Search results

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.

The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.

The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.

Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.

The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.

Upon graduating from university, many engineers will work in new product development and/or technology adoption for continuous improvement and production optimization. These jobs require employees to be cognizant of ethical practices and implications for design. However, little engineering coursework, outside the traditional ABET (Accreditation Board for Engineering and Technology) required Engineering Ethics course, accounts for the role of ethics within this process. Because of this, engineering students have few learning opportunities to practice and reflect on ethical decision-making.

This paper highlights one approach to integrating ethics into an engineering course (outside of engineering ethics). Specifically, the study is implemented within a five-week module with a focus on big data ethics, as part of a Supply Chain Management Technology course (required for Industrial Engineering Technology majors), using metacognition as the core assessment.

Four main themes were identified through the qualitative data analysis of the metacognitive reflections: (1) overreliance on content knowledge, (2) time management skills, (3) career connections and (4) knowledge extensions.

Three notable points emerged which contribute to the literature. First, this study showcased one example of how an ethics module can be integrated into an engineering course (other than Engineering Ethics). Second, this study demonstrated how metacognitive reflections can be used to reinforce student self-awareness of the learning process and connections to big data ethics in the workplace. Finally, this study exhibited how metacognitive reflection assignments can be deployed as a teaching and learning assessment tool, providing an opportunity for the instructor to make immediate changes as needed.

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.

This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.

Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.

Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.

This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.

This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.

The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.

The promotion of autonomous vehicles introduces privacy and security risks, underscoring the pressing need for responsible innovation implementation. To more effectively address the societal risks posed by autonomous vehicles, considering collaborative engagement of key stakeholders is essential. This study aims to provide insights into the governance of potential privacy and security issues in the innovation of autonomous driving technology by analyzing the micro-level decision-making processes of various stakeholders.

For this study, the authors use a nuanced approach, integrating key stakeholder theory, perceived value theory and prospect theory. The study constructs a model based on evolutionary game for the privacy and security governance mechanism of autonomous vehicles, involving enterprises, governments and consumers.

The governance of privacy and security in autonomous driving technology is influenced by key stakeholders’ decision-making behaviors and pivotal factors such as perceived value factors. The study finds that the governmental is influenced to a lesser extent by the decisions of other stakeholders, and factors such as risk preference coefficient, which contribute to perceived value, have a more significant influence than appearance factors like participation costs.

This study lacks an investigation into the risk sensitivity of various stakeholders in different scenarios.

The study delineates the roles and behaviors of key stakeholders and contributes valuable insights toward addressing pertinent risk concerns within the governance of autonomous vehicles. Through the study, the practical application of Responsible Innovation theory has been enriched, addressing the shortcomings in the analysis of micro-level processes within the framework of evolutionary game.

The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.

Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.

Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.

This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.

Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art.

This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements.

As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.

This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

This study aims to deepen the understanding of the challenges and implications entailed by deploying mobile clinics in conflict zones to reach populations affected by violence and cut off from health-care services.

This research combines an integrated literature review and an instrumental case study. The literature review comprises two targeted reviews to provide insights: one on conflict zones and one on mobile clinics. The case study describes the process and challenges faced throughout a mobile clinic deployment during and after the Iraq War. The data was gathered using mixed methods over a two-year period (2017–2018).

Armed conflicts directly impact the populations’ health and access to health care. Mobile clinic deployments are often used and recommended to provide health-care access to vulnerable populations cut off from health-care services. However, there is a dearth of peer-reviewed literature documenting decision support tools for mobile clinic deployments.

This study highlights the gaps in the literature and provides direction for future research to support the development of valuable insights and decision support tools for practitioners.

The total defence (TD) concept constitutes a joint endeavour between the military forces and civil defence structures within a TD state. Logistics is essential for such joint collaboration to work; however, the mismatch between military and civil defence logistics structures poses challenges for such joint collaboration. The purpose of this paper is to identify logistics concept areas within the TD framework that allow for military and civil defence collaborations from a logistics operations perspective.

Pattern-matching analysis is used to compare patterns found in the investigated case with those prescribed from the literature and predicted to occur. The study seeks to identify logistics concepts within TD from the literature and from the events describing the Swedish response to the Covid-19 pandemic. Pattern matching thus allows for the reconciliation of logistics concepts from the literature to descriptions of how the response was handled, albeit under a TD framework.

Findings show quite distinct foci between the theoretical and observational realms in terms of logistics applications. While the theoretical realm identifies four main logistics concepts, the observational realm identifies five logistics conceptual themes. This goes on to show an incongruence between the military and civil parts of the TD.

This study provides basis for further research into the applications and management of logistics activity within TD and emergency response.

Logistics applications within TD have not, until now, received much attention in the literature. Given this knowledge gap, this study is of original value.