Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Information Systems and e-Business Management
Erschienen in: Information Systems and e-Business Management 1/2023

12.10.2022 | Original Article

Moving beyond cyber security awareness and training to engendering security knowledge sharing

verfasst von: Saad Alahmari, Karen Renaud, Inah Omoronyia

Erschienen in: Information Systems and e-Business Management | Ausgabe 1/2023

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Employees play a critical role in improving workplace cyber security, which builds on widespread security knowledge and expertise. To maximise knowledge levels, organisations run awareness and training course. Yet, they should also encourage and facilitate Security Knowledge Sharing (SKS). To facilitate such sharing, we used a bespoke App which deploys a game to deliver security training and to encourage sharing based on the Transactive Memory System (TMS) theory. An empirical study was conducted within a Saudi Arabian Fortune 100 organisation to test the impact of the app on employee knowledge. The app demonstrated efficacy in enhancing organisational security awareness and knowledge. The results highlight the potential of TMS in improving overall security knowledge in organisations.
Vorheriger Artikel Towards a lightweight framework for service management evaluation in SMEs
Nächster Artikel Self-service business intelligence and analytics application scenarios: A taxonomy for differentiation

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Anhänge
Nur mit Berechtigung zugänglich
Literatur
Abawajy J (2014) User preference of cyber security awareness delivery methods. Behav & Info Technol 33:237–248CrossRef
Ahmed G, Ragsdell G, Olphert W (2014) Knowledge sharing and information security: a paradox? In: 15th european conference on knowledge management (ECKM 2014), Polytechnic Institute of Santarém Portugal. pp. 1083–1090
Ahmed M, Kambam HR, Liu Y, Uddin MN (2019) Impact of human factors in cloud data breach. In: International conference on intelligent and interactive systems and applications, Springer. pp. 568–577
Al Ahmari S, Renaud K, Omoronyia I (2018) A systematic review of information security knowledge-sharing research. In: Proceedings of the twelfth international symposium on human aspects of information security & assurance (HAISA 2018), p. 101
Aladawy D, Beckers K, Pape S (2018) Persuaded: fighting social engineering attacks with a serious game. In: International conference on trust and privacy in digital business, Springer. pp. 103–118
Alahmari S, Renaud K, Omoronyia I (2019) A model for describing and maximising security knowledge sharing to enhance security awareness. In: European, mediterranean and middle eastern conference on information systems, Springer. pp. 376–390
Alahmari S, Renaud K, Omoronyia I (2020) Implement a model for describing and maximising security knowledge sharing. In: 2020 15th international conference for internet technology and secured transactions (ICITST), IEEE. pp. 1–4
Aldawood H, Skinner G (2019) Reviewing cyber security social engineering training and awareness programs-pitfalls and ongoing issues. Fut Intern 11:73CrossRef
Ali A, Wang H, Khan AN (2019) Mechanism to enhance team creative performance through social media: a transactive memory system approach. Comp Human Behav 91:115–126CrossRef
Alkaldi N, Renaud K (2019) Encouraging password manager adoption by meeting adopter self-determination needs. In: Proceedings of the 52nd Hawai’i international conference on system sciences. January, Maui
Alotaibi F, Furnell S, Stengel I, Papadaki M (2018) Design and evaluation of mobile games for enhancing cyber security awareness. J Intern Technol Secur Trans 6:569–578
Alzahrani A, Johnson C (2019) Autonomy motivators, serious games and intention toward ISP compliance. Int J Seri Game 6:67–85CrossRef
Alzahrani A, Johnson C, Altamimi S (2018) Information security policy compliance: investigating the role of intrinsic motivation towards policy compliance in the organisation. In: 2018 4th International conference on information management (ICIM), IEEE. pp. 125–132
Ambrose ML, Kulik CT (1999) Old friends, new faces: motivation research in the 1990s. J Manag 25:231–292
Baard PP, Deci EL, Ryan RM (2004) Intrinsic need satisfaction: a motivational basis of performance and weil-being in two work settings. J Appl Soci Psychol 34:2045–2068CrossRef
Bada M, Sasse AM, Nurse JR (2019) Cyber security awareness campaigns: why do they fail to change behaviour? arXiv preprint arXiv:​1901.​02672
Battou A, Baz O, Mammass D (2016) Learning design approaches for designing virtual learning environments. Commun Appl Electr 5:31–37CrossRef
Bauer S, Bernroider EW (2017) From information security awareness to reasoned compliant action: analyzing information security policy compliance in a large banking organization. ACM SIGMIS Database: the DATABASE Adv Info Sys 48:44–68CrossRef
Becerra-Fernandez I, Sabherwal R (2014) Knowledge management: systems and processes. RoutledgeCrossRef
Bulgurcu B, Cavusoglu H, Benbasat I (2010) Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quart 34:523–548CrossRef
Cabrera EF, Cabrera A (2005) Fostering knowledge sharing through people management practices. Int J Human Res Manag 16:720–735CrossRef
Chen YH, Lin TP, Yen DC (2014) How to facilitate inter-organizational knowledge sharing: the impact of trust. Info Manag 51:568–578CrossRef
Choi SY, Lee H, Yoo Y (2010) The impact of information technology and transactive memory systems on knowledge sharing, application, and team performance: a field study. MIS Quart 34:855–870CrossRef
Cone BD, Irvine CE, Thompson MF, Nguyen TD (2007) A video game for cyber security training and awareness. Comput Secur 26:63–72CrossRef
Cronin MA, Weingart LR (2007) Representational gaps, information processing, and conflict in functionally diverse teams. Acad Manag Rev 32:761–773CrossRef
Dang D, Nkhoma M (2017) Effects of team collaboration on sharing information security advice: insights from network analysis. Info Resour Manag J (IRMJ) 30:1–15
Dang-Pham D, Pittayachawan S, Bruno V (2017) Why employees share information security advice? exploring the contributing factors and structural patterns of security advice sharing in the workplace. Comp Human Behav 67:196–206CrossRef
D’Arcy J, Hovav A, Galletta D (2009) User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Info Sys Res 20:79–98CrossRef
Davison RM, Ou CX, Martinsons MG (2013) Information technology to support informal knowledge sharing. Info Sys J 23:89–109CrossRef
DeCharms R (1972) Personal causation training in the schools 1. J Appl Soci Psychol 2:95–113CrossRef
Deci EL, Eghrari H, Patrick BC, Leone DR (1994) Facilitating internalization: the self-determination theory perspective. J Personal 62:119–142CrossRef
Deci EL, Ryan RM (2010) Intrinsic motivation. The Corsini Encyclopedia of Psychology, 1–2
Diggle PJ, Mateu J, Clough HE (2000) A comparison between parametric and non-parametric approaches to the analysis of replicated spatial point patterns. Adv Appl Probabil 32:331–343CrossRef
Dinneen L, Blakesley B (1973) Algorithm as 62: a generator for the sampling distribution of the mann-whitney u statistic. J Royal Stat Soci Series C (Appl Stat) 22:269–273
Dixon M, Gamagedara Arachchilage NA, Nicholson J (2019) Engaging users with educational games: The case of phishing. In: Extended abstracts of the 2019 CHI conference on human factors in computing systems, pp. 1–6
Dixon NM (2000) Common knowledge: how companies thrive by sharing what they know. Harvard Business School Press, Brighton
Feledi D, Fenz S (2012) Challenges of web-based information security knowledge sharing. In: 2012 seventh international conference on availability, reliability and security, IEEE. pp. 514–521
Feledi D, Fenz S, Lechner L (2013) Toward web-based information security knowledge sharing. Infor Secur Tech Report 17:199–209CrossRef
Gagné M (2009) A model of knowledge-sharing motivation. Human Resource Management: published in Cooperation with the School of Business Administration, The University of Michigan and in alliance with the Society of Human Resources Management 48:571–589
Garrison DR (2011) E-learning in the 21st century: a framework for research and practice. Routledge, New YorkCrossRef
Gcaza N, von Solms R (2017) Cybersecurity culture: An ill-defined problem. In: IFIP World conference on information security education, Springer. pp. 98–109
Gefen D, Straub D (2005) A practical guide to factorial validity using pls-graph: tutorial and annotated example. Commun Associat Info Sys 16:5
Ghazvini A, Shukur Z (2018) A Serious game for healthcare industry: information security awareness training program for hospital universiti kebangsaan Malaysia. Int J Adv Comp Sci Appl 9:236–245
Gibbons JD, Chakraborti S (2020) Nonparametric statistical inference. CRC Press, CambridgeCrossRef
Gjertsen, E.G.B., Gjære EA, Bartnes M, Flores WR (2017) Gamification of information security awareness and training. In: ICISSP, pp. 59–70
Goodwin D, Mays N, Pope C (2006) Ethical issues: qualitative research in health care, 3rd edn. Wiley, Hoboken
Hadlington L (2021) The “human factor” in cybersecurity: Exploring the accidental insider. In: Research anthology on artificial intelligence applications in security. IGI Global, pp. 1960–1977
Haeussinger F, Kranz J (2013) Understanding the antecedents of information security awareness-an empirical study. In: Proceedings of the nineteenth americas conference on information systems, Chicago, Illinois
Hamari J, Koivisto J, Sarsa H (2014) Does gamification work? A literature review of empirical studies on gamification. In: 2014 47th Hawaii international conference on system sciences, pp. 3025–3034
Hart S, Margheri A, Paci F, Sassone V (2020) Riskio: a serious game for cyber security awareness and education. Comp Secur 95:101827CrossRef
He Y, Johnson C (2017) Challenges of information security incident learning: an industrial case study in a chinese healthcare organization. Info Health Social Care 42:393–408CrossRef
Heilmann SG, Bartczak SE, Hobbs SE, Leach SE (2013) Assessing influences on perceived training transfer: If I only knew then what I need to know now. J Bus Educat Leadership 4:34
Hsu MH, Ju TL, Yen CH, Chang CM (2007) Knowledge sharing behavior in virtual communities: the relationship between trust, self-efficacy and outcome expectations. Int J Human-Comp Stud 65:153–169CrossRef
Jackson P, Klobas J (2008) The organization as a transactive memory system. In: Becoming Virtual. Springer, pp. 111–133
Junger M, Montoya L, Overink FJ (2017) Priming and warnings are not effective to prevent social engineering attacks. Comp Human Behav 66:75–87CrossRef
Killmeyer J (2006) Information security architecture: an integrated approach to security in the organization. CRC Press, CambridgeCrossRef
Kim S, Lee H (2006) The impact of organizational context and information technology on employee knowledge-sharing capabilities. Public Administr Rev 66:370–385CrossRef
Kotlarsky J, van den Hooff B, Houtman L (2015) Are we on the same page? knowledge boundaries and transactive memory system development in cross-functional teams. Commun Res 42:319–344CrossRef
Kruger HA, Kearney WD (2006) A prototype for assessing information security awareness. Comp Secur 25:289–296CrossRef
Lebek B, Uffen J, Neumann M, Hohler B, Breitner HM (2014) Information security awareness and behavior: a theory-based literature review. Manag Res Rev 37:1049–1092CrossRef
Lehner F, Maier RK (2000) How can organizational memory theories contribute to organizational memory systems? Info Sys Front 2:277–298CrossRef
Lewis K (2003) Measuring transactive memory systems in the field: scale development and validation. J Appl Psychol 88:587–604CrossRef
Lewis K, Herndon B (2011) Transactive memory systems: current issues and future research directions. Organiz Sci 22:1254–1265CrossRef
Liang DW, Moreland R, Argote L (1995) Group versus individual training and group performance: the mediating role of transactive memory. Personal Soc Psychol Bull 21:384–393CrossRef
Luengo J, García S, Herrera F (2009) A study on the use of statistical tests for experimentation with neural networks: Analysis of parametric test conditions and non-parametric tests. Expert Sys Appl 36:7798–7808CrossRef
Mejias RJ (2012) An integrative model of information security awareness for assessing information systems security risk. In: 2012 45th Hawai’i international conference on system sciences, IEEE. pp. 3258–3267
Menard P, Bott GJ, Crossler RE (2017) User motivations in protecting information security: Protection motivation theory versus self-determination theory. J Manag Info Sys 34:1203–1230CrossRef
Mermoud A, Keupp M, Huguenin K, Palmié, M., David DP (2018) Incentives for human agents to share security information: a model and an empirical test. In: 17th workshop on the economics of information security (WEIS), pp. 1–22
Moriarty J (2011) Qualitative methods overview. National Institute for Health Research School for Social Care, London
Oates BJ (2005) Resear Info Sys Comp. Sage, London
Olusegun OJ, Ithnin NB (2013) People are the answer to security: establishing a sustainable information security awareness training (ISAT) program in organization. arXiv preprint arXiv:​1309.​0188
Ortiz J, Chang SH, Chih WH, Wang CH (2017) The contradiction between self-protection and self-presentation on knowledge sharing behavior. Comp Human Behav 76:406–416CrossRef
Perkins SJ, Jones S (2020) Reward management: alternatives, consequences and contexts. Kogan Page Publishers, London
Politis JD (2003) The connection between trust and knowledge management: what are its implications for team performance. J Knowl Manag 7:55–66CrossRef
Puhakainen P, Siponen M (2010) Improving employees’ compliance through information systems security training: an action research study. MIS Quart 34:757–778CrossRef
Rahim NHA, Hamid S, Mat Kiah ML, Shamshirband S, Furnell S (2015) A systematic review of approaches to assessing cybersecurity awareness. Kybernetes 44:606–622CrossRef
Rico R, Sánchez-Manzanares M, Gil F, Gibson C (2008) Team implicit coordination processes: a team knowledge-based approach. Acad Manag Rev 33:163–184CrossRef
Rigby S, Ryan RM (2011) Glued to games: how video games draw us in and hold us spellbound: how video games draw us in and hold us spellbound. Greenwood Publishing Group, Santa Barbara
Roca JC, Gagné M (2008) Understanding e-learning continuance intention in the workplace: a self-determination theory perspective. Comp Human Behav 24:1585–1604CrossRef
Rocha Flores W, Holm H, Svensson G, Ericsson G (2014) Using phishing experiments and scenario-based surveys to understand security behaviours in practice. Info Manag & Comp Secur 22:393–406CrossRef
Ryan RM, Deci EL (2000) Self-determination theory and the facilitation of intrinsic motivation, social development and well-being. Am Psychol 55:68CrossRef
Ryan RM, Deci EL (2002) Overview of self-determination theory: an organismic dialectical perspective. Handbk Self-Determ Res 2:3–33
Safa NS, Maple C, Watson T, Furnell S (2017) Information security collaboration formation in organisations. IET Info Secur 12:238–245CrossRef
Safa NS, Maple C, Watson T, Von Solms R (2018) Motivation and opportunity based model to reduce information security insider threats in organisations. J Info Secur Appl 40:247–257
Safa NS, Von Solms R (2016) An information security knowledge sharing model in organizations. Comp Human Behav 57:442–451CrossRef
Sailer M, Hense JU, Mayr SK, Mandl H (2017) How gamification motivates: an experimental study of the effects of specific game design elements on psychological need satisfaction. Comp Human Behav 69:371–380CrossRef
Siponen MT (2000) A conceptual foundation for organizational information security awareness. Info Manag Comp Secur 8:31–41CrossRef
Son JY (2011) Out of fear or desire? toward a better understanding of employees’ motivation to follow is security policies. Info Manag 48:296–302CrossRef
Tabachnick BG, Fidell LS, Ullman JB (2007) Using multivariate statistics, vol 5. Pearson, Boston, MA
Thomson ME, von Solms R (1998) Information security awareness: educating your users effectively. Info Manag Comp Secur 6:167–173CrossRef
Tortorella G, Narayanamurthy G, Staines J (2021) Covid-19 implications on the relationship between organizational learning and performance. Knowl Manag Res & Pract 19:1–14CrossRef
Tsohou A, Karyda M, Kokolakis S, Kiountouzis E (2015) Managing the introduction of information security awareness programmes in organisations. Eur J Info Sys 24:38–58CrossRef
Vance A, Siponen M, Pahnila S (2012) Motivating is security compliance: insights from habit and protection motivation theory. Info Manag 49:190–198CrossRef
Vance A, Siponen MT (2012) Is security policy violations: a rational choice perspective. J Organiz User Comp (JOEUC) 24:21–41CrossRef
Wang WT, Hou YP (2015) Motivations of employees’ knowledge sharing behaviors: a self-determination perspective. Info Organiz 25:1–26CrossRef
Wang Y, Huang Q, Davison RM, Yang F (2018) Effect of transactive memory systems on team performance mediated by knowledge transfer. Int J Info Manag 41:65–79CrossRef
Wegner DM (1987) Transactive memory: A contemporary analysis of the group mind. In: Theories of Group Behavior. Springer, pp. 185–208
Wickramasinghe V, Widyaratne R (2012) Effects of interpersonal trust, team leader support, rewards and knowledge sharing mechanisms on knowledge sharing in project teams. Vine 42:214–236CrossRef
Yuan YC, Fulk J, Monge PR (2007) Access to information in connective and communal transactive memory systems. Commun Res 34:131–155CrossRef
Zhang T (2018) Knowledge expiration in security awareness training. In: Annual ADFSL conference on digital forensics, security and law, pp. 197–212
Zhong X, Huang Q, Davison RM, Yang X, Chen H (2012) Empowering teams through social network ties. Int J Info Manag 32:209–220CrossRef
Metadaten
Titel
Moving beyond cyber security awareness and training to engendering security knowledge sharing
verfasst von
Saad Alahmari
Karen Renaud
Inah Omoronyia
Publikationsdatum
12.10.2022
Verlag
Springer Berlin Heidelberg
Erschienen in
Information Systems and e-Business Management / Ausgabe 1/2023
Print ISSN: 1617-9846
Elektronische ISSN: 1617-9854
DOI
https://doi.org/10.1007/s10257-022-00575-2

Weitere Artikel der Ausgabe 1/2023

Information Systems and e-Business Management 1/2023 Zur Ausgabe

Original Article

A framework for implementing robotic process automation projects

Original Article

How can I help you? Design principles for task-oriented speech dialog systems in customer service

Original Article

Towards a lightweight framework for service management evaluation in SMEs

Original Article

Self-service business intelligence and analytics application scenarios: A taxonomy for differentiation

Original Article

Beyond descriptive taxonomies in data analytics: a systematic evaluation approach for data-driven method pipelines

Premium Partner

    Bildnachweise