Search results

This study explores the importance of and vulnerabilities in deploying physical access control (PAC) devices in a typical university setting.

The study adopts face-to-face and telephone interviews. This study uses a semi-structured interview guide to solicit the views of 25 interviewees on the subject under consideration. Qualitative responses to the interview are thematically analyzed using NVivo 11 Pro analysis application software.

The findings reveal five importance and seven vulnerabilities in the deployment of PAC devices in the institution. Key among the importance of deploying the devices are “prevent unwanted premise access or intrusions,” “prevent disruptions to university/staff operations on campus” and “protect students and staff from outside intruders.” Key among the identified vulnerabilities are “tailgating”, “delay in emergent cases” and “power outage may affect its usage.”

This study offers insight into a rare area of study, especially in the Sub-Saharan Africa region. Furthermore, the study contributes to the state-of-the-art importance and vulnerabilities in deploying PAC devices in daily human activities. The study is valuable in that it has the potential to establish a foundation for future studies that may delve into investigating issues associated with the deployment of PAC devices.

Computerized accounting information systems (CAIS) are becoming more readily available to all types and sizes of business. The increased growth in real‐time and online data processing in CAIS has made access to these systems more available and easier for many users. Therefore, implementing adequate security controls over organisations, CAIS and their related facilities has become a necessity. The main objective of this article is to investigate the adequacy security controls implemented in the Egyptian banking industry (EBI) to preserve the confidentiality, integrity and availability of the banks' data and their CAIS through a proposed security controls check‐list. The security controls check‐list of CAIS was developed based on the available literature and the empirical results of previous studies. It includes many security counter‐measures that are empirically tested here for the first time. The entire population of the EBI has been surveyed in this research. The significant differences between the two respondent groups had been investigated. The statistical results revealed that the vast majority of Egyptian banks had adequate CAIS security controls in place. The results also revealed that the heads of computer departments (HoCD) paid relatively more attention to technical problems of CAIS security controls. This study has provided invaluable empirical results regarding inadequacies of implemented CAIS security controls in the EBI. Accordingly some recommendations were suggested to strengthen the security controls in the Egyptian banking sector.

This paper aims to examine the existence and adequacy of implemented computerized accounting information system (CAIS) security controls to prevent, detect and correct security breaches in Saudi organization.

The first part of the paper introduces and discusses the literature review concerned with the CAIS security controls. The current paper introduces and discusses the main results of the empirical investigation. An empirical survey using self‐administered questionnaire, was carried out to achieve this purpose. A total of 500 questionnaires were distributed on a random sample of Saudi organizations. Of them, 275 valid, usable questionnaires were collected and analyzed.

The results of the study highlight a number of inadequately implemented CAIS security controls, and some suggestions and recommendations are introduced to strengthen the weak points and to close the loopholes in the present CAIS security controls in Saudi organizations.

From a practical standpoint, mangers, auditors, IT users and practitioners alike stand to gain from the findings of this study.

The results presented in the paper help enable managers, auditors, IT users and practitioners to better understand and secure their CAIS and to champion IT development for the success of their businesses.

The purpose of this paper is to present a smartphone-based physical access control system in which the access points are not directly connected to a central authorization server, but rather use the connectivity of the mobile phone to authorize a user access request online by a central access server. The access points ask the mobile phone whether a particular user has access or not. The mobile phone then relays such a request to the access server or presents an offline ticket. One of the basic requirements of our solution is the independence from third parties like mobile network operators, trusted service managers and handset manufacturers.

The authentication of the smartphone is based on public key cryptography. This requires that the private key is stored in a secure element or in a trusted execution environment to prevent identity theft. However, due to the intended independence from third parties, subscriber identity module (SIM)-based secure elements and embedded secure elements (i.e. separate hardware chips on the handset) were not an option and only one of the remaining secure element architectures could be used: host card emulation (HCE) or a microSD-based secure element.

This paper describes the implementation of such a physical access control system and discusses its security properties. In particular, it is shown that the HCE approach cannot solve the relay attack under conservative security assumptions and an implementation based on a microSD secure element is presented and discussed. Moreover, the paper also describes an offline solution which can be used if the smartphone is not connected to the access server. In this case, an access token is sent to the access point in response to an access request. These tokens are renewed regularly and automatically whenever the smartphone is connected.

In this paper, a physical access control system is presented which operates as fast as existing card-based solutions. By using a microSD-based secure element (SE), the authors were able to prevent the software relay attack. This solution is not restricted to microSD-based SEs, it could also be implemented with SIM-based or embedded secure elements (with the consequence that the solution depends on third parties).

Purpose: Small and medium enterprises (SMEs) are the most significant contributors to maximum employment generation, the gross domestic product (GDP) of many countries, and the overall global economy. It is also evident that cyber threats are becoming a big challenge for SMEs, which is directly impacting global economy.

Methodology: Existing research inputs were accessed to understand current cyber threats for SMEs and their cybersecurity posture. Additionally, this research has collected the latest insights by taking direct inputs from SMEs and conducting a well-designed research survey. It has provided a few direct inputs to designing solutions for the SME segment. For analysis and recommendations, cybersecurity best practices and core cybersecurity concepts are considered at the centre of the solution.

Findings: Implementing existing cybersecurity standards or frameworks is not easy for SMEs, as they generally have limited resources and different priorities for their business when it comes to the implementation of any cybersecurity controls. Currently, many cybersecurity standards are not able to support the implementation of business domain-specific controls.

Practical implications: Along with the research findings shared in this chapter, as a resolution to the problems faced by SMEs, the authors will propose a new framework as a solution. This framework is designed using core concepts of cybersecurity such as confidentiality, integrity, and availability (CIA triad) as well as defence in depth (DiD) mechanisms in each layer of organisation. The authors will also share a high-level idea about how reliable artificial intelligence-based software can help identify recommended controls for particular SMEs.

The main objective of the paper is to investigate the existence and adequacy of implemented Computerized Accounting Information Systems (CAIS) security controls to prevent, detect and correct security breaches in Saudi Arabian organizations. This is the first part of a two‐part paper on the subject.

This paper presents and examines the literature review related to CAIS security controls.

Finds that the results of the study will enable managers and practitioners to better secure their CAIS and to champion IT development for the success of their business.

This paper fills a vacuum by conducting research in Saudi Arabia, a developing country, whereas previous research has mainly involved developed countries.

The purpose of this paper is to propose a framework for security controls automation, in order to achieve greater efficiency and reduce the complexity of information security management.

This research reviewed the controls recommended by well known standards such as ISO/IEC 27001 and NIST SP 800‐53; and identified security controls that can be automated by existing hard‐and software tools. The research also analyzed the Security Information and Event Management (SIEM) technology and proposed a SIEM‐based framework for security controls automation, taking into account the automation potential of SIEM systems and their integration possibilities with several security tools.

About 30 per cent of information security controls can be automated and they were grouped in a list of ten automatable security controls. A SIEM‐based framework can be used for centralized and integrated management of the ten automatable security controls.

By implementing the proposed framework and therefore automating as many security controls as possible, organizations will achieve more efficiency in information security management, reducing also the complexity of this process. This research may also be useful for SIEM vendors, in order to include more functionality to their products and provide a maximum of security controls automation within SIEM platforms.

This paper delimits the boundaries of information security automation and defines what automation means for each security control. A novel framework for security controls automation is proposed. This research provides an automation concept that goes beyond what it is normally described in previous works and SIEM solutions.

This study aims at investigating the extent of SysTrust’s framework (principles and criteria) as an internal control approach for assuring the reliability of accounting information system (AIS) were being implemented in Jordanian business organizations.

The study is based on primary data collected through a structured questionnaire from 239 out of 328 shareholdings companies. The survey units were the shareholding companies in Jordan, and the single key respondents approach was adopted. The extents of SysTrust principles were also measured. Previously validated instruments were used where required. The data were analysed using t-test and ANOVA.

The results indicated that the extent of SysTrust being implemented could be considered to be moderate at this stage. This implies that there are some variations among business organizations in terms of their level of implementing of SysTrust principles and criteria. The results also showed that the extent of SysTrust principles being implemented was varied among business organizations based on their business sector. However, there were not found varied due to their size of business and a length of time in business (experience).

This study is only conducted in Jordan as a developing country. Although Jordan is a valid indicator of prevalent factors in the wider MENA region and developing countries, the lack of external validity of this research means that any generalization of the research findings should be made with caution. Future research can be orientated to other national and cultural settings and compared with the results of this study.

The study provides evidence of the need for management to recognize the importance of the implementation of SysTrust principles and criteria as an internal control for assuring the reliability of AIS within their organizations and be aware which of these principles are appropriate to their size and industry sector.

The findings would be valuable for academic researchers, managers and professional accounting to acquire a better undemanding of the current status of the implementation of the SysTrust principles (i.e., availability, security, integrity processing, confidentiality, and privacy) as an internal control method for assuring the reliability of AIS by testing the phenomenon in Jordan as a developing country.

Internet has changed radically in the way people interact in the virtual world, in their careers or social relationships. IoT technology has added a new vision to this process by enabling connections between smart objects and humans, and also between smart objects themselves, which leads to anything, anytime, anywhere, and any media communications. IoT allows objects to physically see, hear, think, and perform tasks by making them talk to each other, share information and coordinate decisions. To enable the vision of IoT, it utilizes technologies such as ubiquitous computing, context awareness, RFID, WSN, embedded devices, CPS, communication technologies, and internet protocols. IoT is considered to be the future internet, which is significantly different from the Internet we use today. The purpose of this paper is to provide up-to-date literature on trends of IoT research which is driven by the need for convergence of several interdisciplinary technologies and new applications.

A comprehensive IoT literature review has been performed in this paper as a survey. The survey starts by providing an overview of IoT concepts, visions and evolutions. IoT architectures are also explored. Then, the most important components of IoT are discussed including a thorough discussion of IoT operating systems such as Tiny OS, Contiki OS, FreeRTOS, and RIOT. A review of IoT applications is also presented in this paper and finally, IoT challenges that can be recently encountered by researchers are introduced.

Studies of IoT literature and projects show the disproportionate importance of technology in IoT projects, which are often driven by technological interventions rather than innovation in the business model. There are a number of serious concerns about the dangers of IoT growth, particularly in the areas of privacy and security; hence, industry and government began addressing these concerns. At the end, what makes IoT exciting is that we do not yet know the exact use cases which would have the ability to significantly influence our lives.

This survey provides a comprehensive literature review on IoT techniques, operating systems and trends.

The purpose of this paper is to present a model of “environmental control”. Environmental control can be provided through: furnishings and work tools that can be modified or manipulated, choice of time and location of work, organizational policies for flexible work programs, training, and computing and communications technologies that extend control. This paper seeks to propose that enhanced environmental control is related to improved individual, group and organizational performance.

A conceptual model is presented of environmental control coupled with a review and analysis of relevant literature that support the model and identify areas that require further development and research.

The literature review and analysis show support for the model of environmental control. The research reviewed reveals a consistent relationship between workplace capabilities that provide control, and positive behavioral and business performance outcomes for individuals, teams and business units. The review identifies gaps in the empirical support for the model and provides directions for future research.

Ultimately, environmental control is proposed as a means for providing choice about where, when and how to work, which can be used to improve the performance of people and organizations. Thus, environmental control is a crucial capability in which organizations should invest, by optimizing choice through workspace, policies, and technology. By leveraging control as a central component of workplace strategy, organizations may enhance their competitive advantage.

Much of the research described in the paper, and methods employed, are appropriate for exploratory research and theory‐building.