Search results

This paper aims to evaluate the impact of various preview modes on tourist attitudes and intentions to visit a destination based on consumers’ level of involvement in travel decision-making.

The study was conducted as a between-subjects one-factor [preview mode: static images vs 360-degree tour vs virtual reality (VR) mode] in a laboratory experiment setup to examine how consumers with different levels of involvement in travel decision-making respond to destination marketing toward three different preview modes.

The findings indicated that VR preview mode highly influences tourist attitudes and visit intentions toward a destination compared to static images and 360-degree tours. This effect is more significant among participants with higher levels of customer involvement. Finally, the results from the study offer empirical evidence of the effectiveness of VR in shaping user behavior compared to traditional preview modes.

The limitations are using a non-probability sampling method, a small sample size and affordable mobile-compatible VR headsets.

This study offers empirical evidence on the effectiveness of VR in shaping tourist behavior compared to traditional preview modes. It helps destination marketers develop appropriate strategies for promoting tourist destinations.

The novelty of this paper lies in understanding the effectiveness of VR in shaping tourist behavior with different levels of customer involvement in travel decision-making.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary organisation. This paper explores the reputation repair strategies undertaken by organisations in the event of becoming victims of cyber-attacks.

For developing the authors’ contribution in the context of the Internet service providers' industry, the authors draw on a qualitative case study of TalkTalk, a British telecommunications company providing business to business (B2B) and business to customer (B2C) Internet services, which was a victim of a “significant and sustained” cyber-attack in October 2015. Data for the enquiry is sourced from publicly available archival documents such as newspaper articles, press releases, podcasts and parliamentary hearings on the TalkTalk cyber-attack.

The findings suggest a dynamic interplay of technical and rhetorical responses in dealing with cyber-attacks. This plays out in the form of marshalling communication and mortification techniques, bolstering image and riding on leader reputation, which serially combine to strategically orchestrate reputational repair and stigma erasure in the event of a cyber-attack.

Analysing a prototypical case of an organisation in dire straits following a cyber-attack, the paper provides a systematic characterisation of the setting-in-motion of strategic responses to manage, revamp and ameliorate damaged reputation during cyber-attacks, which tend to negatively shape the evaluative perceptions of the organisation's salient audience.

The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises.

This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence?

In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel.

This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn.

Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations.

Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats.

Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to other structures, it is incumbent to discover if there are measurable benefits. This research hopes to define the concept of security collaboration optimization more fully. The eventual goal is to develop and promote a tool useful for organizations to measure where they are on such a continuum.

For the provision of smart library services to end users, tools of the Internet of Things (IoT) play a significant role. The study aims to discover the factors influencing the adoption of IoT in university libraries, investigate the impact of IoT on university library services and identify challenges to adopt IoT applications in university libraries.

A systematic literature review was carried out to address the objectives of the study. The 40 most relevant research papers published in the world’s leading digital databases were selected to conduct the study.

The findings illustrated that rapid growth in technology, perceived benefits, the networked world and the changing landscape of librarianship positively influenced the adoption of IoT in university libraries. The study also displayed that IoT supported library professionals to initiate smart library services, assisted in service efficiency, offered context-based library services, provided tracking facilities and delivered effective management of library systems. Results also revealed that a lack of technical infrastructure, security and privacy concerns, a lack of technological skills and unavailability of policy and strategic planning caused barriers to the successful adoption of IoT applications in university libraries.

The study has provided theoretical implications through a valuable addition to the current literature. It has also offered managerial implications for policymakers to construct productive policies for the implementation of IoT applications in university libraries for the attainment of fruitful outcomes. Finally, the study provides a baseline for understanding the adoption of IoT in academic libraries.

The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society.

This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness.

The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively.

The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others.

This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.

Automatic dependent surveillance-broadcast (ADS-B) is the foundational technology of the next generation air transportation system defined by Federal Aviation Authority and is one of the most precise ways for tracking aircraft position. ADS-B is intended to provide greater situational awareness to the pilots by displaying the traffic information like aircraft ID, altitude, speed and other critical parameters on the Cockpit Display of Traffic Information displays in the cockpit. Unfortunately, due to the initial proposed nature of ADS-B protocol, it is neither encrypted nor has any other innate security mechanisms, which makes it an easy target for malicious attacks. The system is vulnerable to various active and passive attacks like message ingestion, message deletion, eavesdropping, jamming, etc., which has become an area of concern for the aviation industry. The purpose of this study is to propose a method based on modified advanced encryption standard (AES) algorithm to secure the ADS=B messages and increase the integrity of ADS-B data transmissions.

Though there are various cryptographic and non-cryptographic methods proposed to secure ADS-B data transmissions, it is evident that most of these systems have limitations in terms of cost, implementation or feasibility. The new proposed method implements AES encryption techniques on the ADS-B data on the sender side and correlated decryption mechanism at the receiver end. The system is designed based on the flight schedule data available from any flight planning systems and implementing the AES algorithm on the ADS-B data from each aircraft in the flight schedule.

The suitable hardware was developed using Raspberry pi, ESP32 and Ra-02. Several runs were done to verify the original message, transmitted data and received data. During transmission, encryption algorithm was being developed, which has got very high secured transmission, and during the reception, the data was secured. Field test was conducted to validate the transmission and quality. Several trials were done to validate the transmission process. The authors have successfully shown that the ADS-B data can be encrypted using AES algorithm. The authors are successful in transmitting and receiving the ADS-B data packet using the discussed hardware and software methodology. One major advantage of using the proposed solution is that the information received is encrypted, and the receiver ADS-B system can decrypt the messages on the receiving end. This clearly proves that when the data is received by an unknown receiver, the messages cannot be decrypted, as the receiver is not capable of decrypting the AES-authenticated messages transmitted by the authenticated source. Also, AES encryption is highly unlikely to be decrypted if the encryption key and the associated decryption key are not known.

Implementation of the developed solution in actual onboard avionics systems is not within the scope of this research. Hence, assessing in the real-time distances is not covered.

The authors propose to extend this as a software solution to the onboard avionics systems by considering the required architectural changes. This solution can also bring in positive results for unmanned air vehicles in addition to the commercial aircrafts. Enhancement of security to the key operational and navigation data elements is going to be invaluable for future air traffic management and saving lives of people.

The proposed solution has been practically implemented by developing the hardware and software as part of this research. This has been clearly brought out in the paper. The implementation has been tested using the actual ADS-B data/messages received from using the ADS-B receiver. The solution works perfectly, and this brings immense value to the aircraft-to-aircraft and aircraft-to-ground communications, specifically while using ADS-B data for communicating the position information. With the proposed architecture and minor software updates to the onboard avionics, this solution can enhance safety of flights.

Additive manufacturing also known as 3D printing is an evolving advanced manufacturing technology critical for the new era of complex machinery and operating systems. Manufacturing systems are increasingly faced with risk of attacks not only by traditional malicious actors such as hackers and cyber-criminals but also by some competitors and organizations engaged in corporate espionage. This paper aims to elaborate a plausible risk practice of designing and demonstrate a case study for the compromised-based malicious for polymer 3D printing system.

This study assumes conditions when a machine was compromised and evaluates the effect of post compromised attack by studying its effects on tensile dog bone specimens as the printed object. The designed algorithm removed predetermined specific number of layers from the tensile samples. The samples were visually identical in terms of external physical dimensions even after removal of the layers. Samples were examined nondestructively for density. Additionally, destructive uniaxial tensile tests were carried out on the modified samples and compared to the unmodified sample as a control for various mechanical properties. It is worth noting that the current approach was adapted for illustrating the impact of cyber altercations on properties of additively produced parts in a quantitative manner. It concurrently pointed towards the vulnerabilities of advanced manufacturing systems and a need for designing robust mitigation/defense mechanism against the cyber altercations.

Density, Young’s modulus and maximum strength steadily decreased with an increase in the number of missing layers, whereas a no clear trend was observed in the case of % elongation. Post tensile test observations of the sample cross-sections confirmed the successful removal of the layers from the samples by the designed method. As a result, the current work presented a cyber-attack model and its quantitative implications on the mechanical properties of 3D printed objects.

To the best of the authors’ knowledge, this is the original work from the team. It is currently not under consideration for publication in any other avenue. The paper provides quantitative approach of realizing impact of cyber intrusions on deteriorated performance of additively manufactured products. It also enlists important intrusion mechanisms relevant to additive manufacturing.

This paper aims to propose a new method to derive custom dynamic cyber risk metrics based on the well-known Goal, Question, Metric (GQM) approach. A framework that complements it and makes it much easier to use has been proposed too. Both, the method and the framework, have been validated within two challenging application domains: continuous risk assessment within a smart farm and risk-based adaptive security to reconfigure a Web application firewall.

The authors have identified a problem and provided motivation. They have developed their theory and engineered a new method and a framework to complement it. They have demonstrated the proposed method and framework work, validating them in two real use cases.

The GQM method, often applied within the software quality field, is a good basis for proposing a method to define new tailored cyber risk metrics that meet the requirements of current application domains. A comprehensive framework that formalises possible goals and questions translated to potential measurements can greatly facilitate the use of this method.

The proposed method enables the application of the GQM approach to cyber risk measurement. The proposed framework allows new cyber risk metrics to be inferred by choosing between suggested goals and questions and measuring the relevant elements of probability and impact. The authors’ approach demonstrates to be generic and flexible enough to allow very different organisations with heterogeneous requirements to derive tailored metrics useful for their particular risk management processes.

This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity practices within organizations for cybersecurity risk management through a systematic literature review (SLR) approach.

This SLR adhered to RepOrting Standards for Systematics Evidence Syntheses (ROSES) publication standards and used various research approaches. The study’s article selection process involved using Scopus, one of the most important scientific databases, to review articles published between 2014 and 2023.

This review identified the four main themes: individual factors, organizational factors, technological factors and governmental role. In addition, nine subthemes that relate to these primary topics were established.

This research sheds light on the multifaceted nature of cybersecurity by exploring factors influencing implementation and developing an improvement framework, offering valuable insights for researchers to advance theoretical developments, assisting industry practitioners in tailoring cybersecurity strategies to their needs and providing policymakers with a basis for creating more effective cybersecurity regulations and standards.