Search results

The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.

The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.

The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.

Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.

The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.

This paper aims to examine the prevailing Rohingya refugee crisis from political and humanitarian perspectives and explores the political and humanitarian aspects of the Rohingya refugee crisis.

Relevant literature has been reviewed for conceptual understanding. This study is descriptive and qualitative in nature and based on secondary sources of data.

The main causes of the Rohingya crisis such as political and humanitarian aspects. Issues such as discrimination and homelessness, and national security concerns that regional politics scapegoated the Rohingya to exacerbate regional tensions. Moreover, armed conflicts, political radicalization, security concerns, human rights violations and low media attention compared to other displaced families have made the future of the Rohingyas very uncertain.

The Rohingya crisis has far-reaching implications for domestic and regional politics as well as for relations with major world powers. In the context of regional security and geopolitics, this study provides insight into the polarization and politicization of the Rohingya minority.

This research offers a vital exploration of the Rohingya refugee crisis, delving into its multifaceted political and humanitarian dimensions, contributing fresh insights to address a pressing global concern.

This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.

This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.

In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.

This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.

Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.

This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.

This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.

The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.

The purpose of this paper is to unveil the main changes in the UAE’s policy towards Iran since its foundation in 1971. The UAE favored strategic hedging, extending its commercial and diplomatic relations with Iran, in addition to developing its military capabilities and maintaining military/security alliances with Saudi Arabia and the USA. However, the UAE started to reorient its policy towards Iran by adopting some sort of balancing strategy in the aftermath of the Arab Spring of 2011. This paper examines how and why the UAE had to change course and explores whether it would revert back to strategic hedging with Iran.

The study will be carried out based on a theoretical framework drawn from strategic hedging theory, a new structural theory in international relations, to examine the shifts in UAE policy towards Iran. Previous literature suggests that small states prefer hedging over balancing or bandwagoning. The authors also undertake a descriptive analysis and deploy a longitudinal within-case method to investigate changes in UAE policy towards Iran and identify the causal mechanisms behind these changes. That method allows investigating the impact of a particular event on a case by comparing the same case before and after that event occurred.

The main finding of this study is that the UAE hedging strategy towards Iran allowed maximizing the political and economic returns from the cooperation with Iran and mitigating the long-range national security risks without breaking up the consistent and beneficial ties with other regional and global powers. Hedging achieved the desired outcome, which is preventing direct military confrontation with Iran. Hard balancing, adopted by Abu Dhabi after the 2011 Arab Spring, has proved to have some negative effects, most importantly provoking Tehran. Some recent indicators suggest, though that the UAE may revert back to its long-established hedging policy towards Iran.

Strategic hedging is a new structural theory in international relation, although hedging behavior in states’ foreign policies is far from new. It is new enough, thus, not have been researched sufficiently, strategic hedging still needs theorizing and comparison. This paper highlights the importance of strategic hedging as the most appropriate strategy for small states. It provides an important contribution to the application of the theory to the case of UAE policy towards Iran. The paper also assesses the conventional wisdom that small states prefer hedging over balancing in the light of the changes in the UAE foreign policy since 2011.

This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.

A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.

The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.

The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.

The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.

The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.

Research on employee non-/compliance to information security policies suffers from inconsistent results and there is an ongoing discussion about the dominating survey research methodology and its potential effect on these results. This study aims to add to this discussion by investigating discrepancies between what the authors claim to measure (theoretical properties of variables) and what they actually measure (respondents’ interpretations of the operationalized variables). This study asks: How well do respondents’ interpretations of variables correspond to their theoretical definitions? What are the characteristics of any discrepancies between variable definitions and respondent interpretations?

This study is based on in-depth interviews with 17 respondents from the Swedish public sector to understand how they interpret questionnaire measurement items operationalizing the variables Perceived Severity from Protection Motivation Theory and Attitude from Theory of Planned Behavior.

The authors found that respondents’ interpretations in many cases differ substantially from the theoretical definitions. Overall, the authors found four principal ways in which respondents interpreted measurement items – referred to as property contextualization, extension, alteration and oscillation – each implying more or less (dis)alignment with the intended theoretical properties of the two variables examined.

The qualitative method used proved vital to better understand respondents’ interpretations which, in turn, is key for improving self-reporting measurement instruments. To the best of the authors’ knowledge, this study is a first step toward understanding how precise and uniform definitions of variables’ theoretical properties can be operationalized into effective measurement items.

Developing cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and organizational aspects affect each other in an intertwined way. With the goal of providing a holistic representation of CSA, this paper aims to develop a taxonomy of factors that contribute to organizational CSA.

The research used a design science approach including a literature review and practitioner interviews. A taxonomy was drafted based on 71 previous research publications. It was then updated and refined in two iterations of interviews with domain experts.

The result of this research is a taxonomy which outline six domains for importance for organization CSA. Each domain includes several activities which can be undertaken to increase CSA within an organization. As such, it provides a holistic overview of the CSA field.

Organizations can adopt the taxonomy to create a roadmap for internal CSA practices. For example, an organization could assess how well it performs in the six main themes and use the subthemes as inspiration when deciding on CSA activities.

The output of this research provides an overview of CSA based on information extracted from existing literature and then reviewed by practitioners. It also outlines how different aspects of CSA are interdependent on each other.

This study aims to investigate the decline of American hegemony as one of the most prominent crises of the modern world order, from a broader perspective that transcends narrow traditional interpretations. The paper assumes that the September 11 events in 2001 have launched the actual decline in American hegemony. Tracing the evolution of US global strategy over the past two decades, the study seeks to analyze the main causes and repercussions of the decline of US hegemony, which would provide a bird’s eye view of what the current global system is going through.

The study investigates the decline in American hegemony through a longitudinal within-case analysis which focuses on the causal path of decline in hegemony in the case of the USA, since the events of September 11, 2001, and tries to identify the causal mechanisms behind this decline. Following George and Bennet (2005), the study uses process tracing to examine its research question. Process-tracing method seeks to identify the intervening causal process – causal chain or causal mechanisms or the steps in a causal process – that leads to the outcome of a particular case in a specific historical context (Mahoney, 2000; Bennet and Elman, 2006). The study chose this method, as it offers more potential for identifying causal mechanisms and theory testing (George and Bennet, 2005); it opted for a specific procedure, among the variety of process-tracing procedures listed by George and Bennet, which is the detailed narrative presented as a chronicle, accompanied by explicit causal hypotheses. Using this process tracing procedure, the study assumes that American hegemony has witnessed dramatic changes in the aftermath of critical junctures, particularly the events of September 11, 2001, and the financial crises, 2008, which contributed significantly to this decline. Consequently, it traces the impact of these events on the state of American hegemony, in light of the review of contributions of different theories on hegemony in the field of international relations, both traditional and critical. Consequently, introducing the theoretical framework used in the study (the four-dimensional model of hegemony), which transcends criticisms of previous theories.

The crises of the modern world order and the decline of American hegemony – being the main manifestation of such crises – revealed the inability of the traditional and critical approaches reviewed in the study to interpret this decline and those crises. The reason behind that was the inability of these interpretations to reflect the various dimensions of American hegemony and its decline since the September 11 events. This highlights the importance of using the four-dimensional model, which combines different factors in the analysis and has proved to be an appropriate model for studying the case of American hegemony and its decline after the events of September 11, as it deals with the phenomenon of hegemony as a social relationship based on specific social networks.

Despite the currency and relevance of the decline of US hegemony for both the academic and political world, the topic needed to be analyzed systemically and addressed in a thorough scientific way. Through the application of theoretical concepts into the analysis of empirical data, this study contributes to a field where too often the discourse about decline of American hegemony is led without the required theoretical or conceptual considerations.

Recent years have witnessed an unexpected and astonishing rise of AI-generated (AIGC), thanks to the rapid advancement of technology and the omnipresence of social media. AIGCs created to mislead are more commonly known as DeepFakes, which erode our trust in online information and have already caused real damage. Thus, countermeasures must be developed to limit the negative impacts of AIGC. This position paper aims to provide a conceptual analysis of the impact of DeepFakes considering the production cost and overview counter technologies to fight DeepFakes. We will also discuss future perspectives of AIGC and their counter technology.

We summarize recent developments in generative AI and AIGC, as well as technical developments to mitigate the harmful impacts of DeepFakes. We also provide an analysis of the cost-effect tradeoff of DeepFakes.

The mitigation of DeepFakes call for multi-disciplinary research across the traditional disciplinary boundaries.

Government and business sectors need to work together to provide sustainable solutions to the DeepFake problem.

The research and development in counter-technologies and other mitigation measures of DeepFakes are important components for the health of future information ecosystem and democracy.

Unlike existing reviews in this topic, our position paper focuses on the insights and perspective of this vexing sociotechnical problem of our time, providing a more global picture of the solutions landscape.