Search results
11 – 20 of 92Lemma Lessa and Daniel Gebrehawariat
This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an…
Abstract
Purpose
This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.
Design/methodology/approach
Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.
Findings
The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.
Originality/value
This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.
Details
Keywords
Raman Singh, Harish Kumar, Ravinder Kumar Singla and Ramachandran Ramkumar Ketti
The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating internet…
Abstract
Purpose
The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating internet attacks is presented, and gaps in the research are identified. The purpose of this paper is to identify the limitations of the current research and presents future directions for intrusion/malware detection research.
Design/methodology/approach
The paper presents a review of the research literature on IDSs, prior to identifying research gaps and limitations and suggesting future directions.
Findings
The popularity of the internet makes it vulnerable against various cyber-attacks. Ongoing research on intrusion detection methods aims to overcome the limitations of earlier approaches to internet security. However, findings from the literature review indicate a number of different limitations of existing techniques: poor accuracy, high detection time, and low flexibility in detecting zero-day attacks.
Originality/value
This paper provides a review of major issues in intrusion detection approaches. On the basis of a systematic and detailed review of the literature, various research limitations are discovered. Clear and concise directions for future research are provided.
Details
Keywords
Kenneth Albert Saban, Stephen Rau and Charles A. Wood
Information security has increasingly been in the headlines as data breaches continue to occur at alarming rates. This paper aims to propose an Information Security Preparedness…
Abstract
Purpose
Information security has increasingly been in the headlines as data breaches continue to occur at alarming rates. This paper aims to propose an Information Security Preparedness Model that was developed to examine how SME executives’ perceptions of security importance, implementation challenges and external influences impact their awareness and commitment to security preparedness.
Design/methodology/approach
Funded by the Department of Justice, a national survey of SME executives’ perceptions of information security preparedness was conducted. Using PLS-SEM, the survey responses were used to test the proposed Information Security Preparedness Model.
Findings
The results indicate that as perceptions of security importance and external influences increase, SME executives’ awareness and commitment to information security also increases. In addition, as implementation challenges increase, awareness and commitment to information security decreases. Finally, as security importance and awareness and commitment to information security increases, executives’ perception of security preparedness also increases.
Research limitations/implications
Executive perceptions of information security were measured and not the actual level of security. Further research that examines the agreement between executive perceptions and the true state of information security within the organization is warranted.
Originality/value
Prior information security studies using Roger’s (1975, 1983) Protection Motivation Theory have produced mixed results. This paper develops and tests the Information Security Preparedness Model to more fully explain SME executive’s perceptions of information security.
Details
Keywords
– This paper aims to report on the information security behaviors of smartphone users in an affluent economy of the Middle East.
Abstract
Purpose
This paper aims to report on the information security behaviors of smartphone users in an affluent economy of the Middle East.
Design/methodology/approach
A model based on prior research, synthesized from a thorough literature review, is tested using survey data from 500 smartphone users representing three major mobile operating systems.
Findings
The overall level of security behaviors is low. Regression coefficients indicate that the efficacy of security measures and the cost of adopting them are the main factors influencing smartphone security behaviors. At present, smartphone users are more worried about malware and data leakage than targeted information theft.
Research limitations/implications
Threats and counter-measures co-evolve over time, and our findings, which describe the state of smartphone security at the current time, will need to be updated in the future.
Practical implications
Measures to improve security practices of smartphone users are needed urgently. The findings indicate that such measures should be broadly effective and relatively costless for users to implement.
Social implications
Personal smartphones are joining enterprise networks through the acceptance of Bring-Your-Own-Device computing. Users’ laxity about smartphone security thus puts organizations at risk.
Originality/value
The paper highlights the key factors influencing smartphone security and compares the situation for the three leading operating systems in the smartphone market.
Details
Keywords
The purpose of this paper is to discuss various types of computer viruses, along with their characteristics, working, effects on the computer systems and to suggest measures for…
Abstract
Purpose
The purpose of this paper is to discuss various types of computer viruses, along with their characteristics, working, effects on the computer systems and to suggest measures for detecting the virus infection in a computer system and to elaborate means of prevention.
Design/methodology/approach
The author undertook an extensive study and review of the literature available online and on relevant web sites on the present topic.
Findings
A large number of viruses were found during the study, which are causing serious damages to computer systems. The author suggests ways to detect and prevent the different computer viruses.
Research limitations/implications
The research is based on and limited to the study of the relevant literature available on different relevant web sites.
Practical implications
The research will benefit business organizations, business houses, educational institutions and libraries working in fully computerized environments, in detection of viruses and preventing infection of their computer systems.
Social implications
The society will also benefit by attaining knowledge about the different types of computer viruses and the measures of prevention of infection.
Originality/value
There are a number of studies and articles available on the topic but almost all of them appear to be incomplete in the sense that either they discuss only a limited number of known viruses or suggest only limited ways of prevention. The paper has made an attempt to discuss almost all the computer viruses and every possible way of prevention of infection from them.
Details
Keywords
Forough Nasirpouri Shadbad and David Biros
Since the emergence of the Internet in the twentieth century and the rapid growth of different types of information technologies (IT), our lives, either personal or professional…
Abstract
Since the emergence of the Internet in the twentieth century and the rapid growth of different types of information technologies (IT), our lives, either personal or professional, have become digitised. Adoption and diffusion of IT enhance individuals and organisational performance, yet scholars discovered a dual nature of IT in which IT usage may have negative aspects too. First, the inability to cope with IT in a healthy manner creates stress in users, termed technostress. Second, digitisation and adoption of new technologies (e.g. IoT and multi-cloud environments) have increased vulnerabilities to information security (InfoSec) threats. Although organisations utilise counteraction strategies (e.g., security systems, security policies), end-users remain the top source of security incidents. Existing behavioural research has approached technostress and InfoSec independently. However, it is not clear how technology-stressors influence employees’ security-related behaviours. This chapter reviews the interaction effect of these concepts in detail by proposing a conceptual model that explains that technostress is the main reason for employees’ non-compliance with security policies in which users with high-level perceptions of technostress are more likely to violate InfoSec policies. Counteraction strategies to mitigate technostress and security threats are also discussed.
Details
Keywords
Abstract
Details