Search results

The purpose of this paper is to look into how people in risky environments define human security by using the framework of the draft human security index of the Third World Studies Center, University of the Philippines to study five municipalities. The concept of human security used here is the comprehensive definition that covers “freedom from fear” and “freedom from want” dimensions but using a more local/bottom-up perspective in getting people’s sense of security and threats/risks. As a pilot research, the paper also reveals the shortcomings of the draft index as it does not highlight yet other factors like gender, ethnicity and other sectoral identities.

The pilot municipalities all have a history of violent conflicts or insurgency and they also face other security threats/risks, e.g., natural disasters and effects of climate change, limited sources of livelihood, lack of food, water shortage, etc. Through surveys, focus group discussions and interviews, people were asked about their sense of security and experiences, perceived threats to individuals and the community, understanding of human security and their capacity, as individuals and as a community, to cope with and/or do something about these threats. The focus of the manuscript, however, is the more qualitative responses of informants.

In these conflict areas, poverty and the limited livelihood opportunities are major threats, followed by threats to food, environmental, personal and community security (particularly peace and order). The perceived intensity of certain threats also varies depending on the type of community or group one belongs to. It appears that respondents have a comprehensive view of human security; what they lack are resources and skills to mitigate such threats. Community empowerment and improved local governance are crucial with support from external actors.

It is important to look at the experiences of other areas without histories of armed conflicts to understand possibly different security issues and threats/risks and include perspectives of people based on gender, ethnicity and other identities.

The research shows the value of using local/bottom-up perceptions of people apart from available development and security statistics (which are usually top-down, very general and universalistic) to assess, monitor actual and plan future interventions to address human security threats and vulnerabilities at different levels. The qualitative and quantitative data from the ground are also useful in refining human security-related concepts, hypotheses and theories.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

A number of severe weather events have influenced a shift in UK policy concerning how climate-induced hazards are managed. Whist this shift has encouraged improvements in emergency management and preparedness, the risk of climate change is increasingly becoming securitised within policy discourses, and enmeshed with broader agendas traditionally associated with human-induced threats. Climate change is seen as a security risk because it can impede development of a nation. The purpose of this paper is to explore the evolution of the securitisation of climate change, and interrogates how such framings influence a range of conceptual and policy focused approaches towards both security and climate change.

Drawing upon the UK context, the paper uses a novel methodological approach combining critical discourse analysis and focus groups with security experts and policymakers.

The resulting policy landscape appears inexorably skewed towards short-term decision cycles that do little to mitigate longer-term threats to the nation’s assets. Whilst a prominent political action on a global level is required in order to mitigate the root causes (i.e. GHG emissions), national level efforts focus on adaptation (preparedness to the impacts of climate-induced hazards), and are forming part of the security agenda.

These issues are not restricted to the UK: understanding the role of security and its relationship to climate change becomes more pressing and urgent, as it informs the consequences of securitising climate change risks for development-disaster risk system.

The objective of this paper is to investigate the perceived threats of computerized accounting information systems (CAIS) in Saudi organizations.

An empirical survey using a self‐administered questionnaire has been carried out to achieve this objective. Four hundred questionnaires have been randomly distributed to different types of Saudi organizations and covered seven Saudi cities. Two hundred and eight questionnaires had been collected. After excluding the incomplete and invalid responses, the study ended with 136 valid and usable questionnaires, representing a 34 percent response rate. This response rate is acceptable in this kind of empirical surveys. The collected data has been analyzed using the statistical package for social sciences (SPSS) version 12.

The survey results reveal that almost half of the responded Saudi organizations are suffering financial losses due to internal and external CAIS security breaches. The results also reveal that accidental and intentional entry of bad data; accidental destruction of data by employees; employees' sharing of passwords; introduction of computer viruses to CAIS; suppression and destruction of output; unauthorized document visibility; and directing prints and distributed information to people who are not entitled to receive are the most significant perceived security threats to CAIS in Saudi organizations.

Accordingly, it is recommended to strengthen the security controls over the above weaken security areas and to enhance the awareness of CAIS security issues among Saudi organizations to manage the security risks and to achieve better protection to their CAIS. The results of the study enable managers and practitioners to champion information technology developments for success of their businesses.

Various research investigations have found that students' awareness of information security issues continues to be poor and this is indeed a concern especially when students use information technologies pervasively to communicate, to socialize as well as to work on academic assignments. As it is important to understand students' behaviors towards information security and safety in the digital cyberspace, the purpose of this paper is to investigate their awareness and perception, in particular, of Bluetooth security threats and risks, and whether they are able to take preventive measures to protect themselves from such security vulnerabilities. Bluetooth technology is used in this study as it is a widely used form of wireless networks that facilitates computing resources to be connected anytime anywhere; however, it has security weaknesses like any other digital networks.

A field survey was conducted to collect the empirical data from students at a local university. The survey instrument/questionnaire was developed based on various literatures on Bluetooth applications, Bluetooth security vulnerabilities, and users' usage and perception on computer security and safety.

The results show that most students do not take precautions to mitigate against security vulnerabilities; however, there is a difference on students' perceptions based on their academic major or domain knowledge, for instance, engineering students have demonstrated significant awareness of security risks compared to students from the business and social science colleges. It is therefore not surprising to note that engineering students are more cautious users of Bluetooth, hence are more secure users of technologies.

The findings provide useful information for academic institutions to understand students' behavior towards security risks especially in terms of identity theft, unsecured systems and inadequate security practices. Indeed, the findings of this study highlight or emphasize the importance of promoting security awareness to student cohorts especially on the use of mobile computing applications such as Bluetooth or wireless. Perhaps, universities should design curriculum to incorporate the study of information and cyber security so as to inculcate a culture of cyber safety as well as to prepare these prospective employees as more secured users when they enter the workplace. Indeed, considering the increasing number of users who tend to be naïve on security vulnerabilities, this research adds a critical message also to manufacturers and software developers to design more robust security features so as to minimize security breaches.

This paper provides further evidence to the body of research investigations on information and computing security threats and students' perceptions and behavior towards security risks and vulnerabilities. More important, this paper confirms that most students are not secure users, and it seems they not very capable of protecting themselves from security threats.

The purpose of this paper is to discuss and theorise on the appropriateness and potential impact of risk homeostasis in the context of information security.

The discussion is mainly based on a literature survey backed up by illustrative empirical examples.

Risk homeostasis in the context of information security is an under-explored topic. The principles, assumptions and methodology of a risk homeostasis framework offer new insights and knowledge to explain and predict contradictory human behaviour in information security.

The paper shows that explanations for contradictory human behaviour (e.g. the privacy paradox) would gain from considering risk homeostasis as an information security risk management model. The ideas discussed open up the prospect to theorise on risk homeostasis as a framework in information security and should form a basis for further research and practical implementations. On a more practical level, it offers decision makers useful information and new insights that could be advantageous in a strategic security planning process.

This is the first systematic comprehensive review of risk homeostasis in the context of information security behaviour and readers of the paper will find new theories, guidelines and insights on risk homeostasis.

The contemporary internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced persistent threat (APT) catalyzes the important perspective of longitudinal persistence; attacks are not only carefully planned and targeted but the subsequent exploitation period covers long periods of time. If an APT successfully realizes into such exploitation, information assets may be continuously monitored for harvesting business-critical information (BCI). These threats are relevant for the security of small enterprises, and this study aims to examine the qualitative factors that shape the security mindsets among these.

The data are collected with semi-structured interviews of six enterprises in a small regional market segment. The analysis is based on a fourfold taxonomy that delivers three mindset profiles, while particular emphasis is placed on the subjective security notions that shape the typical strategizing among enterprises.

APT is poorly understood among the observed segment, which tends to often also explicitly downplay the strategic relevance of the concept, but a more pressing challenge relates to the observation that business data is often perceived to have no value. The delivered results can be used to improve the situation.

This study is among the firsts to explore perceptions of small enterprises toward APT and BCI. The results reveal problematic mindsets and offers new avenues for practitioners as well as academics to study and improve the situation.

This paper aims to discover factors that are truly affecting cloud adoption decisions in organizations. Many reasons have been given for the adoption, or lack thereof, of the cloud.

The paper uses an empirical approach by means of an exploratory survey, using descriptive statistics and t-tests to determine significant differences among various response groups.

The findings reveal that current and prospective cloud users feel that public cloud computing is less secure than on premise systems. These users feel that the public cloud may still be currently too immature for mission-critical system deployments; however, they do expect it to be more secure in the future as the service models become more mature and better technologies become available. None of the cloud adoption risk factors were universally considered to be showstoppers with respect to adoption.

The sample size is relatively small compared to the number of cloud participants. Additionally, respondents were concentrated in the high technology industries in Southern California.

The paper provides some valuable insight into cloud adoption and concludes that despite hyped security fears, the risks and threats of the cloud are well understood and that with proper planning and implementation, organizations can adopt cloud technologies with no additional risk.

Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing digitalisation and coupling between the cyber and physical world, security has become an additional concern in these industries. The purpose of this paper is to evaluate how well bow-tie analysis performs in the context of security, and the study’s hypothesis is that the bow-tie notation has a suitable expressiveness for security and safety.

This study uses a formal, controlled quasi-experiment on two sample populations – security experts and security graduate students – working on the same case. As a basis for comparison, the authors used a similar experiment with misuse case analysis, a well-known technique for graphical security modelling.

The results show that the collective group of graduate students, inexperienced in security modelling, perform similarly as security experts in a well-defined scope and familiar target system/situation. The students showed great creativity, covering most of the same threats and consequences as the experts identified and discovering additional ones. One notable difference was that these naïve professionals tend to focus on preventive barriers, leading to requirements for risk mitigation or avoidance, while experienced professionals seem to balance this more with reactive barriers and requirements for incident management.

Our results are useful in areas where we need to evaluate safety and security concerns together, especially for domains that have experience in health, safety and environmental hazards, but now need to expand this with cybersecurity as well.

As mobile malware and virus are rapidly increasing in frequency and sophistication, mobile social media has recently become a very popular attack vector. The purpose of this paper is to survey the state-of-the-art of security aspect of mobile social media, identify recent trends, and provide recommendations for researchers and practitioners in this fast moving field.

This paper reviews disparate discussions in literature on security aspect of mobile social media though blog mining and an extensive literature search. Based on the detailed review, the author summarizes some key insights to help enterprises understand security risks associated with mobile social media.

Risks related to mobile social media are identified based on the results of the review. Best practices and useful tips are offered to help enterprises mitigate risks of mobile social media. This paper also provides insights and guidance for enterprises to mitigate the security risks of mobile social media.

The paper consolidates the fragmented discussion in literature and provides an in-depth review to help researchers understand the latest development of security risks associated with mobile social media.