Snakes and ladders for digital natives: information security education for the youth

2014 ◽  
Vol 22 (2) ◽  
pp. 179-190 ◽  
Author(s):  
Rayne Reid ◽  
Johan Van Niekerk
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
Design Science ◽  
Statistical Significance ◽  
Digital Natives ◽  
Educational Game ◽  
Daily Lives ◽  
Content Type ◽  
Group B

Purpose – This paper aims to educate the youth about information security. Cyber technologies and services are increasingly becoming integrated into individual’s daily lives. As such, individuals are constantly being exposed to the benefits and risks of these technologies. Cyber security knowledge and skills are becoming fundamental life skills for today’s users. This is particularly true for the current generation of digital natives. Design/methodology/approach – Within the design science paradigm, several case studies are used to evaluate the research artefact. Findings – The authors believe that the presented artefact could effectively convey basic information security concepts to the youth. Research limitations/implications – This study had a number of limitations. First, all the learner groups who participated in this study were too small to enable analysis of findings for statistical significance. Second, the data compiled on the long-term effectiveness of the game for Group B was incomplete. This limitation was the result of School B’s ethical concerns regarding learners being a vulnerable target audience. Originality/value – This paper presents and evaluates a brain-compatible, information security educational game that can be used to introduce information security concepts to the youth from a very young age.

Building a new resilience

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Peter Buell Hirsch
Keyword(s):  
Cyber Security ◽  
Design Methodology ◽  
Business Leaders ◽  
Human Potential ◽  
Global Business ◽  
Content Type ◽  
Business System ◽  
New Business ◽  
Practical Implications

Purpose The purpose of the viewpoint is to examine the various ways in which the pandemic has exposed structural vulnerabilities in global business infrastructures that have long existed and been long ignored. It urges business leaders not to return to a “new normal” but make fundamental changes to ensure that their businesses are truly resilient and can withstand future threats more effectively. Design/methodology/approach The viewpoint looks at the various kinds of vulnerability to which businesses are exposed – such as supply chain, human capital, cyber security and climate change – and proposes ways to ensure that businesses, as well as shareholders and government entities work together to build true resilience. Findings At its core, the viewpoint exposes the various ways in which businesses have turned a blind eye to vulnerabilities that have always lurked just below the surface and suggests. The argument is that to secure the long-term future of our global business system, we can no longer remain oblivious to fundamental weaknesses in our infrastructures. Research limitations/implications The viewpoint looks selectively at the available data and is, therefore, by definition, subjective and non-comprehensive. Practical implications If businesses and shareholders truly take the recommendations of this viewpoint to heart, we can build a more resilient future through long-term investments in risk management infrastructures of all kinds that will secure a more prosperous and stable future. Social implications Developing a more resilient and stable global business infrastructure will help reduce the business volatility deriving from last minute responses to predictable threats. This will, in turn, help provide more stable, fulfilling employment, especially in developing countries that will act as a fly wheel for the secure development of human potential around the world. Originality/value While there has been much speculation of what the “new business normal” will look like once the pandemic has been conquered, this is, the author believes, the first piece to look concretely on how we can not only “build back better” but build back more soundly for the long term.

scholarly journals Information security frameworks for assisting GDPR compliance in banking industry

2020 ◽  
Vol 22 (3) ◽  
pp. 227-244
Author(s):  
João Serrado ◽  
Ruben Filipe Pereira ◽  
Miguel Mira da Silva ◽  
Isaías Scalabrin Bianchi
Keyword(s):  
European Union ◽  
Information Security ◽  
Design Science ◽  
Science Research ◽  
Research Process ◽  
The Body ◽  
The European Union ◽  
Structured Interviews ◽  
Content Type ◽  
General Data Protection Regulation

Purpose Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach The design science research process was followed and semi-structured interviews performed. Findings A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.

Matching training to individual learning styles improves information security awareness

2019 ◽  
Vol 28 (1) ◽  
pp. 1-14 ◽  
Author(s):  
Malcolm Pattinson ◽  
Marcus Butavicius ◽  
Meredith Lillie ◽  
Beau Ciccarello ◽  
Kathryn Parsons ◽  
...  
Keyword(s):  
Information Security ◽  
Learning Styles ◽  
Cyber Security ◽  
Security Awareness ◽  
Content Type ◽  
Information Security Awareness ◽  
Security Controls ◽  
Human Aspects ◽  
Security Training ◽  
Different Types

Purpose This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA. Practical implications If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer. Originality/value A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.

Information security education based on job profiles and the e-CF

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Marcel Spruit
Keyword(s):  
Information Security ◽  
Design Science ◽  
Learning Goals ◽  
Job Descriptions ◽  
Content Type ◽  
Main Complaint ◽  
Starting Point ◽  
Competence Framework ◽  
Job Profile

PurposeThe information security field requires standardised education. This could be based on generic job profiles and a standard competence framework. The question is whether this is possible and feasible. To find out, the author did a case study: developing an information security master curriculum based on a generic PVIB job profile and the underlying competence framework e-CF.Design/methodology/approachThe research is a case study, using Design Science. Starting point is the specification of the learning goals for a cybersecurity master curriculum, using a generic PvIB job profile and the underlying competence framework e-CF. The curriculum has subsequently been developed, using backward design. Thereafter, the curriculum has been submitted for accreditation to test the successfulness of the approach.FindingsA generic job profile and a competence framework such as the e-CF support the development of standardised education. The generic PVIB job profile used works well. The e-CF can be useful, but requires modifications and the introduction of sub-competences. However, the main complaint concerning the e-CF is the use of examples instead of mandatory content.Originality/valueCompetence frameworks are available to formulate job descriptions, and are also suited for developing standardised education. Little research has been done on this. This case study shows that a competence framework is a useful tool for developing standardised education, although the e-CF may not be the most appropriate.

Cyberattacks against the health-care sectors during the COVID-19 pandemic

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Ruti Gafni ◽  
Tal Pavel
Keyword(s):  
Health Care ◽  
Information Security ◽  
Design Methodology ◽  
Health Care Industry ◽  
Health Care Sector ◽  
Content Type ◽  
Working Model ◽  
Wide Range ◽  
Practical Implications

Purpose This paper aims to analyze the changes in cyberattacks against the health-care sector during the COVID-19 pandemic. Design/methodology/approach The changes in cyberattacks of the health-care sector are analyzed by examination of the number and essence of published news concerning cybersecurity attacks on the health-care sector during 2019 and compared them to those published during 2020, based on two main websites, which review such incidents. Findings This study found that there was a significant growth in reports of cyberattacks on the health-care sector. Moreover, the number of cyberattacks fit interestingly to the pattern of waves of the disease, which expanded worldwide. During the first wave the number of reports was doubled or even tripled, compared to the same period in 2019, a tendency that was slightly waned afterwards. Practical implications This study helps to deepen the awareness of information security implications of a potential global devastating crisis, even in the cybersecurity domain, and on the health-care sector, among various other affected sectors and domains. Social implications COVID-19 pandemic created long-term wide-range changes that affect every individual and sector, mainly owing to the shift to remote working model, which impose long-term new cybersecurity changes, among them to the health-care industry. Originality/value This paper extends the existing information on implication of remote working model on information security and of the COVID-19 pandemic on the cybersecurity of health-care institutions around the world.

Information and cyber security maturity models: a systematic literature review

2020 ◽  
Vol 28 (4) ◽  
pp. 627-644 ◽  
Author(s):  
Anass Rabii ◽  
Saliha Assoul ◽  
Khadija Ouazzani Touhami ◽  
Ounsa Roudies
Keyword(s):  
Systematic Review ◽  
Information Security ◽  
Literature Review ◽  
Systematic Literature Review ◽  
Cyber Security ◽  
Research Literature ◽  
Maturity Models ◽  
Content Type ◽  
New Research ◽  
Maturity Evaluation

Purpose This paper aims to clarify the uncertainty reflected in the current state of information security maturity evaluation where it has not enough matured and converged so that a generic approach or many specfics approaches become the go-to choice. In fact, in the past decade, many secruity maturity models are still being produced and remain unproven regardless of the existence of ISO 21827. Design/methodology/approach The authors have used the systematic literature review to summarize existing research, help identify gaps in the existing literature and provide background for positioning new research studies. Findings The authors highlighted the prevalent influence of the ISO/IEC 27001/27002 standard but raised the necessity for an in-depth investigation of ISO 21827. The authors also made the implementation facet a central topic of our review. The authors found out that, compared to the number of proposed models, implementation experiments are lacking. This could be due to the arduous task of validation and it could also be the reason why specific models are dominant. Originality/value While the research literature contains many experience reports and a few case studies on information security maturity evaluation, a systematic review and synthesis of this growing field of research is unavailable as far as the authors know. In fact, the authors only picked-up one bodywork [Maturity models in cyber security A systematic review (2017)] carrying out a literature review on security maturity models between 2012 and 2017, written in Spanish.

Developing an information classification method

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Erik Bergström ◽  
Fredrik Karlsson ◽  
Rose-Mharie Åhlfeldt
Keyword(s):  
Information Security ◽  
Design Science ◽  
Science Research ◽  
Research Approach ◽  
Content Type ◽  
Security Breaches ◽  
Information Classification ◽  
Subjective Judgement ◽  
Starting Point ◽  
Iec 27002

Purpose The purpose of this paper is to develop a method for information classification. The proposed method draws on established standards, such as the ISO/IEC 27002 and information classification practices. The long-term goal of the method is to decrease the subjective judgement in the implementation of information classification in organisations, which can lead to information security breaches because the information is under- or over-classified. Design/methodology/approach The results are based on a design science research approach, implemented as five iterations spanning the years 2013 to 2019. Findings The paper presents a method for information classification and the design principles underpinning the method. The empirical demonstration shows that senior and novice information security managers perceive the method as a useful tool for classifying information assets in an organisation. Research limitations/implications Existing research has, to a limited extent, provided extensive advice on how to approach information classification in organisations systematically. The method presented in this paper can act as a starting point for further research in this area, aiming at decreasing subjectivity in the information classification process. Additional research is needed to fully validate the proposed method for information classification and its potential to reduce the subjective judgement. Practical implications The research contributes to practice by offering a method for information classification. It provides a hands-on-tool for how to implement an information classification process. Besides, this research proves that it is possible to devise a method to support information classification. This is important, because, even if an organisation chooses not to adopt the proposed method, the very fact that this method has proved useful should encourage any similar endeavour. Originality/value The proposed method offers a detailed and well-elaborated tool for information classification. The method is generic and adaptable, depending on organisational needs.

Achieving data security and privacy across healthcare applications using cyber security mechanisms

2020 ◽  
Vol 38 (5/6) ◽  
pp. 979-995
Author(s):  
Shanying Zhu ◽  
Vijayalakshmi Saravanan ◽  
BalaAnand Muthu
Keyword(s):  
Health Care ◽  
Big Data ◽  
Information Security ◽  
Cyber Security ◽  
Security And Privacy ◽  
Future Research ◽  
Healthcare Applications ◽  
Content Type ◽  
Environmental Controls

Purpose Currently, in the health-care sector, information security and privacy are increasingly important issues. The improvement in information security is highlighted in adopting digital patient records based on regulation, providers’ consolidation, and the growing need to exchange information among patients, providers, and payers. Design/methodology/approach Big data on health care are likely to improve patient outcomes, predict epidemic outbreaks, gain valuable insights, prevent diseases, reduce health-care costs and improve analysis of the quality of life. Findings In this paper, the big data analytics-based cybersecurity framework has been proposed for security and privacy across health-care applications. It is vital to identify the limitations of existing solutions for future research to ensure a trustworthy big data environment. Furthermore, electronic health records (EHR) could potentially be shared by various users to increase the quality of health-care services. This leads to significant issues of privacy that need to be addressed to implement the EHR. Originality/value This framework combines several technical mechanisms and environmental controls and is shown to be enough to adequately pay attention to common threats to network security.

Six practical tips for practicing cyberhygiene in the middle of a global pandemic

2020 ◽  
Vol 21 (2/3) ◽  
pp. 137-141
Author(s):  
Kimberly Peretti ◽  
Amy Mushahwar ◽  
Jon Knight
Keyword(s):  
Information Security ◽  
Data Privacy ◽  
Business Management ◽  
Work Environments ◽  
Remote Work ◽  
Content Type ◽  
Global Pandemic ◽  
Practical Implications ◽  
Blind Spots

Purpose Discusses the long-term cybersecurity challenges businesses face as COVID-19 cases spike and remote work environments need to remain operational, scalable, and capable of flexing with cycles of virus resurgence. Design/Methodology/Approach Discusses the target-rich environment cybercriminals have during this time, and steps businesses should take to secure their environments and raise employee awareness as more devices are being used remotely for company business and more company data is being sent, located, or stored outside the protections of the company infrastructure. Findings The remote work environment is likely to be around for the foreseeable future and businesses need to ensure they are secured for long-term success. Practical implications The authors offer information security and IT teams practical ways businesses can keep their systems secure and functioning: (1) Consider Basic Cyberhygiene; (2) Identify Security Blind Spots; (3) Review and Update Business Continuity, Disaster Recovery, and Incident Response Plans; (4) Remain Vigilant for Scams and Phishing Attacks; (5) Be Aware of Applicable Industry-Specific Guidelines; (6) Revisit Risk Exceptions. Originality/Value Practical guidance from experienced data privacy and cybersecurity lawyers in response to COVD-19 for Information Security, IT, and business management teams.

Global research productivity in cybersecurity: a scientometric study

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Fayaz Ahmad Loan ◽  
Bashir Bisma ◽  
Nasreen Nahida
Keyword(s):  
Information Security ◽  
Computer Security ◽  
Cyber Security ◽  
Research Productivity ◽  
Web Of Science ◽  
Research Output ◽  
Research Progress ◽  
Scientometric Analysis ◽  
Content Type ◽  
Global Research

Purpose The purpose of the study is to conduct a scientometric analysis of cybersecurity literature indexed in the core collection of the Web of Science for a period of ten years (2011–2020). Design/methodology/approach Cybersecurity is a focused topic of research across the globe. To identify the global research productivity in the field, the terms “cybersecurity, cyber-security, web security, information security, computer security, etc.” were used for retrieving the publications in the advanced search mode of the database “Web of Science”, limiting the time frame for 2011– 2020. The results retrieved were downloaded in the Excel file for further analysis and interpretation. The harvested data was analysed by using scientometric techniques to measure the progress such as growth rate, doubling time and author collaborations. Besides, the Biblioshiny and VOSviewer software were used for mapping networks. Findings The research output in the field of cybersecurity has shown an increasing trend during 2011–2020, and the maximum number of scholarly publications was published in 2020 (1,581), i.e. more than 715% of 2011 (221). A good number of countries (93) have contributed globally in cybersecurity research, and the highest share in research publications was reported by the USA (23.55%), followed by China (23.24%), South Korea (5.31%), UK (5.28%) and India (4.25%). The authorship patterns in cybersecurity publications show a collaborative trend, as most articles have been published by multiple authors. Total 5,532 (90.14%) articles have been published in co-authorship, whereas only 605 (9.86%) articles have been published by single authors. Keyword analysis shows that the most common keyword research by the authors is cybersecurity and its variants such as “cyber security” and “cyber-security” (1,698) followed by security (782), computer security (680) and information security (329). Research limitations/implications The database studied for the work does not represent the total literary output available on the theme. There are plenty of other databases, such as Scopus, Compendex, INSPEC, IEEE Xplore, arXiv, contributing to the same theme as well. Practical implications The findings of the study may help researchers, information technologists, library professionals and information specialists to identify the research progress, authorship patterns, collaborative networks and hot topics of research in the field of cybersecurity. Besides, it will assess the global response to the cybersecurity issue. Originality/value The study is the scientometric analysis of the cybersecurity based on current literature and will highlight the progress and development of global research in the said field.

Sign in / Sign up

Export Citation Format

Share Document