Search results
1 – 10 of 46Per Håkon Meland, Karin Bernsmed, Christian Frøystad, Jingyue Li and Guttorm Sindre
Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing…
Abstract
Purpose
Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing digitalisation and coupling between the cyber and physical world, security has become an additional concern in these industries. The purpose of this paper is to evaluate how well bow-tie analysis performs in the context of security, and the study’s hypothesis is that the bow-tie notation has a suitable expressiveness for security and safety.
Design/methodology/approach
This study uses a formal, controlled quasi-experiment on two sample populations – security experts and security graduate students – working on the same case. As a basis for comparison, the authors used a similar experiment with misuse case analysis, a well-known technique for graphical security modelling.
Findings
The results show that the collective group of graduate students, inexperienced in security modelling, perform similarly as security experts in a well-defined scope and familiar target system/situation. The students showed great creativity, covering most of the same threats and consequences as the experts identified and discovering additional ones. One notable difference was that these naïve professionals tend to focus on preventive barriers, leading to requirements for risk mitigation or avoidance, while experienced professionals seem to balance this more with reactive barriers and requirements for incident management.
Originality/value
Our results are useful in areas where we need to evaluate safety and security concerns together, especially for domains that have experience in health, safety and environmental hazards, but now need to expand this with cybersecurity as well.
Details
Keywords
Eylem Thron, Shamal Faily, Huseyin Dogan and Martin Freer
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at…
Abstract
Purpose
Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.
Design/methodology/approach
Overall, 26 interviews were conducted with 21 participants from industry and academia.
Findings
The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.
Originality/value
The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.
Details
Keywords
Puyu Yang and Giovanni Colavizza
Wikipedia's inclusive editorial policy permits unrestricted participation, enabling individuals to contribute and disseminate their expertise while drawing upon a multitude of…
Abstract
Purpose
Wikipedia's inclusive editorial policy permits unrestricted participation, enabling individuals to contribute and disseminate their expertise while drawing upon a multitude of external sources. News media outlets constitute nearly one-third of all citations within Wikipedia. However, embracing such a radically open approach also poses the challenge of the potential introduction of biased content or viewpoints into Wikipedia. The authors conduct an investigation into the integrity of knowledge within Wikipedia, focusing on the dimensions of source political polarization and trustworthiness. Specifically, the authors delve into the conceivable presence of political polarization within the news media citations on Wikipedia, identify the factors that may influence such polarization within the Wikipedia ecosystem and scrutinize the correlation between political polarization in news media sources and the factual reliability of Wikipedia's content.
Design/methodology/approach
The authors conduct a descriptive and regression analysis, relying on Wikipedia Citations, a large-scale open dataset of nearly 30 million citations from English Wikipedia. Additionally, this dataset has been augmented with information obtained from the Media Bias Monitor (MBM) and the Media Bias Fact Check (MBFC).
Findings
The authors find a moderate yet significant liberal bias in the choice of news media sources across Wikipedia. Furthermore, the authors show that this effect persists when accounting for the factual reliability of the news media.
Originality/value
The results contribute to Wikipedia’s knowledge integrity agenda in suggesting that a systematic effort would help to better map potential biases in Wikipedia and find means to strengthen its neutral point of view policy.
Details
Keywords
Briony Anderson and Mark A. Wood
This chapter examines the phenomenon of doxxing: the practice of publishing private, proprietary, or personally identifying information on the internet, usually with malicious…
Abstract
This chapter examines the phenomenon of doxxing: the practice of publishing private, proprietary, or personally identifying information on the internet, usually with malicious intent. Undertaking a scoping review of research into doxxing, we develop a typology of this form of technology-facilitated violence (TFV) that expands understandings of doxxing, its forms and its harms, beyond a taciturn discussion of privacy and harassment online. Building on David M. Douglas's typology of doxxing, our typology considers two key dimensions of doxxing: the form of loss experienced by the victim and the perpetrator's motivation(s) for undertaking this form of TFV. Through examining the extant literature on doxxing, we identify seven mutually non-exclusive motivations for this form of TFV: extortion, silencing, retribution, controlling, reputation-building, unintentional, and doxxing in the public interest. We conclude by identifying future areas for interdisciplinary research into doxxing that brings criminology into conversation with the insights of media-focused disciplines.
Details
Keywords
Santhosh Srinivas and Huigang Liang
While every firm is striving to embrace digital transformation (DT) to form new differentiating business capabilities, there are dark sides to such initiatives, and it is…
Abstract
Purpose
While every firm is striving to embrace digital transformation (DT) to form new differentiating business capabilities, there are dark sides to such initiatives, and it is essential to acknowledge, identify and address them. The purpose of this paper is to identify and emperically demonstrate the impact of such darksides of DT. While a firm's DT effort may have many dark sides, the authors identify data breaches as the most critical one and focus on proving their impact since it can inflict significant damage to the firm.
Design/methodology/approach
Through the lens of paradox theory, the authors argue that the DT efforts of a firm will lead to increased risk and severity of data breaches. The authors developed a one-of-a-kind longitudinal data set by combining data from multiple sources, including 3604 brands over a 10-year period, and employed a DT performance scorecard to evaluate a firm's DT effort across four key digital selling touchpoints: site, mobile, digital marketing and social media.
Findings
The findings of this study show that a firm's DT efforts pertaining to its mobile and digital marketing platforms significantly increase the likelihood and severity of a data breach event indicating that these two channels are most vulnerable and need heightened attention from firms. Furthermore, the findings suggest that the negative repercussions of some DT initiatives may be minimized as the firm becomes more innovative. The findings can help firms re-strategize their DT efforts by promoting security and also encouraging a balanced communication strategy.
Originality/value
This research is one of the first to identify, recognize and empirically illustrate the downsides of a DT effort that is otherwise thought to provide only benefits.
Details
Keywords
The issue of cybersecurity has been cast as the focal point of a fight between two conflicting governance models: the nation-state model of national security and the global…
Abstract
Purpose
The issue of cybersecurity has been cast as the focal point of a fight between two conflicting governance models: the nation-state model of national security and the global governance model of multi-stakeholder collaboration, as seen in forums like IGF, IETF, ICANN, etc. There is a strange disconnect, however, between this supposed fight and the actual control over cybersecurity “on the ground”. This paper aims to reconnect discourse and control via a property rights approach, where control is located first and foremost in ownership.
Design/methodology/approach
This paper first conceptualizes current governance mechanisms through ownership and property rights. These concepts locate control over internet resources. They also help us understand ongoing shifts in control. Such shifts in governance are actually happening, security governance is being patched left and right, but these arrangements bear little resemblance to either the national security model of states or the global model of multi-stakeholder collaboration. With the conceptualization in hand, the paper then presents case studies of governance that have emerged around specific security externalities.
Findings
While not all mechanisms are equally effective, in each of the studied areas, the author found evidence of private actors partially internalizing the externalities, mostly on a voluntary basis and through network governance mechanisms. No one thinks that this is enough, but it is a starting point. Future research is needed to identify how these mechanisms can be extended or supplemented to further improve the governance of cybersecurity.
Originality/value
This paper bridges together the disconnected research communities on governance and (technical) cybersecurity.
Details
Keywords
Solomon Hopewell Kembo, Patience Mpofu, Saulo Jacques, Nevil Chitiyo and Brighton Mukorera
Coronavirus Disease 2019 (COVID-19) necessitated the need for “Hospital-at-home” improvisations that involve wearable technology to classify patients within households before…
Abstract
Purpose
Coronavirus Disease 2019 (COVID-19) necessitated the need for “Hospital-at-home” improvisations that involve wearable technology to classify patients within households before visiting health institutions. Do-It-Yourself wearable devices allow for the collection of health data leading to the detection and/or prediction of the prevalence of the disease. The sensitive nature of health data requires safeguards to ensure patients’ privacy is not violated. The previous work utilized Hyperledger Fabric to verify transmitted data within Smart Homes, allowing for the possible implementation of legal restrictions through smart contracts in the future. This study aims to explore privacy-enhancing authentication schemes that are operated by multiple credential issuers and capable of integration into the Hyperledger ecosystem.
Design/methodology/approach
Design Science Research is the methodology that was used in this study. An architecture for ABC-privacy was developed and evaluated.
Findings
While the privacy-by-design architecture enhances data privacy through edge and fog computing architecture, there is a need to provide an additional privacy layer that limits the amount of data that patients disclose. Selective disclosure of credentials limits the number of information patients or devices divulge.
Originality/value
The evaluation of this study identified Coconut as the most suitable attribute-based credentials scheme for the Smart Homes Patients and Health Wearables use case Coconut user-centric architecture Hyperledger integration multi-party threshold authorities public and private attributes re-randomization and unlinkable revelation of selective attribute revelations.
Details
Keywords
Ado Adamou Abba Ari, Olga Kengni Ngangmo, Chafiq Titouna, Ousmane Thiare, Kolyang, Alidou Mohamadou and Abdelhak Mourad Gueroui
The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the…
Abstract
The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.
Details
Keywords
This paper aims to unify fragmented definitions of fake news and also present a comprehensive classification of the concept. Additionally, it provides an agenda for future…
Abstract
Purpose
This paper aims to unify fragmented definitions of fake news and also present a comprehensive classification of the concept. Additionally, it provides an agenda for future marketing research based on the findings.
Design/methodology/approach
A review of 36 articles investigating fake news from 1990 to 2020 was done. In total, 615 papers were found, and the article pool was refined manually in two steps; first, articles were skimmed and scanned for nonrelated articles; second, the pool was refined based on the scope of the research.
Findings
The review resulted in a new definition and a collective classification of fake news. Also, the feature of each type of fake news, such as facticity, intention, harm and humor, is examined as well, and a definition for each type is presented.
Originality/value
This extensive study, to the best of the author’s knowledge, for the first time, reviews major definitions and classification on fake news.
Objetivo
Este artículo pretende unificar las definiciones fragmentadas de las noticias falsas y también presentar una clasificación exhaustiva del concepto. Además, ofrece una agenda para futuras investigaciones de marketing basada en los resultados.
Diseño
Se realizó una revisión de 36 artículos que investigaban las noticias falsas desde 1990 hasta 2020. Se encontraron 615 artículos, y el grupo de artículos se refinó manualmente en dos pasos, primero, se descremaron los artículos y se escanearon los artículos no relacionados, segundo, el grupo se refinó basado en el alcance de la investigación.
Resultados
La revisión dio como resultado una nueva definición y una clasificación colectiva de las noticias falsas. Además, se examinan las características de cada tipo de noticias falsas, como la facticidad, la intención, el daño y el humor, y se presenta una definición para cada tipo.
Originalidad
este amplio estudio revisa por primera vez las principales definiciones y la clasificación de las noticias falsas.
目的
本文旨在统一假新闻的零散定义, 并对假新闻的概念进行全面的分类。此外, 它还根据本文的研究结果为未来的营销研究提供了一个议程。
设计/方法/途径
对1990年至2020年期间调查假新闻的36篇文章进行了回顾。一共发现了615篇论文, 并分为两步对此文章库进行了人工提炼:首先, 对文章进行略读和扫描以找出非相关文章, 其次, 根据研究范围对文章库进行了提炼。
研究结果
此次审查导致了对假新闻的新定义和集体分类。此外, 还分析了假新闻的真实性、意图、危害性、幽默性等各种类型的特征, 并给出了各种类型的定义。
原创性
此项涉及广泛假新闻内容的研究首次回顾了关于假新闻的主要定义和分类。
Details
Keywords
Dillip Kumar Rath and Ajit Kumar
In today’s digitized environment, information privacy has become a prime concern for everybody. The purpose of this paper is to provide an understanding of information privacy…
Abstract
Purpose
In today’s digitized environment, information privacy has become a prime concern for everybody. The purpose of this paper is to provide an understanding of information privacy concern arising because of the application of computer-based information system in the various domains (E-Governance, E-Commerce, E-Health, E-Banking and E-Finance), and at different levels, i.e. individual, group, organizational and societal.
Design/methodology/approach
The authors performed an in-depth analysis of different research articles related to information privacy concerns and elements affecting those at certain level of applications. The primary sources of literature were articles retrieved from online databases. Various online journal and scholarly articles were searched in detail to locate information privacy-related articles.
Findings
The authors have carried out a detailed literature review to identify the different levels where the privacy is a big challenging task. This paper provides insights whether information privacy concern may obstruct in the successful dispersal and adoption of different applications in various application domains. Consumers’ attitude towards information privacy concerns have enlightened and addressed at individual levels in numerous domains. Privacy concerns at the individual level, as suggested by our analysis, seem to have been sufficiently addressed or addressed. However, information privacy concerns at other levels – group, organizational and societal levels – need the attention of researchers.
Originality/value
In this paper, the authors have posited that it will help the researchers to more focus at group level privacy perspective in the information privacy era.
Details