Search results

1 – 10 of 70
Article
Publication date: 14 January 2019

Steven Furnell and Samantha Dowling

The purpose of this paper is to review current evidence in relation to scale and impacts of cyber crime, including various approaches to defining and measuring the problem.

1763

Abstract

Purpose

The purpose of this paper is to review current evidence in relation to scale and impacts of cyber crime, including various approaches to defining and measuring the problem.

Design/methodology/approach

A review and analysis of survey evidence is used to enable an understanding of the scope and scale of the cyber crime problem, and its effect upon those experiencing it.

Findings

The analysis evidences that cyber crime exists in several dimensions, with costs and harms that can be similarly varied. There is also a sense that, moving forward, the “cyber” label will become somewhat redundant as many crimes have the potential to have a technology component.

Research limitations/implications

The key evidence in this particular discussion has some geographic limitations, with much of the discussion focussed upon data drawn from the Crime Survey for England and Wales, as well as other UK-based sources. However, many of the broader points still remain more widely relevant.

Practical implications

This study helps in: better understanding the range and scale of cyber crime threats; understanding how the cyber element fits into the wider context of crime; improving the appreciation of what cyber crime can mean for potential victims; and recognising the cost dimensions, and the implications for protection and response.

Social implications

The discussion will help businesses and individuals to have a better appreciation of the cyber crime threat, and what ought to be considered in response to it.

Originality/value

The discussion is based upon recent evidence, and therefore represents a more up-to-date view of the cyber crime landscape than reviews already available in earlier literature.

Details

Journal of Criminological Research, Policy and Practice, vol. 5 no. 1
Type: Research Article
ISSN: 2056-3841

Keywords

Content available
Article
Publication date: 13 June 2016

Steven Furnell and Nathan Clarke

396

Abstract

Details

Information & Computer Security, vol. 24 no. 2
Type: Research Article
ISSN: 2056-4961

Article
Publication date: 3 August 2020

Fayez Ghazai Alotaibi, Nathan Clarke and Steven M. Furnell

The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are…

Abstract

Purpose

The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are being used every day by home users. In parallel, home users are also experiencing a range of different online threats and attacks and are increasingly being targeted as they lack the knowledge and awareness about potential threats and how to protect themselves. The increase in technologies and platforms also increases the burden upon a user to understand how to apply security across differing technologies, operating systems and applications. This results in managing the security across their technology portfolio increasingly more troublesome and time consuming. This paper aims to propose an approach that attempts to propose a system for improving security management and awareness for home users.

Design/methodology/approach

The proposed system is capable of creating and assigning different security policies for different digital devices in a user-friendly fashion. These assigned policies are monitored, checked and managed to review the user’s compliance with the assigned policies to provide bespoke awareness content based on the user’s current needs.

Findings

A novel framework was proposed for improving information security management and awareness for home users. In addition, a mock-up design was developed to simulate the proposed approach to visualise the main concept and the functions which might be performed when it is deployed in a real environment. A number of different scenarios have been simulated to show how the system can manage and deal with different types of users, devices and threats. In addition, the proposed approach has been evaluated by experts in the research domain. The overall feedback is positive, constructive and encouraging. The experts agreed that the identified research problem is a real problem. In addition, they agreed that the proposed approach is usable, feasible and effective in improving security management and awareness for home users.

Research limitations/implications

The proposed design of the system is a mock-up design without real data. Therefore, implementing the proposed approach in a real environment can provide the researcher with a better understanding of the effectiveness and the functionality of the proposed approach.

Practical implications

This study offers a framework and usable mock-up design which can help in improving information security management for home users.

Originality/value

Improving the security management and awareness for home users by monitoring, checking and managing different security controls and configurations effectively are the key to strengthen information security. Therefore, when home users have a good level of security management and awareness, this could protect and secure the home network and subsequently business infrastructure and services as well.

Details

Information & Computer Security, vol. 29 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Content available
Article
Publication date: 9 July 2018

Steven Furnell and Nathan Clarke

379

Abstract

Details

Information & Computer Security, vol. 26 no. 3
Type: Research Article
ISSN: 2056-4961

Article
Publication date: 9 July 2018

Manal Alohali, Nathan Clarke, Fudong Li and Steven Furnell

The end-user has frequently been identified as the weakest link; however, motivated by the fact that different users react differently to the same stimuli, identifying the…

Abstract

Purpose

The end-user has frequently been identified as the weakest link; however, motivated by the fact that different users react differently to the same stimuli, identifying the reasons behind variations in security behavior and why certain users could be “at risk” more than others is a step toward protecting and defending users against security attacks. This paper aims to explore the effect of personality trait variations (through the Big Five Inventory [BFI]) on users’ risk level of their intended security behaviors. In addition, age, gender, service usage and information technology (IT) proficiency are analyzed to identify what role and impact they have on behavior.

Design/methodology/approach

The authors developed a quantitative-oriented survey that was implemented online. The bi-variate Pearson two-tailed correlation was used to analyze survey responses.

Findings

The results obtained by analyzing 538 survey responses suggest that personality traits do play a significant role in affecting users’ security behavior risk levels. Furthermore, the results suggest that BFI score of a trait has a significant effect as users’ online personality is linked to their offline personality, especially in the conscientiousness personality trait. Additionally, this effect was stronger when personality was correlated with the factors of IT proficiency, gender, age and online activity.

Originality/value

The contributions of this paper are two-fold. First, with the aid of a large population sample, end-users’ security practice is assessed from multiple domains, and relationships were found between end-users’ risk-taking behavior and nine user-centric factors. Second, based upon these findings, the predictive ability for these user-centric factors were evaluated to determine the level of risk a user is subject to from an individual behavior perspective. Of 28 behaviors, 11 were found to have a 60 per cent or greater predictive ability, with the highest classification of 92 per cent for several behaviors. This provides a basis for organizations to use behavioral intent alongside personality traits and demographics to understand and, therefore, manage the human aspects of risk.

Details

Information & Computer Security, vol. 26 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 28 August 2019

Adéle Da Veiga, Ruthea Vorster, Fudong Li, Nathan Clarke and Steven M. Furnell

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to…

Abstract

Purpose

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.

Design/methodology/approach

An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.

Findings

The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.

Research limitations/implications

As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.

Originality/value

Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.

Article
Publication date: 11 February 2019

Mutlaq Jalimid Alotaibi, Steven Furnell and Nathan Clarke

It is widely acknowledged that non-compliance of employees with information security polices is one of the major challenges facing organisations. This paper aims to…

Abstract

Purpose

It is widely acknowledged that non-compliance of employees with information security polices is one of the major challenges facing organisations. This paper aims to propose a model that is intended to provide a comprehensive framework for raising the level of compliance amongst end-users, with the aim of monitoring, measuring and responding to users’ behaviour with an information security policy.

Design/methodology/approach

The proposed model is based on two main concepts: a taxonomy of the response strategy to non-compliant behaviour and a compliance points system. The response taxonomy comprises two categories: awareness raising and enforcement of the security policy. The compliance points system is used to reward compliant behaviour and penalise non-compliant behaviour.

Findings

A prototype system has been developed to simulate the proposed model and work as a real system that responds to the behaviour of users (reflecting both violations and compliance behaviour). In addition, the model has been evaluated by interviewing experts from academic and industry. They considered the proposed model to offers a novel approach for managing end users’ behaviour with the information security policies.

Research limitations/implications

Psychological factors were out of the research scope at this stage. The proposed model may have some psychological impacts upon users; therefore, this issue needs to be considered by studying the potential impacts and the best solutions.

Originality/value

Users being compliant with the information security policies of their organisation is the key to strengthen information security. Therefore, when employees have a good level of compliance with security policies, this positively affects the overall security of an organisation.

Details

Information & Computer Security, vol. 27 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 June 2021

Ram Herkanaidu, Steven M. Furnell and Maria Papadaki

The purpose of this study is to determine effective online safety awareness education for young people in less developed countries. The research followed an explanatory…

Abstract

Purpose

The purpose of this study is to determine effective online safety awareness education for young people in less developed countries. The research followed an explanatory mixed methods design starting with an online survey (quantitative element) and then interesting or anomalous findings were followed up with one-on-one interviews (qualitative element). The data gathered on the online habits and views of young people were fed into the Young People Online Model. It was also used to create online safety workshops. The standout issue from this research is the prevalence of cyberbullying, and this was used as the core theme. They were carried out using the action-research approach, whereby after each workshop, the facilitators would reflect and analyse and suggest improvements for the next one.

Design/methodology/approach

The majority of online safety awareness education programmes have been developed in and for advanced countries. In less developed countries, there are fewer programmes as well as a lack of research on the factors that influence the online behaviour of young people online. The Young People Online Education Framework seeks to address this and provide educators, researchers and policymakers an evidence driven construct for developing education programmes informed by issues affecting young people in their respective country/region.

Findings

The framework was applied in Thailand. As there were very few previous studies, original research was conducted via surveys and interviews. It was found that a high proportion of young people had experienced negative interactions online with cyberbullying the main concern. This was confirmed during the workshop phase indicating the need for more research and workshops. There is a plan to continue the research in Thailand, and it is hoped that other researchers will make use of the framework to extend its scope and application.

Originality/value

A novel feature of this framework is the cultural mask. The cultural context of learners is often overlooked in education, especially when education programmes are imported from other countries. This research contends that effective learning strategies and programmes will have a better chance to succeed if the cultural makeup of the target audience is considered and that all topics and activities are parsed through the cultural mask element of the framework.

Details

Information & Computer Security, vol. 29 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 October 2002

Chukwuma U. Ngini, Steven M. Furnell and Bogdan V. Ghita

Previous studies have identified significant disparity in the levels of Internet access availability in different countries, particularly in developing nations. This paper…

4175

Abstract

Previous studies have identified significant disparity in the levels of Internet access availability in different countries, particularly in developing nations. This paper presents the findings of an investigation into Internet connectivity and usage in different countries, in an attempt to determine the extent of Internet access, and whether the availability of such technology is considered to be beneficial. This research considers indicators such as available technology infrastructure and access costs, in order to identify the varying limitations that may be faced in different countries across continents. In addition, the opinions of individuals were sought regarding their typical access methods and level of Internet access, typical services utilised, and the general impact Internet has had upon their activities. A Web‐based questionnaire was used to elicit comments from 152 respondents from 19 countries, yielding preliminary statistical data to enable the assessment of Internet usage in different countries.

Details

Internet Research, vol. 12 no. 4
Type: Research Article
ISSN: 1066-2243

Keywords

Content available
Article
Publication date: 9 March 2015

Steven Furnell

153

Abstract

Details

Information & Computer Security, vol. 23 no. 1
Type: Research Article
ISSN: 2056-4961

1 – 10 of 70