4 1 Chapter 2: Literature Review The chapter reviews prior research relevant-Get Answer Now
Chapter 2: Literature Review
The chapter reviews prior research relevant to this study. The chapter starts by explaining how cybersecurity programs are run and then explains how employees can participate in these programs. In short, companies can make employees participate in the implementation of a cybersecurity program by training them, collaborating with them, empowering them, and motivating them.
Definition of cybersecurity policies – You only use 1 reference for these sections. Find a few more please. Look at the readings from BSYS803?
According to Trelix (2022), cybersecurity is a crucial issue for C-level executives as well as information technology departments. However, cybersecurity needs to be an issue of concern for every staff in an enterprise, not only for managers and IT workers. One of the most crucial manners of creating awareness of the need for cybersecurity is by coming up with cybersecurity policies which explicate the responsibilities of every person in safeguarding the data as well as IT systems. As stated by Trelix (2022), a cybersecurity policy describes the standards of behaviours for practices such as data encryption as well as puts limits on the use of data or accessing systems. Cybersecurity policies outline the rules for how managers, workers, and final end-users should access the Internet and online systems, send data via networks, and practice responsible data and system security (Trelix, 2022). Cybersecurity policy documents list the responsibilities and roles of stakeholders and the requirements to be followed when using an organisation’s systems, software, and applications.
Importance of cybersecurity policies for organisations
Cybersecurity policies are crucial for an organization because they help to prevent or minimize data breaches as well as cyber-attacks, which are very costly if they occur. In most cases, workers tend to be the weak link when it comes to cybersecurity as they are the ones who frequently click on bad links, share passwords, and sometimes forget to encrypt key files. Cybersecurity policies are even more important in firms which operate in sectors that are regulated such as insurance, finance, and healthcare. These firms are exposed to the risk of paying huge penalties as well as fines if their security measures are proved to be inadequate (Trelix, 2022).
Cybersecurity policies can also help improve the credibility as well as the reputation of an organisation. Clients, as well as business partners, need assurance from an organization that it has adequate policies in place to safeguard their sensitive data. Companies that have been successful in protecting customer data have had strong policies and so their credibility, as well as reputation, have been positive before clients and other key stakeholders. Need references
Cybersecurity policies can help to educate workers on ways through which they can minimize attacks and improve the security of the systems as well as data. Cybersecurity policies often detail the importance of educating and training employees and other users of systems, such as customers and partners, on best practices that improve data security and protection. For instance, policies may specify that individuals should be aware of practices such as: not sharing passwords with unauthorized people, how to identify URLs that are malicious and risky, and therefore, not to click on them, the need to encrypt files they use, and the importance of logging out once they have finished using a system. Need references
Development of cybersecurity policies in organisations
As stated by IIFA State in full (2022), a cybersecurity program is a framework for identifying the information that needs to be safeguarded and offers standards, best practices, and guidelines for managing cybersecurity-associated risks. The development and execution of a cybersecurity program involves a number of steps, What is your reference for these steps? beginning with risk assessment (Lerner et al., 2016), where a risk analysis committee is formed. The next step is coming up with an incident response (IRP) plan that lists how the organisation will respond to different types of incidents, such as restoring damaged hardware and software, communicating with stakeholders, and reviewing the cybersecurity plan after the incident. The IRP also lists the responsibilities and roles for each task (Lerner et al., 2016).
Among workers, the program calls for checks and employee training to prevent human-related errors that cause cybersecurity (Lerner et al., 2016). Background checks help prevent cyber-attacks from malicious employees. Contracts between a firm and its vendors often state cybersecurity requirements for vendors (Lerner et al., 2016).
Stakeholders participate in the development and review of an organisation’s cybersecurity program. They include staff and managers from information security, human resources, IT, senior management, internal audit, legal, and risk management (Lerner et al., 2016). Senior management tends to be engaged in the beginning and at the end stages to approve the budget and other aspects so that cybersecurity is realized throughout by employees as a priority to the organization. Independent testing of cybersecurity programs is used to provide an independent perspective to stakeholders. Employees can play an essential role in the prevention of cyber-attacks if they are appropriately engaged as discussed below.
Role of employees in cybersecurity
Employee participation is critical for executing cybersecurity activities and includes incorporating workers’ input in the planning and execution phases (Hornberger and Charles, 2021). Participation involves properly engaging employees in all issues pertinent to the implementation plan. Cybersecurity programs that involve employees in all their stages and steps are considered successful because employees will be aware of the importance of being cybersecurity conscious at all times to prevent potential attacks. Therefore, organizations can promote the success of cybersecurity programs by increasing employee participation. Employee participation can occur in different ways and these will be discussed next.
Training and development
Firstly, companies can increase employee participation in cybersecurity initiatives through training and development. Training and development provide employees with competitive and adequate skills to implement a cybersecurity change program effectively (Puhakainen and Siponen, 2010). Education is critical during the change stage as it creates new perspectives, skills, and knowledge vital for implementing change (Hussain et al., 2018). Organizations should audit change initiatives, identify new or improved skills that employees require, and train them internally, using external experts or through benchmarking (Hussain et al., 2018). According to Puhakainen and Siponen (2010, p. 757), while executing information security strategies, training is the “most suggested Most suggested what? in the literature” and it should be “theory-based and empirically evaluated.”
Contextually, companies should customize cybersecurity programs to suit their needs. Training increases employees’ understanding, awareness, and self-esteem about interacting with new systems, promoting participation (Puhakainen & Siponen, 2010). Herzberg’s two factor theory explains why training can motivate employees to adhere to organizational policies such as cybersecurity policies (Herzberg, 1987: Alamrani, 2020). The theory suggests that work satisfaction by employees is highly associated with variables intrinsic to a job’s content, such as growth, advancement, responsibility, tasks, recognition, and accomplishment (AlAmrani, 2020). Employee advancement and growth in an organization occurs when employees are trained to attain new skills and knowledge. Training and development are intrinsic motivational factors that increase employees’ commitment to organizational change programs such as the deployment of new cybersecurity programs (Fischer et al., 2019). Enhancing employees’ skills makes them feel valued, increases their commitment and enthusiasm, and thus their participation in organizational programs, improving the chances of success of these programs.
Collaboration during system design and implementation
Another way that employees can participate in their organisation’s cybersecurity program is by collaborating and providing their views during the design and implementation of the program. The implementation of a cybersecurity program should be done in a way that aligns Why? with Kotter’s model of change Reference?. For instance, an organisation’s management should create strong coalitions with its employees at each stage of the implementation of its cybersecurity program (Aldemir, 2010). Managers should bring together teams or groups of workers who can lead the cybersecurity implementation, promote collaboration within and across these teams, and attract key leaders among the employees by demonstrating commitment and enthusiasm (Aldemir, 2010). Since employees are the primary implementers of change initiatives, obtaining their input helps integrate features that promote workers’ well-being and convenience (Aziz, 2017). Therefore, companies should create forums and channels to collect and use employees’ feedback during change initiatives.
According to Hornberger (2021), the failure to obtain employees’ perspectives is a major cause of the failure of the implementation of technological systems, such as cybersecurity. Contextually, collecting employees’ views helps improve the features of cybersecurity systems. For example, employees might need certain personalized features from their organisation’s cybersecurity system, such as biometric authentication to access systems. However, if their organisations do not integrate such features because employees were not consulted, the result would be lower engagement and interaction by employees.
Employees provide valuable input that helps companies customize cybersecurity based on the needs of their customers and the general operational environment (Hornberger & Charles, 2021). Following motivational theories from Herzberg and Reference? others, incorporating employees’ opinions in organisational programs creates intrinsic motivation that makes them feel appreciated and more committed to the change program, leading to higher success (Fischer et al., 2019). Therefore, companies can promote participation by incorporating employees’ views and opinions in the systems’ design and implementation.
Employee participation in cybersecurity programmes increases when employees are empowered to work autonomously through independent decision making and innovation. According to Aziz (2017), during change initiatives, companies should empower stakeholders such as employees to be change champions and agents by permitting them to make independent decisions and support their innovations. For instance, when a cybersecurity program is implemented, several decisions are made and approved by the senior management about policies related to individuals that an organization should adhere to so as to minimize and prevent cyber-attacks. However, when employees are given equal chances as senior management to make decisions about policies for preventing cyber-attacks, they will find it easier to adhere to the policies that they participated in making.
Majid et al. (2021) showed that organizational support through empowering employees and emotionally and financially backing their initiatives leads to higher employee engagement and more efficient implementation. Promoting employees’ diverse thinking and innovation encourages workers to experiment with and explore the cybersecurity programs, helping to improvise and improve them. Empowerment also motivates workers to provide feedback while critically analysing various aspects to identify gaps, thus promoting effective implementation. For example, when a company acquires or purchases a cybersecurity system, an organization that supports innovation from employees motivates them to innovate further to adapt to the company’s micro and macro-environmental needs and operational requirements. Therefore, companies should promote an organizational culture that supports diversity in thinking by emotionally and financially supporting employees’ ideas.
Organizations can also promote employee participation by enhancing their motivation. Equity theory Please include a reference is best suited to explain why employees can get motivated in the workplace. The theory suggests that people who see themselves as either over-rewarded or under-rewarded will tend to experience some form of distress or demotivation, and this distress leads to attempts to restore equity with their peers, especially in the workplace (Ibinwangi & Chiekenzie, 2016). Equity, therefore, tends to measure the benefits and contributions gained by each person. Employee performance comprises a group of employee behaviours that can be measured, monitored, and evaluated to assess the accomplishment of individual workers (Ibinwangi & Chiekenzie, 2016). When an employee perceives or views that there is increased inequality between him or herself and other employees, they become demotivated; but when the inequality decreases, they start becoming motivated. According to Adam’s equity theory, Reference?organizations that create an adequate level of motivation among their staff through shared benefits and values will have employees who are more committed to the organization’s goals and strategies, such as change initiatives (Al-Zawhreh & Madi, 2012). On the other hand, if motivation is inadequate, employees withdraw and show less commitment to excellence in job performance (AlAmrani, 2020).
Motivational theories such as Hezberg Please include a reference and check the spelling. argue that companies should motivate workers through extrinsic strategies such as competitive pay and bonuses, as well as intrinsic ones like flexible working environments, team-building exercises, and training and development, among others (A-lAmrani, 2020). Companies can also collaborate with employees by obtaining their views about the most reliable motivational strategies to increase efficacy. For example, without consultation, a company might issue non-relevant or non-impactful benefits to its employees, such as giving them bonuses when they prefer shares. Therefore, to motivate employees to participate in the design and implementation of cybersecurity programs, companies should motivate them adequately and appropriately (Sikolia & Byros, 2016). Intrinsic and extrinsic rewards create inner and material satisfaction that increases participation, as evident by actions such as wellness Don’t understand this. to offer feedback and complete planning and executing tasks efficiently and punctually (Sikolia & Byros, 2016). Therefore, adequate motivation increases employees’ participation and involvement in cybersecurity programs.
Better work coordination through effective communication and task allocation and definition increases employee participation. Needs a reference Before executing a cybersecurity strategy, a company should re-align its operations by properly allocating and defining tasks (Choejey et al., 2016; Tu &Yuan, 2014). For example, it should allow employees to assign tasks according to their expertise and other interpersonal skills. Proper task allocation increases an employee’s likelihood of interacting with the systems better, increasing participation (Choejey et al., 2016; Tu &Yuan, 2014). Ambiguous task definitions or assigning employees tasks they cannot perform leads to lower engagement, participation, and job performance (Choejey et al., 2016; Tu &Yuan, 2014). Dawson and Thompson (2018; p744) reviewed organizational literature about the most vital capabilities for cyber secure organizations, and the results showed that “strong communication ability” is a critical ingredient. Therefore, communication spurs employees’ participation in cybersecurity programs (Dawson & Thompson, 2018). Companies relay updates and information about the system through proper communication that increases coordination, proper job performance, and participation (Dawson & Thompson, 2018). Also, proper communication promotes participation as it collects and utilizes employees’ feedback (Dawson & Thompson, 2018). Therefore, organizations should create decentralized communication channels that promote informational flow from all directions. Therefore, timely and effective messaging and feedback collection utilization and response promote coordination and employee participation. Thus, efficient coordination increases employee participation. Include a final closing paragraph – look a previous dissertations of my students and see how they did it.
Al Amrani, K. (2020). Applicability of the motivation theories of Maslow, Herzberg and vroom to contemporary business organizations in Oman. International Journal of Economics, Business and Management Studies, 7(2), 202–213. https://doi.org/10.20448/802.72.202.213
Abd Majid, M., & Zainol Ariffin, K. A. (2021). Model for successful development and implementation of Cyber Security Operations Centre (SOC). PLOS ONE, 16(11), 1–15. https://doi.org/10.1371/journal.pone.0260157
Al-Zawhreh, A., & Madi, F. (2012). The Utility of Equity Theory in Enhancing Organizational Effectiveness. European Journal of Economics, Finance and Administrative Sciences, 46, 158–170.
Aziz, A.-M. (2017). A change management approach to improving safety and preventing needle stick injuries. Journal of Infection Prevention, 18(5), 257–262. https://doi.org/10.1177/1757177416687829
Carman, A. L., Vanderpool, R. C., Stradtman, L. R., & Edmiston, E. A. (2019). A change-management approach to closing care gaps in a federally qualified Health Center: A rural Kentucky case study. Preventing Chronic Disease, 16, 1–15. https://doi.org/10.5888/pcd16.180589
Choejey, P., Murray, D., & Che Fung, C. (2016). Exploring critical success factors for cybersecurity in Bhutan’s government organizations. Computer Science & Information Technology ( CS & IT ), 15, 1–10. https://doi.org/10.5121/csit.2016.61505
Dawson, J., & Thomson, R. (2018). The future cybersecurity workforce: Going beyond technical skills for successful Cyber Performance. Frontiers in Psychology, 9, 744–754. https://doi.org/10.3389/fpsyg.2018.00744
Fischer, C., Malycha, C. P., & Schafmann, E. (2019). The influence of intrinsic motivation and synergistic extrinsic motivators on creativity and innovation. Frontiers in Psychology, 10, 1–15. https://doi.org/10.3389/fpsyg.2019.00137
Herzberg, F. (1987). One more time: How do you motivate employees?. Harvard Business Review, 65(5), 109-120.
Hornberger, R. C. (2021). Encouraging Employee Buy-In for Cybersecurity Monitoring Programs: A Social Influence Perspective. (Publication NO. 28321025) [Doctoral Dissertation, University of Maryland University College] ProQuest Dissertations Publishing.
Hussain, S. T., Lei, S., Akram, T., Haider, M. J., Hussain, S. H., & Ali, M. (2018). Kurt Lewin’s change model: A critical review of the role of leadership and employee involvement in organizational change. Journal of Innovation & Knowledge, 3(3), 123–127. https://doi.org/10.1016/j.jik.2016.07.002
Ibinwangi, O. & Chiekezie, O. (2016). Equity theory of motivation and work performance in selected southeast universities. Reiko International Journal of Business and Finance, 8(4), pp. 1-12.
IIFA. (2022). Cybersecurity Program basics. https://www.anbima.com.br/data/files/25/67/A6/3C/CF30E61078F0C4D69B2BA2A8/IIFA-Cybersecurity-Program-Basics.pdf
Lerner, L., Lerner, M., Rishikof, H., & C., J. (2016). Cybersecurity Programs – A Guide. https://www.crowell.com/files/201606-Cybersecurity-Programs-A-Guide-Lerner-Lerner-Rishikof-Cieplak.pdf
Puhakainen, & Siponen. (2010). Improving employees’ compliance through Information Systems Security training: An action research study. MIS Quarterly, 34(4), 757–778. https://doi.org/10.2307/25750704
Sikolia, D., & Biros, B. (2016). Motivating employees to comply with information security policies. Journal of the Midwest Association for Information Systems, 6(2), 7–25. https://doi.org/10.17705/3jmwa.00018
Trelix (2022, January 23). How Cybersecurity Policies and Procedures Protect Against Cyberattacks. Retrieved May 23, 2022 from https://www.trellix.com/en-us/security-awareness/cybersecurity/cybersecurity-policies.html
Tu, Z., & Yuan, Y. (2014). Critical Success Factors Analysis on Effective Information Security Management: A Literature Review. Journal of Scientific Conference Proceedings, 2(1). Doi=10.1.1.819.6637&rep=rep1&type=pdf.
Why Choose Us
We value our clients. For this reason, we ensure that each paper is written carefully as per the instructions provided by the client. Our editing team also checks all the papers to ensure that they have been completed as per the expectations.
Professional Academic Writers
Over the years, our Acme Homework has managed to secure the most qualified, reliable and experienced team of writers. The company has also ensured continued training and development of the team members to ensure that it keep up with the rising Academic Trends.
Our prices are fairly priced in such a way that ensures affordability. Additionally, you can get a free price quotation by clicking on the "Place Order" button.
We pay strict attention on deadlines. For this reason, we ensure that all papers are submitted earlier, even before the deadline indicated by the customer. For this reason, the client can go through the work and review everything.
At Graduate Assistants, all papers are plagiarism-free as they are written from scratch. We have taken strict measures to ensure that there is no similarity on all papers and that citations are included as per the standards set.
Customer Support 24/7
Our support team is readily available to provide any guidance/help on our platform at any time of the day/night. Feel free to contact us via the Chat window or support email: firstname.lastname@example.org.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
Graduate Assistants has stood as the world’s leading custom essay writing services providers. Once you enter all the details in the order form under the place order button, the rest is up to us.
At Graduate Assistants, we prioritize on all aspects that bring about a good grade such as impeccable grammar, proper structure, zero-plagiarism and conformance to guidelines. Our experienced team of writers will help you completed your essays and other assignments.
Admission and Business Papers
Be assured that you’ll definitely get accepted to the Master’s level program at any university once you enter all the details in the order form. We won’t leave you here; we will also help you secure a good position in your aspired workplace by creating an outstanding resume or portfolio once you place an order.
Editing and Proofreading
Our skilled editing and writing team will help you restructure you paper, paraphrase, correct grammar and replace plagiarized sections on your paper just on time. The service is geared toward eliminating any mistakes and rather enhancing better quality.
We have writers in almost all fields including the most technical fields. You don’t have to worry about the complexity of your paper. Simply enter as much details as possible in the place order section.