Search results
1 – 10 of 333I begin with a discussion of code and its primary types: embedded, source, binary and interpreted. I then consider three measures in which code is fundamentally different than…
Abstract
I begin with a discussion of code and its primary types: embedded, source, binary and interpreted. I then consider three measures in which code is fundamentally different than print. In particular I speak of the trust inherent in connectivity, the organizational difficulties of information, and the problem of archiving information that may change rapidly. Following each of these explanations I offer my own hypotheses about how code and ubiquitous digital media might alter society and the sensibilities of its participants.
Details
Keywords
Behnood Momenzadeh, Shakthidhar Gopavaram, Sanchari Das and L. Jean Camp
The purpose of this paper is to propose practical and usable interactions that will allow more informed, risk-aware comparisons for individuals during app selections. The authors…
Abstract
Purpose
The purpose of this paper is to propose practical and usable interactions that will allow more informed, risk-aware comparisons for individuals during app selections. The authors include an explicit argument for the role of human decision-making during app selection and close with a discussion of the strengths of a Bayesian approach to evaluating privacy and security interventions.
Design/methodology/approach
The authors focused on the risk communication in mobile marketplace’s realm, examining how risk indicators can help people choose more secure and privacy-preserving apps. Combining canonical findings in risk perception with previous work in usable security, the authors designed indicators for each app to enable decisions that prioritize risk avoidance. Specifically, the authors performed a natural experiment with N = 60 participants, where they asked them to select applications on Android tablets with accurate real-time marketplace data.
Findings
In the aggregate, the authors found that app selections changed to be more risk-averse in the presence of a user-centered multi-level warning system using visual indicators that enabled a click-thru to the more detailed risk and permissions information.
Originality/value
Privacy research in the laboratory is often in conflict with privacy decision-making in the marketplace, resulting in a privacy paradox. To better understand this, the authors implemented a research design based on clinical experimental approaches, testing the interaction in a noisy, confounded field environment.
Details
Keywords
Sanchari Das, Christena Nippert-Eng and L. Jean Camp
Phishing is a well-known cybersecurity attack that has rapidly increased in recent years. It poses risks to businesses, government agencies and all users due to sensitive data…
Abstract
Purpose
Phishing is a well-known cybersecurity attack that has rapidly increased in recent years. It poses risks to businesses, government agencies and all users due to sensitive data breaches and subsequent financial losses. To study the user side, this paper aims to conduct a literature review and user study.
Design/methodology/approach
To investigate phishing attacks, the authors provide a detailed overview of previous research on phishing techniques by conducting a systematic literature review of n = 367 peer-reviewed academic papers published in ACM Digital Library. Also, the authors report on an evaluation of a high school community. The authors engaged 57 high school students and faculty members (12 high school students, 45 staff members) as participants in research using signal detection theory (SDT).
Findings
Through the literature review which goes back to as early as 2004, the authors found that only 13.9% of papers focused on user studies. In the user study, through scenario-based analysis, participants were tasked with distinguishing phishing e-mails from authentic e-mails. The results revealed an overconfidence bias in self-detection from the participants, regardless of their technical background.
Originality/value
The authors conducted a literature review with a focus on user study which is a first in this field as far the authors know. Additionally, the authors conducted a detailed user study with high school students and faculty using SDT which is also an understudied area and population.
Details
Keywords
Prashanth Rajivan, Pablo Moriano, Timothy Kelley and L. Jean Camp
The purpose of this study is to identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and…
Abstract
Purpose
The purpose of this study is to identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and interactions in the security and privacy context. Standardized, externally valid instruments for measuring end-user security expertise are non-existent.
Design/methodology/approach
A questionnaire encompassing skills and knowledge-based questions was developed to identify critical factors that constitute expertise in end users. Exploratory factor analysis was applied on the results from 898 participants from a wide range of populations. Cluster analysis was applied to characterize the relationship between computer and security expertise. Ordered logistic regression models were applied to measure efficacy of the proposed security and computing factors in predicting user comprehension of security concepts: phishing and certificates.
Findings
There are levels to peoples’ computer and security expertise that could be reasonably measured and operationalized. Four factors that constitute computer security-related skills and knowledge are, namely, basic computer skills, advanced computer skills, security knowledge and advanced security skills, and these are identified as determinants of computer expertise.
Practical implications
Findings from this work can be used to guide the design of security interfaces such that it caters to people with different expertise levels and does not force users to exercise more cognitive processes than required.
Originality/value
This work identified four factors that constitute security expertise in end users. Findings from this work were integrated to propose a framework called Security SRK for guiding further research on security expertise. This work posits that security expertise instrument for end user should measure three cognitive dimensions: security skills, rules and knowledge.
Details
Keywords
Contends the Internet is a medium for commerce, marketing, advertising and distribution, as well as invention, entertainment and discussion. Reckons that on the Internet there is…
Abstract
Contends the Internet is a medium for commerce, marketing, advertising and distribution, as well as invention, entertainment and discussion. Reckons that on the Internet there is only on certainty – when creative destruction reigns it is business as usual. Concludes that succeeding in the global Internet economy is very difficult, and survival is far from assured.
Details
Keywords
Brenden Kuerbis and Farzaneh Badiei
There is growing contestation between states and private actors over cybersecurity responsibilities, and its governance is ever more susceptible to nationalization. The authors…
Abstract
Purpose
There is growing contestation between states and private actors over cybersecurity responsibilities, and its governance is ever more susceptible to nationalization. The authors believe these developments are based on an incomplete picture of how cybersecurity is actually governed in practice and theory. Given this disconnect, this paper aims to attempt to provide a cohesive understanding of the cybersecurity institutional landscape.
Design/methodology/approach
Drawing from institutional economics and using extensive desk research, the authors develop a conceptual model and broadly sketch the activities and contributions of market, networked and hierarchical governance structures and analyze how they interact to produce and govern cybersecurity.
Findings
Analysis shows a robust market and networked governance structures and a more limited role for hierarchical structures. Ex ante efforts to produce cybersecurity using purely hierarchical governance structures, even buttressed with support from networked governance structures, struggle without market demand like in the case of secure internet identifiers. To the contrary, ex post efforts like botnet mitigation, route monitoring and other activities involving information sharing seem to work under a variety of combinations of governance structures.
Originality/value
The authors’ conceptual framework and observations offer a useful starting point for unpacking how cybersecurity is produced and governed; ultimately, we need to understand if and how these governance structure arrangements actually impact variation in observed levels of cybersecurity.
Details
Keywords
Thomas Bertsch, James Busbin and Newell Wright
Experts cite the lack of a sound business plan and a diminished regard for basic marketing and management practices as major reasons for the failure rate of Web‐based retailers…
Abstract
Experts cite the lack of a sound business plan and a diminished regard for basic marketing and management practices as major reasons for the failure rate of Web‐based retailers. The dot‐com platform alone was often viewed as a sufficient basis for business success. This article provides a guide in applying marketing management principles to Internet‐based retailers. The format for this guide uses marketing management plans, providers, access, distribution, markets, products, prices, and promotions. The practices and examples provided in this guide are useful for gaining competitive advantage in the retail, dot‐com marketplace.
Timothy Kelley and Bennett I. Bertenthal
Modern browsers are designed to inform users as to whether it is secure to login to a website, but most users are not aware of this information and even those who are sometimes…
Abstract
Purpose
Modern browsers are designed to inform users as to whether it is secure to login to a website, but most users are not aware of this information and even those who are sometimes ignore it. This study aims to assess users’ knowledge of security warnings communicated via browser indicators and the likelihood that their online decision-making adheres to this knowledge.
Design/methodology/approach
Participants from Amazon’s Mechanical Turk visited a series of secure and insecure websites and decided as quickly and as accurately as possible whether it was safe to login. An online survey was then used to assess their knowledge of information security.
Findings
Knowledge of information security was not necessarily a good predictor of decisions regarding whether to sign-in to a website. Moreover, these decisions were modulated by attention to security indicators, familiarity of the website and psychosocial stress induced by bonus payments determined by response times and accuracy.
Practical implications
Even individuals with security knowledge are unable to draw the necessary conclusions about digital risks when browsing the web. Users are being educated through daily use to ignore recommended security indicators.
Originality/value
This study represents a new way to entice participants into risky behavior by monetizing both speed and accuracy. This approach could be broadly useful as a way to study risky environments without placing participants at risk.
Details
Keywords
Tom Schultheiss, Lorraine Hartline, Jean Mandeberg, Pam Petrich and Sue Stern
The following classified, annotated list of titles is intended to provide reference librarians with a current checklist of new reference books, and is designed to supplement the…
Abstract
The following classified, annotated list of titles is intended to provide reference librarians with a current checklist of new reference books, and is designed to supplement the RSR review column, “Recent Reference Books,” by Frances Neel Cheney. “Reference Books in Print” includes all additional books received prior to the inclusion deadline established for this issue. Appearance in this column does not preclude a later review in RSR. Publishers are urged to send a copy of all new reference books directly to RSR as soon as published, for immediate listing in “Reference Books in Print.” Reference books with imprints older than two years will not be included (with the exception of current reprints or older books newly acquired for distribution by another publisher). The column shall also occasionally include library science or other library related publications of other than a reference character.