Search results

Web resource usage statistics enable server owners to monitor how their users use their Web sites. However, such statistics are only compiled for individual servers. If resource usage was monitored across the whole Web, the changing interests of society would be revealed, and deep insights made into the changing nature of the Web. However, capturing the information required for such a service, and providing acceptable system performance, presents significant challenges. As such, we have developed a model, called WebRUM, which offers a scalable system‐wide solution through the extension of a resource migration mechanism that we have previously designed. The paper describes the mechanism, and shows how it can be extended to monitor Web‐wide resource usage. The information stored by the model is defined, and the performance of a prototype mechanism is presented to demonstrate the effectiveness of the design.

This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate users in an IT infrastructure.

Various information security surveys indicate that misuse by legitimate (insider) users has serious implications for the health of IT environments. A brief discussion of survey data and insider threat concepts is followed by an overview of existing research efforts to mitigate this particular problem. None of the existing insider threat mitigation frameworks provide facilities for systematically describing the elements of misuse incidents, and thus all threat mitigation frameworks could benefit from the existence of a domain specific language for describing legitimate user actions.

The paper presents a language development methodology which centres upon ways to abstract the insider threat domain and approaches to encode the abstracted information into language semantics. The language construction methodology is based upon observed information security survey trends and the study of existing insider threat and intrusion specification frameworks.

This paper summarizes the picture of the insider threat in IT infrastructures and provides a useful reference for insider threat modeling researchers by indicating ways to abstract insider threats.

The purpose of this paper is to survey, explore and inform researchers about the previous methodologies applied, target audience and coverage of previous assessment of cybersecurity awareness by capturing, summarizing, synthesizing and critically comment on it. It is also conducted to identify the gaps in the cybersecurity awareness assessment research which warrants the future work.

The authors used a systematic literature review technique to search the relevant online databases by using pre-defined keywords. The authors limited the search to retrieve only English language academic articles published from 2005 to 2014. Relevant information was extracted from the retrieved articles, and the ensuing discussion centres on providing the answers to the research questions.

From the online searches, 23 studies that matched the search criteria were retrieved, and the information extracted from each study includes the authors, publication year, assessment method used, target audiences, coverage of assessment and assessment goals.

The review of the retrieved articles indicates that no previous research was conducted in the assessment of the cybersecurity awareness using a programme evaluation technique. It was also found that few studies focused on youngsters and on the issue of safeguarding personal information.

This research explores the implications for risk management of “People Risk.” In particular how online digital behaviors, particularly from young people entering the workplace for the first time, might impact on the work setting and how risk management might mitigate impact on the employee and organization.

A mixed methods approach was used to consider these implications and draws from a number of data sources in the United Kingdom including a database of self-review data around online safety policy and practice from over 2000 schools, a survey of over 1000 14–16 year olds and their attitudes toward sexting, and a survey of over 500 undergraduate students. In addition the work considers existing risk management approaches and the models therein and how they might be applied to people risk.

The dataset analyzed in this exploration show an education system in the United Kingdom that is not adequately preparing young people with an awareness of the implications of digital behavior in their lives and the survey data shows distorted social norms that might have serious consequences in the workplace.

This research should raise concerns for managers in the workplace who need to be aware of the changes in “normal” behavior and how these potentially harmful practices may be mitigated in the workplace.

The research provides a strong evidence base for a change in “acceptable” social behavior by children and young people alongside an education system not promoting effective awareness. These two datasets combined highlight potential new risks to the workplace.

The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are being used every day by home users. In parallel, home users are also experiencing a range of different online threats and attacks and are increasingly being targeted as they lack the knowledge and awareness about potential threats and how to protect themselves. The increase in technologies and platforms also increases the burden upon a user to understand how to apply security across differing technologies, operating systems and applications. This results in managing the security across their technology portfolio increasingly more troublesome and time consuming. This paper aims to propose an approach that attempts to propose a system for improving security management and awareness for home users.

The proposed system is capable of creating and assigning different security policies for different digital devices in a user-friendly fashion. These assigned policies are monitored, checked and managed to review the user’s compliance with the assigned policies to provide bespoke awareness content based on the user’s current needs.

A novel framework was proposed for improving information security management and awareness for home users. In addition, a mock-up design was developed to simulate the proposed approach to visualise the main concept and the functions which might be performed when it is deployed in a real environment. A number of different scenarios have been simulated to show how the system can manage and deal with different types of users, devices and threats. In addition, the proposed approach has been evaluated by experts in the research domain. The overall feedback is positive, constructive and encouraging. The experts agreed that the identified research problem is a real problem. In addition, they agreed that the proposed approach is usable, feasible and effective in improving security management and awareness for home users.

The proposed design of the system is a mock-up design without real data. Therefore, implementing the proposed approach in a real environment can provide the researcher with a better understanding of the effectiveness and the functionality of the proposed approach.

This study offers a framework and usable mock-up design which can help in improving information security management for home users.

Improving the security management and awareness for home users by monitoring, checking and managing different security controls and configurations effectively are the key to strengthen information security. Therefore, when home users have a good level of security management and awareness, this could protect and secure the home network and subsequently business infrastructure and services as well.

Examines the general requirement for security technologies in order to provide a basis for trust in the e‐commerce environment. The discussion is supported by the findings from two surveys, conducted by the authors, among general Internet users (i.e. potential target consumers) and commercial businesses. These surveys considered both the attitudes to e‐commerce in general and opinions relating to the associated security requirements. Attempts were also made to assess the respondent’s knowledge of the existing security safeguards that may be applied. The survey results suggest that, while there is significant concern among Internet‐based consumers regarding the security of their purchasing activities, these are outweighed by the merits offered by the medium. The results also suggested a lack of awareness or understanding of the security technologies that are available and it is concluded that overcoming this problem would help to establish a wider foundation of trust in the new technology.

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.

An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.

The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.

As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.

Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.

This paper presents the findings of a pilot study to provide information about the characteristics of current networks and data transfers. The main aim of the study was to infer the properties of a large number of network paths. In addition, the study produced statistics relating to the average size of a typical Web page and both under the restriction of a single‐point connection. The study was performed in two steps: trace collection followed by TCP per‐flow analysis. The trace collection used the functionality of a random link generator, combined with an automatic HTTP retrieval tool. The TCP analysis was applied to the collected traces and it involved an offline TCP per‐flow method developed in previous research.

This paper considers the issue of security in the provision of online distance learning. Security represents an aspect that may not suggest itself as a high priority in an educational environment, but evidence indicates that it is definitely required. The discussion presents an overview of the key security requirements and the main technical elements needed to address them.

The purpose of this study is to determine effective online safety awareness education for young people in less developed countries. The research followed an explanatory mixed methods design starting with an online survey (quantitative element) and then interesting or anomalous findings were followed up with one-on-one interviews (qualitative element). The data gathered on the online habits and views of young people were fed into the Young People Online Model. It was also used to create online safety workshops. The standout issue from this research is the prevalence of cyberbullying, and this was used as the core theme. They were carried out using the action-research approach, whereby after each workshop, the facilitators would reflect and analyse and suggest improvements for the next one.

The majority of online safety awareness education programmes have been developed in and for advanced countries. In less developed countries, there are fewer programmes as well as a lack of research on the factors that influence the online behaviour of young people online. The Young People Online Education Framework seeks to address this and provide educators, researchers and policymakers an evidence driven construct for developing education programmes informed by issues affecting young people in their respective country/region.

The framework was applied in Thailand. As there were very few previous studies, original research was conducted via surveys and interviews. It was found that a high proportion of young people had experienced negative interactions online with cyberbullying the main concern. This was confirmed during the workshop phase indicating the need for more research and workshops. There is a plan to continue the research in Thailand, and it is hoped that other researchers will make use of the framework to extend its scope and application.

A novel feature of this framework is the cultural mask. The cultural context of learners is often overlooked in education, especially when education programmes are imported from other countries. This research contends that effective learning strategies and programmes will have a better chance to succeed if the cultural makeup of the target audience is considered and that all topics and activities are parsed through the cultural mask element of the framework.