Search results
1 – 10 of over 57000Dieter Gollmann and Peer Wichmann
Reports on the evaluation of a set of commercial PC‐securityproducts. Argues how, and why, this analysis differs from the kind ofsecurity evaluation described in the IT security…
Abstract
Reports on the evaluation of a set of commercial PC‐security products. Argues how, and why, this analysis differs from the kind of security evaluation described in the IT security evaluation criteria published recently by some national security agencies. Draws on an in‐depth examination down to the hardware level, based on the actual executable code and covers even attack scenarios where the attacker can manipulate the hardware of the PC. Summarizes the major findings, pointing out some frequent design faults in PC‐security systems.
Details
Keywords
This article is an exploration of the history of the regulation of stock futures leading up to the recent regulatory resolution in which the regulators (SEC and CFTC) share…
Abstract
This article is an exploration of the history of the regulation of stock futures leading up to the recent regulatory resolution in which the regulators (SEC and CFTC) share responsibilities, thus leading to the trading of single stock futures.
Amrou Awaysheh, Robert D. Klassen, Asad Shafiq and P. Fraser Johnson
Globalization and increased outsourcing have contributed to increased supply chain complexity, exposing firms to greater vulnerability in the areas of product safety and supply…
Abstract
Purpose
Globalization and increased outsourcing have contributed to increased supply chain complexity, exposing firms to greater vulnerability in the areas of product safety and supply chain security. Meanwhile, stakeholders pressure firms to ensure that their products are safe, and their supply chains are secure. Drawing from stakeholder theory, this paper aims to explore how the supply chain characteristics of distance and power affect the adoption of consumer protection (CP) practices, which ensure product safety and supply chain security.
Design/methodology/approach
Using primary survey data from a sample of Canadian manufacturing firms, this research examines the relationships among supply chain characteristics, adoption of CP practices and firm performance.
Findings
Analysis supported the use of two practices related to product safety (consumer education and product design) and three practices for supply chain security (packaging, tracking and authenticity). Greater cultural distance between the focal firm and its suppliers was positively associated with investments in safer design practices, while increased geographical distance between the focal firm and the customer was significantly related to increased consumer education. Moreover, as power of a focal firm relative to its suppliers increased, so too did investments in supply chain security. Finally, CP practices were related to improved operational performance along multiple dimensions.
Originality/value
This research focuses on the critical role of two key stakeholder groups in improving product safety and supply chain security: suppliers and customers. The authors add to the theoretical discussion of product safety and supply chain security by identifying critical differences between suppliers and customers for the focal firm. Second, the research informs the managerial community of the potential benefits of investments in CP practices.
Details
Keywords
If complaints about an agent’s sale of “ABC” mutual fund are handled by the state securities commissioner… Why should complaints about the same agent’s sale of a variable annuity…
Abstract
If complaints about an agent’s sale of “ABC” mutual fund are handled by the state securities commissioner… Why should complaints about the same agent’s sale of a variable annuity invested in “ABC” mutual fund be handled exclusively by the state insurance commissioner? Are state laws enacted 35 years ago still relevant today when most agents who sell variable annuities are also licensed to sell mutual funds?
Details
Keywords
The education sector is increasingly targeted by malicious cyber incidents, resulting in huge financial losses, cancelation of classes and exams and large-scale breaches of…
Abstract
Purpose
The education sector is increasingly targeted by malicious cyber incidents, resulting in huge financial losses, cancelation of classes and exams and large-scale breaches of students’ and staff’s data. This paper aims to investigate education technology (EdTech) vendors’ responsibility for this cyber (in)security challenge, with a particular focus on EdTech in India as a case study.
Design/methodology/approach
Theoretically, building on the security economics literature, the paper establishes a link between the dynamics of the EdTech market and the education sector’s cyber insecurities and investigates the various economic barriers that stand in the way of improving EdTech vendors’ security practices. Empirically, the paper analyses publicly reported cyber incidents targeting the Indian education sector and EdTech companies in the past 10 years as published in newspapers, using the LexisNexis database. It also examines existing EdTech procurement challenges in India and elsewhere and develops a number of policy recommendations to address the misaligned incentives and information asymmetries between EdTech vendors and educational institutions.
Findings
Market forces alone cannot create sufficient incentives for EdTech vendors to prioritise security in product design. Considering the infant stage of the EdTech industry, the lack of evidence about the efficacy of EdTech tools, the fragmentation in the EdTech market and the peculiarities of educational institutions as end-users, a regulatorily and policy intervention is needed to secure education through procurement processes.
Originality/value
This paper introduces a novel exploration to the cybersecurity challenge in the education sector, an area of research and policy analysis that remains largely understudied. By adding a cybersecurity angle, the paper also contributes to the literature using a political economy approach in scrutinising EdTech.
Details
Keywords
Kirsi Helkala and Einar Snekkenes
The purpose of this paper is to present a new method for ranking authentication products. Using this method, issues such as technical performance, application/system‐specific…
Abstract
Purpose
The purpose of this paper is to present a new method for ranking authentication products. Using this method, issues such as technical performance, application/system‐specific requirements, cost and usability are addressed. The method simplifies and makes the selection process more transparent by identifying issues that are important when selecting products.
Design/methodology/approach
The paper used quantitative cost and performance analysis.
Findings
The method can be widely applied, allowing the comparison and ranking of an extensive variety of authentication products (passwords, biometrics, tokens). The method can be used for both product selection and the process of product development as supported by the case studies.
Originality/value
This is a work that demonstrates how to compare authentication methods from different categories. A novel ranking method has been developed which allows the comparison of different authentication products in a defined usage scenario.
Details
Keywords
Carlos Eduardo de Barros Paes and Celso Massaki Hirata
Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a…
Abstract
Purpose
Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a well‐known software engineering process that provides a disciplined approach to assigning tasks and responsibilities; however, it has little support for development of secure systems. This work aims to present a proposal of RUP for the development of secure systems.
Design/methodology/approach
In order to obtain the proposed RUP, the authors consider security as a knowledge area (discipline) and they define workflow, activities and roles according to the architecture of process engineering Unified Method Architecture (UMA). A software development was used to assess qualitatively the extended RUP.
Findings
Based on the development, the authors find that the proposed process produces security requirements in a more systematic way and results in the definition of better system architecture.
Research limitations/implications
The proposed extension requires specific adaptation if other development processes such as agile process and waterfall are employed.
Practical implications
The extension facilitates, the management of execution, and control of the activities and tasks related to security and the development teams can benefit by constructing better quality software.
Originality/value
The originality of the paper is the proposal of extension to RUP in order to consider security in a disciplined and organized way.
Details
Keywords
The purpose of this paper is to explore the differences in preferred supplier choice criteria between food purchasing agents who focus on supplier security and those that do not…
Abstract
Purpose
The purpose of this paper is to explore the differences in preferred supplier choice criteria between food purchasing agents who focus on supplier security and those that do not. Specifically, this research determines the relationship between purchasing agents’ supplier security preferences and their preferences for product quality, delivery reliability, price, and supplier location. The influence of international sourcing on demand for increased supplier security is also explored.
Design/methodology/approach
Choice-based conjoint analysis with hierarchical Bayes (HB) estimation and t-tests are used to assess and compare the utility food purchasing managers derive from different supplier attributes.
Findings
Purchasing managers that place a higher priority on security when choosing suppliers were willing to pay suppliers a higher price and receive lower levels of delivery reliability in return for higher security but placed less emphasis on suppliers’ product quality. Firms that source internationally do not have a significantly greater preference for advanced supplier security. However, purchasing managers that value supplier security were more likely to source internationally, potentially indicating that security allows for global sourcing by mitigating the increased vulnerability inherent to sourcing abroad.
Research limitations/implications
This research was limited by its focus on the food industry and a relatively small sample size.
Practical implications
This work illustrated that food purchasing managers can be segmented by the emphasis they place on security. Food industry managers will find results useful in formulating their future service offerings with respect to security and other supplier choice criteria.
Originality/value
This is one of few works investigating security as a supplier choice criterion and utilizing HB estimation of choice-based conjoint data.
Details
Keywords
Outlines the Open Security Architecture (OSA). OSA is anarchitecture which will provide the basis for the selection, design andintegration of products providing security and…
Abstract
Outlines the Open Security Architecture (OSA). OSA is an architecture which will provide the basis for the selection, design and integration of products providing security and control for a network of desktop personal computers, “mobile” notebook computers, servers and mainframes. States that the purpose of this architecture is to provide an environment where: acceptable and workable controls can be placed on sensitive data; user productivity and existing investments in applications are not negatively impacted by the addition of control and security; data flow around the organization, and the investment that has been put in place to support this capability (e.g. local‐area, wide‐area, and telephonebased networks) can still be used to enhance information exchange between users; and all workstations, regardless of their location, operating system, or capability to connect to a network, can be included and easily administered under this architecture.
Details
Keywords
Dejan Kosutic and Federico Pigni
The purpose of this paper is to help companies address the problem of ever-increasing cybersecurity investment that does not produce tangible business value – this is achieved by…
Abstract
Purpose
The purpose of this paper is to help companies address the problem of ever-increasing cybersecurity investment that does not produce tangible business value – this is achieved by explaining the relationship between cybersecurity and competitive advantage.
Design/methodology/approach
The impact of cybersecurity on competitive advantage was explored through a qualitative research study – the authors conducted an extensive literature review and conducted two rounds of semi-structured interviews with executives and security professionals from companies in four countries, from the financial, IT and security industries.
Findings
The analysis of the findings enabled the conceptualization of the Cybersecurity Competitive Advantage Model that explains how to build up cybersecurity dynamic capabilities to achieve long-term competitive advantage.
Research limitations/implications
The research presents the theorization of the model based on an extensive literature review, gathered information, insight from qualified respondents and the authors’ experience in the field. While we controlled for saturation and rigorously collected and analyzed the data, the inductive approach followed may limit the generalizability of the findings.
Practical implications
The proposed model helps explain to executives how to differentiate their company in a novel way and how to retain that competitive advantage; security professionals can use the model to organize cybersecurity and communicate to their superiors more effectively.
Originality/value
The presented model differs from existing literature, cybersecurity frameworks and industry standards by presenting a method of avoiding technological bias and for achieving competitive advantage.
Details