Search results

This literature review aims to identify conscious, intentional, repetitive and transferrable information-related decisions and activities (i.e. information practices) for individuals to alleviate their information vulnerability. Information vulnerability refers to the lack of access to accurate, affordable, complete, relevant and timely information or the inability to use such information, which can place individuals, communities or society at disadvantage or hurt them.

Conceptual literature review.

This review presents seven conscious, intentional, repetitive and transferrable information practices to alleviate information vulnerability.

Due to the transferability potential of the seven information practices, diverse populations in varied contexts could refer to, adapt and benefit from appropriate combinations of information practices and their manifestations. The framework can be used by individuals for alleviating information vulnerability. Thus, this paper responds to the call for conducting action-driven research in information science for addressing real-world problems. Information professionals can help individuals select and implement appropriate combinations of seven information practices for alleviating information vulnerability.

We propose (1) a parsimonious, episodic framework for alleviating information vulnerability, which depicts the inter-relationship among the seven information practices and (2) a three-dimensional plot with information access, use and value as three axes to map the manifestation and outcome of alleviating information vulnerability.

The paper proposes looking at the automation of the incident response (IR) process, through formal, systematic and standardized methods for collection, normalization and correlation of security data (i.e. vulnerability, exploit and intrusion detection information).

The paper proposes the incident response intelligence system (IRIS) that models the context of discovered vulnerabilities, calculates their significance, finds and analyzes potential exploit code and defines the necessary intrusion detection signatures that combat possible attacks, using standardized techniques. It presents the IRIS architecture and operations, as well as the implementation issues.

The paper presents detailed evaluation results obtained from real‐world application scenarios, including a survey of the users' experience, to highlight IRIS contribution in the area of IR.

The paper introduces the IRIS, a system that provides detailed security information during the entire lifecycle of a security incident, facilitates decision support through the provision of possible attack and response paths, while deciding on the significance and magnitude of an attack with a standardized method.

The purpose of this paper is to provide a model for quantitatively analyzing the security profile of an organization’s IT environment. The model considers the security risks associated with stored data, as well as services and devices that can act as channels for data leakages. The authors propose a sensitive information (SI) leakage vulnerability model.

Factors identified as having an impact on the security profile are identified, and scores are assigned based on detailed criteria. These scores are utilized by mathematical models that produce a vulnerability index, which indicates the overall security vulnerability of the organization. In this chapter, the authors verify the model result extracted from SI leakage vulnerability weak index by applying the proposed model to an actual incident that occurred in South Korea in January 2014.

The paper provides vulnerability result and vulnerability index. They are depends on SI state in information systems.

The authors identify and define four core variables related to SI leakage: SI, security policy, and leakage channel and value of SI. The authors simplify the SI leakage problem. The authors propose a SI leakage vulnerability model.

This study examines how the different dimensions of a privacy policy separately influence perceived effectiveness of privacy policy, as well as the mediating mechanisms behind these effects (i.e. vulnerability, benevolence). In addition, this study considers privacy concern as a significant moderator in the research model, to examine if the relative influences of privacy policy content are contingent upon levels of users' privacy concern.

The survey experiment was conducted to empirically validate the model. Specifically, three survey experiments and six scenarios were designed to manipulate high and low levels of the three privacy policy dimensions (i.e. transparency, control and protection). The authors totally distributed 450 copies of the questionnaire, of which 407 were valid.

This paper found that (1) all the three privacy policy dimensions directly influence perceived effectiveness of privacy policy; (2) all the three privacy policy dimensions indirectly influence perceived effectiveness of privacy policy by enhancing perceived corporate benevolence, whereas control also affects perceived effectiveness of privacy policy by reducing perceived vulnerability; and (3) individuals with high-privacy concern are much more impacted by privacy policy contents than individuals with low-privacy concern.

The findings could provide website managers with guidelines on how to design privacy policy contents by reducing user perceptions of vulnerability and enhancing user perceptions of corporate benevolence. The managers need to focus on customers' perceived vulnerability and corporate benevolence when launching or updating privacy policies. Furthermore, the managers also need to attend to users' privacy concerns, especially for multinational companies or companies with specific consumer groups.

This study extends the current privacy policy literature by articulating the separate influences of the three privacy policy dimensions and their impact mechanisms on perceived effectiveness of privacy policy. It also uncovers privacy concerns as a boundary condition that influence the effects of privacy policy contents on users' privacy perceptions.

The purpose of this paper is to contribute to the understanding of the tourism service experience of consumers with vulnerabilities. Moreover, this research analyses the pre-core service encounter in the tourism services sector, which is one of the most important phases in the service experience. The objective is to understand how vulnerability might influence risk perceptions when people travel. To this end, this study focusses on individuals with coeliac disease (CD) and non-coeliac gluten sensitivity (NCGS) as a specific group to test the hypotheses. For the millions of individuals with CD or NCGS, food is one of the most critical elements of a trip and the reason for vulnerability perception. The research also proposes measures suggested by survey respondents to improve the information search process of vulnerable travellers before a trip.

A mixed-method was used based on a survey of 813 responses from people diagnosed with CD and NCGS. The individuals were placed in three groups according to their perception of how strongly their disease impacts their trips: low impact, medium impact and high impact.

The results confirm that people with a high-risk perception due to their vulnerability spend more time searching for information prior to the trip than people without this perception. In this sense, individuals that feel more vulnerable, tend to use more personal information sources and also make greater use of online information sources. The participants affected by CD and NCGS proposed measures to reduce their perceived vulnerability. These proposals are based on information about the disease, specific information from the tourist industry at the destination and various online, as well as offline information channels.

The novelty of this research is mainly found in the study in the study of how consumers with vulnerabilities behave during the information process before travelling. From a holistic approach and based on both, marketing service theory and the risk perception perspectives, this research is focussed on vulnerable individuals affected by CD and NCGS to find answers to the problems they face during the pre-core service encounter.

The purpose of this paper is to test the practical utility of attack graph analysis. Attack graphs have been proposed as a viable solution to many problems in computer network security management. After individual vulnerabilities are identified with a vulnerability scanner, an attack graph can relate the individual vulnerabilities to the possibility of an attack and subsequently analyze and predict which privileges attackers could obtain through multi-step attacks (in which multiple vulnerabilities are exploited in sequence).

The attack graph tool, MulVAL, was fed information from the vulnerability scanner Nexpose and network topology information from 8 fictitious organizations containing 199 machines. Two teams of attackers attempted to infiltrate these networks over the course of two days and reported which machines they compromised and which attack paths they attempted to use. Their reports are compared to the predictions of the attack graph analysis.

The prediction accuracy of the attack graph analysis was poor. Attackers were more than three times likely to compromise a host predicted as impossible to compromise compared to a host that was predicted as possible to compromise. Furthermore, 29 per cent of the hosts predicted as impossible to compromise were compromised during the two days. The inaccuracy of the vulnerability scanner and MulVAL’s interpretation of vulnerability information are primary reasons for the poor prediction accuracy.

Although considerable research contributions have been made to the development of attack graphs, and several analysis methods have been proposed using attack graphs, the extant literature does not describe any tests of their accuracy under realistic conditions.

The purpose of this paper is to analyze information security assessment in terms of cultural categories and virtue ethics, in order to explain the cultural origin of certain types of security vulnerabilities, as well as to enable a proactive attitude towards preventing such vulnerabilities.

Vulnerabilities in information security are compared to the concept of “monster” introduced by Martijntje Smits in philosophy of technology. The applicability of different strategies for dealing with monsters to information security is discussed, and the strategies are linked to attitudes in virtue ethics.

It is concluded that the present approach can form the basis for dealing proactively with unknown future vulnerabilities in information security.

The research presented here does not define a stepwise approach for implementation of the recommended strategy in practice. This is future work.

The results of this paper enable computer experts to rethink their attitude towards security threats, thereby reshaping their practices.

This paper provides an alternative anthropological framework for descriptive and normative analysis of information security problems, which does not rely on the objectivity of risk.

This conceptual paper explores gaps in bank privacy protection practices and advocates for banks to integrate market-oriented (MO) approaches in their corporate digital responsibility (CDR) initiatives to minimize consumer data vulnerability.

To apply MO in CDR, this study recommends adoption of a behavior change framework comprising of the co-creation, build and engage (CBE) model and proposes the creation of consumer segments based on generational cohort and tailoring strategies through motivation, opportunity and ability (MOA) model to manage vulnerability.

The study specifies that managing consumer data vulnerability requires a unique strategy different from conventional service delivery. A holistic approach is recommended by integrating corporate digital responsibility as a pivotal element of organizational strategy and by positioning vulnerable customers as a critical stakeholder.

The paper contributes to the research in corporate social responsibility (CSR), privacy and data vulnerability in the banking sector in two prominent ways: first, the study demonstrates the importance of MO as a premise to develop a novel version of CDR called market-oriented digital responsibility (MODR). The study considers MODR as a strategy to reposition vulnerable consumers as a key stakeholder, and, second, the study proposes an innovative set of consumer segments based on data vulnerability and introduces a data vulnerability growth model (DVGM) connecting vulnerability with age.

The purpose of this paper is to evaluate if automated vulnerability scanning accurately identifies vulnerabilities in computer networks and if this accuracy is contingent on the platforms used.

Both qualitative comparisons of functionality and quantitative comparisons of false positives and false negatives are made for seven different scanners. The quantitative assessment includes data from both authenticated and unauthenticated scans. Experiments were conducted on a computer network of 28 hosts with various operating systems, services and vulnerabilities. This network was set up by a team of security researchers and professionals.

The data collected in this study show that authenticated vulnerability scanning is usable. However, automated scanning is not able to accurately identify all vulnerabilities present in computer networks. Also, scans of hosts running Windows are more accurate than scans of hosts running Linux.

This paper focuses on the direct output of automated scans with respect to the vulnerabilities they identify. Areas such as how to interpret the results assessed by each scanner (e.g. regarding remediation guidelines) or aggregating information about individual vulnerabilities into risk measures are out of scope.

This paper describes how well automated vulnerability scanners perform when it comes to identifying security issues in a network. The findings suggest that a vulnerability scanner is a useable tool to have in your security toolbox given that user credentials are available for the hosts in your network. Manual effort is however needed to complement automated scanning in order to get satisfactory accuracy regarding network security problems.

Previous studies have focused on the qualitative aspects on vulnerability assessment. This study presents a quantitative evaluation of seven of the most popular vulnerability scanners available on the market.

Households are exposed to a wide array of risks, characterized by a known or unknown probability distribution of events. Disasters are one of these risks at the extreme end. Understanding the nature of these risks is critical to recommending appropriate mitigation measures. A household’s resilience in resisting the negative outcomes of these risky events is indicative of its level of vulnerability. Vulnerability has emerged as the most critical concept in disaster studies, with several attempts at defining, measuring, indexing and modeling it. The paper presents the concept and meanings of risk and vulnerability as they have evolved in different disciplines. Building on these basic concepts, the paper suggests that assets are the key to reducing risk and vulnerability. Households resist and cope with adverse consequences of disasters and other risks through the assets that they can mobilize in face of shocks. Asustainable strategy for disaster reduction must therefore focus on asset‐building. There could be different types of assets, and their selection and application for disaster risk management is necessarily a contextual exercise. The mix of asset‐building strategies could vary from one community to another, depending upon households’ asset profile. The paper addresses the dynamics of assets‐risk interaction, thus focusing on the role of assets in risk management.