The human component of information systems represents a critical and high-impact target for cyberattacks. Firms address these threats through various means, including security awareness training, security policy monitoring, security controls, and enforcement. Even the most robust technical controls have limits. Consequently, elevating user…

This qualitative case study discussed the security training and awareness for iMiTs Art's cloud and information systems due to the digital transition to cloud computing capabilities and usage. The study was based on the technology acceptance of the TAM (Technology Acceptance Model) model, security training concepts of SETA (Security Education and…

The objective of this audit was to determine whether the U.S. Department of Education's (Department) overall information technology (IT) security programs and practices were effective as they relate to Federal information security requirements. In fiscal year (FY) 2020, the focus of the audit was solely on Departmental Systems. This year the focus…

Organizational information system users (OISU) that are victimized by cyber threats are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, it has been argued that cybersecurity competency is critical for advancing economic prosperity and maintaining national security. The fact remains…