Post-mortem information management: exploring contextual factors in appropriate personal data access after death

\ua9 2024 The Author(s). Published with license by Taylor & Francis Group, LLC.With the increasing size and complexity of personal information and data landscapes, there is a need for guidance and support in the appropriate management of a deceased person’s postmortem privacy and digital legacy. However, most people engage poorly with existing mechanisms for specifying and planning for access and suitable usage of their own data. We report on two studies exploring the ways in which contextual factors such as the accessor and the data type may affect the appropriateness of personal data flows differently during life and after death. Our findings indicate that suitable data access after death is highly individual and contextual, with differences in appropriateness between during-life and after-death data flows significantly affected by the accessor and the data type in question. We identify that ambiguous accessor motivation, failure to communicate intent, changing temporal context and latent data values further complicate the act of digital legacy planning. Our findings also provide further evidence for the existence of a postmortem privacy paradox in which reported user behaviors do not reflect intent. With this in mind, we offer design recommendations for the integration of digital legacy planning functionality within Personal Information Management (PIM) and Group Information Management (GIM) systems

Developing a Systematic Process for Mobile Surveying and Analysis of WLAN security

Wireless Local Area Network (WLAN), familiarly known as Wi-Fi, is one of the most used wireless networking technologies. WLANs have rapidly grown in popularity since the release of the original IEEE 802.11 WLAN standard in 1997. We are using our beloved wireless internet connection for everything and are connecting more and more devices into our wireless networks in every form imaginable. As the number of wireless network devices keeps increasing, so does the importance of wireless network security. During its now over twenty-year life cycle, a multitude of various security measures and protocols have been introduced into WLAN connections to keep our wireless communication secure. The most notable security measures presented in the 802.11 standard have been the encryption protocols Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Both encryption protocols have had their share of flaws and vulnerabilities, some of them so severe that the use of WEP and the first generation of the WPA protocol have been deemed irredeemably broken and unfit to be used for WLAN encryption. Even though the aforementioned encryption protocols have been long since deemed fatally broken and insecure, research shows that both can still be found in use today. The purpose of this Master’s Thesis is to develop a process for surveying wireless local area networks and to survey the current state of WLAN security in Finland. The goal has been to develop a WLAN surveying process that would at the same time be efficient, scalable, and easily replicable. The purpose of the survey is to determine to what extent are the deprecated encryption protocols used in Finland. Furthermore, we want to find out in what state is WLAN security currently in Finland by observing the use of other WLAN security practices. The survey process presented in this work is based on a WLAN scanning method called Wardriving. Despite its intimidating name, wardriving is simply a form of passive wireless network scanning. Passive wireless network scanning is used for collecting information about the surrounding wireless networks by listening to the messages broadcasted by wireless network devices. To collect our research data, we conducted wardriving surveys on three separate occasions between the spring of 2019 and early spring of 2020, in a typical medium-sized Finnish city. Our survey results show that 2.2% out of the located networks used insecure encryption protocols and 9.2% of the located networks did not use any encryption protocol. While the percentage of insecure networks is moderately low, we observed during our study that private consumers are reluctant to change the factory-set default settings of their wireless network devices, possibly exposing them to other security threats

The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia

Conference Foreword The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Report: Authentication Diary Study

Users have developed various coping strategies for minimizing or avoiding the friction and burden associated with managing and using their portfolios of user IDs and passwords or personal identification numbers (PINs). Many try to use the same password (or different versions of the same password) across different systems. Others use memory aids or technological assistants such as password management software. We were interested in these coping strategies and the ,friction pointsŠ that prompt people to use them. More broadly, we wanted to address a pressing research need by gathering data for user-centered models of how people interact with security as part of their daily life, as empirical research in that area is currently lacking

The Future of Medical Device Regulation and Standards: Dealing with Critical Challenges for Connected, Intelligent Medical Devices

The paper reviews the main trends in the existing standards and regulatory landscape applicable to connected, intelligent medical devices (CIMDs) and captures critical challenges and potential gaps in this area. Based on interviews and a roundtable with key experts and practitioners in the field, the White Paper identifies several critical challenges that should inform the future development of standards and guidelines applicable to CIMDs, with a specific focus on artificial intelligence, cybersecurity, and data governance issue

An Empirical Assessment of the Use of Password Workarounds and the Cybersecurity Risk of Data Breaches

Passwords have been used for a long time to grant controlled access to classified spaces, electronics, networks, and more. However, the dramatic increase in user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure a high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. The increased use of IS as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password entropy, users still often participate in deviant password behaviors, known as ‘password workarounds’ or ‘shadow security.’ These deviant password behaviors can put individuals and organizations at risk, resulting in data privacy. This study, engaging 303 IS users and 27 Subject Matter Experts (SMEs), focused on designing, developing, and empirically validating Password Workaround Cybersecurity Risk Taxonomy (PaWoCyRiT)—a model supported on perceived cybersecurity risks from Password Workarounds (PWWA) techniques and their usage frequency. A panel of SMEs validated the PWWA list from existing literature with recommended adjustments. Additionally, the perception level of the cybersecurity risks of each technique was measured from the 27 SMEs and 303 IS users. They also provided their self-reported and reported on coworkers\u27 engagement frequencies related to the PWWA list. Noteworthy, significant differences were found between SMEs and IS users in their aggregated perceptions of cybersecurity risks of the PWWAs, with IS users perceiving higher risks. Engagement patterns varied between the groups, as well as factors like years of IS experience, gender, and job level had significant differences among groups. The PaWoCyRiT was developed to provide insights into password-related risks and behaviors

The Relationship between Computer Skills and the Levels of Technostress among Faculty and Academic Librarians from Selected Institutions within the University System of Georgia

The struggle to adjust to rapid technological change has increased for the majority of the population, especially those in higher education. Change is an inevitable part of society and each individual handles change differently. Furthermore, technology\u27s effect on society, and in particular on higher education, has been positive and negative. There has been resistance to the increased development and use of technology and this resistance may be dependent upon certain factors such as age, sex, and computer experience. The intent of this study was to determine if computer skills relate to the levels of technostress among faculty in the Colleges of Business and Education, and academic librarians. Participants in this study were selected from four University System of Georgia institutions. Participants were given a choice of completing the survey traditionally or on-line. Three hundred twenty seven surveys were completed resulting in a return rate of 32.8%. Major conclusions from the study included (1) negative weak relationships existing between computer skills and technostress levels among the three participant groups, (2) business faculty reporting the highest computer skills rating even though the results were not statistically significant, (3) although academic librarians reported the most severe levels of technostress, their level of severity did not differ significantly from the severity levels of technostress among the business and education faculty, (4) no statistical differences based on sex, rank, or tenure existed in computer skills levels or the technostress levels between the three participant groups, (5) although not statistically significant, females reported lower technostress levels contrary to the literature reviewed, and (6) causes of and solutions for coping with technostress varied depending on the task and the person completing the task

Dealing with digital service closure

People integrate digital services into their day-to-day lives, often with the assumption that they will always be available. What happens when these services close down? The introduction of services might be carefully planned, but their closure may not benefit from the same degree of consideration. A more developed understanding of the effects of closures might make it possible to minimize negative consequences for users. This paper builds on sustainability, digital memories, and collaborative-work research through an empirical investigation of service closure. Fifty-five participants completed a questionnaire that solicited experiences of service closure and attitudes toward prospective closure. Through a qualitative analysis of participant responses, we synthesized six themes that reflected the practical and emotional effects of service closure on people: disempowerment, disconnection, loss of capability, trust, time and effort, and notice periods. We make suggestions for ways that service features related to these themes might be managed during closure, but also identify less tractable challenges: as part of this investigation, we introduce and develop the concept of service patinas to describe the important but entirely service-bound data that contextualize digital artefacts

Local Government Cybersecurity: How Michigan Counties Cope with Cyber Threats

In the age of global interconnectedness, we can all be equally affected by cyberattacks. Given the evolving nature of threat landscapes, comprehensive and preemptive practices are needed now more than ever to keep local government and citizen data secure. According to Recorded Future, in 2019, local U.S. government infrastructure was targeted by ransomware attacks 100 times. Cyber threats to local government systems have been increasing exponentially over the last several years, and the frequency of attacks will only continue to grow. Although cyberattacks on local government entities are rising every year, the challenges county IT departments face in combating the thousands of yearly attacks remains largely unexamined. This research study aims to understand how Michigan counties are currently protecting their IT systems, define the challenges they face in improving their cybersecurity posture, and address the potential improvements regarding current cybersecurity practices. This thesis addresses these goals through semi-structured interviews and a post-interview questionnaire with local government IT leaders across the State of Michigan. The results of this research study found challenges local Michigan governments face in enhancing their county's culture of cybersecurity, operating with limited funding and support, and inability to properly utilize state resources due to limited staffing needed to operationalize. A surprising finding was learning how essential communication and relationship building are to cybersecurity and how these relationships impact the culture of cybersecurity in an organization. By identifying these challenges, policymakers can introduce evidence-based policies that will address the essential needs of local Michigan counties and provide actionable and implementable solutions. Additionally, it will enable researchers and cybersecurity professionals to develop recommendations and mitigating solutions to improve local Michigan government cybersecurity.Master of Science in InformationSchool of Informationhttp://deepblue.lib.umich.edu/bitstream/2027.42/168552/1/20210511_Duque,Marilu_Final_MTOP_Thesis.pd

Information Systems Security Countermeasures: An Assessment of Older Workers in Indonesian Small and Medium-Sized Businesses

Information Systems (IS) misuse can result in cyberattacks such as denial-of-service, phishing, malware, and business email compromise. The study of factors that contribute to the misuse of IS resources is well-documented and empirical research has supported the value of approaches that can be used to deter IS misuse among employees; however, age and cultural nuances exist. Research focusing on older workers and how they can help to deter IS misuse among employees and support cybersecurity countermeasures within developing countries is in its nascent stages. The goal of this study was two-fold. The first goal was to assess what older workers within Indonesian Small to Medium-sized Businesses (SMBs) do to acquire, apply, and share information security countermeasures aimed at mitigating cyberattacks. The second goal was to assess if and how younger workers share information security countermeasures with their older colleagues. Using a qualitative case study approach, semi-structured interviews were conducted with five dyads of older (50-55 years) and younger (25-45 years) workers from five SMBs in Jakarta, Indonesia. A thematic analysis approach was used to analyze the interview data, where each dyad represented a unit of analysis. The data were organized into three main themes including 1) Indonesian government IS policy and oversight, which included one topic (stronger government IS oversight needed); 2) SMB IS practices, which included three topics (SMB management issues, SMB budget constraints, SMB diligent IS practices, and IS insider threat); and 3) SMB worker IS practices, which included three topics (younger worker job performance, IS worker compliance issues, older worker IS practices) and five sub-topics under older worker IS practices (older worker diligent in IS, older worker IS challenged, older worker riskier IS practices, older worker more IS dependent, and older worker more forgetful on IS practices). Results indicated that older and younger workers at Indonesian SMBs acquire, apply, and share information security countermeasures in a similar manner: through IS information dissemination from the SMB and through communication from co-workers. Also, while younger workers share IS countermeasures freely with their older co-workers, some have negative perceptions that older co-workers are slower and less proficient in IS. Overall, participants reported positive and cohesive teamwork between older and younger workers at SMBs through strong IS collaboration and transparent information sharing. The contribution of this research is that it provides valuable empirical data on older worker behavior and social dynamics in Indonesian organizations. This was a context-specific study aimed at better understanding the situationalities of older workers within organizations in the developing country of Indonesia and how knowledge is shared within the organization. This assessment of cybersecurity knowledge acquisition, skill implementation, and knowledge sharing contributes to the development of organization-wide cybersecurity practices that can be used to strengthen Indonesian SMBs and other organizations in developing countries. This study also provides a blueprint for researchers to replicate and extend this line of inquiry. Finally, the results could shed light on how older workers can be a productive part of the solution to information security issues in the workplace