Your search keyword '"Information technology security"' showing total 429 results

1. Dark Clouds on the Horizon? Effects of Cloud Storage on Security Breaches.

Author

Li, He, Kettinger, William J., and Yoo, Sungjin

Subjects

CLOUD storage security measures, CLOUD storage, INFORMATION technology security, CLOUD computing, SELECTIVITY (Psychology)

Abstract

This research examines how a firm's cloud storage implementation affects different types of security breaches in both the short- and long-term. Building on the attention-based view, we find that cloud storage implementation positively relates to a firm's external breaches and accidental internal breaches in the short-term. However, the positive relationship between cloud storage implementation and external breaches diminishes over time and becomes insignificant long-term. Our results demonstrate a long-term security advantage of cloud storage in reducing accidental internal breaches. We did not find a significant association between cloud storage and malicious internal breaches. Findings highlight the need for firms to direct limited resources to different security risks in the short- and long-term of cloud storage implementation over time. This research contributes to our understanding of cloud storage's security implications and explicitly theorizes the role of attention in firm IT security management. We contribute to the attention-based view by contextualizing the theory to IT security. We highlight temporal dynamics through distinct attentional mechanisms, including selective attention, attentional flexibility, and attentional vigilance. [ABSTRACT FROM AUTHOR]

Published

2024

2. Examining the Differential Effectiveness of Fear Appeals in Information Security Management Using Two-Stage Meta-Analysis.

Author

Lowry, Paul Benjamin, Moody, Gregory D., Parameswaran, Srikanth, and Brown, Nicholas James

Subjects

INFORMATION technology security, PROTECTION motivation theory, SECURITY management, STRUCTURAL equation modeling, META-analysis, PARALLEL processing, RESEARCH personnel

Abstract

Most of the information security management research involving fear appeals is guided by either protection motivation theory or the extended parallel processing model. Over time, extant research has extended these theories, as well as their derivative theories, in a variety of ways, leading to several theoretical and empirical inconsistencies. The large body of fragmented, and sometimes conflicting, research has muddied the broader understanding of what drives protection- and defensive motivation. We provide guidance to the security discourse by offering the first study in the literature to employ two-stage meta-analytic structural equation modeling (TSSEM), which combines covariance-based structural equation modeling and meta-analysis. Information systems (IS) researchers have traditionally used meta-analysis for structural equation modeling for such purposes—an approach that has several serious statistical flaws. Using 341 systematically selected empirical security articles (representing 383 unique studies) and TSSEM, we pool a large series of five datasets to test six models, from which we examine the effects of constructs and paths in the security fear-appeals literature. We compare and test six versions of models inspired by issues in the broader fear-appeals literature. We confirm the importance of both the threat- and coping-appraisal processes; establish the central role of fear and that it has greater importance than threat; show that efficacy is a stronger predictor of protection motivation than is threat; demonstrate that response costs as currently measured are ineffective but that maladaptive rewards have a strong negative effect on protection motivation and a positive effect on defensive motivation; and provide evidence that dual models of danger control and fear control should be used. [ABSTRACT FROM AUTHOR]

Published

2023

3. What Influences People's Adoption of Cognitive Cybersecurity?

Author

Tam, Carlos, Balau, Marta, and Oliveira, Tiago

Subjects

*INFORMATION technology security, *ARTIFICIAL intelligence, *STRUCTURAL equation modeling, *TECHNOLOGY Acceptance Model, *MODEL theory

Abstract

Artificial intelligence (AI) and big data, among other new technologies, have attracted the attention and interest of practitioners and researchers in cognitive cybersecurity regarding the use of AI technologies to protect digital as well as analogue systems. This mixed-method study explores the main determinants of cognitive cybersecurity adoption at the individual level. We propose an integrated model with unified theory of acceptance and use of technology model in combination with trust, word-of-mouth, information security awareness, and habit. We empirically examine the hypotheses using a survey of 267 people from southern Europe. The results obtained from the use of structural equation modelling show that performance expectancy, effort expectancy, and word-of-mouth affect behavioural intention. The behavioural intention and word-of-mouth influences use behaviour. The results were triangulated with field interviews, which supported the findings. This study offers a valuable contribution to software-selling companies that are at the moment, or will in the future be, interested and/or involved in developing cognitive cybersecurity software to be used at an individual level. [ABSTRACT FROM AUTHOR]

Published

2024

4. Employees’ Intention to Comply with Information Security Policies: The Impacts of Loafing and Commitment.

Author

Chiu, Chao-Min, Cheng, Hsiang-Lan, Hsu, Jack Shih-Chieh, Tan, Chiew Mei, and Huang, Chiung Hui

Subjects

*TAIWANESE people, *INFORMATION technology security, *STRUCTURAL equation modeling, *ORGANIZATIONAL commitment, *INFORMATION policy

Abstract

AbstractDrawing upon the attitude theory, this study theorizes that commitment affects loafing behaviors and ISP compliance. Further, drawing upon the transfer theory, this study adopts the concepts of loafing and commitment transfer in order to explore whether social loafing will enhance employee cyberloafing and whether organizational commitment can enhance ISP commitment, both of which, in turn, influence ISP compliance intention. This study utilized structural equation modeling (SEM) to analyze survey data collected in July 2023 from 361 Taiwanese individuals affiliated with organizations or companies. The results show that social loafing has a strong positive effect on cyberloafing, which, in turn, has a strong negative effect on ISP compliance intention. Organizational commitment has a strong positive effect on ISP commitment, which, in turn, has a strong positive effect on ISP compliance intention. In addition, distortion of consequences moderates the relationship between social loafing and cyberloafing. Advantageous comparison moderates the relationship between cyberloafing and ISP compliance intention. [ABSTRACT FROM AUTHOR]

Published

2024

5. Responding to the economic consequences of COVID 19 in Pakistan: lessons learnt.

Author

Ahmed, Vaqar

Subjects

*DATA protection, *SMALL business, *ECONOMIC impact, *INFORMATION technology security, *COVID-19

Abstract

This paper discusses the impact of COVID-19 on production and trade in Pakistan. The paper finds that Pakistan's outbreak preparedness and response has been a success story, but there are still some gaps that need to be addressed in order to better prepare for future crises. We recommend that the policy makers: conduct frequent structured dialogues with small firms to better understand the type and magnitude of unanticipated costs that increase during health crises; regularly source information to determine if the design of fiscal support is benefiting the beneficiaries; convene dialogues with businesses (which should include labour groups) to address the stringency of temporary trade measures; support smaller firms for adoption of online technologies; expedite the implementation of e-commerce policy, information security policy, and personal data protection law; and cut down business and trade costs during crisis through a more liberal tariff policy and rationalization of regulatory burden on firms. [ABSTRACT FROM AUTHOR]

Published

2024

6. Security literacy model for strategic, tactical, & operational management levels.

Author

White, Garry L.

Subjects

*INFORMATION technology security, *SECURITY management, *LITERACY, *AWARENESS

Abstract

Security literacy can be viewed as being different, at different levels of management. This paper presents and explains a security literacy model from a managerial level perspective and how different security literacy methods (awareness, training, education) supports the model of the different information security needs of strategic (why), tactical (how), and operational (what) management. The model was developed from academic literature content. The model suggests that security goes beyond technical knowledge and instead involves critically thinking about what to do. [ABSTRACT FROM AUTHOR]

Published

2024

7. A students’ behaviors in information security: Extension of Protection Motivation Theory (PMT)

Author

Alam, Syed Shah, Ahsan, Nilufar, Kokash, Husam Ahmad, Alam, Shafiul, and Ahmed, Saif

Subjects

*PROTECTION motivation theory, *INFORMATION technology security, *DIGITAL technology, *PLANNED behavior theory, *STRUCTURAL equation modeling

Abstract

This study investigates information security behaviors among university students, focusing on the interplay of psychological and social factors influencing their behavioral intentions and actions. By integrating the Theory of Planned Behavior, Protection Motivation Theory, and General Deterrence Theory, the research offers a comprehensive understanding of factors such as self-efficacy, perceived risk vulnerability, response cost, and response efficacy. Utilizing structural equation modeling (SEM) and Necessary Condition Analysis (NCA), the study assesses the impact of these factors on students’ information security practices. Measurement items were developed based on recent empirical studies, ensuring relevance to the contemporary digital environment. The findings reveal significant associations between these factors and students’ security behaviors, providing insights into effective strategies for promoting information security awareness and practices. This research contributes to the academic discourse on digital security behaviors and offers practical implications for enhancing information security measures within university settings. [ABSTRACT FROM AUTHOR]

Published

2024

8. Digital Design: The Inevitability of Production.

Author

Li, Qingjun

Subjects

*WEB development, *INFORMATION technology security, *DIGITAL communications, *TECHNOLOGICAL revolution, *DIGITAL technology

Abstract

The purpose of the study is to study the impact of digital design on the communicative interaction between the consumer and the manufacturer. The study involved two groups of respondents. The first group included 47 digital design professionals (26 men and 21 women) involved in websites development. The second group included 49 consumers of these goods and services (25 men and 24 women). For the survey of respondents, a validated questionnaire was developed that included characteristics of the main digital design tools used to develop websites and aimed at attracting consumers of goods. The research has shown that the main factors of digital site design, affecting the communication between a manufacturer and consumers, are loading speed, security, usability, and the possibility of feedback. At the same time, designers prioritize the technical parameters of the site and the presence of the target audience, while consumers prioritize user-friendliness, site design, and information security. [ABSTRACT FROM AUTHOR]

Published

2024

9. The technological emergence of quantum communication: A bibliometric analysis.

Author

Liu, Xiaoyu, Huang, Yuwei, Yan, Yalong, Chen, Shuhuan, and Tai, Xiaomei

Subjects

*QUANTUM communication, *INFORMATION technology security, *BIBLIOMETRICS, *SCIENTIFIC community, *SOCIAL development

Abstract

Quantum communication is a key to information security, which has a wide range of applications in military, financial, and social development. Understanding the technological emergence in advance would contribute to gain full socio-economic benefits and reducing risk. This research attempts to explore the emergence of quantum communication from the bibliometric perspective. By analyzing the patent from the Derwent Innovation Index, this research analyzes the development phase, the technology emergence, the main contributors' network, the distribution of regions, and technology categories of quantum communication. The results show that quantum communication is in the growth phase according to the theory of the technology life cycle. China, the United States, and Japan are the leading countries. This research also identifies the main patent assignees and their collaboration networks. By introducing the technological emergence indicators, this research identifies four emerging topics in quantum communication and analyzes the layout of main patent assignees within these topics. This research would contribute to the endeavour of scientific communities toward the development of quantum communication. [ABSTRACT FROM AUTHOR]

Published

2024

10. Synthesizing Information Security Policy Compliance And Non-compliance: A Comprehensive Study And Unified Framework.

Author

Aggarwal, Akshay and Srivastava, Shashi Kant

Subjects

INFORMATION technology security, INFORMATION policy, INFORMATION organization, NONCOMPLIANCE

Abstract

In today's organizational landscape, safeguarding information against both intentional and unintentional insider threats has become a paramount concern. To address this challenge, organizations formulate Information Security Policies (ISP) aimed at maximizing compliance regarding sensitive data and information. However, confining the analysis solely to compliance falls short, as even a minor fraction of non-compliant individuals can lead to significant organizational vulnerabilities. In such scenarios, it becomes imperative for organizations to delve into the intricacies that influence both ISP compliance and noncompliance. While numerous literature reviews have explored factors contributing to ISP compliance, they often treated compliance and noncompliance as mere opposites, neglecting their nuanced differences and the need for a combined perspective. Our study bridges this gap by conducting a comprehensive review of 50 peer-reviewed articles published between 2014 and 2022. This unique undertaking yields three crucial contributions: First, it elucidates the characteristics distinguishing ISP compliance and noncompliance within business contexts. Second, it provides an encompassing explication of the variables influencing both ISP compliance and noncompliance. Most notably, our review culminates in the development of a unified framework that amalgamates existing insights and charts a path for future inquiry. [ABSTRACT FROM AUTHOR]

Published

2024

11. Situational Contingencies in Susceptibility of Social Media to Phishing: A Temptation and Restraint Model.

Author

Qahri-Saremi, Hamed and Turel, Ofir

Subjects

PHISHING, SOCIAL media, INFORMATION technology security, SLEEP quality, TEMPTATION, OPERANT behavior

Abstract

User susceptibility to phishing messages on social media is a growing information security concern. Contingency factors that can influence this susceptibility and the theoretical mechanisms through which they operate need more scholarly attention. To bridge this gap, we present a temptation and restraint (TR) model (a specific manifestation of the dual–system theory) of social media phishing susceptibility, which explains it as an outcome of a struggle between users' temptation toward engaging with a social media phishing message and their cognitive and behavioral restraint against it. The balance in this struggle is a function of various situational contingencies. First, via a Delphi study, we identify four key situational contingency factors in the context of social media that can influence this balance: (1) poor sleep quality, (2) social media ostracism, (3) source likability, and (4) fear appeals. Next, via five randomized controlled experiments using an ostensible social media paradigm with social media users, we show that the TR model explains (a) why and how users engage with social media phishing messages, and (b) when users are more or less susceptible to it based on key situational contingency factors. Our findings offer a nuanced perspective on social media phishing susceptibility, elucidate the fundamental roles of situational contingencies in the genesis of social media phishing victimization, and delineate important directions for future research in this area [ABSTRACT FROM AUTHOR]

Published

2023

12. Technical principles and protocols of encryption and their significance and effects on technology regulation.

Author

C. Dizon, Michael Anthony and Meehan, Anthony

Subjects

*INFORMATION technology security, *DATA encryption, *TECHNICAL information, *IMPORTS, *SECURITY management

Abstract

This article examines the foundational principles and protocols that guide the development, implementation and use of encryption and their relevance and impact on technology law and policy. It first focuses on the technical aspects of encryption and explains the meanings of key terms and the different kinds and uses of this technology. It then expounds on the technical principles and protocols of encryption including information security, openness, provable security, and its adversarial nature. The article thereafter analyses the significance and import of these standards and rules on the proposed ghost protocol in encrypted messaging services and encryption law and policy more generally. It argues that technical principles such as information security, primacy of keys and resistance to attacks should be recognised and upheld in the development and adoption of encryption regulation. [ABSTRACT FROM AUTHOR]

Published

2024

13. Enhancing image encryption security through integration multi-chaotic systems and mixed pixel-bit level.

Author

Farandi, Muhammad Naufal Erza, Marjuni, Aris, Rijati, Nova, and Setiadi, De Rosal Ignatius Moses

Subjects

*IMAGE encryption, *INFORMATION technology security, *COMPUTER engineering, *DIGITAL images, *TELECOMMUNICATION

Abstract

This research proposes a new image encryption method to improve the security of image encryption by integrating a multi-chaotic system and mixed pixel-bit level encryption. In the face of the growing use of communications and computer technology, as well as the need to protect sensitive information, this method utilizes chaotic algorithms to increase encryption security. Experimental results show increased security and resistance to various attacks, validating the method's effectiveness in protecting digital images. The measurement tools used include histograms, information entropy, adjacent pixel correlation coefficient, key sensitivity analysis, and robustness testing. In conclusion, this method offers an effective and robust approach to image encryption, providing an important contribution to the field of information security. [ABSTRACT FROM AUTHOR]

Published

2024

14. A new early warning system based on metaheuristics in CPS architecture.

Author

Mbiriki, Anwer, Katar, Chaker, and Badreddine, Ahmed

Subjects

*METAHEURISTIC algorithms, *NP-hard problems, *INTERNET security, *INFORMATION technology security, *MILITARY policy

Abstract

Cyber security is the most studied in recent years by the association of metaheuristic techniques thanks to their ability to solve optimization problems in a limited time and NP-hard problems. The Early Warning System (EWS) can identify malicious exercises and anomalies in the CPS and provide robust network systems protection. In addition, grouping attacks in EWS is important for defining defense policies. Information security in the CPS architecture is about securing information during data aggregation, large-scale processing and sharing in the network environment, especially low-linkage open networks. Motivated by these considerations, we propose a new security approach based on the Artificial Bee Colony (ABC) metaheuristic algorithm to strengthen the security framework of the CPS architecture against the system and within CPS attacks. In this work, we propose a new Early Warning System approach based on metaheuristics. Based on two fundamental concepts of clustering, coherence and separation, an integrated index was proposed based on Davies-Bouldin (DB) and Silhouette Index (SI). An improved ABC algorithm was proposed based on these indices. After having identified two different types of an objective function, based on the above concepts, and after having tested the algorithm on DBSI, the results of the experiments found are auspicious. [ABSTRACT FROM AUTHOR]

Published

2024

15. The Probabilistic Image Encryption Algorithm Based on Galois Field GF(257).

Author

Zhang, Yong, Li, Ruiyou, Shi, Yuwen, and Luo, Fan

Subjects

*INFORMATION technology security, *FINITE fields, *TIME complexity, *ARITHMETIC, *ALGORITHMS, *IMAGE encryption

Abstract

Image encryption technology is an essential measure to protect image information from illegal access. A new probabilistic image encryption algorithm with 480-bit external secret key was proposed in this paper. A chaotic pseudo-random generator is employed to produce the equivalent keys. Then the plain image is covered by the equivalent keys under exclusive or operation to obtain a pending sequence. The pending sequence is transformed into a cipher sequence by arithmetic operations based on GF(257). Finally, the cipher sequence is also covered by the equivalent keys to obtain the cipher image. In the transformation, a 1024-bit pseudo-random number sequence is introduced as the base numbers for the power operation to assist the encryption. The proposed image encryption algorithm has the characteristic of probabilistic encryption. Encrypting the same plain image with the same secret key will result in completely different cipher images. Experiments show that the proposed algorithm has the low time complexity (9.67pi/bit) and space complexity (13.07bit/bit), and high sensitivities on the auxiliary sequence (49.94%), secret key (BACI 26.7698% typically), and plain image (BACI 26.7845% typically), and is a preferred image encryption scheme for commercial and personal image information security. [ABSTRACT FROM AUTHOR]

Published

2024

16. Privacy preservation of inventory management using adaptive key generation with Hyperledger blockchain technology.

Author

Govindasamy, Chinnaraj and Antonidoss, Arokiasamy

Subjects

*BLOCKCHAINS, *INVENTORY control, *FINANCIAL technology, *INFORMATION technology security, *SEARCH algorithms, *DATA management

Abstract

The blockchain is an emerging and essential technology in offering various services to several applications including the financial industry and information technology. Consequently, recent information methodologies cannot satisfy the constraints. The data management issue may rise complexities including tracking operations with information security and unsatisfactory traceability data quality due to the high increase in inventory management data. To address the challenge, this paper aims to focus on developing new hyperledger blockchain-enabled secure inventory management with an adaptive key management process. Here, the inventory management data processed by different distributors is encrypted using the adaptive key generation by Fitness-derived Predator Presence Probability-based Squirrel Search Algorithm (FPPP-SSA) that ensures data control. The optimal key management in encryption solves the multi-objective function based on the "degree of modification information preservation rate and hiding ratio (Euclidean distance)." Once the data are enciphered, they are saved in the hyperledger blockchain, where the smart contract is the chain code application. While restoring or decrypting data, the authorized distributor should use the same adaptive key for maintaining secured inventory management. The performance is evaluated under diverse test cases, and the results are estimated under certain performance metrics. [ABSTRACT FROM AUTHOR]

Published

2024

17. Characteristics and challenges of companion animal rescue organisations in New Zealand.

Author

Roseveare, C and Gates, MC

Subjects

PETS, ANIMAL rescue, INFORMATION technology security, FOSTER home care, SERVICE animals, CATS, DATABASES

Abstract

To describe the characteristics of companion animal rescue organisations (CARO) in New Zealand; to describe current capacity, resource limitations and challenges of CARO with a particular focus on cats and dogs; and to explore support for creating a national database of CARO in New Zealand. A cross-sectional survey was administered to CARO in New Zealand in May 2022. The survey asked about organisational characteristics, types and numbers of animals cared for, services provided, policies, staffing, funding sources, challenges, and attitudes towards a national database for rescue organisations. Descriptive statistics were provided for all quantitative study variables and free-text comments were analysed for common themes. The survey was completed by 106/208 (51%) known CARO distributed across the country. These CARO provided services to an estimated 59,874 homeless animals annually with 86/106 (81%) providing services to cats and/or dogs. Primary services provided by CARO who cared for cats or dogs included rehoming (72/86; 84%) and housing (70/86; 81%) animals. Intake was managed through a combination of strategies. Donations (72/86; 82%) were the main funding source. The 62 registered charities were more likely to report being funded by grants than the 23 non-charities (39/62 (63%) vs. 1/23 (4%); p < 0.001), and non-charities were more likely to self-fund (18/23 (78%) vs. 20/62 (32%); p < 0.001). Nearly half of the CARO that provided workforce information (35/72; 49%) had a workforce of 10 or fewer including volunteers. A total of 5,699 people worked for 86 CARO that care for cats or dogs of whom 4,847 (85%) were part-time volunteers. Of the 72 cat and dog CARO who provided workforce information, 57/72 (79%) relied solely on volunteers. The majority of all 106 CARO respondents (78/106; 73%) indicated they were likely to register on a national database of CARO, subject to addressing concerns about time required and information security. CARO respondents described challenges of insufficient funding, access to veterinary services, and a shortage of volunteers and foster homes, with additional concerns including a lack of public awareness, supportive legislation, and resources. Financial support (90/106; 85%) and policy change (76/106; 72%) were preferred support options. This study highlights the significant role played by CARO in New Zealand and the challenges they face, emphasising the need for financial support, legislation, and initiatives extending beyond the rescue sector to reduce the number of animals being surrendered. The findings also suggest a willingness among CARO to participate in a national database. [ABSTRACT FROM AUTHOR]

Published

2024

18. Public Disclosure of Information Security Breach Incidents: Short-term Stock Market Reaction on Indian Listed Firms.

Author

Paul, Surjit and Das, Saini

Subjects

DATA security failures, CHIEF information officers, FINANCIAL market reaction, INFORMATION technology security, SECURITY systems

Abstract

Data breach incidents are growing by the day and firms struggle to detect, defend, and respond to such breaches. Nowadays, security breaches are considered one of the major concerns for corporate organizations around the world. Hence, it is essential to assess the impact of such breaches on organizations. This article reports stock price reaction due to public disclosure of information security breach (ISB) incidents on publicly traded firms of India. Using the event study methodology on a sample of 120 publicly announced ISB incidents between January 2004 and April 2019 pertaining to 69 publicly listed firms of India, we found that exposure to an ISB incident exacerbates negative stock price reactions based on both one-factor market model and Fama-French three-factor model. On average, breached firms lost 0.55% of their market value within two days post the announcement of ISB incidents. Further, we found some factors that significantly negatively impacted Cumulative Abnormal Return (CAR). Important emerging factors such as type of compromised data, sentiment, subjectivity, and remedial strategy significantly impact CAR. According to our study findings, we suggest that firms should mention remedial measures in terms of apology and/or compensation in the ISB disclosure. Furthermore, the result indicates that investors penalize listed firms for subsequent ISB incidents. Thus, our findings may guide Chief Information Officers (CIOs), information security managers, and IT managers of publicly traded firms to devise various strategies in terms of IT security measures and content of the ISB disclosure. [ABSTRACT FROM AUTHOR]

Published

2024

19. The weakest link: The vulnerability of U.S. and allied global information networks in the nuclear age.

Author

Bateman, Aaron

Subjects

*INFORMATION networks, *SUBMARINE cables, *INFORMATION technology security, *TELECOMMUNICATION systems, *RADIO interference, *EAVESDROPPING

Abstract

The arrival of the nuclear age highlighted the inadequacy of U.S. and allied information networks for transmitting vital messages across the globe. Submarine cables could be cut and radio easily jammed. U.S. and allied officials looked to emerging space technologies to compensate for the inadequacies of radio and submarine cables and to reduce their dependence on terrestrial telecommunications hardware. But satellites were also vulnerable and insufficient for meeting all communications requirements. Consequently, creating layered telecommunications networks that stretched from under the sea, across the land, and into space emerged as the optimal strategy for strengthening information security. [ABSTRACT FROM AUTHOR]

Published

2024

20. Information security outsourcing in a resource-sharing environment: The impacts of attack modes.

Author

Gao, Xing, Gong, Siyu, Wang, Ying, and Zhang, Yanfang

Subjects

INFORMATION technology security, CONTRACTING out, LEARNING ability, INFORMATION resources, RISK sharing, INFORMATION sharing, COST shifting

Abstract

Information security outsourcing has become an emerging trend in the operations of information security, but the relation between information assets of firms and attack modes of hackers have failed to be considered. Through building a game-theoretic model, this article analyzes security outsourcing of two firms who share their information resource with each other and are confronted with opportunistic attacks and targeted attacks. We find that in the case of security decisions in-house, the firms may obtain a lower expected cost and the hacker may derive a lower expected benefit under targeted attacks than under opportunistic attacks, even though targeted attacks are widely deemed to be more harmful to the firms. When outsourcing security operations to a MSSP (Managed Security Service Provider), we reveal that under targeted attacks the MSSP can reap a higher expected benefit and the hacker can still derive a lower expected benefit. Finally, we examine the effects of key security elements and find some interesting results. In particular, the MSSP may or may not benefit from the degree of resource sharing, and the hacker may suffer from its learning ability. [ABSTRACT FROM AUTHOR]

Published

2024

21. Design of network information visualization security cognition system based on QSOFM network and FR algorithm.

Author

Zhu, Min

Subjects

INFORMATION networks, DATA visualization, SECURITY systems, COMPUTER network security, INFORMATION design, INFORMATION technology security, SELF-organizing maps

Abstract

Network information is complex, there is no lack of hidden risks of information to the user caused by bad effects. But analyzing and evaluating them is complex and requires more diverse and powerful techniques. This research will combine Fruchterman-Reingold (FR) information visualization algorithm and information security risk assessment method based on Quantum self-organizing feature map (QSOFM) network to build information visualization security cognitive system. By introducing quantum neurons into self-organizing feature mapping network (SOFM), a network information security evaluation model is constructed. The system can evaluate the security level of network information and visualize the evaluation results. The experimental results show that the system has fast response speed and strong interactivity. The accuracy of QSOFM algorithm is 86%, 12% higher than the traditional algorithm, which can provide more powerful technical support for the visual security cognition of network information. [ABSTRACT FROM AUTHOR]

Published

2024

22. Information security failures identified and measured – ISO/IEC 27001:2013 controls ranked based on GDPR penalty case analysis.

Author

Suorsa, M. and Helo, P.

Subjects

*INFORMATION technology security, *GENERAL Data Protection Regulation, 2016, *ROOT cause analysis, *FAILURE analysis

Abstract

This paper identifies the failures and impacts of information security, as well as the most effective controls to mitigate information security risks in organizations. Root cause analysis was conducted on all year 2020 GDPR penalty cases (n = 81) based on misconduct as defined in GDPR article 32: "security of processing." ISO/IEC 27001 controls were used as failure identifiers in the analysis. As a result, this study presents both the most frequent and most expensive information security failures and correspondingly ranks and presents the correlation of the controls observed in the analysis. From a theoretical perspective, our study contributes by bridging the gap between regulation and information security and introduces a statistical method to analyze the GDPR penalty cases, and provides previously unreported findings about information security failures and their respective solutions. From a practical perspective, the results of our study are useful for organizations which aspire to manage information security more effectively in order to prevent the most typical and expensive information security failures. Organizations, as well as auditors implementing and assuring the ISO 27001, may use our results as a guideline whereby controls should be applied and verified first in sequential order based on their impact and interdependence. [ABSTRACT FROM AUTHOR]

Published

2024

23. How Does the Internet Impact the Public's Perception of Information Security Risk?

Author

Chengzhi, Yi

Subjects

INFORMATION technology security, PUBLIC opinion, INTERNET, TRUST

Abstract

Clarifying the relationship between internet use and public information security risk perception helps us gain a better understanding of the factors influencing public risk perception. However, the relationship is still under-explored. This paper empirically examines the relationship between internet use and information security risk perception based on data from the 2021 Chinese Social Survey. It was found that whether to use the internet and the frequency of use are both significantly positively correlated with the perception of information security risk. On this basis, the mechanism by which internet use affects public information security risk perceptions is verified from the perspective of interpersonal trust. The mechanism analysis found that interpersonal trust exerts an indirect effect between internet use and perceived information security risk. The findings of this study provide new insights for our further understanding of how internet use affects residents' perceptions of security risk. [ABSTRACT FROM AUTHOR]

Published

2024

24. Introduction.

Author

Yihan, Xiong

Subjects

INFORMATION technology, DIGITAL technology, TECHNOLOGICAL innovations, DIGITAL transformation, INFORMATION technology security, CHIEF information officers

Abstract

The article discusses the emerging field of digital governance and its impact on political science and public administration. Digital governance goes beyond e-government research and encompasses a comprehensive transformation of government governance. The article explores various topics related to digital social governance, such as the reshaping of government governance paradigms, the co-production of digital public security services, the role of big data ecosystems in welfare supply and governance, the application of trusted artificial intelligence in social governance, and the impact of internet use on public information security risk perceptions. The research presented in the article examines the power redistribution issue, data silos and collaborative governance, technology gaps and platform regulation, the digital divide and social justice, and privacy transparency and rights asymmetry. The authors provide theoretical models, empirical cases, and policy implications to understand the interplay between digital technology and state governance. [Extracted from the article]

Published

2024

25. A Method for Information Security Analysis Using Information Graphs.

Author

Mazur, Zygmunt and Pec, Janusz

Subjects

*INFORMATION technology security, *GRAPH theory, *ISOMORPHISM (Mathematics), *INFORMATION organization, *HAMILTONIAN graph theory

Abstract

The paper defines the concept of an information graph and proposes its use to describe information links and analyze the information flow in any organization regarding information security. Research on information graphs in this aspect should be developed, especially in identifying "dangerous graph structures" such as the Hamiltonian graphs or cliques. Information graphs containing such a structure as a Hamilton cycle can be analyzed using results from the theory of finding and existence of Hamilton cycles, an essential branch of graph theory. The paper also describes a graph of potential security conflicts, a thematic graph, i.e. a specific information graph. Two theorems concerning the properties of information graphs are also proved. [ABSTRACT FROM AUTHOR]

Published

2024

26. The Role of Libraries in Creating a Safer Cyberspace: Awareness of Estonian Library Employees in Information Security.

Author

Kont, Kate-Riin

Subjects

*INFORMATION technology security, *LIBRARY personnel, *PUBLIC librarians, *PEARSON correlation (Statistics), *CYBERSPACE, *SCHOOL libraries, *INTERNET security

Abstract

The purpose of the study was to find out the knowledge, attitude and behavior of library employees related to information security in seven areas of the information security policy involving employees: password management, use of email, use of the Internet, use of social media, use of mobile devices, handling of information and reporting of cyber incidents. The theoretical part provides an overview of the importance of the topic in the context of libraries, the reasons why information security and cyber security must be at the same high level in libraries as, for example, in banks or healthcare institutions – we can only imagine what would happen if the digitized cultural memory of Estonia disappears or user data is leaked. The HAIS-Q (Human Aspects of Information Security Questionnaire) developed by Parsons et al. was used to collect data in order to assess information security awareness (ISA) within the organization. The method is based on three factors developed by the same authors: the Knowledge-Attitude-Behavior (KAB) model, which determines the security awareness of employees. The target group of the online questionnaire was Estonian librarians. A total of 388 librarians from public, research, school and specialist libraries responded to the survey. The mean and standard deviation of each focus area, descriptive statistics, Cronbach's coefficient and Pearson correlation analysis were used to achieve the research objective. The results revealed that the chosen methodology is well suited for assessing the cyber literacy of not only library staff, but also the staff of all memory institutions (archives, museums) and identifying training needs. [ABSTRACT FROM AUTHOR]

Published

2024

27. MOTIVATIONS FOR DIGITAL TRANSFORMATION IN GOVERNMENT: INSIGHTS FROM THE PUSH-PULL-MOORING MODEL AND AGE-RELATED INERTIA.

Author

Lin, Hung-Hsun, Lin, Ya-Wen, Chiang, Chang-Tang, and Liao, Chien Hsiang

Subjects

DIGITAL transformation, INFORMATION technology security, ELECTRONIC services, INTERNET in public administration, CIVIL service

Abstract

Due to the impact of the COVID-19 pandemic, many enterprises are looking to use electronic services to avoid human-to-human contact. During this transition period, enterprises are embracing new business models and digital transformation to overcome the crisis. Similarly, the government is also in need of digital transformation in response to these significant changes. However, there is a lack of empirical research on the motivations behind government digital transformation. Consequently, this study aims to fill this gap in the existing literature. The push-pull-mooring model is suitable for explaining the process of transferring from an inherent way to a new way, such as migration and changes in switching behavior. Therefore, it is an apt framework for elucidating the process of adopting digital transformation within government agencies. In total, data were collected from 268 government employees to examine the proposed hypotheses. The results show that the motivations of digital transformation are indeed affected by the push-pull-mooring model. These motivations encompass service process inconvenience, avoid face-to-face contact, strengthen information security, top management support, fear of learning new IT, and the cost of digitalization. Interestingly, service process inconvenience and fear of learning new IT exhibit interaction effects in relation to age-related inertia. This finding suggests that government agencies can provide varied encouragement and incentives based on employees' age groups. [ABSTRACT FROM AUTHOR]

Published

2024

28. Information security in the space age: Britain's Skynet satellite communications program and the evolution of modern command and control networks.

Author

Bateman, Aaron

Subjects

*TELECOMMUNICATION satellites, *SPACE Age, 1957-, *INFORMATION technology security, *TELECOMMUNICATION systems, *INFORMATION networks

Abstract

Britain initiated its Skynet satellite communications program in 1966 to provide assured connectivity with its forces across the world. Using recently declassified documents, this article reframes the history of British space activities by elucidating how the requirements for flexible and secure defense communications shaped U.K. space policy during the Cold War. Although Skynet inaugurated a communications revolution, it was the product of the longstanding British priority of possessing global information networks under sovereign control. In the Space Age, however, Britain had to reconcile its desire for an autonomous satellite communications network with the reality that American assistance was vital. [ABSTRACT FROM AUTHOR]

Published

2024

29. Recalibrated responses needed to a global research landscape in flux.

Author

Shih, Tommy

Subjects

INTELLECTUAL property, RESEARCH integrity, INFORMATION technology security, EXPORT controls, ACADEMIC freedom, DATA security

Abstract

When engaging in international collaboration, researchers and research institutions have to relate to a great range of differences in legislation, scientific practices, incentive systems, and cultural norms. The research landscape has become even more complex in the last decade, and the gray zones at the intersections of a diverse set of institutional contexts may be used to push boundaries. The focus of earlier efforts seeking to harmonize views on scientific integrity in an international context was more limited. Moreover, the guiding research norms have been primarily shaped by a US–European science duopoly. The rise of China has, however, created a multipolar research landscape. As a response to recent geopolitical developments and changes in the global research landscape, guidelines are starting to emerge, especially in the West, that seek to guide research behaviors in a turbulent world. These guidelines collectively identify integral issues to consider, such as research integrity, academic freedom, export control, national security, data security, and intellectual property rights. The plethora of considerations required cause contradictory advice and the research community faces considerable challenges in implementing such guidelines. Therefore more work is needed to guide research relationships in an uncertain world. [ABSTRACT FROM AUTHOR]

Published

2024

30. Shadow IT in higher education: survey and case study for cybersecurity.

Author

Orr, Selma Gomez, Bonyadi, Cyrus Jian, Golaszewski, Enis, Sherman, Alan T., Peterson, Peter A. H., Forno, Richard, Johns, Sydney, and Rodriguez, Jimmy

Subjects

*INFORMATION technology, *INFORMATION technology security, *COMPUTERS, *HIGHER education, *INTERNET security

Abstract

We explore shadow information technology (IT) at institutions of higher education through a two-tiered approach involving a detailed case study and comprehensive survey of IT professionals. In its many forms, shadow IT is the software or hardware present in a computer system or network that lies outside the typical review process of the responsible IT unit. We carry out a case study of an internally built legacy grants management system at the University of Maryland, Baltimore County that exemplifies the vulnerabilities, including cross-site scripting and SQL injection, typical of such unauthorized and ad-hoc software. We also conduct a survey of IT professionals at universities, colleges, and community colleges that reveals new and actionable information regarding the prevalence, usage patterns, types, benefits, and risks of shadow IT at their respective institutions. Further, we propose a security-based profile of shadow IT, involving a subset of elements from existing shadow IT taxonomies, which categorizes shadow IT from a security perspective. Based on this profile, survey respondents identified the predominant form of shadow IT at their institutions, revealing close similarities to findings from our case study. Through this work, we are the first to identify possible susceptibility factors associated with the occurrence of shadow IT related security incidents within academic institutions. Correlations of significance include the presence of certain graduate schools, the level of decentralization of the IT department, the types of shadow IT present, the percentage of security violations related to shadow IT, and the institution's overall attitude toward shadow IT. The combined elements of our case study, profile, and survey provide the first multifaceted view of shadow IT security at academic institutions, highlighting tension between its risks and benefits, and suggesting strategies for managing it successfully. [ABSTRACT FROM AUTHOR]

Published

2024

31. IoT Security in Industry: A Threat Model of Existing and Future Network Infrastructure.

Author

McNett, Jackie, McNett, Josh, and Su, Xiaoli

Subjects

*INFRASTRUCTURE (Economics), *COMMUNICATION infrastructure, *INTERNET of things, *INFORMATION technology security, *INFORMATION resources management

Abstract

While recent developments in The Internet of Things (IoT) present an infinite number of new possibilities for smart factories, the rapid expansion of this technology in industry presents an unprecedented security concern. Implementing IoT solutions in industrial environments must be accomplished smartly by creating a comprehensive threat model of existing and future network infrastructure, and then by utilizing standard information security controls followed by the application of an industry-appropriate risk management framework. Approaching the problem of IoT security methodically will allow smart factories to benefit from IoT solutions while mitigating all associated risks. [ABSTRACT FROM AUTHOR]

Published

2024

32. An Investigation of the Factors That Influence Information Security Culture in Government Organizations in Bhutan.

Author

Tenzin, Sonam, McGill, Tanya, and Dixon, Michael

Subjects

CORPORATE culture, INFORMATION technology security, DATA security failures, SENIOR leadership teams, INFORMATION policy, GOVERNMENT policy

Abstract

Organizations make large investments to secure data and networks, but information security breaches as a result of insiders continue to rise. One possible contributor to this is poor information security culture. This study investigated the key factors that contribute to effective information security culture in government organizations in Bhutan and how information security culture influences employee security behavior. A research model was developed for the study based on an analysis of the information security literature. Data was collected using an online survey of 181 government employees. Senior management support, information security policy, training and awareness campaigns, interpersonal trust, and job- versus employee-oriented organizational culture were all found to influence information security culture, and information security culture contributed to information security behavior. The study extends understanding of the roles of trust and different dimensions of organizational culture in improving information security culture and behavior. The findings should help government policy makers and information security practitioners when developing information security strategies and programs. [ABSTRACT FROM AUTHOR]

Published

2024

33. Using Rational Choice Theory to Explore Factors Impacting Contact Tracing Application Adoption.

Author

Johnson, Vess L., Memarian Esfahani, Sara, and Mohit, Hossein

Subjects

RATIONAL choice theory, CONTACT tracing, THEORY of reasoned action, INFORMATION technology security, PERCEIVED benefit

Abstract

Effective contact tracing is an important tool in trying to control the spread of highly infectious diseases. Utilizing the theory of reasoned action and rational choice theory, this study explores factors impacting the adoption of mobile contact tracing application. Findings indicate that perceived benefits of usage and perceived costs of non-usage positively impact an individual's attitude toward usage intention, while information security concern as perceived cost of usage has a negative effect. [ABSTRACT FROM AUTHOR]

Published

2024

34. Mapping the intellectual structure and evolution of information technology and auditing: a bibliometric review.

Author

Perez Calderón, Esteban and Alrahamneh, Samer

Subjects

INFORMATION technology auditing, INFORMATION technology, AUDITING standards, DIGITAL technology, INFORMATION technology security

Abstract

The study presents a thorough bibliometric analysis of articles on information technology (IT) and auditing in the Web of Science Core Collection from 1978 to 2022. The study involves examining 2,991 articles out of a total of 7,738. It uses a two-step method that includes descriptive performance measures and co-word analysis. The descriptive metrics reveal publishing patterns, productive nations and authors, their impact on specific areas and journals, citation counts by country, and highly cited publications. Co-occurrence analysis maps connections between concepts, uncovering the intricate interplay within the field. The results show six main trends: more and more technology is being used in internal auditing; more people need to know about information security; the need for transparency in the digital age; how technology is making ethical auditing easier; progress in cloud-based auditing with blockchain; and the rise of post-COVID IT continuous auditing standards. These trends highlight the necessity for auditors to navigate evolving technological landscapes while prioritizing ethical considerations, data security, and privacy. Furthermore, the study identifies key authors, publications, and influential nations in this domain, offering valuable insights for industry stakeholders and fostering potential avenues for collaborative research. This study's novelty lies in its systematic analysis of IT and auditing literature, illuminating significant trends and providing actionable insights for both industry leaders and researchers seeking to contribute to this evolving field. [ABSTRACT FROM AUTHOR]

Published

2024

35. Protecting Against Threats to Information Security: An Attitudinal Ambivalence Perspective.

Author

Ng, Ka Chung, Zhang, Xiaojun, Thong, James Y. L., and Tam, Kar Yan

Subjects

INFORMATION technology security, AMBIVALENCE, REWARD (Psychology), SOCIAL norms, PSYCHOLOGICAL adaptation

Abstract

A popular information security-related motivation theory is the Protection Motivation Theory (PMT) that has been studied extensively in many information security contexts with promising results. However, prior studies have found inconsistent findings regarding the relationships within PMT. To shed light on these inconsistent findings, we introduce the attitudinal ambivalence theory to open the black box within PMT. We tested our model on data collect ed from 1,383 individuals facing potential cyberattacks of their emails in a field experiment. The results of polynomial regression with response surface analysis showed that attitudinal ambivalence is generated from the opposition between an individual's evaluations of maladaptive rewards and social norms (i.e., descriptive norm and subjective norm). This attitudinal ambivalence, in turn, affects individuals' evaluations of their coping appraisal process and protection motivation, and ultimately protection behavior. We discuss the theoretical and managerial implications of identifying the determinants and outcomes of attitudinal ambivalence in the information security context. From a theoretical standpoint, our work contributes to the information security literature by incorporating attitudinal ambivalence, which arises from the intrapersonal and interpersonal appraisal processes, into PMT. From a practical standpoint, our work provides insights into designing effective fear appeals to avoid triggering attitudinal ambivalence and thus encouraging adoption of security protection behavior. [ABSTRACT FROM AUTHOR]

Published

2021

36. Too Close for Comfort: Cyber Terrorism and Information Security across National Policies and International Diplomacy.

Author

Broeders, Dennis, Cristiano, Fabio, and Weggemans, Daan

Subjects

*NATIONAL security, *INFORMATION technology security, *DIPLOMACY, *FOREIGN loans, *GOVERNMENT policy, *DIPLOMATIC history, *CYBERTERRORISM

Abstract

This article analyses the evolution and interplay of national policies and international diplomacy on cyber terrorism within and across the UNSC's permanent five members and the UN process on cyber norms (GGE and OEWG). First, it reveals how - through the extension of preemptive measures to low-impact cyber activities and online content - national policies progressively articulate cyber terrorism as an issue of information security. Second, it problematizes how -through the adoption of comprehensive and imprecise definitions - the diplomatic language on cyber terrorism might lend international support to those authoritarian regimes keen on leveraging counter-terrorism to persecute domestic oppositions and vulnerable groups. Third, it concludes that - with UN diplomatic efforts increasingly discussing countering (dis)information operations - combining normative debates on cyber terrorism with those on information security requires precision of language to safeguard human rights globally. [ABSTRACT FROM AUTHOR]

Published

2023

37. A methodological approach for mapping and analysing cascading effects of flooding events.

Author

Arvidsson, Björn, Guldåker, Nicklas, and Johansson, Jonas

Subjects

*FLOOD risk, *INFRASTRUCTURE (Economics), *INFORMATION technology security, *FLOOD warning systems, *FLOODS

Abstract

Current local or regional flood risk assessments, as required by the EU flood risk directive, rarely account for cascading effects due to interdependencies between critical infrastructures. However, it is essential to consider these effects, as they may severely impact areas outside the immediate flood risk area. The main purpose is to present and problematize a method (AB-CEM) for mapping and analysing cascading effects due to floods, aiming at also being relevant for other spatially widespread hazards. The method development and the pilot study, in Sweden, reveal that there is a prominent practical need for methods for mapping and analysing critical infrastructure interdependencies and cascading effects. Another key finding is that the method process and its results can serve as an important basis for decision-making about proactive and reactive efforts related to geographically extensive hazards. We further conclude that there is a recurring problem regarding sensitive and secret data. More specifically, the conflicting interests of information availability and information security concerning critical infrastructures, which needs to be resolved at the national level and communicated through clear guidelines. The method is a much-needed step towards accounting for cascading effects of floods in practice. [ABSTRACT FROM AUTHOR]

Published

2023

38. Deep learning approach and cover image transportation: a multi-security adaptive image steganography scheme.

Author

Sultan, Laman R.

Subjects

DEEP learning, CRYPTOGRAPHY, INFORMATION technology security, IMAGE processing, GRAYSCALE model, SIGNAL-to-noise ratio

Abstract

In this era of information security and communication, a major priority is the achievement of a robust and secure steganography system when thinking about information concealment. The development of such an information-hiding scheme demands that the scheme be able to hide a secret message within the cover media. The most vexing issues in existing steganography protocols are imperceptibility, security, and capacity, and researchers have frequently emphasized a trade-off between these issues. Scholars have consistently ignored the balance between security and payload because resolving one problem has been shown to have an impact on the other, and vice versa. To overcome these problems, an effective method known as the Conventional Neural Network based Edge Detection Method (CNN-EDM) has been presented for image steganography in this study. The CNN-EDM is used to improve the contributions of the proposed scheme. Four main stages were used to achieve the objectives in this research, beginning with the cover image and secret image preparation, followed by embedding, and culminating in extraction. The last stage is the evaluation stage, which employs several evaluations to benchmark the obtained results. A standard database from the Signal and Image Processing Institute (SIPI) containing color and grayscale images with 512 × 512 pixels was utilized in this study. Different parameters were used to test the performance of the suggested scheme based on security and imperceptibility (image quality). The image quality was evaluated using three important metrics: histogram analysis, peak signal-to-noise ratio (PSNR), and structural similarity index (SSIM). Furthermore, two metrics were used to evaluate the security properties of the proposed system: the Human Visual System (HVS) and Chi-square (X2) attacks. The evaluations showed that the proposed scheme can enhance the capacity, invisibility, and security features and address the already existing problems in this domain. [ABSTRACT FROM AUTHOR]

Published

2023

39. The Moderating Role of Thoughtfully Reflective Decision-Making on the Relationship between Information Security Messages and SMiShing Victimization: An Experiment.

Author

Kamar, Eden, Howell, C. Jordan, Maimon, David, and Berenblum, Tamar

Subjects

*INFORMATION technology security, *CRIME victims, *CRIMINOLOGICAL theory, *RANDOMIZED controlled trials, *DECISION making

Abstract

Security messages, as a form of information security awareness training, are designed to encourage individuals to make an informed security decision, reducing their susceptibility to online victimization. To date, no known study has assessed the effectiveness of security messages or whether the effectiveness of these messages varies based on the recipients' characteristics. Using a randomized controlled trial, this study tests the efficacy of security messages on reducing SMiShing victimization, then assesses whether thoughtfully reflective decision-making (TRDM) moderates the effect of these messages on victimization by launching simulated attacks against participants of the study. Findings reveal that neither security messages nor TRDM directly affect SMiShing victimization. However, security messages effectively prevent victimization when the message recipient has higher TRDM levels. The interaction between TRDM and security messages demonstrates the relevance of criminological theory and the importance of interdisciplinary scholarship in understanding how human behavior influences the effectiveness of cybersecurity practices. [ABSTRACT FROM AUTHOR]

Published

2023

40. Explaining the digital divide in the European Union: the complementary role of information security concerns in the social process of internet appropriation.

Author

Lamberti, Giuseppe, Lopez-Sintas, Jordi, and Sukphan, Jakkapong

Subjects

*DIGITAL divide, *INFORMATION technology security, *SOCIAL processes, *INTERNET

Abstract

Most theoretical and empirical explanations of the generation of digital divides have been integrated into the resources and appropriation theory, which proposes a sequential model reflecting a socially unequally distributed digital divide. The unequal social distribution is reflected in internet use that is sequentially influenced by motivations/attitudes, physical access, and digital skills. We extend the sequential model by exploring the complementary role of information security concerns in producing the digital divide. Using a predictive approach, we tested a comprehensive partial least squares-structural equation model with data from a European Union survey, finding that information security concern is another significant determiner of the digital divide. Heterogeneity in social internet appropriation can be summarized in social mechanisms explained by education and age among well-educated Europeans, and by country digital development among less well-educated Europeans. We conclude with a discussion of theoretical and policy implications of our findings. [ABSTRACT FROM AUTHOR]

Published

2023

41. Exploring Personal and Environmental Factors that Can Reduce Nonmalicious Information Security Violations.

Author

Ifinedo, Princely

Subjects

INFORMATION technology security, SOCIAL cognitive theory, ORGANIZATIONAL commitment, JOB involvement, PERSONAL belongings, TRAFFIC violations

Abstract

Employee engagement in nonmalicious information security violations (NISVs) is a threat to organizations. The Social Cognitive Theory was used to investigate the effects of personal and environmental factors on the intention to engage in NISVs. Data of 204 working professionals in Germany were used for analysis. Key results showed that personal goal setting, employee organizational commitment, and vicarious learning reduced employees' intentions to engage in NISVs. Implications of the findings for research and practice were discussed. [ABSTRACT FROM AUTHOR]

Published

2023

42. Cybersecurity investments in a two-echelon supply chain with third-party risk propagation.

Author

Li, Yanhui and Xu, Lu

Subjects

SUPPLY chains, INTERNET security, INVESTMENT policy, INFORMATION technology security, INVESTMENTS

Abstract

Cybersecurity presents a monumental challenge for interconnected supply chains, as an attack on one node can compromise an entire business. In this paper, we propose a game theory model to investigate cybersecurity investments with third-party risk propagation in a two-echelon supply chain consisting of one retailer and n suppliers. The optimal investments and their responses to relevant security characteristics, such as intrinsic vulnerability, propagation probability, number of suppliers, and attack probability, are analysed and discussed both theoretically and numerically considering one-stage risk propagation. It is found that there are serious prisoners' dilemma and free-riding phenomena in such a scenario. To mitigate third-party risks and improve the investment efficiency, three coordination mechanisms, joint decision, security risk compensation, and security information sharing, are presented and compared numerically. The results indicate that joint decision-making and security risk compensation perform better on stimulating firms' investments and reducing expected costs both individually and collectively relative to security information sharing. Furthermore, the case of two-stage risk propagation is also supplemented and compared with one-stage case. Based on these findings, some management insights are recommended to cybersecurity managers in supply chains for designing more efficient cybersecurity mechanisms and investment strategies. [ABSTRACT FROM AUTHOR]

Published

2021

43. The Effectiveness of Abstract Versus Concrete Fear Appeals in Information Security.

Author

Schuetz, Sebastian W., Benjamin Lowry, Paul, Pienta, Daniel A., and Bennett Thatcher, Jason

Subjects

INFORMATION technology security, FEAR, CONDUCT of life, MOTIVATION (Psychology), EXPECTATION (Psychology)

Abstract

Information security (ISec) is a pervasive concern of individuals, organizations, and governments. To encourage individuals to engage in and learn about secure behaviors, ISec research has turned to fear appeals, which are short messages that communicate threats and efficacy to elicit protection motivation among recipients. ISec research has reported contradictory findings on what makes fear appeals effective in ISec contexts, and this lack of clarity is problematic, because it may lead to incorrect conclusions. For example, some studies have argued that the mixed findings arise from differences between personal and organizational contexts and that fear appeals do not work well among organizational users. However, this argument has not been empirically tested, and differences in message design provide an equally plausible explanation, which has also not been tested. To reconcile the mixed findings across these studies, we test the effects of context (i.e., personal users vs. organizational users) and degree of message abstractness (i.e., abstract vs. concrete) on fear-appeal outcomes. We draw from construal-level theory to conceptualize the differences between abstract and concrete fear appeals. Across three experiments, we find evidence that concrete fear appeals are more effective than abstract fear appeals for the purpose of stimulating fear-appeal outcomes. Furthermore, by comparing two identical experiments—one conducted with personal users and another conducted with organizational users—we find differences in participants' responses to fear appeals. However, contrary to our expectations, our findings suggest that organizational users report higher levels of fear and protection motivation than personal users. This finding is not a theoretical contradiction: the theoretical crux of an effective fear appeal is that it must be personally relevant to stimulate fear; correspondingly, we show that concrete fear appeals help stimulate fear and the desired protective response. Moreover, concrete fear appeals increase actual compliance behaviors, not just intentions. Thus, our findings suggest that the mixed findings in the literature may be a product of message abstractness and differences among audiences. This has pivotal implications for how to construct fear appeals in research and practice. [ABSTRACT FROM AUTHOR]

Published

2020

44. Centralized IT Decision Making and Cybersecurity Breaches: Evidence from U.S. Higher Education Institutions.

Author

Liu, Che-Wei, Huang, Peng, and Lucas, Henry C.

Subjects

UNIVERSITIES & colleges, DECISION making, INFORMATION technology security, INTERNET security, PUBLIC universities & colleges

Abstract

Despite the consensus that information security should become an important consideration in information technology (IT) governance rather than the sole responsibility of the IT department, important IT governance decisions are often made on the basis of fulfilling business needs with a minimal amount of attention paid to their implications for information security. We study how an important IT governance mechanism—the degree of centralized decision making—affects the likelihood of cybersecurity breaches. Examining a sample of 504 U.S. higher-education institutions over a four-year period, we find that a university with centralized IT governance is associated with fewer breaches. Interestingly, the effect of centralized IT governance is contingent on the heterogeneity of a university's computing environment: Universities with more heterogeneous IT infrastructure benefit more from centralized IT decision making. In addition, we find the relationship between centralized governance and cybersecurity breaches is most pronounced in public universities and those with more intensive research activities. Collectively, these findings highlight the tradeoff between granting autonomy and flexibility in the use of information systems and enforcing standardized, organization-wide security protocols. [ABSTRACT FROM AUTHOR]

Published

2020

45. Special Section: The Economics of Sharing and Information Security.

Author

Kauffman, Robert J. and Weber, Thomas A.

Subjects

INFORMATION technology security, INFORMATION theory in economics, CONSUMPTION (Economics), MANAGERIAL economics, MANAGEMENT information systems, RIDESHARING, SPAM email, EMAIL security

Abstract

As the moving parts of a given economy, all individual agents are sitting in the same boat. They cover: sharing economy product pricing and consumer choice of buying goods versus accessing them on a sharing market - paired with firms' incentives to provide product durability; and the value of insurance contracts for sharing intermediaries to decouple their rent-extraction problem from the underlying inter-agent moral-hazard problem. His optimization model, which includes the use of optimal control, implies that good product designs balance the trade-off between the respective demands for product reusability and aftermarket transferability. [Extracted from the article]

Published

2020

46. A machine learning approach for digital watermarking.

Author

Nematollahi, Mohammad Ali

Subjects

*INFORMATION technology security, *MACHINE learning, *DIGITAL watermarking, *COMPUTER security, *DIGITAL learning, *DEEP learning, *COMPUTER software security

Abstract

Recently, machine learning (ML) has been applying in almost all scientific fields to model and simulate the behaviour of complex systems. At the same time, the number of the proposed watermarking techniques have been increasing every year. Although most of the researchers in the watermarking and data hiding field put all their effort to compete each other to develop more efficient algorithm, the selection of the most efficient one is almost impossible for industries or software developers. In other words, comparison among all the watermarking techniques in order to select one watermarking technique would be cumbersome task. Moreover, the computer security is becoming more advanced which a single watermark technique cannot fulfil all the required criteria and there is a chance that an anti-watermarking is developed to remove the embedded watermark from the host data. This gap of knowledge to use the watermarking technology for a highly secure application is a real nightmare for the information security engineers and software designers. In this paper, two new approaches are proposed to train deep learning and shallow learning models based on the state-of-the-arts watermarking techniques. For these proposed approaches, several ML algorithms are applied to model various watermarked data, which are watermarked by different watermarking techniques in various spectrums and domains. An experimental setup is constructed based on several speeches, audios, images and videos beside the Amazon Sagemaker as ML modelling to implement the proposed approach. The experimental results show that apart from an overall effectiveness of the model, it would resolve some ambiguities by applying the proposed ML approach as a general watermarking workflow. [ABSTRACT FROM AUTHOR]

Published

2023

47. A Comparative Review on Homomorphic Encryption for Cloud Security.

Author

Mahato, Ganesh Kumar and Chakraborty, Swarnendu Kumar

Subjects

*INFORMATION technology security, *PUBLIC key cryptography, *CLOUD computing

Abstract

With the increase in traffic on cloud servers due to the shifting of various services, information security has become a matter of major concern. This paper describes the security issues influencing cloud computing, compares the performance of traditional and the latest security techniques, and focuses on the challenges facing its implementation. Traditional schemes like RSA, ElGamal, and Pailler Algorithms do not allow operations to be carried out on the encrypted data, whereas the Homomorphic Encryption Scheme allows computation in the encrypted state without decrypting it to the original form. Thus, the security is ensured and also, there is no need to share the secured key. Fully Homomorphic Encryption Algorithms like: Gentry's Encryption Scheme, Dijk-Gentry-Halevi-Vaikunthanathan Scheme (DGHV), Brakerski-Vaikuntanathan Schemes (BGV) and Multi-key fully Homomorphic encryption are advanced techniques that provide security for the cloud are also described. [ABSTRACT FROM AUTHOR]

Published

2023

48. Information Security Governance and Stock Price Synchronization: Evidence from ISO27001 Certification of Internet Firms.

Author

Wang, Jiaxin, Huang, Hongyan, Song, Zilong, Hu, Xiaofan, and Ding, Jian

Subjects

INFORMATION technology security, INTERNET, ECONOMIC impact, SYNCHRONIZATION, TRADE secrets, REMITTANCES

Abstract

The protection of user data, trade secrets, and other proprietary information held by Internet firms is of increasing concern to all sectors. In this paper, we investigate the relationship between information security governance (ISO) and stock price synchronization (SYN) in Chinese Internet firms from the perspective of information security. We find that strengthening ISO increases the occurrence of simultaneous upward and downward movement in stock price, thereby increasing SYN. Mechanism analysis demonstrates how ISO affects the firm-specific information content of stock price by acting on proprietary information. The business motivation for seeking technology and the host country's low institutional quality can hence the positive correlation between ISO and SYN when firms conduct overseas operations. Meanwhile, in Internet firms with higher proprietary cost and weaker external governance, the positive correlation between ISO and SYN is more pronounced. Overall, this paper provides new evidence for the economic consequences of ISO from a new perspective of SYN. [ABSTRACT FROM AUTHOR]

Published

2023

49. Supranational security states for national security problems: governing by rules & capacities in tech-driven security spaces.

Author

Sivan-Sevilla, Ido

Subjects

*NATIONAL security, *DATA protection, *INFORMATION technology security, *NATION-state, *DATA security, *INTERNATIONAL security, *EXPORT controls

Abstract

Despite inherent political tensions, supranational institutions are increasingly involved in national security. EU institutions not only guide but also mobilize national resources or directly produce collective security. To make sense of those variations, the article conceptualizes ideal types of 'supranational security states' and develops a typological theory for understanding the emergence of the studied states. Based on policy documents and secondary sources, the article conducts a case-centric process-tracing analysis of three decades of EU reforms in (1) export control over dual-use technologies, (2) network and information security and (3) border security. Three types of supranational security states emerge, driven by their path-dependency logics and response to crises. Findings suggest a more nuanced understanding of security policy instruments and the dynamics of political authority in shared security spaces, contributing to debates on the positive and regulatory European security state, technology-driven security governance, and the coherence of the EU as a security actor. [ABSTRACT FROM AUTHOR]

Published

2023

50. Steganalysis attacks resilient, imperceptible, blind, and keyed image hiding in ultra HD 4K video.

Author

Gupta Banik, Barnali and Banik, Abhinandan

Subjects

*DISCRETE cosine transforms, *DISCRETE wavelet transforms, *CRYPTOSYSTEMS, *SIGNAL-to-noise ratio, *DATA privacy, *INFORMATION technology security

Abstract

A novel data hiding approach is being proposed in this article, camouflaging secret data within a very high-quality video object. The proposed algorithm utilizes Discrete Wavelet Transform (DWT) and Discrete Cosine Transform (DCT) to hide image data, preprocessed using Arnold Transform. The novelty of this approach lies in the combination of five factors, which are – use of very high-resolution Ultra HD 4 K video as a cover object; Use of DCT coefficient in Scene Change Detection to identify cover frame; Scrambling the secret image by Arnold Transformation; Use of DCT-DWT in embedding and extraction process to that hide data in the blue plane of the RGB frame; and lastly, use of three different keys for data hiding to secure the proposed method against attacks, by adhering the Kerckhoff's principle of a cryptosystem. Several quality metrics like Structural Content, Peak Signal-to-Noise Ratio, Normalized Cross-Correlation, Average Difference, Maximum Difference, and Normalized Absolute Error have been calculated to validate the imperceptibility. This method has also been validated against different steganalysis attacks like random cropping, rotating, resizing, noise addition, filtering, histogram attack, and lastly, compared with existing data hiding methods to prove superiority. [ABSTRACT FROM AUTHOR]

Published

2023