Search results

This paper aims to explore the association between intangibility and perceived risk using a sample of North American households. This relationship is explored within two purchase environments, namely online and offline. The authors also investigated the moderating effects of privacy, system security and general security concerns when purchasing in an online environment.

The survey was delivered to 156 households in a small town in the Midwest and collected upon completion.

The perception of risk is increased when two negatively loaded pieces of information are processed simultaneously (i.e. product intangibility and privacy concern). Furthermore, system security was identified as the most relevant concern in e‐commerce.

The representativeness of the sample is limited. Theoretical and managerial implications are discussed.

The results provide interesting insights about the generalizability of previous findings based on student samples, and show the importance of privacy concerns, system security concerns, general security concerns for those purchasing in online environments.

As information and communication technologies become a critical component of firms’ infrastructures and information establishes itself as a key business resource as well as driver, people start to realise that there is more than the functionality of the new information systems that is significant. Business or organisational transactions over new media require stability, one factor of which is information security. Information systems development practices have changed in line with the evolution of technology offerings as well as the nature of systems developed. Nevertheless, as this paper establishes, most contemporary development practices do not accommodate sufficiently security concerns. Beyond the literature evidence, reports on empirical study results indicating that practitioners deal with security issues by applying conventional risk analysis practices after the system is developed. Addresses the lack of a defined discipline for security concerns integration in systems development by using field study results recording development practices that are currently in use to illustrate their deficiencies, to point to required enhancements of practice and to propose a list of desired features that contemporary development practices should incorporate to address security concerns.

Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process.

The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance.

By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes.

By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.

The purpose of this paper is to provide an in-depth overview of the security requirements and challenges for Internet of Things (IoT) and discuss security solutions for various enabling technologies and implications to various applications.

Security requirements and solutions are analysed based on a four-layer framework of IoT on sensing layer, network layer, service layer, and application layer. The cross-layer threats are analysed followed by the security discussion for the enabling technologies including identification and tracking technologies, WSN and RFID, communication, networks, and service management.

IoT calls for new security infrastructure based on the new technical standards. As a consequence, new security design for IoT shall pay attention to these new standards. Security at both the physical devices and service-applications is critical to the operation of IoT, which is indispensable for the success of IoT. Open problems remain in a number of areas, such as security and privacy protection, network protocols, standardization, identity management, trusted architecture, etc.

The implications to various applications including supervisory control and data acquisition, enterprise systems, social IoT are discussed. The paper will serve as a starting point for future IoT security design and management. The security strategies for IoT should be carefully designed by managing the tradeoffs among security, privacy, and utility to provide security in multi-layer architecture of IoT.

The paper synthesizes the current security requirements for IoT and provides a clear framework of security infrastructure based on four layers. Accordingly, the security requirements and potential threats in the four-layer architecture are provided in terms of general devices security, communication security, network security, and application security.

Privacy and security concerns of consumers have been touted as one of the hindrances to the growth of e-commerce. These concerns increase the risk perception of consumers. Understanding the consequences of privacy and security concerns and their relationship to risk perceptions may provide a solution. The relationship between privacy and security is investigated using the theory of planned behavior. The study aims to examine the relationship of trust, privacy and security concerns to the risk perception adoption of e-commerce. The results from a survey validate the model.

Data were collected using survey from undergraduate business students. The respondents were requested to select a specific product that they plan to purchase in the next six months. After selecting a product, the respondents were requested to report an online company that they have recently visited which offers the selected product. The respondents were requested to fill out the survey with regard to their selected online company. Time given was approximately 20 min.

The results suggest that privacy and security concerns and trust beliefs had effects on risk perception. Among these effects, trust had the largest effect followed by privacy and security concerns. Furthermore, risk perception and trust beliefs had effects on attitude. The effect of trust beliefs on attitude was larger than the effect of risk perception on attitude. Similarly, subjective norm, perceived behavioral control and attitude had a positive and direct effect on intention to be involved in e-commerce.

The first limitation of this study is the use of student subjects. Because this study took place in an educational setting, its generalizability to the general population of consumers lacks to some degree. The second limitation of this study is mono-method bias.

The effect of privacy concerns on risk perception was larger than that of security concerns. Because the consumers get more experienced and sophisticated using the Web, the security concerns that they may have had at the beginning are not reflected in their risk perceptions. It is likely that they have adopted protective measures on their own to defend their privacy online. An example of such a measure would be providing false information to online companies when asked to submit personal information.

The major contributions of this study are developing and validating an integrative framework of e-commerce adoption at the individual level. The model includes privacy and security concerns, risk perception and trust beliefs. This study also highlighted the distinction of constructs of privacy and security concerns and showed their differential effects on other related constructs in the research model.

Posits that computational electronic mail is essentially traditional electronic mail messages with embedded programs or interpretable scripts. States, at the recipient’s end, the mail reading software will distinguish it from normal mail, and executes it on confirmation by the recipient, and if appropriate, output from the program can be channelled back to the sender automatically for further processing. Shows that, despite its potential for many applications, it has not however, taken off in a big way. Major reasons stem from security concerns among users. Examines security issues associated with computational electronic mail systems and suggests some techniques and approaches for improving the security of such systems.

The purpose of this paper is to add a layer of understanding to a previous survey of information technology (IT) security concerns and issues in global financial services institutions (GFSI).

This paper uses data obtained from a secondary source. The dimensions of national culture used in this paper come from Hofstede's work. Two analyses are performed on the data. First, a non‐parametric test is conducted to determine whether there are significant differences on the 13 IT security concerns when the dimensions of national culture are used to group responses. Second, a correlation analysis is carried out between the study's variables.

First, the results indicate that the dimensions of national culture are not statistically important in differentiating responses and perceptions of IT security concerns across GFSI. Second, some of the dimensions of national culture are found to have significant correlations with a few of the IT security concerns investigated.

The use of a secondary data source introduces some limitations. The views captured in the survey are those of management team, it is likely that end‐users' perceptions may vary considerably. Nonetheless, the main finding of the paper for corporate managers in the financial services industry is that IT security concerns appear to be uniform across cultures. Further, the data show that the dimension of uncertainty avoidance deserves further attention with regard to the assessment of security concerns in GFSI. This information may be useful for decision making and planning purposes in the financial services industry.

This paper is believed to be among the first to examine the impacts of national culture on IT security concerns in GFSI. The paper's conclusions may offer useful insights to corporate managers in the industry.

Presents a young person’s view of the threats and security measures to deal with sensitive information in today’s constantly changing technological environment. Promotes the implementation of proactive security and warns of the problems caused by converging business markets and technologies. Discusses security policy, privacy, security logs, encryption, virus attacks, Internet concerns, firewalls and auditing. Outlines the work of the Computer Emergency Response Team and the Computer Incident Advisory Capability in the USA.

The purpose of this paper is to explore the potential and adoption of closed-circuit television (CCTV) surveillance-based security system (hereafter “CCTV”) for enhancing the security of library materials in academic libraries of universities (central, state, deemed and private) and prestigious institutions such as Indian Institutes of Technology and Indian Institutes of Management in a developing country, i.e. India. The study also overviewed the CCTV policies of the studied libraries of universities/institutions as they relate to the ethical aspects of the surveillance system.

Structured questionnaire was designed and distributed among librarians of 24 academic libraries covering each zone of India in October 2019 in both physical and online manner. All 24 filled-in questionnaires were collected personally and online by the investigator were found valid eliciting a response rate of 100%. All the 24 filled-in questionnaires were included in the analysis of the interpretation of data. The response to 18 questions was analyzed in the form of tables and figures using descriptive statistical methods.

The study reveals that librarians’ found CCTV useful for security by controlling theft, unethical losses and missing items. It also helped to curb mutilation and vandalism, procurement of the rare material via the latest camera devices and night vision capturing, besides improving the service efficiency of the patron, as well as staff. The quantitative study surveyed security professionals to assess how each university/institution developed, deployed and integrated CCTV policies related to securing video data, safeguarding privacy and prevention of the potential for the unethical use of surveillance cameras. The analysis of the survey responses determined that more than 50% of the universities/institutions participating had a written CCTV policy. Further, library professionals find that the future of libraries lies in a CCTV system, so the cost should be brought down to improve return on investment by the mass adoption of this technology in a developing country such as India.

The findings of the study showed that the potential uses of CCTV in Indian libraries are slow compared to that of the libraries of developed countries and some of the developing countries. Many of the CCTV policies that universities/institutions did have failed to include mandated training of personnel or provisions ensuring that their policies remained up-to-date. It is suggested that universities and institutions understudy should realize the benefits of CCTV systems and incorporate-related updated tools in the security and multi-purpose uses in the libraries to enhance the services for the users and security for the materials or collections.

The paper includes implications for libraries and their professionals to approach CCTV systems with ethical considerations for procurement of library collections, which help to detect mutilation/theft, observe the misbehavior of users, as well as staff and deployment, should not be decided merely while balancing security demands.

The study is significant because it represents one of the earliest works to shed light on the current level of the use of CCTV system by librarians of studied libraries of universities/institutes in developing country such as India and how they are providing CCTV-based security and services, which are currently in its primitive nature. The study also suggested that select libraries are required to weigh up and balance many competing desires, demands and objectives.

This paper provides a concise overview of the various applications/area and uses of CCTV system including its procedures during implementation, merits and demerits while using the system described above in libraries and recommends this technology to other libraries for faster and better services for their users and security to their library materials in today’s technological advancement. It provides a set of issues that should be considered before system adoption or deployment.

Modernized information systems (IS) have brought enterprises not only enormous benefits, but also linked information threats. Most enterprises solve their IS security‐related problems using technical means alone, and focus on technical rather than managerial controls, which may imply potential crises. This study examines whether the security preparation of firms matches the severity of IS threats they perceive in developing countries, especially in issues concerning “people” and “administration”. Additionally, this study discusses appropriate threat mitigation strategies for the four sectors as well.

Using an empirical study, this study explores the past and current concerns of IS threats of firms in different industries, and the countermeasures prepared by them to protect themselves from such threats. The empirical data was provided by 109 Taiwanese enterprises from four sectors.

The analytical results revealed the differences in both the IS threats concerned and the security scopes prepared among the four sectors. Moreover, the preparation scopes were not commensurate with the perceived severity of threats. All four industries rated the network as posing the strongest threat, following regulation and personnel issues, while among the countermeasures in use, these three issues have larger application deficiencies.

This study concludes that the firms do not well prepare themselves against IS threats entailed to non‐technical administration issues and discusses appropriate threat mitigation strategies for the four sectors. Specifically, firms should be aware of IS threats to their business and prepare suitable security protections.