Search results
1 – 10 of 314Molly Cooper, Yair Levy, Ling Wang and Laurie Dringus
This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.
Abstract
Purpose
This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.
Design/methodology/approach
This study has three phases. The first phase included 32 subject matter experts that provided feedback toward a phishing alert and warning system. The second phase included development and a pilot study to validate a phishing alert and warning system prototype. The third phase included delivery of the Phishing Alert and Warning System (PAWSTM mobile app) to 205 participants. This study designed, developed, as well as empirically tested the PAWSTM mobile app that alerted and warned participants to the signs of phishing in emails on mobile devices.
Findings
The results of this study indicated audio alerts and visual warnings potentially lower phishing susceptibility in emails. Audiovisual warnings appeared to assist study participants in noticing phishing emails more easily and in less time than without audiovisual warnings.
Practical implications
This study's implications to mitigation of phishing emails are key, as it appears that alerts and warnings added to email applications may play a significant role in the reduction of phishing susceptibility.
Originality/value
This study extends the existing information security body of knowledge on phishing prevention and awareness by using audiovisual alerts and warnings to email recipients tested in real-life applications.
Details
Keywords
Lynne Rudasill and Jessica Moyer
This article presents an overview of the historical development of information security policies promulgated by a variety of governments and agencies. After a brief history of the…
Abstract
This article presents an overview of the historical development of information security policies promulgated by a variety of governments and agencies. After a brief history of the development of government technology policy in the electronic age, and a review of the possible cyber‐security threats to today's military and civilian populations, policy documents from the organization for economic co‐operation and development, the European Union, and the USA are described and compared. Analysis of the policy documents shows some similarities in the manner by which national and supra‐national political agencies are reacting to the threat of cyber‐attack. The paper alerts the library community to possible compromise in the systems with which we work, and provides some understanding of the process by which the government is reacting to threats. It concludes by encouraging the librarian to become more actively involved and informed concerning the development of government policies in this area.
Details
Keywords
However, since the start of the invasion, Russia has only targeted some Ukrainian government and financial institutions, causing limited and contained damage. Ukrainian critical…
Details
DOI: 10.1108/OXAN-DB267722
ISSN: 2633-304X
Keywords
Geographic
Topical
Weiguang Jiang, Lieyun Ding and Cheng Zhou
Construction safety has been a long-term problem in the development of the construction industry. An increasing number of smart construction sites have been designed using…
Abstract
Purpose
Construction safety has been a long-term problem in the development of the construction industry. An increasing number of smart construction sites have been designed using different techniques to reduce injuries caused by construction accidents and achieve proactive risk control. However, comprehensive smart construction site safety management solutions and applications have yet to be developed. Thus, this study proposes a smart construction site framework for safety management.
Design/methodology/approach
A safety management system based on a cyber-physical system is proposed. The system establishes risk data synchronization mapping between the virtual construction and physical construction sites through scene reconstruction design, data awareness, data communication and data processing modules. Personnel, mechanical and other risks on site will be warned and controlled.
Findings
The results of the case study have proved the management benefits of the system. On-site workers gradually realized that they should enter the construction site based on the standard process. And the number of people close to the construction hazard areas decreased.
Research limitations/implications
There are some limitations in the technology of smart construction site. The modeling speed can be faster, the data collection can be timelier, and the identification of unsafe behavior can be integrated into the system. Construction quality and efficiency issues in a virtual construction site will also be solved in further research.
Practical implications
In this paper, this system is actually applied in the mega project management process. More practical projects can use the management ideas and method of this paper to ensure on-site safety.
Originality/value
This study is among the first attempts to build a complete smart construction site based on CPS and apply it in practice. Personnel, mechanical, components, environment information will be displayed on the virtual construction site. It will greatly promote the development of the intellectualized construction industry in the future.
Details
Keywords
Financial crime costs the world economy more than $1tn. Yet policing responses continue to apply traditional law enforcement methods to detect, identify and disrupt criminal…
Abstract
Purpose
Financial crime costs the world economy more than $1tn. Yet policing responses continue to apply traditional law enforcement methods to detect, identify and disrupt criminal actors in financial systems. The purpose of this paper is to challenge existing thinking around law enforcement practices in financial crime within an Australian context, by presenting an alternative model grounded in management cybernetics and systemic design (SD), which the author terms “cyber-systemics”.
Design/methodology/approach
This study reflects on prior research work across cybernetics and SD to suggest an integrated approach as a conceptually useful basis for considering regulation of financial crime, and to demonstrate utility using a case study.
Findings
The Fintel Alliance between financial crime regulators and financial institutions in Australia demonstrates a strong connection with, and example of, this study’s cyber-systemic regulatory framework. It will be demonstrated that the form of co-design framework offered under cyber-systemics is both consistent with cybernetic and SD literature, but also a means of avoiding regulatory disconnection in times of change and disruption. This study also invites consideration of how future forms of governance might be structured using cyber-systemics as a conceptual backbone.
Research limitations/implications
This work proposes a novel methodology at odds with traditional law enforcement ways of doing, inevitably requiring a change of regulatory mindset. In addition, this paper is purely conceptual and therefore more research on an empirical basis is required to prove the potential benefits in a real-world regulatory environment.
Originality/value
This is (to the author’s knowledge) the first conceptual exploration of blending SD and management cybernetics in the field of criminal law regulation.
Details
Keywords
Aldo M. Leiva and Michel E. Clark
To examine the COVID-19 pandemic’s effects on regulated entities within the context of cybersecurity, US Securities and Exchange Commission (SEC) compliance, and parallel…
Abstract
Purpose
To examine the COVID-19 pandemic’s effects on regulated entities within the context of cybersecurity, US Securities and Exchange Commission (SEC) compliance, and parallel proceedings.
Design/methodology/approach
Describes the SEC’s ability to conduct its operations within the telework environment, its commitment and ability to monitor the securities market, its enhanced monitoring of the adverse effects of SEC-regulated companies from COVID-19, its guidance to public companies of disclosure obligations related to cybersecurity risks and incidents, the SEC Office of Compliance and Examinations’s (OCIE’s) focus on broker-dealers’ and investment advisories’ cybersecurity preparedness, the role and activities of the SEC Division of Enforcement’s Cyber Unit, and parallel proceedings on cyberbreaches and incidents by different agencies, branches of government or private litigants.
Findings
SEC-regulated entities face many challenges in trying to maintain their ongoing business operations and infrastructure due to severe financial pressures, the threat of infection to employees and customers, and cybersecurity risks posed by remote operations from hackers and fraudsters. The SEC has reemphasized that its long-standing focus on cybersecurity and resiliency within the securities industry will continue, including ongoing vigilance over companies’ efforts to identify, assess, and address the inherent, heightened cybersecurity risks of teleworking and the resource reallocation that business need to sustain their operations until a safe and effective vaccine is developed for COVID-19.
Originality/value
Expert analysis and guidance from experienced lawyers with expertise in securities, litigation, government enforcement, information technology, data protection, privacy and cybersecurity.
Details
Keywords
US/UK/RUSSIA: Cyber warning signals rising cooperation
Details
DOI: 10.1108/OXAN-ES232175
ISSN: 2633-304X
Keywords
Geographic
Topical
David Martin, David Engvall, Kerry Burke, Gerald Hodgkins, Matthew Franker and Reid Hooper
To summarize and explain the US Securities and Exchange Commission’s (Commission) recent report of investigation cautioning public companies to consider cyber-related threats when…
Abstract
Purpose
To summarize and explain the US Securities and Exchange Commission’s (Commission) recent report of investigation cautioning public companies to consider cyber-related threats when designing and implementing internal accounting controls.
Design/methodology/approach
Explains that the Commission’s report arose out of a Commission enforcement investigation into the internal accounting controls of nine unidentified public companies that were victims of email scams, explains that the Commission issued the report to emphasize that cybersecurity remains a high priority for the Commission and the report should serve as a reminder that all public companies need to consider cyber-related threats when devising and maintaining internal accounting controls and provides practical considerations for public companies to consider in light of the Commission’s report.
Findings
Public companies should assume that the Commission is actively monitoring all areas related to cybersecurity, including corporate disclosures of cyber-related incidents and also whether companies have established policies, procedures, and internal controls in place to ensure cyber-related incidents are prevented. Given that assumption, public companies should take prompt steps to assess and, if appropriate, improve internal accounting controls, disclosure controls, and cyber-related policies and procedures to address the risk of cyber-related incidents.
Originality/value
Practical guidance from experienced securities lawyers.
Details
Keywords
This paper aims to develop a theoretical framework to predict susceptibility to cyber-fraud victimhood.
Abstract
Purpose
This paper aims to develop a theoretical framework to predict susceptibility to cyber-fraud victimhood.
Design/methodology/approach
A survey was constructed to examine whether personality, socio-demographic characteristics and online routine activities predicted one-off and repeat victimhood of cyber-fraud. Overall, 11,780 participants completed a survey (one-off victims, N = 728; repeat victims = 329).
Findings
The final saturated model revealed that psychological and socio-demographic characteristics and online routine activities should be considered when predicting victimhood. Consistent with the hypotheses, victims of cyber-frauds were more likely to be older, score high on impulsivity measures of urgency and sensation seeking, score high on addictive measures and engage in more frequent routine activities that place them at great risk of becoming scammed. There was little distinction between one-off and repeat victims of cyber-frauds.
Originality/value
This work uniquely combines psychological, socio-demographic and online behaviours to develop a comprehensive theoretical framework to predict susceptibility to cyber-frauds. Importantly, the work here challenges the current utility of government websites to protect users from becoming scammed and provides insights into methods that might be used to protect users from becoming scammed.
Details
Keywords
Neha Chhabra Roy and Sreeleakha Prabhakaran
The study aims to overview the different types of internal-led cyber fraud that have gained mainstream attention in recent major-value fraud events involving prominent Indian…
Abstract
Purpose
The study aims to overview the different types of internal-led cyber fraud that have gained mainstream attention in recent major-value fraud events involving prominent Indian banks. The authors attempted to identify and classify cyber frauds and its drivers and correlate them for optimal mitigation planning.
Design/methodology/approach
The methodology opted for the identification and classification is through a detailed literature review and focus group discussion with risk and vigilance officers and cyber cell experts. The authors assessed the future of cyber fraud in the Indian banking business through the machine learning–based k-nearest neighbor (K-NN) approach and prioritized and predicted the future of cyber fraud. The predicted future revealing dominance of a few specific cyber frauds will help to get an appropriate fraud prevention model, using an associated parties centric (victim and offender) root-cause approach. The study uses correlation analysis and maps frauds with their respective drivers to determine the resource specific effective mitigation plan.
Findings
Finally, the paper concludes with a conceptual framework for preventing internal-led cyber fraud within the scope of the study. A cyber fraud mitigation ecosystem will be helpful for policymakers and fraud investigation officers to create a more robust environment for banks through timely and quick detection of cyber frauds and prevention of them.
Research limitations/implications
Additionally, the study supports the Reserve Bank of India and the Government of India's launched cyber security initiates and schemes which ensure protection for the banking ecosystem i.e. RBI direct scheme, integrated ombudsman scheme, cyber swachhta kendra (botnet cleaning and malware analysis centre), National Cyber Coordination Centre (NCCC) and Security Monitoring Centre (SMC).
Practical implications
Structured and effective internal-led plans for cyber fraud mitigation proposed in this study will conserve banks, employees, regulatory authorities, customers and economic resources, save bank authorities’ and policymakers’ time and money, and conserve resources. Additionally, this will enhance the reputation of the Indian banking industry and extend its lifespan.
Originality/value
The innovative insider-led cyber fraud mitigation approach quickly identifies cyber fraud, prioritizes it, identifies its prominent root causes, map frauds with respective root causes and then suggests strategies to ensure a cost-effective and time-saving bank ecosystem.
Details