Search results

When security managers choose to deploy a smart lock activation system, the number of units needed and their location needs to be established. This study aims to present the results of a penetration test involving smart locks in the context of building security. The authors investigated how the amount of effort an employee has to invest in complying with a security policy (i.e. walk from the office to the smart key activator) influences vulnerability. In particular, the attractiveness of a no-effort alternative (i.e. someone else walking from your office to the key activators to perform a task on your behalf) was evaluated. The contribution of this study relates to showing how experimental psychology can be used to determine the cost-benefit analysis (CBA) of physical building security measures.

Twenty-seven different “offenders” visited the offices of 116 employees. Using a script, each offender introduced a problem, provided a solution and asked the employee to hand over their office key.

A total of 58.6 per cent of the employees handed over their keys to a stranger; no difference was found between female and male employees. The likelihood of handing over the keys for employees close to a key activator was similar to that of those who were further away.

The results suggest that installing additional key activators is not conducive to reducing the building’s security vulnerability associated with the handing over of keys to strangers.

No research seems to have investigated the distribution of smart key activators in the context of a physical penetration test. This research highlights the need to raise awareness of social engineering and of the vulnerabilities introduced via smart locks (and other smart systems).

Research into the interpretability and explainability of data analytics and artificial intelligence (AI) systems is on the rise. However, most recent studies either solely promote the benefits of explainability or criticize it due to its counterproductive effects. This study addresses this polarized space and aims to identify opposing effects of the explainability of AI and the tensions between them and propose how to manage this tension to optimize AI system performance and trustworthiness.

The author systematically reviews the literature and synthesizes it using a contingency theory lens to develop a framework for managing the opposing effects of AI explainability.

The author finds five opposing effects of explainability: comprehensibility, conduct, confidentiality, completeness and confidence in AI (5Cs). The author also proposes six perspectives on managing the tensions between the 5Cs: pragmatism in explanation, contextualization of the explanation, cohabitation of human agency and AI agency, metrics and standardization, regulatory and ethical principles, and other emerging solutions (i.e. AI enveloping, blockchain and AI fuzzy systems).

As in other systematic literature review studies, the results are limited by the content of the selected papers.

The findings show how AI owners and developers can manage tensions between profitability, prediction accuracy and system performance via visibility, accountability and maintaining the “social goodness” of AI. The results guide practitioners in developing metrics and standards for AI explainability, with the context of AI operation as the focus.

This study addresses polarized beliefs amongst scholars and practitioners about the benefits of AI explainability versus its counterproductive effects. It poses that there is no single best way to maximize AI explainability. Instead, the co-existence of enabling and constraining effects must be managed.

Technology-facilitated abuse, so-called “tech abuse,” through phones, trackers, and other emerging innovations, has a substantial impact on the nature of intimate partner violence (IPV). The current chapter examines the risks and harms posed to IPV victims/survivors from the burgeoning Internet of Things (IoT) environment. IoT systems are understood as “smart” devices such as conventional household appliances that are connected to the internet. Interdependencies between different products together with the devices' enhanced functionalities offer opportunities for coercion and control. Across the chapter, we use the example of IoT to showcase how and why tech abuse is a socio-technological issue and requires not only human-centered (i.e., societal) but also cybersecurity (i.e., technical) responses. We apply the method of “threat modeling,” which is a process used to investigate potential cybersecurity attacks, to shift the conventional technical focus from the risks to systems toward risks to people. Through the analysis of a smart lock, we highlight insufficiently designed IoT privacy and security features and uncover how seemingly neutral design decisions can constrain, shape, and facilitate coercive and controlling behaviors.

The study directs attention to the psychological conditions experienced and knowledge management practices leveraged by faculty in higher education institutes (HEIs) to cope with the shift to emergency remote teaching caused by the COVID-19 pandemic. By focusing attention on faculty experiences during this transition, this study aims to examine an under-investigated effect of the pandemic in the Indian context.

Interpretative phenomenological analysis is used to analyze the data gathered in two waves through 40 in-depth interviews with 20 faculty members based in India over a year. The data were analyzed deductively using Kahn’s framework of engagement and robust coding protocols.

Eight subthemes across three psychological conditions (meaningfulness, availability and safety) were developed to discourse faculty experiences and challenges with emergency remote teaching related to their learning, identity, leveraged resources and support received from their employing educational institutes. The findings also present the coping strategies and knowledge management-related practices that the faculty used to adjust to each discussed challenge.

The study uses a longitudinal design and phenomenology as the analytical method, which offers a significant methodological contribution to the extant literature. Further, the study’s use of Kahn’s model to examine the faculty members’ transitions to emergency remote teaching in India offers novel insights into the COVID-19 pandemic’s effect on educational institutes in an under-investigated context.

This paper aims to identify ethical challenges of using artificial intelligence (AI)-based accounting systems for decision-making and discusses its findings based on Rest's four-component model of antecedents for ethical decision-making. This study derives implications for accounting and auditing scholars and practitioners.

This research is rooted in the hermeneutics tradition of interpretative accounting research, in which the reader and the texts engage in a form of dialogue. To substantiate this dialogue, the authors conduct a theoretically informed, narrative (semi-systematic) literature review spanning the years 2015–2020. This review's narrative is driven by the depicted contexts and the accounting/auditing practices found in selected articles are used as sample instead of the research or methods.

In the thematic coding of the selected papers the authors identify five major ethical challenges of AI-based decision-making in accounting: objectivity, privacy, transparency, accountability and trustworthiness. Using Rest's component model of antecedents for ethical decision-making as a stable framework for our structure, the authors critically discuss the challenges and their relevance for a future human–machine collaboration within varying agency between humans and AI.

This paper contributes to the literature on accounting as a subjectivising as well as mediating practice in a socio-material context. It does so by providing a solid base of arguments that AI alone, despite its enabling and mediating role in accounting, cannot make ethical accounting decisions because it lacks the necessary preconditions in terms of Rest's model of antecedents. What is more, as AI is bound to pre-set goals and subjected to human made conditions despite its autonomous learning and adaptive practices, it lacks true agency. As a consequence, accountability needs to be shared between humans and AI. The authors suggest that related governance as well as internal and external auditing processes need to be adapted in terms of skills and awareness to ensure an ethical AI-based decision-making.

This paper aims to verify the presence of a management model that confirms or not the one size fits all hypothesis expressed in terms of risk-return. This study will test the existence of stickiness phenomena and discuss the relevance of business model analysis integration with the risk assessment process.

The sample consists of 60 credit institutions operating in Europe for 20 years of observations. This study proposes a classification of banks’ business models (BMs) based on an agglomerative hierarchical clustering algorithm analyzing their performance according to risk and return dimensions. To confirm BM stickiness, the authors verify the tendency and frequency with which a bank migrates to other BMs after exogenous events.

The results show that it is impossible to define a single model that responds to the one size fits all logic, and there is a tendency to adapt the BM to exogenous factors. In this context, there is a propensity for smaller- and medium-sized institutions to change their BM more frequently than larger institutions.

Quantitative metrics seem to be only able to represent partially the intrinsic dynamics of BMs, and to include these metrics, it is necessary to resort to a holistic view of the BM.

This paper provides evidence that BMs’ stickiness indicated in the literature seems to weaken in conjunction with extraordinary events that can undermine institutions’ margins.

The purpose of this study is to examine how companies integrate cyber risk into their enterprise risk management practices. Data breaches have become commonplace, with thousands occurring each year, and some costing hundreds of millions of dollars. Consequently, cyber risk has become one of the gravest risks facing organizations, and has attracted boardroom-level attention. On the other hand, companies already manage many kinds of difficult and growing risks, and that firms lose less than 1% of annual revenues as a result of cyber incidents. Therefore, how should firms appropriately address cyber risk? Is it indeed a materially different kind of risk area, or is it simply just one more risk that can seamlessly be integrated into existing enterprise risk management (ERM) practices?

The authors performed thematic analysis based on semi-structured interviews, with non-probabilistic, purposive sampling, to answer two main questions. First, how do firms manage enterprise risks, generally? And second, how are they integrating cyber risk into these existing processes?

The authors find that there is considerable variation in the approach and sophistication in ERM practices, such as whether they are driven more like an auditing function, or as a risk champion. The authors also find that despite the novelty of cyber risk, it can be integrated like other enterprise risks, and that cyber risk is most often seen as an operational risk (similar to workplace accidents or fraud), rather than a strategic risk, emerging from, for example, technology innovation and R&D.

The generalization of the results is limited by the sample size and variation of firms interviewed. While the authors attempted to interview enterprise risk managers across a wide variation of firms, there were clear limitations in the scope. That being said, the authors were fortunate to be able to examine ERM and cyber risk practices across small and large, private and publicly traded companies, from a variety of business sectors.

The authors believe these finding are important because they present evidence that while cyber risk may be new, it does not require specialized handling or processes to track it at the enterprise level. While some firms may choose to provide special accommodations or attention because of their data collection or business practices, this approach is neither necessary nor required of all firms in all situations.

This research is one of the only papers that, to the best of the authors’ knowledge, examines how cyber risk is integrated at an enterprise level.

Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing digitalisation and coupling between the cyber and physical world, security has become an additional concern in these industries. The purpose of this paper is to evaluate how well bow-tie analysis performs in the context of security, and the study’s hypothesis is that the bow-tie notation has a suitable expressiveness for security and safety.

This study uses a formal, controlled quasi-experiment on two sample populations – security experts and security graduate students – working on the same case. As a basis for comparison, the authors used a similar experiment with misuse case analysis, a well-known technique for graphical security modelling.

The results show that the collective group of graduate students, inexperienced in security modelling, perform similarly as security experts in a well-defined scope and familiar target system/situation. The students showed great creativity, covering most of the same threats and consequences as the experts identified and discovering additional ones. One notable difference was that these naïve professionals tend to focus on preventive barriers, leading to requirements for risk mitigation or avoidance, while experienced professionals seem to balance this more with reactive barriers and requirements for incident management.

Our results are useful in areas where we need to evaluate safety and security concerns together, especially for domains that have experience in health, safety and environmental hazards, but now need to expand this with cybersecurity as well.

In this research, we examine the role of financial development, FDI, democracy and political instability on economic growth in West Africa.

The study uses the dynamic fixed effects technique on the secondary data obtained from 1996 to 2016.

Our empirical findings suggest that even though no significant relationship is established in the short run, the long-run coefficient of FDI is found to be significant and positive; a 1% increase in FDI inflow into the West African sub-region results in a 0.26% increase in economic growth. The coefficient of democracy is significant neither in the short run nor in the long run, but political instability is found to significantly and negatively impact the growth of the countries. Finally, the estimate of financial development–growth nexus follows the supply-leading hypothesis.

This research affirms the proposition that FDI is a relevant means of technology and knowledge transfers, thus resulting in increasing returns to production as a result of productive spillovers, which drives the growth of the economy. Consequently, an efficient institution – where the rule of law, political stability and economic freedom are top priorities – is a key to accelerate the growth of the West African economy. Similarly, we confirm the validity of the supply-leading hypothesis in West Africa. As such, by deepening the financial system, the growth of the subregion is propelled because an efficient financial system is a basis for sustainable development.

The applicable policies are those that promote growth through FDI, financial development, democracy and political instability. The governments of West African countries are enjoined to promote policies that attract FDI into the subregion and promote financial sector credits so that economic performances may be enhanced. In addition, the governments of West African subregion should fully entrench democratic practices and enhance a stable and sustainable political environment. This will not only restore investor confidence but will also facilitate the inflow of FDI into the West African economy.

Our study is the first to jointly examine these important growth determinants, especially in the context of West Africa. This becomes necessary in order to open the eyes of policy makers to the need for entrenched full democracy and to proffer sustainable cures to the frequent unrests in the subregion. The use of Pesaran (2007) technique of unit root is also a deviation from several existing studies. One advantage of this technique over others is that being a second-generation test, it tests variable unit root in the presence of cross-sectional dependence.

This study aims to validate a potential synergistic venture between cash waqf (Islamic endowment) institutions (CWIs) and financial cooperatives (FCs) in the provision of affordable Islamic home financing (IHF) in Malaysia.

The study adopted semi-structured interviews with ten experts to validate the cash waqf-financial-cooperative-mushārakah mutanāqiṣah (CWFCMM) model. Thematic analysis technique was used to analyse the verbatim texts.

The findings show that the majority of the informants have positive perceptions of the potential of the CWFCMM model to provide financially affordable IHF products in Malaysia. Nevertheless, this study sheds light on the varying degrees of latent issues and challenges that might arise in the implementation of this model. For example, FCs need to practice the correct business model, implement good governance structures and employ the right people. Meanwhile, CWIs need to work on their accountability issues by publishing their audited accounts in mainstream newspapers, much like what is being done by non-governmental organisations such as the widely recognised Malaysian Medical Relief Society (MERCY Malaysia).

This study interviewed a small, industry-specific number of informants in generating its findings. Time and budget constraints are some of the limiting factors in carrying out the study. Because of these factors, the generalisation of the study’s findings will be limited.

First, the CWFCMM model offers an alternative, financially affordable IHF instrument to low- and middle-income households in Malaysia. Second, the involvement of third-sector institutions such as FCs and CWIs in the provision of IHF will reduce the burden of the government in its spending on home financing solutions for civil servants. Third, this model will harness the potential of waqf-based financing beyond the contemporary limited applications to mosques, graveyards and taḥfīẓ (Qurʾan memorization) schools.

This study presents an alternative IHF model that transcends the current institutional framework that is heavily dominated by Islamic commercial banks and government-owned home financing institutions. The study does not focus on a single third-sector institution but on an integration of at least two of them, CWIs and FCs, in implementing the IHF model.