Towards a Student Security Compliance Model (SSCM)

Users are considered the weakest link in ensuring information security (InfoSec). As a result, users' security behaviour remains crucial in many organizations. In response, InfoSec research has produced many behavioural theories targeted at explaining information security policy (ISP) compliance. Meanwhile, these theories mostly draw samples from employees often in developing countries. Such theories are not applicable to students in educational institutions since their psychological orientation with regards to InfoSec is different when compared with employees. Based on this premise, the chapter presents arguments founded on synthesis from existing literature. It proposes a students' security compliance model (SSCM) that attempts to explain predictive factors of students' ISP compliance intentions. The study encourages further research to confirm the proposed relationships using qualitative and quantitative techniques.

Students' Intentions on Cyber Ethics Issues

Cyber ethical decisions have grave moral, legal, and social consequences on individuals, organizations, and societies at large. This chapter examines the extent of cyber unethical intentions among students on cyber piracy, cyber plagiarism, computer crime and abuses, and cyber privacy infringement. Using frequency analysis and the t-test of independent samples, the results showed that almost 24% of the respondents have intentions to engage in cyber piracy and about 13% would infringe on others privacy in cyberspace. More respondents have intentions to commit cyber piracy as compared to other cyber ethic issues, while cyber privacy infringement was the least observed. Almost 30% of respondents had intentions to commit software piracy, and 18.6% would engage in hacking activities. Also, cybercrime and computer abuse were more common among males than females. Cyber plagiarism was significantly higher among foreign students when compared to local students. Cyber piracy, cyber plagiarism, computer crime, and cyber privacy infringement were significantly higher in public universities.

Deciphering the Myth About Non-Compliance and Its Impact on Cyber Security and Safety

The use of computers and sophisticated technologies are on the rise, and organizations are constantly looking for ways to invest in technologies to stay ahead of the competitive market. As such, cyber security and safety measures have been put in place by the organizations to protect them from attacks and to ensure that products and services are safe. However, managing cyber security and safety is becoming more challenging in today's business because people are both a cause of cyber security incidents as well as a key part of the protection from them. It is however that non-compliance with policies and directives are major security breaches. What is not well known, however, are the reasons behind the non-compliance behaviours. This chapter seeks to explore the reasons behind the non-compliance behaviours by use of compliance assessment model (CAM). The chapter reviews a case study in a health centre and systematically assesses the reasons behind the non-compliance behaviour by using the CAM model.

Threat Detection in Cyber Security Using Data Mining and Machine Learning Techniques

The internet has become an indispensable resource for exchanging information among users, devices, and organizations. However, the use of the internet also exposes these entities to myriad cyber-attacks that may result in devastating outcomes if appropriate measures are not implemented to mitigate the risks. Currently, intrusion detection and threat detection schemes still face a number of challenges including low detection rates, high rates of false alarms, adversarial resilience, and big data issues. This chapter describes a focused literature survey of machine learning (ML) and data mining (DM) methods for cyber analytics in support of intrusion detection and cyber-attack detection. Key literature on ML and DM methods for intrusion detection is described. ML and DM methods and approaches such as support vector machine, random forest, and artificial neural networks, among others, with their variations, are surveyed, compared, and contrasted. Selected papers were indexed, read, and summarized in a tabular format.

Security and Ethical Concerns of Affective Algorithmic Music Composition in Smart Spaces

Affective algorithmic composition systems are emotionally intelligent automatic music generation systems that explore the current emotions or mood of a listener and compose an affective music to alter the person's mood to a predetermined one. The fusion of affective algorithmic composition systems and smart spaces have been identified to be beneficial. For instance, studies have shown that they can be used for therapeutic purposes. Amidst these benefits, research on its related security and ethical issues is lacking. This chapter therefore seeks to provoke discussion on security and ethical implications of using affective algorithmic compositions systems in smart spaces. It presents issues such as impersonation, eavesdropping, data tempering, malicious codes, and denial-of-service attacks associated with affective algorithmic composition systems. It also discusses some ethical implications relating to intensions, harm, and possible conflicts that users of such systems may experience.

Taxonomy of Login Attacks in Web Applications and Their Security Techniques Using Behavioral Biometrics

Research into web application security is still in its initial phase. In spite of enhancements in web application development, large numbers of security issues remain unresolved. Login attacks are the most malevolent threats to the web application. Authentication is the method of confirming the stated identity of a user. Conventional authentication systems suffer from a weakness that can compromise the defense of the system. An example of such vulnerabilities is login attack. An attacker may exploit a pre-saved password or an authentication credential to log into web applications. An added problem with current authentication systems is that the authentication process is done only at the start of a session. Once the user is authenticated in the web application, the user's identity is assumed to remain the same during the lifetime of the session. This chapter examines the level login attacks that could be a threat to websites. The chapter provides a review of vulnerabilities, threats of login attacks associated with websites, and effective measures to counter them.

Towards a Theory for Explaining Socially-Engineered Cyber Deception and Theft

Socially engineered cyber deception and theft seems to have gained prominence in cybercrime. Given the contextual background of inadequate theoretical explanations of socially engineered cyber deception and theft cybercrime, there is the need for theory to better explain and possibly predict activities involved in socially engineered cyber deception and theft. This chapter proposes a theory of socially engineered cyber deception and theft (SECT), with routine activity theory, crime displacement theory, the space transition theory, and empirical review as its foundation. It iteratively combines deductive and inductive approaches to infer the occurrence of socially engineered cyber deception and theft. While the deductive approach serves the deduction leading to the inference, the inductive approach extracts and suggests empirical evidence for a deterministic prediction of the crime occurrence. It is recommended that the theory is further validated to test its applicability.

IT Security Investment Decision by New Zealand Owner-Managers

Small businesses employ 29% of New Zealand's private sector workforce and account for more than a quarter of its gross domestic product. Thus, a large-scale attack on small businesses could prove to be catastrophic to the economy. This chapter, which is framed by the protection motivation theory, explores 80 small business owners' IT security decision-making via an online survey. The findings revealed that 21% of small businesses were affected by ransomware. Fifty-one percent of the respondents did not have any anti-malware and none of the respondents used data classification, which means all information was regarded as the same. Since they managed to recover their backup information, they did not perceive the threat of ransomware as imminent. In terms of coping appraisal, it is assumed that if the business owner-managers believe that the capability of IT security investment averts threats in their organizations, they will be more inclined to develop an intention to invest in it.

Biometric Authentication Schemes and Methods on Mobile Devices

Due to the sensitivity and amount of information stored on mobile devices, the need to protect these devices from unauthorized access has become imperative. Among the various mechanisms to manage access on mobile devices, this chapter focused on identifying research trends on biometric authentication schemes. The systematic literature review approach was adopted to guide future researches in the subject area. Consequently, seventeen selected articles from journals in three databases (IEEE, ACM digital library, and SpringerLink) were reviewed. Findings from the reviewed articles indicated that touch gestures are the predominant authentication technique used in mobile devices, particularly in android devices. Furthermore, mimic attacks were identified as the commonest attacks on biometric authentic schemes. While, robust authentication techniques such as dental occlusion, ECG (electrocardiogram), palmprints and knuckles were identified as newly implemented authentication techniques in mobile devices.

Cyber Security Operations Centre Concepts and Implementation

Cyber security operations centres (SOCs) are attracting much attention in recent times as they play a vital role in helping businesses to detect cyberattacks, maintain cyber situational awareness, and mitigate real-time cybersecurity threats. Literature often cites the monitoring of an enterprise network and the detection of cyberattacks as core functions of an SOC. While this may be true, an SOC offers more functions than the detection of cyberattacks. For example, an SOC can provide functions that focus on helping an organisation to meet regulatory and compliance requirement. A better understanding of the functions that could be offered by an SOC is useful as this can aid businesses running an in-house SOC to extend their SOC capabilities to improve their overall cybersecurity posture. The goal of this chapter is to present the basics one needs to know about SOCs. The authors also introduce readers and IT professionals who are not familiar with SOCs to SOC concepts, types of SOC implementation, the functions and services offered by SOCs, along with some of the challenges faced by an SOC.