Search results

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

This paper aims to propose a new method to derive custom dynamic cyber risk metrics based on the well-known Goal, Question, Metric (GQM) approach. A framework that complements it and makes it much easier to use has been proposed too. Both, the method and the framework, have been validated within two challenging application domains: continuous risk assessment within a smart farm and risk-based adaptive security to reconfigure a Web application firewall.

The authors have identified a problem and provided motivation. They have developed their theory and engineered a new method and a framework to complement it. They have demonstrated the proposed method and framework work, validating them in two real use cases.

The GQM method, often applied within the software quality field, is a good basis for proposing a method to define new tailored cyber risk metrics that meet the requirements of current application domains. A comprehensive framework that formalises possible goals and questions translated to potential measurements can greatly facilitate the use of this method.

The proposed method enables the application of the GQM approach to cyber risk measurement. The proposed framework allows new cyber risk metrics to be inferred by choosing between suggested goals and questions and measuring the relevant elements of probability and impact. The authors’ approach demonstrates to be generic and flexible enough to allow very different organisations with heterogeneous requirements to derive tailored metrics useful for their particular risk management processes.

The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises.

This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence?

In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel.

This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn.

Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations.

Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats.

Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to other structures, it is incumbent to discover if there are measurable benefits. This research hopes to define the concept of security collaboration optimization more fully. The eventual goal is to develop and promote a tool useful for organizations to measure where they are on such a continuum.

The Kingdom of Saudi Arabia (KSA) is embracing digital transformation and e-government services, aiming to improve efficiency, accessibility and citizen-centricity. Nonetheless, the country faces challenges such as evolving cyber threats. The purpose of this study is to investigate the factors influencing cybersecurity practices to ensure the reliability and security of e-government services.

This paper investigates the multifaceted dynamics of cybersecurity practices and their impact on the quality and effectiveness of e-government services. Five key factors explored include organizational culture, technology infrastructure, adherence to standards and regulations, employee training and awareness and financial investment in cybersecurity. This study used a quantitative method to gather data from 320 participants. The researcher collected 285 completed questionnaires, excluding unusable or incomplete responses, and analyzed the final data set using partial least squares structural equation modeling.

The findings show that financial investment in cybersecurity, employee training and awareness and adherence to cybersecurity regulations significantly influence the adoption of robust cybersecurity practices. However, the relationship between organizational culture and cybersecurity practices is less straightforward. The research establishes a strong positive correlation between cybersecurity practices and e-government service quality, highlighting the role of security in fostering public trust and user satisfaction and meeting the evolving needs of citizens and businesses.

This research contributes valuable empirical evidence to the fields of e-government and cybersecurity, offering insights that can inform evidence-based policy decisions and resource allocation. By understanding the nuanced dynamics at play, Saudi Arabia is better poised to fortify its digital governance infrastructure and provide secure, high-quality e-government services to its constituents.

For the provision of smart library services to end users, tools of the Internet of Things (IoT) play a significant role. The study aims to discover the factors influencing the adoption of IoT in university libraries, investigate the impact of IoT on university library services and identify challenges to adopt IoT applications in university libraries.

A systematic literature review was carried out to address the objectives of the study. The 40 most relevant research papers published in the world’s leading digital databases were selected to conduct the study.

The findings illustrated that rapid growth in technology, perceived benefits, the networked world and the changing landscape of librarianship positively influenced the adoption of IoT in university libraries. The study also displayed that IoT supported library professionals to initiate smart library services, assisted in service efficiency, offered context-based library services, provided tracking facilities and delivered effective management of library systems. Results also revealed that a lack of technical infrastructure, security and privacy concerns, a lack of technological skills and unavailability of policy and strategic planning caused barriers to the successful adoption of IoT applications in university libraries.

The study has provided theoretical implications through a valuable addition to the current literature. It has also offered managerial implications for policymakers to construct productive policies for the implementation of IoT applications in university libraries for the attainment of fruitful outcomes. Finally, the study provides a baseline for understanding the adoption of IoT in academic libraries.

The purpose of this study is to identify and prioritize capabilities and practices to ensure a resilient supply chain during an unexpected disruption. In addition, this study ranks maturity factors that influence the main capabilities identified.

This paper is conducted in three stages. First, capabilities and practices are extracted through a literature review. Second, capabilities and practices are ranked using the analytical hierarchical process method. Third, a gray technique for order preference by similarity to ideal solution method is used to rank maturity factors influencing capabilities.

The findings indicate that responsiveness, readiness, flexibility and adaptability are the most important capabilities for supply chain resilience. Also, commitment and communication are the highest maturity factors influencing resilience capabilities.

The findings provide a hierarchical vision of capabilities and practices for industries to increase resilience. Limitations of the paper are related to capabilities, practices and number of experts consulted.

This paper highlights the importance of high-maturity practices in resilience capability adoption. The findings of this study will encourage decisions-makers to increase maturity practices to build resilience against disruption.

The paper reveals that developing powerful capabilities, good practices and a high level of maturity improve supply chain resilience.

Studies show that building information modelling (BIM) technology can improve construction productivity regarding the design, construction and maintenance of a project life cycle in the 21st century. Revit has been identified as a frequently used tool for delivering BIM in the built environment. Studies about BIM technology via Revit are scarce in training middle-level workforce higher education institutions. Thus, this study aims to investigate the relevance of BIM technology and offer measures to promote digitalisation in Nigeria’s built environment polytechnic undergraduates via Revit.

Given the unexplored nature of training the middle-level workforce in Nigeria, 37 semi-structured virtual interviews were conducted across Nigeria, and saturation was achieved. The participants were knowledgeable about construction-related BIM. The researchers used a thematic analysis for the collected data and honed them with secondary sources.

Improved visualisation of design, effective and efficient work productivity, automatic design and quantification, improved database management and collaboration and data storage in the centrally coordinated model, among others, emerged as BIM’s benefits. BIM technology via Revit is challenging, especially in Nigeria’s polytechnic education curriculum. The 24 perceived issues were grouped into government/regulatory agencies-related, polytechnic management-related and polytechnic undergraduate students-related hindrances in Nigeria’s built environment.

This study is limited to BIM implications for Nigeria’s built environment polytechnic undergraduates.

This study contributes to the literature paucity in attempting to uncover perceived issues hindering the implementation of BIM technology via Revit in training Nigeria’s built environment polytechnic undergraduates via a qualitative approach.

The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society.

This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness.

The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively.

The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others.

This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.

This paper offers an empirical overview of European emergency managers' institutional arrangements and guidelines for using social media in risk and crisis communication.

The authors collected and analysed material including publicly accessible relevant legal acts, policy documents, official guidelines, and press reports in eight European countries – Germany, Italy, Belgium, Sweden, Hungary, Finland, Norway, and Estonia. Additionally, the authors carried out 95 interviews with emergency managers in the eight countries between September 2019 and February 2020.

The authors found that emergency management institutions' social media usage is rarely centrally controlled and social media crisis communication was regulated with the same guidelines as crisis communication on traditional media. Considering this study's findings against the backdrop of existing research and practice, the authors find support for a “mixed arrangement” model by which centralised policies work in tandem with decentralised practices on an ad hoc basis.

Comparative insights about institutional arrangements and procedural guidelines on social media crisis communication in the studied countries could inform the future policies concerning social media use in other emergency management systems.

This study includes novel, cross-national comparative data on the institutional arrangements and guidelines for using social media in emergency management in the context of Europe.