Search results

Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing digitalisation and coupling between the cyber and physical world, security has become an additional concern in these industries. The purpose of this paper is to evaluate how well bow-tie analysis performs in the context of security, and the study’s hypothesis is that the bow-tie notation has a suitable expressiveness for security and safety.

This study uses a formal, controlled quasi-experiment on two sample populations – security experts and security graduate students – working on the same case. As a basis for comparison, the authors used a similar experiment with misuse case analysis, a well-known technique for graphical security modelling.

The results show that the collective group of graduate students, inexperienced in security modelling, perform similarly as security experts in a well-defined scope and familiar target system/situation. The students showed great creativity, covering most of the same threats and consequences as the experts identified and discovering additional ones. One notable difference was that these naïve professionals tend to focus on preventive barriers, leading to requirements for risk mitigation or avoidance, while experienced professionals seem to balance this more with reactive barriers and requirements for incident management.

Our results are useful in areas where we need to evaluate safety and security concerns together, especially for domains that have experience in health, safety and environmental hazards, but now need to expand this with cybersecurity as well.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

Wikipedia's inclusive editorial policy permits unrestricted participation, enabling individuals to contribute and disseminate their expertise while drawing upon a multitude of external sources. News media outlets constitute nearly one-third of all citations within Wikipedia. However, embracing such a radically open approach also poses the challenge of the potential introduction of biased content or viewpoints into Wikipedia. The authors conduct an investigation into the integrity of knowledge within Wikipedia, focusing on the dimensions of source political polarization and trustworthiness. Specifically, the authors delve into the conceivable presence of political polarization within the news media citations on Wikipedia, identify the factors that may influence such polarization within the Wikipedia ecosystem and scrutinize the correlation between political polarization in news media sources and the factual reliability of Wikipedia's content.

The authors conduct a descriptive and regression analysis, relying on Wikipedia Citations, a large-scale open dataset of nearly 30 million citations from English Wikipedia. Additionally, this dataset has been augmented with information obtained from the Media Bias Monitor (MBM) and the Media Bias Fact Check (MBFC).

The authors find a moderate yet significant liberal bias in the choice of news media sources across Wikipedia. Furthermore, the authors show that this effect persists when accounting for the factual reliability of the news media.

The results contribute to Wikipedia’s knowledge integrity agenda in suggesting that a systematic effort would help to better map potential biases in Wikipedia and find means to strengthen its neutral point of view policy.

This chapter examines the phenomenon of doxxing: the practice of publishing private, proprietary, or personally identifying information on the internet, usually with malicious intent. Undertaking a scoping review of research into doxxing, we develop a typology of this form of technology-facilitated violence (TFV) that expands understandings of doxxing, its forms and its harms, beyond a taciturn discussion of privacy and harassment online. Building on David M. Douglas's typology of doxxing, our typology considers two key dimensions of doxxing: the form of loss experienced by the victim and the perpetrator's motivation(s) for undertaking this form of TFV. Through examining the extant literature on doxxing, we identify seven mutually non-exclusive motivations for this form of TFV: extortion, silencing, retribution, controlling, reputation-building, unintentional, and doxxing in the public interest. We conclude by identifying future areas for interdisciplinary research into doxxing that brings criminology into conversation with the insights of media-focused disciplines.

While every firm is striving to embrace digital transformation (DT) to form new differentiating business capabilities, there are dark sides to such initiatives, and it is essential to acknowledge, identify and address them. The purpose of this paper is to identify and emperically demonstrate the impact of such darksides of DT. While a firm's DT effort may have many dark sides, the authors identify data breaches as the most critical one and focus on proving their impact since it can inflict significant damage to the firm.

Through the lens of paradox theory, the authors argue that the DT efforts of a firm will lead to increased risk and severity of data breaches. The authors developed a one-of-a-kind longitudinal data set by combining data from multiple sources, including 3604 brands over a 10-year period, and employed a DT performance scorecard to evaluate a firm's DT effort across four key digital selling touchpoints: site, mobile, digital marketing and social media.

The findings of this study show that a firm's DT efforts pertaining to its mobile and digital marketing platforms significantly increase the likelihood and severity of a data breach event indicating that these two channels are most vulnerable and need heightened attention from firms. Furthermore, the findings suggest that the negative repercussions of some DT initiatives may be minimized as the firm becomes more innovative. The findings can help firms re-strategize their DT efforts by promoting security and also encouraging a balanced communication strategy.

This research is one of the first to identify, recognize and empirically illustrate the downsides of a DT effort that is otherwise thought to provide only benefits.

The issue of cybersecurity has been cast as the focal point of a fight between two conflicting governance models: the nation-state model of national security and the global governance model of multi-stakeholder collaboration, as seen in forums like IGF, IETF, ICANN, etc. There is a strange disconnect, however, between this supposed fight and the actual control over cybersecurity “on the ground”. This paper aims to reconnect discourse and control via a property rights approach, where control is located first and foremost in ownership.

This paper first conceptualizes current governance mechanisms through ownership and property rights. These concepts locate control over internet resources. They also help us understand ongoing shifts in control. Such shifts in governance are actually happening, security governance is being patched left and right, but these arrangements bear little resemblance to either the national security model of states or the global model of multi-stakeholder collaboration. With the conceptualization in hand, the paper then presents case studies of governance that have emerged around specific security externalities.

While not all mechanisms are equally effective, in each of the studied areas, the author found evidence of private actors partially internalizing the externalities, mostly on a voluntary basis and through network governance mechanisms. No one thinks that this is enough, but it is a starting point. Future research is needed to identify how these mechanisms can be extended or supplemented to further improve the governance of cybersecurity.

This paper bridges together the disconnected research communities on governance and (technical) cybersecurity.

Coronavirus Disease 2019 (COVID-19) necessitated the need for “Hospital-at-home” improvisations that involve wearable technology to classify patients within households before visiting health institutions. Do-It-Yourself wearable devices allow for the collection of health data leading to the detection and/or prediction of the prevalence of the disease. The sensitive nature of health data requires safeguards to ensure patients’ privacy is not violated. The previous work utilized Hyperledger Fabric to verify transmitted data within Smart Homes, allowing for the possible implementation of legal restrictions through smart contracts in the future. This study aims to explore privacy-enhancing authentication schemes that are operated by multiple credential issuers and capable of integration into the Hyperledger ecosystem.

Design Science Research is the methodology that was used in this study. An architecture for ABC-privacy was developed and evaluated.

While the privacy-by-design architecture enhances data privacy through edge and fog computing architecture, there is a need to provide an additional privacy layer that limits the amount of data that patients disclose. Selective disclosure of credentials limits the number of information patients or devices divulge.

The evaluation of this study identified Coconut as the most suitable attribute-based credentials scheme for the Smart Homes Patients and Health Wearables use case Coconut user-centric architecture Hyperledger integration multi-party threshold authorities public and private attributes re-randomization and unlinkable revelation of selective attribute revelations.

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.

This paper aims to unify fragmented definitions of fake news and also present a comprehensive classification of the concept. Additionally, it provides an agenda for future marketing research based on the findings.

A review of 36 articles investigating fake news from 1990 to 2020 was done. In total, 615 papers were found, and the article pool was refined manually in two steps; first, articles were skimmed and scanned for nonrelated articles; second, the pool was refined based on the scope of the research.

The review resulted in a new definition and a collective classification of fake news. Also, the feature of each type of fake news, such as facticity, intention, harm and humor, is examined as well, and a definition for each type is presented.

This extensive study, to the best of the author’s knowledge, for the first time, reviews major definitions and classification on fake news.

Este artículo pretende unificar las definiciones fragmentadas de las noticias falsas y también presentar una clasificación exhaustiva del concepto. Además, ofrece una agenda para futuras investigaciones de marketing basada en los resultados.

Se realizó una revisión de 36 artículos que investigaban las noticias falsas desde 1990 hasta 2020. Se encontraron 615 artículos, y el grupo de artículos se refinó manualmente en dos pasos, primero, se descremaron los artículos y se escanearon los artículos no relacionados, segundo, el grupo se refinó basado en el alcance de la investigación.

La revisión dio como resultado una nueva definición y una clasificación colectiva de las noticias falsas. Además, se examinan las características de cada tipo de noticias falsas, como la facticidad, la intención, el daño y el humor, y se presenta una definición para cada tipo.

este amplio estudio revisa por primera vez las principales definiciones y la clasificación de las noticias falsas.

本文旨在统一假新闻的零散定义, 并对假新闻的概念进行全面的分类。此外, 它还根据本文的研究结果为未来的营销研究提供了一个议程。

对1990年至2020年期间调查假新闻的36篇文章进行了回顾。一共发现了615篇论文, 并分为两步对此文章库进行了人工提炼：首先, 对文章进行略读和扫描以找出非相关文章, 其次, 根据研究范围对文章库进行了提炼。

此次审查导致了对假新闻的新定义和集体分类。此外, 还分析了假新闻的真实性、意图、危害性、幽默性等各种类型的特征, 并给出了各种类型的定义。

此项涉及广泛假新闻内容的研究首次回顾了关于假新闻的主要定义和分类。

In today’s digitized environment, information privacy has become a prime concern for everybody. The purpose of this paper is to provide an understanding of information privacy concern arising because of the application of computer-based information system in the various domains (E-Governance, E-Commerce, E-Health, E-Banking and E-Finance), and at different levels, i.e. individual, group, organizational and societal.

The authors performed an in-depth analysis of different research articles related to information privacy concerns and elements affecting those at certain level of applications. The primary sources of literature were articles retrieved from online databases. Various online journal and scholarly articles were searched in detail to locate information privacy-related articles.

The authors have carried out a detailed literature review to identify the different levels where the privacy is a big challenging task. This paper provides insights whether information privacy concern may obstruct in the successful dispersal and adoption of different applications in various application domains. Consumers’ attitude towards information privacy concerns have enlightened and addressed at individual levels in numerous domains. Privacy concerns at the individual level, as suggested by our analysis, seem to have been sufficiently addressed or addressed. However, information privacy concerns at other levels – group, organizational and societal levels – need the attention of researchers.

In this paper, the authors have posited that it will help the researchers to more focus at group level privacy perspective in the information privacy era.