Search results

The purpose of this study is to increase awareness of current supply chain (SC) security-related issues by providing an extensive analysis of existing SC security solutions and their limitations. The security of SCs has received increasing attention from researchers, due to the emerging risks associated with their distributed nature. The increase in risk in SCs comes from threats that are inherently similar regardless of the type of SC, thus, requiring similar defence mechanisms. Being able to identify the types of threats will help developers to build effective defences.

In this work, we provide an analysis of the threats, possible attacks and traceability solutions for SCs, and highlight outstanding problems. Through a comprehensive literature review (2015–2021), we analysed various SC security solutions, focussing on tracking solutions. In particular, we focus on three types of SCs: digital, food and pharmaceutical that are considered prime targets for cyberattacks. We introduce a systematic categorization of threats and discuss emerging solutions for prevention and mitigation.

Our study shows that the current traceability solutions for SC systems do not offer a broadened security analysis and fail to provide extensive protection against cyberattacks. Furthermore, global SCs face common challenges, as there are still unresolved issues, especially those related to the increasing SC complexity and interconnectivity, where cyberattacks are spread across suppliers.

This is the first time that a systematic categorization of general threats for SC is made based on an existing threat model for hardware SC.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

The purpose of this study is to develop the Counterintelligence Strategy as a conceptual document in the field of state security of Ukraine, identifying current security threats to Ukraine, which global landscape has been significantly transformed since the adoption of the Law of Ukraine “On Counterintelligence”, is substantiated. It is proved that the provisions of such Strategy should determine the current and projected counterintelligence environment via a set of the following elements. The nature of real and potential threats in the process of implementing state foreign and domestic policy course determined by Ukraine. Sources of such threats (individual states and their intelligence agencies, terrorist organizations, transnational organized crime, etc.). Features of the identified encroachment objects of foreign intelligence agencies, terrorist and other criminal organizations, including transnational ones. Long time strategy treats like COVID-19 pandemic.

During the past decades of the XXI century, intelligence has become a crucial tool in the system of determining and implementing the foreign policy in international relations. Modern realities confirm that this political and legal phenomenon directly affects the formation of the foreign policy course of any state, the development of its geopolitical strategy and defense doctrine. Possessing a powerful apparatus for obtaining primary information, fulfillment of government orders for monitoring, evaluation, analysis, forecasting and modeling of possible scenarios of global- or regional-scale events and processes, special services take an active part in perspective and current foreign and domestic policy implementation.

Thus, based on the state security paradigm, which cannot be defined in the absence of threats and ensured by their complete elimination, since negative factors for state security objects will always exist, the ensuring of its development requires first of all creation of the conditions under which threats will not be able to limit its development. That is why it is necessary not only to minimize the impact of such factors on vulnerable objects, but also to create a certain “immunity” to their impact, i.e. the ability of the state security system to function effectively in spite of the negative impact. Thus, maintaining the ability to function in terms of the existing threats is the most important area of practical activity for the state security protection, as well as ensuring the legitimate interests of the state.

During the paper decades of the XXI century, intelligence has become a crucial tool in the system of determining and implementing the foreign policy in international relations. Modern realities confirm that this political and legal phenomenon directly affects the formation of the foreign policy course of any state, the development of its geopolitical strategy and defense doctrine. Possessing a powerful apparatus for obtaining primary information, fulfillment of government orders for monitoring, evaluation, analysis, forecasting and modeling of possible scenarios of global- or regional-scale events and processes, special services take an active part in perspective and current foreign and domestic policy implementation.

Online social network (OSN) users have a high propensity to malware threats due to the trust and persuasive factors that underpin OSN models. The escalation of social engineering malware encourages a growing demand for end-user security awareness measures. The purpose of this paper is to take the theoretical cybersecurity awareness model TTAT-MIP and test its feasibility via a Facebook app, namely social network criminal (SNC).

The research employs a mixed-methods approach to evaluate the SNC app. A system usability scale measures the usability of SNC. Paired samples t-tests were administered to 40 participants to measure security awareness – before and after the intervention. Finally, 20 semi-structured interviews were deployed to obtain qualitative data about the usefulness of the App itself.

Results validate the effectiveness of OSN apps utilising a TTAT-MIP model – specifically the mass interpersonal persuasion (MIP) attributes. Using TTAT-MIP as a guidance, practitioners can develop security awareness systems that better leverage the intra-relationship model of OSNs.

The primary limitation of this study is the experimental settings. Although the results testing the TTAT-MIP Facebook app are promising, these were set under experimental conditions.

SNC enable persuasive security behaviour amongst employees and avoid potential malware threats. SNC support consistent security awareness practices by the regular identification of new threats which may inspire the creation of new security awareness videos.

The structure of OSNs is making it easier for malicious users to carry out their activities without the possibility of detection. By building a security awareness programme using the TTAT-MIP model, organisations can proactively manage security awareness.

Many security systems are cumbersome, inconsistent and non-specific. The outcome of this research provides organisations and security practitioners with a framework for designing and developing proactive and tailored security awareness systems.

Modernized information systems (IS) have brought enterprises not only enormous benefits, but also linked information threats. Most enterprises solve their IS security‐related problems using technical means alone, and focus on technical rather than managerial controls, which may imply potential crises. This study examines whether the security preparation of firms matches the severity of IS threats they perceive in developing countries, especially in issues concerning “people” and “administration”. Additionally, this study discusses appropriate threat mitigation strategies for the four sectors as well.

Using an empirical study, this study explores the past and current concerns of IS threats of firms in different industries, and the countermeasures prepared by them to protect themselves from such threats. The empirical data was provided by 109 Taiwanese enterprises from four sectors.

The analytical results revealed the differences in both the IS threats concerned and the security scopes prepared among the four sectors. Moreover, the preparation scopes were not commensurate with the perceived severity of threats. All four industries rated the network as posing the strongest threat, following regulation and personnel issues, while among the countermeasures in use, these three issues have larger application deficiencies.

This study concludes that the firms do not well prepare themselves against IS threats entailed to non‐technical administration issues and discusses appropriate threat mitigation strategies for the four sectors. Specifically, firms should be aware of IS threats to their business and prepare suitable security protections.

This paper uses the GB/T20984-2007 multiplicative method to assess the information security risk of a typical digital library in compliance with the principle and thought of ISO 27000. The purpose of this paper is to testify the feasibility of this method and provide suggestions for improving information security of the digital library.

This paper adopts convenience sampling to select respondents. The assessment of assets is through analyzing digital library-related business and function through a questionnaire which collects data to determine asset types and the importance of asset attributes. The five-point Likert scale questionnaire method is used to identify the threat possibility and its influence on the assets. The 12 respondents include directors and senior network technicians from the editorial department, comic library, children’s library, counseling department and the learning promotion centre. Three different Guttman scale questionnaires, tool testing and on-site inspection are combined to identify and assess vulnerabilities. There were different Guttman scale questionnaires for management personnel, technical personnel and general librarian. In all, 15 management librarians, 7 technical librarians and 72 ordinary librarians answered the vulnerability questionnaire. On-site inspection was conducted on the basis of 11 control domains of ISO 27002. Vulnerabilities were scanned using remote security evaluation system NSFOCUS. The scanning covered ten IP sections and a total of 81 hosts.

Overall, 2,792 risk scores were obtained. Among them, 282 items (accounting for 10.1 per cent of the total) reached the high risk level; 2 (0.1 per cent) reached the very high risk level. High-risk items involved 26 threat types (accounting for 44.1 per cent of all threat types) and 13 vulnerability types (accounting for 22.1 per cent of all vulnerability types). The evaluation revealed that this digital library faces seven major hidden dangers in information security. The assessment results were well accepted by staff members of this digital library, which testified to the applicability of this method to a Chinese digital library.

This paper is only a case study of a typical Chinese digital library using a digital library information security assessment method. More case-based explorations are necessary to prove the feasibility of the assessing strategy proposed in this study.

Based on the findings of recent literature, the authors found that very few researchers have made efforts to develop methods for calculating the indicators for digital library information security risk assessment. On the basis of ISO 27000 and other related information security standards, this case study proposed an operable method of digital library information security risk assessment and used it to assess a the information security of a typical Chinese digital library. This study can offer insights for formulating a digital library information security risk assessment scale.

At the substantive level, there exists a gap in knowledge about the position of security risk management (i.e. SRM) during the terminals’ operations and management; particularly when there is potential for deliberate anti-security acts. Correspondingly, the purpose of this paper is a need for more practical research to find out the justification for the existence of the SRM and different techniques for its appropriate execution on these logistics infrastructures principally with due regard to the potential requirements in the near future.

Both qualitative and quantitative techniques are used in this study incorporating fuzzy set theory and risk assessment matrix to achieve the research objective.

A designed SRM framework tailored for Qalhat liquefied petroleum gas (LNG) terminal in Sultanate of Oman was established to manage the security threats which can be resulted from any probable terrorist attacks.

The limited numbers of experts for the purpose of the addressed SRM are causing challenges in data collection.

The pressures for enhanced attention to critical infrastructure security have fostered new challenges for petrochemical seaports and terminals (PSTs). These tendencies dictate to maintain comprehensive security regimens that can be integrated with national and international strategies to support the country’s security against terrorism.

The development of the security risk factor table model in the case of Qalhat LNG Terminal.

The objective of this paper is to investigate the perceived threats of computerized accounting information systems (CAIS) in Saudi organizations.

An empirical survey using a self‐administered questionnaire has been carried out to achieve this objective. Four hundred questionnaires have been randomly distributed to different types of Saudi organizations and covered seven Saudi cities. Two hundred and eight questionnaires had been collected. After excluding the incomplete and invalid responses, the study ended with 136 valid and usable questionnaires, representing a 34 percent response rate. This response rate is acceptable in this kind of empirical surveys. The collected data has been analyzed using the statistical package for social sciences (SPSS) version 12.

The survey results reveal that almost half of the responded Saudi organizations are suffering financial losses due to internal and external CAIS security breaches. The results also reveal that accidental and intentional entry of bad data; accidental destruction of data by employees; employees' sharing of passwords; introduction of computer viruses to CAIS; suppression and destruction of output; unauthorized document visibility; and directing prints and distributed information to people who are not entitled to receive are the most significant perceived security threats to CAIS in Saudi organizations.

Accordingly, it is recommended to strengthen the security controls over the above weaken security areas and to enhance the awareness of CAIS security issues among Saudi organizations to manage the security risks and to achieve better protection to their CAIS. The results of the study enable managers and practitioners to champion information technology developments for success of their businesses.

Internet of things (IoT) involves the connection of various devices. IoT’s application ranges from wearables: Smart Home Application, Health Care, Smart Offices, Smart Cities, Agriculture, and Industrial Automation. While the number of connected devices grows by the day, so does the number of security risks and vulnerabilities that these devices face. Billions of the connected devices collect and transmit huge volumes of data making Data Security one of the most pressing technical concerns in IoT. Smart Office is one of the increasing IoT applications and Data Security has become today one of the most challenging areas in its application. It is important to identify data security threats. This chapter therefore presents a review of IoT Smart Office Data Security Threats based on existing research done.

Electronic waste (e-waste) such as discarded computers and smartphones may contain large amounts of confidential data. Improper handling of remaining information in e-waste can, therefore, drive information security risk. This risk, however, is not always properly assessed and managed. The authors take the protection motivation theory (PMT) lens of analysis to understand intentions to protect one's discarded electronic assets.

By applying structural equation modeling, the authors empirically tested the proposed model with survey data from 348 e-waste handling users.

Results highlight that (1) protection intention is influenced by the perceived threat of discarding untreated e-waste (a threat appraisal) and self-efficacy to treat the discarded e-waste (a coping appraisal) and (2) optimism bias plays a dual-role in a direct and moderating way to reduce the perceived threat of untreated e-waste and its effect on protection intentions.

Results support the assertions and portray a unique theoretical account of the processes that underline people's motivation to protect their data when discarding e-waste. As such, this study explains a relatively understudied information security risk behavior in the e-waste context, points to the role of optimism bias in such decisions and highlights potential interventions that can help to alleviate this information security risk behavior.