Figure 1 - uploaded by Nicolas Poussing
Content may be subject to copyright.
Source publication
Cet article aborde le thème de la gouvernance de la sécurité de l’information. Pour pallier les faiblesses relevées dans la littérature, il explore (i) le processus d’engagement des organisations dans la gouvernance de la sécurité de l’information et (ii) les pratiques de gouvernance de la sécurité de l’information des organisations engagées dans l...
Similar publications
An increasing business transaction can cause rapid growth in online shops and marketplace. One of the affected is an online shop. From several logistic services, tracking and tracing information services are the main focus in this study because online shops as the business partner have a lack of attention in these services. The objective of this st...
In the wake of the 2008 global financial crisis, the Fintech industry and Islamic banking were striving to fill the existing
void through innovation and different business approaches. Losing trust in conventional banking, the advancement of
technology and the internet globally, and customers' craving for trustworthy and reliable financial systems a...
Background: Clinical decision support systems (CDSS) are designed to promote evidence-based patient care and shared-decision making in healthcare settings. Despite these benefits, adoption and long-term use of the systems remain limited. There is a need to identify different factors that influence CDSS adoption in healthcare settings.
Objective: Th...
Understanding the factors affecting the use of healthcare technologies is a crucial topic that has been extensively studied, specifically during the last decade. These factors were studied using different technology acceptance models and theories. However, a systematic review that offers extensive understanding into what affects healthcare technolo...
![Fig. 1. O modelo UTAUT original [28]](profile/Angelica-Calazans/publication/319490826/figure/fig1/AS:535315350605824@1504640533009/O-modelo-UTAUT-original-28_Q320.jpg)
Resumo — O objetivo deste trabalho é realizar um estudo comparativo sobre os fatores de influência do uso da linguagem natural na especificação de requisitos na Argentina e o Brasil. A metodologia adotada é um estudo descritivo, de abordagem quantitativa por meio de equações estruturais. O modelo teórico proposto baseia-se na Teoria Unificada de Ac...
Citations
... L'entreprise E a de faibles mesures de sécurité en comparaison des autres entreprises étudiées. Ce constat est en cohérence avec les travaux de Dagorn et Poussing (2012), en matière de gouvernance de sécurité, qui montre la difficulté à traduire les concepts en actions concrètes et d'appartenir au secteur de l'industrie, comparativement au secteur des services. D'autres études soulignent l'importance que peut avoir l'effet de l'activité de l'entreprise sur la sécurité des S.I. (Dojkovski et al,2007 ;Barlette, 2012). ...
En premier lieu, cette communication vise à présenter les principaux résultats des études de cas réalisées dans des PME, où nous avons cherché quels sont les facteurs qui peuvent influencer une culture sécurité des utilisateurs des systèmes d'information (S.I), selon Reix et Rowe, (2002), un S.I. est l'ensemble d'acteurs sociaux qui transforment et mémorisent des représentations à travers des technologies de l'information et des modes opératoires. Ensuite, nous présentons notre deuxième méthode de recherche qui est la recherche-intervention, que nous avons réalisée au sein d'une PME, à travers une formation et une sensibilisation destinées aux utilisateurs des S.I afin d'améliorer leur culture ainsi que leurs comportements liés à la sécurité des S.I. Les objectifs, le processus de recherche adopté et les résultats sont développés dans cette communication.
Mots-clés : Culture sécurité, sécurité des systèmes d'information (SSI), comportements liés à la sécurité, recherche-intervention, PME.
... À notre connaissance, aucune des études antérieures n'a testé l'influence directe du secteur d'activité dans le domaine de la Culture sécurité de l'information. Seule, une étude de Dagorn et Poussing (2012), en matière de gouvernance de la sécurité de l'information, montre la difficulté à traduire les concepts en actions concrètes, appartenir au secteur de l'industrie comparativement au secteur des services. Nous avons identifié d'autres études où les auteurs soulignent l'importance qui peut avoir l'effet de l'activité de l'entreprise dans ce domaine. ...
En 2019 selon une enquête du CPME 1 41 % des entreprises interrogées de 0 à 9 salariés et 44% des entreprises de 9 à 49 salariés ont déjà subi une ou plusieurs attaques ou tentatives d'attaques informatiques. En ayant une culture sécurité des systèmes d'information (CSSI) efficace où les employés protègent les actifs informationnels, les petites et moyennes entreprises (PME) pourraient améliorer la sécurité de leurs systèmes d'information (Dojkovski et Al 2007). Cependant, les recherches antérieures ont largement ignoré le développement d'une telle culture pour les PME. L'objectif de cette recherche est de répondre à la question : « Comment évaluer la maturité de la culture sécurité des SI dans les PME ». Cette communication propose un modèle théorique qui doit permettre d'évaluer la maturité de la culture SSI d'une PME. Ce modèle est construit en se basant sur la théorie des trois niveaux de la culture sécurité de Schlienger et Teufel (2003) adapté de Schein (1985). Dans cette communication nous présentons également notre méthode de recherche et les cas prévus. Par la suite ce modèle fera l'objet d'une validation par des études de cas.
... CEOs may, for example, be verbally persuaded by peers to take recommended actions (Tu et al., 2015). However, this influence can also have an effect indirectly through the observed actions of peers, mentors or competitors (Dagorn & Poussing, 2012;Ozgen & Baron, 2007;Tu et al., 2015;Zhang et al., 2018). Barlette (2012) conducted a qualitative study in which he showed that SME CEOs can adopt four types of behaviors ( Figure 1). ...
This research addresses the determinants of CEOs’ actions regarding the information security (ISS) of small and medium enterprises (SMEs). This article aims to (a) identify factors influencing CEOs’ ISS actions, (b) examine the relevance of protection motivation theory (PMT) in explaining top management support (TMS, i.e., supportive actions) and (c) find potential differentiated effects on protective vs. supportive actions.
The results of a questionnaire-based survey (N=200) show that the PMT and social influence constructs, while explaining a significant amount of variance, exert differentiated effects: in contrast with protective actions, which are influenced mainly by self-efficacy, SME CEOs’ supportive actions are strongly affected by the social influence of peers (partners and competitors) and customers.
At a theoretical level, this research validates the relevance of the PMT framework for the study of TMS determinants in the context of ISS. This study is also the first to distinguish between these two types of actions and offers new insights on CEOs’ ISS-related behavior literature. For practitioners, the results imply that even when CEOs do not exert protective actions, it is important to build on their professional relations to trigger and enhance their supportive actions.
... This study surely contributes to enriching the literature in the field of information security where the level of scientific research production remains low. Other researches by Kotulic and Clark [1] or Dagorn and Poussing [2] show the difficulties faced by researchers in this area. This study provides science with a theoretical research model that can be refined to better explain dependent variables in subsequent research works. ...
This article deals with information security in information systems projects, which has become vital in a context of cybercrimes and economic spying proliferation. Based on the theoretical research model derived from UTAUT 2 and TAM models, this study seeks to determine the factors that influence the intention to adopt and use information security in Information Systems (IS) projects. Both qualitative and quantitative approaches were employed. Upon data analysis on the SmartPLS 3.2.7 software, the results suggested that: (i) perceived usefulness, habit, and facilitating conditions have a positive influence on the intention to use information security in IS projects; (ii) habit has a positive influence on the use of information security in IS projects. This study surely contributes to enriching the literature in the field of information security where the level of scientific research production remains low.
... This study surely contributes to enriching the literature in the field of information security where the level of scientific research production remains low. Other researches by Kotulic and Clark [1] or Dagorn and Poussing [2] show the difficulties faced by researchers in this area. This study provides science with a theoretical research model that can be refined to better explain dependent variables in subsequent research works. ...
This article deals with information security in information systems projects, which has become vital in a context of cybercrimes and economic spying proliferation. Based on the theoretical research model derived from UTAUT 2 and TAM models, this study seeks to determine the factors that influence the intention to adopt and use information security in Information Systems (IS) projects. Both qualitative and quantitative approaches were employed. Upon data analysis on the SmartPLS 3.2.7 software, the results suggested that: (i) perceived usefulness, habit, and facilitating conditions have a positive influence on the intention to use information security in IS projects; (ii) habit has a positive influence on the use of information security in IS projects. This study surely contributes to enriching the literature in the field of information security where the level of scientific research production remains low.
... Several studies of small businesses have shown that CEOs often use social and professional networks to make decisions, and such social influences may constitute a relevant variable to explain CEO behaviors (Dagorn & Poussing, 2012;Ozgen & Baron, 2007;Schoonjans et al., 2013) . Social influence (Ajzen, 1991) can be considered to be equivalent to subjective norms (see Venkatesh et al., 2003), as it refers to the "perceived social pressure from people who are important to someone. ...
Past research in the area of behavioral information security has mainly focused on large company employees. However, SMEs constitute a relevant field of study, as they represent more than 99 percent of European companies and are subject to rapidly increasing security threats. In addition, within SMEs, CEOs play a vital role in protecting their information through the actions they can initiate and the influence they have on their employees. We attempt to fill a gap in information security (ISS) research, as few studies have aimed to understand CEOs’ behaviors related to the implementation of ISS. In addition, the literature shows that particularly in a small firm context, ownership influences CEOs’ behavior. Even less research has addressed SMEs, specifically with regard to the impact of ownership on CEOs’ ISS-related behaviors. This paper details an empirical study based on the protection motivation theory (PMT) to investigate the following research question: what factors explain SME CEOs’ information security protective behavior? We conducted a questionnaire-based survey with 292 SME CEOs, and we analyzed the collected data using partial least squares (PLS). Because the academic literature shows that SME CEOs engage in specific behaviors, we tested the influence of the PMT on two subgroups: SME owners (n=183) and non-owners (n=109). Our results show very important and significant discrepancies between the two subgroups. Our work is original because it constitutes the first study dedicated to the protective behaviors of SME CEOs; moreover, it distinguishes between owners and non-owners. Our major theoretical contribution corresponds to the identification and investigation of this differentiated population, which requires more in-depth studies. The main managerial implication of our work is that as the factors triggering owner and non-owner SME CEOs protective behaviors are almost in total contrast, any communication or action should be specifically tailored to each audience.
The digital transformation implemented through numerous projects is the reality of all industries and organizations, public or private. The Organisation for Economic Co-operation and Development notes that the focus previously placed on the security of information systems and networks is now broadening to encompass the security of economic and social activities that rely on new digital technologies. Numerous scientific works highlight the role of the top manager in information risk management and their influence on employee behavior. The authors' empirical study was conducted as part of a research project within Orange, the French telecommunications company. The study focused on the top managers of the entities of the telecom network domain. Rooted in constructivism, the research methodology consisted of a circular and iterative approach to data collection and analysis. Due to the daily processing and handling of sensitive data by network stakeholders, information risk management is considered a “critical issue'.
Past research in the area of behavioral information security has mainly focused on large company employees. However, SMEs constitute a relevant field of study, as they represent more than 99 percent of European companies and are subject to rapidly increasing security threats. In addition, within SMEs, CEOs play a vital role in protecting their information through the actions they can initiate and the influence they have on their employees. We attempt to fill a gap in information security (ISS) research, as few studies have aimed to understand CEOs’ behaviors related to the implementation of ISS. In addition, the literature shows that particularly in a small firm context, ownership influences CEOs’ behavior. Even less research has addressed SMEs, specifically with regard to the impact of ownership on CEOs’ ISS-related behaviors. This paper details an empirical study based on the protection motivation theory (PMT) to investigate the following research question: what factors explain SME CEOs’ information security protective behavior? We conducted a questionnaire-based survey with 292 SME CEOs, and we analyzed the collected data using partial least squares (PLS). Because the academic literature shows that SME CEOs engage in specific behaviors, we tested the influence of the PMT on two subgroups: SME owners (n=183) and non-owners (n=109). Our results show very important and significant discrepancies between the two subgroups. Our work is original because it constitutes the first study dedicated to the protective behaviors of SME CEOs; moreover, it distinguishes between owners and non-owners. Our major theoretical contribution corresponds to the identification and investigation of this differentiated population, which requires more in-depth studies. The main managerial implication of our work is that as the factors triggering owner and non-owner SME CEOs protective behaviors are almost in total contrast, any communication or action should be specifically tailored to each audience.
Information systems are is generally perceived as vector of performance. Nevertheless, their use remains problematic in numerous companies. This article is at the border of information systems management and supply chain management. In this last field, the typologies of the risks are common but ignore very often the risks linked to information systems and to their usage. This idea is envisaging also information systems as potential risk factors in a context of supply chain management. A literature review allows to contribute to the theory by developing a typology of the risks linked to information systems and to their usage. Then, five explanatory case studies led in diverse sectors allow to experience this typology and to identify the most recurring risks linked to information systems and to their usage. On a managerial plan, this article makes sensitive supply chain managers, information systems managers as well as information systems / supply chain project managers of the necessity of not perceiving information system only as a vector of performance but also as a risk factor in supply chains.
Classification JEL : D8, D80, D81.
Purpose: This investigation seeks to study the following research question: how can information systems be real sources of uncertainty for Supply Chain Management, despite their positive roles in the effectiveness of modern supply chain organization?
Design/methodology/approach: A typology of the uncertainties linked to information systems and their usage is developed. Then, five explanatory case studies conducted in diverse industries allow to characterize this typology.
Findings: The case studies allow to identify the most frequently recurring uncertainties, namely “limited information system capacity” and “data unreliability”. In addition, “company size” does not seem to be a relevant dimension for assessing the vulnerability of a supply chain to uncertainties linked to information systems. On the other hand, the “business sector”, with its implied power influences, was found to be a relevant dimension.
Research limitations/implications: This research does not allow to rank uncertainties according to their level of criticality.
Practical implications: This article enables supply chain and information systems managers, as well as information systems/supply chain project managers to be aware of the need to consider information systems not only as vectors for performance, but also as factors for uncertainty in supply chains.
Originality/value: Information systems are generally considered to be a vector of performance. Nevertheless, their use remains problematic in many companies. This article falls within both the information systems and supply chain management research areas. In the latter field, typologies of the uncertainties are common, but often ignore the uncertainties linked to information systems and their usage. We suggest envisaging information systems as potential factors for uncertainty in the context of supply chain management.
