Search results
1 – 10 of over 66000Patrick De Pelsmacker, Verolien Cauberghe and Nathalie Dens
The purpose of this paper is to investigate the effect of level of graphic threat (weak and strong) and the amount of information (low and high) on message effectiveness for an…
Abstract
Purpose
The purpose of this paper is to investigate the effect of level of graphic threat (weak and strong) and the amount of information (low and high) on message effectiveness for an unfamiliar (a muscle disorder due to lack of physical exercise) vs a familiar (injuries as a result of traffic accidents due to drunk driving) issue.
Design/methodology/approach
The method employed was experimental 2 (issue familiarity: unfamiliar, familiar issue)×2 (amount of information: low, high)×2 (graphic threat level: weak, strong) full factorial between‐subjects design. Data are collected from a sample of 206 Belgians.
Findings
It was found that a strong graphic threat message has a greater effect for an unfamiliar than for a familiar issue. For a familiar issue, adding information to a weak threat appeal increases perceived severity. For an unfamiliar issue, adding information to a strong graphic threat appeal has a similar effect. Perceived severity of threat, perceived probability of occurrence, evoked fear and perceived coping efficacy have a significant effect on the intention to adopt the recommended behavior. For an unfamiliar issue, perceived efficacy and perceived probability of occurrence primarily have the greatest impact on coping intention. For a familiar issue, perceived severity, evoked fear and perceived efficacy determine coping intention.
Practical implications
The results substantially support the use of different message tactics for health threats that are either new or familiar for the target group.
Originality/value
Most studies have limited themselves to studying the impact of threat strength on perceived threat and response efficacy, on evoked fear and on message acceptance. The present study adds the contextual and message elements, namely issue familiarity and amount of information provided, the link of which with threat appeal has – as far to the authors' knowledge never been studied before in one integrated analysis.
Details
Keywords
Eileen M. Decker, Matthew Morin and Eric M. Rosner
Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a…
Abstract
Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a constant stream of cyberattacks through varied methods by actors with myriad motivations. These threats are not expected to diminish in the near future. As a result, homeland security and national security professionals at all levels of government must understand the unique motivations and capabilities of malicious cyber actors in order to better protect against and respond to cyberattacks. This chapter outlines the most common cyberattacks; explains the motivations behind these attacks; and describes the federal, state, and local efforts to address these threats.
Details
Keywords
Hao Chen and Yufei Yuan
Protection motivation theory (PMT) explains that the intention to cope with information security risks is based on informed threat and coping appraisals. However, people cannot…
Abstract
Purpose
Protection motivation theory (PMT) explains that the intention to cope with information security risks is based on informed threat and coping appraisals. However, people cannot always make appropriate assessments due to possible ignorance and cognitive biases. This study proposes a research model that introduces four antecedent factors from ignorance and bias perspectives into the PMT model and empirically tests this model with data from a survey of electronic waste (e-waste) handling.
Design/methodology/approach
The data collected from 356 Chinese samples are analyzed via structural equation modeling (SEM).
Findings
The results revealed that for threat appraisal, optimistic bias leads to a lower perception of risks. However, factual ignorance (lack of knowledge of risks) does not significantly affect the perceived threat. For coping appraisal, practical ignorance (lack of knowledge of coping with risks) leads to low response efficacy and self-efficacy and high perceptions of coping cost, but the illusion of control overestimates response efficacy and self-efficacy.
Originality/value
First, this study addresses a new type of information security problem in e-waste handling. Second, this study extends the PMT model by exploring the roles of ignorance and bias as antecedents. Finally, the authors reinvestigate the basic constructs of PMT to identify how rational threat and coping assessments affect user intentions to cope with data security risks.
Details
Keywords
The purpose of the current research is to present an explanatory framework for how people selectively attend to privacy-related news information about LBA depending on the extent…
Abstract
Purpose
The purpose of the current research is to present an explanatory framework for how people selectively attend to privacy-related news information about LBA depending on the extent to which they know about LBA already as well as their appraisals of privacy threats and efficacy.
Design/methodology/approach
The proposed model was tested using structural equation modeling based on a total of 522 useable responses obtained from an online survey.
Findings
The results revealed two different approaches to information exposure: (1) people choose to seek out privacy-related news articles when their persuasion knowledge and perceived threat level are high, whereas (2) they tend to avoid such information when perceived threats accompany fear as well as psychological discomfort, or when they believe that they are knowledgeable about LBA practices and highly capable of protecting their privacy.
Originality/value
With the development of real-time location-tracking technologies, the practice of LBA is becoming increasingly popular. As such, however, concerns about data collection and privacy are also on the rise, garnering a great deal of media attention. Despite the importance and constant stream of news reports on the subject, a comprehensive understanding of consumers' privacy assessments and information consumption remains underexamined. By incorporating the persuasion knowledge model and extended parallel process model, the current research presents an explanatory framework for consumers' privacy perceptions and information choice.
Details
Keywords
Zhengbiao Han, Shuiqing Huang, Huan Li and Ni Ren
This paper uses the GB/T20984-2007 multiplicative method to assess the information security risk of a typical digital library in compliance with the principle and thought of ISO…
Abstract
Purpose
This paper uses the GB/T20984-2007 multiplicative method to assess the information security risk of a typical digital library in compliance with the principle and thought of ISO 27000. The purpose of this paper is to testify the feasibility of this method and provide suggestions for improving information security of the digital library.
Design/methodology/approach
This paper adopts convenience sampling to select respondents. The assessment of assets is through analyzing digital library-related business and function through a questionnaire which collects data to determine asset types and the importance of asset attributes. The five-point Likert scale questionnaire method is used to identify the threat possibility and its influence on the assets. The 12 respondents include directors and senior network technicians from the editorial department, comic library, children’s library, counseling department and the learning promotion centre. Three different Guttman scale questionnaires, tool testing and on-site inspection are combined to identify and assess vulnerabilities. There were different Guttman scale questionnaires for management personnel, technical personnel and general librarian. In all, 15 management librarians, 7 technical librarians and 72 ordinary librarians answered the vulnerability questionnaire. On-site inspection was conducted on the basis of 11 control domains of ISO 27002. Vulnerabilities were scanned using remote security evaluation system NSFOCUS. The scanning covered ten IP sections and a total of 81 hosts.
Findings
Overall, 2,792 risk scores were obtained. Among them, 282 items (accounting for 10.1 per cent of the total) reached the high risk level; 2 (0.1 per cent) reached the very high risk level. High-risk items involved 26 threat types (accounting for 44.1 per cent of all threat types) and 13 vulnerability types (accounting for 22.1 per cent of all vulnerability types). The evaluation revealed that this digital library faces seven major hidden dangers in information security. The assessment results were well accepted by staff members of this digital library, which testified to the applicability of this method to a Chinese digital library.
Research limitations/implications
This paper is only a case study of a typical Chinese digital library using a digital library information security assessment method. More case-based explorations are necessary to prove the feasibility of the assessing strategy proposed in this study.
Originality/value
Based on the findings of recent literature, the authors found that very few researchers have made efforts to develop methods for calculating the indicators for digital library information security risk assessment. On the basis of ISO 27000 and other related information security standards, this case study proposed an operable method of digital library information security risk assessment and used it to assess a the information security of a typical Chinese digital library. This study can offer insights for formulating a digital library information security risk assessment scale.
Details
Keywords
Guillermo Horacio Ramirez Caceres and Yoshimi Teshigawara
The level of security of home information systems can be described as their capacity to resist all the accidental or deliberate malicious activities based on the evaluation…
Abstract
Purpose
The level of security of home information systems can be described as their capacity to resist all the accidental or deliberate malicious activities based on the evaluation assurance levels (EAL) as defined in international standards. The purpose of this paper is to propose a security guideline tool for home users based on the implementation of a protection profile (PP) for home user systems.
Design/methodology/approach
The application was developed in three basic steps. First, a PP for home user systems was created on the basis of the international standard ISO/IEC 15408. Then, the paper created a knowledge base including the PP information, as well as a security policy including other international standards, as mentioned above. Finally, the paper created a web application tool to be used as a security guideline for home users.
Findings
This tool is developed in order to support users to understand the threats which affect their environment and select the appropriate security policy. By using this tool, users can access information about international standards in accordance to their level of knowledge.
Research limitations/implications
The authors created a tool based on EAL4. In the future, tools based on EAL1, EAL2, and EAL3 can be created easily on the basis of the present model.
Originality/value
This PP specifies the security requirements for home user information technology (IT) environments, and makes use of the Department of Defense information assurance guidelines and policies as a basis for establishing the requirements necessary for meeting the security objectives. This PP is constructed for use as a reference for home users to create safe home IT environments. Operating systems evaluated against this PP can operate at EAL4.
Details
Keywords
Arthur Jung‐Ting Chang and Quey‐Jen Yeh
Modernized information systems (IS) have brought enterprises not only enormous benefits, but also linked information threats. Most enterprises solve their IS security‐related…
Abstract
Purpose
Modernized information systems (IS) have brought enterprises not only enormous benefits, but also linked information threats. Most enterprises solve their IS security‐related problems using technical means alone, and focus on technical rather than managerial controls, which may imply potential crises. This study examines whether the security preparation of firms matches the severity of IS threats they perceive in developing countries, especially in issues concerning “people” and “administration”. Additionally, this study discusses appropriate threat mitigation strategies for the four sectors as well.
Design/methodology/approach
Using an empirical study, this study explores the past and current concerns of IS threats of firms in different industries, and the countermeasures prepared by them to protect themselves from such threats. The empirical data was provided by 109 Taiwanese enterprises from four sectors.
Findings
The analytical results revealed the differences in both the IS threats concerned and the security scopes prepared among the four sectors. Moreover, the preparation scopes were not commensurate with the perceived severity of threats. All four industries rated the network as posing the strongest threat, following regulation and personnel issues, while among the countermeasures in use, these three issues have larger application deficiencies.
Originality/value
This study concludes that the firms do not well prepare themselves against IS threats entailed to non‐technical administration issues and discusses appropriate threat mitigation strategies for the four sectors. Specifically, firms should be aware of IS threats to their business and prepare suitable security protections.
Details
Keywords
Hao Chen, Ofir Turel and Yufei Yuan
Electronic waste (e-waste) such as discarded computers and smartphones may contain large amounts of confidential data. Improper handling of remaining information in e-waste can…
Abstract
Purpose
Electronic waste (e-waste) such as discarded computers and smartphones may contain large amounts of confidential data. Improper handling of remaining information in e-waste can, therefore, drive information security risk. This risk, however, is not always properly assessed and managed. The authors take the protection motivation theory (PMT) lens of analysis to understand intentions to protect one's discarded electronic assets.
Design/methodology/approach
By applying structural equation modeling, the authors empirically tested the proposed model with survey data from 348 e-waste handling users.
Findings
Results highlight that (1) protection intention is influenced by the perceived threat of discarding untreated e-waste (a threat appraisal) and self-efficacy to treat the discarded e-waste (a coping appraisal) and (2) optimism bias plays a dual-role in a direct and moderating way to reduce the perceived threat of untreated e-waste and its effect on protection intentions.
Originality/value
Results support the assertions and portray a unique theoretical account of the processes that underline people's motivation to protect their data when discarding e-waste. As such, this study explains a relatively understudied information security risk behavior in the e-waste context, points to the role of optimism bias in such decisions and highlights potential interventions that can help to alleviate this information security risk behavior.
Details
Keywords
Provides a definition of, and a background to, teleworking; points out the advantages to organizations and employees, and the economic and demographic factors which have…
Abstract
Provides a definition of, and a background to, teleworking; points out the advantages to organizations and employees, and the economic and demographic factors which have encouraged its growth. Examines the security threats and vulnerabilities which are inherent in teleworking and assesses the risks associated with employees working on sensitive material from a remote site. Postulates a framework for threat and risk assessment with a generic model, and a specific example using a hypothetical telework situation.
Details
Keywords
Talal H. Hayale and Husam A. Abu Khadra
The objective of this study is to investigate perceived security threats of Computerized Accounting Information Systems (CAIS) that face Jordanian domestic banks. An empirical…
Abstract
The objective of this study is to investigate perceived security threats of Computerized Accounting Information Systems (CAIS) that face Jordanian domestic banks. An empirical survey using self‐administrated questionnaire has been carried out to achieve the above‐mentioned objective. The study results reveal that accidental entry of “bad” data by employees, accidental destruction of data by employees; intentional entry of “bad” data by employees and employees’ sharing passwords are the top four security threats that face domestic banks. The paper concludes that most security threats that face domestic banks are internally generated and unintentional.
Details