing that sustainable growth relies on the caliber, behavior and collaboration
More informationNACCHO GOVERNANCE CODE: NATIONAL PRINCIPLES AND GUIDELINES FOR GOOD GOVERNANCE
NACCHO GOVERNANCE CODE: NATIONAL PRINCIPLES AND GUIDELINES FOR GOOD GOVERNANCE Introduction In this code: board means the governing body of the organisation objectives includes aims, purposes and objects
More informationWeek 1: What is Marketing?
Week 1: What is Marketing? What is Marketing? " The activity, set of institutions, and processes for creating, communicating, delivering and exchanging offerings that have value for customers, clients,
More informationRichard Welford. CSR Asia
ISO 26000 Richard Welford CSR Asia CSR Asia 2011 www.csr-asia.com ISO26000: Now we know what CSR is not It is not about: 1. Giving away money: Philanthropy is mentioned once 2. Planting a few trees 3.
More informationInformation Security Policies Compliance: The Role of
Information Security Policies Compliance: The Role of Organizational Punishment Mohammad I. Merhi Department of Computer Information Systems & Quantitative Methods College of Business Administration University
More informationUnderstanding the Current Situation of E-Government in Saudi Arabia: A Model for Implementation and Sustainability
Understanding the Current Situation of E-Government in Saudi Arabia: A Model for Implementation and Sustainability Majed Alfayad and Edward Abbott-Halpin School of Computing, Creative Technology, and Engineering,
More informationUnderstanding Information Security Culture: A Survey in Small and Medium Sized Enterprises
Understanding Information Security Culture: A Survey in Small and Medium Sized Enterprises Isabel Lopes and Pedro Oliveira School of Technology and Management, Polytechnic Institute of Bragança (IPB),
More informationthe council initiative on public engagement
public engagement at the city of edmonton share your voice shape our city the council initiative on public engagement new public engagement practice and implementation roadmap final report CITY OF EDMONTON
More informationCourse Objectives. Carry out the task of security risk management using various practical and theoretical tools.
Security Management Course Objectives The course is aimed at imparting knowledge and skill sets required to assume the overall responsibilities of administration and management of security of an enterprise
More informationConceptualizing Software Engineering People Issues
Conceptualizing Software Engineering People Issues Medha Umarji, Carolyn Seaman Dept. of Information Systems Univ. of Maryland Baltimore County Baltimore, USA {medha1, cseaman} @umbc.edu Abstract. The
More informationCORE COMPETENCIES. For all faculty and staff
SELF-AWARENESS & PROFESSIONALISM Being mindful of one s impact on others and managing thoughts, feelings and actions in an effective manner. INTEGRITY Conducting oneself and activities according to the
More informationAn Analysis of Social Networks Usage for Information Communication in Business Organization
An Analysis of Social Networks Usage for Information Communication in Business Organization Gamonkwan Phuk-intr Chulalongkorn Business School, Chulalongkorn University, Thailand. Kanibhatti Nitirojntanad
More informationProvided by the author(s) and NUI Galway in accordance with publisher policies. Please cite the published version when available.
Provided by the author(s) and NUI Galway in accordance with publisher policies. Please cite the published version when available. Title Data Protection and Employee Behaviour: The Role of Information Systems
More informationHSE Audit Solutions 2017: Update Smarter Operational Risk, Compliance & Safety Decisions
www.arkworkplacerisk.com Audit Solutions 2017; Update 2017 Ark Workplace Risk HSE Audit Solutions 2017: Update Smarter Operational Risk, Compliance & Safety Decisions HSE Audit Solutions are fast becoming
More informationLecture 1: Introduction to Marketing; The Marketing Environment and Market Analysis Chapters 1.
Lecture 1: Introduction to Marketing; The Marketing Environment and Market Analysis Chapters 1. What is marketing? Marketing- the activity, set of institutions, and processes for creating, communicating,
More informationChapter 1 Cost Management and Strategic Decision Making
Chapter 1 Cost Management and Strategic Decision Making LO 1: Understand how cost management supports strategic planning and decision making. Characteristics of Cost management Cost management is important
More informationPowering tomorrow s metropolis by
Powering tomorrow s metropolis by green electricity Alexander Frenzel and Ritsuko Ozaki The University of Tokyo Imperial College London Joint Symposium on Innovation in Energy Systems, 31 January - 1 February
More informationCorporate Risk Management Services. Pinkerton is a leading provider of risk management services and solutions for organizations around the globe.
Corporate Risk Management Pinkerton is a leading provider of risk management services and solutions for organizations around the globe. New threats arise every day. Is your business fully protected? Manage
More informationTPB (Ajzen, 1991), TAM (Davis et al., 1989) Topic: E-filing
TPB (Ajzen, 1991), TAM (Davis et al., 1989) Topic: E-filing Perceived usefulness Attitude Intention Ease of use Perceived behavioral control Subjective norm Introduction Over the recent years, government
More informationBUSINESS COMPLIANCE WITH COMPETITION RULES
28 November 2011 BUSINESS COMPLIANCE WITH COMPETITION RULES KEY MESSAGES 1 2 3 Competition provides the best incentive for efficiency, encourages innovation and guarantees consumers the best choice for
More informationSKILLS FRAMEWORK FOR HOTEL AND ACCOMMODATION SERVICES SKILLS STANDARDS FOR LAUNDRY MANAGER
Occupation: Laundry Manager Occupation Description: The Laundry Manager controls and oversees all laundry operators, supplies and materials to ensure maximum efficiency in the performance of the housekeeping
More informationWellness Framework PHYSICAL AND PSYCHOLOGICAL HEALTH, SAFETY AND WELLNESS FRAMEWORK
Wellness Framework PHYSICAL AND PSYCHOLOGICAL HEALTH, SAFETY AND WELLNESS FRAMEWORK 2017 Contents 1.0 PURPOSE AND OVERVIEW... 3 2.0 VISION... 3 3.0 DEFINING THE MODEL WORKPLACE... 4 4.0 LEADERSHIP COMMITTMENT...
More informationIntegrating Trust in Electronic Commerce with the Technology Acceptance Model: Model Development and Validation
Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2001 Proceedings Americas Conference on Information Systems (AMCIS) December 2001 Integrating Trust in Electronic Commerce with
More informationMaersk Global Labour Relations Framework
Page 1 of 16 Maersk Global Labour Relations Framework Introduction page 2 Compliance page 2 Four pillars for Global Labour Relations: 1. Global Labour Relations Vision & Strategy page 4 2. Maersk COMMIT
More informationCode of Conduct. Contents 1 Introduction from the CEO 2 Our people 5 How we work 9 Whistleblowing and enforcement
Code of Conduct Code of Conduct Contents 1 Introduction from the CEO 2 Our people 5 How we work 9 Whistleblowing and enforcement All policies referred to in this document are available to employees on
More informationProcedia - Social and Behavioral Sciences 156 ( 2014 )
Available online at www.sciencedirect.com ScienceDirect Procedia - Social and Behavioral Sciences 156 ( 2014 ) 130 134 19th International Scientific Conference; Economics and Management 2014, ICEM 2014,
More informationPro-environment Consumer Behaviour, Pro-environment Management, and Hotel Performance
Pro-environment Consumer Behaviour, Pro-environment Management, and Hotel Performance Author Dharmesti, Maria Published 2014 Conference Title 6th EMAN Asia-Pacific International Conference 2014: Environmental
More informationOrganizational Information Security Culture Assessment
286 Int'l Conf. Security and Management SAM'15 Organizational Information Security Culture Assessment Areej AlHogail 1 and Abdulrahman Mirza 2 Department of Information Systems College of Computing and
More informationInformation Security Roles and Responsibilities Procedure Page 1
Information Security Roles and Responsibilities Procedure Reference No. xx Revision No. 2 Relevant ISO Control No. 8.1.1 Issue Date: July 17 th 2012 Revision Date: Jan 16 th 2013 Approved by: Title: Ted
More informationTHE COSTS AND BENEFITS OF DIVERSITY
Fundamental rights & anti-discrimination THE COSTS AND BENEFITS OF DIVERSITY European Commission Emplo 2 THE COSTS AND BENEFITS OF DIVERSITY A Study on Methods and Indicators to Measure the Cost-Effectiveness
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationCopyright subsists in all papers and content posted on this site.
Student First Name: Ali Student Second Name: Almakrami Copyright subsists in all papers and content posted on this site. Further copying or distribution by any means without prior permission is prohibited,
More informationRegistration Details. How to Interpret the Report?
Mettl Leadership Development Report sample sample.report@mettl.com Test Taken on: September 13, 2017 0:4:09 PM IST Finish State: Normal Registration Details Email Address: sample.report@mettl.com First
More informationRegistration Details. How to Interpret the Report?
Mettl Leadership Assessment - Demo sample_report@mettl.com Test Taken on: June 14, 2017 07:02:4 PM IST Finish State: Normal Registration Details Email Address: sample_report@mettl.com First Name: Sample
More informationA Proposition for a Service Systems Design Method *
A Proposition for a Service Systems Design Method * Blagovesta Kostova 1[0000-0001-9890-5227] 1 École polytechnique fédérale de Lausanne, 1015 Lausanne, Switzerland blagovesta.kostova@epfl.ch 1 State of
More informationGSR Management System - A Guide for effective implementation
GSR Management System - A Guide for effective implementation 1 Introduction Governments are facing challenges in meeting societal expectations and have an interest in Governmental Social Responsibility
More informationTranslate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.
Principles Principle 1 - Meeting stakeholder needs The governing body is ultimately responsible for setting the direction of the organisation and needs to account to stakeholders specifically owners or
More informationCertificate in Internal Audit 3. Advanced Audit Techniques
Certificate in Internal Audit 3 Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit projects, contracts
More informationTHE ARCG CHARTER. Issued in March 2008
THE ARCG CHARTER Issued in March 2008 Index Part A Internal Audit Purpose Charter Mission Independence Scope & Responsibilities Authority Accountability Standards Part B Compliance Introduction Guiding
More informationRisk Management Policy and Framework
Risk Management Policy and Framework Introductory Note to User: CompanyLongName There is no requirement in Australia for a non-publicly listed entity (other than a company regulated by APRA) to comply
More informationSKILLS FRAMEWORK FOR HOTEL AND ACCOMMODATION SERVICES SKILLS STANDARDS FOR DIRECTOR OF PUBLIC RELATIONS/DIRECTOR OF MARKETING COMMUNICATIONS
Occupation: Director of Public Relations/Director of Marketing Communications Occupation Description: The Director of Public Relations/Director of Marketing Communications is responsible for the planning,
More informationRisk Culture: The Heart and Soul of Enterprise Risk Management
Risk Culture: The Heart and Soul of Enterprise Risk Management Philadelphia AFP Conference May 4, 2017 Edmund Green, Managing Director Risk Consulting KPMG, LLP Agenda Introductions What is Culture The
More informationCertified Internal Auditor (CIA ) Exam Syllabus
Certified Internal Auditor (CIA ) Exam Syllabus Part 1 Internal Audit Basics 125 questions 2.5 Hours (150 minutes) The CIA exam Part 1 topics tested include aspects of mandatory guidance from the IPPF;
More informationChapter 6 Field Work Standards for Performance Audits
Chapter 6 Field Work Standards for Performance Audits Introduction 6.01 This chapter contains field work requirements and guidance for performance audits conducted in accordance with generally accepted
More informationRisk Management Policy
Risk Management Policy IPH Limited ACN 169 015 838 1. Introduction Organisations of all types and scale face internal and external factors and influences that make it uncertain whether and when they will
More informationCHAPTER 1: THE FIELD OF ORGANIZATIONAL BEHAVIOR
CHAPTER 1: THE FIELD OF ORGANIZATIONAL BEHAVIOR CHAPTER SYNOPSIS The chapter introduces Organizational Behavior (OB) as an important field of study. OB has four essential characteristics: (1) the use of
More informationChapter 11 Human resource management
Chapter 11 Human resource management 1.1. Human resources management and organization effectiveness... 2 2. Human resources planning... 2 2.1. Job analysis... 2 2.2. Job description... 2 2.3. Job specification...
More informationWhen Recognition Matters CODE OF ETHICS PO1-PECB Code of Ethics Version: 2.0 Revised:
When Recognition Matters CODE OF ETHICS www.pecb.com 05000-PO1-PECB Code of Ethics Version: 2.0 Revised: 2017-12-19 Foreword PECB is fully committed to adhere to the highest ethical conducts and values.
More informationCompliance digitalization The impact on the Compliance function. Deloitte Risk Services April 2016
Compliance digitalization The impact on the Compliance function Deloitte Risk Services April 2016 2 Contents Preface 5 Management summary 6 Effects of digitalization 7 Using data in the compliance function
More informationLeading at UWA. An integrated leadership system for leaders at all levels ORGANISATIONAL & STAFF DEVELOPMENT SERVICES
Leading at UWA ORGANISATIONAL & STAFF DEVELOPMENT SERVICES Organisational & Staff Development Services The University of Western Australia M400, 35 Stirling Highway, Crawley WA 6009 Tel: +61 8 6488 1504
More informationSKILLS FRAMEWORK FOR HOTEL AND ACCOMMODATION SERVICES SKILLS STANDARDS FOR ASSISTANT EXECUTIVE HOUSEKEEPER
Occupation: Assistant Executive Housekeeper Occupation Description: Reporting to the Executive Housekeeper or Director of Housekeeping, the Assistant Executive Housekeeper ensures consistently high operating
More informationTHE FUTURE OF VFM. A consideration of the challenges and potential solutions for improving its measurement and application.
THE FUTURE OF VFM A consideration of the challenges and potential solutions for improving its measurement and application A thought piece Introduction Value for Money (VfM) continues to be a hot topic
More informationISO 2018 COPYRIGHT PROTECTED DOCUMENT All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of th
INTERNATIONAL STANDARD ISO 31000 Second edition 2018-02 Risk management Guidelines Management du risque Lignes directrices Reference number ISO 31000:2018(E) ISO 2018 ISO 2018 COPYRIGHT PROTECTED DOCUMENT
More informationCIA EXAM CONTENT. Part 1 :The Internal Audit Activitys Role in Governance Risk and Control
CIA EXAM CONTENT Part 1 :The Internal Audit Activitys Role in Governance Risk and Control A. Comply with The IIA's Attribute Standards (15-25%) (P) 1. Define purpose, authority, and responsibility of the
More informationSynergistic Security: A Work System Case Study of the Target Breach
Journal of Cybersecurity Education, Research and Practice Volume 2017 Number 2 Article 4 December 2017 Synergistic Security: A Work System Case Study of the Target Breach Martha Nanette Harrell Arkansas
More informationAn Initial Study of Customer Internet Banking Security Awareness and Behaviour in China
Association for Information Systems AIS Electronic Library (AISeL) PACIS 2015 Proceedings Pacific Asia Conference on Information Systems (PACIS) 2015 An Initial Study of Customer Internet Banking Security
More informationThe Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector
The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational
More informationERROR! BOOKMARK NOT DEFINED.
TABLE OF CONTENTS LEAD AND LAG INDICATORS... ERROR! BOOKMARK NOT DEFINED. Examples of lead and lag indicators... Error! Bookmark not defined. Lead and Lag Indicators 1 GLOSSARY OF TERMS INTRODUCTION Many
More informationThe Merlin Principles. The Elements of each Principle
The Merlin Standard INTRODUCTION The development of the Merlin Standard has been progressed as a joint exercise between the Department for Work and Pensions (DWP) and its providers operating in the Welfare
More informationSKILLS FRAMEWORK FOR HOTEL AND ACCOMMODATION SERVICES SKILLS STANDARDS FOR PUBLIC RELATIONS MANAGER / MARKETING COMMUNICATIONS MANAGER
Occupation: Public Relations Manager/Marketing Communications Manager Occupation Description: The Public Relations Manager/Marketing Communications Manager directs the development and execution of marketing
More informationThe potential of knowledge management processes for facilitating PFI projects
Loughborough University Institutional Repository The potential of knowledge management processes for facilitating PFI projects This item was submitted to Loughborough University's Institutional Repository
More informationLIBERTY HOLDINGS LIMITED CODE OF ETHICS
LIBERTY HOLDINGS LIMITED CODE OF ETHICS 2 Our Liberty Holdings Limited and all its group and associate companies and subsidiaries (the company) are committed to maintaining the highest standards of ethical
More informationInvestigating Social Influence on Acceptance of Executive Information Systems: A UTAUT Framework Approach
Association for Information Systems AIS Electronic Library (AISeL) SAIS 2007 Proceedings Southern (SAIS) 3-1-2007 Investigating Social Influence on Acceptance of Executive Information Systems: A UTAUT
More informationImplementation and Requirements of ISO ND APRIL 2013 SHAH ALAM CONVENTION CENTRE SHAH ALAM, SELANGOR DARUL EHSAN
SEMINAR ON ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEM (SCSMS) Implementation and Requirements of ISO 28000 2 ND APRIL 2013 at SHAH ALAM CONVENTION CENTRE SHAH ALAM, SELANGOR DARUL EHSAN Presentation
More informationPerceptions of radiography and the NHS: some preliminary findings
Loughborough University Institutional Repository Perceptions of radiography and the NHS: some preliminary findings This item was submitted to Loughborough University's Institutional Repository by the/an
More informationImproving Information Security Management: an Australian Universities case study.
Improving Information Security Management: an Australian Universities case study. Topics 1. 2. Information Security Management Issues 3. Security Practitioner s Management Model 4. The design of a model
More informationEVALUATING IMPACT OF IT INVESTMENTS ON CUSTOMER SATISFACTION: AN EMPIRICAL STUDY ON THAILAND S MINISTRY OF TRANSPORT IT PROJECTS
EVALUATING IMPACT OF IT INVESTMENTS ON CUSTOMER SATISFACTION: AN EMPIRICAL STUDY ON THAILAND S MINISTRY OF TRANSPORT IT PROJECTS Pisit Chanvarasuth 1,* and Veera Boonjing 2 1 Management Technology Program,
More informationCONCLUSIONS, LIMITATIONS AND RECOMMENDATIONS
89 CHAPTER 6 CONCLUSIONS, LIMITATIONS AND RECOMMENDATIONS Chapter 6 presents the conclusions, limitations and recommendations of the research. The discussion focuses mainly on the literature review and
More informationBachelor in Business Administration
Bachelor in Business Administration Course Descriptions Programme Compulsory Courses LAW 021 Principles of Commercial Law This course deals with the study of the principles of commercial law through a
More informationOrganizational Behaviour
Bachelor of Commerce Programme Organizational Behaviour Individual Behaviour Goal setting and job satisfaction The Da Vinci Institute for Technology Management (Pty) Ltd Registered with the Department
More informationAssessing Information Security Culture: A Critical Analysis of Current Approaches
Assessing Information Security Culture: A Critical Analysis of Current Approaches Irene Okere The school of ICT Nelson Mandela Metropolitan University (NMMU) Port Elizabeth, 6031 South Africa Email: Irene.Okere2@nmmu.ac.za
More informationPART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)
PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3) 3.1 IV&V Methodology and Work Plan 3.1.1 NTT DATA IV&V Framework We believe that successful IV&V is more than just verification that the processes
More informationFY17-FY18 Audit Plan. Office of Internal Auditing
FY17-FY18 Audit Plan Office of Internal Auditing -Page Intentionally Blank- TABLE OF CONTENTS Executive Summary... 4 Audit Plan Details... 6 Budgeted Hours... 7 Risk Assessment... 8 Allocation of Resources...
More informationSathya Narayanan SIVAPRAKASAM, Manikandan VELRAJAN 3.2. KNOWLEDGE SHARING BEHAVIOUR IMPACTS OF TRUST CLIMATE AND ATTACHMENT TO KNOWLEDGE
3.2. Knowledge sharing behaviour impacts of trust climate and attachment to knowledge Sathya Narayanan SIVAPRAKASAM, Manikandan VELRAJAN DOI: 10.18515/dBEM.M2017.n02.ch15 3.2. KNOWLEDGE SHARING BEHAVIOUR
More informationHorizontal audit of the Public Services and Procurement Canada investigation management accountability framework
Final Report Horizontal audit of the Public Services and Procurement Canada investigation October 11, 2017 Office of Audit and Evaluation Table of contents Background... 1 About the audit... 2 Audit observations...
More informationThe Role and Impact of Cultural Dimensions on Information Systems Security in Saudi Arabia National Health Service
The Role and Impact of Cultural Dimensions on Information Systems Security in Saudi Arabia National Health Service Saleh Alumaran, Giampaolo Bella and Feng Chen Software Technology Research Laboratory
More information