4<\/p>\n
1<\/p>\n
Chapter 2: Literature Review<\/p>\n
The chapter reviews prior research relevant to this study. The chapter starts by explaining how cybersecurity programs are run and then explains how employees can participate in these programs. In short, companies can make employees participate in the implementation of a cybersecurity program by training them, collaborating with them, empowering them, and motivating them.<\/p>\n
Definition of cybersecurity policies – You only use 1 reference for these sections. Find a few more please. Look at the readings from BSYS803?<\/p>\n
According to Trelix (2022), cybersecurity is a crucial issue for C-level executives as well as information technology departments. However, cybersecurity needs to be an issue of concern for every staff in an enterprise, not only for managers and IT workers. One of the most crucial manners of creating awareness of the need for cybersecurity is by coming up with cybersecurity policies which explicate the responsibilities of every person in safeguarding the data as well as IT systems. As stated by Trelix (2022), a cybersecurity policy describes the standards of behaviours for practices such as data encryption as well as puts limits on the use of data or accessing systems. Cybersecurity policies outline the rules for how managers, workers, and final end-users should access the Internet and online systems, send data via networks, and practice responsible data and system security (Trelix, 2022). Cybersecurity policy documents list the responsibilities and roles of stakeholders and the requirements to be followed when using an organisation\u2019s systems, software, and applications. <\/p>\n
Importance of cybersecurity policies for organisations<\/p>\n
Cybersecurity policies are crucial for an organization because they help to prevent or minimize data breaches as well as cyber-attacks, which are very costly if they occur. In most cases, workers tend to be the weak link when it comes to cybersecurity as they are the ones who frequently click on bad links, share passwords, and sometimes forget to encrypt key files. Cybersecurity policies are even more important in firms which operate in sectors that are regulated such as insurance, finance, and healthcare. These firms are exposed to the risk of paying huge penalties as well as fines if their security measures are proved to be inadequate (Trelix, 2022). <\/p>\n
Cybersecurity policies can also help improve the credibility as well as the reputation of an organisation. Clients, as well as business partners, need assurance from an organization that it has adequate policies in place to safeguard their sensitive data. Companies that have been successful in protecting customer data have had strong policies and so their credibility, as well as reputation, have been positive before clients and other key stakeholders. Need references<\/p>\n
Cybersecurity policies can help to educate workers on ways through which they can minimize attacks and improve the security of the systems as well as data. Cybersecurity policies often detail the importance of educating and training employees and other users of systems, such as customers and partners, on best practices that improve data security and protection. For instance, policies may specify that individuals should be aware of practices such as: not sharing passwords with unauthorized people, how to identify URLs that are malicious and risky, and therefore, not to click on them, the need to encrypt files they use, and the importance of logging out once they have finished using a system. Need references<\/p>\n
Development of cybersecurity policies in organisations<\/p>\n
As stated by IIFA State in full (2022), a cybersecurity program is a framework for identifying the information that needs to be safeguarded and offers standards, best practices, and guidelines for managing cybersecurity-associated risks. The development and execution of a cybersecurity program involves a number of steps, What is your reference for these steps? beginning with risk assessment (Lerner et al., 2016), where a risk analysis committee is formed. The next step is coming up with an incident response (IRP) plan that lists how the organisation will respond to different types of incidents, such as restoring damaged hardware and software, communicating with stakeholders, and reviewing the cybersecurity plan after the incident. The IRP also lists the responsibilities and roles for each task (Lerner et al., 2016).<\/p>\n
Among workers, the program calls for checks and employee training to prevent human-related errors that cause cybersecurity (Lerner et al., 2016). Background checks help prevent cyber-attacks from malicious employees. Contracts between a firm and its vendors often state cybersecurity requirements for vendors (Lerner et al., 2016). <\/p>\n
Stakeholders participate in the development and review of an organisation\u2019s cybersecurity program. They include staff and managers from information security, human resources, IT, senior management, internal audit, legal, and risk management (Lerner et al., 2016). Senior management tends to be engaged in the beginning and at the end stages to approve the budget and other aspects so that cybersecurity is realized throughout by employees as a priority to the organization. Independent testing of cybersecurity programs is used to provide an independent perspective to stakeholders. Employees can play an essential role in the prevention of cyber-attacks if they are appropriately engaged as discussed below. <\/p>\n
Role of employees in cybersecurity<\/p>\n
Employee participation is critical for executing cybersecurity activities and includes incorporating workers’ input in the planning and execution phases (Hornberger and Charles, 2021). Participation involves properly engaging employees in all issues pertinent to the implementation plan. Cybersecurity programs that involve employees in all their stages and steps are considered successful because employees will be aware of the importance of being cybersecurity conscious at all times to prevent potential attacks. Therefore, organizations can promote the success of cybersecurity programs by increasing employee participation. Employee participation can occur in different ways and these will be discussed next. <\/p>\n
Training and development <\/p>\n
Firstly, companies can increase employee participation in cybersecurity initiatives through training and development. Training and development provide employees with competitive and adequate skills to implement a cybersecurity change program effectively (Puhakainen and Siponen, 2010). Education is critical during the change stage as it creates new perspectives, skills, and knowledge vital for implementing change (Hussain et al., 2018). Organizations should audit change initiatives, identify new or improved skills that employees require, and train them internally, using external experts or through benchmarking (Hussain et al., 2018). According to Puhakainen and Siponen (2010, p. 757), while executing information security strategies, training is the \u201cmost suggested Most suggested what? in the literature\u201d and it should be \u201ctheory-based and empirically evaluated.\u201d <\/p>\n
Contextually, companies should customize cybersecurity programs to suit their needs. Training increases employees’ understanding, awareness, and self-esteem about interacting with new systems, promoting participation (Puhakainen & Siponen, 2010). Herzberg\u2019s two factor theory explains why training can motivate employees to adhere to organizational policies such as cybersecurity policies (Herzberg, 1987: Alamrani, 2020). The theory suggests that work satisfaction by employees is highly associated with variables intrinsic to a job\u2019s content, such as growth, advancement, responsibility, tasks, recognition, and accomplishment (AlAmrani, 2020). Employee advancement and growth in an organization occurs when employees are trained to attain new skills and knowledge. Training and development are intrinsic motivational factors that increase employees\u2019 commitment to organizational change programs such as the deployment of new cybersecurity programs (Fischer et al., 2019). Enhancing employees\u2019 skills makes them feel valued, increases their commitment and enthusiasm, and thus their participation in organizational programs, improving the chances of success of these programs. <\/p>\n
Collaboration during system design and implementation<\/p>\n
Another way that employees can participate in their organisation\u2019s cybersecurity program is by collaborating and providing their views during the design and implementation of the program. The implementation of a cybersecurity program should be done in a way that aligns Why? with Kotter\u2019s model of change Reference?. For instance, an organisation\u2019s management should create strong coalitions with its employees at each stage of the implementation of its cybersecurity program (Aldemir, 2010). Managers should bring together teams or groups of workers who can lead the cybersecurity implementation, promote collaboration within and across these teams, and attract key leaders among the employees by demonstrating commitment and enthusiasm (Aldemir, 2010). Since employees are the primary implementers of change initiatives, obtaining their input helps integrate features that promote workers\u2019 well-being and convenience (Aziz, 2017). Therefore, companies should create forums and channels to collect and use employees’ feedback during change initiatives. <\/p>\n
According to Hornberger (2021), the failure to obtain employees’ perspectives is a major cause of the failure of the implementation of technological systems, such as cybersecurity. Contextually, collecting employees’ views helps improve the features of cybersecurity systems. For example, employees might need certain personalized features from their organisation\u2019s cybersecurity system, such as biometric authentication to access systems. However, if their organisations do not integrate such features because employees were not consulted, the result would be lower engagement and interaction by employees. <\/p>\n
Employees provide valuable input that helps companies customize cybersecurity based on the needs of their customers and the general operational environment (Hornberger & Charles, 2021). Following motivational theories from Herzberg and Reference? others, incorporating employees’ opinions in organisational programs creates intrinsic motivation that makes them feel appreciated and more committed to the change program, leading to higher success (Fischer et al., 2019). Therefore, companies can promote participation by incorporating employees’ views and opinions in the systems’ design and implementation. <\/p>\n
Empowerment <\/p>\n
Employee participation in cybersecurity programmes increases when employees are empowered to work autonomously through independent decision making and innovation. According to Aziz (2017), during change initiatives, companies should\u00a0empower stakeholders such as employees to be change champions and agents by permitting them to make independent decisions and support their innovations. For instance, when a cybersecurity program is implemented, several decisions are made and approved by the senior management about policies related to individuals that an organization should adhere to so as to minimize and prevent cyber-attacks. However, when employees are given equal chances as senior management to make decisions about policies for preventing cyber-attacks, they will find it easier to adhere to the policies that they participated in making. <\/p>\n
Majid et al. (2021) showed that organizational support through empowering employees and emotionally and financially backing their initiatives leads to higher employee engagement and more efficient implementation. Promoting employees’ diverse thinking and innovation encourages workers to experiment with and explore the cybersecurity programs, helping to improvise and improve them. Empowerment also motivates workers to provide feedback while critically analysing various aspects to identify gaps, thus promoting effective implementation. For example, when a company acquires or purchases a cybersecurity system, an organization that supports innovation from employees motivates them to innovate further to adapt to the company’s micro and macro-environmental needs and operational requirements. Therefore, companies should promote an organizational culture that supports diversity in thinking by emotionally and financially supporting employees’ ideas. <\/p>\n
Motivation<\/p>\n
Organizations can also promote employee participation by enhancing their motivation. Equity theory Please include a reference is best suited to explain why employees can get motivated in the workplace. The theory suggests that people who see themselves as either over-rewarded or under-rewarded will tend to experience some form of distress or demotivation, and this distress leads to attempts to restore equity with their peers, especially in the workplace (Ibinwangi & Chiekenzie, 2016). Equity, therefore, tends to measure the benefits and contributions gained by each person. Employee performance comprises a group of employee behaviours that can be measured, monitored, and evaluated to assess the accomplishment of individual workers (Ibinwangi & Chiekenzie, 2016). When an employee perceives or views that there is increased inequality between him or herself and other employees, they become demotivated; but when the inequality decreases, they start becoming motivated. According to Adam’s equity theory, Reference?organizations that create an adequate level of motivation among their staff through shared benefits and values will have employees who are more committed to the organization\u2019s goals and strategies, such as change initiatives (Al-Zawhreh & Madi, 2012). On the other hand, if motivation is inadequate, employees withdraw and show less commitment to excellence in job performance (AlAmrani, 2020). <\/p>\n
Motivational theories such as Hezberg Please include a reference and check the spelling. argue that companies should motivate workers through extrinsic strategies such as competitive pay and bonuses, as well as intrinsic ones like flexible working environments, team-building exercises, and training and development, among others (A-lAmrani, 2020). Companies can also collaborate with employees by obtaining their views about the most reliable motivational strategies to increase efficacy. For example, without consultation, a company might issue non-relevant or non-impactful benefits to its employees, such as giving them bonuses when they prefer shares. Therefore, to motivate employees to participate in the design and implementation of cybersecurity programs, companies should motivate them adequately and appropriately (Sikolia & Byros, 2016). Intrinsic and extrinsic rewards create inner and material satisfaction that increases participation, as evident by actions such as wellness Don\u2019t understand this. to offer feedback and complete planning and executing tasks efficiently and punctually (Sikolia & Byros, 2016). Therefore, adequate motivation increases employees’ participation and involvement in cybersecurity programs. <\/p>\n
Coordination <\/p>\n
Better work coordination through effective communication and task allocation and definition increases employee participation. Needs a reference Before executing a cybersecurity strategy, a company should re-align its operations by properly allocating and defining tasks (Choejey et al., 2016; Tu &Yuan, 2014). For example, it should allow employees to assign tasks according to their expertise and other interpersonal skills. Proper task allocation increases an employee’s likelihood of interacting with the systems better, increasing participation (Choejey et al., 2016; Tu &Yuan, 2014). Ambiguous task definitions or assigning employees tasks they cannot perform leads to lower engagement, participation, and job performance (Choejey et al., 2016; Tu &Yuan, 2014). Dawson and Thompson (2018; p744) reviewed organizational literature about the most vital capabilities for cyber secure organizations, and the results showed that “strong communication ability” is a critical ingredient. Therefore, communication spurs employees’ participation in cybersecurity programs (Dawson & Thompson, 2018). Companies relay updates and information about the system through proper communication that increases coordination, proper job performance, and participation (Dawson & Thompson, 2018). Also, proper communication promotes participation as it collects and utilizes employees’ feedback (Dawson & Thompson, 2018). Therefore, organizations should create decentralized communication channels that promote informational flow from all directions. Therefore, timely and effective messaging and feedback collection utilization and response promote coordination and employee participation. Thus, efficient coordination increases employee participation. Include a final closing paragraph \u2013 look a previous dissertations of my students and see how they did it.<\/p>\n
References<\/p>\n
Al Amrani, K. (2020). Applicability of the motivation theories of Maslow, Herzberg and vroom to contemporary business organizations in Oman. International Journal of Economics, Business and Management Studies, 7(2), 202\u2013213. https:\/\/doi.org\/10.20448\/802.72.202.213<\/p>\n
Abd Majid, M., & Zainol Ariffin, K. A. (2021). Model for successful development and implementation of Cyber Security Operations Centre (SOC). PLOS ONE, 16(11), 1\u201315. https:\/\/doi.org\/10.1371\/journal.pone.0260157<\/p>\n
Al-Zawhreh, A., & Madi, F. (2012). The Utility of Equity Theory in Enhancing Organizational Effectiveness. European Journal of Economics, Finance and Administrative Sciences, 46, 158\u2013170.<\/p>\n
Aziz, A.-M. (2017). A change management approach to improving safety and preventing needle stick injuries. Journal of Infection Prevention, 18(5), 257\u2013262. https:\/\/doi.org\/10.1177\/1757177416687829<\/p>\n
Carman, A. L., Vanderpool, R. C., Stradtman, L. R., & Edmiston, E. A. (2019). A change-management approach to closing care gaps in a federally qualified Health Center: A rural Kentucky case study. Preventing Chronic Disease, 16, 1\u201315. https:\/\/doi.org\/10.5888\/pcd16.180589<\/p>\n
Choejey, P., Murray, D., & Che Fung, C. (2016). Exploring critical success factors for cybersecurity in Bhutan’s government organizations. Computer Science & Information Technology ( CS & IT ), 15, 1\u201310. https:\/\/doi.org\/10.5121\/csit.2016.61505<\/p>\n
Dawson, J., & Thomson, R. (2018). The future cybersecurity workforce: Going beyond technical skills for successful Cyber Performance. Frontiers in Psychology, 9, 744\u2013754. https:\/\/doi.org\/10.3389\/fpsyg.2018.00744<\/p>\n
Fischer, C., Malycha, C. P., & Schafmann, E. (2019). The influence of intrinsic motivation and synergistic extrinsic motivators on creativity and innovation. Frontiers in Psychology, 10, 1\u201315. https:\/\/doi.org\/10.3389\/fpsyg.2019.00137<\/p>\n
Herzberg, F. (1987). One more time: How do you motivate employees?. Harvard Business Review, 65(5), 109-120.<\/p>\n
Hornberger, R. C. (2021). Encouraging Employee Buy-In for Cybersecurity Monitoring Programs: A Social Influence Perspective. (Publication NO. 28321025) [Doctoral Dissertation, University of Maryland University College]\u2002 ProQuest Dissertations Publishing.<\/p>\n
Hussain, S. T., Lei, S., Akram, T., Haider, M. J., Hussain, S. H., & Ali, M. (2018). Kurt Lewin’s change model: A critical review of the role of leadership and employee involvement in organizational change. Journal of Innovation & Knowledge, 3(3), 123\u2013127. https:\/\/doi.org\/10.1016\/j.jik.2016.07.002<\/p>\n
Ibinwangi, O. & Chiekezie, O. (2016). Equity theory of motivation and work performance in selected southeast universities. Reiko International Journal of Business and Finance, 8(4), pp. 1-12.<\/p>\n
IIFA. (2022). Cybersecurity Program basics. https:\/\/www.anbima.com.br\/data\/files\/25\/67\/A6\/3C\/CF30E61078F0C4D69B2BA2A8\/IIFA-Cybersecurity-Program-Basics.pdf <\/p>\n
Lerner, L., Lerner, M., Rishikof, H., & C., J. (2016). Cybersecurity Programs \u2013 A Guide. https:\/\/www.crowell.com\/files\/201606-Cybersecurity-Programs-A-Guide-Lerner-Lerner-Rishikof-Cieplak.pdf<\/p>\n
Puhakainen, & Siponen. (2010). Improving employees’ compliance through Information Systems Security training: An action research study. MIS Quarterly, 34(4), 757\u2013778. https:\/\/doi.org\/10.2307\/25750704<\/p>\n
Sikolia, D., & Biros, B. (2016). Motivating employees to comply with information security policies. Journal of the Midwest Association for Information Systems, 6(2), 7\u201325. https:\/\/doi.org\/10.17705\/3jmwa.00018<\/p>\n
Trelix (2022, January 23). How Cybersecurity Policies and Procedures Protect Against Cyberattacks. Retrieved May 23, 2022 from https:\/\/www.trellix.com\/en-us\/security-awareness\/cybersecurity\/cybersecurity-policies.html <\/p>\n
Tu, Z., & Yuan, Y. (2014). Critical Success Factors Analysis on Effective Information Security Management: A Literature Review. Journal of Scientific Conference Proceedings, 2(1). Doi=10.1.1.819.6637&rep=rep1&type=pdf.<\/p>\n","protected":false},"excerpt":{"rendered":"
4 1 Chapter 2: Literature Review The chapter reviews prior research relevant to this study. The chapter starts by explaining how cybersecurity programs are run and then explains how employees can participate in these programs. In short, companies can make employees participate in the implementation of a cybersecurity program by training them, collaborating with them, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[10],"class_list":["post-98166","post","type-post","status-publish","format-standard","hentry","category-research-paper-writing","tag-writing"],"_links":{"self":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/98166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/comments?post=98166"}],"version-history":[{"count":0,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/98166\/revisions"}],"wp:attachment":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/media?parent=98166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/categories?post=98166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/tags?post=98166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}