Search results
1 – 10 of over 63000Dieter Gollmann and Peer Wichmann
Reports on the evaluation of a set of commercial PC‐securityproducts. Argues how, and why, this analysis differs from the kind ofsecurity evaluation described in the IT…
Abstract
Reports on the evaluation of a set of commercial PC‐security products. Argues how, and why, this analysis differs from the kind of security evaluation described in the IT security evaluation criteria published recently by some national security agencies. Draws on an in‐depth examination down to the hardware level, based on the actual executable code and covers even attack scenarios where the attacker can manipulate the hardware of the PC. Summarizes the major findings, pointing out some frequent design faults in PC‐security systems.
Details
Keywords
This article is an exploration of the history of the regulation of stock futures leading up to the recent regulatory resolution in which the regulators (SEC and CFTC…
Abstract
This article is an exploration of the history of the regulation of stock futures leading up to the recent regulatory resolution in which the regulators (SEC and CFTC) share responsibilities, thus leading to the trading of single stock futures.
If complaints about an agent’s sale of “ABC” mutual fund are handled by the state securities commissioner… Why should complaints about the same agent’s sale of a variable…
Abstract
If complaints about an agent’s sale of “ABC” mutual fund are handled by the state securities commissioner… Why should complaints about the same agent’s sale of a variable annuity invested in “ABC” mutual fund be handled exclusively by the state insurance commissioner? Are state laws enacted 35 years ago still relevant today when most agents who sell variable annuities are also licensed to sell mutual funds?
Details
Keywords
The education sector is increasingly targeted by malicious cyber incidents, resulting in huge financial losses, cancelation of classes and exams and large-scale breaches…
Abstract
Purpose
The education sector is increasingly targeted by malicious cyber incidents, resulting in huge financial losses, cancelation of classes and exams and large-scale breaches of students’ and staff’s data. This paper aims to investigate education technology (EdTech) vendors’ responsibility for this cyber (in)security challenge, with a particular focus on EdTech in India as a case study.
Design/methodology/approach
Theoretically, building on the security economics literature, the paper establishes a link between the dynamics of the EdTech market and the education sector’s cyber insecurities and investigates the various economic barriers that stand in the way of improving EdTech vendors’ security practices. Empirically, the paper analyses publicly reported cyber incidents targeting the Indian education sector and EdTech companies in the past 10 years as published in newspapers, using the LexisNexis database. It also examines existing EdTech procurement challenges in India and elsewhere and develops a number of policy recommendations to address the misaligned incentives and information asymmetries between EdTech vendors and educational institutions.
Findings
Market forces alone cannot create sufficient incentives for EdTech vendors to prioritise security in product design. Considering the infant stage of the EdTech industry, the lack of evidence about the efficacy of EdTech tools, the fragmentation in the EdTech market and the peculiarities of educational institutions as end-users, a regulatorily and policy intervention is needed to secure education through procurement processes.
Originality/value
This paper introduces a novel exploration to the cybersecurity challenge in the education sector, an area of research and policy analysis that remains largely understudied. By adding a cybersecurity angle, the paper also contributes to the literature using a political economy approach in scrutinising EdTech.
Details
Keywords
Kirsi Helkala and Einar Snekkenes
The purpose of this paper is to present a new method for ranking authentication products. Using this method, issues such as technical performance…
Abstract
Purpose
The purpose of this paper is to present a new method for ranking authentication products. Using this method, issues such as technical performance, application/system‐specific requirements, cost and usability are addressed. The method simplifies and makes the selection process more transparent by identifying issues that are important when selecting products.
Design/methodology/approach
The paper used quantitative cost and performance analysis.
Findings
The method can be widely applied, allowing the comparison and ranking of an extensive variety of authentication products (passwords, biometrics, tokens). The method can be used for both product selection and the process of product development as supported by the case studies.
Originality/value
This is a work that demonstrates how to compare authentication methods from different categories. A novel ranking method has been developed which allows the comparison of different authentication products in a defined usage scenario.
Details
Keywords
Carlos Eduardo de Barros Paes and Celso Massaki Hirata
Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a…
Abstract
Purpose
Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a well‐known software engineering process that provides a disciplined approach to assigning tasks and responsibilities; however, it has little support for development of secure systems. This work aims to present a proposal of RUP for the development of secure systems.
Design/methodology/approach
In order to obtain the proposed RUP, the authors consider security as a knowledge area (discipline) and they define workflow, activities and roles according to the architecture of process engineering Unified Method Architecture (UMA). A software development was used to assess qualitatively the extended RUP.
Findings
Based on the development, the authors find that the proposed process produces security requirements in a more systematic way and results in the definition of better system architecture.
Research limitations/implications
The proposed extension requires specific adaptation if other development processes such as agile process and waterfall are employed.
Practical implications
The extension facilitates, the management of execution, and control of the activities and tasks related to security and the development teams can benefit by constructing better quality software.
Originality/value
The originality of the paper is the proposal of extension to RUP in order to consider security in a disciplined and organized way.
Details
Keywords
The purpose of this paper is to explore the differences in preferred supplier choice criteria between food purchasing agents who focus on supplier security and those that…
Abstract
Purpose
The purpose of this paper is to explore the differences in preferred supplier choice criteria between food purchasing agents who focus on supplier security and those that do not. Specifically, this research determines the relationship between purchasing agents’ supplier security preferences and their preferences for product quality, delivery reliability, price, and supplier location. The influence of international sourcing on demand for increased supplier security is also explored.
Design/methodology/approach
Choice-based conjoint analysis with hierarchical Bayes (HB) estimation and t-tests are used to assess and compare the utility food purchasing managers derive from different supplier attributes.
Findings
Purchasing managers that place a higher priority on security when choosing suppliers were willing to pay suppliers a higher price and receive lower levels of delivery reliability in return for higher security but placed less emphasis on suppliers’ product quality. Firms that source internationally do not have a significantly greater preference for advanced supplier security. However, purchasing managers that value supplier security were more likely to source internationally, potentially indicating that security allows for global sourcing by mitigating the increased vulnerability inherent to sourcing abroad.
Research limitations/implications
This research was limited by its focus on the food industry and a relatively small sample size.
Practical implications
This work illustrated that food purchasing managers can be segmented by the emphasis they place on security. Food industry managers will find results useful in formulating their future service offerings with respect to security and other supplier choice criteria.
Originality/value
This is one of few works investigating security as a supplier choice criterion and utilizing HB estimation of choice-based conjoint data.
Details
Keywords
Outlines the Open Security Architecture (OSA). OSA is anarchitecture which will provide the basis for the selection, design andintegration of products providing security…
Abstract
Outlines the Open Security Architecture (OSA). OSA is an architecture which will provide the basis for the selection, design and integration of products providing security and control for a network of desktop personal computers, “mobile” notebook computers, servers and mainframes. States that the purpose of this architecture is to provide an environment where: acceptable and workable controls can be placed on sensitive data; user productivity and existing investments in applications are not negatively impacted by the addition of control and security; data flow around the organization, and the investment that has been put in place to support this capability (e.g. local‐area, wide‐area, and telephonebased networks) can still be used to enhance information exchange between users; and all workstations, regardless of their location, operating system, or capability to connect to a network, can be included and easily administered under this architecture.
Details
Keywords
Mark Jeffery, Ichiro Aoyagi and Ed Kalletta
Quantifying the efficacy of marketing is an age-old challenge. As John Wanamaker said a century ago, “Half the money I spend on advertising is wasted; the trouble is I…
Abstract
Quantifying the efficacy of marketing is an age-old challenge. As John Wanamaker said a century ago, “Half the money I spend on advertising is wasted; the trouble is I don't know which half.” The big difference today, however, is that the Internet enables detailed tracking of marketing campaigns in real time, or near time. Exemplifies how to leverage the Internet to dramatically improve the efficacy of marketing. Centers upon the Microsoft Security Guidance marketing campaign, which was designed to change IT professionals' perception of Microsoft's software product security. The integrated marketing campaign involved print media, analyst relations, and online advertising. The advertising was designed to drive IT professionals to a Web site on security guidance, then sign them up for free in-person security training classes. Illustrates two important best practices for marketing in the Internet age: first, the campaign was designed to be measured, and second, agility was specifically designed into the campaign. In addition to tracking weekly click-through data from the print and online advertising, the campaign also used online pop-up customer perception surveys. Analyzing the click-though data, Microsoft realized it had a problem at the end of the first week of the campaign–there were far fewer signups for the training sessions than anticipated. By the end of the second week the campaign was changed, resulting in a huge improvement in efficacy. Creates a scorecard illustrating the pros and cons of the Microsoft approach compared to a more traditional campaign. Illustrates how, rather than creating big-bang campaigns, high-performing marketing organizations today are continually experimenting. They build flexibility into campaigns and design them to be measured.
To learn how to leverage the Internet in marketing campaigns, analyze click-through data and online survey results acquired in near time, and learn how it is used to fine tune and dramatically improve a campaign. Furthermore, illustrates how nonfinancial metrics can be used to quantify marketing efficacy.
Details

Keywords
Dejan Kosutic and Federico Pigni
The purpose of this paper is to help companies address the problem of ever-increasing cybersecurity investment that does not produce tangible business value – this is…
Abstract
Purpose
The purpose of this paper is to help companies address the problem of ever-increasing cybersecurity investment that does not produce tangible business value – this is achieved by explaining the relationship between cybersecurity and competitive advantage.
Design/methodology/approach
The impact of cybersecurity on competitive advantage was explored through a qualitative research study – the authors conducted an extensive literature review and conducted two rounds of semi-structured interviews with executives and security professionals from companies in four countries, from the financial, IT and security industries.
Findings
The analysis of the findings enabled the conceptualization of the Cybersecurity Competitive Advantage Model that explains how to build up cybersecurity dynamic capabilities to achieve long-term competitive advantage.
Research limitations/implications
The research presents the theorization of the model based on an extensive literature review, gathered information, insight from qualified respondents and the authors’ experience in the field. While we controlled for saturation and rigorously collected and analyzed the data, the inductive approach followed may limit the generalizability of the findings.
Practical implications
The proposed model helps explain to executives how to differentiate their company in a novel way and how to retain that competitive advantage; security professionals can use the model to organize cybersecurity and communicate to their superiors more effectively.
Originality/value
The presented model differs from existing literature, cybersecurity frameworks and industry standards by presenting a method of avoiding technological bias and for achieving competitive advantage.
Details