Search results

1 – 10 of 449
Article
Publication date: 1 May 2003

M.P. Evans and S.M. Furnell

Web resource usage statistics enable server owners to monitor how their users use their Web sites. However, such statistics are only compiled for individual servers. If resource…

Abstract

Web resource usage statistics enable server owners to monitor how their users use their Web sites. However, such statistics are only compiled for individual servers. If resource usage was monitored across the whole Web, the changing interests of society would be revealed, and deep insights made into the changing nature of the Web. However, capturing the information required for such a service, and providing acceptable system performance, presents significant challenges. As such, we have developed a model, called WebRUM, which offers a scalable system‐wide solution through the extension of a resource migration mechanism that we have previously designed. The paper describes the mechanism, and shows how it can be extended to monitor Web‐wide resource usage. The information stored by the model is defined, and the performance of a prototype mechanism is presented to demonstrate the effectiveness of the design.

Details

Campus-Wide Information Systems, vol. 20 no. 2
Type: Research Article
ISSN: 1065-0741

Keywords

Article
Publication date: 1 August 2006

G.B. Magklaras, S.M. Furnell and P.J. Brooke

This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate…

1244

Abstract

Purpose

This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate users in an IT infrastructure.

Design/methodology/approach

Various information security surveys indicate that misuse by legitimate (insider) users has serious implications for the health of IT environments. A brief discussion of survey data and insider threat concepts is followed by an overview of existing research efforts to mitigate this particular problem. None of the existing insider threat mitigation frameworks provide facilities for systematically describing the elements of misuse incidents, and thus all threat mitigation frameworks could benefit from the existence of a domain specific language for describing legitimate user actions.

Findings

The paper presents a language development methodology which centres upon ways to abstract the insider threat domain and approaches to encode the abstracted information into language semantics. The language construction methodology is based upon observed information security survey trends and the study of existing insider threat and intrusion specification frameworks.

Originality/value

This paper summarizes the picture of the insider threat in IT infrastructures and provides a useful reference for insider threat modeling researchers by indicating ways to abstract insider threats.

Details

Information Management & Computer Security, vol. 14 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 7 April 2015

Noor Hayani Abd Rahim, Suraya Hamid, Miss Laiha Mat Kiah, Shahaboddin Shamshirband and Steven Furnell

The purpose of this paper is to survey, explore and inform researchers about the previous methodologies applied, target audience and coverage of previous assessment of…

4222

Abstract

Purpose

The purpose of this paper is to survey, explore and inform researchers about the previous methodologies applied, target audience and coverage of previous assessment of cybersecurity awareness by capturing, summarizing, synthesizing and critically comment on it. It is also conducted to identify the gaps in the cybersecurity awareness assessment research which warrants the future work.

Design/methodology/approach

The authors used a systematic literature review technique to search the relevant online databases by using pre-defined keywords. The authors limited the search to retrieve only English language academic articles published from 2005 to 2014. Relevant information was extracted from the retrieved articles, and the ensuing discussion centres on providing the answers to the research questions.

Findings

From the online searches, 23 studies that matched the search criteria were retrieved, and the information extracted from each study includes the authors, publication year, assessment method used, target audiences, coverage of assessment and assessment goals.

Originality/value

The review of the retrieved articles indicates that no previous research was conducted in the assessment of the cybersecurity awareness using a programme evaluation technique. It was also found that few studies focused on youngsters and on the issue of safeguarding personal information.

Details

Kybernetes, vol. 44 no. 4
Type: Research Article
ISSN: 0368-492X

Keywords

Book part
Publication date: 26 August 2014

Andy Phippen and Simon Ashby

This research explores the implications for risk management of “People Risk.” In particular how online digital behaviors, particularly from young people entering the workplace for…

Abstract

Purpose

This research explores the implications for risk management of “People Risk.” In particular how online digital behaviors, particularly from young people entering the workplace for the first time, might impact on the work setting and how risk management might mitigate impact on the employee and organization.

Design/methodology/approach

A mixed methods approach was used to consider these implications and draws from a number of data sources in the United Kingdom including a database of self-review data around online safety policy and practice from over 2000 schools, a survey of over 1000 14–16 year olds and their attitudes toward sexting, and a survey of over 500 undergraduate students. In addition the work considers existing risk management approaches and the models therein and how they might be applied to people risk.

Findings

The dataset analyzed in this exploration show an education system in the United Kingdom that is not adequately preparing young people with an awareness of the implications of digital behavior in their lives and the survey data shows distorted social norms that might have serious consequences in the workplace.

Practical implications

This research should raise concerns for managers in the workplace who need to be aware of the changes in “normal” behavior and how these potentially harmful practices may be mitigated in the workplace.

Originality/value

The research provides a strong evidence base for a change in “acceptable” social behavior by children and young people alongside an education system not promoting effective awareness. These two datasets combined highlight potential new risks to the workplace.

Details

Social Media in Strategic Management
Type: Book
ISBN: 978-1-78190-898-3

Keywords

Article
Publication date: 3 August 2020

Fayez Ghazai Alotaibi, Nathan Clarke and Steven M. Furnell

The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are being used…

Abstract

Purpose

The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are being used every day by home users. In parallel, home users are also experiencing a range of different online threats and attacks and are increasingly being targeted as they lack the knowledge and awareness about potential threats and how to protect themselves. The increase in technologies and platforms also increases the burden upon a user to understand how to apply security across differing technologies, operating systems and applications. This results in managing the security across their technology portfolio increasingly more troublesome and time consuming. This paper aims to propose an approach that attempts to propose a system for improving security management and awareness for home users.

Design/methodology/approach

The proposed system is capable of creating and assigning different security policies for different digital devices in a user-friendly fashion. These assigned policies are monitored, checked and managed to review the user’s compliance with the assigned policies to provide bespoke awareness content based on the user’s current needs.

Findings

A novel framework was proposed for improving information security management and awareness for home users. In addition, a mock-up design was developed to simulate the proposed approach to visualise the main concept and the functions which might be performed when it is deployed in a real environment. A number of different scenarios have been simulated to show how the system can manage and deal with different types of users, devices and threats. In addition, the proposed approach has been evaluated by experts in the research domain. The overall feedback is positive, constructive and encouraging. The experts agreed that the identified research problem is a real problem. In addition, they agreed that the proposed approach is usable, feasible and effective in improving security management and awareness for home users.

Research limitations/implications

The proposed design of the system is a mock-up design without real data. Therefore, implementing the proposed approach in a real environment can provide the researcher with a better understanding of the effectiveness and the functionality of the proposed approach.

Practical implications

This study offers a framework and usable mock-up design which can help in improving information security management for home users.

Originality/value

Improving the security management and awareness for home users by monitoring, checking and managing different security controls and configurations effectively are the key to strengthen information security. Therefore, when home users have a good level of security management and awareness, this could protect and secure the home network and subsequently business infrastructure and services as well.

Details

Information & Computer Security, vol. 29 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 December 1999

S.M. Furnell and T. Karweni

Examines the general requirement for security technologies in order to provide a basis for trust in the e‐commerce environment. The discussion is supported by the findings from…

7780

Abstract

Examines the general requirement for security technologies in order to provide a basis for trust in the e‐commerce environment. The discussion is supported by the findings from two surveys, conducted by the authors, among general Internet users (i.e. potential target consumers) and commercial businesses. These surveys considered both the attitudes to e‐commerce in general and opinions relating to the associated security requirements. Attempts were also made to assess the respondent’s knowledge of the existing security safeguards that may be applied. The survey results suggest that, while there is significant concern among Internet‐based consumers regarding the security of their purchasing activities, these are outweighed by the merits offered by the medium. The results also suggested a lack of awareness or understanding of the security technologies that are available and it is concluded that overcoming this problem would help to establish a wider foundation of trust in the new technology.

Details

Internet Research, vol. 9 no. 5
Type: Research Article
ISSN: 1066-2243

Keywords

Article
Publication date: 28 August 2019

Adéle Da Veiga, Ruthea Vorster, Fudong Li, Nathan Clarke and Steven M. Furnell

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish…

Abstract

Purpose

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.

Design/methodology/approach

An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.

Findings

The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.

Research limitations/implications

As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.

Originality/value

Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.

Article
Publication date: 1 August 2003

B.V. Ghita, S.M. Furnell, B.M. Lines and E.C. Ifeachor

This paper presents the findings of a pilot study to provide information about the characteristics of current networks and data transfers. The main aim of the study was to infer…

Abstract

This paper presents the findings of a pilot study to provide information about the characteristics of current networks and data transfers. The main aim of the study was to infer the properties of a large number of network paths. In addition, the study produced statistics relating to the average size of a typical Web page and both under the restriction of a single‐point connection. The study was performed in two steps: trace collection followed by TCP per‐flow analysis. The trace collection used the functionality of a random link generator, combined with an automatic HTTP retrieval tool. The TCP analysis was applied to the collected traces and it involved an offline TCP per‐flow method developed in previous research.

Details

Campus-Wide Information Systems, vol. 20 no. 3
Type: Research Article
ISSN: 1065-0741

Keywords

Article
Publication date: 1 June 2001

S.M. Furnell and T. Karweni

This paper considers the issue of security in the provision of online distance learning. Security represents an aspect that may not suggest itself as a high priority in an…

Abstract

This paper considers the issue of security in the provision of online distance learning. Security represents an aspect that may not suggest itself as a high priority in an educational environment, but evidence indicates that it is definitely required. The discussion presents an overview of the key security requirements and the main technical elements needed to address them.

Details

VINE, vol. 31 no. 2
Type: Research Article
ISSN: 0305-5728

Article
Publication date: 23 March 2022

Eric Amankwa, Marianne Loock and Elmarie Kritzinger

This paper aims to examine the individual and combined effects of organisational and behavioural factors on employees’ attitudes and intentions to establish an information…

1549

Abstract

Purpose

This paper aims to examine the individual and combined effects of organisational and behavioural factors on employees’ attitudes and intentions to establish an information security policy compliance culture (ISPCC) in organisations.

Design/methodology/approach

Based on factors derived from the organisational culture theory, social bond theory and accountability theory, a testable research model was developed and evaluated in an online survey that involves the use of a questionnaire to collect quantitative data from 313 employees, from ten different organisations in Ghana. The data collected were analysed using the partial least squares-structural equation modelling approach, involving the measurement and structural model tests.

Findings

The study reveals that the individual measures of accountability – identifiability (2.4%), expectations of evaluation (38.8%), awareness of monitoring (55.7%) and social presence (−41.2%) – had weak to moderate effects on employees’ attitudes towards information security policy compliance. However, the combined effect showed a significant influence. In addition, organisational factors – supportive organisational culture (15%), security compliance leadership (2%) and user involvement (63%) – showed positive effects on employees’ attitudes. Further, employees’ attitudes had a substantial influence (65%), while behavioural intentions demonstrated a weak effect (24%) on the establishment of an ISPCC in the organisation. The combined effect also had a substantial statistical influence on the establishment of an ISPCC in the organisation.

Practical implications

Given the findings of the study, information security practitioners should implement organisational and behavioural factors that will have an impact on compliance, in tandem, with the organisational effort to build a culture of compliance for information security policies.

Originality/value

The study provides new insights on how to address the problem of non-compliance with regard to the information security policy in organisations through the combined application of organisational and behavioural factors to establish an information security policy compliance culture, which has not been considered in any past research.

Details

Information & Computer Security, vol. 30 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

1 – 10 of 449