Search results

This paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.

The research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.

The investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.

The main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.

The proliferation of mobile phones with integrated sensors makes large scale sensing possible at low cost. During mobile sensing, data mostly contain sensitive information of users such as their real-time location. When such information are not effectively secured, users’ privacy can be violated due to eavesdropping and information disclosure. In this paper, we demonstrated the possibility of unauthorized access to location information of a user during sensing due to the ineffective security mechanisms in most sensing applications. We analyzed 40 apps downloaded from Google Play Store and results showed a 100% success rate in traffic interception and disclosure of sensitive information of users. As a countermeasure, a security scheme which ensures encryption and authentication of sensed data using Advanced Encryption Standard 256-Galois Counter Mode was proposed. End-to-end security of location and motion data from smartphone sensors are ensured using the proposed security scheme. Security analysis of the proposed scheme showed it to be effective in protecting Android based sensor data against eavesdropping, information disclosure and data modification.

The association between social media and jealousy is an aspect of the dark side of social media that has garnered significant attention in the past decade. However, the understanding of this association is fragmented and needs to be assimilated to provide scholars with an overview of the current boundaries of knowledge in this area. This systematic literature review (SLR) aims to fulfill this need.

The authors undertake an SLR to assimilate the current knowledge regarding the association between social media and jealousy, and they examine the phenomenon of social media-induced jealousy (SoMJ). Forty-five empirical studies are curated and analyzed using stringent protocols to elucidate the existing research profile and thematic research areas.

The research themes emerging from the SLR are (1) the need for a theoretical and methodological grounding of the concept, (2) the sociodemographic differences in SoMJ experiences, (3) the antecedents of SoMJ (individual, partner, rival and platform affordances) and (4) the positive and negative consequences of SoMJ. Conceptual and methodological improvements are needed to undertake a temporal and cross-cultural investigation of factors that may affect SoMJ and acceptable thresholds for social media behavior across different user cohorts. This study also identifies the need to expand current research boundaries by developing new methodologies and focusing on under-investigated variables.

The study may assist in the development of practical measures to raise awareness about the adverse consequences of SoMJ, such as intimate partner violence and cyberstalking.

This paper aims to determine the impact of mentorship on the development of self-directedness among beginner teachers in their initial years of teaching.

The researcher adopted a positivist paradigm to explore the situation of concern. Quantitative research was conducted, involving the collection and analysis of numerical data. Two closed-ended structured questionnaires were utilised, derived from the 40-item self-directed learning readiness scale (SDLRS) developed by Fisher and King, and a pre-determined questionnaire by Glazerman focused on the first-year teaching experience, induction and mentoring of beginner teachers.

Beginner teachers merely relying on the knowledge obtained from their studies is insufficient to achieve a satisfactory level of self-directedness when starting a teaching career. Most beginner teachers faced significant challenges in their early years of teaching due to the absence of mentoring support. In addition, most indicated that they resume their teaching duties and rely on their district for general support, guidance and orientation. Finally, the results have shown that mentoring positively impacts beginner teachers’ self-directedness.

The first limitation was that this study was narrowed to one South Africa University part-time B.Ed honours students working as beginner teachers in different provinces at primary and secondary schools. As a result, the findings of this research might be interpreted by some critics as one-sided and not representative of the views of most beginner teachers in South Africa who are working. The second limitation of this study is the sample size. In this study, 222 responses were received. As a result, the findings of this research might be considered not representative of the target sample size.

The presence and effective implementation of mentoring programmes in schools can positively impact beginner teachers' professional development and retention during their first years of teaching.

We contend that our research holds significance for international readership as it aims to garner attention towards potential research endeavours in diverse settings concerning mentorship programs for beginner teachers, specifically promoting self-directed learning. Our research offers opportunities to compare our findings with studies conducted in more comprehensive, comparative contexts and foster research possibilities in broader, contrasting contexts.

Based on the findings of this research, the availability and effective use of mentoring programmes would significantly affect beginner teachers' self-directedness, improve their retention rate and alleviate their teaching challenges. This study was the first research on the perceptions of the influence of mentoring on the self-directedness of beginner teachers.

The reality of domestic violence does not disappear when people enter the digital world, as abusers may use technology to stalk, exploit, and control their victims. In this chapter, we discuss three unique types of technological abuse: (1) financial abuse via banking websites and apps; (2) abuse via smart home devices (i.e., “Internet of Things” abuse); and (3) stalking via geo-location or GPS. We also argue pregnancy and wellness apps provide an opportunity for meaningful intervention for pregnant victims of domestic violence.

While there is no way to ensure users' safety in all situations, we argue thoughtful considerations while designing and building digital products can result in meaningful contributions to victims' safety. This chapter concludes with PenzeyMoog's (2020) “Framework for Inclusive Safety,” which is a roadmap for building technology that increases the safety of domestic violence survivors. This framework includes three key points: (1) the importance of educating technologists about domestic violence; (2) the importance of identifying possible abuse situations and designing against them; and (3) identifying user interactions that might signal abuse and offering safe interventions.

The issue of cybersecurity has been cast as the focal point of a fight between two conflicting governance models: the nation-state model of national security and the global governance model of multi-stakeholder collaboration, as seen in forums like IGF, IETF, ICANN, etc. There is a strange disconnect, however, between this supposed fight and the actual control over cybersecurity “on the ground”. This paper aims to reconnect discourse and control via a property rights approach, where control is located first and foremost in ownership.

This paper first conceptualizes current governance mechanisms through ownership and property rights. These concepts locate control over internet resources. They also help us understand ongoing shifts in control. Such shifts in governance are actually happening, security governance is being patched left and right, but these arrangements bear little resemblance to either the national security model of states or the global model of multi-stakeholder collaboration. With the conceptualization in hand, the paper then presents case studies of governance that have emerged around specific security externalities.

While not all mechanisms are equally effective, in each of the studied areas, the author found evidence of private actors partially internalizing the externalities, mostly on a voluntary basis and through network governance mechanisms. No one thinks that this is enough, but it is a starting point. Future research is needed to identify how these mechanisms can be extended or supplemented to further improve the governance of cybersecurity.

This paper bridges together the disconnected research communities on governance and (technical) cybersecurity.

The dependence on the use of information systems for nearly every activity and functions in the internet is increasingly high. This form of interconnectedness has bolstered national economies, enhanced how governments interact with their citizens and how ordinary people connect with friends and family. However, this dependence has equally resulted to a high rise in vulnerability, threat and risk associated with more use of information and communication technology. Cyber-attacks that have the potential to disrupt or damage information system infrastructure are getting more complex with some level of sophistication. Traditional protection of information system infrastructure is no longer sufficient; systems have proven to be immune to failure or incidents. This paper aims to ensure that there is a continuous availability of services through a fail-safe proof.

MYSQL replication technique was used to develop a model based on three-tier layers using the principle of network interdependency and the replication techniques. Tier 1 depicts a Telecom organization serving as service provider that provides internet service to Tier 2 organization – a Bank; Tier 3 is the financial App that can be used by bank staff and customers. The fail-safe mode integrated mechanism enables Tier 3 to continue to render its services in the event of an attack on Tier 1 such as DDoS without disruption.

This technique succeeded in mitigating the loss of data if cyber incident occurred or reception of uninterrupted services is countered, which give rise to future master-to-master architecture.

The study conducted is limited to the design and development of a fail-safe system for interdependent networks or systems using MYSQL replication technique.

In an interdependent environment such as the cyberspace, the sectors are interdependent for optimal results. The originality of the work ensures that there is availability of services which is sustained and that data integrity is assured using the fail-safe technique based on MySQL replication method.

Simulation in education has been well documented. Business simulation games (BSGs) are often digital and run by a third-party provider. This can create barriers to engagement from educator and student perspectives. This paper explores a facilitator-led BSG, posing the question: can facilitator-led BSGs provide practical experiential learning experiences within a taught setting.

Exploratory inductive research recruited a sample of 45 student participants, an external examiner and a module leader. Qualitative data were collected using focus group discussion, participant obsession and facilitator reflection. Mixed-method feedback forms were also used.

The facilitator-led BSG offered a flexible approach to challenge or problem-based learning, experiential learning, collaborative learning and critical reflection. Student feedback was positive, and there was an increase in engagement within all elements of the module.

This paper presents a case study example of the implementation of a facilitator-led BSG, providing an alternative solution for teaching practitioners to structured simulations run by third-party hosts. This paper highlights a flexible approach to student-centric experiential and challenging learning through enterprise education within small-group settings. There are opportunities for further evaluation and exploration of the notion, which can be developed from this paper in future works.

The purpose of this paper is to provide a method to formalize information security control descriptions and a decision support system increasing the automation level and, therefore, the cost efficiency of the information security compliance checking process. The authors advanced the state-of-the-art by developing and applying the method to ISO 27002 information security controls and by developing a semantic decision support system.

The research has been conducted under design science principles. The formalized information security controls were used in a compliance/risk management decision support system which has been evaluated with experts and end-users in real-world environments.

There are different ways of obtaining compliance to information security standards. For example, by implementing countermeasures of different quality depending on the protection needs of the organization. The authors developed decision support mechanisms which use the formal control descriptions as input to support the decision-maker at identifying the most appropriate countermeasure strategy based on cost and risk reduction potential.

Formalizing and mapping the ISO 27002 controls to the security ontology enabled the authors to automatically determine the compliance status and organization-wide risk-level based on the formal control descriptions and the modelled environment, including organizational structures, IT infrastructure, available countermeasures, etc. Furthermore, it allowed them to automatically determine which countermeasures are missing to ensure compliance and to decrease the risk to an acceptable level.

A growing number of studies have investigated the effect of ethical leadership on behavioral outcome of employees. However, considering the important role of ethics in IS security, the security literature lacks a theoretical and empirical investigation of the relationship between ethical leadership and employees' security behavior, such as information security policy (ISP) violation. Drawing on social learning and social exchange theories, this paper empirically tests the impact of ethical leadership on employees' ISP violation intention through both information security climate (i.e. from a moral manager's perspective) and affective commitment (i.e. from a moral person's perspective).

The research was developed based on social learning theory and social exchange theory. To measure the variables in the model, the authors used and adapted measurement items from previous studies. The authors conducted a scenario-based survey with 339 valid responses to test and validate the research model.

Results indicated that information security climate fully mediates the relationship between ethical leadership and ISP violation intention. The authors also found that information security climate enhances the negative effect of affective commitment on ISP violation intention.

This research contributes to the literature of information security by introducing the role of ethical leadership and integrating two theories into our research model. This study also calls attention to how information security climate and affective commitment mediate the relationship between ethical leadership and employees' ISP violation intention. The theory-driven study provides important pragmatic guidance for enhancing the understanding of the importance of ethical leadership in information systems security research.