Information and Computer Security: Volume 25 Issue 3

Tightroping between APT and BCI in small enterprises

Jesse Kaukola, Jukka Ruohonen, Antti Tuomisto, Sami Hyrynsalmi, Ville Leppänen

The contemporary internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced…

Analysing information security in a bank using soft systems methodology

Temesgen Kitaw Damenu, Chris Beaumont

This paper aims to explore the use of soft systems methodology (SSM) to analyse the socio-technical information security issues in a major bank.

A general morphological analysis: delineating a cyber-security culture

Noluxolo Gcaza, Rossouw von Solms, Marthie M. Grobler, Joey Jansen van Vuuren

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security…

Measuring employees’ compliance – the importance of value pluralism

Fredrik Karlsson, Martin Karlsson, Joachim Åström

This paper aims to investigate two different types of compliance measures: the first measure is a value-monistic compliance measure, whereas the second is a…

The role of the chief information security officer in the management of IT security

Erastus Karanja

The aim of this study is to advance research on the position of the CISO by investigating the role that CISOs play before and after an IT security breach. There is a…

Mobile device users’ privacy security assurance behavior: A technology threat avoidance perspective

Hao Chen, Wenli Li

Recently, the spread of malicious IT has been causing serious privacy threats to mobile device users, which hampers the efficient use of mobile devices for individual and…

Running the risk IT – more perception and less probabilities in uncertain systems

Adrian Munteanu

This study aims to argue that in the case of quantitative security risk assessment, individuals do not estimate probabilities as a likelihood measure of event occurrence.