1. Internal and external drivers for compliance with the COVID-19 preventive measures in Slovenia : The view from general deterrence and protection motivationAnže Mihelič, Luka Jelovčan, Kaja Prislan Mihelič, 2021, izvirni znanstveni članek Opis: The emergence of a pandemic is usually accompanied by different measures-economic, social, preventive, and (self)protective. In the case of the COVID-19, several preventive measures were formally enforced by state authorities in the majority of countries worldwide. Thus, during the COVID-19 pandemic, the intertwining of formal and informal social control could be observed. Hence, in this study a cross-sectional design was chosen to explore the issue in Slovenia. To the best of our knowledge, this research is the first in the current literature to empirically test the general deterrence theory in pandemic circumstances (as external factors predicting individuals' compliance with the COVID-19 preventive measures). The results suggest an important role of informal punishment, with perceived informal severity being the only statistically significant factor from the general deterrence theory. In contrast to external factors, internal factors play a significantly greater role in promoting people's self-protective behavior in pandemic circumstances. During the unknown, the uncertain and delicate situations with which people have no previous experience, both personal beliefs about the effectiveness of measures and perceived self-efficacy are more important than fear of formal sanctions. Ključne besede: COVID-19, preventive measures, Slovenia Objavljeno v DKUM: 01.10.2024; Ogledov: 0; Prenosov: 3 Celotno besedilo (829,55 KB) Gradivo ima več datotek! Več... |
2. Outsource or not? : An AHP based decision model for information security managementLuka Jelovčan, Anže Mihelič, Kaja Prislan Mihelič, 2022, izvirni znanstveni članek Opis: Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities.
Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model.
Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations.
Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances. Ključne besede: information security, decision model, analytic hierarchy process, AHP, management, outsourcing Objavljeno v DKUM: 24.06.2024; Ogledov: 141; Prenosov: 14 Celotno besedilo (1,97 MB) Gradivo ima več datotek! Več... |
3. Informacijska varnost v slovenskem start-up okolju : magistrsko deloLuka Jelovčan, 2023, magistrsko delo Opis: Start-up podjetja predstavljajo pomemben del podjetniškega okolja, saj na trg nenehno prinašajo nove rešitve, izdelke in pristope. Hkrati je start-up okolje izpostavljeno številnim tveganjem, ki nenehno ogrožajo nadaljnji razvoj ali celo obstoj posameznih start-up podjetij. Med glavna tveganja, ki so jim start-up podjetja izpostavljena, zagotovo sodijo tudi informacijskovarnostne grožnje, saj podatki in intelektualna lastnina predstavljajo temelj njihovega uspeha. Za start-up podjetja je tako ključnega pomena učinkovito upravljanje informacijske varnosti in s tem optimalno razpolaganje z omejenimi sredstvi. Ne glede na to je upravljanje informacijske varnosti med slovenskimi start-up podjetji popolnoma neraziskano področje. Da bi bila naslovljena vrzel v literaturi so bili v okviru izdelave magistrskega dela izvedeni intervjuji s predstavniki 18 slovenskih star-up podjetij. Cilj raziskave je bil ugotoviti, kako start-up podjetja razumejo koncept informacijske varnosti, kakšen odnos imajo do tega področja in kako k upravljanju informacijske varnosti pristopajo. Pri tem delo izhaja iz teoretičnega modela znanja, odnosa in vedenja, medtem ko sta upravljanje in izvajanje informacijskovarnostnih ukrepov presojani s pomočjo standarda ISO/IEC 27001. Rezultati raziskave kažejo, da se slovenska start-up podjetja zavedajo informacijskovarnostnih groženj in jih prepoznavajo kot pomemben dejavnik tveganja, ki lahko ogrozi razvoj podjetja, večina informacijsko varnost prepoznava kot pomembno za poslovni uspeh podjetja. K izvajanju informacijskovarnostnih ukrepov start-up podjetja pristopajo pragmatično, skladno s svojimi potrebami, znanjem in omejenimi sredstvi. S tem so povezani tudi informacijskovarnostni ukrepi, ki jih start-up podjetja izvajajo, saj največ pozornosti namenijo varnosti človeških virov, razdeljevanju dostopov in sledenju osnovnim dobrim praksam, pri čemer tehnološka start-up podjetja več pozornosti namenijo informacijski varnosti v dobavnih verigah in pri sodelovanju s partnerskimi podjetji. Rezultati raziskave ponujajo prvi vpogled v stanje informacijske varnosti med slovenskimi start-up podjetji ter omogočajo pripravo priporočil in prilagojenih ukrepov, ki bodo start-up podjetjem omogočali celovitejši in sistematičen pristop k upravljanju informacijske varnosti. Ključne besede: informacijska varnost, start-up podjetja, tveganja, ISO/IEC 27001, diplomske naloge Objavljeno v DKUM: 08.05.2023; Ogledov: 622; Prenosov: 159 Celotno besedilo (884,63 KB) |
4. Self-protective behaviour among young adults during public health crisisLuka Jelovčan, Kaja Prislan Mihelič, Anže Mihelič, 2020, izvirni znanstveni članek Opis: Purpose: The purpose of this article is to examine perceptions of factors deriving from the theory of planned behaviour among younger adults in times of public health crisis, their self-protective behaviour compared to other age groups, and test the predictive factors according to the theory of planned behaviour. Design/Methods/Approach: An online survey has been conducted to examine self-protective behaviour in times of public health crisis. The survey was distributed to Slovenian citizens (n = 280) using the social network Facebook. Descriptive statistics were used to describe the sample and measured variables. Multiple regression analysis was conducted to determine associations between identified factors. Findings: The results of the study indicate that there are no significant differences in self-reported self-protection between younger adults and others. Additionally, attitude toward self-protective measures is the most important predictor of self-protective behaviour for both age groups. Only the attitude is significantly associated with self-protective behaviour among young adults, whereas among others, all three predictors are significantly associated with self-protective behaviour, explaining nearly twice the variance. Research Limitations/Implications: This research contributes to the understanding of motivators that drive individuals to engage in self-protective behaviour in times of health crises. It provides insight into young adults' self-protective behaviour. Most of the limitations are related to the sample, which only contains respondents from one social network and one country. Originality/Value: To the best of our knowledge, this is the first study that explored the self-protective behaviour of young adults during COVID-19 using the theory of planned behaviour and compares the differences in self-protective behaviour predictors among different age groups. Ključne besede: theory of planned behaviour, young adults, self-protection Objavljeno v DKUM: 04.01.2021; Ogledov: 893; Prenosov: 49 Povezava na celotno besedilo Gradivo ima več datotek! Več... |
5. Odločitveni model za prenos upravljanja informacijske varnosti na zunanje izvajalce : diplomsko delo univerzitetnega študijskega programa VarstvoslovjeLuka Jelovčan, 2020, diplomsko delo Opis: Zaradi širjenja trenda digitalizacije in informatizacije poslovnih procesov se organizacije soočajo s številnimi izzivi, med katerimi prevladujejo grožnje informacijski varnosti. Kljub pomembnosti informacijske varnosti za stabilno in nemoteno poslovanje pa se v praksi pri upravljanju tovrstnega področja organizacije soočajo s številnimi izzivi (npr. pomanjkanje finančnih, kadrovskih in tehničnih sredstev). Skladno s tem postaja prenos aktivnosti, povezanih z upravljanjem informacijske varnosti na zunanje izvajalce, vedno bolj aktualna praksa, vendar v Sloveniji to področje ostaja neraziskano. Prenos upravljanja informacijske varnosti sicer ne predstavlja primerne rešitve za vse organizacije, saj so s tem povezana tudi določena tveganja. Zato je za organizacije ključno, da izberejo način upravljanja informacijske varnosti, ki je za njih najbolj primeren. Pregled literature kaže, da sicer obstajajo odločitveni modeli za izbiro najprimernejših načinov k upravljanju informacijskih sistemov, vendar ti niso uporabni za odločanje o pristopih k upravljanju informacijske varnosti (tj. notranje/zunanje). V okviru izdelave diplomskega dela je bila izvedena trofazna empirična raziskava, ki je vključevala strukturiran pregled literature ter dve kvantitativni raziskavi med strokovnjaki s področja informacijske varnosti. Cilj raziskave je bil ugotoviti aktualno stanje na področju prenosa upravljanja informacijske varnosti na zunanje izvajalce v Sloveniji ter razviti odločitveni model uporaben za organizacije pri presojanju pristopov. Rezultati raziskave kažejo, da je v ponudbi zunanjih izvajalcev najbolj razširjena storitev informacijskovarnostno svetovanje, medtem ko slovenske organizacije po oceni respondentov najpogosteje koristijo storitev vzpostavljanja in vzdrževanja informacijskovarnostnih sistemov. Prenosa informacijske varnosti se poslužuje približno polovica slovenskih organizacij, najpogosteje pa velike organizacije. Po mnenju respondentov bi organizacije pri odločanju o načinu upravljanja informacijske varnosti največji poudarek morale nameniti hitremu odzivanju na grožnje in zagotavljanju neprekinjenega poslovanja. Rezultati raziskave so tako omogočili identifikacijo in prioritizacijo odločitvenih dejavnikov, ki bi morali vplivati na izbiro najprimernejšega načina upravljanja informacijske varnosti v organizacijah. Prav tako gre za prvo raziskavo v Sloveniji, ki je podrobneje proučila stanje na področju prenašanja aktivnosti, povezanih z informacijsko varnostjo na zunanje izvajalce. Ključne besede: diplomske naloge, SUIV, prenos aktivnosti, zunanje izvajanje, organizacije, AHP, odločitveni model Objavljeno v DKUM: 18.09.2020; Ogledov: 980; Prenosov: 121 Celotno besedilo (970,60 KB) |
6. |