Search results

1 – 10 of 333
Article
Publication date: 1 February 2003

L Jean Camp

I begin with a discussion of code and its primary types: embedded, source, binary and interpreted. I then consider three measures in which code is fundamentally different than…

Abstract

I begin with a discussion of code and its primary types: embedded, source, binary and interpreted. I then consider three measures in which code is fundamentally different than print. In particular I speak of the trust inherent in connectivity, the organizational difficulties of information, and the problem of archiving information that may change rapidly. Following each of these explanations I offer my own hypotheses about how code and ubiquitous digital media might alter society and the sensibilities of its participants.

Details

Journal of Information, Communication and Ethics in Society, vol. 1 no. 1
Type: Research Article
ISSN: 1477-996X

Keywords

Article
Publication date: 22 June 2021

Behnood Momenzadeh, Shakthidhar Gopavaram, Sanchari Das and L. Jean Camp

The purpose of this paper is to propose practical and usable interactions that will allow more informed, risk-aware comparisons for individuals during app selections. The authors…

Abstract

Purpose

The purpose of this paper is to propose practical and usable interactions that will allow more informed, risk-aware comparisons for individuals during app selections. The authors include an explicit argument for the role of human decision-making during app selection and close with a discussion of the strengths of a Bayesian approach to evaluating privacy and security interventions.

Design/methodology/approach

The authors focused on the risk communication in mobile marketplace’s realm, examining how risk indicators can help people choose more secure and privacy-preserving apps. Combining canonical findings in risk perception with previous work in usable security, the authors designed indicators for each app to enable decisions that prioritize risk avoidance. Specifically, the authors performed a natural experiment with N = 60 participants, where they asked them to select applications on Android tablets with accurate real-time marketplace data.

Findings

In the aggregate, the authors found that app selections changed to be more risk-averse in the presence of a user-centered multi-level warning system using visual indicators that enabled a click-thru to the more detailed risk and permissions information.

Originality/value

Privacy research in the laboratory is often in conflict with privacy decision-making in the marketplace, resulting in a privacy paradox. To better understand this, the authors implemented a research design based on clinical experimental approaches, testing the interaction in a noisy, confounded field environment.

Details

Information & Computer Security, vol. 29 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 5 January 2022

Sanchari Das, Christena Nippert-Eng and L. Jean Camp

Phishing is a well-known cybersecurity attack that has rapidly increased in recent years. It poses risks to businesses, government agencies and all users due to sensitive data…

1530

Abstract

Purpose

Phishing is a well-known cybersecurity attack that has rapidly increased in recent years. It poses risks to businesses, government agencies and all users due to sensitive data breaches and subsequent financial losses. To study the user side, this paper aims to conduct a literature review and user study.

Design/methodology/approach

To investigate phishing attacks, the authors provide a detailed overview of previous research on phishing techniques by conducting a systematic literature review of n = 367 peer-reviewed academic papers published in ACM Digital Library. Also, the authors report on an evaluation of a high school community. The authors engaged 57 high school students and faculty members (12 high school students, 45 staff members) as participants in research using signal detection theory (SDT).

Findings

Through the literature review which goes back to as early as 2004, the authors found that only 13.9% of papers focused on user studies. In the user study, through scenario-based analysis, participants were tasked with distinguishing phishing e-mails from authentic e-mails. The results revealed an overconfidence bias in self-detection from the participants, regardless of their technical background.

Originality/value

The authors conducted a literature review with a focus on user study which is a first in this field as far the authors know. Additionally, the authors conducted a detailed user study with high school students and faculty using SDT which is also an understudied area and population.

Article
Publication date: 12 June 2017

Prashanth Rajivan, Pablo Moriano, Timothy Kelley and L. Jean Camp

The purpose of this study is to identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and…

1241

Abstract

Purpose

The purpose of this study is to identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and interactions in the security and privacy context. Standardized, externally valid instruments for measuring end-user security expertise are non-existent.

Design/methodology/approach

A questionnaire encompassing skills and knowledge-based questions was developed to identify critical factors that constitute expertise in end users. Exploratory factor analysis was applied on the results from 898 participants from a wide range of populations. Cluster analysis was applied to characterize the relationship between computer and security expertise. Ordered logistic regression models were applied to measure efficacy of the proposed security and computing factors in predicting user comprehension of security concepts: phishing and certificates.

Findings

There are levels to peoples’ computer and security expertise that could be reasonably measured and operationalized. Four factors that constitute computer security-related skills and knowledge are, namely, basic computer skills, advanced computer skills, security knowledge and advanced security skills, and these are identified as determinants of computer expertise.

Practical implications

Findings from this work can be used to guide the design of security interfaces such that it caters to people with different expertise levels and does not force users to exercise more cognitive processes than required.

Originality/value

This work identified four factors that constitute security expertise in end users. Findings from this work were integrated to propose a framework called Security SRK for guiding further research on security expertise. This work posits that security expertise instrument for end user should measure three cognitive dimensions: security skills, rules and knowledge.

Details

Information & Computer Security, vol. 25 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 February 2001

Lee W. McKnight

Contends the Internet is a medium for commerce, marketing, advertising and distribution, as well as invention, entertainment and discussion. Reckons that on the Internet there is…

1645

Abstract

Contends the Internet is a medium for commerce, marketing, advertising and distribution, as well as invention, entertainment and discussion. Reckons that on the Internet there is only on certainty – when creative destruction reigns it is business as usual. Concludes that succeeding in the global Internet economy is very difficult, and survival is far from assured.

Details

info, vol. 3 no. 1
Type: Research Article
ISSN: 1463-6697

Keywords

Article
Publication date: 11 September 2017

Brenden Kuerbis and Farzaneh Badiei

There is growing contestation between states and private actors over cybersecurity responsibilities, and its governance is ever more susceptible to nationalization. The authors…

1967

Abstract

Purpose

There is growing contestation between states and private actors over cybersecurity responsibilities, and its governance is ever more susceptible to nationalization. The authors believe these developments are based on an incomplete picture of how cybersecurity is actually governed in practice and theory. Given this disconnect, this paper aims to attempt to provide a cohesive understanding of the cybersecurity institutional landscape.

Design/methodology/approach

Drawing from institutional economics and using extensive desk research, the authors develop a conceptual model and broadly sketch the activities and contributions of market, networked and hierarchical governance structures and analyze how they interact to produce and govern cybersecurity.

Findings

Analysis shows a robust market and networked governance structures and a more limited role for hierarchical structures. Ex ante efforts to produce cybersecurity using purely hierarchical governance structures, even buttressed with support from networked governance structures, struggle without market demand like in the case of secure internet identifiers. To the contrary, ex post efforts like botnet mitigation, route monitoring and other activities involving information sharing seem to work under a variety of combinations of governance structures.

Originality/value

The authors’ conceptual framework and observations offer a useful starting point for unpacking how cybersecurity is produced and governed; ultimately, we need to understand if and how these governance structure arrangements actually impact variation in observed levels of cybersecurity.

Details

Digital Policy, Regulation and Governance, vol. 19 no. 6
Type: Research Article
ISSN: 2398-5038

Keywords

Content available
Article
Publication date: 1 September 2001

90

Abstract

Details

Library Hi Tech News, vol. 18 no. 9
Type: Research Article
ISSN: 0741-9058

Article
Publication date: 1 February 2002

Thomas Bertsch, James Busbin and Newell Wright

Experts cite the lack of a sound business plan and a diminished regard for basic marketing and management practices as major reasons for the failure rate of Web‐based retailers…

Abstract

Experts cite the lack of a sound business plan and a diminished regard for basic marketing and management practices as major reasons for the failure rate of Web‐based retailers. The dot‐com platform alone was often viewed as a sufficient basis for business success. This article provides a guide in applying marketing management principles to Internet‐based retailers. The format for this guide uses marketing management plans, providers, access, distribution, markets, products, prices, and promotions. The practices and examples provided in this guide are useful for gaining competitive advantage in the retail, dot‐com marketplace.

Details

Competitiveness Review: An International Business Journal, vol. 12 no. 2
Type: Research Article
ISSN: 1059-5422

Article
Publication date: 13 June 2016

Timothy Kelley and Bennett I. Bertenthal

Modern browsers are designed to inform users as to whether it is secure to login to a website, but most users are not aware of this information and even those who are sometimes…

Abstract

Purpose

Modern browsers are designed to inform users as to whether it is secure to login to a website, but most users are not aware of this information and even those who are sometimes ignore it. This study aims to assess users’ knowledge of security warnings communicated via browser indicators and the likelihood that their online decision-making adheres to this knowledge.

Design/methodology/approach

Participants from Amazon’s Mechanical Turk visited a series of secure and insecure websites and decided as quickly and as accurately as possible whether it was safe to login. An online survey was then used to assess their knowledge of information security.

Findings

Knowledge of information security was not necessarily a good predictor of decisions regarding whether to sign-in to a website. Moreover, these decisions were modulated by attention to security indicators, familiarity of the website and psychosocial stress induced by bonus payments determined by response times and accuracy.

Practical implications

Even individuals with security knowledge are unable to draw the necessary conclusions about digital risks when browsing the web. Users are being educated through daily use to ignore recommended security indicators.

Originality/value

This study represents a new way to entice participants into risky behavior by monetizing both speed and accuracy. This approach could be broadly useful as a way to study risky environments without placing participants at risk.

Details

Information & Computer Security, vol. 24 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 March 1974

Tom Schultheiss, Lorraine Hartline, Jean Mandeberg, Pam Petrich and Sue Stern

The following classified, annotated list of titles is intended to provide reference librarians with a current checklist of new reference books, and is designed to supplement the…

Abstract

The following classified, annotated list of titles is intended to provide reference librarians with a current checklist of new reference books, and is designed to supplement the RSR review column, “Recent Reference Books,” by Frances Neel Cheney. “Reference Books in Print” includes all additional books received prior to the inclusion deadline established for this issue. Appearance in this column does not preclude a later review in RSR. Publishers are urged to send a copy of all new reference books directly to RSR as soon as published, for immediate listing in “Reference Books in Print.” Reference books with imprints older than two years will not be included (with the exception of current reprints or older books newly acquired for distribution by another publisher). The column shall also occasionally include library science or other library related publications of other than a reference character.

Details

Reference Services Review, vol. 2 no. 3
Type: Research Article
ISSN: 0090-7324

1 – 10 of 333