Search results

A research line has emerged that is concerned with investigating human factors in information systems and cyber-security in organizations using various behavioural and socio-cognitive theories. This study aims to explore human and contextual factors influencing cyber security behaviour in organizations while drawing implications for cyber-security in higher education institutions.

A systematic literature review has been implemented. The reviewed studies have revealed various human and contextual factors that influence cyber-security behaviour in organizations, notably higher education institutions.

This review study offers practical implications for constructing and keeping a robust cyber-security organizational culture in higher education institutions for the sustainable development goals of cyber-security training and education.

The value of the current review arises in that it presents a comprehensive account of human factors affecting cyber-security in organizations, a topic that is rarely investigated in previous related literature. Furthermore, the current review sheds light on cyber-security in higher education from the weakest link perspective. Simultaneously, the study contributes to relevant literature by gaining insight into human factors and socio-technological controls related to cyber-security in higher education institutions.

The purpose of this paper is to position the preservation and protection of intellectual capital as a cyber security concern. The paper outlines the security requirements of intellectual capital to help boards of directors (BoDs) and executive management teams to understand their responsibilities and accountabilities in this respect.

The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital and to outline actions to be taken by BoDs to do so.

Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance and merits attention from BoDs.

This paper clarifies BoDs intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.

The authors hope that BoDs will benefit from the clarifications, and especially from the positioning of intellectual capital in cyber space.

If BoDs know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.

This paper extends a previous paper published by Von Solms and Von Solms, which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from security researchers.

This paper aims to provide an overview of the main research topics in the emerging fields of cyber risk and cyber risk insurance. The paper also illustrates future research directions, from both academic and practical points of view.

The authors conduct a literature review on cyber risk and cyber risk insurance using a standardized search and identification process that has been used in various academic articles. Based upon this selection process, a database of 209 papers is created. The main research results findings are extracted and organized in seven clusters.

The results illustrate the immense difficulties to insure cyber risk, especially due to a lack of data and modelling approaches, the risk of change and incalculable accumulation risks. The authors discuss various ways to overcome these insurability limitations, such as mandatory reporting requirements, pooling of data or public–private partnerships in which the government covers parts of the risk.

Despite its increasing relevance for businesses at present, research on cyber risk is limited. Many papers can be found in the IT domain, but relatively little research has been done in the business and economics literature. The authors illustrate where research stands currently and outline directions for future research.

This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.

The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries.

The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets.

Some policy lessons for different stakeholders are identified.

Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.

The maritime industry is increasingly impacted by the Internet of things (IoT) through the automation of ships and port activities. This increased automation creates new security vulnerabilities for the maritime industry in cyberspace. Any obstruction in the global supply chain due to a cyberattack can cause catastrophic problems in the global economy. This paper aims to review automatic identification systems (AISs) aboard ships for cyber issues and weaknesses.

The authors do so by comparing the results of two receiver systems of the AIS in the Port of Houston; the JAMSS system aboard the Space Station and the “Harborlights” system for traffic control in the Port.

The authors find that inconsistent information is presented on the location of same ships at the same time in the Port. Upon further investigation with pilots, the authors find that these inconsistencies may be the result of the strength of power with which an AIS is transmitted. It appears the power may be reduced to the AIS in port but that it varies within port and varies by pilot operators. This practice may open the AIS system for tampering.

Further, this inconsistency may require further policy regulation to properly address cyber information in a port.

To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.

The authors gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. They conducted interviews with key stakeholders in Australian universities in order to validate these links.

The authors’ investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.

There is a need to acknowledge the different roles played by actors within the university and the relevance of information security to IC-related preservation.

Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.

This is one of the first studies to explore the connections between data and information security and the three core components of IC's knowledge security in the university context.

The dependence on the use of information systems for nearly every activity and functions in the internet is increasingly high. This form of interconnectedness has bolstered national economies, enhanced how governments interact with their citizens and how ordinary people connect with friends and family. However, this dependence has equally resulted to a high rise in vulnerability, threat and risk associated with more use of information and communication technology. Cyber-attacks that have the potential to disrupt or damage information system infrastructure are getting more complex with some level of sophistication. Traditional protection of information system infrastructure is no longer sufficient; systems have proven to be immune to failure or incidents. This paper aims to ensure that there is a continuous availability of services through a fail-safe proof.

MYSQL replication technique was used to develop a model based on three-tier layers using the principle of network interdependency and the replication techniques. Tier 1 depicts a Telecom organization serving as service provider that provides internet service to Tier 2 organization – a Bank; Tier 3 is the financial App that can be used by bank staff and customers. The fail-safe mode integrated mechanism enables Tier 3 to continue to render its services in the event of an attack on Tier 1 such as DDoS without disruption.

This technique succeeded in mitigating the loss of data if cyber incident occurred or reception of uninterrupted services is countered, which give rise to future master-to-master architecture.

The study conducted is limited to the design and development of a fail-safe system for interdependent networks or systems using MYSQL replication technique.

In an interdependent environment such as the cyberspace, the sectors are interdependent for optimal results. The originality of the work ensures that there is availability of services which is sustained and that data integrity is assured using the fail-safe technique based on MySQL replication method.

The paper aims to explore the national security implications of a potential for a World Trade Organization (WTO) dispute on data flow restrictions. It proposes a basic conceptual framework to assess data flows’ restrictions under General Agreement on Trade in Services (GATS) security exception.

If a case were to be brought before the WTO dispute settlement, the defender could support its case by invoking the security exception. This paper analyzes three main arguments that could be brought up: protection from cyber espionage, protection from cyberattacks on critical infrastructure and access to data needed to prevent terrorist threats. These three cases are analyzed both legally and technically to assess the relevance of restrictions on data flows under GATS security exception. This analysis can, more generally, inform the debate on the protection of national security in the digital era.

In the three cases, restrictions on data considered critical for national security might raise the cost of certain attacks. However, the risks would remain pervasive and national security would not be significantly enhanced both legally and technically. The implementation of good security standards and encryption techniques appears to be a more effective way to ensure a better response to cyber threats. All in all, it will be important to investigate on a case by case basis whether the scope of the measure (sectors and data covered) is considered proportionate and whether the measure in question in practice reduces the exposure of the country to cyber espionage, cyberattacks and terrorist threats.

This paper represents a contribution to the literature because it is the first paper to address systematically the issue of data flows and national security in the context of a GATS dispute and because it provides a unique perspective that looks both at legal and technical arguments.

This study is an exploration of areas pertaining to the use of production data in non-production environments. During the software development life cycle, non-production environments are used to serve various purposes to include unit, component, integration, system, user acceptance, performance and configuration testing. Organisations and third parties have been and are continuing to use copies of production data in non-production environments. This can lead to personal and sensitive data being accidentally leaked if appropriate and rigorous security guidelines are not implemented. This paper aims to propose a comprehensive framework for minimising data leakage from non-production environments. The framework was evaluated using guided interviews and was proven effective in helping organisation manage sensitive data in non-production environments.

Authors conducted a thorough literature review on areas related to data leakage from non-production systems. By doing an analysis of advice, guidelines and frameworks that aims at finding a practical solution for selecting and implementing a de-identification solution of sensitive data, the authors managed to highlight the importance of all areas related to sensitive data protection. Based on these areas, a framework was proposed which was evaluated by conducting set of guided interviews.

This paper has researched the background information and produced a framework for an organisation to manage sensitive data in its non-production environments. This paper presents a proposed framework that describes a process flow from the legal and regulatory requirements to data treatment and protection, gained through understanding the organisation’s business, the production system, the purpose and the requirements of the non-production environment. The paper shows that there is some conflict between security and perceived usability, which may be addressed by challenging the perceptions of usability or identifying the compromise required. Non-production environments need not be the sole responsibility of the IT section, they should be of interest to the business area that is responsible for the data held.

This paper proposes a simplified business model and framework. The proposed model diagrammatically describes the interactions of elements affecting the organisation. It highlights how non-production environments may be perceived as separate from the business systems, but despite the perceptions, these are still subject to the same legal requirements and constraints. It shows the interdependency of data, software, technical infrastructure and human interaction and how the change of one element may affect the others. The proposed framework describes the process flow and forms a practical solution in assisting the decision-making process and providing documentary evidence for assurance and audit purposes. It looks at the requirements of the non-production system in relation to the legal and regulatory constraints, as well as the organisational requirements and business systems. The impact of human factors on the data is also considered to bring a holistic approach to the protection of non-production environments.

This paper looks at a particular type of cheating that occurs in an online university setting. That is, when students who have a connection from outside the online learning environment conspire to cheat together. It measures the correlations between student variables and cheating, instructional variables and cheating and learning outcomes and cheating. The purpose of this paper is to understand the relationships between these factors and cheating, in the hope that the multifaceted nature of academic dishonesty can be better understood.

This study surveyed a group of students (n = 88) who participated in cyber university classes in South Korea. The study investigates the correlations between student characteristics, student attitudes, instructional design, lecture quality and learning outcomes with cheating.

The research looks at correlations between stable demographic factors and student attitudes towards cheating and finds no strong relationships. On the other hand, this study finds statistically significant negative correlations between instructional design quality and cheating, and lecture quality and cheating. This shows that instructors can affect the amount their students cheat through improving the quality of their courses. Also, there was a significant relationship between students’ levels of learning, satisfaction, engagement and interest and cheating.

Looking at cheating from a variety of angles within a single research agenda gives a clear understanding to instructors as to how cheating in their class will manifest, and how it will negatively impact the quality of a student’s experience.