Search results

The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises.

This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence?

In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel.

This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn.

Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations.

Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats.

Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to other structures, it is incumbent to discover if there are measurable benefits. This research hopes to define the concept of security collaboration optimization more fully. The eventual goal is to develop and promote a tool useful for organizations to measure where they are on such a continuum.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society.

This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness.

The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively.

The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others.

This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.

This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.

A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.

The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.

The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.

The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.

The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.

The purpose of this study is to examine how the tourism economy affects local food availability, access, utilization and stability in dessert-prone agricultural heritage sites. Specifically, the study aims to explore the relationship between the tourism industry and local agricultural practices and how this connection influences food security in the Siwa Oasis, located in the Western Desert of Egypt.

The study employs a qualitative exploratory research design using in-depth interviews and focus groups to investigate the impact of the tourism economy on food security and identify potential benefits and limitations for food security in the region.

The research reveals that the tourism economy in Siwa Oasis has only a marginal contribution to food security. The study highlights a lack of a strong connection between the tourism industry and local agricultural practices within the heritage site. As a result, the potential benefits and synergies that could be achieved between tourism and agriculture have not been fully realized, leading to a limited impact on food stability.

This study primarily relies on qualitative data from Siwa Oasis, Egypt, which may limit the generalizability of findings beyond this specific context. Additionally, while the study provides valuable insights into the complex relationship between tourism and food security, it does not quantitatively measure the magnitude of tourism's impact. Future research could incorporate quantitative methods for a more comprehensive understanding of this relationship in diverse desert-prone regions. Finally, the study highlights the need for more integrated approaches to enhance food security through tourism, but the specific strategies and policy recommendations require further investigation and adaptation to local contexts.

This study underscores the need for tourism development strategies that prioritize food security in desert-prone areas like Siwa Oasis. Policymakers and stakeholders should promote sustainable tourism practices that enhance local agriculture, create diversified income sources and foster equitable benefits for communities. Moreover, recognizing the seasonal nature of tourism, interventions to address food shortages during off-peak periods are crucial. Efforts should also focus on skill development and gender-inclusive opportunities within the tourism sector to ensure broader community participation. Additionally, collaborations between tourism and agriculture should be encouraged to optimize food availability and stability while preserving cultural food traditions.

This study adds original insights by examining the specific impact of the tourism economy on food security in dessert-prone agricultural heritage sites. The study's originality lies in its exploration of the untapped potential for synergy between the tourism and agricultural sectors and the implications for local food security. This research contributes to understanding how tourism can improve food security in specific contexts and provides valuable insights into sustainable development in heritage sites.

This study employs Stein Rokkan's methodological approach to analyse state formation in the Greater Middle East. It develops a conceptual framework distinguishing colonial, populist and democratic pacts, suitable for analysis of state formation and nation-building through to the present period. The framework relies on historical institutionalism. The methodology, however, is Rokkan's. The initial conceptual analysis also specifies differences between European and the Middle Eastern state formation processes. It is followed by a brief and selective discussion of historical preconditions. Next, the method of plotting singular cases into conceptual-typological maps is applied to 20 cases in the Greater Middle East (including Afghanistan, Iran and Turkey). For reasons of space, the empirical analysis is limited to the colonial period (1870s to the end of World War 1). Three typologies are combined into one conceptual-typological map of this period. The vertical left-hand axis provides a composite typology that clarifies cultural-territorial preconditions. The horizontal axis specifies transformations of the region's agrarian class structures since the mid-19th century reforms. The right-hand vertical axis provides a four-layered typology of processes of external intervention. A final section presents selected comparative case reconstructions. To the authors' knowledge, this is the first time such a Rokkan-style conceptual-typological map has been constructed for a non-European region.

Since the introduction of the outstanding web AI chat system, ChatGPT, it has caused a significant impact in both academia and the business world. Many studies have started to explore its potential applications in various fields. However, there is a lack of research from the perspective of user experience. To fill this theoretical gap and provide a theoretical basis for the operation and design of related services, this study plans to develop a set of evaluation scales for AI chat system user experience and explore the relationship between various factors and user satisfaction.

This study obtained 41 evaluation indicators through literature review and user research. Subsequently, these indicators were used as questionnaire items, combined with satisfaction metrics. A total of 515 questionnaires were distributed, and factor analysis and linear regression were employed to determine the specific elements influencing user experience and the user satisfaction model.

This study found that the factors influencing user experience are usefulness, accuracy, logical inference, interactivity, growth, anthropomorphism, convenience, credibility, ease of use, creativity, and security. Among these factors, only accuracy, anthropomorphism, creativity, and security indirectly influence satisfaction through usefulness, while the rest of the factors have a direct positive impact on user satisfaction.

This study provides constructive suggestions for the design and operation of related services and serves as a reference for future theoretical research in this area.

The Horn of Africa which has geostrategic importance is endowed with huge natural resources. However, the region is one of the conflict-prone regions in the world. Deficiencies in governance systems, deprivations and poverty, resource-based inter-communal conflicts and unduly interventions of external powers in the internal affairs of the countries have been the main triggers of conflicts. With the persistence of conflicts, the Horn of African countries have remained underdeveloped with poor development outcomes. The conflicts in the region, thus, must be reversed through genuine cooperation among the Horn of African countries. For regional durable peace and sustainable development in the Horn of Africa, the following measures are suggested: (i) Political recommitment and political willingness of leaderships in the Horn of African countries for broader regional cooperation for durable peace and development to address regional challenges jointly. (ii) Promote good governance and democratic principles. (iii) Strengthen regional cooperation among institutions of higher education to facilitate access to global knowledge. (iv) Establishment of regional media that promotes good images of the Horn of Africa. (v) Establishment of Horn of Africa Institute for Peace and Development to cultivate good governance and tolerance. (vi) Provision of civic education at all levels of education to promote understanding among different ethnic groups. (vii) Increase investments to improve the livelihoods of marginalised groups, particularly nomadic communities and unemployed youth. (viii) Refrainment of external powers from meddling in the internal affairs of the Horn of African countries.

Sharing patient health information (PHI) among hospitals has been much slower than the adoption of health record systems. This paper aims to investigate if privacy regulation (PR) or security measures (SMs) influence hospitals’ use of health information exchange (HIE) to share PHI with other providers (e.g. physicians, labs, hospitals). The study specifically focuses on how multiple PRs can impede and a strong national security infrastructure (NSI) can support HIE.

The study uses secondary data from a multi-national and multi-hospital survey administered by the European Union. The multi-level structure of the cross-sectional panel data is used to test the influence of both hospital-level (e.g. PR) and national-level variables (e.g. NSI) on HIE. A total of nine types of HIE, three types of PRs, nine SMs and other relevant control variables are considered. This study uses a two-level random intercept generalized linear model to test the hypothesis proposed in the study.

The study finds that national-level PRs (NLPR) have the strongest positive influence on HIE in comparison to regional (RLPR) and hospital-level (HLPR) PRs. Moreover, the study finds evidence that the presence of RLPR and HLPR, on average, decreases the positive impact of NLPR by 264%. The SMs also have a significant and positive impact on HIE. Adoption of an additional SM can increase the odds of engaging in a certain type of HIE between 21% and 61%. On the other hand, a strong NSI can also amplify the positive impact of SM on certain types of HIE.

This study extends prior research on the role of PRs in enabling HIE by considering the complexities brought up by adopting multiple PRs. NLPRs have the strongest impact on HIE in comparison to RLPRs or HLPRs. Moreover, public infrastructure initiatives such as those related to secure communications can also complement SMs adopted by the providers by encouraging HIE.

This paper aims to identify the relevant contributing constructs of readiness for the implementation of intelligent contracts (iContracts) in the construction industry. This study investigates the relationship between the personality dimensions of technology readiness index (TRI) and the system specific factors of technology acceptance model (TAM) within the context of iContracts.

Drawing insights from the extant literature and the author's previous qualitative investigations into iContract readiness constructs, a quantitative approach is used to operationalise the constructs by offering relevant statements to be measured and validated through a multiple-item scale against the users intent to accept the future iContract technology.

This study confirms and validates the relationship of the proposed iContract readiness index (iCRI) statements against the established TAM factors by offering 18 new constructs influencing technology readiness of the iContract technology. This study proves 9 of the 12 hypotheses highlighting key factors to be addressed for the successful development of the iContract technology.

This paper contributes to the body of knowledge by proposing a novel iCRI that informs an iContract technology readiness acceptance model (iCTRAM) for a trending technology. The iCTRAM can guide developers in producing an appropriate iContract solution and assess the readiness of users and organisations for the successful adoption of the iContract concept.

This study offers a unique theoretical framework, in an embryonic field, for predicting the success of iContract implementation within construction organisations. This study combines the established studies of TRI and TAM in producing a predictive iContract readiness assessment tool.