Cate Jerram

Exploring the public sector adoption of HRIS

– Human resources information systems (HRIS) are becoming increasingly important in helping modern organizations manage their human assets effectively. Yet, HRIS adoption remains an under‐researched phenomenon. The purpose of this paper to isolate the factors that influence the organizational adoption of HRIS in public sector organizations., – Adopting the technology‐organization‐environment model as an analytical framework, the paper draws on qualitative evidence from 16 interviews across 11 Australian public sector organizations., – The authors find that champions in public sector organizations should demonstrate HRIS benefits before their adoption can succeed. With standardization trends adopted by HRIS vendors, complete organizational fit between adopted HRIS and business processes may be elusive for adopters suggesting that post‐adoption vendor support must be negotiated if costly customizations are to be minimized. In addition to various organizational factors, including management commitment and human capability, the authors also find that broader environmental factors including regulatory compliance can have a deep impact on the success of HRIS adoption by creating urgency in adoption intentions., – There is paucity of research concerning HRIS adoption in the public sector which presents unique challenges due to its idiosyncrasies. This paper contributes to the existing body knowledge by investigating the role of technological, organizational, and environmental factors and their interactions. It provides an improved understanding of the challenges related to HRIS adoption in public sector organizations.

Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q)

Abstract It is increasingly acknowledged that many threats to an organisations computer systems can be attributed to the behaviour of computer users. To quantify these human-based information security vulnerabilities, we are developing the Human Aspects of Information Security Questionnaire (HAIS-Q). The aim of this paper was twofold. The first aim was to outline the conceptual development of the HAIS-Q, including validity and reliability testing. The second aim was to examine the relationship between knowledge of policy and procedures, attitude towards policy and procedures and behaviour when using a work computer. Results from 500 Australian employees indicate that knowledge of policy and procedures had a stronger influence on attitude towards policy and procedure than self-reported behaviour. This finding suggests that training and education will be more effective if it outlines not only what is expected (knowledge) but also provides an understanding of why this is important (attitude). Plans for future research to further develop and test the HAIS-Q are outlined.

Why do some people manage phishing e‐mails better than others?

Purpose – The purpose of this paper is to investigate the behaviour response of computer users when either phishing e‐mails or genuine e‐mails arrive in their inbox. The paper describes how this research was conducted and presents and discusses the findings.Design/methodology/approach – This study was a scenario‐based role‐play experiment that involved the development of a web‐based questionnaire that was only accessible by invited participants when they attended a one‐hour, facilitated session in a computer laboratory.Findings – The findings indicate that overall, genuine e‐mails were managed better than phishing e‐mails. However, informed participants managed phishing e‐mails better than not‐informed participants. Other findings show how familiarity with computers, cognitive impulsivity and personality traits affect behavioural responses to both types of e‐mail.Research limitations/implications – This study does not claim to evaluate actual susceptibility to phishing emails. The subjects were University...

The Influence of Organizational Information Security Culture on Information Security Decision Making

In this study three aspects of information security decision making—namely, knowledge of policies and procedures, attitude towards policies and procedures, and self-reported behavior—were examined in conjunction with the organizational factors that may increase human-based cyber vulnerabilities. The results of a survey of 500 Australian employees revealed a significant, positive relationship between information security decision making and organizational information security culture. This suggests that improving the security culture of an organization will positively influence the behavior of employees, which in turn should also improve compliance with security policies. This means that risk to an organization’s information systems and data will be mitigated. The complexity associated with implementing effective rewards and punishments are discussed, along with suggestions for further research to adequately understand the many factors that influence information security decision making.

Phishing for the Truth: A Scenario-Based Experiment of Users’ Behavioural Response to Emails

Using a role play scenario experiment, 117 participants were asked to manage 50 emails. To test whether the knowledge that participants are undertaking a phishing study impacts on their decisions, only half of the participants were informed that the study was assessing the ability to identify phishing emails. Results indicated that the participants who were informed that they were undertaking a phishing study were significantly better at correctly managing phishing emails and took longer to make decisions. This was not caused by a bias towards judging an email as a phishing attack, but instead, an increase in the ability to discriminate between phishing and real emails. Interestingly, participants who had formal training in information systems performed more poorly overall. Our results have implications for the interpretation of previous phishing studies, the design of future studies and for training and education campaigns, as it suggests that when people are primed about phishing risks, they adopt a more diligent screening approach to emails.

A study of information security awareness in Australian government organisations

Purpose – The purpose of this paper is to investigate the human-based information security (InfoSec) vulnerabilities in three Australian government organisations. Design/methodology/approach – A Web-based survey was developed to test attitudes, knowledge and behaviour across eight policy-based focus areas. It was completed by 203 participants across the three organisations. This was complemented by interviews with senior management from these agencies. Findings – Overall, management and employees had reasonable levels of InfoSec awareness. However, weaknesses were identified in the use of wireless technology, the reporting of security incidents and the use of social networking sites. These weaknesses were identified in the survey data of the employees and corroborated in the management interviews. Research limitations/implications – As with all such surveys, responses to the questions on attitude and behaviour (but not knowledge) may have been influenced by the social desirability bias. Further research s...

What Does Sustainability Mean? Knowledge Gleaned From Applying Mixed Methods Research to Wine Grape Growing

We present outcomes from a mixed methods research project in agricultural sciences. An atypical methodology for sciences was developed as the only way to avoid embedded assumptions commonly seen in sustainability investigations. Eighty-three upper echelon participants from the wine grape industry participated in 14 focus groups in five countries: Australia, Chile, New Zealand, South Africa, and the United States. Quantitative measures were compared with results from qualitatively coded participant utterances using two content analysis software tools: Leximancer and NVivo. This article presents the strategies and method applied in this investigation to define sustainability. A consensual sustainability definition prior to the establishment of assessment systems is essential. The model developed seems to be viable for similar sustainability investigations of individual organizations.

Gender and interest in ICT - a current Australian study

The representation of women in the information and communication technology (ICT) profession has traditionally been low and in the last couple of years this proportion has declined even further. The main objective of this paper is to challenge some of the accepted views as to why this is so. The paper presents an analysis of student enrolment and performance in ICT related subjects, both for students enrolled in ICT as well as non-ICT related courses for a large Australian university. The analysis indicates that ICT subjects are popular with women, as demonstrated by the percentage of women enrolled. Furthermore, the analysis indicates that women do not find ICT subjects difficult and do as well or even better than their equivalent male colleagues.