Search results
1 – 10 of over 3000Lemma Lessa and Daniel Gebrehawariat
This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an…
Abstract
Purpose
This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.
Design/methodology/approach
Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.
Findings
The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.
Originality/value
This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.
Details
Keywords
The issue of cybersecurity has been cast as the focal point of a fight between two conflicting governance models: the nation-state model of national security and the global…
Abstract
Purpose
The issue of cybersecurity has been cast as the focal point of a fight between two conflicting governance models: the nation-state model of national security and the global governance model of multi-stakeholder collaboration, as seen in forums like IGF, IETF, ICANN, etc. There is a strange disconnect, however, between this supposed fight and the actual control over cybersecurity “on the ground”. This paper aims to reconnect discourse and control via a property rights approach, where control is located first and foremost in ownership.
Design/methodology/approach
This paper first conceptualizes current governance mechanisms through ownership and property rights. These concepts locate control over internet resources. They also help us understand ongoing shifts in control. Such shifts in governance are actually happening, security governance is being patched left and right, but these arrangements bear little resemblance to either the national security model of states or the global model of multi-stakeholder collaboration. With the conceptualization in hand, the paper then presents case studies of governance that have emerged around specific security externalities.
Findings
While not all mechanisms are equally effective, in each of the studied areas, the author found evidence of private actors partially internalizing the externalities, mostly on a voluntary basis and through network governance mechanisms. No one thinks that this is enough, but it is a starting point. Future research is needed to identify how these mechanisms can be extended or supplemented to further improve the governance of cybersecurity.
Originality/value
This paper bridges together the disconnected research communities on governance and (technical) cybersecurity.
Details
Keywords
Lorenzo Lynberg and Ahmed Deif
This paper addresses a gap in research literature in the fields of blockchain technology (BC), supply chain network dynamics (SC) and network effect phenomena (NE). Extant BC and…
Abstract
Purpose
This paper addresses a gap in research literature in the fields of blockchain technology (BC), supply chain network dynamics (SC) and network effect phenomena (NE). Extant BC and SC literature describes the potential benefits to be reaped through the adoption of BC technology. While BC technology does not yet meet the researched expectations of adoption, performance and efficacy, the authors analyze the three inter-related fields (BC, SC and NE) to bridge this gap in theory.
Design/methodology/approach
This paper begins with a research review correlating the technological fundamentals of BC technology into fundamental value propositions for SC logistics contexts. The authors review the gap between these theoretical technological functions and the current ecosystem of BC applications. With an overarching understanding of BC in SC contexts, this paper then explores the phenomena of NE and attempts to synthesize various interrelated aspects of the three fields (BC, SC and NE). Research frameworks from extant literature are used for cross-comparing legacy software/information system solutions with potential and existing BC-based solutions. Case studies are utilized to support this analysis.
Findings
Several key considerations and themes are identified to better inform practitioner and researcher decision-making. Novel insights pertain to BC platform architecture and application modularity, integrated governance and decision-making capabilities, and the automation capabilities that arise from a healthy application and smart contract ecosystem.
Originality/value
The core contribution is the synthesis of network effect theory with SC phenomena and BC theory and the exploration of how these three fields are inter-related in the maturation of BC technology. Specifically, the authors deepen insights from extant literature by contextualizing findings with relevant interdisciplinary theoretical frameworks.
Details
Keywords
Erik Framner, Simone Fischer-Hübner, Thomas Lorünser, Ala Sarah Alaqra and John Sören Pettersson
The purpose of this paper is to develop a usable configuration management for Archistar, which utilizes secret sharing for redundantly storing data over multiple independent…
Abstract
Purpose
The purpose of this paper is to develop a usable configuration management for Archistar, which utilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure and privacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and other settings for securely storing the secret data shares, while meeting all of end user’s requirements and other restrictions, is a complex task. In particular, complex trade-offs between different protection goals and legal privacy requirements need to be made.
Design/methodology/approach
A human-centered design approach with structured interviews and cognitive walkthroughs of user interface mockups with system administrators and other technically skilled users was used.
Findings
Even technically skilled users have difficulties to adequately select secret sharing parameters and other configuration settings for adequately securing the data to be outsourced.
Practical implications
Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations.
Originality/value
The authors present novel human computer interaction (HCI) guidelines for a usable configuration management, which propose to automatically set configuration parameters and to solve trade-offs based on the type of data to be stored in the cloud. Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations.
Details
Keywords
Mohamad Amin Hasbini, Tillal Eldabi and Ammar Aldallal
Information security management (ISM) is proving to be an important topic in the modern world; in environments that will rely a great deal on digital technologies, such as smart…
Abstract
Purpose
Information security management (ISM) is proving to be an important topic in the modern world; in environments that will rely a great deal on digital technologies, such as smart cities, ISM research is of high importance and needs to be well analysed. The paper aims to discuss these issues.
Design/methodology/approach
This paper indicates the criticality of ISM for smart cities through the literature, then focusses on top organisational factors influencing ISM in smart city organisations, which are embraced and justified from the literature.
Findings
This paper highlights the need for more research around ISM in the context of smart city organisations, also ISM-related organisational factors that are expected to most influence smart city organisational performance.
Research limitations/implications
This paper is proposed to influence more research in the area of ISM for smart cities among the research community. Additional research is also expected to further validate and examine the selected organisational factors.
Originality/value
This paper presents new information on ISM in smart city organisations, the lack of research in this area, and the criticality of the highlighted issues, creates high value for the conclusions and findings of this research. The paper also highlights top organisational factors that are expected to influence ISM in smart city organisations.
Details
Keywords
Yuanxing Zhang, Zhuqi Li, Kaigui Bian, Yichong Bai, Zhi Yang and Xiaoming Li
Projecting the population distribution in geographical regions is important for many applications such as launching marketing campaigns or enhancing the public safety in certain…
Abstract
Purpose
Projecting the population distribution in geographical regions is important for many applications such as launching marketing campaigns or enhancing the public safety in certain densely populated areas. Conventional studies require the collection of people’s trajectory data through offline means, which is limited in terms of cost and data availability. The wide use of online social network (OSN) apps over smartphones has provided the opportunities of devising a lightweight approach of conducting the study using the online data of smartphone apps. This paper aims to reveal the relationship between the online social networks and the offline communities, as well as to project the population distribution by modeling geo-homophily in the online social networks.
Design/methodology/approach
In this paper, the authors propose the concept of geo-homophily in OSNs to determine how much the data of an OSN can help project the population distribution in a given division of geographical regions. Specifically, the authors establish a three-layered theoretic framework that first maps the online message diffusion among friends in the OSN to the offline population distribution over a given division of regions via a Dirichlet process and then projects the floating population across the regions.
Findings
By experiments over large-scale OSN data sets, the authors show that the proposed prediction models have a high prediction accuracy in characterizing the process of how the population distribution forms and how the floating population changes over time.
Originality/value
This paper tries to project population distribution by modeling geo-homophily in OSNs.
Details
Keywords
The purpose of this study is to explore how the development of digital trade can provide new development prospects to China's foreign trade under the background of the gradual…
Abstract
Purpose
The purpose of this study is to explore how the development of digital trade can provide new development prospects to China's foreign trade under the background of the gradual expansion of China's digital economy and the further release of policy dividends.
Design/methodology/approach
Using the methods of literature collection and induction, combined with traditional trade theory, this paper analyzes the characteristics and challenges of digital trade under the background of the digital economy.
Findings
The findings reveal that China's digital trade development still faces some risks, such as the containment of China's core technology, digital security and unbalanced development among regions. Considering these risks, China should break through core technical problem, participate in the formulation of international rules to ensure data security, give priority to the development of service trade and improve the unbalanced development of digital trade.
Social implications
By analyzing the development status and characteristics of the digital economy and digital trade, this paper summarizes the challenges and comparative advantages faced by China's digital trade, and puts forward corresponding suggestions. These suggestions will allow China to take advantage of its rapid digital economy development and occupy a leading position in global digital trade.
Originality/value
This paper creatively expounds on the new development direction of digital trade from the perspective of comparative advantage and risks, and provides some suggestions to expedite China's digital trade development.
Details
Keywords
David Hedberg, Martin Lundgren and Marcus Nohlberg
This study aims to explore auto mechanics awareness of repairs and maintenance related to the car’s cybersecurity and provide insights into challenges based on current practice.
Abstract
Purpose
This study aims to explore auto mechanics awareness of repairs and maintenance related to the car’s cybersecurity and provide insights into challenges based on current practice.
Design/methodology/approach
This study is based on an empirical study consisting of semistructured interviews with representatives from both branded and independent auto workshops. The data was analyzed using thematic analysis. A version of the capability maturity model was introduced to the respondents as a self-evaluation of their cybersecurity awareness.
Findings
Cybersecurity was not found to be part of the current auto workshop work culture, and that there is a gap between independent workshops and branded workshops. Specifically, in how they function, approach problems and the tools and support available to them to resolve (particularly regarding previously unknown) issues.
Research limitations/implications
Only auto workshop managers in Sweden were interviewed for this study. This role was picked because it is the most likely to have come in contact with cybersecurity-related issues. They may also have discussed the topic with mechanics, manufacturers or other auto workshops – thus providing a broader view of potential issues or challenges.
Practical implications
The challenges identified in this study offers actionable advice to car manufacturers, branded workshops and independent workshops. The goal is to further cooperation, improve knowledge sharing and avoid unnecessary safety or security issues.
Originality/value
As cars become smarter, they also become potential targets for cyberattacks, which in turn poses potential threats to human safety. However, research on auto workshops, which has previously ensured that cars are road safe, has received little research attention with regards to the role cybersecurity can play in repairs and maintenance. Insights from auto workshops can therefore shed light upon the unique challenges and issues tied to the cybersecurity of cars, and how they are kept up-to-date and road safe in the digital era.
Details
Keywords
Eline Punt, Jochen Monstadt, Sybille Frank and Patrick Witte
Cyber resilience has emerged as an approach for seaports to deal with cyberattacks; it emphasizes ports’ ability to prepare for an attack and to keep operating and recover…
Abstract
Purpose
Cyber resilience has emerged as an approach for seaports to deal with cyberattacks; it emphasizes ports’ ability to prepare for an attack and to keep operating and recover quickly. However, little research has been undertaken on the challenges of governing cyber risks in seaports. This study aims to address this gap.
Design/methodology/approach
Governing cyber resilience is shaped by distributed responsibilities, uncertainties and ambiguities. The authors use this conceptualization to explore the governance of cyber risks in seaports, taking the Port of Rotterdam as a case study and analyzing semistructured interviews with stakeholders, participatory observation and policy documents and legislation.
Findings
The authors found that many strategies for governing cyber risks remain dedicated to protecting computer systems against cyberattacks. Nevertheless, port stakeholders have also developed strategies in anticipation of disruptions. However, these strategies appear informal and uncoordinated due to a lack of information exchange, insufficient knowledge regarding cyber risks and disagreement about how to make the Port of Rotterdam cyber resilient. What mainly hampers the cyber resilience of the port is the lack of a comprehensive regulatory framework and economic incentives. The authors conclude that resilience is merely an ideal at the Port of Rotterdam, meaning related governance strategies remain incremental and await institutionalization.
Originality/value
This paper offers insights into the cyber resilience of critical socio-technical systems, which have been underexposed in cyber resilience debates, but, when exploited, can manifest in large-scale disruptions.
Details
Keywords
Elham Rostami, Fredrik Karlsson and Shang Gao
This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs).
Abstract
Purpose
This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs).
Design/methodology/approach
This study used a design science research approach, drawing on design knowledge from the field of situational method engineering. The conceptual model was developed as a unified modeling language class diagram using existing ISPs from public agencies in Sweden.
Findings
This study’s demonstration as proof of concept indicates that the conceptual model can be used to create free-standing modules that provide guidance about information security in relation to a specific work task and that these modules can be used across multiple tailored ISPs. Thus, the model can be considered as a step toward developing software to tailor ISPs.
Research limitations/implications
The proposed conceptual model bears several short- and long-term implications for research. In the short term, the model can act as a foundation for developing software to design tailored ISPs. In the long term, having software that enables tailorable ISPs will allow researchers to do new types of studies, such as evaluating the software's effectiveness in the ISP development process.
Practical implications
Practitioners can use the model to develop software that assist information security managers in designing tailored ISPs. Such a tool can offer the opportunity for information security managers to design more purposeful ISPs.
Originality/value
The proposed model offers a detailed and well-elaborated starting point for developing software that supports modularizing and tailoring of ISPs.
Details