Search results

Reflecting on Big Data’s assumed benefits, this study aims to identify the risks and challenges of data security underpinning Big Data’s socio-economic value and intellectual capital (IC).

The study reviews academic literature, professional documents and public information to provide insights, critique and projections for IC and Big Data research and practice.

The “voracity” for data represents a further “V” of Big Data, which results in a continuous hunt for data beyond legal and ethical boundaries. Cybercrimes, data security breaches and privacy violations reflect voracity and represent the dark side of the Big Data ecosystem. Losing the confidentiality, integrity or availability of data because of a data security breach poses threat to IC and value creation. Thus, cyberthreats compromise the social value of Big Data, impacting on stakeholders’ and society’s interests.

Because of the interpretative nature of this study, other researchers may not draw the same conclusions from the evidence provided. It leaves some open questions for a wide research agenda about the societal, ethical and managerial implications of Big Data.

This paper introduces the risks of data security and the challenges of Big Data to stimulate new research paths for IC and accounting research.

The paper aims to explore the national security implications of a potential for a World Trade Organization (WTO) dispute on data flow restrictions. It proposes a basic conceptual framework to assess data flows’ restrictions under General Agreement on Trade in Services (GATS) security exception.

If a case were to be brought before the WTO dispute settlement, the defender could support its case by invoking the security exception. This paper analyzes three main arguments that could be brought up: protection from cyber espionage, protection from cyberattacks on critical infrastructure and access to data needed to prevent terrorist threats. These three cases are analyzed both legally and technically to assess the relevance of restrictions on data flows under GATS security exception. This analysis can, more generally, inform the debate on the protection of national security in the digital era.

In the three cases, restrictions on data considered critical for national security might raise the cost of certain attacks. However, the risks would remain pervasive and national security would not be significantly enhanced both legally and technically. The implementation of good security standards and encryption techniques appears to be a more effective way to ensure a better response to cyber threats. All in all, it will be important to investigate on a case by case basis whether the scope of the measure (sectors and data covered) is considered proportionate and whether the measure in question in practice reduces the exposure of the country to cyber espionage, cyberattacks and terrorist threats.

This paper represents a contribution to the literature because it is the first paper to address systematically the issue of data flows and national security in the context of a GATS dispute and because it provides a unique perspective that looks both at legal and technical arguments.

Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees to manage security-related risks. The purpose of this research is to explore the homeostatic mechanism proposed by risk homeostasis theory (RHT), as well as security fatigue, in an organisational context.

A case study approach was used to investigate the topic, focusing on data specialists who regularly work with sensitive information assets. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company.

A thematic analysis of the data revealed risk perceptions, behavioural adjustments and indicators of security fatigue. The findings provide examples of how these concepts manifest in practice and confirm the relevance of RHT in the security domain.

This research illuminates homeostatic mechanisms in an organisational security context. It also illustrates links with security fatigue and how this could further impact risk. Examples and indicators of security fatigue can assist organisations with risk management, creating “employee-friendly” policies and procedures, choosing appropriate technical security solutions and tailoring security education, training and awareness activities.

The study focuses on influential factors of collaboration on government data security by the Chinese government.

The article explores the case of e-government in the Chinese centralized unitary state system context, using a structured–pragmatic–situational (SPS) approach and the boundary theory as an analytical lens.

The findings indicate that e-government operates in highly interconnected environments where the safe flow of government data requires collaborative and cross-boundary strategies. Any organization is a potential “weakest link”. In addition, collaboration is fragmented by ambiguous accountability and organizational inertia across government departments, resources differences and limited visibility and measurability of security efforts across government levels and conflicts and uncertainties in principal–agent relationships. The solutions for those obstacles are also discussed from the multi-function, multi-level and multi-actor dimensions, respectively. A multi-dimensional overarching security model for the flow of government data is proposed.

The study advances the technology-oriented micro-analysis of previous studies on government data security to cross-organizational revealing at the macrolevel by connecting streams of research in information systems and public administration. These findings will contribute to making the safe flow of government data more resilient in the transformation of e-government.

Although cloud storage services can bring users valuable convenience, they can be technically complex and intrinsically insecure. Therefore, this research explores the concerns of academic users regarding cloud security and technical issues and how such problems may influence their continuous use in daily life.

This qualitative study used a semi-structured interview approach comprising six main open-ended questions to explore the information security and technical issues for the continuous use of cloud storage services by 20 undergraduate students in Hong Kong.

The analysis revealed cloud storage service users' major security and technical concerns, particularly synchronization and backup issues, were the most significant technical barrier to the continuing personal use of cloud storage services.

Existing literature has focused on how cloud computing services could bring benefits and security and privacy-related risks to organizations rather than security and technical issues of personal use, especially in the Asian academic context.

As the United Arab Emirates (UAE) organizations are embarking onto the intensive technology world where the exchange of information is increasingly taking place through electronic means and data are stored electronically, this paper attempts to investigate the need to develop a UAE data security strategy and a detailed framework that can ensure the safety of data and can also cope with all types of disasters expected in the country. The paper also reviews and analyses the types of hazards in the UAE.

In order to obtain a global view on how organizations in the UAE are managing the security of their electronic information, a questionnaire has been designed and distributed with the aim of obtaining a clear understanding of their data security procedures, practices, and policies.

The research has shown that organizations from the outset should have a set‐plan, which has to be periodically analyzed, reviewed, and modified to keep abreast of the technological advancements and risks in order to protect electronic data.

An extensive review of the literature has shown that no comprehensive research work has investigated data security management in the UAE. This makes the current study of particular importance in contributing to knowledge but also original in the context of the UAE where very little work has been undertaken on the subject.

The purpose of this paper is to propose a trusted security zone architecture that uses a blockchain technology to provide secure sharing of data in the security zone while maintaining the integrity, confidentiality and availability of data. The blockchain uses a distributed network to ensure data availability and uses public ledgers to ensure the integrity and confidentiality of data.

The proposed architecture uses a blockchain technology to provide secure sharing of data in the security zone while maintaining the integrity, confidentiality and availability of data. The blockchain uses a distributed network to ensure data availability and uses public ledgers to ensure the integrity and confidentiality of data.

Analysis of the proposed architecture with a use case scenario demonstrates that it provides a robust security measure against unauthorized network intrusions.

Unlike the existing security zone, this paper adopts a method of storing data by using blockchain. It meets the need to study integrated authentication management methods of future research.

Nowadays, to operate securely and legally and to achieve business objectives, secure valuable assets and support uninterrupted business processes, all organizations need to match a lot of internal and external compliance regulations such as laws, standards, guidelines, policies, specifications and procedures. An integrated system able to manage information security (IS) for their intranets in the new cyberspace while processing tremendous amounts of IS-related data coming in various formats is required as never before. These data, after being collected and analyzed, should be evaluated in real-time from an IS incident viewpoint, to identify an incident’s source, consider its type, weigh its consequences, visualize its vector, associate all target systems, prioritize countermeasures and offer mitigation solutions with weighted impact relevance. Different security information and event management (SIEM) systems cope with this routine and usually complicated work by rapid detection of IS incidents and further appropriate response. Modern challenges dictate the need to build these systems using advanced technologies such as the blockchain (BC) technologies (BCTs). The purpose of this study is to design a new BC-based SIEM 3.0 system and propose a methodology for its evaluation.

Modern challenges dictate the need to build these systems using advanced technologies such as the BC technologies. Many internet resources argue that the BCT suits the intrusion detection objectives very well, but they do not mention how to implement it.

After a brief analysis of the BC concept and the evolution of SIEM systems, this paper presents the main ideas on designing the next-generation BC-based SIEM 3.0 systems, for the first time in open access publications, including a convolution method for solving the scalability issue for ever-growing BC size. This new approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future.

The most important area of the future work is to bring this proposed system to life. The implementation, deployment and testing onto a real-world network would also allow people to see its viability or show that a more sophisticated model should be worked out. After developing the design basics, we are ready to determine the directions of the most promising studies. What are the main criteria and principles, according to which the organization will select events from PEL for creating one BC block? What is the optimal number of nodes in the organization’s BC, depending on its network assets, services provided and the number of events that occur in its network? How to build and host the SIEM 3.0 BC infrastructure? How to arrange streaming analytics of block’s content containing events taking place in the network? How to design the BC middleware as software that enables staff to interact with BC blocks to provide services like IS events correlation? How to visualize the results obtained to find insights and patterns in historical BC data for better IS management? How to predict the emergence of IS events in the future? This list of questions can be continued indefinitely for a full-fledged design of SIEM 3.0.

This paper shows the full applicability of the BC concept to the creation of the next-generation SIEM 3.0 systems that are designed to detect IS incidents in a modern, fully interconnected organization’s network environment. The authors’ attempt to begin with a detailed description of the basics for a BC-based SIEM 3.0 system design is presented, as well as the evaluation methodology for the resulting product.

The authors believe that their new revolutionary approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future. They hope that this paper will evoke a lively response in this segment of the security controls market from both theorists and direct developers of living systems that will implement the above approach.

Computerized accounting information systems (CAIS) are becoming more readily available to all types and sizes of business. The increased growth in real‐time and online data processing in CAIS has made access to these systems more available and easier for many users. Therefore, implementing adequate security controls over organisations, CAIS and their related facilities has become a necessity. The main objective of this article is to investigate the adequacy security controls implemented in the Egyptian banking industry (EBI) to preserve the confidentiality, integrity and availability of the banks' data and their CAIS through a proposed security controls check‐list. The security controls check‐list of CAIS was developed based on the available literature and the empirical results of previous studies. It includes many security counter‐measures that are empirically tested here for the first time. The entire population of the EBI has been surveyed in this research. The significant differences between the two respondent groups had been investigated. The statistical results revealed that the vast majority of Egyptian banks had adequate CAIS security controls in place. The results also revealed that the heads of computer departments (HoCD) paid relatively more attention to technical problems of CAIS security controls. This study has provided invaluable empirical results regarding inadequacies of implemented CAIS security controls in the EBI. Accordingly some recommendations were suggested to strengthen the security controls in the Egyptian banking sector.

Internet security is an important issue today. Corporate data are at risk when they are exposed to the Internet. Current technologies provide a number of ways to secure data transmission and storage, including encryption, firewalls, and private networks. This article discusses the awareness of Internet security and challenges faced in both the public and the private sectors.