A framework to assist email users in the identification of phishing attacks

2015 ◽  
Vol 23 (4) ◽  
pp. 370-381 ◽  
Author(s):  
André Lötter ◽  
Lynn Futcher
Keyword(s):  
User Interface ◽  
Focus Group ◽  
Information Security ◽  
Personal Information ◽  
Future Research ◽  
Security Level ◽  
Literature Study ◽  
Content Type ◽  
Phishing Attacks ◽  
Research Students

Purpose – The purpose of this paper is to propose a framework to address the problem that email users are not well-informed or assisted by their email clients in identifying possible phishing attacks, thereby putting their personal information at risk. This paper therefore addresses the human weakness (i.e. the user’s lack of knowledge of phishing attacks which causes them to fall victim to such attacks) as well as the software related issue of email clients not visually assisting and guiding the users through the user interface. Design/methodology/approach – A literature study was conducted in the main field of information security with a specific focus on understanding phishing attacks and a modelling technique was used to represent the proposed framework. This paper argues that the framework can be suitably implemented for email clients to raise awareness about phishing attacks. To validate the framework as a plausible mechanism, it was reviewed by a focus group within the School of Information and Communication Technology (ICT) at the Nelson Mandela Metropolitan University (NMMU). The focus group consisted of academics and research students in the field of information security. Findings – This paper argues that email clients should make use of feedback mechanisms to present security related aspects to their users, so as to make them aware of the characteristics pertaining to phishing attacks. To support this argument, it presents a framework to assist email users in the identification of phishing attacks. Research limitations/implications – Future research would yield interesting results if the proposed framework were implemented into an existing email client to determine the effect of the framework on the user’s level of awareness of phishing attacks. Furthermore, the list of characteristics could be expanded to include all phishing types (such as clone phishing, smishing, vishing and pharming). This would make the framework more dynamic in that it could then address all forms of phishing attacks. Practical implications – The proposed framework could enable email clients to provide assistance through the user interface. Visibly relaying the security level to the users of the email client, and providing short descriptions as to why a certain email is considered suspicious, could result in raising the awareness of the average email user with regard to phishing attacks. Originality/value – This research presents a framework that email clients can use to identify common forms of normal and spear phishing attacks. The proposed framework addresses the problem that the average Internet user lacks a baseline level of online security awareness. It argues that the email client is the ideal place to raise the awareness of users regarding phishing attacks.

Blockchain as supply chain technology: considering transparency and security

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Pei Xu ◽  
Joonghee Lee ◽  
James R. Barth ◽  
Robert Glenn Richey
Keyword(s):  
Supply Chain ◽  
Text Mining ◽  
Information Security ◽  
Design Methodology ◽  
Use Cases ◽  
Future Research ◽  
Content Type ◽  
Blockchain Technology ◽  
Twitter Data ◽  
The Way

PurposeThis paper discusses how the features of blockchain technology impact supply chain transparency through the lens of the information security triad (confidentiality, integrity and availability). Ultimately, propositions are developed to encourage future research in supply chain applications of blockchain technology.Design/methodology/approachPropositions are developed based on a synthesis of the information security and supply chain transparency literature. Findings from text mining of Twitter data and a discussion of three major blockchain use cases support the development of the propositions.FindingsThe authors note that confidentiality limits supply chain transparency, which causes tension between transparency and security. Integrity and availability promote supply chain transparency. Blockchain features can preserve security and increase transparency at the same time, despite the tension between confidentiality and transparency.Research limitations/implicationsThe research was conducted at a time when most blockchain applications were still in pilot stages. The propositions developed should therefore be revisited as blockchain applications become more widely adopted and mature.Originality/valueThis study is among the first to examine the way blockchain technology eases the tension between supply chain transparency and security. Unlike other studies that have suggested only positive impacts of blockchain technology on transparency, this study demonstrates that blockchain features can influence transparency both positively and negatively.

scholarly journals Persuading end users to act cautiously online: a fear appeals study on phishing

2018 ◽  
Vol 26 (3) ◽  
pp. 264-276 ◽  
Author(s):  
Jurjen Jansen ◽  
Paul van Schaik
Keyword(s):  
Information Sharing ◽  
Fear Appeals ◽  
Future Research ◽  
Protection Motivation ◽  
Online Information ◽  
Fear Appeal ◽  
Content Type ◽  
Phishing Attacks ◽  
Internet Users ◽  
Post Test

Purpose The purpose of this paper is to test the protection motivation theory (PMT) in the context of fear appeal interventions to reduce the threat of phishing attacks. In addition, it was tested to what extent the model relations are equivalent across fear appeal conditions and across time. Design/methodology/approach A pre-test post-test design was used. In the pre-test, 1,201 internet users filled out an online survey and were presented with one of three fear appeal conditions: strong fear appeal, weak fear appeal and control condition. Arguments regarding vulnerability of phishing attacks and response efficacy of vigilant online information-sharing behaviour were manipulated in the fear appeals. In the post-test, data were collected from 786 internet users and analysed with partial least squares path modelling. Findings The study found that PMT model relations hold in the domain of phishing. Self-efficacy and fear were the most important predictors of protection motivation. In general, the model results were equivalent across conditions and across time. Practical Implications It is important to consider online information-sharing behaviour because it facilitates the occurrence and success of phishing attacks. The results give practitioners more insight into important factors to address in the design of preventative measures to reduce the success of phishing attacks. Future research is needed to test how fear appeals work in real-world settings and over longer periods. Originality/value This paper is a substantial adaptation of a previous conference paper (Jansen and Van Schaik, 2017a, b).

Sport and social entrepreneurship in Germany: exploring athlete perspectives on an emerging field

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Louis Moustakas ◽  
Lisa Kalina
Keyword(s):  
Focus Group ◽  
Social Entrepreneurship ◽  
Social Enterprises ◽  
Future Research ◽  
Content Type ◽  
Career Pathway ◽  
Survey Results ◽  
Initial Survey ◽  
High Level ◽  
Entrepreneurial Activities

PurposeAthletes are increasingly perceived as important drivers of entrepreneurship and social change. As a result, increasing research and activity has attempted to engage athletes in both entrepreneurship and social entrepreneurship. Against this backdrop, the authors aim to provide insights on how high-level athletes in Germany understand entrepreneurship and social entrepreneurship and their perceptions of (social) entrepreneurship as a potential career pathway.Design/methodology/approachA survey was designed for athletes to assess their social entrepreneurship-related skills and attitudes. This survey is based on Capella Peris et al. (2020) who developed and validated a social entrepreneurship questionnaire for use in the physical education sector. To deepen the authors’ understanding of the initial survey results, a structured focus group was conducted with an additional set of five high-level German athletes.FindingsBoth the survey results and the focus group indicate that athletes have reservations about starting businesses or social enterprises, and that formal support on the topic is limited.Research limitations/implicationsThis paper suggests numerous possible avenues for future research, both related to athletes and sport social entrepreneurship more generally. The authors also suggest that athlete career programmes need to provide more support for athletes who wish to venture in entrepreneurial activities.Originality/valueThis study answers numerous calls within sport entrepreneurship literature to further integrate athletes into research in the area.

The hunt for computerized support in information security policy management

2020 ◽  
Vol 28 (2) ◽  
pp. 215-259 ◽  
Author(s):  
Elham Rostami ◽  
Fredrik Karlsson ◽  
Ella Kolkowska
Keyword(s):  
Information Security ◽  
Research Methods ◽  
Security Policy ◽  
Critical Discussion ◽  
Future Research ◽  
Management Process ◽  
Management Research ◽  
Information Security Policy ◽  
Content Type ◽  
Literature Reviews

Purpose The purpose of this paper is to survey existing information security policy (ISP) management research to scrutinise the extent to which manual and computerised support has been suggested, and the way in which the suggested support has been brought about. Design/methodology/approach The results are based on a literature review of ISP management research published between 1990 and 2017. Findings Existing research has focused mostly on manual support for managing ISPs. Very few papers have considered computerised support. The entire complexity of the ISP management process has received little attention. Existing research has not focused much on the interaction between the different ISP management phases. Few research methods have been used extensively and intervention-oriented research is rare. Research limitations/implications Future research should to a larger extent address the interaction between the ISP management phases, apply more intervention research to develop computerised support for ISP management, investigate to what extent computerised support can enhance integration of ISP management phases and reduce the complexity of such a management process. Practical implications The limited focus on computerised support for ISP management affects the kind of advice and artefacts the research community can offer to practitioners. Originality/value Today, there are no literature reviews on to what extent computerised support the ISP management process. Findings on how the complexity of ISP management has been addressed and the research methods used extend beyond the existing knowledge base, allowing for a critical discussion of existing research and future research needs.

Information security culture – state-of-the-art review between 2000 and 2013

2015 ◽  
Vol 23 (3) ◽  
pp. 246-285 ◽  
Author(s):  
Fredrik Karlsson ◽  
Joachim Åström ◽  
Martin Karlsson
Keyword(s):  
Information Security ◽  
Research Methods ◽  
State Of The Art ◽  
Assessment Tools ◽  
Future Research ◽  
Research Topics ◽  
Content Type ◽  
Security Culture ◽  
Systems Research ◽  
Information Security Culture

Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about. Design/methodology/approach – Results are based on a literature review of information security culture research published between 2000 and 2013 (December). Findings – This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature. Research limitations/implications – Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research. Practical implications – Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated. Originality/value – Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.

Service recovery as an organizational capability

2018 ◽  
Vol 21 (3) ◽  
pp. 316-336 ◽  
Author(s):  
Samiha Mjahed Hammami ◽  
Nizar Souiden ◽  
Abdelfattah Triki
Keyword(s):  
Focus Group ◽  
Service Recovery ◽  
Recovery Process ◽  
Future Research ◽  
Organizational Capability ◽  
Focus Group Interviews ◽  
Content Type ◽  
Domain Identification ◽  
Knowledge Based ◽  
Group Interviews

PurposeThis paper aims to explore and conceptualize service recovery as an organizational capability. It proposes a new construct labeled knowledge-enabled recovery effectiveness (KERE).Design/methodology/approachMeasures capturing the KERE construct were developed through domain identification, item pool generation using focus group interviews with managers involved in complaint management and content expert validation.FindingsA first pool of 73 items was generated and then reduced to 37 items. Focus group interviews confirm the theoretical relevance of the KERE construct. Recovery culture, recovery process and internal recovery resources are the different components of a firm’s knowledge that serve as inputs, or as a source of a firm’s service recovery capabilities.Research limitations/implicationsA quantitative study is needed in future research to assess the KERE’s construct structure and validity.Practical implicationsManagers may use the proposed scale to foster effective and relevant marketing strategies by setting clear policies that consider service recovery as a knowledge-based activity rather than a control targeted activity.Originality/valueThis research demonstrates the mutual dialogue between service recovery and knowledge-based capabilities. Also, it proposes a new concept labeled KERE and a raw scale to further understand firms’ aptitude in service recovery.

Escalation of commitment and information security: theories and implications

2017 ◽  
Vol 25 (5) ◽  
pp. 580-592 ◽  
Author(s):  
Dmitriy V. Chulkov
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Decision Makers ◽  
Future Research ◽  
Escalation Of Commitment ◽  
Content Type ◽  
Economic Theories ◽  
Course Of Action ◽  
Security Compliance ◽  
Information Security Investment

Purpose This study aims to explore the challenges that the escalation of commitment poses to information security. Design/methodology/approach Two distinct scenarios of escalation behavior are presented based on literature review. Psychological, organizational and economic theories on escalation of commitment are reviewed and applied to the area of information security. Findings Escalation of commitment involves continuation of a course of action after receiving negative information about it. In the information security compliance context, escalation affects a firm when an employee decides to break the firm’s information security policy to complete a failing task. In the information security investment context, escalation occurs if a manager continues investment in policies and solutions that are ineffective because of psychological, organizational or economic factors. Both of these types of escalation may be prevented with de-escalation techniques including a change in management or rotation of duties, monitoring, auditing and governance mechanisms. Practical implications Implications of escalation of commitment behavior for information security decision-makers and for future research are discussed. Originality/value This study complements the literature by establishing the context of escalation of commitment in decisions related to information security and reviewing managerial and economic theories on escalation of commitment.

Lock-ins and opportunities for sustainability transition

2019 ◽  
Vol 20 (7) ◽  
pp. 1109-1124
Author(s):  
Maarten Deleye ◽  
Katrien Van Poeck ◽  
Thomas Block
Keyword(s):  
Empirical Analysis ◽  
Analytical Framework ◽  
Future Research ◽  
Extensive Literature ◽  
Literature Study ◽  
Content Type ◽  
Windows Of Opportunity ◽  
Sustainability Transition ◽  
Multi Level ◽  
Insight Into

Purpose This study aims to provide an overview of sustainability in Flemish higher education (HE) by using the multi-level perspective (MLP) on sustainability transitions for a comprehensive empirical analysis of how sustainability is embedded in Flemish HE. Design/methodology/approach MLP was used as analytical framework to study the case and allow a focus on the interplay between innovative experiments in niche-practices, the characteristics of the prevailing regime (dominant structures, cultures and practices) and macro-trends at the landscape level. The data were collected through document analyses, surveys, in-depth interviews and a focus group. The empirical analysis was complemented with an extensive literature study. Findings In all, 9 landscape trends, 21 regime characteristics and 5 types of niches are identified. Furthermore, the multi-level analysis revealed 5 important lock-ins in the dominant regime that impede the upscaling of sustainable niches, 5 internal contradictions that destabilise the regime and can thus create windows of opportunity for niches to become viable alternatives and 16 opportunities for further embedding sustainability in HE. Originality/value The paper gives an original insight into the complexities of integrating sustainability in HE, highlights the important role of policy entrepreneurs to grasp emerging opportunities and offers them insight into how to create momentum and identify and fruitfully address windows of opportunity for a sustainability transition. It shows the potential and limits of the MLP for research on HE and outlines prospects for future research.

Families of children with disabilities helping inform early childhood education

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Katie Swart ◽  
Reem Muharib ◽  
Kristi Godfrey-Hurrell ◽  
Mark M. D’Amico ◽  
Bob Algozzine ◽  
...  
Keyword(s):  
Early Childhood ◽  
Focus Group ◽  
Young Children ◽  
Program Development ◽  
Children With Disabilities ◽  
Early Childhood Educators ◽  
Future Research ◽  
Content Type ◽  
Inclusive Settings ◽  
Young Children With Disabilities

Purpose This paper aims to survey and interview parents of young children with disabilities to document their perspectives on what professionals working with their children need to know. Rather than comparing opinions over time or as part of an outcome study, this paper met with participants at a single point in time for a conversation addressing two questions with implications for training, program development and continuing research, namely, to what extent do families believe the Advancing Community College Efforts in Paraprofessional Training (ACCEPT) standards and topics are important to include in educational programs preparing professionals to work with young children with disabilities in inclusive settings (survey)? How satisfied or dissatisfied are families with the practices of early childhood educators working with their children with disabilities in inclusive and other settings (focus group)? What knowledge and skills do families recommend are important for the preparation of early childhood educators working with children with disabilities in inclusive and other settings (focus group)? Design/methodology/approach An exploratory design was used to gather information for use in future research and program development and research efforts. Descriptive statistics were compiled for the survey data and focus group interviews were content-analyzed for themes consistent with the project’s eight standards and topics. Findings Analyzes of survey and focus group interview data indicated that parents/caregivers held consistent views about information and skills needed to prepare teachers and others to work with children with disabilities in inclusive settings. Parents/caregivers were asked to complete a brief survey prioritizing the importance of the eight ACCEPT standards and topics when preparing early childhood educators for working with children with disabilities in inclusive settings. They all (n = 21) rated each standard and topic as “very important” (4) and provided 184 comments during follow-up interviews that represented positive examples, negative examples and recommendations distributed across the eight focusing standards. Originality/value This research identified the need for educators to understand the high value and importance of communication with parents of children with disabilities. This study further suggests the need for teachers to value each child’s individual needs and differences for their relationships with children and families to thrive.

Understanding employees' information security identities: an interpretive narrative approach

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Jeffrey D. Wall ◽  
Prashant Palvia
Keyword(s):  
Information Security ◽  
Narrative Analysis ◽  
Life Experiences ◽  
Qualitative Interviews ◽  
Situational Factors ◽  
Future Research ◽  
Content Type ◽  
Security Compliance ◽  
And Control ◽  
Over Time

PurposeThe authors seek to understand the formation of control- and security-related identities among organizational employees through and interpretive narrative analysis. The authors also seek to identify how the identities form over time and across contexts. Several identities are identified as well as the changes that may occur in the identities.Design/methodology/approachFew interpretive or critical studies exist in behavioral information security research to represent employee perspectives of power and control. Using qualitative interviews and narrative analysis of the interview transcripts, this paper analyzes the security- and control-related identities and values that employees adopt in organizational settings.FindingsTwo major categories of behavioral security compliance identities were identified: compliant and noncompliant. Specific identities within the compliant category included: faithful follower vs the reasoned follower, and other-preserving versus the self-preserving identities. The noncompliant category included: anti-authority identity, utilitarian identity, trusting identity and unaware identity. Furthermore, three patterns of identity changes were observed.Research limitations/implicationsThe authors’ narrative stories suggest that employee identities are complex and multi-faceted, and that they may be fluid and adaptive to situational factors. Future research should avoid assumptions that all employees are the same or that employee beliefs remain constant over time or in different contexts. Identities are also strongly rooted in individuals' rearing and other life experiences. Thus, security control is far broader than is studied in behavioral studies. The authors find that history matters and should be examined carefully.Practical implicationsThe authors’ study provides insights that managers can use to enhance security initiatives. It is clear that different employees build different control-related identities. Managers must understand that their employees are unique and will not all respond to policies, punishments, and other forms of control in the same way. The narratives also suggest that many organizations lack appropriate programs to enhance employees' awareness of security issues.Originality/valueThe authors’ narrative analysis suggests that employee security identities are complex and multi-faceted, and that they are fluid and adaptive to situational factors. Research should avoid assumptions that all employees are the same or that their beliefs remain constant over time or in different contexts. Identities are also strongly rooted in individuals' rearing and other life experiences. Their history matters and should be examined carefully.

Sign in / Sign up

Export Citation Format

Share Document