Search results

The relationship between the various existing smell taxonomies and the smell impacting factors has been established. The ideology is to identify the most critical smell influencing factors in the vicinity of various software development environments.

To fulfill the said task, the utilization of the amalgamation of two multicriteria decision-making techniques, namely, Entropy method and CODAS method, is presented.

Through this article, the most critical smell impacting criteria with respect to the smell taxonomies is identified. Furthermore, the behaviour of 4 software development principles was then analysed, and their working state has been successfully assessed.

The ideology to study design-related smells in the software system has been studied by a lot of researchers. Some of them have worked upon their detection and the corresponding refactoration process with the help of several algorithms like machine learning and artificial intelligence. But how and to what extent these design-related smells impact the software development environment has remained out of the limelight till now. Through this article, this research gap has been identified, and an attempt to fill it has been made.

This paper aims to discuss the ethical aspects of hardware reverse engineering (HRE) and propose an ethical framework for HRE when used to mitigate cyber risks of the digital supply chain of critical infrastructure operators.

A thorough review and analysis of existing relevant literature was performed to establish the current state of knowledge in the field. Ethical frameworks proposed for other areas/disciplines and identified pertinent ethical principles have been used to inform the proposed framework’s development.

The proposed framework provides actionable guidance to security professionals engaged with such activities to support them in assessing whether an HRE project conforms to ethical principles. Recommendations on action needed to complement the framework are also proposed. According to the proposed framework, reverse engineering is neither unethical nor illegal if performed honourably. Collaboration with vendors and suppliers at an industry-wide level is critical for appropriately endorsing the proposed framework.

To the best of the authors’ knowledge, no ethical framework currently guides cybersecurity research, far less of cybersecurity vulnerability research and reverse engineering.

This paper presents a qualitative study of penetration testing, the practice of attacking information systems to find security vulnerabilities and fixing them. The purpose of this paper is to understand whether and to what extent penetration testing can reveal various socio-organisational factors of information security in organisations. In doing so, the paper innovates theory by using Routine Activity Theory together with phenomenology of information systems concepts.

The articulation of Routine Activity Theory and phenomenology emerged inductively from the data analysis. The data consists of 24 qualitative interviews conducted with penetration testers, analysed with thematic analysis.

The starting assumption is that penetration testers are akin to offenders in a crime situation, dealing with targets and the absence of capable guardians. A key finding is that penetration testers described their targets as an installed base, highlighting how vulnerabilities, which make a target suitable, often emerge from properties of the existing built digital environments. This includes systems that are forgotten or lack ongoing maintenance. Moreover, penetration testers highlighted that although the testing is often predicated on planned methodologies, often they resort to serendipitous practices such as improvisation.

This paper contributes to theory, showing how Routine Activity Theory and phenomenological concepts can work together in the study of socio-organisational factors of information security. This contribution stems from considering that much research on information security focuses on the internal actions of organisations. The study of penetration testing as a proxy of real attacks allows novel insights into socio-organisational factors of information security in organisations.

Social engineering is crucial in today’s digital landscape. As technology advances, malicious individuals exploit human judgment and trust. This study explores how age, education and occupation affect individuals’ awareness, skills and perceptions of social engineering.

A quantitative research approach was used to survey a diverse demographic of Egyptian society. The survey was conducted in February 2023, and the participants were sourced from various Egyptian social media pages covering different topics. The collected data was analyzed using descriptive and inferential statistics, including independent samples t-test and ANOVA, to compare awareness and skills across different groups.

The study revealed that younger individuals and those with higher education tend to research social engineering more frequently. Males display a higher level of awareness but score lower in terms of social and psychological consequences as well as types of attacks when compared to females. The type of attack cannot be predicted based on age. Higher education is linked to greater awareness and ability to defend against attacks. Different occupations have varying levels of awareness, skills, and psychosocial consequences. The study emphasizes the importance of increasing awareness, education and implementing cybersecurity measures.

This study’s originality lies in its focus on diverse Egyptian demographics, innovative recruitment via social media, comprehensive exploration of variables, statistical rigor, practical insights for cybersecurity education and diversity in educational and occupational backgrounds.

The purpose of this paper is to investigate and analyze the adoption of digital technologies in the banking industry and its impact on the rise of digital fraudulent activities, specifically focusing on online banking frauds. This paper aims to provide insights into the current technologies implemented by banks to secure their online banking systems and explores the methods used by cybercriminals to exploit security vulnerabilities in these systems.

In order to understand how digital technologies in banking can be secured against online fraud, this research conducted a systematic literature review (SLR) on digital banking, online banking fraud, and security measurements. The review encompasses a variety of sources from online databases such as Emerald Insight, Google Scholar, IEEE, JSTOR, Springer and Science Direct.

The key finding of the paper is that the adoption of digital technologies in the banking industry has led to a significant increase in digital fraudulent activities, particularly in the form of online banking frauds. This paper emphasizes that these frauds have become a global concern and have evolved into an industry where cybercriminals use sophisticated tools such as phishing attacks, denial-of-service attacks, Trojan horses, malware infections, identity theft and computer viruses.

This study relies solely on a literature review without incorporating primary data or case studies; therefore, it might miss out on the firsthand experiences and perspectives of banks and cybersecurity professionals.

This study emphasizes the need for banks to adopt advanced security measures to safeguard their online banking systems.

This study underscores the importance of ongoing training and awareness programs for both bank employees and customers.

This study specifically addresses the adoption of digital technologies in the banking industry and its correlation with the increase in digital fraudulent activities. This focus on the intersection of technology and fraud in the banking sector is a distinctive aspect. This study conducts a SLR to examine the current technologies implemented by banks to safeguard their online banking systems. This comprehensive approach provides insights into the diverse security measures used by banks to protect against various types of cyber threats.

This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity practices within organizations for cybersecurity risk management through a systematic literature review (SLR) approach.

This SLR adhered to RepOrting Standards for Systematics Evidence Syntheses (ROSES) publication standards and used various research approaches. The study’s article selection process involved using Scopus, one of the most important scientific databases, to review articles published between 2014 and 2023.

This review identified the four main themes: individual factors, organizational factors, technological factors and governmental role. In addition, nine subthemes that relate to these primary topics were established.

This research sheds light on the multifaceted nature of cybersecurity by exploring factors influencing implementation and developing an improvement framework, offering valuable insights for researchers to advance theoretical developments, assisting industry practitioners in tailoring cybersecurity strategies to their needs and providing policymakers with a basis for creating more effective cybersecurity regulations and standards.

The ideology of this article is to study the performance concerns of SDN Controllers, with the help of developed SRGM and thereby obtain its optimal testing duration. The effect of undetected uncertainty in the parameter values have also been catered in the proposal.

These uncertainties in the parameter values are studied as the risk of not meeting desired set of requirements, whose removal causes additional cost. Considering these two constructs as attributes of MAUT, the controller's optimal testing duration is obtained.

The article focuses towards obtaining the optimal duration for which the SDN Controllers must be tested. It was observed that the inculcation of risk-attribute has provided the higher utility value as compared to any other existing scenarios.

Plenty of SRGM have been proposed in the literature which talks about the testing stop time determination problems. But, none of them have considered the impact of risk of not meeting the requirements (reliability) along with cost to obtain its testing stop time. Further, validation of the proposed model in presented with the help of two releases versions of SDN controller platform, ONOS, entitled as “Kingfisher” and “Loon” and has acquired promising results.

This paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance cybersecurity (CS).

The questionnaire was used to collect data for 97 internal auditors (IAu) from the Gulf Cooperation Council countries. The authors used partial least squares (PLS) to test the hypotheses.

The results show a positive effect of the ADRIA on each of the organisational proactive measures, human proactive measures and technical proactive measures to enhance CS. The study also found a positive effect of the confirmatory role of IA on both human proactive measures and technical proactive measures to enhance CS. No effect of the confirmatory role of IA on the organisational proactive measures is found.

This study focused on only three proactive measures to enhance CS, and this study was limited to the opinions of IAu. In addition, the study was limited to using regression analysis according to the PLS method.

The results of this study show that managers need to consider the influential role of IA as a value-adding activity in reducing CS risks and activating proactive measures. Also, IAu must expand its capabilities, skills and knowledge in CS auditing to provide a bold view of cyber threats. At the same time, the institutions responsible for preparing IA standards should develop standards and guidelines that help IAu to play assurance and advisory roles.

To the best of the authors’ knowledge, this is the first study of its kind that deals with the impact of the assurance and ADRIA on proactive measures to enhance CS. In addition, the study determines the nature of the advisory role and the assurance role of IA to strengthen CS.

Personal data is a powerful tool. The more someone know about us, the more power they got over us. But who will control the most of our personal data? Does the government and the big tech really care about our personal data? This paper aims to look at data practices, data-related policy making as well as its economic consequences in the context of emerging economies.

Using qualitative methods such as literature review and analysis of numerous government documents, this paper inquires into the dynamics in the use of data by the business sectors, explains how data governance can add value to the business sectors while ensuring customers’ data privacy protection based on the data governance mechanism framework and details what it takes.

Using the case of Indonesian recent development on data privacy regulation, this paper describes the problems and threats to personal data protection. The advent of latest computing and mobile technology is shifting power relations between the governments, the big tech, as well as the end users. To conclude, the strategy and policy recommendations for implementing data privacy protection are also presented.

This paper provides a timely synthesis of data practices in the context of developing countries, particularly in relation to policy making and economic consequences. This paper also identifies and shares several promising future research ideas.

The objectives of the study were to identify the effects of blockchain technology (BT) on the university librarians, the impact of BT on the university library services and to reveal the challenges to adopt BT in the university libraries.

A systematic literature review was applied to address the objectives of the study. Around 25 studies published in peer-reviewed journals were selected to conduct the study.

The findings of the study revealed that blockchain technology (BT) has positive effects on the university librarians as it assists them in digital resources management, provision of integrated library services, effective records management and continued professional development. The study also displayed that BT has a positive impact on the university libraries through effective information management, user privacy, collaboration, technological innovation and access control. Results also revealed that technical issues, financial constraints, security problems, skill issues and sociocultural issues created challenges to adopt BT in the university libraries.

The study has offered theoretical implications for future investigators through the provision of innovative literature on the prospectus and challenges associated with blockchain in the context of librarianship. The study has also provided practical implications for management bodies by offering recommendations for the successful adoption of blockchain in the university libraries. Additionally, a framework has been developed to adopt BT successfully in the university libraries for the delivery of smart library services to library patrons.