Search results
1 – 10 of over 89000This article surveys why libraries are vulnerable to social engineering attacks and how to manage risks of human-caused cyber threats on organizational level; investigates…
Abstract
Purpose
This article surveys why libraries are vulnerable to social engineering attacks and how to manage risks of human-caused cyber threats on organizational level; investigates Estonian library staff awareness of information security and shares recommendations concerning focus areas that should be given more attention in the future.
Design/methodology/approach
The data used in this paper is based on an overview of relevant literature highlighting the theoretical points and giving the reasons why human factor is considered the weakest link in information security and cyber security and studying how to mitigate the related risks in the organisation. To perform the survey, a web questionnaire was designed which included 63 sentences and was developed based on the knowledge-attitude-behaviour (KAB) model supported by Kruger and Kearney and Human Aspects of Information Security Questionnaire (HAIS-Q) designed by Parsons et al.
Findings
The research results show that the information security awareness of library employees is at a good level; however, awareness in two focus areas needs special attention and should be improved. The output of this study is the mapping of seven focus areas of information security policy in libraries based on the HAIS-Q framework and the KAB model.
Originality/value
The cyber awareness of library employees has not been studied in the world using HAIS-Q and KAB model, and to the best of the authors’ knowledge, no research has been previously carried out in the Estonian library context into cyber security awareness.
Details
Keywords
Seyed Hadi Arabi, Mohammad Hasan Maleki and Hamed Ansari
The purpose of this study is to identify the drivers and future scenarios of Iran’s Social Security Organization.
Abstract
Purpose
The purpose of this study is to identify the drivers and future scenarios of Iran’s Social Security Organization.
Design/methodology/approach
The research is applied in terms of orientation and mixed in terms of methodology. In this research, the methods of theme analysis, root definitions, fuzzy Delphi and Cocoso were used. The theoretical population is the managers and senior experts of the social security organization, and the sampling method was done in a judgmental way. The tools of data collection were interviews and questionnaires. The interview tool was used to extract the main and subdrivers of the research and develop the scenarios.
Findings
Through theme analysis, 35 subdrivers were extracted in the form of economic, sociocultural, financial and investment, policy, marketing, environmental and legal themes. Due to the large number of subdrivers, these factors were screened with fuzzy Delphi. Eleven drivers had defuzzied coefficient higher than 0.7 and were selected for final prioritization. The final drivers were prioritized with the CoCoSo technique, and the two drivers of social security holdings governance and state of government revenues had the highest priority. Based on these two drivers, four scenarios of prosperity, resilient social security, unstable development and collapse have been developed.
Originality/value
Some of the suggestions of the research are: using the capacity of FinTechs and financial startups to invest the government revenues of the organization, using digital technologies such as business intelligence for more efficient decisions and developing corporate governance in the organization.
Details
Keywords
Alicia Aldridge, Michele White and Karen Forcht
Looks at the growth and potential of the Internet in relation to security issues. Presently, lack of security is perceived as a major roadblock to doing business on‐line. Risks of…
Abstract
Looks at the growth and potential of the Internet in relation to security issues. Presently, lack of security is perceived as a major roadblock to doing business on‐line. Risks of system corruption, fraud, theft and viruses point companies to the need for enhanced security. Investigates the importance of securing a company’s systems, its individual users, and its commercial transactions, and provides a checklist along with a brief discussion of available protection measures for these three primary security concerns.
Details
Keywords
Hennie Kruger, Lynette Drevin and Tjaart Steyn
The dependence on human involvement and human behavior to protect information assets necessitates an information security awareness program to make people aware of their roles and…
Abstract
Purpose
The dependence on human involvement and human behavior to protect information assets necessitates an information security awareness program to make people aware of their roles and responsibilities towards information security. The purpose of this paper is to examine the feasibility of an information security vocabulary test as an aid to assess awareness levels and to assist with the identification of suitable areas or topics to be included in an information security awareness program.
Design/methodology/approach
A questionnaire has been designed to test and illustrate the feasibility of a vocabulary test. The questionnaire consists of two sections – a first section to perform a vocabulary test and a second one to evaluate respondents' behavior. Two different class groups of students at a university were used as a sample.
Findings
The research findings confirmed that the use of a vocabulary test to assess security awareness levels will be beneficial. A significant relationship between knowledge of concepts (vocabulary) and behavior was observed.
Originality/value
The paper introduces a new approach to evaluate people's information security awareness levels by employing an information security vocabulary test. This new approach can assist management to plan and evaluate interventions and to facilitate best practice in information security. Aspects of cognitive psychology and language were taken into account in this research project, indicating the interaction and influence between apparently different disciplines.
Details
Keywords
The aim of this paper is to explain the details of a trial program in China to introduce margin trading and securities lending.
Abstract
Purpose
The aim of this paper is to explain the details of a trial program in China to introduce margin trading and securities lending.
Design/methodology/approach
The paper describes eligibility requirements for securities companies and their clients; accounts for margin trading and securities lending to be opened by the securities company; contracts between a securities company and its client that must be entered into; collateral a client is required to provide to the securities company; a client's rights and entitlement with respect to collateral; internal rules and precautions required of the securities company; the securities company's risk control requirements; and the possible impact of the new program on foreign investors.
Findings
The paper finds that the conduct of margin trading and securities lending in China is highly regulated. There are significant requirements with respect to separate accounts, collateral, contracts, and controls. Before providing margin trading or securities lending to clients, securities companies are required to carefully assess and determine the identity, creditworthiness, assets, income, securities investment experience, investment preferences, and risk appetite of their clients. The securities company must explain how the margin trading and securities lending will be conducted and the content of the contracts to the client, and require the client to sign a transaction risk disclosure letter that specifies certain risks involved in such business. A client may only maintain margin trading facilities and securities lending business with one securities company in China.
Originality/value
The paper provides a practical guide to a new program by lawyers who are experts in Chinese securities regulations.
Details
Keywords
Introduces a series of contributions on computer security. Beginsby pointing out that information is an organizational asset which needsto be protected. Policies are the primary…
Abstract
Introduces a series of contributions on computer security. Begins by pointing out that information is an organizational asset which needs to be protected. Policies are the primary building blocks for every information security effort. In order to be successful with information security, every organization must have a set of policies which establishes both direction and management support. Discusses the role and function of the information security management specialist within the organization. Finally outlines possible exceptions to information security policies.
Details
Keywords
Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang
With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of…
Abstract
With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.
Details
Keywords
CHIP VONEIFF and TONY EVANGELISTA
The daily valuation of portfolio securities can be one of the most onerous aspects of managing a registered investment company or mutual fund. The developing complexity of…
Abstract
The daily valuation of portfolio securities can be one of the most onerous aspects of managing a registered investment company or mutual fund. The developing complexity of securities combined with the increasing influence of foreign markets and nonexchange‐traded holdings have made the accurate pricing of securities difficult at best. Mutual funds typically rely on a myriad of sources to price their portfolio holdings, including domestic pricing services, broker‐dealers, foreign custodians or pricing agents, matrix pricing, fair value committees, or any combination thereof (see Exhibit). While the pricing function is typically delegated, fund management and the board of directors or trustees have the ultimate responsibility to ensure that appropriate pricing procedures and supervisory activities are in place.
In today's digital economy, information secrecy is one of the essential apprehensions for businesses. Because of the uncertainty and multiple interpretations, most of the reviewed…
Abstract
Purpose
In today's digital economy, information secrecy is one of the essential apprehensions for businesses. Because of the uncertainty and multiple interpretations, most of the reviewed literature regarding business decision‐making revealed that decisions tend to be more fluid, inaccurate, and informal. Recently, the number of organizations that have disclosed their information has been raised. The aim of this research is to theorize and empirically measure the effects of information disclosure on the accuracy of business decision‐making.
Design/methodology/approach
This study presents a proposed conceptual framework, which assists businesses in evaluating the extent to which information secrecy has a substantial effect on decision‐making accuracy. The primary research purpose is explanatory and the conceptual framework was empirically tested to measure the effects of the proposed five independent variables: information security rules and regulations, secured internal and external business communication, security consciousness management support, business security culture, and superior deterrent efforts on efficient information security, the consequences of which on accurate decision‐making processes are considered a dependent variable.
Findings
The results of this study, which are based on the use of the proposed conceptual framework, indicate that information security has a substantial effect on generating accurate, effective and efficient business decisions. Information security could undermine decision accuracy when information collected has little effect on the purpose and time of decisions.
Originality/value
The findings of this study present some insights into the strategic choices of any organizations and, to improve the efficiency of the decisions taken, they must improve the level and efficiency of information secrecy.
Details
Keywords
Lazaros Gymnopoulos, Vassilios Tsoumas, Ioannis Soupionis and Stefanos Gritzalis
The purpose of this paper is to provide a framework for enhancing security policy management in the Grid.
Abstract
Purpose
The purpose of this paper is to provide a framework for enhancing security policy management in the Grid.
Design/methodology/approach
The Grid security policy reconciliation problem is presented. A generic view on the security policy notion is adopted and the security policy ontology notion is introduced and used.
Findings
In the course of this work it was found that, in order to enhance security policy management in the Grid, Grid entities should have the ability to negotiate their security policies. It was also found that, in order to achieve security policy negotiation, effective security policy semantics manipulation towards security policy reconciliation is needed. Finally, it was established, through the use of an example, that if appropriate means are used for security policy reconciliation then incompatible security policy representations can be transformed into compatible ones.
Research limitations/implications
Research limitations stem from the adoption of a generic view on the security policy notion and the selection of identification and authentication security policies as the focal point of the proposed framework. Research implications include the possibility of examining how existing security policy reconciliation models can be incorporated in this generic framework. The possibility of investigating how such a framework can lead to a security policy knowledge management tool for Grid administrators is also demonstrated.
Practical implications
Practical implications of this work include the establishment of a common framework for security information exchange between Grid entities.
Originality/value
This paper proposes a framework for enhancing security policy management in the Grid. The proposed framework can be used by researchers as a reference and by security experts in order to reduce ambiguity concerning the interpretation of security policies expressed in different forms, by negotiating Grid entities.
Details