Search results
1 – 10 of 92Ali Vafaei-Zadeh, Ramayah Thurasamy and Haniruzila Hanifah
This paper aims to investigate the impact of perceived price level and information security awareness on computer users’ attitude. Moreover, this study aims to investigate the…
Abstract
Purpose
This paper aims to investigate the impact of perceived price level and information security awareness on computer users’ attitude. Moreover, this study aims to investigate the effect of attitude, subjective norms and perceived behavioral control (PBC) on intention to use anti-malware software.
Design/methodology/approach
Data were collected using a structured questionnaire from 225 students of five public universities in Malaysia. Purposive sampling technique was used in this study. AMOS 24 was used to test the research framework using a two-step approach.
Findings
Findings give support to some of the hypotheses developed with R2 values of 0.521 for attitude and 0.740 for intention. Perceived price level had a negative effect on attitude while information security awareness had a positive effect on attitude and intention. Attitude, subjective norms and PBC were all positively related to intention, but perceived price level did not affect intention. This suggests that benefits of using anti-malware are more than its price value. Therefore, the price has no direct effect on intention to use.
Research limitations/implications
University computer networks are as open and inviting as their campuses. Therefore, this research can be helpful to the universities to safeguard their networks and encourage the students to use anti-malware. However, using anti-malware software will enable an individual to identify and prioritize security risks, quickly detect and mitigate security breaches, improve the understanding of security gaps and safeguard the sensitive data by minimizing the risks related to malware.
Originality/value
This study ventured to model the information security behavior of anti-malware usage by individual users by using the theory of planned behavior with the addition of two new variables, perceived price level and information security awareness to explain the behavior better.
Details
Keywords
The purpose of this paper is to point out, to non‐technical library users, the hazards of using the library's public computers.
Abstract
Purpose
The purpose of this paper is to point out, to non‐technical library users, the hazards of using the library's public computers.
Design/methodology/approach
The purpose of this paper is to articulate the dangers faced by library users, whether they be students, faculty, or staff. This paper is geared towards education and enlightenment of non‐technical users of public computers.
Findings
There are many hazards to computing, both online and off. Most public computers are not well prepared to cope with worms, Trojans and other malware. There are remedies for a lot of the malware, but as in an arms race it is a matter of catching up with the latest weapon to be presented.
Practical implications
Since public computers are so vulnerable to attack, library IT must be constantly vigilant for the menaces that are present. The paper shows how computers can be protected.
Originality/value
If this can help save one computer's workload by making people aware of the dangers involved, the information is well worthwhile.
Details
Keywords
The purpose of this paper is to describe how malware can harm the library's computers, and how technology can be used to protect them, in a way that can be understood by the…
Abstract
Purpose
The purpose of this paper is to describe how malware can harm the library's computers, and how technology can be used to protect them, in a way that can be understood by the non‐technical.
Design/methodology/approach
The searches encompassed articles and books on the issues of malware and technology‐based code organisms.
Findings
There were complex issues dealing with hackers and other malevolent and unscrupulous characters trying to break into computer systems for profit.
Research limitations/implications
Only small indicators of the overall problem have been addressed. Much more has to be investigated and learned.
Practical implications
It is advisable to learn to protect your computers more effectively when “online.”
Originality/value
Although much has been written about the problem, few articles offer concrete solutions to the problems.
Details
Keywords
For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence less…
Abstract
Purpose
For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence less experience in handling security threats like malware as compared to users of other countries who have gone through the learning curve of handling such security threats using other Internet-enabled devices such as laptop and desktop. Because of this, the inexperienced Indian smartphone user may be vulnerable to Internet-related security breaches, as compared to the citizens of developed economies. Hence, it is essential to understand the attitude, behaviour and security practices of smartphone users in India. Limited research is available about the security behaviour of smartphone users in India as the majority of research in this domain is done outside India.
Design/methodology/approach
In this empirical study, the researchers identified 28 cybersecurity behaviours and practices through a survey of relevant literature. An online survey of identified cybersecurity behaviours and practices was administered to 300 smartphone users. Frequency analysis of the respondent data was done to understand the adoption of recommended cybersecurity behaviours and practices. Pearson’s chi-square with 5% level of significance has been used to test the hypotheses. Post hoc analysis with Bonferroni correction was conducted for statistically significant associations.
Findings
Overall, the respondents did not exhibit good cybersecurity behaviour. Respondents have adopted some of the most popular security features of the smartphone such as the use of screen lock. However, respondents have not adopted or are not aware of the technical security controls such as encryption and remote wipe. Statistically significant differences were found between the cybersecurity behaviour and practices and independent variables such as gender, age, mobile operating system (OS) and mother tongue. Respondents reported high level of motivation to protect their device and data, whereas they reported moderate level of threat awareness and the ability to protect to their device and data. Results of the comparative analysis with a similar study in China and the USA are also reported in this study.
Research limitations/implications
The main limitations of this study are as follows: the respondents' perceptions about their cybersecurity behaviours and practices were measured as opposed to their actual behaviours and practices and the generalizability of the study is limited because the sample size is small as compared to the total number of smartphone users in India.
Practical implications
The findings of this study may be useful for the design of effective cybersecurity prevention and intervention programs for general smartphone users of India.
Originality/value
This study provides an insight about cybersecurity behaviour of smartphone users in India. To the knowledge of the researchers, this is the first study to collect such quantitative data of smartphone users in India for a better understanding of the cybersecurity behaviours and practices. This study identified 28 cybersecurity behaviours and practices, which smartphone users should follow to improve cybersecurity.
Details
Keywords
The purpose of this paper is to identify and investigate the security issues an organisation operating in the “new” online environment is exposed to through Web 2.0 applications…
Abstract
Purpose
The purpose of this paper is to identify and investigate the security issues an organisation operating in the “new” online environment is exposed to through Web 2.0 applications, with specific focus on unauthorised access (encompassing hackers). The study aims to recommend possible safeguards to mitigate these incremental risks to an acceptable level.
Design/methodology/approach
An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and Related Technology (CobiT) and Trust Service Principles and Criteria and associated control objectives relating to security risks, specifically to hacker risks. These objectives were used to identify relevant risks and formulate appropriate internal control measures.
Findings
The findings show that every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program, including a multi‐layer technological, as well as an administrative component, should be implemented. User training on acceptable practices should also be conducted.
Originality/value
Obtaining an understanding of Web 2.0 and Web 2.0 security is important, as Web 2.0 is a new, poorly understood technology and with the growing mobility of users, the potential surface area of attack increases and should be managed. The paper will help organisations, information repository managers, information technology (IT) professionals, librarians and internal and external auditors to understand the “new” risks relating to unauthorised access, which previously did not exist in an on‐line environment, and will assist the development of a framework to limit the most significant risks.
Details
Keywords
As mobile malware and virus are rapidly increasing in frequency and sophistication, mobile social media has recently become a very popular attack vector. The purpose of this paper…
Abstract
Purpose
As mobile malware and virus are rapidly increasing in frequency and sophistication, mobile social media has recently become a very popular attack vector. The purpose of this paper is to survey the state-of-the-art of security aspect of mobile social media, identify recent trends, and provide recommendations for researchers and practitioners in this fast moving field.
Design/methodology/approach
This paper reviews disparate discussions in literature on security aspect of mobile social media though blog mining and an extensive literature search. Based on the detailed review, the author summarizes some key insights to help enterprises understand security risks associated with mobile social media.
Findings
Risks related to mobile social media are identified based on the results of the review. Best practices and useful tips are offered to help enterprises mitigate risks of mobile social media. This paper also provides insights and guidance for enterprises to mitigate the security risks of mobile social media.
Originality/value
The paper consolidates the fragmented discussion in literature and provides an in-depth review to help researchers understand the latest development of security risks associated with mobile social media.
Details
Keywords
Jongpil Park, Jai-Yeol Son and Kil-Soo Suh
Firms continue to struggle with end users who do not follow recommended actions for safeguarding information security. Thus, the authors utilize insights gained from studies on…
Abstract
Purpose
Firms continue to struggle with end users who do not follow recommended actions for safeguarding information security. Thus, the authors utilize insights gained from studies on heuristic processing of risk information to design cues in fear appeal messages more effectively so as to more strongly engender fear among users, which can in turn lead them to take protective actions toward information security. Specifically, four types of fear appeal cues are identified: numeric risk communication, social distance and goal framing in verbal risk communication and visual risk communication.
Design/methodology/approach
Drawing from protection motivation theory, the authors hypothesize that these fear appeal cues can engender fear among users to a greater extent. In addition, the authors hypothesize that users will perceive a higher level of severity and susceptibility when they perceive a large amount of fear. The research hypotheses were tested employing data collected through a laboratory experiment. Analysis of variance (ANOVA) and regression analyses were performed to analyze the data.
Findings
The study's results suggest that numeric and visual risk communication cues in security notices can significantly increase the amount of fear felt by users. In addition, social distance was found to marginally increase the amount of fear felt by users. However, unlike our expectation, goal framing was not found to increase the amount of fear when the other three types of fear appeal cues were also given in a security notice. It was also found that induced fear can increase the severity and susceptibility of threats as perceived by users.
Originality/value
The study contributes to the literature on fear appeal cues designed to promote users' security protection behaviors. No prior study has designed security notices featuring the four different types of fear appeal cues and empirically tested the effectiveness of those cues in inducing fear among users. The findings suggest that the design of fear appeal cues can be improved by understanding individuals' heuristic processing of risk information, which can be subject to cognitive biases.
Details
Keywords
This paper presents the design, development and trialling of the mobile execution environment (MEE), a secure portable execution environment designed to support secure…
Abstract
Purpose
This paper presents the design, development and trialling of the mobile execution environment (MEE), a secure portable execution environment designed to support secure teleworking. Teleworking is an established work practice, yet often the information security controls in the teleworking location are weaker than those in a corporate office. Security concerns also prevent organisations allowing personnel to telework.
Design/methodology/approach
The design science research methodology was applied to develop the MEE, and this paper is structured using the process elements of the methodology.
Findings
In this paper, the problem addressed and the design objectives are defined. The design and implementation is discussed, and the testing and trialling approach adopted to demonstrate the MEE is summarised. An evaluation of the demonstration results against the design objectives is presented.
Research limitations/implications
The MEE is part of an ongoing research project using open source software; the structure and functionality of the software can limit or influence the direction of the research.
Practical implications
The MEE provides a secure portable execution environment suitable for transaction-oriented work performed remotely; e.g. teleworkers performing customer support work.
Social implications
The paper contributes to encouraging the implementation of teleworking.
Originality/value
The MEE builds on the concept of a portable executable operating system that uploads onto a PC through an external port. The MEE extends this concept by providing a hardened secure computing environment that is uploaded from a secure storage device or a standard thumb drive (USB flash drive).
Details
Keywords
Anthony Duke Giwah, Ling Wang, Yair Levy and Inkyoung Hur
The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user…
Abstract
Purpose
The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobile technology.
Design/methodology/approach
This study was an empirical study that gathered survey data from 390 mobile users. Delphi study and pilot study were conducted prior to the main survey study. Partial Least Square Structural Equation Modeling was used to analyze the survey data after conducting pre-analysis data screening.
Findings
This study shows that information security training programs must be designed by practitioners to target the mobile self-efficacy (MSE) of device users. It also reveals that practitioners must design mobile device management systems along with processes and procedures that guides users to take practical steps at protecting their devices. This study shows the high impact of MSE on users’ protection motivation (PM) to protect their mobile devices. Additionally, this study reveals that the PM of users influences their usage of mobile device security.
Originality/value
This study makes theoretical contributions to the existing information security literature. It confirms PM theory’s power to predict user behavior within the context of mobile device security usage. Additionally, this study investigates mobile users’ actual security usage. Thus, it goes beyond users’ intention.
Details
Keywords
Nguyen Phong Nguyen and Emmanuel Mogaji
On the one hand, there are traditional banks with high street branches; on the other hand, there are neobanks that do not operate physical branches. The ongoing lockdown has…
Abstract
On the one hand, there are traditional banks with high street branches; on the other hand, there are neobanks that do not operate physical branches. The ongoing lockdown has placed restrictions on the movement of people. This study aims to extend knowledge on new trends to provide financial services amid the COVID-19 global pandemic. The study also explores social media's impact on banking in the United Kingdom from the total relationship marketing (TRM) theory (Gummesson, 2017). Tweets from 12 banks in the United Kingdom were thematically analysed to understand the challenges and issues banks face due to the pandemic and how they use Twitter to communicate and engage customers since they provide financial services through mobile applications. The location, which influences service delivery, is crucial for delivering financial services to their customers. The analysis presents three key themes: service update, preparation and delivery. Banks use Twitter to highlight updates about their services, provide information on measures to support the ongoing transition to online banking and communicate changes implemented to improve service delivery. This study provides theoretical and managerial implications for stakeholders interested in financial services management, information technology management and customer behaviour.
Details