Books and journals Case studies Expert Briefings Open Access
Advanced search

Search results

1 – 5 of 5
To view the access options for this content please click here
Article
Publication date: 12 October 2015

Exploring the relationship between student mobile information security awareness and behavioural intent

Bukelwa Ngoqo and Stephen V. Flowerday

The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone…

HTML
PDF (473 KB)

Abstract

Purpose

The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely, awareness and behavioural intent. This paper proposes that the knowing-and-doing gap can possibly be reduced by addressing both awareness and behavioural intent. This research paper explores the relationship between student mobile phone user information security awareness and behavioural intent in a developmental university in South Africa.

Design/methodology/approach

Information security awareness interventions were implemented in this action research study, and student information security behavioural intent was observed after each cycle.

Findings

The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context, as most undergraduate students are offered a computer-related course which covers certain information security-related principles. Existing researchers in the field of information security still grapple with the “knowing-and-doing” gap, where user information security knowledge/awareness sometimes does not result in safer behavioural practises.

Originality/value

Zhang et al. (2009) suggest that understanding human behaviour is important when dealing with the problems caused by human errors. Harnesk and Lindstrom (2011) expressed a concern that existing research does not address the interlinked relationship between anticipated security behaviour and the enactment of security procedures. This study acknowledges Choi et al. (2008) contribution in their discussions on the “knowing-and-doing gap” suggests a link between awareness and actual behaviour that is confirmed by the findings of this study.

Details

Information & Computer Security, vol. 23 no. 4
Type: Research Article
DOI: https://doi.org/10.1108/ICS-10-2014-0072
ISSN: 2056-4961

Keywords

  • Information security
  • Computer security
  • Computer users

To view the access options for this content please click here
Article
Publication date: 14 June 2020

A Clark-Wilson and ANSI role-based access control model

Tamir Tsegaye and Stephen Flowerday

An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of…

HTML
PDF (1006 KB)

Abstract

Purpose

An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of healthcare. However, this can create security and privacy risks to patient information. This paper aims to present a model for securing the EHR based on role-based access control (RBAC), attribute-based access control (ABAC) and the Clark-Wilson model.

Design/methodology/approach

A systematic literature review was conducted which resulted in the collection of secondary data that was used as the content analysis sample. Using the MAXQDA software program, the secondary data was analysed quantitatively using content analysis, resulting in 2,856 tags, which informed the discussion. An expert review was conducted to evaluate the proposed model using an evaluation framework.

Findings

The study found that a combination of RBAC, ABAC and the Clark-Wilson model may be used to secure the EHR. While RBAC is applicable to healthcare, as roles are linked to an organisation’s structure, its lack of dynamic authorisation is addressed by ABAC. Additionally, key concepts of the Clark-Wilson model such as well-formed transactions, authentication, separation of duties and auditing can be used to secure the EHR.

Originality/value

Although previous studies have been based on a combination of RBAC and ABAC, this study also uses key concepts of the Clark-Wilson model for securing the EHR. Countries implementing the EHR can use the model proposed by this study to help secure the EHR while also providing EHR access in a medical emergency.

Details

Information & Computer Security, vol. 28 no. 3
Type: Research Article
DOI: https://doi.org/10.1108/ICS-08-2019-0100
ISSN: 2056-4961

Keywords

  • Access control
  • Role-based access control
  • Attribute-based access control
  • Clark-Wilson
  • Security
  • Privacy
  • Electronic health record

To view the access options for this content please click here
Article
Publication date: 10 October 2016

Why don’t UK citizens protest against privacy-invading dragnet surveillance?

Karen Renaud, Stephen Flowerday, Rosanne English and Melanie Volkamer

The purpose of this study was to identify to identify reasons for the lack of protest against dragnet surveillance in the UK. As part of this investigation, a study was…

HTML
PDF (508 KB)

Abstract

Purpose

The purpose of this study was to identify to identify reasons for the lack of protest against dragnet surveillance in the UK. As part of this investigation, a study was carried out to gauge the understanding of “privacy” and “confidentiality” by the well-informed.

Design/methodology/approach

To perform a best-case study, the authors identified a group of well-informed participants in terms of security. To gain insights into their privacy-related mental models, they were asked first to define the three core terms and then to identify the scenarios. Then, the participants were provided with privacy-related scenarios and were asked to demonstrate their understanding by classifying the scenarios and identifying violations.

Findings

Although the participants were mostly able to identify privacy and confidentiality scenarios, they experienced difficulties in articulating the actual meaning of the terms privacy, confidentiality and security.

Research limitations/implications

There were a limited number of participants, yet the findings are interesting and justify further investigation. The implications, even of this initial study, are significant in that if citizens’ privacy rights are being violated and they did not seem to know how to protest this and if indeed they had the desire to do so.

Practical implications

Had the citizens understood the meaning of privacy, and their ancient right thereto, which is enshrined in law, their response to the Snowden revelations about ongoing wide-scale surveillance might well have been more strident and insistent.

Originality/value

People in the UK, where this study was carried out, do not seem to protest the privacy invasion effected by dragnet surveillance with any verve. The authors identify a number of possible reasons for this from the literature. One possible explanation is that people do not understand privacy. Thus, this study posits that privacy is unusual in that understanding does not seem to align with the ability to articulate the rights to privacy and their disapproval of such widespread surveillance. This seems to make protests unlikely.

Details

Information & Computer Security, vol. 24 no. 4
Type: Research Article
DOI: https://doi.org/10.1108/ICS-06-2015-0024
ISSN: 2056-4961

Keywords

  • Privacy
  • Protest
  • Confidentiality
  • Mental models

To view the access options for this content please click here
Article
Publication date: 4 January 2016

Designing CA/CM to fit not-for-profit organizations

Deniz Appelbaum, Stephen Kozlowski, Miklos A. Vasarhelyi and Joel White

The purpose of this project is to undertake continuous auditing and monitoring (CA/CM) implementations working with small-to-medium-sized (SME) not-for-profit (NFP…

HTML
PDF (463 KB)

Abstract

Purpose

The purpose of this project is to undertake continuous auditing and monitoring (CA/CM) implementations working with small-to-medium-sized (SME) not-for-profit (NFP) organizations of varying sizes, business purposes and levels of technical sophistication.

Design/methodology/approach

This paper discusses a project using a case study approach with an SME NFP entity.

Findings

The findings support the discussions in the literature regarding CA/CM adoption in organizations, particularly regarding its implementation benefits and challenges.

Research limitations/implications

The project is not complete in that additional case studies could possibly offer additional applicability to the findings.

Practical implications

This case study illustrates the issues inherent with the process of adopting new technologies. It provides insights for others considering adoption of CA/CM tools or protocols.

Social implications

The need for more reliable auditing has never been more urgent than it is today in the NFP environment, and this case study demonstrates how an NFP could address these critical needs of increased reporting accountability and internal controls.

Originality/value

The application of CA/CM is quite interesting and relevant in this modern real-time economy. This case study provides a new area of research in the field of CA/CM and, as such, contributes to the literature.

Details

Managerial Auditing Journal, vol. 31 no. 1
Type: Research Article
DOI: https://doi.org/10.1108/MAJ-10-2014-1118
ISSN: 0268-6902

Keywords

  • Internal controls
  • Continuous auditing
  • Audit tools
  • Continuous monitoring
  • Not-for-profits
  • M420

To view the access options for this content please click here
Article
Publication date: 13 March 2020

PRECEPT: a framework for ethical digital forensics investigations

R.I. Ferguson, Karen Renaud, Sara Wilford and Alastair Irons

Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital…

HTML
PDF (1.3 MB)

Abstract

Purpose

Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction.

Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization's right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain.

This paper argues the need for a practical, ethically grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organizations, as well as acknowledging the needs of law enforcement. The paper derives a set of ethical guidelines, and then maps these onto a forensics investigation framework. The framework to expert review in two stages is subjected, refining the framework after each stage. The paper concludes by proposing the refined ethically grounded digital forensics investigation framework. The treatise is primarily UK based, but the concepts presented here have international relevance and applicability.

Design/methodology/approach

In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals' rights to privacy and organizations' rights to control intellectual capital disclosure.

Findings

The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically informed approach to digital forensics investigations, as a remedy, is highlighted and a framework proposed to provide this.

Research limitations/implications

The proposed ethically informed framework for guiding digital forensics investigations suggests a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.

Originality/value

Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other.

Details

Journal of Intellectual Capital, vol. 21 no. 2
Type: Research Article
DOI: https://doi.org/10.1108/JIC-05-2019-0097
ISSN: 1469-1930

Keywords

  • Ethics
  • Intellectual capital
  • Privacy
  • Forensics investigation

Access
Only content I have access to
Only Open Access
Year
  • Last 12 months (2)
  • All dates (5)
Content type
  • Article (5)
1 – 5 of 5
Emerald Publishing
  • Opens in new window
  • Opens in new window
  • Opens in new window
  • Opens in new window
© 2021 Emerald Publishing Limited

Services

  • Authors Opens in new window
  • Editors Opens in new window
  • Librarians Opens in new window
  • Researchers Opens in new window
  • Reviewers Opens in new window

About

  • About Emerald Opens in new window
  • Working for Emerald Opens in new window
  • Contact us Opens in new window
  • Publication sitemap

Policies and information

  • Privacy notice
  • Site policies
  • Modern Slavery Act Opens in new window
  • Chair of Trustees governance statement Opens in new window
  • COVID-19 policy Opens in new window
Manage cookies

We’re listening — tell us what you think

  • Something didn’t work…

    Report bugs here

  • All feedback is valuable

    Please share your general feedback

  • Member of Emerald Engage?

    You can join in the discussion by joining the community or logging in here.
    You can also find out more about Emerald Engage.

Join us on our journey

  • Platform update page

    Visit emeraldpublishing.com/platformupdate to discover the latest news and updates

  • Questions & More Information

    Answers to the most commonly asked questions here