Search results
1 – 10 of over 23000Hao Chen and Yufei Yuan
Protection motivation theory (PMT) explains that the intention to cope with information security risks is based on informed threat and coping appraisals. However, people cannot…
Abstract
Purpose
Protection motivation theory (PMT) explains that the intention to cope with information security risks is based on informed threat and coping appraisals. However, people cannot always make appropriate assessments due to possible ignorance and cognitive biases. This study proposes a research model that introduces four antecedent factors from ignorance and bias perspectives into the PMT model and empirically tests this model with data from a survey of electronic waste (e-waste) handling.
Design/methodology/approach
The data collected from 356 Chinese samples are analyzed via structural equation modeling (SEM).
Findings
The results revealed that for threat appraisal, optimistic bias leads to a lower perception of risks. However, factual ignorance (lack of knowledge of risks) does not significantly affect the perceived threat. For coping appraisal, practical ignorance (lack of knowledge of coping with risks) leads to low response efficacy and self-efficacy and high perceptions of coping cost, but the illusion of control overestimates response efficacy and self-efficacy.
Originality/value
First, this study addresses a new type of information security problem in e-waste handling. Second, this study extends the PMT model by exploring the roles of ignorance and bias as antecedents. Finally, the authors reinvestigate the basic constructs of PMT to identify how rational threat and coping assessments affect user intentions to cope with data security risks.
Details
Keywords
Guillermo Horacio Ramirez Caceres and Yoshimi Teshigawara
The level of security of home information systems can be described as their capacity to resist all the accidental or deliberate malicious activities based on the evaluation…
Abstract
Purpose
The level of security of home information systems can be described as their capacity to resist all the accidental or deliberate malicious activities based on the evaluation assurance levels (EAL) as defined in international standards. The purpose of this paper is to propose a security guideline tool for home users based on the implementation of a protection profile (PP) for home user systems.
Design/methodology/approach
The application was developed in three basic steps. First, a PP for home user systems was created on the basis of the international standard ISO/IEC 15408. Then, the paper created a knowledge base including the PP information, as well as a security policy including other international standards, as mentioned above. Finally, the paper created a web application tool to be used as a security guideline for home users.
Findings
This tool is developed in order to support users to understand the threats which affect their environment and select the appropriate security policy. By using this tool, users can access information about international standards in accordance to their level of knowledge.
Research limitations/implications
The authors created a tool based on EAL4. In the future, tools based on EAL1, EAL2, and EAL3 can be created easily on the basis of the present model.
Originality/value
This PP specifies the security requirements for home user information technology (IT) environments, and makes use of the Department of Defense information assurance guidelines and policies as a basis for establishing the requirements necessary for meeting the security objectives. This PP is constructed for use as a reference for home users to create safe home IT environments. Operating systems evaluated against this PP can operate at EAL4.
Details
Keywords
Talal H. Hayale and Husam A. Abu Khadra
The objective of this study is to investigate perceived security threats of Computerized Accounting Information Systems (CAIS) that face Jordanian domestic banks. An empirical…
Abstract
The objective of this study is to investigate perceived security threats of Computerized Accounting Information Systems (CAIS) that face Jordanian domestic banks. An empirical survey using self‐administrated questionnaire has been carried out to achieve the above‐mentioned objective. The study results reveal that accidental entry of “bad” data by employees, accidental destruction of data by employees; intentional entry of “bad” data by employees and employees’ sharing passwords are the top four security threats that face domestic banks. The paper concludes that most security threats that face domestic banks are internally generated and unintentional.
Details
Keywords
Mazen El-Masri and Eiman Mutwali Abdelmageed Hussain
Blockchain is evolving to become a platform for securing Internet of things (IoT) ecosystems. Still, challenges remain. The purpose of this literature review is to highlight the…
Abstract
Purpose
Blockchain is evolving to become a platform for securing Internet of things (IoT) ecosystems. Still, challenges remain. The purpose of this literature review is to highlight the applicability of blockchain as a medium to secure IoT ecosystems. A two-dimensional framework anchored on (1) IoT layers and (2) security goals is used to organize the existent IoT security threats and their corresponding countermeasures identified in the reviewed literature. The framework helped in mapping the IoT security threats with the inherent features of blockchain and accentuate their prominence to IoT security.
Design/methodology/approach
An approach integrating computerized natural language processing (NLP) with a systematic literature review methodology was adopted. A large corpus of 2,303 titles and abstracts of blockchain articles was programmatically analyzed in order to identify the relevant literature. The identified literature was subjected to a systematic review guided by a well-established method in IS research.
Findings
The literature evidently highlights the prominence of blockchain as a mean to IoT security due to the distinctive features it encompasses. The authors’ investigation revealed that numerous existent threats are better addressed with blockchain than conventional mechanisms. Nevertheless, blockchain consumes resources such as electricity, time, bandwidth and disk space at a rate that is not yet easily accessible to common IoT ecosystems.
Research limitations/implications
Results suggest that a configurational approach that aligns IoT security requirements with the resource requirements of different blockchain features is necessary in order to realize the proper balance between security, efficiency and feasibility.
Practical implications
Practitioners can make use of the classified lists of convention security mechanisms and the IoT threats they address. The framework can help underline the countermeasures that best achieve their security goals. Practitioners can also use the framework to identify the most important features to seek for in a blockchain technology that can help them achieve their security goals.
Originality/value
This study proposes a novel framework that can help classify IoT threats based on the IoT layer impacted and the security goal at risk. Moreover, it applies a combined man-machine approach to systematically analyze the literature.
Details
Keywords
The purpose of this paper is to look into how people in risky environments define human security by using the framework of the draft human security index of the Third World…
Abstract
Purpose
The purpose of this paper is to look into how people in risky environments define human security by using the framework of the draft human security index of the Third World Studies Center, University of the Philippines to study five municipalities. The concept of human security used here is the comprehensive definition that covers “freedom from fear” and “freedom from want” dimensions but using a more local/bottom-up perspective in getting people’s sense of security and threats/risks. As a pilot research, the paper also reveals the shortcomings of the draft index as it does not highlight yet other factors like gender, ethnicity and other sectoral identities.
Design/methodology/approach
The pilot municipalities all have a history of violent conflicts or insurgency and they also face other security threats/risks, e.g., natural disasters and effects of climate change, limited sources of livelihood, lack of food, water shortage, etc. Through surveys, focus group discussions and interviews, people were asked about their sense of security and experiences, perceived threats to individuals and the community, understanding of human security and their capacity, as individuals and as a community, to cope with and/or do something about these threats. The focus of the manuscript, however, is the more qualitative responses of informants.
Findings
In these conflict areas, poverty and the limited livelihood opportunities are major threats, followed by threats to food, environmental, personal and community security (particularly peace and order). The perceived intensity of certain threats also varies depending on the type of community or group one belongs to. It appears that respondents have a comprehensive view of human security; what they lack are resources and skills to mitigate such threats. Community empowerment and improved local governance are crucial with support from external actors.
Research limitations/implications
It is important to look at the experiences of other areas without histories of armed conflicts to understand possibly different security issues and threats/risks and include perspectives of people based on gender, ethnicity and other identities.
Originality/value
The research shows the value of using local/bottom-up perceptions of people apart from available development and security statistics (which are usually top-down, very general and universalistic) to assess, monitor actual and plan future interventions to address human security threats and vulnerabilities at different levels. The qualitative and quantitative data from the ground are also useful in refining human security-related concepts, hypotheses and theories.
Details
Keywords
Oleksandr D. Dovhan, Oleksandr M. Yurchenko, Juliana O. Naidon, Oleg S. Peliukh, Nataliia I. Tkachuk and Kamal Gulati
The purpose of this study is to develop the Counterintelligence Strategy as a conceptual document in the field of state security of Ukraine, identifying current security threats…
Abstract
Purpose
The purpose of this study is to develop the Counterintelligence Strategy as a conceptual document in the field of state security of Ukraine, identifying current security threats to Ukraine, which global landscape has been significantly transformed since the adoption of the Law of Ukraine “On Counterintelligence”, is substantiated. It is proved that the provisions of such Strategy should determine the current and projected counterintelligence environment via a set of the following elements. The nature of real and potential threats in the process of implementing state foreign and domestic policy course determined by Ukraine. Sources of such threats (individual states and their intelligence agencies, terrorist organizations, transnational organized crime, etc.). Features of the identified encroachment objects of foreign intelligence agencies, terrorist and other criminal organizations, including transnational ones. Long time strategy treats like COVID-19 pandemic.
Design/methodology/approach
During the past decades of the XXI century, intelligence has become a crucial tool in the system of determining and implementing the foreign policy in international relations. Modern realities confirm that this political and legal phenomenon directly affects the formation of the foreign policy course of any state, the development of its geopolitical strategy and defense doctrine. Possessing a powerful apparatus for obtaining primary information, fulfillment of government orders for monitoring, evaluation, analysis, forecasting and modeling of possible scenarios of global- or regional-scale events and processes, special services take an active part in perspective and current foreign and domestic policy implementation.
Findings
Thus, based on the state security paradigm, which cannot be defined in the absence of threats and ensured by their complete elimination, since negative factors for state security objects will always exist, the ensuring of its development requires first of all creation of the conditions under which threats will not be able to limit its development. That is why it is necessary not only to minimize the impact of such factors on vulnerable objects, but also to create a certain “immunity” to their impact, i.e. the ability of the state security system to function effectively in spite of the negative impact. Thus, maintaining the ability to function in terms of the existing threats is the most important area of practical activity for the state security protection, as well as ensuring the legitimate interests of the state.
Originality/value
During the paper decades of the XXI century, intelligence has become a crucial tool in the system of determining and implementing the foreign policy in international relations. Modern realities confirm that this political and legal phenomenon directly affects the formation of the foreign policy course of any state, the development of its geopolitical strategy and defense doctrine. Possessing a powerful apparatus for obtaining primary information, fulfillment of government orders for monitoring, evaluation, analysis, forecasting and modeling of possible scenarios of global- or regional-scale events and processes, special services take an active part in perspective and current foreign and domestic policy implementation.
Ehinome Ikhalia, Alan Serrano, David Bell and Panos Louvieris
Online social network (OSN) users have a high propensity to malware threats due to the trust and persuasive factors that underpin OSN models. The escalation of social engineering…
Abstract
Purpose
Online social network (OSN) users have a high propensity to malware threats due to the trust and persuasive factors that underpin OSN models. The escalation of social engineering malware encourages a growing demand for end-user security awareness measures. The purpose of this paper is to take the theoretical cybersecurity awareness model TTAT-MIP and test its feasibility via a Facebook app, namely social network criminal (SNC).
Design/methodology/approach
The research employs a mixed-methods approach to evaluate the SNC app. A system usability scale measures the usability of SNC. Paired samples t-tests were administered to 40 participants to measure security awareness – before and after the intervention. Finally, 20 semi-structured interviews were deployed to obtain qualitative data about the usefulness of the App itself.
Findings
Results validate the effectiveness of OSN apps utilising a TTAT-MIP model – specifically the mass interpersonal persuasion (MIP) attributes. Using TTAT-MIP as a guidance, practitioners can develop security awareness systems that better leverage the intra-relationship model of OSNs.
Research limitations/implications
The primary limitation of this study is the experimental settings. Although the results testing the TTAT-MIP Facebook app are promising, these were set under experimental conditions.
Practical implications
SNC enable persuasive security behaviour amongst employees and avoid potential malware threats. SNC support consistent security awareness practices by the regular identification of new threats which may inspire the creation of new security awareness videos.
Social implications
The structure of OSNs is making it easier for malicious users to carry out their activities without the possibility of detection. By building a security awareness programme using the TTAT-MIP model, organisations can proactively manage security awareness.
Originality/value
Many security systems are cumbersome, inconsistent and non-specific. The outcome of this research provides organisations and security practitioners with a framework for designing and developing proactive and tailored security awareness systems.
Details
Keywords
Arthur Jung‐Ting Chang and Quey‐Jen Yeh
Modernized information systems (IS) have brought enterprises not only enormous benefits, but also linked information threats. Most enterprises solve their IS security‐related…
Abstract
Purpose
Modernized information systems (IS) have brought enterprises not only enormous benefits, but also linked information threats. Most enterprises solve their IS security‐related problems using technical means alone, and focus on technical rather than managerial controls, which may imply potential crises. This study examines whether the security preparation of firms matches the severity of IS threats they perceive in developing countries, especially in issues concerning “people” and “administration”. Additionally, this study discusses appropriate threat mitigation strategies for the four sectors as well.
Design/methodology/approach
Using an empirical study, this study explores the past and current concerns of IS threats of firms in different industries, and the countermeasures prepared by them to protect themselves from such threats. The empirical data was provided by 109 Taiwanese enterprises from four sectors.
Findings
The analytical results revealed the differences in both the IS threats concerned and the security scopes prepared among the four sectors. Moreover, the preparation scopes were not commensurate with the perceived severity of threats. All four industries rated the network as posing the strongest threat, following regulation and personnel issues, while among the countermeasures in use, these three issues have larger application deficiencies.
Originality/value
This study concludes that the firms do not well prepare themselves against IS threats entailed to non‐technical administration issues and discusses appropriate threat mitigation strategies for the four sectors. Specifically, firms should be aware of IS threats to their business and prepare suitable security protections.
Details
Keywords
Zhengbiao Han, Shuiqing Huang, Huan Li and Ni Ren
This paper uses the GB/T20984-2007 multiplicative method to assess the information security risk of a typical digital library in compliance with the principle and thought of ISO…
Abstract
Purpose
This paper uses the GB/T20984-2007 multiplicative method to assess the information security risk of a typical digital library in compliance with the principle and thought of ISO 27000. The purpose of this paper is to testify the feasibility of this method and provide suggestions for improving information security of the digital library.
Design/methodology/approach
This paper adopts convenience sampling to select respondents. The assessment of assets is through analyzing digital library-related business and function through a questionnaire which collects data to determine asset types and the importance of asset attributes. The five-point Likert scale questionnaire method is used to identify the threat possibility and its influence on the assets. The 12 respondents include directors and senior network technicians from the editorial department, comic library, children’s library, counseling department and the learning promotion centre. Three different Guttman scale questionnaires, tool testing and on-site inspection are combined to identify and assess vulnerabilities. There were different Guttman scale questionnaires for management personnel, technical personnel and general librarian. In all, 15 management librarians, 7 technical librarians and 72 ordinary librarians answered the vulnerability questionnaire. On-site inspection was conducted on the basis of 11 control domains of ISO 27002. Vulnerabilities were scanned using remote security evaluation system NSFOCUS. The scanning covered ten IP sections and a total of 81 hosts.
Findings
Overall, 2,792 risk scores were obtained. Among them, 282 items (accounting for 10.1 per cent of the total) reached the high risk level; 2 (0.1 per cent) reached the very high risk level. High-risk items involved 26 threat types (accounting for 44.1 per cent of all threat types) and 13 vulnerability types (accounting for 22.1 per cent of all vulnerability types). The evaluation revealed that this digital library faces seven major hidden dangers in information security. The assessment results were well accepted by staff members of this digital library, which testified to the applicability of this method to a Chinese digital library.
Research limitations/implications
This paper is only a case study of a typical Chinese digital library using a digital library information security assessment method. More case-based explorations are necessary to prove the feasibility of the assessing strategy proposed in this study.
Originality/value
Based on the findings of recent literature, the authors found that very few researchers have made efforts to develop methods for calculating the indicators for digital library information security risk assessment. On the basis of ISO 27000 and other related information security standards, this case study proposed an operable method of digital library information security risk assessment and used it to assess a the information security of a typical Chinese digital library. This study can offer insights for formulating a digital library information security risk assessment scale.
Details
Keywords
Kambiz Mokhtari, Noorul Shaiful Fitri Abdul Rahman, Hamid Reza Soltani, Salim Ahmed Al Rashdi and Kawkab Abdul Aziz Mohammed Al Balushi
At the substantive level, there exists a gap in knowledge about the position of security risk management (i.e. SRM) during the terminals’ operations and management; particularly…
Abstract
Purpose
At the substantive level, there exists a gap in knowledge about the position of security risk management (i.e. SRM) during the terminals’ operations and management; particularly when there is potential for deliberate anti-security acts. Correspondingly, the purpose of this paper is a need for more practical research to find out the justification for the existence of the SRM and different techniques for its appropriate execution on these logistics infrastructures principally with due regard to the potential requirements in the near future.
Design/methodology/approach
Both qualitative and quantitative techniques are used in this study incorporating fuzzy set theory and risk assessment matrix to achieve the research objective.
Findings
A designed SRM framework tailored for Qalhat liquefied petroleum gas (LNG) terminal in Sultanate of Oman was established to manage the security threats which can be resulted from any probable terrorist attacks.
Research limitations/implications
The limited numbers of experts for the purpose of the addressed SRM are causing challenges in data collection.
Practical implications
The pressures for enhanced attention to critical infrastructure security have fostered new challenges for petrochemical seaports and terminals (PSTs). These tendencies dictate to maintain comprehensive security regimens that can be integrated with national and international strategies to support the country’s security against terrorism.
Originality/value
The development of the security risk factor table model in the case of Qalhat LNG Terminal.
Details