Search results
1 – 10 of over 25000Devendra Dilip Potnis and Joseph Winberry
This literature review aims to identify conscious, intentional, repetitive and transferrable information-related decisions and activities (i.e. information practices) for…
Abstract
Purpose
This literature review aims to identify conscious, intentional, repetitive and transferrable information-related decisions and activities (i.e. information practices) for individuals to alleviate their information vulnerability. Information vulnerability refers to the lack of access to accurate, affordable, complete, relevant and timely information or the inability to use such information, which can place individuals, communities or society at disadvantage or hurt them.
Design/methodology/approach
Conceptual literature review.
Findings
This review presents seven conscious, intentional, repetitive and transferrable information practices to alleviate information vulnerability.
Practical implications
Due to the transferability potential of the seven information practices, diverse populations in varied contexts could refer to, adapt and benefit from appropriate combinations of information practices and their manifestations. The framework can be used by individuals for alleviating information vulnerability. Thus, this paper responds to the call for conducting action-driven research in information science for addressing real-world problems. Information professionals can help individuals select and implement appropriate combinations of seven information practices for alleviating information vulnerability.
Originality/value
We propose (1) a parsimonious, episodic framework for alleviating information vulnerability, which depicts the inter-relationship among the seven information practices and (2) a three-dimensional plot with information access, use and value as three axes to map the manifestation and outcome of alleviating information vulnerability.
Details
Keywords
Dimitrios Patsos, Sarandis Mitropoulos and Christos Douligeris
The paper proposes looking at the automation of the incident response (IR) process, through formal, systematic and standardized methods for collection, normalization and…
Abstract
Purpose
The paper proposes looking at the automation of the incident response (IR) process, through formal, systematic and standardized methods for collection, normalization and correlation of security data (i.e. vulnerability, exploit and intrusion detection information).
Design/methodology/approach
The paper proposes the incident response intelligence system (IRIS) that models the context of discovered vulnerabilities, calculates their significance, finds and analyzes potential exploit code and defines the necessary intrusion detection signatures that combat possible attacks, using standardized techniques. It presents the IRIS architecture and operations, as well as the implementation issues.
Findings
The paper presents detailed evaluation results obtained from real‐world application scenarios, including a survey of the users' experience, to highlight IRIS contribution in the area of IR.
Originality/value
The paper introduces the IRIS, a system that provides detailed security information during the entire lifecycle of a security incident, facilitates decision support through the provision of possible attack and response paths, while deciding on the significance and magnitude of an attack with a standardized method.
Details
Keywords
Sung-Hwan Kim, Nam-Uk Kim and Tai-Myoung Chung
The purpose of this paper is to provide a model for quantitatively analyzing the security profile of an organization’s IT environment. The model considers the security risks…
Abstract
Purpose
The purpose of this paper is to provide a model for quantitatively analyzing the security profile of an organization’s IT environment. The model considers the security risks associated with stored data, as well as services and devices that can act as channels for data leakages. The authors propose a sensitive information (SI) leakage vulnerability model.
Design/methodology/approach
Factors identified as having an impact on the security profile are identified, and scores are assigned based on detailed criteria. These scores are utilized by mathematical models that produce a vulnerability index, which indicates the overall security vulnerability of the organization. In this chapter, the authors verify the model result extracted from SI leakage vulnerability weak index by applying the proposed model to an actual incident that occurred in South Korea in January 2014.
Findings
The paper provides vulnerability result and vulnerability index. They are depends on SI state in information systems.
Originality/value
The authors identify and define four core variables related to SI leakage: SI, security policy, and leakage channel and value of SI. The authors simplify the SI leakage problem. The authors propose a SI leakage vulnerability model.
Details
Keywords
Yuanyuan Guo, Xin Wang and Chaoyou Wang
This study examines how the different dimensions of a privacy policy separately influence perceived effectiveness of privacy policy, as well as the mediating mechanisms behind…
Abstract
Purpose
This study examines how the different dimensions of a privacy policy separately influence perceived effectiveness of privacy policy, as well as the mediating mechanisms behind these effects (i.e. vulnerability, benevolence). In addition, this study considers privacy concern as a significant moderator in the research model, to examine if the relative influences of privacy policy content are contingent upon levels of users' privacy concern.
Design/methodology/approach
The survey experiment was conducted to empirically validate the model. Specifically, three survey experiments and six scenarios were designed to manipulate high and low levels of the three privacy policy dimensions (i.e. transparency, control and protection). The authors totally distributed 450 copies of the questionnaire, of which 407 were valid.
Findings
This paper found that (1) all the three privacy policy dimensions directly influence perceived effectiveness of privacy policy; (2) all the three privacy policy dimensions indirectly influence perceived effectiveness of privacy policy by enhancing perceived corporate benevolence, whereas control also affects perceived effectiveness of privacy policy by reducing perceived vulnerability; and (3) individuals with high-privacy concern are much more impacted by privacy policy contents than individuals with low-privacy concern.
Practical implications
The findings could provide website managers with guidelines on how to design privacy policy contents by reducing user perceptions of vulnerability and enhancing user perceptions of corporate benevolence. The managers need to focus on customers' perceived vulnerability and corporate benevolence when launching or updating privacy policies. Furthermore, the managers also need to attend to users' privacy concerns, especially for multinational companies or companies with specific consumer groups.
Originality/value
This study extends the current privacy policy literature by articulating the separate influences of the three privacy policy dimensions and their impact mechanisms on perceived effectiveness of privacy policy. It also uncovers privacy concerns as a boundary condition that influence the effects of privacy policy contents on users' privacy perceptions.
Details
Keywords
Ana Muñoz-Mazón, Alicia Orea-Giner, Juan José Fernández Muñoz, Coral Santiago and Laura Fuentes-Moraleda
The purpose of this paper is to contribute to the understanding of the tourism service experience of consumers with vulnerabilities. Moreover, this research analyses the pre-core…
Abstract
Purpose
The purpose of this paper is to contribute to the understanding of the tourism service experience of consumers with vulnerabilities. Moreover, this research analyses the pre-core service encounter in the tourism services sector, which is one of the most important phases in the service experience. The objective is to understand how vulnerability might influence risk perceptions when people travel. To this end, this study focusses on individuals with coeliac disease (CD) and non-coeliac gluten sensitivity (NCGS) as a specific group to test the hypotheses. For the millions of individuals with CD or NCGS, food is one of the most critical elements of a trip and the reason for vulnerability perception. The research also proposes measures suggested by survey respondents to improve the information search process of vulnerable travellers before a trip.
Design/methodology/approach
A mixed-method was used based on a survey of 813 responses from people diagnosed with CD and NCGS. The individuals were placed in three groups according to their perception of how strongly their disease impacts their trips: low impact, medium impact and high impact.
Findings
The results confirm that people with a high-risk perception due to their vulnerability spend more time searching for information prior to the trip than people without this perception. In this sense, individuals that feel more vulnerable, tend to use more personal information sources and also make greater use of online information sources. The participants affected by CD and NCGS proposed measures to reduce their perceived vulnerability. These proposals are based on information about the disease, specific information from the tourist industry at the destination and various online, as well as offline information channels.
Originality/value
The novelty of this research is mainly found in the study in the study of how consumers with vulnerabilities behave during the information process before travelling. From a holistic approach and based on both, marketing service theory and the risk perception perspectives, this research is focussed on vulnerable individuals affected by CD and NCGS to find answers to the problems they face during the pre-core service encounter.
Details
Keywords
Teodor Sommestad and Fredrik Sandström
The purpose of this paper is to test the practical utility of attack graph analysis. Attack graphs have been proposed as a viable solution to many problems in computer network…
Abstract
Purpose
The purpose of this paper is to test the practical utility of attack graph analysis. Attack graphs have been proposed as a viable solution to many problems in computer network security management. After individual vulnerabilities are identified with a vulnerability scanner, an attack graph can relate the individual vulnerabilities to the possibility of an attack and subsequently analyze and predict which privileges attackers could obtain through multi-step attacks (in which multiple vulnerabilities are exploited in sequence).
Design/methodology/approach
The attack graph tool, MulVAL, was fed information from the vulnerability scanner Nexpose and network topology information from 8 fictitious organizations containing 199 machines. Two teams of attackers attempted to infiltrate these networks over the course of two days and reported which machines they compromised and which attack paths they attempted to use. Their reports are compared to the predictions of the attack graph analysis.
Findings
The prediction accuracy of the attack graph analysis was poor. Attackers were more than three times likely to compromise a host predicted as impossible to compromise compared to a host that was predicted as possible to compromise. Furthermore, 29 per cent of the hosts predicted as impossible to compromise were compromised during the two days. The inaccuracy of the vulnerability scanner and MulVAL’s interpretation of vulnerability information are primary reasons for the poor prediction accuracy.
Originality/value
Although considerable research contributions have been made to the development of attack graphs, and several analysis methods have been proposed using attack graphs, the extant literature does not describe any tests of their accuracy under realistic conditions.
Details
Keywords
W. Pieters and L. Consoli
The purpose of this paper is to analyze information security assessment in terms of cultural categories and virtue ethics, in order to explain the cultural origin of certain types…
Abstract
Purpose
The purpose of this paper is to analyze information security assessment in terms of cultural categories and virtue ethics, in order to explain the cultural origin of certain types of security vulnerabilities, as well as to enable a proactive attitude towards preventing such vulnerabilities.
Design/methodology/approach
Vulnerabilities in information security are compared to the concept of “monster” introduced by Martijntje Smits in philosophy of technology. The applicability of different strategies for dealing with monsters to information security is discussed, and the strategies are linked to attitudes in virtue ethics.
Findings
It is concluded that the present approach can form the basis for dealing proactively with unknown future vulnerabilities in information security.
Research limitations/implications
The research presented here does not define a stepwise approach for implementation of the recommended strategy in practice. This is future work.
Practical implications
The results of this paper enable computer experts to rethink their attitude towards security threats, thereby reshaping their practices.
Originality/value
This paper provides an alternative anthropological framework for descriptive and normative analysis of information security problems, which does not rely on the objectivity of risk.
Details
Keywords
Gajendra Liyanaarachchi, Sameer Deshpande and Scott Weaven
This conceptual paper explores gaps in bank privacy protection practices and advocates for banks to integrate market-oriented (MO) approaches in their corporate digital…
Abstract
Purpose
This conceptual paper explores gaps in bank privacy protection practices and advocates for banks to integrate market-oriented (MO) approaches in their corporate digital responsibility (CDR) initiatives to minimize consumer data vulnerability.
Design/methodology/approach
To apply MO in CDR, this study recommends adoption of a behavior change framework comprising of the co-creation, build and engage (CBE) model and proposes the creation of consumer segments based on generational cohort and tailoring strategies through motivation, opportunity and ability (MOA) model to manage vulnerability.
Findings
The study specifies that managing consumer data vulnerability requires a unique strategy different from conventional service delivery. A holistic approach is recommended by integrating corporate digital responsibility as a pivotal element of organizational strategy and by positioning vulnerable customers as a critical stakeholder.
Originality/value
The paper contributes to the research in corporate social responsibility (CSR), privacy and data vulnerability in the banking sector in two prominent ways: first, the study demonstrates the importance of MO as a premise to develop a novel version of CDR called market-oriented digital responsibility (MODR). The study considers MODR as a strategy to reposition vulnerable consumers as a key stakeholder, and, second, the study proposes an innovative set of consumer segments based on data vulnerability and introduces a data vulnerability growth model (DVGM) connecting vulnerability with age.
Details
Keywords
Hannes Holm, Teodor Sommestad, Jonas Almroth and Mats Persson
The purpose of this paper is to evaluate if automated vulnerability scanning accurately identifies vulnerabilities in computer networks and if this accuracy is contingent on the…
Abstract
Purpose
The purpose of this paper is to evaluate if automated vulnerability scanning accurately identifies vulnerabilities in computer networks and if this accuracy is contingent on the platforms used.
Design/methodology/approach
Both qualitative comparisons of functionality and quantitative comparisons of false positives and false negatives are made for seven different scanners. The quantitative assessment includes data from both authenticated and unauthenticated scans. Experiments were conducted on a computer network of 28 hosts with various operating systems, services and vulnerabilities. This network was set up by a team of security researchers and professionals.
Findings
The data collected in this study show that authenticated vulnerability scanning is usable. However, automated scanning is not able to accurately identify all vulnerabilities present in computer networks. Also, scans of hosts running Windows are more accurate than scans of hosts running Linux.
Research limitations/implications
This paper focuses on the direct output of automated scans with respect to the vulnerabilities they identify. Areas such as how to interpret the results assessed by each scanner (e.g. regarding remediation guidelines) or aggregating information about individual vulnerabilities into risk measures are out of scope.
Practical implications
This paper describes how well automated vulnerability scanners perform when it comes to identifying security issues in a network. The findings suggest that a vulnerability scanner is a useable tool to have in your security toolbox given that user credentials are available for the hosts in your network. Manual effort is however needed to complement automated scanning in order to get satisfactory accuracy regarding network security problems.
Originality/value
Previous studies have focused on the qualitative aspects on vulnerability assessment. This study presents a quantitative evaluation of seven of the most popular vulnerability scanners available on the market.
Details
Keywords
Households are exposed to a wide array of risks, characterized by a known or unknown probability distribution of events. Disasters are one of these risks at the extreme end…
Abstract
Households are exposed to a wide array of risks, characterized by a known or unknown probability distribution of events. Disasters are one of these risks at the extreme end. Understanding the nature of these risks is critical to recommending appropriate mitigation measures. A household’s resilience in resisting the negative outcomes of these risky events is indicative of its level of vulnerability. Vulnerability has emerged as the most critical concept in disaster studies, with several attempts at defining, measuring, indexing and modeling it. The paper presents the concept and meanings of risk and vulnerability as they have evolved in different disciplines. Building on these basic concepts, the paper suggests that assets are the key to reducing risk and vulnerability. Households resist and cope with adverse consequences of disasters and other risks through the assets that they can mobilize in face of shocks. Asustainable strategy for disaster reduction must therefore focus on asset‐building. There could be different types of assets, and their selection and application for disaster risk management is necessarily a contextual exercise. The mix of asset‐building strategies could vary from one community to another, depending upon households’ asset profile. The paper addresses the dynamics of assets‐risk interaction, thus focusing on the role of assets in risk management.
Details