Search results
1 – 10 of 320Steven A. Harrast, Lori Olsen and Yan (Tricia) Sun
Prior research (Harrast, Olsen, & Sun, 2023) analyzes the eight emerging topics to be included in future CPA exams and discusses their importance to career success and appropriate…
Abstract
Prior research (Harrast, Olsen, & Sun, 2023) analyzes the eight emerging topics to be included in future CPA exams and discusses their importance to career success and appropriate teaching locus in light of survey evidence. They find that the general topic of data analytics is the most important of the eight emerging topics. To further understand the topics most important to career success, this study analyzes subtopics underlying the eight emerging topics. The results show that advanced Excel analysis tools, data visualization, and data extraction, transformation, and loading (ETL) are the most important data analytics subskills for career success according to professionals and that these topics should be both introduced and emphasized in the accounting curriculum. The results provide useful information to educators to prioritize general emerging topics and specific subtopics in the accounting curriculum by taking into account the most pressing needs of the profession.
Details
Keywords
Magdalena Glas, Manfred Vielberth, Tobias Reittinger, Fabian Böhm and Günther Pernul
Cybersecurity training plays a decisive role in overcoming the global shortage of cybersecurity experts and the risks this shortage poses to organizations' assets. Seeking to make…
Abstract
Purpose
Cybersecurity training plays a decisive role in overcoming the global shortage of cybersecurity experts and the risks this shortage poses to organizations' assets. Seeking to make the training of those experts as efficacious and efficient as possible, this study investigates the potential of visual programming languages (VPLs) for training in cyber ranges. For this matter, the VPL Blockly was integrated into an existing cyber range training to facilitate learning a code-based cybersecurity task, namely, creating code-based correlation rules for a security information and event management (SIEM) system.
Design/methodology/approach
To evaluate the VPL’s effect on the cyber range training, the authors conducted a user study as a randomized controlled trial with 30 participants. In this study, the authors compared skill development of participants creating SIEM rules using Blockly (experimental group) with participants using a textual programming approach (control group) to create the rules.
Findings
This study indicates that using a VPL in a cybersecurity training can improve the participants' perceived learning experience compared to the control group while providing equally good learning outcomes.
Originality/value
The originality of this work lies in studying the effect of using a VPL to learn a code-based cybersecurity task. Investigating this effect in comparison with the conventional textual syntax through a randomized controlled trial has not been investigated yet.
Details
Keywords
The frequency and sophistication of cybercrimes are increasing. These cybercrimes are impacting government and private organizations as well as individuals. One of the…
Abstract
Purpose
The frequency and sophistication of cybercrimes are increasing. These cybercrimes are impacting government and private organizations as well as individuals. One of the countermeasures is to improve the cyber hygiene of the end-users. Serious games or game-based learning has emerged as a promising approach for implementing security education, training and awareness program. In this paper, the researchers propose a tabletop card game called Cyber Suraksha to increase threat awareness and motivate users to adopt recommended security controls for smartphone users. Cyber Suraksha provides an active learning environment for the players. This paper aims to provide the details of the design and evaluation of the game using a between-subjects design.
Design/methodology/approach
The researchers have used constructive learning theory and the Fogg behaviour model (FBM) to design a tabletop card game called Cyber Suraksha. The researchers evaluated the game using a between-subjects design. The participants' responses in the control and intervention groups were collected using the risk behaviour diagnosis scale. Pearson’s Chi-Square test with a 5% significance level was used to test the hypotheses.
Findings
The results indicate that the game is enjoyable and fun. Cyber Suraksha game effectively motivates users to adopt the recommended security control for the targeted behaviour. The results indicate that the participants in the intervention group are 2.65 times more likely to adopt recommended behaviour. The findings of this study provide evidence for the effectiveness of hope and fear appeals in improving cybersecurity awareness.
Research limitations/implications
The generalizability of the study is limited because the sample size is small compared to the total number of smartphone users in India, and only students from computer/IT UG programs in India are used as participants in this study.
Practical implications
This study uses hope and a fear appeal to design an effective serious game. It also demonstrates using the FBM and constructive learning principles for effective serious game design. Cyber Suraksha is effective for the student group and may be tested with other age groups.
Originality/value
To the researchers' knowledge, there are no serious games for cybersecurity awareness focusing on the threats faced by smartphone users based on FBM and constructive learning theory. This research used hope along with a fear appeal to motivate smartphone users to adopt recommended security controls.
Details
Keywords
Peter Dornheim and Ruediger Zarnekow
The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated…
Abstract
Purpose
The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.
Design/methodology/approach
Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.
Findings
Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.
Originality/value
This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.
Details
Keywords
Martina Neri, Federico Niccolini and Luigi Martino
Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known…
Abstract
Purpose
Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.
Design/methodology/approach
This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.
Findings
Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.
Originality/value
Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.
Details
Keywords
Malicious hackers are increasingly evolving with technology by developing advanced tools to infiltrate. They are looking at micro laundering via sites like PayPal or using job…
Abstract
Purpose
Malicious hackers are increasingly evolving with technology by developing advanced tools to infiltrate. They are looking at micro laundering via sites like PayPal or using job advertising sites, to avoid exposure. Micro laundering makes it possible to launder a large amount of money in small amounts through thousands of electronic transactions. Therefore, the purpose of this paper is to examine whether the ethical hacking pedagogy is both a feasible and effective approach to prepare information security professionals of the future to combat black hat hacking and other forms of unethical conduct in the cyberspace.
Design/methodology/approach
The paper will specifically explore the ethics and implications of teaching students how to hack. It examines the strengths and limitations of the ethical hacking pedagogy. The discussion will then form the basis for exploring whether ethical hacking pedagogy is logical and justifiable.
Findings
The research has examined whether the ethical hacking pedagogy is an initiative-taking and effective approach to preparing information security professionals. Teaching students to hack is the only feasible approach to preparing future cybersecurity professionals because such training will allow them to master technical skills necessary for penetration testing.
Originality/value
A dominant theme that emerged from the research is the inability to evaluate students’ intention and provide oversight after their graduation. Thus, professional networks and peer groups will play an instrumental role in sustaining students in an environment that fosters ethical conduct.
Details
Keywords
Chen Zhong, Hong Liu and Hwee-Joo Kam
Cybersecurity competitions can effectively develop skills, but engaging a wide learner spectrum is challenging. This study aims to investigate the perceptions of cybersecurity…
Abstract
Purpose
Cybersecurity competitions can effectively develop skills, but engaging a wide learner spectrum is challenging. This study aims to investigate the perceptions of cybersecurity competitions among Reddit users. These users constitute a substantial demographic of young individuals, often participating in communities oriented towards college students or cybersecurity enthusiasts. The authors specifically focus on novice learners who showed an interest in cybersecurity but have not participated in competitions. By understanding their views and concerns, the authors aim to devise strategies to encourage their continuous involvement in cybersecurity learning. The Reddit platform provides unique access to this significant demographic, contributing to enhancing and diversifying the cybersecurity workforce.
Design/methodology/approach
The authors propose to mine Reddit posts for information about learners’ attitudes, interests and experiences with cybersecurity competitions. To mine Reddit posts, the authors developed a text mining approach that integrates computational text mining and qualitative content analysis techniques, and the authors discussed the advantages of the integrated approach.
Findings
The authors' text mining approach was successful in extracting the major themes from the collected posts. The authors found that motivated learners would want to form a strategic way to facilitate their learning. In addition, hope and fear collide, which exposes the learners’ interests and challenges.
Originality/value
The authors discussed the findings to provide education and training experts with a thorough understanding of novice learners, allowing them to engage them in the cybersecurity industry.
Details
Keywords
Bakhtiar Sadeghi, Deborah Richards, Paul Formosa, Mitchell McEwan, Muhammad Hassan Ali Bajwa, Michael Hitchens and Malcolm Ryan
Cybersecurity vulnerabilities are often due to human users acting according to their own ethical priorities. With the goal of providing tailored training to cybersecurity…
Abstract
Purpose
Cybersecurity vulnerabilities are often due to human users acting according to their own ethical priorities. With the goal of providing tailored training to cybersecurity professionals, the authors conducted a study to uncover profiles of human factors that influence which ethical principles are valued highest following exposure to ethical dilemmas presented in a cybersecurity game.
Design/methodology/approach
The authors’ game first sensitises players (cybersecurity trainees) to five cybersecurity ethical principles (beneficence, non-maleficence, justice, autonomy and explicability) and then allows the player to explore their application in multiple cybersecurity scenarios. After playing the game, players rank the five ethical principles in terms of importance. A total of 250 first-year cybersecurity students played the game. To develop profiles, the authors collected players' demographics, knowledge about ethics, personality, moral stance and values.
Findings
The authors built models to predict the importance of each of the five ethical principles. The analyses show that, generally, the main driver influencing the priority given to specific ethical principles is cultural background, followed by the personality traits of extraversion and conscientiousness. The importance of the ingroup was also a prominent factor.
Originality/value
Cybersecurity professionals need to understand the impact of users' ethical choices. To provide ethics training, the profiles uncovered will be used to build artificially intelligent (AI) non-player characters (NPCs) to expose the player to multiple viewpoints. The NPCs will adapt their training according to the predicted players’ viewpoint.
Details