Search results

This study aims to investigate the impact of external auditor–cloud specialist engagement on cloud auditing challenges from the perspective of auditors from the Association of Certified Public Accountants in a developing country as an example of Middle East emerging economies.

A quantitative research design was used to assess the influence of external auditor–cloud specialist engagement on three main cloud auditing challenges (i.e. technology security, regulatory standards and strategy). Data collection was conducted through field and online surveys. A total of 201 (181 male and 20 female) auditors made up a sample of a developing country’s economy. In addition, structural equation modelling was performed to test the proposed hypotheses of the study’s conceptual model.

The study found a significant effect of external auditor–cloud specialist engagement on overcoming the challenges of cloud auditing. Results showed that using IT specialists helps overcome strategic challenges more than other kinds of challenges, such as technology security and organisational standards.

The findings suggest that efforts to promote cloud auditing in organisations may succeed if the focus is on overcoming cloud auditing challenges and highlighting the external auditor–cloud specialist engagement to enhance job performance.

This study is one of the few studies that analyse the impact of external auditor–cloud specialist engagement on cloud auditing challenges by adopting a quantitative approach from the perspective of auditors from the Iraqi Association of Certified Public Accountants.

To effectively develop privacy policies and practices for cloud computing, organizations need to define a set of guiding privacy objectives that can be applied across their organization. It is argued that it is important to understand individuals’ privacy values with respect to cloud computing to define cloud privacy objectives.

For the purpose of this study, the authors adopted Keeney’s (1994) value-focused thinking approach to identify privacy objectives with respect to cloud computing.

The results of this study identified the following six fundamental cloud privacy objectives: to increase trust with cloud provider, to maximize identity management controls, to maximize responsibility of information stewardship, to maximize individual’s understanding of cloud service functionality, to maximize protection of rights to privacy, and to maintain the integrity of data.

One limitation is generalizability of the cloud privacy objectives, and the second is research bias. As this study focused on cloud privacy, the authors felt that the research participants’ increased knowledge of technology usage, including that of cloud technology, was a benefit that outweighed risks associated with not having a random selection of the general population. The newness and unique qualities of privacy issues in cloud computing are better fitted to a qualitative study where issues can emerge naturally through a holistic approach opposed to trying to force fit an existing set of variables or constructs into the context of privacy and cloud computing.

The findings of this research study can be used to assist management in the process of formulating a cloud privacy policy, develop cloud privacy evaluation criteria as well as assist auditors in developing their privacy audit work plans.

Currently, there is little to no guidance in the literature or in practice as to what organizations need to do to ensure they protect their stakeholders privacy in a cloud computing environment. This study works at closing this knowledge gap by identifying cloud privacy objectives.

In the cloud-computing environment, privacy preservation and enabling security to the cloud data is a crucial and demanding task. In both the commercial and academic world, the privacy of important and sensitive data needs to be safeguarded from unauthorized users to improve its security. Therefore, several key generations, encryption and decryption algorithms are developed for data privacy preservation in the cloud environment. Still, the outsourced data remains with the problems like minimum data security, time consumption and increased computational complexity. The purpose of this research study is to develop an effective cryptosystem algorithm to secure the outsourced data with minimum computational complexity.

A new cryptosystem algorithm is proposed in this paper to address the above-mentioned concerns. The introduced cryptosystem algorithm has combined the ElGamal algorithm and hyperchaotic sequence, which effectively encrypts the outsourced data and diminishes the computational complexity of the system.

In the resulting section, the proposed improved ElGamal cryptosystem (IEC) algorithm performance is validated using the performance metrics like encryption time, execution time, decryption time and key generation comparison time. The IEC algorithm approximately reduced 0.08–1.786 ms of encryption and decryption time compared to the existing model: secure data deletion and verification.

The IEC algorithm significantly enhances the data security in cloud environments by increasing the power of key pairs. In this manuscript, the conventional ElGamal algorithm is integrated with the pseudorandom sequences for a pseudorandom key generation for improving the outsourced cloud data security.

The study aims to use bibliometric and scientometric analysis to conduct a detailed investigation on the impact of disruptive technologies in accounting and reporting literature. To draw both academics and practitioners through accelerated research activities, the study also aims to look into the significance of these disruptive technologies, their potential and the opportunities they present for the accounting profession.

With the use of the Scopus database and a combination of accounting, reporting, auditing and technology-related keywords, 1660 research articles published between 2008 and 2023 were included in the sample. To provide graphical analysis of bibliometric data and visualize research findings such as bibliographic coupling, co-citation and keyword co-occurrence, this study used the R-biblioshiny and VOSViewer tools.

The findings demonstrate a growth in scholarly interest in the study’s area, particularly in recent years. The bibliometric analysis focuses on three key uses and applications of technology in the accounting and auditing professions: the adoption of continuous auditing and monitoring in the audit profession, the use of software tools in the audit and accounting professions and the connections between information systems and audit.

This study contributes to the literature by examining current research trends on the use of technology in the accounting and reporting professions, identifying gaps in the literature and, most importantly, proposing a research agenda for the field. This study’s data came entirely from English-language articles and reviews in the Scopus database. It also considers studies that are directly relevant to the use of technology in accounting and reporting.

Cloud computing plays a significant role in the initialization of secure communication between users. The advanced technology directs to offer several services, such as platform, resources, and accessing the network. Furthermore, cloud computing is a broader technology of communication convergence. In cloud computing architecture, data security and authentication are the main significant concerns.

The purpose of this study is to design and develop authentication and data security model in cloud computing. This method includes six various units, such as cloud server, data owner, cloud user, inspection authority, attribute authority, and central certified authority. The developed privacy preservation method includes several stages, namely setup phase, key generation phase, authentication phase and data sharing phase. Initially, the setup phase is performed through the owner, where the input is security attributes, whereas the system master key and the public parameter are produced in the key generation stage. After that, the authentication process is performed to identify the security controls of the information system. Finally, the data is decrypted in the data sharing phase for sharing data and for achieving data privacy for confidential data. Additionally, dynamic splicing is utilized, and the security functions, such as hashing, Elliptic Curve Cryptography (ECC), Data Encryption Standard-3 (3DES), interpolation, polynomial kernel, and XOR are employed for providing security to sensitive data.

The effectiveness of the developed privacy preservation method is estimated based on other approaches and displayed efficient outcomes with better privacy factor and detection rate of 0.83 and 0.65, and time is highly reduced by 2815ms using the Cleveland dataset.

This paper presents the privacy preservation technique for initiating authenticated encrypted access in clouds, which is designed for mutual authentication of requester and data owner in the system.

High performance computing (HPC) is used to solve complex calculations that personal computing devices are unable to handle. HPC offers the potential for small- and medium-size enterprises (SMEs) to engage in product innovation, service improvement and the optimization of resource allocation (Borstnar and Ilijas, 2019). However, the expensive infrastructure, maintenance costs and resource knowledge gaps that accompany the use of HPC can make it inaccessible to SMEs. By moving HPC to the cloud, SMEs can gain access to the infrastructure without the requirement of owning or maintaining it, but they will need to accept the terms and conditions of the cloud contract. This paper aims to improve how SMEs access HPC through the cloud by providing insights into the terms and conditions of HPC cloud contracts.

This paper adopts a systematic literature review by implementing a four-step approach. A comprehensive search was undertaken and results synthesized to enable this paper’s objectives to be met.

This paper proposes that SMEs could gain competitive advantage(s) by understanding their own needs and improving their contract negotiation abilities, service management skills and risk management abilities before accepting the terms and conditions of the cloud contract. Furthermore, a checklist, service-level agreement, easily ignored elements and risk areas are presented as guidance for SMEs when reviewing their HPC cloud contract(s).

While HPC cloud contracts are a niche research topic, it is one of the key factors influencing the ability of SMEs to access HPC through the cloud. It is, however, by no means a level playfield with SMEs at a distinct disadvantage because of not influencing the writing up of the HPC cloud contract. The added value of the paper is that it contributes to our overall understanding of the terms and conditions of HPC cloud contracts.

The purpose of this paper is to analyze the impact of the off-office audit of natural resource assets on the prevention and control of water pollution against a background of big data using a differences-in-differences model.

This study constructs a differences-in-differences model to evaluate the policy effects of off-office audit based on panel data from 11 cities in Anhui Province, China, from 2011 to 2017, and analyzes the dynamic effect of the audit and intermediary effect of industrial structure.

The implementation of the audit system can effectively reduce water pollution. Dynamic effect analysis showed that the audit policy can not only improve the quality of water resources but can also have a cumulative effect over time. That is, the prevention and control effect on water pollution is getting stronger and stronger. The results of the robustness test verified the effectiveness of water pollution prevention and control. However, the results of the influence mechanism analysis showed that the mediating effect of the industrial structure was not obvious in the short term.

These findings shed light on the effect of the off-office audit of natural resource assets on the prevention and control of water pollution, and provide a theoretical basis for the formulation of relevant environmental policies. Furthermore, these findings show that the implementation of the audit system can effectively reduce water pollution, which has practical significance for the sustainable development of China's economy against the background of big data.

This study quantitatively analyzes the policy effect of off-office auditing from the perspective of water resources based on a big data background, which differs from the existing research that mainly focuses on basic theoretical analysis.

The learning outcome of this paper is to identify and interpret the risks linked to cyber-security and their impact on the organization. Analyze business management regarding cyber-security and information technology (IT) risk management. Evaluate and propose decision-making strategies for IT projects.

Silver Bank is a financial entity with broad national coverage. Its growth was directly related to its investments in customer service. The entire organization is focused on satisfying its clients’ needs, improving their experience and making them loyal to the company. However, it did not pay enough attention to a threat that, with time, had become more pronounced: cyber-attacks. Its efforts to fight against this threat were only temporary solutions, as gaps in its IT system made it an easy target for criminals until the arrival of Iván Ramírez, who proposes a holistic solution to decrease the probability and severity of these attacks. However, past experiences, ignorance and budget constraints make it a difficult task to convince the bank’s board of directors to implement the proposed solution.

The case can be used as teaching material in upper-level undergraduate and graduate management courses: –undergraduate courses: information technology management, IT project analysis and management – MBA or graduate courses: information technology management, strategic management and security governance.

Teaching notes are available for educators only.

CSS 11: Strategy.

The purpose of this paper is to give a brief guidance on what a cloud provider should consider and what further actions to take to comply with General Data Protection Regulation (GDPR).

This paper presents in detail the requirements for GDPR compliance of cloud computing environments, presents the GDPR roles (data controller and data processor) in a cloud environment and discusses the applicability of GDPR compliance requirements for each cloud architecture (Infrastructure as a Service, Platform as a Service, Software as a Service), proposes countermeasures for satisfying the aforementioned requirements and demonstrates the applicability of the aforementioned requirements and countermeasures to a PaaS environment offering services for building, testing, deploying and managing applications through cloud managed data centers. The applicability of the method has been demonstrated on in a PaaS environment that offers services for building, testing, deploying and managing applications through cloud managed data centers.

The results of the proposed GDPR compliance measures for cloud providers highlight the effort and criticality required from cloud providers to achieve compliance.

The purpose of this paper is to classify and categorize the vulnerability types emerged with time as information technology (IT) systems evolved. This comparative study aims to compare the seriousness of the old well-known vulnerabilities that may still exist with lower possibility of happening with that of new technologies like cloud computing with Mobility access. Cloud computing is a new structure of IT that is becoming the main part of the new model of business environment. However, issues regarding such new hype of technology do not come without obstacles. These issues have to be addressed before full acceptability of cloud services in a globalized business environment. Businesses need to be aware of issues of concerns before joining the cloud services. This paper also highlights these issues and shows the comparison table to help businesses with appropriate decision-making when joining the cloud.

A historical review of emerged vulnerabilities as IT systems evolved was conducted, then these vulnerabilities were categorized into eight different categories, each of which composed of multiple vulnerability types. Simple scoring techniques were used to build a “risk” analysis table where each vulnerability type was given a score based on availability of matured solution and the likeliness of happening, then in case of vulnerability type, another score was used to derive the impact of such vulnerability. The resulted weighted score can be derived from the multiplication of likeliness to happen score with that of its impact in case it did happen. Percentage of seriousness represented by the percentage of the derived weighted score of each of the vulnerabilities can then be concluded. Similar table was developed for issues related to cloud computing environment in specific.

After surveying the historical background of IT systems and emerged vulnerabilities as well as reviewing the common malicious types of system vulnerabilities, this paper identifies 22 different types of vulnerability categorized in eight different categories. This comparative study explores amount of possible vulnerabilities in new technology like cloud computing services. Specific issues for cloud computing were also explored and a similar comparative study was developed on these issues. The result of the comparative study between all types of vulnerabilities since the start of IT system development till today’s technology of cloud computing, shows that the highest percentage vulnerability category was the one related to mobility access as mobile applications/systems are relatively newly emerged and do not have a matured security solution(s).

Learning from history, one can conclude the current risk factor in dealing with new technology like cloud computing. Businesses can realize that decision to join the cloud requires thinking about the issues mentioned in this paper and identifying the most vulnerability types to try to avoid them.

A new comparative study and new classification of vulnerabilities demonstrated with risk analysis using simple scoring technique.