Braxton, Gregory M.. Capella University, ProQuest, UMI Dissertations Publishing, 2014.

A study of employee perceived importance, moral sensitivity, judgment and information security policy compliance

Organizations are relying more and more on information systems to produce, manipulate and store valuable information assets (Cavusoglu et al., 2004, & Richardson, 2011). Unfortunately, these assets have become increasingly vulnerable to attacks from viruses, hackers, criminals and human error (Doherty & Fulford, 2005). This has influenced managers to shift priorities towards improving IS security policy compliance to ensure the confidentiality, integrity and availability of their information resources. Spears and Barki (2010) reported that internal personnel are responsible for at least half of the IS security incidents experienced by IS security managers. Spears and Barki also reported that managers may be able to reduce the number of IS security policy infractions if they placed greater emphasis on the internal human threats within their organizations. Accordingly, three research questions guided this study: (a) Is there is a relationship between a person’s level of perceived importance of IS security policy compliance issue and their moral sensitivity towards policy compliance, (b) Is moral sensitivity of an IS security policy compliance issue an indicator of moral judgment towards policy compliance, and (c) Is perceived importance of an IS security policy compliance issue an indicator of intent to comply with security policies? The online survey tool, SurveyMonkey was used to collect the data for this study. Overall, the findings from this study indicated that perceived importance, moral sensitivity, and moral intent, if understood collectively, can be used to improve IS security policy compliance.

Houston, Clemith J., Jr.. Capella University, ProQuest, UMI Dissertations Publishing, 2013.

The impact of process capability on service reliability for critical infrastructure providers

This study investigated the relationship between organizational processes that have been identified as promoting resiliency and their impact on service reliability within the scope of critical infrastructure providers. The importance of critical infrastructure to the nation is evident from the body of research and is supported by instances where critical infrastructure has been negatively impacted and this has created significant implications for those that rely upon it. The CERT-RMM framework is one of a number of models that has been created to assist organizations with improving their ability to respond to threats to critical infrastructure. This study utilized a subset of the CERT-RMM framework processes and representatives from the electric utility industry to determine the level of adoption of these processes in their organizations and obtain metrics regarding their level of process capability and looked at their relationship to historical levels of service reliability. The results of a process capability questionnaire were used to establish the relationship between process capability and service reliability, including moderating factors and their impact to service reliability. The questionnaire evaluated eleven process areas, including risk management to determine levels of process capability. The findings of the study established support for the overall model, in addition to relationships between service reliability and two levels of process capability as defined by the CERT-RMM model. The moderating impact of weather events upon service reliability was also established. The study supported the usefulness of process capability and other emerging maturity models in measuring how well organizations are establishing and preparing their operations to withstand impacts to service reliability and that trends of improved service reliability in the United States can be attributed to these models.

The following are featured dissertations.  These dissertations were done on information security-related topics by learners who were not in the PhD in Information Technology program.

Anthofer, Cathleen R. Capella University, ProQuest, UMI Dissertations Publishing, 2014.

A phenomenological study of security awareness of community emergency response team trainers in Haiti

Abstract:

When a disaster strikes a third-world country, first responders and humanitarian aid volunteers respond to assist in recovery. Over the last decade, countries such as Haiti experienced great loss of life due to natural disasters when a disaster strikes and responders deploy to a third- world country, they often lack vital security awareness and protection required to stay alive so they may perform their duties. Despite increased concern about first responder’s security awareness when deploying to a third-world country, little empirical research exists. This qualitative phenomenology study was one of the few studies to explore security awareness of humanitarian aid workers, specifically live experiences of U.S. Community Emergency Response Team CERT trainers, deployed to Haiti. First-hand knowledge and experience of the participants served as the basis for this study’s scientific inquiry to understand the phenomenon, security awareness, as it relates to deploying to an international disaster. Each respondent provided rich detail of their lived experiences during a one-on-on interview which resulted in six security awareness themes being identified. A significant finding of thisstudy was the usefulness of gathering security and cultural information about Haiti prior to deployment to the country. Trainers argued security awareness training could improve CERT deployments in the future to Haiti if, preparation focused on understanding the local language, acknowledging the usefulness of gathering information,obtaining local support, and knowledge of the local culture. The findings reveal significant lessons learned and valuable information regarding security awareness;both pre-deployment and during deployment to improve security.

Spears, Phillip Dewitt. Capella University, ProQuest, UMI Dissertations Publishing, 2013.

Education and the degree of data security

Abstract:

New technology development has researchers inundated with a plethora of data security issues linked to cyber attacks and hackers’ ability to transmogrify their techniques. The present research focused on the information technology managing officers’ (ITMOs’) level of education, size of organization, organization’s industry, and effect they have on an organization’s degree of data security. The purpose of this quantitative study was to determine if a relationship exists between an ITMO’s level of education and an organization’s degree of data security. The study also sought to determine if industry and size of organization has an effect on the degree of data security. This study applied a 30-question survey to 137 ITMOs. The ITMOs represented a wide variety of organizations, ranging from 10 to 100 employees from diverse industries. Survey data from ITMOs revealed 3 areas in which ITMOs pushed their organizations to improve awareness of cyber threats and improve overall data security. Results revealed that the level of education an ITMO had did not determine the degree of data security of an organization. Instead, on-the-job training mattered more than formal education. The study also suggested that not only are military facilities vulnerable to cyber attacks but also all computers and networks, regardless of the organization’s size or industry.