Search results

Banking traces back to 2000 BC in Assyria, India and Sumeria. Merchants used to give grain loans to farmers and traders to carry goods between cities. In ancient Greece and Roman Empire, lenders in temples, provided loans, and accepted deposits while performed change of money. The archaeological evidence uncovered in India and China corroborates this. The major development in banking came predominantly in the mediaeval, Renaissance Italy, with the major cities Florence, Venice and Genoa being the financial centres. Technology has become an inherent and integral part of our lives. We are generating a huge amount of data in transfer, storage and usage, with greater demands of ubiquitous accessibility, inducing an enormous impact on industry and society. With the emergence of smarter cities and societies, the security challenges pertinent to data become greater, impending impact on the consumer protection and security. The aim of this chapter is to highlight if SSI and passwordless authentication using FIDO-2 protocol assuage security concerns such as authentication and authorisation while preserving the individual's privacy.

In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.

The authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.

The study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.

This research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.

Proposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.

The study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.

This article surveys why libraries are vulnerable to social engineering attacks and how to manage risks of human-caused cyber threats on organizational level; investigates Estonian library staff awareness of information security and shares recommendations concerning focus areas that should be given more attention in the future.

The data used in this paper is based on an overview of relevant literature highlighting the theoretical points and giving the reasons why human factor is considered the weakest link in information security and cyber security and studying how to mitigate the related risks in the organisation. To perform the survey, a web questionnaire was designed which included 63 sentences and was developed based on the knowledge-attitude-behaviour (KAB) model supported by Kruger and Kearney and Human Aspects of Information Security Questionnaire (HAIS-Q) designed by Parsons et al.

The research results show that the information security awareness of library employees is at a good level; however, awareness in two focus areas needs special attention and should be improved. The output of this study is the mapping of seven focus areas of information security policy in libraries based on the HAIS-Q framework and the KAB model.

The cyber awareness of library employees has not been studied in the world using HAIS-Q and KAB model, and to the best of the authors’ knowledge, no research has been previously carried out in the Estonian library context into cyber security awareness.

This paper aims to explore key management actions for implementing security on the cloud, which is a critical issue as many organizations are moving business processes and data on it. The cloud is a flexible, low cost and highly available technology, but it comes with increased complexity in maintaining the cloud consumer’s security. In this research, a model was built to assist strategic decision-makers in choosing from a diverse range of actions that can be taken to manage cloud security.

Published research from 2010 to 2022 was reviewed to identify alternatives to management actions pertaining to cloud security. Analytical hierarchical process (AHP) was applied to rate the most important action(s). For this, the alternatives, along with selection criteria, were summarized through thematic analysis. To gauge the relative importance of the alternatives, a questionnaire was distributed among cloud security practitioners to poll their opinion. AHP was then applied to the aggregated survey responses.

It was found that the respondents gave the highest importance to aligning information security with business needs. Building a cloud-specific risk management framework was rated second, while the actions: enforce and monitor contractual obligations, and update organizational structure, were rated third and fourth, respectively.

The research takes a general view without catering to specialized industry-based scenarios.

This paper highlights the role of management actions when implementing cloud security. It presents an AHP-based multi-criteria decision-making model that can be used by strategic decision-makers in selecting the optimum mode of action. Finally, the criteria used in the AHP model highlight how each alternative contributes to cloud security.

IT security compliance is critical to the organization’s success, and such compliance depends largely on IT leadership. Considering the prevalence of unconscious gender biases and stereotyping at the workplace and growing female leadership in IT, the authors examine how the internalization of stereotype beliefs, in the form of the employee’s gender, impacts the relationships between leadership characteristics and IT security compliance intentions.

A controlled experiment using eight different vignettes manipulating Chief Information Officer (CIO) gender (male/female), Information Technology (IT) expertise (low/high) and leadership style (transactional/transformational) was designed in Qualtrics. Data were gathered from MTurk workers from all over the US.

The findings suggest that both CIOs' and employees' gender play an important role in how IT leadership characteristics – perceived expertise and leadership style – influence the employees' intentions and reactance to comply with CIO security recommendations.

This study's findings enrich the security literature by examining the role of leadership styles on reactance and compliance intentions. They also provide important theoretical implications based on gender stereotype theory alone: First, the glass ceiling effects can be witnessed in how men and women employees demonstrate prejudice against women CIO leaders through their reliance on perceived quadratic CIO IT expertise in forming compliance intentions. Secondly, this study's findings related to gender role internalization show men and women have a prejudice against gender-incongruent roles wherein women employees are least resistive to transactional male CIOs, and men employees are less inclined to comply with transactional female CIOs confirm the findings related to gender internationalization from Hentschel et al. (2019).

This study highlights the significance of organizations and individuals actively promoting gender equality and fostering environments that recognize women's achievements. It also underscores the importance of educating men and women about the societal implications of stereotyping gender roles that go beyond the organizational setting. This research demonstrates that a continued effort is required to eradicate biases stemming from gender stereotypes and foster social inclusion. Such efforts can positively influence how upcoming IT leaders and employees internalize gender-related factors when shaping their identities.

This study shows that more work needs to be done to eliminate gender stereotype biases and promote social inclusion to positively impact how future IT leaders and employees shape their identities through internalization.

This study redefines the concept of “sticky floors” to explain how subordinates can hinder and undermine female leaders, thereby contributing to the glass ceiling effect. In addition, the study elucidates how gender roles shape employees' responses to different leadership styles through gender stereotyping and internalization.

This paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.

The research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.

The investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.

The main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.

Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process.

The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance.

By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes.

By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.

This study explores the critical success factors (CSFs) for Security Education, Training and Awareness (SETA) program effectiveness. The questionable effectiveness of SETA programs at changing employee behavior and an absence of empirical studies on the CSFs for SETA program effectiveness is the key motivation for this study.

This exploratory study follows a systematic inductive approach to concept development. The methodology adopts the “key informant” approach to give voice to practitioners with SETA program expertise. Data are gathered using semi-structured interviews with 20 key informants from various geographic locations including the Gulf nations, Middle East, USA, UK and Ireland.

In this study, the analysis of these key informant interviews, following an inductive open, axial and selective coding approach, produces 11 CSFs for SETA program effectiveness. These CSFs are mapped along the phases of a SETA program lifecycle (design, development, implementation and evaluation) and nine relationships identified between the CSFs (within and across the lifecycle phases) are highlighted. The CSFs and CSFs' relationships are visualized in a Lifecycle Model of CSFs for SETA program effectiveness.

This research advances the first comprehensive conceptualization of the CSFs for SETA program effectiveness. The Lifecycle Model of CSFs for SETA program effectiveness provides valuable insights into the process of introducing and sustaining an effective SETA program in practice. The Lifecycle Model contributes to both theory and practice and lays the foundation for future studies.

In the current scenario, cybersecurity issues have emerged to be a major challenge for firms to deal with. The increased use of technologies has increased radically the volume and typology of information produced, exchanged, and managed by firms thus creating conditions for cybersecurity incidents or information breaches. In this situation, it becomes paramount for firms to recognize cybersecurity risks and be prepared to prevent them through the implementation of approaches and technologies able to ensure a high level of protection.

In this chapter, we provide a framework for analyzing and managing cybersecurity risks. We employed a case study strategy to understand how the risk analysis process is carried out within an Information Security company. The study and observations obtained from this case study have permitted to define a framework useful for SME to deal with cybersecurity issues.

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.