Search results

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.

The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.

The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.

Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.

The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.

The purpose of this paper is to investigate and analyze the adoption of digital technologies in the banking industry and its impact on the rise of digital fraudulent activities, specifically focusing on online banking frauds. This paper aims to provide insights into the current technologies implemented by banks to secure their online banking systems and explores the methods used by cybercriminals to exploit security vulnerabilities in these systems.

In order to understand how digital technologies in banking can be secured against online fraud, this research conducted a systematic literature review (SLR) on digital banking, online banking fraud, and security measurements. The review encompasses a variety of sources from online databases such as Emerald Insight, Google Scholar, IEEE, JSTOR, Springer and Science Direct.

The key finding of the paper is that the adoption of digital technologies in the banking industry has led to a significant increase in digital fraudulent activities, particularly in the form of online banking frauds. This paper emphasizes that these frauds have become a global concern and have evolved into an industry where cybercriminals use sophisticated tools such as phishing attacks, denial-of-service attacks, Trojan horses, malware infections, identity theft and computer viruses.

This study relies solely on a literature review without incorporating primary data or case studies; therefore, it might miss out on the firsthand experiences and perspectives of banks and cybersecurity professionals.

This study emphasizes the need for banks to adopt advanced security measures to safeguard their online banking systems.

This study underscores the importance of ongoing training and awareness programs for both bank employees and customers.

This study specifically addresses the adoption of digital technologies in the banking industry and its correlation with the increase in digital fraudulent activities. This focus on the intersection of technology and fraud in the banking sector is a distinctive aspect. This study conducts a SLR to examine the current technologies implemented by banks to safeguard their online banking systems. This comprehensive approach provides insights into the diverse security measures used by banks to protect against various types of cyber threats.

Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process.

The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance.

By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes.

By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.

This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity practices within organizations for cybersecurity risk management through a systematic literature review (SLR) approach.

This SLR adhered to RepOrting Standards for Systematics Evidence Syntheses (ROSES) publication standards and used various research approaches. The study’s article selection process involved using Scopus, one of the most important scientific databases, to review articles published between 2014 and 2023.

This review identified the four main themes: individual factors, organizational factors, technological factors and governmental role. In addition, nine subthemes that relate to these primary topics were established.

This research sheds light on the multifaceted nature of cybersecurity by exploring factors influencing implementation and developing an improvement framework, offering valuable insights for researchers to advance theoretical developments, assisting industry practitioners in tailoring cybersecurity strategies to their needs and providing policymakers with a basis for creating more effective cybersecurity regulations and standards.

This paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance cybersecurity (CS).

The questionnaire was used to collect data for 97 internal auditors (IAu) from the Gulf Cooperation Council countries. The authors used partial least squares (PLS) to test the hypotheses.

The results show a positive effect of the ADRIA on each of the organisational proactive measures, human proactive measures and technical proactive measures to enhance CS. The study also found a positive effect of the confirmatory role of IA on both human proactive measures and technical proactive measures to enhance CS. No effect of the confirmatory role of IA on the organisational proactive measures is found.

This study focused on only three proactive measures to enhance CS, and this study was limited to the opinions of IAu. In addition, the study was limited to using regression analysis according to the PLS method.

The results of this study show that managers need to consider the influential role of IA as a value-adding activity in reducing CS risks and activating proactive measures. Also, IAu must expand its capabilities, skills and knowledge in CS auditing to provide a bold view of cyber threats. At the same time, the institutions responsible for preparing IA standards should develop standards and guidelines that help IAu to play assurance and advisory roles.

To the best of the authors’ knowledge, this is the first study of its kind that deals with the impact of the assurance and ADRIA on proactive measures to enhance CS. In addition, the study determines the nature of the advisory role and the assurance role of IA to strengthen CS.

This study aims to evaluate blockchain as an e-government governance model. It assesses its alignment with legal frameworks, emphasizing robustness against disruptions and adherence to existing laws.

The paper explores blockchain’s potential in e-government, focusing on legal, ethical and governance aspects. It conducts an in-depth analysis of blockchain’s integration into data governance, emphasizing legal compliance and resilient security protocols.

The study comprehensively evaluates blockchain’s implementation, covering privacy, interoperability, consensus mechanisms, scalability and regulatory alignment. It highlights governance’s critical role in ensuring legal compliance within blockchain paradigms.

Ethical and legal concerns arising from blockchain adoption remain unresolved. The study underscores how blockchain challenges its core principles of anonymity and decentralization in e-government settings.

The framework outlined offers potential for diverse technological environments, albeit raising ethical and legal queries. It emphasizes governance’s pivotal role in achieving legal compliance in blockchain adoption.

Blockchain’s impact on legal and ethical facets necessitates further exploration to align with its core principles while addressing governance in e-government settings.

This study presents a robust framework for assessing blockchain’s viability in e-government, emphasizing legal compliance, despite ethical and legal intricacies that challenge its fundamental principles.

This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.

A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.

The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.

The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.

The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.

The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.