User-Oriented Control of Personal Information Security in Communication Systems

1997 ◽  
pp. 95-108
Author(s):  
Ulrich Kohl
Keyword(s):  
Information Security ◽  
Communication Systems ◽  
Personal Information

scholarly journals Factorial invariance of an information security culture assessment instrument for multinational organisations with operations across data protection jurisdictions

2015 ◽  
Vol 4 (4) ◽  
pp. 47-58 ◽  
Author(s):  
Nico Martins ◽  
Adéle da Veiga
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Personal Information ◽  
Theoretical Perspective ◽  
Factorial Invariance ◽  
Assessment Instrument ◽  
Security And Privacy ◽  
Security Culture ◽  
The Uk ◽  
Information Security Culture

An information security culture is influenced by various factors, one being regulatory requirements. The United Kingdom (UK) has been regulated through the UK Data Protection Act since 1995, whereas South Africa (SA) only promulgated the Protection of Personal Information Act (PoPI) in 2013. Both laws stipulate requirements from an information security perspective with regard to the processing of personal information, however in the UK this has been regulated for a longer period. Consequently, it is to be expected that the information security culture for organisations in the UK will be significantly different from that of SA. This raises the question as to whether the same information security culture assessment (ISCA) instrument could be used in an organisation with offices in both jurisdictions, and whether it might be necessary to customise it according the particular country’s enforcement of information security and privacy-related conditions. This is reviewed, firstly from a theoretical perspective, and secondly a factorial invariance analysis was conducted in a multinational organisation with offices in both the UK and SA, using data from an ISCA questionnaire, to determine possible factorial invariances in terms of the ISCA.

Social engineering as a threat to personal financial security

2021 ◽  
Vol 17 (1) ◽  
pp. 150-166
Author(s):  
Andrei L. LOMAKIN ◽  
Evgenii Yu. KHRUSTALEV ◽  
Gleb A. KOSTYURIN
Keyword(s):  
Information Security ◽  
Personal Information ◽  
Public Awareness ◽  
Social Engineering ◽  
Training System ◽  
Security Threats ◽  
Security Threat ◽  
Public And Private ◽  
Security Issues ◽  
The Government

Subject. As the socio-economic relationships are getting digitalized so quickly, the society faces more and more instances of cybercrime. To effectively prevent arising threats to personal information security, it is necessary to know key social engineering methods and security activities to mitigate consequences of emerging threats. Objectives. We herein analyze and detect arising information security threats associated with social engineering. We set forth basic guidelines for preventing threats and improving the personal security from social engineering approaches. Methods. The study relies upon methods of systems analysis, synthesis, analogy and generalization. Results. We determined the most frequent instances associated with social engineering, which cause personal information security threats and possible implications. The article outlines guidelines for improving the persona; security from social engineering approaches as an information security threat. Conclusions and Relevance. To make information security threats associated with social engineering less probable, there should be a comprehensive approach implying two strategies. First, the information security protection should be technologically improved, fitted with various data protection, antivirus, anti-fishing software. Second, people should be more aware of information security issues. Raising the public awareness, the government, heads of various departments, top executives of public and private organizations should set an integrated training system for people, civil servants, employees to proliferate the knowledge of information security basics.

The Role of Information Security and Cryptography in Digital Democracy

2015 ◽  
pp. 1564-1580
Author(s):  
Theodosios Tsiakis
Keyword(s):  
Human Rights ◽  
Information Security ◽  
Information Society ◽  
Communication Systems ◽  
Security And Privacy ◽  
Constitutional Rights ◽  
Critical Question ◽  
Role Of Government ◽  
Wrong Thing

The preponderant dilemma organisations confront currently is which way to homologate and superintend access for a broad mass of services and products and in parallel to preserve security and privacy. Information technology is rapidly changing, is inherently complex, and complexity kills security. There is an ongoing technical race to maintain security that does not take into account the human factors. The new technological infrastructure affects the degree of anonymity and confidentiality in mass-market computer-based systems and basically determines the evolution of democratic-political culture. Thus, in examining the issue of security, cryptography, privacy in the use of computers and Internet, forms the primary interest form the moral side of view, about what is the right and wrong thing to do, rather than in a legal frame, about what is legal and illegal. Security and privacy are not ethical or moral issues. They are fundamental human rights. In this societal change, the challenges of the information society are many but foremost is the protection of human rights. Addressing the critical question of how technological trends are both helping and hindering the advancement of human rights is essential in the specific digital environment. The democratic key concept is the efficient use of digital resources. We do not only need a culture of security (information), we further need to ensure the security of cultures, meaning that everyone should be able to freely exercise their constitutional rights. The role of this chapter is to bring to the surface the rights (human) implications of ICT and the information society. It enlightens the technical community, which designs, implements, and secures information and communication systems, with an understanding of human rights principles and foundational underpinnings. It highlights the role of government implications, identifies the role and relationship between the stakeholders, and indicates the balance between information security and freedom in order to understand that security, freedom, and rights (human), are not opposite concepts but coexist and progress in parallel.

The Different Aspects of Information Security Education

2018 ◽  
pp. 182-204
Author(s):  
Suchinthi Fernando
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Communication Systems ◽  
Basic Education ◽  
Information Technology Professionals ◽  
Security Education ◽  
Information And Communication ◽  
Subject Areas ◽  
Information Assets ◽  
The Way

This chapter discusses the importance of information security education for everyone, ranging from organizations to professionals and students, all the way through to individual users of information and communication systems. It discusses the different subject areas in information security and shows how instead of being intimidated by it, different categories of users can obtain varying depths of information security education based on their cyber-activities and need for knowledge. Information security professionals would require an in-depth knowledge in all aspects of information security, and information technology professionals and students would require an overall education in these areas, while most users of information and communication systems would only require a basic education to help protect their information assets in cyberspace.

A framework to assist email users in the identification of phishing attacks

2015 ◽  
Vol 23 (4) ◽  
pp. 370-381 ◽  
Author(s):  
André Lötter ◽  
Lynn Futcher
Keyword(s):  
User Interface ◽  
Focus Group ◽  
Information Security ◽  
Personal Information ◽  
Future Research ◽  
Security Level ◽  
Literature Study ◽  
Content Type ◽  
Phishing Attacks ◽  
Research Students

Purpose – The purpose of this paper is to propose a framework to address the problem that email users are not well-informed or assisted by their email clients in identifying possible phishing attacks, thereby putting their personal information at risk. This paper therefore addresses the human weakness (i.e. the user’s lack of knowledge of phishing attacks which causes them to fall victim to such attacks) as well as the software related issue of email clients not visually assisting and guiding the users through the user interface. Design/methodology/approach – A literature study was conducted in the main field of information security with a specific focus on understanding phishing attacks and a modelling technique was used to represent the proposed framework. This paper argues that the framework can be suitably implemented for email clients to raise awareness about phishing attacks. To validate the framework as a plausible mechanism, it was reviewed by a focus group within the School of Information and Communication Technology (ICT) at the Nelson Mandela Metropolitan University (NMMU). The focus group consisted of academics and research students in the field of information security. Findings – This paper argues that email clients should make use of feedback mechanisms to present security related aspects to their users, so as to make them aware of the characteristics pertaining to phishing attacks. To support this argument, it presents a framework to assist email users in the identification of phishing attacks. Research limitations/implications – Future research would yield interesting results if the proposed framework were implemented into an existing email client to determine the effect of the framework on the user’s level of awareness of phishing attacks. Furthermore, the list of characteristics could be expanded to include all phishing types (such as clone phishing, smishing, vishing and pharming). This would make the framework more dynamic in that it could then address all forms of phishing attacks. Practical implications – The proposed framework could enable email clients to provide assistance through the user interface. Visibly relaying the security level to the users of the email client, and providing short descriptions as to why a certain email is considered suspicious, could result in raising the awareness of the average email user with regard to phishing attacks. Originality/value – This research presents a framework that email clients can use to identify common forms of normal and spear phishing attacks. The proposed framework addresses the problem that the average Internet user lacks a baseline level of online security awareness. It argues that the email client is the ideal place to raise the awareness of users regarding phishing attacks.

scholarly journals INFLUENCE OF THE COUNTRY ECONOMIC DEVELOPMENT ON THE DEPENDENCE OF THE USE OF PERSONAL INFORMATION SECURITY AND THE CONSEQUENCES OF CYBERCRIME

2020 ◽  
pp. 188-198
Author(s):  
H. Yarovenko
Keyword(s):  
Cluster Analysis ◽  
Economic Development ◽  
Information Security ◽  
Personal Information ◽  
Practical Importance ◽  
Social Engineering ◽  
The State ◽  
Security Measures ◽  
Personal Security ◽  
The Impact

Over the past decade, there has been an increase in the volume of cybercrime in various spheres of life at the level of the state, economic agents, and individuals. Therefore, the issues of studying the processes of forming information security and identifying the impact on its effectiveness are becoming topical. The aim of this study is to prove the hypothesis that the behaviour of the population associated with the use of personal security measures and the formation of the corresponding consequences of incidents occurs under the influence of the level of economic development of the country. This was done using k-means cluster analysis via the Deductor Academic analytical platform and based on data from a survey conducted among respondents from EU countries. Analysis of the responses showed that there is a growing trend in the use of online banking and e-commerce services; there is an increase in the number of respondents who have become victims of cybercrimes, especially social engineering; the trend towards the use of reliable personal security equipment is declining. The results of the cluster analysis, for which data on the number of respondents who are victims of cybercrimes and the number of respondents using various personal security tools were used, made it possible to form 7 clusters of countries. Analysis of GDP per capita for the obtained clusters and visualization of the map of countries allowed us to confirm the hypothesis, but it was also determined that the dependence of the use of personal security measures and the consequences of cybercrimes is also influenced by the mental characteristics of countries formed due to the close territorial location of neighboring countries. The results obtained will be of practical importance for the development of the concept of information security and economic development of the state. They can be used to determine which sets of protection are appropriate for the income level of the population. Priority areas for further research are to determine the influence of other factors on the formation of the country's information security and the formation of a barycentric model of their measurements to ensure sustainable economic development of the state.

Sign in / Sign up

Export Citation Format

Share Document