Search results

The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors.

The data set consisted of 36 semi‐structured interviews with IT security practitioners from 17 organizations (academic, government, and private). The interviews were analyzed using qualitative description with constant comparison and inductive analysis of the data to identify the challenges that security practitioners face.

A total of 18 challenges that can affect IT security management within organizations are indentified and described. This analysis is grounded in related work to build an integrated framework of security challenges. The framework illustrates the interplay among human, organizational, and technological factors.

The framework can help organizations identify potential challenges when implementing security standards, and determine if they are using their security resources effectively to address the challenges. It also provides a way to understand the interplay of the different factors, for example, how the culture of the organization and decentralization of IT security trigger security issues that make security management more difficult. Several opportunities for researchers and developers to improve the technology and processes used to support adoption of security policies and standards within organizations are provided.

A comprehensive list of human, organizational, and technological challenges that security experts have to face within their organizations is presented. In addition, these challenges within a framework that illustrates the interplay between factors and the consequences of this interplay for organizations are integrated.

Security questions are one of the techniques used to recover forgotten passwords. However, security questions have both security and memorability limitations. To limit their security vulnerabilities, stronger answers need to be used. As serious games can motivate users to change their security behaviour, the purpose of this paper is to explore the features and functionalities that users would require in a serious game that educates them to provide stronger answers to security questions.

A lab study was conducted to collect users’ feedback on the desired game features and functionalities. In Stage 1, participants selected security questions/answers. In Stage 2, participants played a game and evaluated the usability and the provided features.

The main findings reveal that most participants found the current features and functionalities to be desirable; socially oriented functionalities (e.g. getting help from other players) did not seem desirable because users feared that their acquaintances could gain access to their security questions.

This research recommends that designers of serious games for security education should: use intrinsic rewards to motivate users to have a better learning experience; provide easier challenges during the training period and provide harder challenges only when the game determines that the users learned to play the game; and design their games for mobile devices because even users who usually do not play games would play a security education game on a mobile device.

Security is the most important issue in Internet of Things (IoT)-based smart cities and blockchain (BC). So, the present paper aims to detect and organize the literature regarding security in the IoT-based smart cities and BC context. It also proposes an agenda for future research. Therefore, the authors did a statistical review of security in IoT and BC in smart cities. The present investigation aims to determine the principal challenges and disturbances in IoT because of the BC adoption, the central BC applications in IoT-based smart cities and the BC future in IoT-based smart cities.

IoT) has a notable influence on modernizing and transforming the society and industry for knowledge digitizing. Therefore, it may be perceived and operated in real time. The IoT is undergoing exponential development in industry and investigation. Still, it contains some security and privacy susceptibilities. Naturally, the research community pays attention to the security and privacy of the IoT. Also, the academic community has put a significant focus on BC as a new security project. In the present paper, the significant mechanisms and investigations in BC ground have been checked out systematically because of the significance of security in the IoT and BC in smart cities. Electronic databases were used to search for keywords. Totally, based on different filters, 131 papers have been gained, and 17 related articles have been obtained and analyzed. The security mechanisms of BC in IoT-based smart cities have been ranked into three main categories as follows, smart health care, smart home and smart agriculture.

The findings showed that BC’s distinctive technical aspects might impressively find a solution for privacy and security problems encountering the IoT-based smart cities development. They also supply distributed storage, transparency, trust and other IoT support to form a valid, impressive and secure distributed IoT network and provide a beneficial guarantee for IoT-based smart city users’ security and privacy.

The present investigation aims to be comprehensive, but some restrictions were also observed. Owing to the use of some filters for selecting the original papers, some complete works may be excluded. Besides, inspecting the total investigations on the security topic in BC and the IoT-based smart cities is infeasible. Albeit, the authors attempt to introduce a complete inspection of the security challenges in BC and the IoT-based smart cities. BC includes significant progress and innovation in the IoT-based smart cities’ security domain as new technology. Still, it contains some deficiencies as well. Investigators actively encounter the challenges and bring up persistent innovation and inspection of related technologies in the vision of the issues available in diverse application scenarios.

The use of BC technology in finding a solution for the security issues of the IoT-based smart cities is a research hotspot. There is numerable literature with data and theoretical support despite the suggestion of numerous relevant opinions. Therefore, this paper offers insights into how findings may guide practitioners and researchers in developing appropriate security systems dependent upon the features of IoT-based smart city systems and BC. This paper may also stimulate further investigation on the challenge of security in BC and IoT-based smart cities. The outcomes will be of great value for scholars and may supply sights into future investigation grounds in the present field.

As the authors state according to their knowledge, it is the first work using security challenges on BC and IoT-based smart cities. The literature review shows that few papers discuss how solving security issues in the IoT-based smart cities can benefit from the BC. The investigation suggests a literature review on the topic, recommending some thoughts on using security tools in the IoT-based smart cities. The present investigation helps organizations plan to integrate IoT and BC to detect the areas to focus. It also assists in better resource planning for the successful execution of smart technologies in their supply chains.

Internet has changed radically in the way people interact in the virtual world, in their careers or social relationships. IoT technology has added a new vision to this process by enabling connections between smart objects and humans, and also between smart objects themselves, which leads to anything, anytime, anywhere, and any media communications. IoT allows objects to physically see, hear, think, and perform tasks by making them talk to each other, share information and coordinate decisions. To enable the vision of IoT, it utilizes technologies such as ubiquitous computing, context awareness, RFID, WSN, embedded devices, CPS, communication technologies, and internet protocols. IoT is considered to be the future internet, which is significantly different from the Internet we use today. The purpose of this paper is to provide up-to-date literature on trends of IoT research which is driven by the need for convergence of several interdisciplinary technologies and new applications.

A comprehensive IoT literature review has been performed in this paper as a survey. The survey starts by providing an overview of IoT concepts, visions and evolutions. IoT architectures are also explored. Then, the most important components of IoT are discussed including a thorough discussion of IoT operating systems such as Tiny OS, Contiki OS, FreeRTOS, and RIOT. A review of IoT applications is also presented in this paper and finally, IoT challenges that can be recently encountered by researchers are introduced.

Studies of IoT literature and projects show the disproportionate importance of technology in IoT projects, which are often driven by technological interventions rather than innovation in the business model. There are a number of serious concerns about the dangers of IoT growth, particularly in the areas of privacy and security; hence, industry and government began addressing these concerns. At the end, what makes IoT exciting is that we do not yet know the exact use cases which would have the ability to significantly influence our lives.

This survey provides a comprehensive literature review on IoT techniques, operating systems and trends.

Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security risk-estimation technique that is particularly suited for agile teams. Motivated by a desire to understand why security risk assessments have not yet gained widespread adoption in agile development, this study aims to assess to what extent the Protection Poker game would be accepted by agile teams and how it can be successfully integrated into the agile practices.

Protection Poker was studied in capstone projects, in teams doing a graduate software security course and in sessions with industry representatives. Data were collected via questionnaires, observations and group interviews.

Results show that Protection Poker has the potential to be adopted by agile teams. Key benefits include good discussions on security and the development project, along with increased knowledge and awareness. Challenges include ensuring efficient use of time and gaining impact on the end product.

Using students allowed easy access to subjects and an ability to collect rich data over time, but at the cost of generalizability to professional settings. Results from interactions with professionals supplement the data from students, showing similarities and differences in their opinions on Protection Poker.

The paper proposes ways to tackle the main obstacles to the adoption of the Protection Poker technique, as identified in this study.

This paper is to investigate how employees respond to information security policies (ISPs) when they view the policies as a challenge rather than a hindrance to work. Specifically, the authors examine the roles of challenge security demands (i.e. continuity and mandatory) and psychological resources (i.e. personal and job resources) in influencing employees’ ISP non-compliance.

Applying a hypothetical scenario-based survey method, the authors tested our proposed model in six typical ISPs violation scenarios. In sum, 347 responses were collected from a global company. The data were analyzed using partial least square-based structural equation model.

Findings indicated that continuity and mandatory demands increased employees’ level of perseverance of effort, which, in turn, decreased their ISPs non-compliance intention. In addition, job resources, such as the trust enhancement gained from co-workers and the opportunities for professional development, enhanced the perseverance of effort.

The findings offer implications to practice by suggesting that organizations should design training programs to persuade employees to understand the ISPs in a positive way. Meanwhile, organizations should encourage employees to invest more personal resources by creating a trusting atmosphere and providing them opportunities to learn security knowledge and skills.

This study is among the few to empirically explore how employees respond and behave when they view the security policies as challenge stressors. The paper also provides a novel understanding of how psychological resources contribute to buffering ISP non-compliance.

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.

Internet of Things (IoT) is a challenging and promising system concept and requires new types of architectures and protocols compared to traditional networks. Security is an extremely critical issue for IoT that needs to be addressed efficiently. Heterogeneity being an inherent characteristic of IoT gives rise to many security issues that need to be addressed from the perspective of new architectures such as software defined networking, cryptographic algorithms, federated cloud and edge computing.

The paper analyzes the IoT security from three perspectives: three-layer security architecture, security issues at each layer and security countermeasures. The paper reviews the current state of the art, protocols and technologies used at each layer of security architecture. The paper focuses on various types of attacks that occur at each layer and provides the various approaches used to countermeasure such type of attacks.

The data exchanged between the different devices or applications in the IoT environment are quite sensitive; thus, the security aspect plays a key role and needs to be addressed efficiently. This indicates the urgent needs of developing general security policy and standards for IoT products. The efficient security architecture needs to be imposed but not at the cost of efficiency and scalability. The paper provides empirical insights about how the different security threats at each layer can be mitigated.

The paper fulfills the need of having an extensive and elaborated survey in the field of IoT security, along with suggesting the countermeasures to mitigate the threats occurring at each level of IoT protocol stack.

Alongside the remarkable evolution of cellular communication to 5G networks, significant security and privacy challenges have risen which can affect the widespread adoption of advanced communication technologies. In this context, the purpose of this paper is to examine research within security and privacy for 5G-based systems highlighting contributions made by the research community and identify research trends within different subdomains of 5G security where open issues still exist.

This paper uses a bibliographic approach to review the state-of-the-art in the field of 5G security and is the pioneering effort to investigate 5G security research using this methodology. Specifically, the paper presents a quantitative description of the existing contributions in terms of authors, organizations, and countries. It then presents detailed keyword and co-citation analysis that shows the quantity and pattern of research work in different subfields. Finally, 5G security areas are identified having open challenges for future research work.

The study shows that China leads the world in terms of published research in the field of 5G security with USA and India ranked second and third respectively. Xidian University, China is ranked highest for number of publications and h-index followed by University Oulu and AALTO University Finland. IEEE Access, Sensors and IEEE Internet of Things Journal are the top publication venues in the field of 5G security. Using VOSViewer aided analysis with respect to productivity, research areas and keywords, the authors have identified research trends in 5G security among scientific community whilst highlighting specific challenges which require further efforts.

Existing studies have focused on surveys covering state-of-the art research in secure 5G network (Zhang et al. 2019), physical layer security (Wu et al., 2018), security and privacy of 5G technologies (Khan et al., 2020) and security and privacy challenges when 5G is used in IoT (Sicari et al. 2020). However, our research has revealed no existing bibliometric studies in this area and therefore, to our best knowledge, this paper represents pioneering such effort for security within 5G.

The purpose of this study is to extensively explore the vehicular network paradigm, challenges faced by them and provide a reasonable solution for securing these vulnerable networks. Vehicle-to-everything (V2X) communication has brought the long-anticipated goal of safe, convenient and sustainable transportation closer to reality. The connected vehicle (CV) paradigm is critical to the intelligent transportation systems vision. It imagines a society free of a troublesome transportation system burdened by gridlock, fatal accidents and a polluted environment. The authors cannot overstate the importance of CVs in solving long-standing mobility issues and making travel safer and more convenient. It is high time to explore vehicular networks in detail to suggest solutions to the challenges encountered by these highly dynamic networks.

This paper compiles research on various V2X topics, from a comprehensive overview of V2X networks to their unique characteristics and challenges. In doing so, the authors identify multiple issues encountered by V2X communication networks due to their open communication nature and high mobility, especially from a security perspective. Thus, this paper proposes a trust-based model to secure vehicular networks. The proposed approach uses the communicating nodes’ behavior to establish trustworthy relationships. The proposed model only allows trusted nodes to communicate among themselves while isolating malicious nodes to achieve secure communication.

Despite the benefits offered by V2X networks, they have associated challenges. As the number of CVs on the roads increase, so does the attack surface. Connected cars provide numerous safety-critical applications that, if compromised, can result in fatal consequences. While cryptographic mechanisms effectively prevent external attacks, various studies propose trust-based models to complement cryptographic solutions for dealing with internal attacks. While numerous trust-based models have been proposed, there is room for improvement in malicious node detection and complexity. Optimizing the number of nodes considered in trust calculation can reduce the complexity of state-of-the-art solutions. The theoretical analysis of the proposed model exhibits an improvement in trust calculation, better malicious node detection and fewer computations.

The proposed model is the first to add another dimension to trust calculation by incorporating opinions about recommender nodes. The added dimension improves the trust calculation resulting in better performance in thwarting attacks and enhancing security while also reducing the trust calculation complexity.