Disclosure of Organizational Information by Employees on Facebook: Looking at the Potential for Information Security Risks

Online social networking (OSN) is a global phenomenon and its use by employees has been reported to be detrimental to organizations. Nevertheless, OSN impacts on organizational information security are rarely discussed in academic literature. This study investigates the use of OSN sites by employees and work-related information disclosed on their personal pages that may jeopardize the security of organizational information. The paper presents the characteristics of work-related information that can be disclosed on Facebook, possibly has the potential to open the doorway for information security threats. It also discusses the qualitative findings from four Malaysian-based organizations under study. Across these four organizations, 22 employees who were active users of Facebook were interviewed to obtain their OSN experience, to explore information they disclosed online and the underlying reasons for doing so. The findings will facilitate our recommendation for organizations to minimize this issue by understanding the behavioural facets of information security

Pendekar Siber: empowering youth to combat cyber threats

The book chapter features the experience of developing and executing the Pendekar Siber program at the International Islamic University Malaysia through research, teaching and learning. As an outcome of research, Pendekar Siber has four batches of students who have conducted self-empowerment program among youth in the area of cyber safety and security. It was done through IIUM's university required courses namely CCUB/SCSH 2163 Usrah in Action 1 and CCUB/SCSH 3164 Usrah in Action 2. Through these courses, IIUM students from various faculties were trained about cybersecurity, cyber safety, cyber ethics, cyber law, community engagement and Islamization topics. After that, these students conducted training and awareness programs in cyber safety and security to educate youth from B40 communities in urban poor areas

Information Leakage through Online Social Networking: Opening the Doorway for Advanced Persistence Threats

The explosion of online social networking (OSN) in recent years has caused damages to organisations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realise their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targeted on key employees of victim organisations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage and provides an explanation about the underlying factors of employees leaking information via this channel through a theoretical lens from information systems. It also describes how OSN becomes an attack vector of APT owing to employees’ social networking behaviour, and finally, recommends security education, training and awareness (SETA) for organisations to combat these threats

Exploring The Use Of Online Social Networking By Employees: Looking At The Potential For Information Leakage

The proliferation of online social networking (OSN) in recent years has caused organizations information security threats due to disclosure of information by their employees on their sites. The accessibility of OSN to anyone, at any time, using any devices, causes confidential and sensitive organizational information to be disclosed to unauthorised individuals, whether accidentally or intentionally. This study aims to explore this current phenomenon by investigating OSN use behaviour among employees that leads to information leakage through the lens of Decomposed Theory of Planned Behavior. It also seeks to investigate the strategies utilized by organizations to control such use and propose a control framework that effectively safeguards organizational information security from this threat

A conceptual framework for measuring the acceptance of pervasive learning

The technological innovation and advancements in smart phones and wireless communication have reformed learning techniques such as Pervasive Learning (P-learning), Mobile Learning (m learning) and Electronic Learning (e-learning). P learning is the new form of innovative technologies for learning that occurs at the user’s will at anywhere, anytime and with any mobile or handheld devices.Students using P-learning can overcome the obstacles such as poor facilities in the classroom, gender, cultural and religious barriers, hectic personal and professional lives by providing flexibility and more than one medium for learning.This research is intended to study the specific factors influencing students as to whether accept and use these new technologies (P-learning).This study extends the existing research on Technology Acceptance Model (TAM) and will develop an integrated model of P-learning acceptance.It is also expected that this research study will help provide strategies for educators in the development and implementation of courses designed to integrate technology. This study employs mixed research methods for triangulation to get the desired research results.The data for this research is collected through focus group and a cross sectional questionnaire survey

Advanced persistent threats awareness and readiness: a case study in Malaysian financial institutions

Advanced Persistent Threats (APT) has targeted the financial institutions (FI) for intelligence gathering on sensitive customer information and monetize the attack. APT could cause disastrous impact to the targeted FI and the country's economy if there is a lack of preparation to confront these challenges and attacks. A case study on local FI was carried out to examine the influencing factors of APT awareness among FI's cybersecurity practitioners and to investigate the security strategies employed by FI to protect them from APT attacks. Feedback from CyberSecurity Malaysia (CSM) was sought to validate the findings. It was found that the factors that influence APT awareness in local FI include the emphasis on informal learning on APT, attackers' financial motivation, the FI's reputational risks and the availability of financial regulatory requirements to combat any cybersecurity risks. The awareness has led cybersecurity practitioners in local FI to implement advanced security technologies and integrated security controls as their readiness to defend FI against APT attacks

Persuasive technology from Islamic perspective

The effective use of persuasive technology in health, computing, sales, education, environment, etc is rapidly expanding. Persuasive technology is efficient in changing the attitudes and behaviours of end users. This paper demonstrates how persuasive technology and its design factors proposed in FBM are associated with the Islamic perspective from the Quran and Hadith. This paper starts by explaining the ethics of persuasive technology and discussing persuasive technology and its principal design factors in the Islamic perspective. The paper also discusses the extent to which Islamic principles enhance the concept of persuasive technology as an interactive computing system that could change attitudes and behaviours. In particular, this paper discusses how practices and principles of the design factors of persuasive technology were identified and applied in early Islamic era. The conceptual findings assert that Islamic principles are a universal and contemporary religion that cares for persuasive technology concepts

A case analysis of securing organisations against information leakage through online social networking

The inadvertent leakage of sensitive information through Online Social Networking (OSN) represents a significant source of security risk to organisations. Leakage of sensitive information such as trade secrets, intellectual property and personal details of employees can result in a loss of competitive advantage, loss of reputation, and erosion of client trust. We present 4 case studies which examine drivers for employee leakage behaviour and corresponding security management strategies. Drawing on these case studies, we present a maturity framework for organisational OSN Leakage Mitigation Capability (OSN-LMC) and lessons learned from the case analysis

Responsibility-value alignment in information security governance

This paper contributes by discussing the categorization of responsibilities of top management in information security to the four (4) leadership characteristics in Islam as defined and showed by the Prophet Muhammad (PBUH). Contemporary studies, mostly from the West explores the responsibilities of the top management in information security. However, without binding the responsibilities to a specific set of virtue ethics, it will only become a set of tasks rather than responsibilities. Therefore, based on the literature review, this paper introduces a conceptual model that describe the categorization of management’s responsibilities in information security governance to the four (4) Islamic leadership principles – Truthfulness, Trustworthiness, Advocacy and Wisdom. This model allows researchers and practitioners to understand and appreciate the accountability of top management in steering information security initiatives in their organizations from Islamic perspective

Persuasive technology for improving information security awareness and behavior: literature review

The use of Persuasive Technology in various fields is rapidly increasing. It can be applied in many fields such as computing, marketing, sales, environment, education, and health. Persuasive Technology has been found effective in bringing a required change in users' behaviors and attitudes. However, the use of persuasive technology is scarce in the field of Information Security awareness. This paper reviews extensive literature review which focuses on a perspective on how to create awareness among users for good information security practices by applying Persuasive Technology techniques and approaches. The conceptual findings suggest there is a tremendous potential of Persuasive Technology to be applied to persuade users to change their behavior and perception toward Information Security practices