Search results
1 – 10 of 442Web resource usage statistics enable server owners to monitor how their users use their Web sites. However, such statistics are only compiled for individual servers. If resource…
Abstract
Web resource usage statistics enable server owners to monitor how their users use their Web sites. However, such statistics are only compiled for individual servers. If resource usage was monitored across the whole Web, the changing interests of society would be revealed, and deep insights made into the changing nature of the Web. However, capturing the information required for such a service, and providing acceptable system performance, presents significant challenges. As such, we have developed a model, called WebRUM, which offers a scalable system‐wide solution through the extension of a resource migration mechanism that we have previously designed. The paper describes the mechanism, and shows how it can be extended to monitor Web‐wide resource usage. The information stored by the model is defined, and the performance of a prototype mechanism is presented to demonstrate the effectiveness of the design.
Details
Keywords
G.B. Magklaras, S.M. Furnell and P.J. Brooke
This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate…
Abstract
Purpose
This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate users in an IT infrastructure.
Design/methodology/approach
Various information security surveys indicate that misuse by legitimate (insider) users has serious implications for the health of IT environments. A brief discussion of survey data and insider threat concepts is followed by an overview of existing research efforts to mitigate this particular problem. None of the existing insider threat mitigation frameworks provide facilities for systematically describing the elements of misuse incidents, and thus all threat mitigation frameworks could benefit from the existence of a domain specific language for describing legitimate user actions.
Findings
The paper presents a language development methodology which centres upon ways to abstract the insider threat domain and approaches to encode the abstracted information into language semantics. The language construction methodology is based upon observed information security survey trends and the study of existing insider threat and intrusion specification frameworks.
Originality/value
This paper summarizes the picture of the insider threat in IT infrastructures and provides a useful reference for insider threat modeling researchers by indicating ways to abstract insider threats.
Details
Keywords
Fayez Ghazai Alotaibi, Nathan Clarke and Steven M. Furnell
The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are being used…
Abstract
Purpose
The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are being used every day by home users. In parallel, home users are also experiencing a range of different online threats and attacks and are increasingly being targeted as they lack the knowledge and awareness about potential threats and how to protect themselves. The increase in technologies and platforms also increases the burden upon a user to understand how to apply security across differing technologies, operating systems and applications. This results in managing the security across their technology portfolio increasingly more troublesome and time consuming. This paper aims to propose an approach that attempts to propose a system for improving security management and awareness for home users.
Design/methodology/approach
The proposed system is capable of creating and assigning different security policies for different digital devices in a user-friendly fashion. These assigned policies are monitored, checked and managed to review the user’s compliance with the assigned policies to provide bespoke awareness content based on the user’s current needs.
Findings
A novel framework was proposed for improving information security management and awareness for home users. In addition, a mock-up design was developed to simulate the proposed approach to visualise the main concept and the functions which might be performed when it is deployed in a real environment. A number of different scenarios have been simulated to show how the system can manage and deal with different types of users, devices and threats. In addition, the proposed approach has been evaluated by experts in the research domain. The overall feedback is positive, constructive and encouraging. The experts agreed that the identified research problem is a real problem. In addition, they agreed that the proposed approach is usable, feasible and effective in improving security management and awareness for home users.
Research limitations/implications
The proposed design of the system is a mock-up design without real data. Therefore, implementing the proposed approach in a real environment can provide the researcher with a better understanding of the effectiveness and the functionality of the proposed approach.
Practical implications
This study offers a framework and usable mock-up design which can help in improving information security management for home users.
Originality/value
Improving the security management and awareness for home users by monitoring, checking and managing different security controls and configurations effectively are the key to strengthen information security. Therefore, when home users have a good level of security management and awareness, this could protect and secure the home network and subsequently business infrastructure and services as well.
Details
Keywords
Noor Hayani Abd Rahim, Suraya Hamid, Miss Laiha Mat Kiah, Shahaboddin Shamshirband and Steven Furnell
The purpose of this paper is to survey, explore and inform researchers about the previous methodologies applied, target audience and coverage of previous assessment of…
Abstract
Purpose
The purpose of this paper is to survey, explore and inform researchers about the previous methodologies applied, target audience and coverage of previous assessment of cybersecurity awareness by capturing, summarizing, synthesizing and critically comment on it. It is also conducted to identify the gaps in the cybersecurity awareness assessment research which warrants the future work.
Design/methodology/approach
The authors used a systematic literature review technique to search the relevant online databases by using pre-defined keywords. The authors limited the search to retrieve only English language academic articles published from 2005 to 2014. Relevant information was extracted from the retrieved articles, and the ensuing discussion centres on providing the answers to the research questions.
Findings
From the online searches, 23 studies that matched the search criteria were retrieved, and the information extracted from each study includes the authors, publication year, assessment method used, target audiences, coverage of assessment and assessment goals.
Originality/value
The review of the retrieved articles indicates that no previous research was conducted in the assessment of the cybersecurity awareness using a programme evaluation technique. It was also found that few studies focused on youngsters and on the issue of safeguarding personal information.
Details
Keywords
Examines the general requirement for security technologies in order to provide a basis for trust in the e‐commerce environment. The discussion is supported by the findings from…
Abstract
Examines the general requirement for security technologies in order to provide a basis for trust in the e‐commerce environment. The discussion is supported by the findings from two surveys, conducted by the authors, among general Internet users (i.e. potential target consumers) and commercial businesses. These surveys considered both the attitudes to e‐commerce in general and opinions relating to the associated security requirements. Attempts were also made to assess the respondent’s knowledge of the existing security safeguards that may be applied. The survey results suggest that, while there is significant concern among Internet‐based consumers regarding the security of their purchasing activities, these are outweighed by the merits offered by the medium. The results also suggested a lack of awareness or understanding of the security technologies that are available and it is concluded that overcoming this problem would help to establish a wider foundation of trust in the new technology.
Details
Keywords
Adéle Da Veiga, Ruthea Vorster, Fudong Li, Nathan Clarke and Steven M. Furnell
The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish…
Abstract
Purpose
The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.
Design/methodology/approach
An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.
Findings
The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.
Research limitations/implications
As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.
Originality/value
Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.
Details
Keywords
Swapan Purkait, Sadhan Kumar De and Damodar Suar
The aim of this study is to report on the results of an empirical investigation of the various factors which have significant impacts on the Internet user’s ability to correctly…
Abstract
Purpose
The aim of this study is to report on the results of an empirical investigation of the various factors which have significant impacts on the Internet user’s ability to correctly identify a phishing website.
Design/methodology/approach
The research participants were Internet users who have had at least some experience of financial transactions over the Internet. This study conducted a quantitative research with the help of a structured survey questionnaire along with three experimental tasks. A total of 621 valid samples were collected and the multiple regression analysis technique was used to deduce the answers to the research question.
Findings
The results show that the model is useful and has explanatory power. And adjusted R2 computed as 0.927, means that 92.7 per cent of the variations in the Internet user’s ability to identify phishing website can be explained by the predictors selected for the model.
Research limitations/implications
Future research should account for the Internet user’s general security practices and behaviour, attitude towards online financial activity, risk-taking ability or risk behaviour and their potential effects on Internet users' ability to identify a phishing website.
Practical implications
The implications of this study provide the foundation for future research on the areas that intend to explain the Internet user’s necessity to take protection or avoid risky behaviour while performing financial transaction over the Internet.
Originality/value
This study provides the body of knowledge with an empirical analysis of impact of various factors on an Internet user’s ability to identify phishing websites. The results of this study can help practitioners create a more successful research model and help researchers better understand user behaviour on the Internet.
Details
Keywords
B.V. Ghita, S.M. Furnell, B.M. Lines and E.C. Ifeachor
This paper presents the findings of a pilot study to provide information about the characteristics of current networks and data transfers. The main aim of the study was to infer…
Abstract
This paper presents the findings of a pilot study to provide information about the characteristics of current networks and data transfers. The main aim of the study was to infer the properties of a large number of network paths. In addition, the study produced statistics relating to the average size of a typical Web page and both under the restriction of a single‐point connection. The study was performed in two steps: trace collection followed by TCP per‐flow analysis. The trace collection used the functionality of a random link generator, combined with an automatic HTTP retrieval tool. The TCP analysis was applied to the collected traces and it involved an offline TCP per‐flow method developed in previous research.
Details
Keywords
Mutlaq Jalimid Alotaibi, Steven Furnell and Nathan Clarke
It is widely acknowledged that non-compliance of employees with information security polices is one of the major challenges facing organisations. This paper aims to propose a…
Abstract
Purpose
It is widely acknowledged that non-compliance of employees with information security polices is one of the major challenges facing organisations. This paper aims to propose a model that is intended to provide a comprehensive framework for raising the level of compliance amongst end-users, with the aim of monitoring, measuring and responding to users’ behaviour with an information security policy.
Design/methodology/approach
The proposed model is based on two main concepts: a taxonomy of the response strategy to non-compliant behaviour and a compliance points system. The response taxonomy comprises two categories: awareness raising and enforcement of the security policy. The compliance points system is used to reward compliant behaviour and penalise non-compliant behaviour.
Findings
A prototype system has been developed to simulate the proposed model and work as a real system that responds to the behaviour of users (reflecting both violations and compliance behaviour). In addition, the model has been evaluated by interviewing experts from academic and industry. They considered the proposed model to offers a novel approach for managing end users’ behaviour with the information security policies.
Research limitations/implications
Psychological factors were out of the research scope at this stage. The proposed model may have some psychological impacts upon users; therefore, this issue needs to be considered by studying the potential impacts and the best solutions.
Originality/value
Users being compliant with the information security policies of their organisation is the key to strengthen information security. Therefore, when employees have a good level of compliance with security policies, this positively affects the overall security of an organisation.
Details
Keywords
Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and…
Abstract
Purpose
Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.
Design/methodology/approach
This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.
Findings
The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.
Originality/value
Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.
Details