Search results

This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.

Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.

The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.

This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.

Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related.

This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control.

The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models.

Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.

Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art.

This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements.

As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.

This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

The purpose of this paper is to improve the understanding of cloud service users’ privacy concerns, which are anticipated to considerably hinder cloud service market growth. The researchers have explored privacy concerns from dimensions that were identified as relevant in the cloud context.

Content analysis was used to identify privacy problems that were most often raised in previous cloud research. Multidimensional developmental theory (MDT) was used to build a conceptual model of cloud privacy concerns. Literature review was made to identify the privacy-related constructs used to measure privacy concerns in previous cloud research.

The paper provides systematization of recent cloud privacy research, proposal of a conceptual model of cloud privacy concerns, identification of measuring instruments that were used to measure privacy concerns in previous cloud research and identification of categories of problems that need to be addressed in future cloud research.

This paper has identified the categories of privacy problems and dimensions that have not yet been measured in the cloud context, to the best of the authors’ knowledge. Their simultaneous examination could clarify the effects of different dimensions on the privacy concerns of cloud users. The conceptual model of cloud privacy concerns will allow cloud service providers to focus on key cloud problems affecting users’ privacy concerns and use the most appropriate privacy protection communication and preservation approaches.

This study explores the importance of and vulnerabilities in deploying physical access control (PAC) devices in a typical university setting.

The study adopts face-to-face and telephone interviews. This study uses a semi-structured interview guide to solicit the views of 25 interviewees on the subject under consideration. Qualitative responses to the interview are thematically analyzed using NVivo 11 Pro analysis application software.

The findings reveal five importance and seven vulnerabilities in the deployment of PAC devices in the institution. Key among the importance of deploying the devices are “prevent unwanted premise access or intrusions,” “prevent disruptions to university/staff operations on campus” and “protect students and staff from outside intruders.” Key among the identified vulnerabilities are “tailgating”, “delay in emergent cases” and “power outage may affect its usage.”

This study offers insight into a rare area of study, especially in the Sub-Saharan Africa region. Furthermore, the study contributes to the state-of-the-art importance and vulnerabilities in deploying PAC devices in daily human activities. The study is valuable in that it has the potential to establish a foundation for future studies that may delve into investigating issues associated with the deployment of PAC devices.

This study investigated the attitudes and concerns of Saudi higher educational institution (HEI) academics about privacy and security in online teaching during the COVID-19 pandemic.

Online Questionnaire questionnaire was designed to explore Saudi HEI academic’s attitudes and concerns about privacy and security issues in online teaching. The questionnaire asked about attitudes and concerns held before the pandemic and since the pandemic. The questionnaire included four sections. At the beginning of the questionnaire, participants were asked what the phrase “online privacy and security” meant to them, to gain an initial understanding of what it meant to academics. A definition for what we intended for the survey was then provided: “that a person’s data, including their identity, is not accessible to anyone other than themselves and others whom they have authorised and that their computing devices work properly and are free from unauthorised interference” (based on my reading of a range of sources, e.g. Schatz et al., 2017; Steinberg, 2019; NCS; Windley, 2005). This was to ensure that participants did understand what I was asking about in subsequent sections.

This study investigated the attitudes and concerns of Saudi HEI academics about privacy and security in online teaching during the COVID-19 pandemic. The findings provide several key insights: Key aspects of online privacy and security for Saudi HEI academics: Saudi HEI academic’s notion of online privacy and security is about the protection of personal data, preventing unauthorized access to data and ensuring the confidentiality and integrity of data. This underscores the significance of robust measures to safeguard sensitive information in online teaching, but also the need to make academics aware of the other aspects of online privacy and security. Potential to improve policies and training about online privacy and security in Saudi HEIs: Although many participants were aware of the online privacy and security policies of their HEI, only a small percentage had received training in this area. Thus, there is a need to improve the development and dissemination of policies and to provide academics with appropriate training in this area and encourage them to take available training. Use of videoconferencing and chat technologies and cultural sensitivities: The study highlighted moderate levels of concern among Saudi HEI academics regarding the use of videoconferencing and online chat technologies, and their concerns about cultural factors around the use of these technologies. This emphasizes the need for online teaching and the growing use of technologies in such teaching to respect cultural norms and preferences, highlighting the importance of fostering a culturally sensitive approach to technology deployment and use. Surprising low webcam use: An unexpected finding is the low use of webcams by both academics and students during online teaching sessions, prompting a need for a deeper understanding of the dynamics surrounding webcam engagement in such sessions. This calls for a reevaluation of the effectiveness of webcam use in the teaching process and underscores the importance of exploring methods for enhancing engagement and interaction in online teaching. In summary, this paper investigated the attitudes and concerns about privacy and security in the online teaching of Saudi HEI academics during the coronavirus pandemic. The study reveals areas where further research and policy development can enhance the online teaching experience. As the education landscape continues to evolve, institutions must remain proactive in addressing the concerns of their academics while fostering a culturally sensitive approach to technology deployment.

One limitation of this study is the relatively small qualitative data sample, despite the adequate size of the sample including 36 academics from various Saudi Arabian HEIs for quantitative analysis. It was necessary to make the most of the open-ended questions optional – participants did not have to answer about concerns if they did not want to, as we did not want to make the questionnaire too long and onerous to complete. Consequently, the number of academics responding to the open-ended questions was limited, emphasizing the need for additional data and alternative research methods to further these issues. The study was focused on investigating the concerns of HEI Saudi academics, recognizing that the attitudes and concerns of academics in other countries may differ. Furthermore, the research also includes an exploration of the changes in academic attitudes and concerns before and since the COVID-19 pandemic, which will be the subject of further data analysis.

This research delves into Saudi HEI academics' perceptions and concerns regarding privacy and security in online education during the COVID-19 Pandemic. Notably, it highlights the moderate priority placed on online privacy and security, the unexpectedly low usage of webcams and the potential for enhancing policies and training. The study emphasizes the necessity for comprehensive measures to protect sensitive data and the importance of tailored policies for educators. It also underscores the need for a more nuanced understanding of webcam usage dynamics, offering valuable insights for institutions aiming to improve online education and address educators' concerns amidst evolving educational landscapes.

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.

This study aims to examine the connection between the integrity of records and the effectiveness of anti-corruption investigations. The objective is to determine how the quality of records affects the efficiency of anti-corruption investigations.

This study uses a qualitative, exploratory case study approach, with data collected through interviews with 15 anti-corruption investigators in 2020 in Nigeria. The data were analysed using thematic analysis.

The results indicate that the efficiency of anti-corruption investigations depends on the quality of the evidence. Proper recordkeeping, which maintains the integrity of records, is crucial for efficient anti-corruption investigations. Inadequate recordkeeping practices that do not adhere to the lifecycle concept are often driven by corruption and can significantly hinder the efficiency of anti-corruption investigations by causing delays in obtaining crucial evidence.

From a records management perspective, this study highlights the impact of unreliable evidence on every corruption investigation effort and the motives behind rendering the process unproductive. Accountability forums must enforce adherence to proper recordkeeping procedures to ensure the desired investigative outcomes with minimal resources, time and effort to combat corruption.