Actionable Recommendations from Cybersecurity Research Series -- Violators versus Non-Violators of Information Security Measures

Since assuming the role of Senior Editor of the Journal of Organizational Computing and Electronic Commerce in January 2018, I have thoroughly enjoyed managing the development of some excellent cybersecurity research papers. A highly proactive review team of distinguished practitioners and academics have helped with the review process and I am forever grateful to them. I plan to share, on an ongoing basis, some actionable recommendations (provided by the lead author) from the accepted papers.

Paper Title: Violators versus Non-Violators of Information Security Measures in Organizations – A Study of Distinguishing Factors

Authors: Habib Ullah Khan, Qatar University; Khalid A. AlShare, Qatar University 

Accepted for publication in the Journal of Organizational Computing and Electronic Commerce. Forthcoming in 2019.

Actionable Recommendations

• Management needs to communicate and educate employees regarding the organization's IT capability in dealing with information security violations. Non-violators had the impression that their company does have the IT capability to detect violations of information security measures.
• Organizations should promote an information security culture that emphasizes knowledge sharing and clarity of the information security policy.
• Make information security rules and measures very clear and simple so they can be easily followed and implemented.
• Organizations should revisit corrective actions by increasing penalty.
• Management needs to educate their employees regarding privacy issues such as respecting others privacy and protecting one’s personal information. This could be accomplished by offering training sessions and workshops provided by the experts in the field.