The 15th International Information Security Research Consortium (IISRC) Conference

2018 ◽  
Vol 64 (003) ◽  
pp. 133-182
Keyword(s):  
Information Security ◽  
Security Research ◽  
Research Consortium

Protecting a whale in a sea of phish

2020 ◽  
Vol 35 (3) ◽  
pp. 214-231
Author(s):  
Daniel Pienta ◽  
Jason Bennett Thatcher ◽  
Allen Johnston
Keyword(s):  
Information Security ◽  
Real World ◽  
Spillover Effects ◽  
Directed Attention ◽  
Future Directions ◽  
Security Research ◽  
Email Message ◽  
Multiple Domains ◽  
Future Information

Whaling is one of the most financially damaging, well-known, effective cyberattacks employed by sophisticated cybercriminals. Although whaling largely consists of sending a simplistic email message to a whale (i.e. a high-value target in an organization), it can result in large payoffs for cybercriminals, in terms of money or data stolen from organizations. While a legitimate cybersecurity threat, little information security research has directed attention toward whaling. In this study, we begin to provide an initial understanding of what makes whaling such a pernicious problem for organizations, executives, or celebrities (e.g. whales), and those charged with protecting them. We do this by defining whaling, delineating it from general phishing and spear phishing, presenting real-world cases of whaling, and provide guidance on future information security research on whaling. We find that whaling is far more complex than general phishing and spear phishing, spans multiple domains (e.g. work and personal), and potentially results in spillover effects that ripple across the organization. We conclude with a discussion of promising future directions for whaling and information security research.

Authentication System for Biometric Applications Using Mobile Devices

2013 ◽  
Vol 457-458 ◽  
pp. 1224-1227
Author(s):  
Jian Feng Hu ◽  
Zhen Dong Mu
Keyword(s):  
Information Security ◽  
Mobile Devices ◽  
Information Exchange ◽  
Mobile Platform ◽  
Eeg Signal ◽  
Information Protection ◽  
Security Research ◽  
Authentication System ◽  
Identification Tool

Mobile equipment has now become a new platform for information exchange, spend a lot of information exchange, how to effectively protect the mobile platform information security? Research has shown that, EEG signal can be used as identification tool, the user's information protection and good, this paper to protect the information security of mobile devices to research how to use EEG; the EEG signal is feasible for mobile equipment identification.

scholarly journals The Challenges of Effectively Anonymizing Network Data

2013 ◽  
pp. 15-22
Author(s):  
Ch. Himabindu
Keyword(s):  
Network Security ◽  
Information Security ◽  
Data Collection ◽  
Network Data ◽  
Sensitive Information ◽  
Security Testing ◽  
The Past ◽  
Technical Leadership ◽  
Security Research ◽  
Privacy Issues

The availability of realistic network data plays a significant role in fostering collaboration and ensuring U.S. technical leadership in network security research. Unfortunately, a host of technical, legal, policy, and privacy issues limit the ability of operators to produce datasets for information security testing. In an effort to help overcome these limitations, several data collection efforts (e.g., CRAWDAD[14], PREDICT [34]) have been established in the past few years. The key principle used in all of these efforts to assure low-risk, high-value data is that of trace anonymization—the process of sanitizing data before release so that potentially sensitive information cannot be extracted.

scholarly journals In their own words: employee attitudes towards information security

2018 ◽  
Vol 26 (3) ◽  
pp. 327-337 ◽  
Author(s):  
Debi Ashenden
Keyword(s):  
Information Security ◽  
Employee Attitudes ◽  
Individual Responsibility ◽  
Social Acceptability ◽  
Personal Construct ◽  
Design Data ◽  
Content Type ◽  
Repertory Grids ◽  
Personal Construct Psychology ◽  
Security Research

Purpose The purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research. Design/methodology/approach The study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey. Findings The results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks. Research limitations/implications The survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation. Originality/value The literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.

Future directions for behavioral information security research

2013 ◽  
Vol 32 ◽  
pp. 90-101 ◽  
Author(s):  
Robert E. Crossler ◽  
Allen C. Johnston ◽  
Paul Benjamin Lowry ◽  
Qing Hu ◽  
Merrill Warkentin ◽  
...  
Keyword(s):  
Information Security ◽  
Future Directions ◽  
Security Research ◽  
Behavioral Information Security ◽  
Behavioral Information
Sign in / Sign up

Export Citation Format

Share Document