Information Security Behavioural Threshold Analysis in Practice: An Implementation Framework

2020 ◽  
pp. 133-143
Author(s):  
D. P. Snyman ◽  
H. A. Kruger
Keyword(s):  
Information Security ◽  
Threshold Analysis ◽  
Implementation Framework

I shall, we shall, and all others will: paradoxical information security behaviour

2018 ◽  
Vol 26 (3) ◽  
pp. 290-305 ◽  
Author(s):  
Dirk P. Snyman ◽  
Hennie Kruger ◽  
Wayne D. Kearney
Keyword(s):  
Information Security ◽  
Design Methodology ◽  
Threshold Analysis ◽  
Content Type ◽  
Security Education ◽  
Privacy Paradox ◽  
Possible Cause ◽  
Practical Implications ◽  
The Way

PurposeThe purpose of this paper is to investigate the lemming effect as a possible cause for the privacy paradox in information security.Design/methodology/approachBehavioural threshold analysis is used to test for the presence of the lemming effect in information security behaviour. Paradoxical behaviour may be caused by the influential nature of the lemming effect. The lemming effect is presented as a possible cause of the privacy paradox.FindingsThe behavioural threshold analysis indicates that the lemming effect is indeed present in information security behaviour and may lead to paradoxical information security behaviour.Practical implicationsThe analysis of the lemming effect can be used to assist companies in understanding the way employees influence each other in their behaviour in terms of security. By identifying possible problem areas, this approach can also assist in directing their information security education endeavours towards the most relevant topics.Originality/valueThis research describes the first investigation of the lemming effect in information security by means of behavioural threshold analysis in practice.

Collective information security behaviour: a technology-driven framework

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Dirk P. Snyman ◽  
Hennie Kruger
Keyword(s):  
Information Security ◽  
Qualitative Evaluation ◽  
Management Decision ◽  
Threshold Analysis ◽  
Content Type ◽  
Conceptual Mapping ◽  
Practical Applications ◽  
Evaluation Measures ◽  
Group Behaviour ◽  
Collective Information

Purpose This paper aims to present the development of a framework for evaluating group behaviour in information security in practice. Design/methodology/approach Information security behavioural threshold analysis is used as the theoretical foundation for the proposed framework. The suitability of the proposed framework is evaluated based on two sets of qualitative measures (general frameworks and information security frameworks) which were identified from literature. The successful evaluation of the proposed framework, guided by the identified evaluation measures, is presented in terms of positive practical applications, as well as positive peer review and publication of the underlying theory. Findings A methodology to formalise a framework to analyse group behaviour in information security can successfully be applied in a practical environment. This application takes the framework from only a theoretical conceptualisation to an implementable solution to evaluate and positively influence information security group behaviour. Practical implications Behavioural threshold analysis is identified as a practical mechanism to evaluate information security group behaviour. The suggested framework, as implemented in a management decision support system (DSS), allows practitioners to assess the security behaviour and awareness in their organisation. The resulting information can be used to exert an influence for positive change in the information security of the organisation. Originality/value A novel conceptual mapping of two sets of qualitative evaluation measures is presented and used to evaluate the proposed framework. The resulting framework is made practical through its encapsulation in a DSS.

The application of behavioural thresholds to analyse collective behaviour in information security

2017 ◽  
Vol 25 (2) ◽  
pp. 152-164 ◽  
Author(s):  
Dirk Snyman ◽  
Hennie Kruger
Keyword(s):  
Information Security ◽  
Peer Pressure ◽  
Security Awareness ◽  
Threshold Analysis ◽  
Group Setting ◽  
Economics Of Information ◽  
Content Type ◽  
Information Security Awareness ◽  
Security Issues ◽  
Awareness Campaigns

Purpose The purpose of this study is to perform an exploratory investigation into the feasibility of behavioural threshold analysis as a possible aid in security awareness campaigns. Design/methodology/approach Generic behavioural threshold analysis is presented and then applied in the domain of information security by collecting data on the behavioural thresholds of individuals in a group setting and how the individuals influence each other when it comes to security behaviour. Findings Initial experimental results show that behavioural threshold analysis is feasible in the context of information security and may provide useful guidelines on how to construct information security awareness programmes. Practical implications Threshold analysis may contribute in a number of ways to information security, e.g. identification of security issues that are susceptible to peer pressure and easily influenced by peer behaviour; serve as a countermeasure against security fatigue; contribute to the economics of information security awareness programmes; track progress of security awareness campaigns; and provide a new measure for determining the importance of security awareness issues. Originality/value This paper describes the very first experiment to test the behavioural threshold analysis concepts in the context of information security.

The formation of information security culture of college students

2019 ◽  
pp. 29-36
Author(s):  
I. D. Rudinskiy ◽  
D. Ya. Okolot
Keyword(s):  
College Students ◽  
Information Security ◽  
Information Society ◽  
Technical Aspect ◽  
Data Sources ◽  
Structural Components ◽  
Security Culture ◽  
The Individual ◽  
Information Security Culture ◽  
Ability And Willingness

The article discusses aspects of the formation of information security culture of college students. The relevance of the work is due to the increasing threats to the information security of the individual and society due to the rapid increase in the number of information services used. Based on this, one of the important problems of the development of the information society is the formation of a culture of information security of the individual as part of the general culture in its socio-technical aspect and as part of the professional culture of the individual. The study revealed the structural components of the phenomenon of information security culture, identified the reasons for the interest in the target group of students. It justifies the need for future mid-level specialists to form an additional universal competency that ensures the individual’s ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources. As a result of the study, recommendations were formulated on the basis of which a culture of information security for college students can be formed and developed and a decomposition of this process into enlarged stages is proposed. The proposals on the list of disciplines are formulated, within the framework of the study of which a culture of information security can develop. The authors believe that the recommendations developed will help future mid-level specialists to master the universal competency, consisting in the ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources, as well as to correctly access the necessary information and its further legitimate use, which ultimately forms a culture of information security.

Risk Management on Information Security in ABC Company

2017 ◽  
Vol 4 (1) ◽  
pp. 62-66
Author(s):  
Luyen Ha Nam
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Data Management ◽  
Management System ◽  
Risk Mitigation ◽  
Data Management System ◽  
Data Centre ◽  
Long Time ◽  
Mitigation Action ◽  
Better Than

From long, long time ago until nowadays information still takes a serious position for all aspect of life, fromindividual to organization. In ABC company information is somewhat very sensitive, very important. But how wekeep our information safe, well we have many ways to do that: in hard drive, removable disc etc. with otherorganizations they even have data centre to save their information. The objective of information security is to keep information safe from unwanted access. We applied Risk Mitigation Action framework on our data management system and after several months we have a result far better than before we use it: information more secure, quickly detect incidents, improve internal and external collaboration etc.

Application of Fractal Methods to Ensure the Cyber-Resilience of Self-Organizing Networks

2019 ◽  
Vol 22 (4) ◽  
pp. 336-341
Author(s):  
D. V. Ivanov ◽  
D. A. Moskvin
Keyword(s):  
Information Security ◽  
Network Structure ◽  
Self Regulation ◽  
Security Threats ◽  
Self Organizing Networks ◽  
Self Organizing ◽  
Fractal Methods

In the article the approach and methods of ensuring the security of VANET-networks based on automated counteraction to information security threats through self-regulation of the network structure using the theory of fractal graphs is provided.

Sign in / Sign up

Export Citation Format

Share Document