To Örebro University

Although much literature has focused on prejudice-based traditional bullying, there are not a lot of studies about prejudice-based cyberbullying. This kind of cyberbullying reflects any form of cyberbullying based on a group affiliation or identity characteristics of the victim, often including historically marginalised and other "protected characteristics" (race, religion, disability, etc.). In this chapter, we focus on seven characteristics that were highlighted in previous research - family origin, skin colour, religion/belief, nationality/ethnicity, disability, poverty, and sexual orientation. We begin by reviewing research into prejudice-based cyberbullying and emphasise the main gaps in the existing knowledge. We then present our empirical findings based on an online study that contributes to filling these gaps: (a) the prevalence of prejudice-based cyberbullying and cybervictimisation at the cross-national level, across 17 countries and including culturally diverse samples (N = 5,215 high school students); and (b) the relationships of belonging to some of the marginalised groups (based on sex, nationality/ethnicity, religion, asylum status, and disability) with both prejudice-based cyberbullying and cybervictimisation. Finally, we refer to some suggestions for future research and conclude with the implications for prevention programmes based on the obtained results.

Context: Despite the widespread adoption of agile software development methods (ASDMs) today, many organizations struggle with effective implementation. One reason for this is that some organizations claim to use an ASDM without fully understanding its core principles, or they adhere to old practices while professing to follow a contemporary software development method. This phenomenon is sometimes referred to by practitioners as “cargo cult” (CC) behavior. However, simply labeling something as CC lacks analytical depth.

Objective: This paper aims to conceptualize and validate an analytical tool for diagnosing CC and non-CC behavior in software development teams’ use of ASDMs.

Method: This study uses a longitudinal ethnographic approach to conceptualize and validate the analytical tool by analyzing four agile practices used by a global industrial manufacturing company.

Results: The analytical tool features eight stereotypes—three representing non-CC behaviors and five representing CC behaviors—designed to aid in the analysis of ASDM usage. The tool draws on Social Action Theory and Work Motivation Theory to capture and interpret the CC phenomenon in ASDM use. Using the stereotypes, 36 actions were categorized as CC behavior deviating from documented ASDM practices, and 23 actions as non-CC behavior because they aligned with the documented ASDM and reflected agile goals and values. The tool thus can help both researchers and practitioners gain a deeper understanding of ASDM use in organizations.

Conclusion: This study advances understanding of ASDM use by moving beyond the simplistic use of the term “cargo cult”. The developed tool enables structured identification and classification of CC behaviors. The stereotypes provide a way of classifying recurring software development actions against the intended ASDM, allowing the identification of specific types of CC behaviors. The analytical tool enables managers to gain deeper insights into the underlying reasons for deviations, thereby supporting more grounded and effective agile practices within organizations.

In today's digital age, protecting information assets is critical to maintain organizations’ digital sovereignty. Yet existing research offers limited guidance on creating effective, actionable advice in information security policies (ISPs) that instructs employees on how to carry out their tasks and contribute to protecting information assets. Addressing this gap, the aim of this paper is to propose a definition of actionable advice. A clear definition can aid in designing ISPs and enhance communication with employees, guiding them in the expected behavior to protect the organization’s information assets. The research question guiding this work is: how can actionable advice be defined in information security policies? To achieve this aim, the definition is informed by a literature review and analysis of 47 ISPs from public agencies in Sweden. The proposed definition of actionable advice is: a demarcated part of an ISP, that instructs someone on a task to execute or not to execute regarding information security, and, in case of execution, how to carry out the task. The definition of actionable advice provides researchers with a starting point to understand this term, helping advancing future studies on ISPs. This work also has practical implications for ISP developers, offering guidance on writing pieces of actionable advice that are concrete and directly applicable in employees' daily tasks to protect their organizations.

Purpose: This study aims to develop and test a framework to associate learning styles and social influencing vulnerabilities with different personality types in the context of tailoring information security awareness (ISA) methods for people with different personality types.

Design/methodology/approach: The framework was developed following directed content analysis and applied to match distinct personality types with ISA methods identified through a systematic literature search. The directed content analysis was conducted in two parts: a) Describe and identify keywords for the DISC (dominance [D], inducement [I], submission [S] and compliance [C]) personality types, Kolb's learning styles and Cialdini's social influencing principles; b) Identify the relationships between personality types, learning styles and social influencing vulnerabilities and create the PLS (i.e. personality types, learning styles and social influencing vulnerabilities) framework. As a result, four relationships are identified for each distinct personality type in the PLS framework.

Findings: The study has theoretically demonstrated the framework's feasibility of finding best-matched ISA methods for distinct personality types, considering their linked learning style and social influencing vulnerabilities.

Research limitations/implications: The study provides two main theoretical contributions: 1) PLS framework: presenting the relationship of personality types with their linked learning style and their social influencing vulnerabilities; 2) Examples of matching distinct personality types with ISA methods, including suggestions for a theoretically best matched ISA method. Therefore, this study contributes to building a sound theoretical ground for tailoring ISA methods for people with different personality types. In addition, the derived keywords are helpful to capture a good understanding of the different dimensions of the selected theories. Furthermore, following the examples provided in this paper, the developed PLS framework can be used as a base for managers to use ISA methods for people with different personality types in organizations.

Practical implications: Furthermore, following the examples provided in this paper, the developed PLS framework can be used as a base for managers to employ ISA methods for people with different personality types in organizations.

Originality/value: To the best of the authors' knowledge, this study is the first of its kind in developing and testing a framework for matching distinct personality types with information security awareness methods.

Purpose: This study explores the impact of artificial intelligence (AI) on accounting and auditing professionals as businesses navigate digital transformation.

Design/methodology/approach: A qualitative research approach was adopted, analysing data from 10 podcasts and 17 semi-structured interviews using NVivo software. Key themes were identified to provide insights into AI's influence on organisational change in accounting practices.

Findings: The research constructs a thematic framework comprising three aggregate dimensions: triggers of digital transformation in accounting practices, opportunities and challenges in transforming accounting practices, and changing routines for accounting professionals. The results are further interpreted using Lewin's 3-Step Model of Organisational Change to comprehend the impact of AI and understand how accountants can adapt to these technological changes to sustain their practices.

Originality/value: This study provides a good understanding of the social shifts towards utilising AI in increasingly automating accounting tasks, reshaping professional roles and creating both opportunities and challenges. AI enhances efficiency in bookkeeping, reporting, auditing and risk analysis but also raises concerns about data integrity and trust. Blockchain technology emerges as a potential solution, enhancing transparency, security and reliability in AI-enabled accounting systems. To remain relevant, accounting professionals must bridge digital skill gaps and adopt interdisciplinary collaboration. As AI continues to evolve, blockchain integration could reinforce trust and accountability, shaping the future of accounting and auditing.

Classifying natural language requirements (NLRs) is challenging, especially with large volumes. Research shows that Large Language Models can assist by categorizing NLRs into functional requirements (FR) and non-functional requirements (NFRs). However, Generative Pretrained Transformer (GPT) models are not typically favored for this task due to concerns about consistency. This paper investigates the consistency when a GPT model classifies NLRs into FRs and NFRs using a zero-shot learning approach. Results show that ChatGPT-4o performs better for FRs, a temperature parameter set to 1 yields the highest consistency, while NFR classification improves with higher temperatures.

Over the years, numerous studies on employee compliance with information security policies (ISPs) have been conducted, contributing valuable insights to enhance information security in organisations. However, our literature review reveals that few ISP compliance studies adopt a longitudinal approach. It is well known that cross-sectional research often provides limited insight into how constructs such as ISP compliance evolve over time. While researchers have called for more longitudinal ISP compliance studies, there is little guidance on how to conduct them. To address this gap, we propose a set of seven guidelines to support both quantitative and qualitative longitudinal ISP compliance research.

Classifying natural language requirements (NLRs) plays a crucial role in software engineering, helping us distinguish between functional and non-functional requirements. While large language models offer automation potential, we should address concerns about their consistency, meaning their ability to produce the same results over time. In this work, we share experiences from experimenting with how well GPT-4o and LLAMA3.3-70B classify NLRs using a zero-shot learning approach. Moreover, we explore how the temperature parameter influences classification performance and consistency for these models. Our results show that large language models like GPT-4o and LLAMA3.3- 70B can support automated NLRs classification. GPT-4o performs well in identifying functional requirements, with the highest consistency occurring at a temperature setting of one. Additionally, non-functional requirements classification improves at higher temperatures, indicating a trade-off between determinism and adaptability. LLAMA3.3-70B is more consistent than GPT-4o, and its classification accuracy varies less depending on temperature adjustments.

Employees compliance with information security policies (ISPs) depends on communicating clear and comprehensible content. However, existing research has shown that many ISPs are of poor communicative quality. Large language models (LLMs) could enhance ISPs if finetuned on high-quality data, but to do such fine-tuning requires a conceptual model for classifying the data and evaluating the resulting text. Therefore, as a step in this direction, the aim of this paper is to develop a conceptual model of ISPs using speech act theory as a theoretical lens. We use conceptual modelling and document analysis to develop the model and use selected parts from the SEQUAL framework to evaluate the model. Analysing 600 ISP statements from ten British National Health Service ISPs, we present a class diagram containing 19 classes, six of which address ISP statement quality as speech acts. The SEQUAL evaluation points to potential areas for improving the model’s semantic, empirical, physical and deontic qualities before using it to fine-tune LLMs to improve ISP content.