Search results

This study aims to investigate the differences in security-conscious (group A) and regular (group B) users’ behaviors and practices on mobile devices.

A survey was used to investigate the differences in behaviors and practices of security-conscious users (group A) and regular users (group B) on mobile devices. Each group will have 50 participants for a total of 100.

The analysis revealed differences in the behaviors and practices of security-conscious and regular users. The results indicated that security-conscious users engage in behaviors and practices that are more secure on mobile devices when compared with regular users.

The results will help recommend the best behaviors and practices for mobile device users, increasing mobile device security.

The results will help society to be more aware of security behaviors and practices on mobile devices.

This study answers the call for addressing the weaknesses and vulnerabilities in mobile device security. It develops a research instrument to measure the differences in behaviors and practices of security-conscious and regular mobile device users.

This paper's purpose is to identify and accentuate the dilemma faced by small- to medium-sized enterprises (SMEs) who use mobile devices as part of their mobility business strategy. While large enterprises have the resources to implement emerging security recommendations for mobile devices, such as smartphones and tablets, SMEs often lack the IT resources and capabilities needed. The SME mobile device business dilemma is to invest in more expensive maximum security technologies, invest in less expensive minimum security technologies with increased risk, or postpone the business mobility strategy in order to protect enterprise and customer data and information. This paper investigates mobile device security and the implications of security recommendations for SMEs.

This conceptual paper reviews mobile device security research, identifies increased security risks, and recommends security practices for SMEs.

This paper identifies emerging mobile device security risks and provides a set of minimum mobile device security recommendations practical for SMEs. However, SMEs would still have increased security risks versus large enterprises who can implement maximum mobile device security recommendations. SMEs are faced with a dilemma: embrace the mobility business strategy and adopt and invest in the necessary security technology, implement minimum precautions with increased risk, or give up their mobility business strategy.

This paper develops a practical list of minimum mobile device security recommendations for SMEs. It also increases the awareness of potential security risks for SMEs from mobile devices.

This paper expands previous research investigating SME adoption of computers, broadband internet-based services, and Wi-Fi by adding mobile devices. It describes the SME competitive advantages from adopting mobile devices for enterprise business mobility, while accentuating the increased business risks and implications for SMEs.

This study/ paper aims to empirically examine the user attitude on perceived security of enterprise systems (ES) mobility. Organizations are adopting mobile technologies for various business applications including ES to increase the flexibility and to gain sustainable competitive advantage. At the same time, end-users are exposed to security issues when using mobile technologies. The ES have seen breaches and malicious intrusions thereby more sophisticated recreational and commercial cybercrimes have been witnessed. ES have seen data breaches and malicious intrusions leading to more sophisticated cybercrimes. Considering the significance of security in ES mobility, the research questions in this study are: What are the security issues of ES mobility? What are the influences of users’ attitude towards those security issues? What is the impact of users’ attitude towards security issues on perceived security of ES mobility?

These questions are addressed by empirically testing a security model of mobile ES by collecting data from users of ES mobile systems. Hypotheses were evolved and tested by data collected through a survey questionnaire. The questionnaire survey was administered to 331 users from Chinese small and medium-sized enterprises (SME). The data was statistically analysed by tools such as correlation, factor analysis, regression and the study built a structural equation model (SEM) to examine the interactions between the variables.

The study results have identified the following security issues: users’ attitude towards mobile device security issues; users’ attitude towards wireless network security issues; users’ attitude towards cloud computing security issues; users’ attitude towards application-level security issues; users’ attitude towards data (access) level security issues; and users’ attitude towards enterprise-level security issues.

The study results are based on a sample of users from Chinese SMEs. The findings may lack generalizability. Therefore, researchers are encouraged to examine the model in a different context. The issues requiring further investigation are the role of gender and type of device on perceived security of ES mobile systems.

The results show that the key security issues are related to a mobile device, wireless network, cloud computing, applications, data and enterprise. By understanding these issues and the best practices, organizations can maintain a high level of security of their mobile ES.

Apart from understanding the best practices and the key issues, the authors suggest management and end-users to work collaboratively to achieve a high level of security of the mobile ES.

This is an empirical study conducted from the users’ perspective for validating the set of research hypotheses related to key security issues on the perceived security of mobile ES.

The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobile technology.

This study was an empirical study that gathered survey data from 390 mobile users. Delphi study and pilot study were conducted prior to the main survey study. Partial Least Square Structural Equation Modeling was used to analyze the survey data after conducting pre-analysis data screening.

This study shows that information security training programs must be designed by practitioners to target the mobile self-efficacy (MSE) of device users. It also reveals that practitioners must design mobile device management systems along with processes and procedures that guides users to take practical steps at protecting their devices. This study shows the high impact of MSE on users’ protection motivation (PM) to protect their mobile devices. Additionally, this study reveals that the PM of users influences their usage of mobile device security.

This study makes theoretical contributions to the existing information security literature. It confirms PM theory’s power to predict user behavior within the context of mobile device security usage. Additionally, this study investigates mobile users’ actual security usage. Thus, it goes beyond users’ intention.

Recently, the spread of malicious IT has been causing serious privacy threats to mobile device users, which hampers the efficient use of mobile devices for individual and business. To understand the privacy security assurance behavior of mobile device users, this study aims to develop a theoretical model based on technology threat avoidance theory (TTAT), to capture motivation factors in predicting mobile device user’s voluntary adoption of security defensive software.

A survey is conducted to validate the proposed research model. A total of 284 valid survey data are collected and partial least square (PLS)-based structural equation modeling is used to test the model.

Results highlight that both privacy concern and coping appraisal have a significant impact on the intention to adopt the security defensive software. Meanwhile, privacy security awareness is a crucial determinant to stimulate mobile device user’s threat and coping appraisal processes in the voluntary context. The results indicate that emotional-based coping appraisal of anticipated regret is also imperative to arouse personal intention to adopt the security tool.

This result should be of interest to practitioners. Information security awareness training and education programs should be developed in a variety of forms to intensify personal security knowledge and skills. Besides, emotion-based warnings can be designed to arouse users’ protection behavior.

This paper embeds TTAT theory within the mobile security context. The authors extent TTAT by taking anticipated regret into consideration to capture emotional-based coping appraisal, and information security awareness is employed as the antecedent factor. The extent offers a useful starting point for the further empirical study of emotion elements in the information security context.

Currently, one of the most significant challenges organizations face is that corporate data is being delivered to mobile devices that are not managed by the information technology department. This has security implications regarding knowledge leakage, data theft, and regulatory compliance. With these unmanaged devices, companies have less control and visibility, and fewer mitigation options when protecting against the risks of cyber-attacks. Therefore, the purpose of this study is to investigate how millennials' use of personal mobile devices for work contributes to increased exposure to cyber-attacks and, consequently, security and knowledge leakage risks.

This research used a mixed-method approach by using survey questionnaires to elicit the views of millennials regarding the cybersecurity risks associated with bring your own device policies and practices. Interviews were done with security personnel. Data analysis consisted of descriptive analysis and open coding.

The results indicate that millennials expect to have ready access to technology and social media at all times, irrespective of security and privacy concerns. Companies also need to improve and enforce bring your own device policies and practices to mitigate against knowledge leakage and security risks. Millennials increasingly see the use of personal devices as a right and not a convenience. They are expecting security measures to be more seamless within the full user experience.

This paper can help organizations and millennials to understand the security risks entering the workforce if the threats of using privately owned devices on the job are ignored and to improve organizational performance.

The current study aimed to develop and validate Mobile Information Security Awareness Scale (MISAS) based on the prototype model for measuring information security awareness and the relevant literature.

The scale was developed and validated with the participation of 562 students from four universities. The construct validity of the scale was tested through exploratory factor analysis and confirmatory factor analysis.

The reliability of the scale was tested through corrected item-total correlations and Cronbach alpha. The MISAS includes six factors and 17 items. The identified factors were labeled as backup, instant messaging and navigation, password protection, update, access permission and using others' devices.

The scale included only the human aspects of mobile information security. The technical aspects are not within the scope of this study. For this reason, future studies might develop and validate a different scale focusing on the technical aspects of mobile information security.

The developed scale contributes to the literature on the human aspects of mobile information security.

The purpose of this paper is to rank the users’ attitude on major components of mobile cloud computing (MCC) security and investigate the degree of impact of these components on MCC security as a whole.

Hypotheses were evolved and tested by data collected through an online survey-questionnaire. The survey was administered to 363 users from Chinese organizations. Statistical analysis was carried out and structural equation model was built to validate the interactions.

The eight components of MCC security in the order of importance are as follows: mobile device related, user identity related, deployment model related, application-level security issues, data related, virtualization related, network related and service delivery related. The empirical analysis validates that these security issues are having significant impact on perceived security of MCC.

Constant vigilance on these eight issues and improving the level of user awareness on these issues enhance the overall security.

These issues can be used for designing and developing secured MCC system.

While several previous research has studied various security factors in the MCC security domain, a consolidated understanding on the different components of MCC security is missing. This empirical research has identified and ranked the major components of MCC security. The degree of impact of each of these components on overall MCC security is identified. This provides a different perspective for managing MCC security by explaining what components are most important.

It is becoming easier for end-users to modify their information system, sometimes against the wishes of management or the original manufacturer. In the mobile device context, “modding”, “jailbreaking” or “rooting” allows a mobile phone user to select operating software and network providers other than those mandated by the original provider. Prior studies have theorised that modders and non-modders possess different perspectives on the relationship between them and their device provider. However, these differences have not been empirically demonstrated in prior work. This paper aims to test theoretical pathways to explain the behavioural relationship effects of security within the modding context.

This study models four relationship conceptualisations from prior research. The study tests this model using a survey of 464 mobile device users to compare the user attitudes of modders and non-modders.

Modder and non-modder relationships differ. Both groups value security, but in different ways: modder relationships are governed by satisfaction and commitment, while non-modder relationships are governed more by trust.

To the best of the authors’ knowledge, this is the first study to empirically demonstrate the relationship differences between IS modifiers and non-modifiers. Most published work has focused on IS that are unmodified. Incorporating device modification may improve behavioural understanding of end-users.

Ever since Mark Weiser coined the term “ubiquitous computing” (ubicomp) in 1988, there has been a general interest in proposing various solutions that would support his vision. However, attacks targeting devices and services of a ubicomp environment have demonstrated not only different privacy issues, but also a risk of endangering user’s life (e.g. by modifying medical sensor readings). Thus, the aim of this paper is to provide a comprehensive overview of security challenges of ubicomp environments and the corresponding countermeasures proposed over the past decade.

The results of this paper are based on a literature review method originally used in evidence-based medicine called systematic literature review (SLR), which identifies, filters, classifies and summarizes the findings.

Starting from the bibliometric results that clearly show an increasing interest in the topic of ubicomp security worldwide, the findings reveal specific types of attacks and vulnerabilities that have motivated the research over the past decade. This review describes most commonly proposed countermeasures – context-aware access control and authentication mechanisms, cryptographic protocols that account for device’s resource constraints, privacy-preserving mechanisms, and trust mechanisms for wireless ad hoc and sensor networks.

To the best of our knowledge, this is the first SLR on security challenges in ubicomp. The findings should serve as a reference to an extensive list of scientific contributions, as well as a guiding point for the researchers’ novel to the security research in ubicomp.