Search results

1 – 10 of 481
Article
Publication date: 26 May 2023

Derrick Boakye, David Sarpong, Dirk Meissner and George Ofosu

Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary…

Abstract

Purpose

Cyber-attacks that generate technical disruptions in organisational operations and damage the reputation of organisations have become all too common in the contemporary organisation. This paper explores the reputation repair strategies undertaken by organisations in the event of becoming victims of cyber-attacks.

Design/methodology/approach

For developing the authors’ contribution in the context of the Internet service providers' industry, the authors draw on a qualitative case study of TalkTalk, a British telecommunications company providing business to business (B2B) and business to customer (B2C) Internet services, which was a victim of a “significant and sustained” cyber-attack in October 2015. Data for the enquiry is sourced from publicly available archival documents such as newspaper articles, press releases, podcasts and parliamentary hearings on the TalkTalk cyber-attack.

Findings

The findings suggest a dynamic interplay of technical and rhetorical responses in dealing with cyber-attacks. This plays out in the form of marshalling communication and mortification techniques, bolstering image and riding on leader reputation, which serially combine to strategically orchestrate reputational repair and stigma erasure in the event of a cyber-attack.

Originality/value

Analysing a prototypical case of an organisation in dire straits following a cyber-attack, the paper provides a systematic characterisation of the setting-in-motion of strategic responses to manage, revamp and ameliorate damaged reputation during cyber-attacks, which tend to negatively shape the evaluative perceptions of the organisation's salient audience.

Details

Information Technology & People, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 0959-3845

Keywords

Article
Publication date: 24 June 2022

Maitri Patel, Rajan Patel, Nimisha Patel, Parita Shah and Kamal Gulati

In the field of cryptography, authentication, secrecy and identification can be accomplished by use of secret keys for any computer-based system. The need to acquire certificates…

Abstract

Purpose

In the field of cryptography, authentication, secrecy and identification can be accomplished by use of secret keys for any computer-based system. The need to acquire certificates endorsed through CA to substantiate users for the barter of encoded communications is one of the most significant constraints for the extensive recognition of PKC, as the technique takes too much time and susceptible to error. PKC’s certificate and key management operating costs are reduced with IBC. IBE is a crucial primeval in IBC. The thought behind presenting the IBE scheme was to diminish the complexity of certificate and key management, but it also gives rise to key escrow and key revocation problem, which provides access to unauthorised users for the encrypted information.

Design/methodology/approach

This paper aims to compare the result of IIBES with the existing system and to provide security analysis for the same and the proposed system can be used for the security in federated learning.

Findings

Furthermore, it can be implemented using other encryption/decryption algorithms like elliptic curve cryptography (ECC) to compare the execution efficiency. The proposed system can be used for the security in federated learning.

Originality/value

As a result, a novel enhanced IBE scheme: IIBES is suggested and implemented in JAVA programming language using RSA algorithm, which eradicates the key escrow problem through eliminating the need for a KGC and key revocation problem by sing sub-KGC (SKGC) and a shared secret with nonce. IIBES also provides authentication through IBS as well as it can be used for securing the data in federated learning.

Details

International Journal of Pervasive Computing and Communications, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1742-7371

Keywords

Article
Publication date: 12 March 2024

Utkarsh Shrivastava, Bernard Han, Ying Zhou and Muhammad Razi

Sharing patient health information (PHI) among hospitals has been much slower than the adoption of health record systems. This paper aims to investigate if privacy regulation (PR…

Abstract

Purpose

Sharing patient health information (PHI) among hospitals has been much slower than the adoption of health record systems. This paper aims to investigate if privacy regulation (PR) or security measures (SMs) influence hospitals’ use of health information exchange (HIE) to share PHI with other providers (e.g. physicians, labs, hospitals). The study specifically focuses on how multiple PRs can impede and a strong national security infrastructure (NSI) can support HIE.

Design/methodology/approach

The study uses secondary data from a multi-national and multi-hospital survey administered by the European Union. The multi-level structure of the cross-sectional panel data is used to test the influence of both hospital-level (e.g. PR) and national-level variables (e.g. NSI) on HIE. A total of nine types of HIE, three types of PRs, nine SMs and other relevant control variables are considered. This study uses a two-level random intercept generalized linear model to test the hypothesis proposed in the study.

Findings

The study finds that national-level PRs (NLPR) have the strongest positive influence on HIE in comparison to regional (RLPR) and hospital-level (HLPR) PRs. Moreover, the study finds evidence that the presence of RLPR and HLPR, on average, decreases the positive impact of NLPR by 264%. The SMs also have a significant and positive impact on HIE. Adoption of an additional SM can increase the odds of engaging in a certain type of HIE between 21% and 61%. On the other hand, a strong NSI can also amplify the positive impact of SM on certain types of HIE.

Originality/value

This study extends prior research on the role of PRs in enabling HIE by considering the complexities brought up by adopting multiple PRs. NLPRs have the strongest impact on HIE in comparison to RLPRs or HLPRs. Moreover, public infrastructure initiatives such as those related to secure communications can also complement SMs adopted by the providers by encouraging HIE.

Details

Digital Policy, Regulation and Governance, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2398-5038

Keywords

Article
Publication date: 1 August 2023

Frank Ato Ghansah and Weisheng Lu

Despite the growing attention on the relevance of improved building management systems with cognition in recent years in the architecture, engineering, construction and operation…

Abstract

Purpose

Despite the growing attention on the relevance of improved building management systems with cognition in recent years in the architecture, engineering, construction and operation (AECO) community, no review has been conducted to understand the human-environment interaction features of cyber-physical systems (CPS) and digital twins (DTs) in developing the concept of a cognitive building (CB). Thus, this paper aims to review existing studies on CPS and DTs for CB to propose a comprehensive system architecture that considers human-environment interactions.

Design/methodology/approach

Scientometric analysis and content analysis were adopted for this study.

Findings

The scientometric analysis of 1,042 journal papers showed the major themes of CPS/DTs for CB, and these can be categorized into three key technologies to realize CB in the AECO community: CPS, DTs and cognitive computing (CC). Content analysis of 44 relevant publications in the built environment assisted in understanding and evidently confirming the claim of this study on the integration of CPS and DTs for CB in construction by also involving the CC. It is found and confirmed that CB can be realized with CPS and DTs along with the CC. A CB system architecture (CBSA) is proposed from the three key technologies considering the human-environment interactions in the loop. The study discovered the potential applications of the CBSA across the building lifecycle phases, including the design, construction and operations and maintenance, with the potential promise of endowing resilience, intelligence, greater efficiency and self-adaptiveness. Based on the findings of the review, four research directions are proposed: human-environment interactions, CB for sustainable building performance, CB concept for modular buildings and moving beyond CB.

Originality/value

This study stands out for comprehensively surveying the intellectual core and the landscape of the general body of knowledge on CPS/DTs for CB in the built environment. It makes a distinctive contribution to knowledge as it does not only propose CBSA by integrating CPS and DTs along with CC but also suggests some potential practical applications. These may require expert judgments and real case examples to enhance reproducibility and validation.

Details

Construction Innovation , vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1471-4175

Keywords

Open Access
Article
Publication date: 2 January 2024

Eylem Thron, Shamal Faily, Huseyin Dogan and Martin Freer

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at…

Abstract

Purpose

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Design/methodology/approach

Overall, 26 interviews were conducted with 21 participants from industry and academia.

Findings

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

Originality/value

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

Details

Information & Computer Security, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 4 March 2024

Betul Gokkaya, Erisa Karafili, Leonardo Aniello and Basel Halak

The purpose of this study is to increase awareness of current supply chain (SC) security-related issues by providing an extensive analysis of existing SC security solutions and…

Abstract

Purpose

The purpose of this study is to increase awareness of current supply chain (SC) security-related issues by providing an extensive analysis of existing SC security solutions and their limitations. The security of SCs has received increasing attention from researchers, due to the emerging risks associated with their distributed nature. The increase in risk in SCs comes from threats that are inherently similar regardless of the type of SC, thus, requiring similar defence mechanisms. Being able to identify the types of threats will help developers to build effective defences.

Design/methodology/approach

In this work, we provide an analysis of the threats, possible attacks and traceability solutions for SCs, and highlight outstanding problems. Through a comprehensive literature review (2015–2021), we analysed various SC security solutions, focussing on tracking solutions. In particular, we focus on three types of SCs: digital, food and pharmaceutical that are considered prime targets for cyberattacks. We introduce a systematic categorization of threats and discuss emerging solutions for prevention and mitigation.

Findings

Our study shows that the current traceability solutions for SC systems do not offer a broadened security analysis and fail to provide extensive protection against cyberattacks. Furthermore, global SCs face common challenges, as there are still unresolved issues, especially those related to the increasing SC complexity and interconnectivity, where cyberattacks are spread across suppliers.

Originality/value

This is the first time that a systematic categorization of general threats for SC is made based on an existing threat model for hardware SC.

Details

Benchmarking: An International Journal, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1463-5771

Keywords

Article
Publication date: 14 January 2022

Sandeep Kumar Reddy Thota, C. Mala and Geetha Krishnan

A wireless body area network (WBAN) is a collection of sensing devices attached to a person’s body that is typically used during health care to track their physical state. This…

Abstract

Purpose

A wireless body area network (WBAN) is a collection of sensing devices attached to a person’s body that is typically used during health care to track their physical state. This paper aims to study the security challenges and various attacks that occurred while transferring a person’s sensitive medical diagnosis information in WBAN.

Design/methodology/approach

This technology has significantly gained prominence in the medical field. These wearable sensors are transferring information to doctors, and there are numerous possibilities for an intruder to pose as a doctor and obtain information about the patient’s vital information. As a result, mutual authentication and session key negotiations are critical security challenges for wearable sensing devices in WBAN. This work proposes an improved mutual authentication and key agreement protocol for wearable sensing devices in WBAN. The existing related schemes require more computational and storage requirements, but the proposed method provides a flexible solution with less complexity.

Findings

As sensor devices are resource-constrained, proposed approach only makes use of cryptographic hash-functions and bit-wise XOR operations, hence it is lightweight and flexible. The protocol’s security is validated using the AVISPA tool, and it will withstand various security attacks. The proposed protocol’s simulation and performance analysis are compared to current relevant schemes and show that it produces efficient outcomes.

Originality/value

This technology has significantly gained prominence in the medical sector. These sensing devises transmit information to doctors, and there are possibilities for an intruder to pose as a doctor and obtain information about the patient’s vital information. Hence, this paper proposes a lightweight and flexible protocol for mutual authentication and key agreement for wearable sensing devices in WBAN only makes use of cryptographic hash-functions and bit-wise XOR operations. The proposed protocol is simulated using AVISPA tool and its performance is better compared to the existing methods. This paper proposes a novel improved mutual authentication and key-agreement protocol for wearable sensing devices in WBAN.

Details

International Journal of Pervasive Computing and Communications, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1742-7371

Keywords

Article
Publication date: 3 March 2023

Shing Cheong Hui, Ming Yung Kwok, Elaine W.S. Kong and Dickson K.W. Chiu

Although cloud storage services can bring users valuable convenience, they can be technically complex and intrinsically insecure. Therefore, this research explores the concerns of…

Abstract

Purpose

Although cloud storage services can bring users valuable convenience, they can be technically complex and intrinsically insecure. Therefore, this research explores the concerns of academic users regarding cloud security and technical issues and how such problems may influence their continuous use in daily life.

Design/methodology/approach

This qualitative study used a semi-structured interview approach comprising six main open-ended questions to explore the information security and technical issues for the continuous use of cloud storage services by 20 undergraduate students in Hong Kong.

Findings

The analysis revealed cloud storage service users' major security and technical concerns, particularly synchronization and backup issues, were the most significant technical barrier to the continuing personal use of cloud storage services.

Originality/value

Existing literature has focused on how cloud computing services could bring benefits and security and privacy-related risks to organizations rather than security and technical issues of personal use, especially in the Asian academic context.

Details

Library Hi Tech, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 0737-8831

Keywords

Article
Publication date: 23 November 2023

Konstantinos Kalodanis, Panagiotis Rizomiliotis and Dimosthenis Anagnostopoulos

The purpose of this paper is to highlight the key technical challenges that derive from the recently proposed European Artificial Intelligence Act and specifically, to investigate…

Abstract

Purpose

The purpose of this paper is to highlight the key technical challenges that derive from the recently proposed European Artificial Intelligence Act and specifically, to investigate the applicability of the requirements that the AI Act mandates to high-risk AI systems from the perspective of AI security.

Design/methodology/approach

This paper presents the main points of the proposed AI Act, with emphasis on the compliance requirements of high-risk systems. It matches known AI security threats with the relevant technical requirements, it demonstrates the impact that these security threats can have to the AI Act technical requirements and evaluates the applicability of these requirements based on the effectiveness of the existing security protection measures. Finally, the paper highlights the necessity for an integrated framework for AI system evaluation.

Findings

The findings of the EU AI Act technical assessment highlight the gap between the proposed requirements and the available AI security countermeasures as well as the necessity for an AI security evaluation framework.

Originality/value

AI Act, high-risk AI systems, security threats, security countermeasures.

Details

Information & Computer Security, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 20 April 2023

Vamsi Desam and Pradeep Reddy CH

Several chaotic system-based encryption techniques have been presented in recent years to protect digital images using cryptography. The challenges of key distribution and…

Abstract

Purpose

Several chaotic system-based encryption techniques have been presented in recent years to protect digital images using cryptography. The challenges of key distribution and administration make symmetric encryption difficult. The purpose of this paper is to address these concerns, the novel hybrid partial differential elliptical Rubik’s cube algorithm is developed in this study as an asymmetric image encryption approach. This novel algorithm generates a random weighted matrix, and uses the masking method on image pixels with Rubik’s cube principle. Security analysis has been conducted, it enhances and increases the reliability of the proposed algorithm against a variety of attacks including statistical and differential attacks.

Design/methodology/approach

In this light, a differential elliptical model is designed with two phases for image encryption and decryption. A modified image is achieved by rotating and mixing intensities of rows and columns with a masking matrix derived from the key generation technique using a unique approach based on the elliptic curve and Rubik’s cube principle.

Findings

To evaluate the security level, the proposed algorithm is tested with statistical and differential attacks on a different set of test images with peak signal-to-noise ratio, unified average changed intensity and number of pixel change rate performance metrics. These results proved that the proposed image encryption method is completely reliable and enhances image security during transmission.

Originality/value

The elliptic curve–based encryption is hard to break by hackers and adding a Rubik’s cube principle makes it even more complex and nearly impossible to decode. The proposed method provides reduced key size.

Details

Journal of Engineering, Design and Technology , vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1726-0531

Keywords

1 – 10 of 481