Search results

While data breaches are reported daily, organizations are struggling with quantifying their cybersecurity posture. This paper aims to introduce the Universal Cybersecurity Footprint Index (UCFI), an organizational measure of Cybersecurity Footprint. The UCFI helps organizations understand the challenges related to their overall cybersecurity posture and be able to assess it for their supply chain cybersecurity. The Theory of Cybersecurity Footprint states that the risk and damage that can be caused by an attacked organization are not related to the size of the organization but to a range of parameters that may affect the interconnected entities in their supply chain.

Based on the 26 elements found in prior research, a survey was conducted, using 27 subject matter experts to reveal the most relevant elements and then specify their importance level to calculate their relative weight.

Results indicated that 20 of the 26 elements were validated, and their weights were calculated. Finally, an equation representing the UCFI for an organization is introduced.

Organizations can choose their partners according to a minimum value of the UCFI to reduce their cybersecurity risks.

Supply chain cybersecurity incidents have demonstrated in the past several years to provide a massive impact on society. Thus, further assisting in mitigation of cyberattacks to the supply chain is significant.

This research aims to provide further assistance for organizations in quantifying their cybersecurity footprint in effort to help reduce cyber incidents, especially those for small organizations.

Users’ mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in substantial financial and intellectual property losses. This paper aims to design, develop and empirically test a set of scenarios-based hands-on tasks to measure the cybersecurity skills of non-information technology (IT) professionals.

This study was classified as developmental in nature and used a sequential qualitative and quantitative method to validate the reliability of the Cybersecurity Skills Index (CSI) as a prototype-benchmarking tool. Next, the prototype was used to empirically test the demonstrated observable hands-on skills level of 173 non-IT professionals.

The importance of skills and hands-on assessment appears applicable to cybersecurity skills of non-IT professionals. Therefore, by using an expert-validated set of cybersecurity skills and scenario-driven tasks, this study established and validated a set of hands-on tasks that measure observable cybersecurity skills of non-IT professionals without bias or the high-stakes risk to IT.

Data collection was limited to the southeastern USA and while the sample size of 173 non-IT professionals is valid, further studies are required to increase validation of the results and generalizability.

The validated and reliable CSI operationalized as a tool that measures the cybersecurity skills of non-IT professionals. This benchmarking tool could assist organizations with mitigating threats due to vulnerabilities and breaches caused by employees due to poor cybersecurity skills.

This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.

This study has three phases. The first phase included 32 subject matter experts that provided feedback toward a phishing alert and warning system. The second phase included development and a pilot study to validate a phishing alert and warning system prototype. The third phase included delivery of the Phishing Alert and Warning System (PAWS^TM mobile app) to 205 participants. This study designed, developed, as well as empirically tested the PAWS^TM mobile app that alerted and warned participants to the signs of phishing in emails on mobile devices.

The results of this study indicated audio alerts and visual warnings potentially lower phishing susceptibility in emails. Audiovisual warnings appeared to assist study participants in noticing phishing emails more easily and in less time than without audiovisual warnings.

This study's implications to mitigation of phishing emails are key, as it appears that alerts and warnings added to email applications may play a significant role in the reduction of phishing susceptibility.

This study extends the existing information security body of knowledge on phishing prevention and awareness by using audiovisual alerts and warnings to email recipients tested in real-life applications.

This paper aims to introduce the concept of cybersecurity footprint.

Characteristics of cybersecurity footprint are presented based on documented cases, and the domino effect of cybersecurity is illustrated. Organizational and individual cybersecurity footprints are outlined. Active and passive – digital vs cybersecurity footprints are then reviewed. Taxonomy of aware/unaware vs active/passive cybersecurity footprints are presented, followed by brief discussion of the implications for future research.

The concept of cybersecurity footprint is defined, and the evidence from prior cyber incidents is shown to emphasize the concept. Smaller organizations may have a large cybersecurity footprint, whereas larger organizations may have smaller one. Cyberattacks are focusing on the individuals or small organizations that are in the supply chain of larger organizations causing the domino effect.

Implications of cybersecurity footprint to individuals, organizations, societies and governments are discussed. The authors present organizations with ways to lower cybersecurity footprint along with recommendations for future research.

Cybersecurity has a significant social implication worldwide, as the world is becoming cyber dependent. With the authors’ introduction of the cybersecurity footprint concept and call to further understand how organizations can measure and reduce it, the authors envision it as another perspective of assessing cyber risk and further help mitigate future cyber incidents.

This paper extends the existing information and computer security body of knowledge on the concept of cybersecurity footprint with illustrated cases.

The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobile technology.

This study was an empirical study that gathered survey data from 390 mobile users. Delphi study and pilot study were conducted prior to the main survey study. Partial Least Square Structural Equation Modeling was used to analyze the survey data after conducting pre-analysis data screening.

This study shows that information security training programs must be designed by practitioners to target the mobile self-efficacy (MSE) of device users. It also reveals that practitioners must design mobile device management systems along with processes and procedures that guides users to take practical steps at protecting their devices. This study shows the high impact of MSE on users’ protection motivation (PM) to protect their mobile devices. Additionally, this study reveals that the PM of users influences their usage of mobile device security.

This study makes theoretical contributions to the existing information security literature. It confirms PM theory’s power to predict user behavior within the context of mobile device security usage. Additionally, this study investigates mobile users’ actual security usage. Thus, it goes beyond users’ intention.

Concerns for information security in e‐learning systems have been raised previously. In the pursuit for better authentication approaches, few schools have implemented students' authentication during online exams beyond passwords. This paper aims to assess e‐learners' intention to provide multibiometric data and use of multibiometrics during online exams.

Based on data collected from 163 e‐learners from two institutions, the authors compared such measures when provided by their university versus by a third‐party service vendor. The multibiometrics discussed included fingerprint, face, and voice recognition.

The results show a clear indication by the learners that they are significantly more willing to provide their biometric data and intend to use multibiometrics when provided by their university compared with same services provided by a third‐party vendor.

Research implications include the need for better understanding of multibiometrics implementations in educational settings.

The findings are profound for vendors of multibiometrics as they must adjust their approach when implementing such technologies at higher educational institutions, rather than simply opt to license the use of such solutions and to host them.

This study helps higher educational institutions better understand that learners do not appear to object to the use of multibiometrics technologies during online exams, rather the way in which such technologies are implemented and managed on‐campus.

The purpose of this paper is to investigate the effect of information quality (IQ) on citizens ' trust in e-government systems.

This study used a mixed-method approach. In the first phase, the study drew IQ characteristics from the literature pool and then administered a qualitative questionnaire to a sample of 20 citizens who use e-government systems. In the second phase, the study delivered a quantitative survey via web to a group of about 1,000 citizens.

This two-phased study uncovered citizens ' perceived IQ factors and determined the influence of the IQ factors on trust in e-government systems.

There were some limitations to the study. Citizen ' s demographics, along with the type of e-government interaction, were not taken into consideration.

Understanding IQ characteristics that improve trust would enhance the relationship between citizens and e-government systems, as well as aide in the design and development of such systems.

This paper applied an established IQ framework, and used the value focus approach in assessing IQ characteristics that effect citizens ' trust in e-government systems.

This paper aims to provide useful insights into educational under‐achievement among Palestinian Arab citizens of Israel (PAI), investigating the perceptions of local educational administrators (LEAs) towards the education system and its modus vivendi, to uncover difficulties and suggest directions to improve the processes and achievements of the PAI education system.

Qualitative interviews were conducted with 16 stakeholders in local education (mayors, education department managers; school principals and parents’ representatives) in four Arab local governments in Israel to elucidate attitudes toward education.

The small random sample cannot claim to be representative however worrying problems were revealed: deficient resources in comparison to the Jewish education system; an ineffective political culture in local government; inferior status and problematic functioning of Arab education department heads and lack of inclusion of professionals and parents in decision‐making. These factors negatively impact the education system and its products.

The paper suggests local government should determine appropriate local policy, positioning education as a high priority with efficient education departments, more professional staff, and suitable education programs. Additionally state government should provide equal resources for the Arab education system, to lever Arab education in Israel.