Search results

This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.

Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.

The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.

This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.

In this study, the authors seek to understand factors that naturally influence users to adopt two-factor authentication (2FA) without even trying to intervene by investigating factors within individuals that may influence their decision to adopt 2FA by themselves.

A total of 1,852 individuals from all 34 provinces in Indonesia participated in this study by filling out online questionnaires. The authors discussed the results from statistical analysis further through the lens of the loss aversion theory.

The authors found that loss aversion, represented by higher income that translates to greater potential pain caused by losing things to be the most significant demographic factor behind 2FA adoption. On the contrary, those with a low-income background, even if they have some college degree, are more likely to skip 2FA despite their awareness of this technology. The authors also found that the older generation, particularly females, to be among the most vulnerable groups when it comes to authentication-based cyber threats as they are much less likely to adopt 2FA, or even to be aware of its existence in the first place.

Authentication is one of the most important topics in cybersecurity that is related to human-computer interaction. While 2FA increases the security level of authentication methods, it also requires extra efforts that can translate to some level of inconvenience on the user's end. By identifying the associated factors from the user's ends, a necessary intervention can be made so that more users are willing to jump on the 2FA adopters' train.

The reality of domestic violence does not disappear when people enter the digital world, as abusers may use technology to stalk, exploit, and control their victims. In this chapter, we discuss three unique types of technological abuse: (1) financial abuse via banking websites and apps; (2) abuse via smart home devices (i.e., “Internet of Things” abuse); and (3) stalking via geo-location or GPS. We also argue pregnancy and wellness apps provide an opportunity for meaningful intervention for pregnant victims of domestic violence.

While there is no way to ensure users' safety in all situations, we argue thoughtful considerations while designing and building digital products can result in meaningful contributions to victims' safety. This chapter concludes with PenzeyMoog's (2020) “Framework for Inclusive Safety,” which is a roadmap for building technology that increases the safety of domestic violence survivors. This framework includes three key points: (1) the importance of educating technologists about domestic violence; (2) the importance of identifying possible abuse situations and designing against them; and (3) identifying user interactions that might signal abuse and offering safe interventions.

Technology-facilitated abuse, so-called “tech abuse,” through phones, trackers, and other emerging innovations, has a substantial impact on the nature of intimate partner violence (IPV). The current chapter examines the risks and harms posed to IPV victims/survivors from the burgeoning Internet of Things (IoT) environment. IoT systems are understood as “smart” devices such as conventional household appliances that are connected to the internet. Interdependencies between different products together with the devices' enhanced functionalities offer opportunities for coercion and control. Across the chapter, we use the example of IoT to showcase how and why tech abuse is a socio-technological issue and requires not only human-centered (i.e., societal) but also cybersecurity (i.e., technical) responses. We apply the method of “threat modeling,” which is a process used to investigate potential cybersecurity attacks, to shift the conventional technical focus from the risks to systems toward risks to people. Through the analysis of a smart lock, we highlight insufficiently designed IoT privacy and security features and uncover how seemingly neutral design decisions can constrain, shape, and facilitate coercive and controlling behaviors.

There is widespread concern about the fact that small- and medium-sized enterprises (SMEs) seem to be particularly vulnerable to cyberattacks. This is perhaps because smaller businesses lack sufficient situational awareness to make informed decisions in this space, or because they lack the resources to implement security controls and precautions.

In this paper, Endsley’s theory of situation awareness was extended to propose a model of SMEs’ cyber situational awareness, and the extent to which this awareness triggers the implementation of cyber security measures. Empirical data were collected through an online survey of 361 UK-based SMEs; subsequently, the authors used partial least squares modeling to validate the model.

The results show that heightened situational awareness, as well as resource availability, significantly affects SMEs’ implementation of cyber precautions and controls.

While resource limitations are undoubtedly a problem for SMEs, their lack of cyber situational awareness seems to be the area requiring most attention.

The findings of this study are reported and recommendations were made that can help to improve situational awareness, which will have the effect of encouraging the implementation of cyber security measures.

This is the first study to apply the situational awareness theory to understand why SMEs do not implement cyber security best practice measures.

The purpose of this paper is to elaborate the significance of safeguards in digital ecosystems and their role in generating trust among participants. This paper argues that the right mix and number of safeguards are crucial for an ecosystem’s growth and success. It offers ecosystem orchestrators concrete guidelines for how to implement and monitor safeguards.

This research is based on both consulting experience and publicly available information on several digital ecosystems.

This research conceptualizes safeguards as precautionary mechanisms that mandate or promote desirable behavior in an effort to engender trust among ecosystem participants. Safeguards can take various forms, including passwords, escrow, user privacy controls, ratings and reviews and policies and contracts. Striking the right balance of safeguards – neither too few nor too many – is crucial for ecosystem orchestrators. This paper identifies the factors that determine the optimal mix of safeguards, including the power asymmetry between sellers and buyers, the sophistication of participants, the nature of transactions, the cost of negative outcomes and the cost-benefit tradeoff.

To the best of the authors’ knowledge, this study is one of the first to illuminate the relationship between safeguards and trust in the context of digital ecosystem. It is also one of the few attempts to provide managerial guidance for ecosystem designers trying to structure their platform for trust.

This study aims to investigate the motives of mobile payment adoption from both customers' and retailers' perspectives in Sri Lanka during the COVID-19 pandemic period. It also aims to compare the motives of mobile payment adoption across rural and urban contexts.

The study employs a mixed-method approach with a concurrent research design. Both a survey of customers and in-depth interviews of managers in retail companies are used.

The study discloses that performance expectancy and facilitating conditions (PEFC), Hedonic motivation (HM) and perceived technology security (PTS) as significant motives for customers to adopt mobile payment during this pandemic period. Such findings are confirmed by the four challenges disclose by the retailers. The unfamiliarity of customers, lack of employees' knowledge on mobile payment systems, poor management orientation and lack of computer literacy of customers are the main challenges from the retailers' perspectives. Further, it shows, though PEFC is a common motive, other motives are different across rural and urban.

The findings of the study are helpful for retailers and policymakers. Retailers can develop strategies to enhance mobile payment adoption through PEFC, HM and PTS by giving special attention to the rural community. The main motive possible to use in both rural and urban contexts is PEFC. Further, retailers should take the initiatives to uplift the technological know-how of their employees while inculcating supportive management orientation. Policymakers can use this study to develop policies to enhance the community's familiarity with mobile payment technology and computer literacy.

To the best of the authors’ knowledge, this is the first study to investigate motives for adopting mobile payments from both customers' and retailers' perspectives while being the first scrutiny to compare rural and urban scenarios. The use of mixed methods with concurrent research design also contributes to originality.

Research on employee non-/compliance to information security policies suffers from inconsistent results and there is an ongoing discussion about the dominating survey research methodology and its potential effect on these results. This study aims to add to this discussion by investigating discrepancies between what the authors claim to measure (theoretical properties of variables) and what they actually measure (respondents’ interpretations of the operationalized variables). This study asks: How well do respondents’ interpretations of variables correspond to their theoretical definitions? What are the characteristics of any discrepancies between variable definitions and respondent interpretations?

This study is based on in-depth interviews with 17 respondents from the Swedish public sector to understand how they interpret questionnaire measurement items operationalizing the variables Perceived Severity from Protection Motivation Theory and Attitude from Theory of Planned Behavior.

The authors found that respondents’ interpretations in many cases differ substantially from the theoretical definitions. Overall, the authors found four principal ways in which respondents interpreted measurement items – referred to as property contextualization, extension, alteration and oscillation – each implying more or less (dis)alignment with the intended theoretical properties of the two variables examined.

The qualitative method used proved vital to better understand respondents’ interpretations which, in turn, is key for improving self-reporting measurement instruments. To the best of the authors’ knowledge, this study is a first step toward understanding how precise and uniform definitions of variables’ theoretical properties can be operationalized into effective measurement items.

This study aims to investigate how a policy framework can be applied in the use of artificial intelligence (AI) for the management of records at the Council for Scientific and Industrial Research (CSIR) in South Africa. A policy and legal framework enables the records divisions to protect, administer and make their records available in a safe and professional way. Policies play a crucial role in ensuring that records are properly managed.

Convergent mixed-methods research was conducted, and data were collected using interviews and questionnaires. Data were analysed thematically and statistically and presented in tables and figures.

The study reveals that the policy framework should also include the application of AI for the management of records. Therefore, this study further concludes that the CSIR should review their policy framework to ensure the application of AI for the management of records is accommodated.

The study proposed a framework to guide the application of the policy framework in using AI for the management of records at CSIR. It is hoped that the proposed framework will serve as a guideline for the implementation of a policy framework in the utilisation of AI in the archives and records management sector.