Information Security Management: Factors that Influence Security Investments in SMES

In the modern information economy, the security of information is critically important to organizations. Information‐security risk assessments (ISRAs) allow organizations to identify key information assets and security risks so security expenditure can be directed cost‐effectively. Unfortunately conducting ISRAs requires special expertise and tends to be complex and costly for small to medium sized organizations (SMEs). Therefore, it remains unclear in practice, and unknown in literature, how SMEs address information security imperatives without the benefit of an ISRA process. This research makes a contribution to theory in security management by identifying the factors that influence key decision-makers in SMEs to address information security risks. The study has identified three key motivating factors from a series of case studies. Firstly, the need for sufficient information security to maintain reputation with external clients whilst conforming to the level of information security practices typical in industry culture. Secondly, (mis)perceptions of the existing state of information security and level of exposure to security threats in the organization. Thirdly, the perceived need to focus on higher corporate business priorities rather than on information security

Risk assessment of email accounts: Difference between perception and reality

The use of Internet is associated with a growing number of security threats. This thesis analyzes how users perceive the security of their email account based on the email account provider. With our study, we aim to contribute to the information security systems literature in three ways: First, by taking a more complete view on security online, and reviewing the concept of usable security, usability, human-computer interaction, trust and user perception. Second, by performing an analysis of providers of online services specifically emails. Third, by applying a renowned risk analysis method called Information Security Risk Analysis Method (ISRAM) for risk assessment. The ISRAM analysis revealed that Hotmail, Gmail and Yahoo email accounts have a medium risk level, while the reality analysis demonstrated no clearly more secure account provider with only low level risk counts

A malware threat avoidance model for online social network users

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonThe main purpose of this thesis is to develop a malware threat avoidance model for users of online social networks (OSNs). To understand the research domain, a comprehensive and systematic literature review was conducted and then the research scope was established. Two design science iterations were carried out to achieve the research aim reported in this thesis. In the first iteration, the research extended the Technology Threat Avoidance Theory (TTAT) to include a unique characteristic of OSN – Mass Interpersonal Persuasion (MIP). The extended model (TTAT-MIP), focused on investigating the factors that needs to be considered in a security awareness system to motivate OSN users to avoid malware threats. Using a quantitative approach, the results of the first iteration suggests perceived severity, perceived threat, safeguard effectiveness, safeguard cost, self-efficacy and mass interpersonal persuasion should be included in a security awareness system to motivate OSN users to avoid malware threats. The second iteration was conducted to further validate TTAT-MIP through a Facebook video animation security awareness system (referred in this thesis as Social Network Criminal (SNC)). SNC is a Web-based application integrated within Facebook to provide security awareness to OSN users. To evaluate TTAT-MIP through SNC, three research techniques were adopted: lab experiments, usability study and semi-structured interviews. The results suggest that participants perceived SNC as a useful tool for malware threat avoidance. In addition, SNC had a significant effect on the malware threat avoidance capabilities of the study participants. Moreover, the thematic analysis of the semi-structured interviews demonstrated that the study participants‘ found SNC to be highly informative; persuasive; interpersonally persuasive; easy to use; relatable; fun to use; engaging; and easy to understand. These findings were strongly related to the constructs of TTAT-MIP. The research contributes to theory by demonstrating a novel approach to design and deploy security awareness systems in a social context. This was achieved by including users‘ behavioural characteristic on the online platform where malware threats occur within a security awareness system. Besides, this research shows how practitioners keen on developing systems to improve security behaviours could adopt the TTAT-MIP model for other related contexts

Reducing Payment-Card Fraud

Critical public data in the United States are vulnerable to theft, creating severe financial and legal implications for payment-card acceptors. When security analysts and managers who work for payment card processing organizations implement strategies to reduce or eliminate payment-card fraud, they protect their organizations, consumers, and the local and national economy. Grounded in Cressey’s fraud theory, the purpose of this qualitative single case study was to explore strategies business owners and card processors use to reduce or eliminate payment-card fraud. The participants were 3 data security analysts and 1 manager working for an international payment card processing organization with 10 years or more experience working with payment card fraud detection in the southeastern United States. The data collection process was face-to-face semistructured interviews and review of company documentation. Within-case analysis, pattern matching, and methodological triangulation were used to identify 4 themes. The key themes related to artificial intelligence, cardholder and acceptor education, enhanced security strategies, and Payment Card Industry Data Security Standard (PCI-DSS) rules and regulations to reduce or end card fraud. The key recommendations are enforcement of stricter PCI-DSS rules and regulations for accepting payment cards at the acceptor and processor levels to reduce the potential for fraud through the use of holograms and card reader clearance between customers. The implications for social change include the potential to reduce costs to consumers, reduce overhead costs for businesses, and provide price reductions for consumers. Additionally, consumers may gain a sense of security when using their payment-card for purchases

A Mobile Security Document Collection

Mobile security refers to the safeguarding of a device's (often a smartphone) data against potential viral threats resulting in a user invasion of privacy. As part of this Master's paper, a Mobile Security document collection and an accompanying Wordpress website were created. The intent of this project is to make it easier for smartphone users to learn about security issues. The collection is composed of documents categorized as: academic, best practices, consumer, corporate, government document, how-to, magazine and product review. Each category is associated with key term subject tags.Master of Science in Information Scienc

Generation Y’s Behavioural Usage of Small Businesses’ Retail Websites in Canada

This research delves into the factors that influence Generation Y’s usage of Canadian small businesses’ retail websites in order to suggest how they can be attracted to use them more. Based on the Use of Technology Two (UTAUT2) theory, questionnaire survey and semi-structured interviews revealed linkages between Behavioural Intention, Habit, Facilitating Conditions and Use Behaviour with demographic variables moderating some relationships. Improving the website designs and social media marketing can entice Generation Y consumers

Aspects of internet security: identity management and online child protection

This thesis examines four main subjects; consumer federated Internet Identity Management (IdM), text analysis to detect grooming in Internet chat, a system for using steganographed emoticons as ‘digital fingerprints’ in instant messaging and a systems analysis of online child protection. The Internet was never designed to support an identity framework. The current username / password model does not scale well and with an ever increasing number of sites and services users are suffering from password fatigue and using insecure practises such as using the same password across websites. In addition users are supplying personal information to vast number of sites and services with little, if any control over how that information is used. A new identity metasystem promises to bring federated identity, which has found success in the enterprise to the consumer, placing the user in control and limiting the disclosure of personal information. This thesis argues though technical feasible no business model exists to support consumer IdM and without a major change in Internet culture such as a breakdown in trust and security a new identity metasystem will not be realised. Is it possible to detect grooming or potential grooming from a statistical examination of Internet chat messages? Using techniques from speaker verification can grooming relationships be detected? Can this approach improve on the leading text analysis technique – Bayesian trigram analysis? Using a novel feature extraction technique and Gaussian Mixture Models (GMM) to detect potential grooming proved to be unreliable. Even with the benefit of extensive tuning the author doubts the technique would match or improve upon Bayesian analysis. Around 80% of child grooming is blatant with the groomer disguising neither their age nor sexual intent. Experiments conducted with Bayesian trigram analysis suggest this could be reliably detected, detecting the subtle, devious remaining 20% is considerably harder and reliable detection is questionable especially in systems using teenagers (the most at risk group). Observations of the MSN Messenger service and protocol lead the author to discover a method by which to leave digitally verifiable files on the computer of anyone who chats with a child by exploiting the custom emoticon feature. By employing techniques from steganography these custom emoticons can be made to appear innocuous. Finding and removing custom emoticons is a non-trivial matter and they cannot be easily spoofed. Identification is performed by examining the emoticon (file) hashes. If an emoticon is recovered e.g. in the course of an investigation it can be hashed and the hashed compared against a database of registered users and used to support non-repudiation and confirm if an individual has indeed been chatting with a child. Online child protection has been described as a classic systems problem. It covers a broad range of complex, and sometimes difficult to research issues including technology, sociology, psychology and law, and affects directly or indirectly the majority of the UK population. Yet despite this the problem and the challenges are poorly understood, thanks in no small part to mawkish attitudes and alarmist media coverage. Here the problem is examined holistically; how children use technology, what the risks are, and how they can best be protected – based not on idealism, but on the known behaviours of children. The overall protection message is often confused and unrealistic, leaving parents and children ill prepared to protect themselves. Technology does have a place in protecting children, but this is secondary to a strong and understanding parent/child relationship and education, both of the child and parent

Developoing A Computer and Network Engineering Major Curriculum For Vocational High School (VHS) in Indonesia

This study aims at developing curriculum for Computer and Network Engineering major which is relevant to industrial needs. The study employed the qualitative method. The data were collected through an in-depth interview, documentation, and focus group disscussion. The research population comprised of (1) industry practitioners from computer and network engineering industries, and (2) teachers of vocational high schools in Special Region of Yogyakarta. In this qualitative research, the one who became the instrument or tool of the research was the researcher himself. Understanding the qualitative research method and the knowledge related to the field of the research, the researcher was sure that he had sufficient knowledge both academically and technically. The findings of this study consisted of four parts, namely (1) standard competence of Computer and Network Engineering major for vocational high school; (2) the curriculum of Computer and Network Engineering major that is currently implemented; (3) competences in the field of Computer and Network Engineering demanded by industries; and (4) the curricuulum of Computer and Network Engineering major that is appropriate for industrial needs

Journey of Artificial Intelligence Frontier: A Comprehensive Overview

The field of Artificial Intelligence AI is a transformational force with limitless promise in the age of fast technological growth This paper sets out on a thorough tour through the frontiers of AI providing a detailed understanding of its complex environment Starting with a historical context followed by the development of AI seeing its beginnings and growth On this journey fundamental ideas are explored looking at things like Machine Learning Neural Networks and Natural Language Processing Taking center stage are ethical issues and societal repercussions emphasising the significance of responsible AI application This voyage comes to a close by looking ahead to AI s potential for human-AI collaboration ground-breaking discoveries and the difficult obstacles that lie ahead This provides with a well-informed view on AI s past present and the unexplored regions it promises to explore by thoroughly navigating this terrai

E-COMMERCE

Preface ................................................ 7 Introduction ........................................... Chapter 1. KNOWLEDGE MANAGEMENT PECULIARITIES IN E- 9 BUSINESS: ACTUALITY AND TENDENCIES ......... 12 Introduction............................................ 1.1. The importance of knowledge management to increase the 12 efficiency of the organisations activity in e-business ...... 15 1.2. Employee competency integrated assessment in e-business 1.2.1.Theoretical evaluation aspects of factors affecting em- 19 ployee competency .......................................... 1.2.2. The identification of the factors affecting the employee 21 competency ................................................ 1.2.3. Concept complex competency assessment model of e- 26 business organisation ........................................ 1.3. Analysis of factors motivating human resources in e-busi- 33 ness .................................................. 1.3.1. Theoretical evaluation aspects of factors affecting human 34 resources motivation ........................................ 1.3.2. Analysis of factors that influence the motivation of human 36 resources .................................................. 1.4. Evaluation system of factors affecting creativity in e-busi- 37 ness .................................................. 1.4.1. Theoretical evaluation aspects of factors affecting creativ- 41 ity ......................................................... 1.4.2. Identification of factors affecting creativity. Partial inte- 42 grated criterion (third stage) ................................ 48 1.4.3. Evaluation system of factors affecting creativity ........ 49 1.5. Knowledge appliance process in e-business organisation .. 1.5.1. The factors proceeding efficiency of knowledge appliance 53 process in e-business ........................................ 1.5.2. The selection of the method to evaluate efficiency of know- 56 ledge appliance process in e-business ......................... 59 Conclusions ........................................... 60 Self test questions ..................................... 63 References ............................................ Chapter 2. CONTENT MANAGEMENT IN VIRTUAL ORGANIZA 64 TIONS ............................................... 70 5 Table of Contents Introduction ........................................... 2.1. A systematical approach to automate content management 70 in a vitual ogranization ................................. 71 2.2. The concept of the content. Content Management ..... 73 2.3. The life cycle of the document ......................... 74 2.4. Document management in a virtual organization ........ 76 2.5. Content capture technology ............................ 77 2.6. Cloud technologies in business processes CMS .......... 83 Conclusion ............................................. 85 References ............................................ 86 Chapter 3. MARKETING COMMUNICATION IN DIGITAL AGE ... 87 Introduction ........................................... 87 3.1. The growing potential of the market ................... 88 3.2. Previous studies in e-business and e-marketing areas .... 91 3.3. The specifics of Internet marketing in B2B communication 92 3.4. E-marketing tools ..................................... 94 3.5. Social networks in marketing ........................... 98 6 3.6. Effectiveness evaluation theories ........................ 100 3.7. Website quality and efficiency evaluation ................ 101 3.8. Cases: resent research results .......................... 106 3.8.1. Online advertisements efficiency research .............. 106 3.8.2. Evaluation of Lithuanian e-shops ...................... 109 Conclusions ........................................... 110 Self test questions ..................................... 111 References ............................................ 111 Chapter 4. IMPROVING THE EFFICIENCY OF E-COMMERCE .. 116 Introduction ........................................... 116 4.1. Scientific research. E-commerce as the Internet technology 116 4.2. Promotion of e-business ............................... 120 4.3. A set of basic tools for e-business ...................... 121 4.4. Security in e-commerce ................................ 124 Conclusion ............................................ 133 Self-examination questions ............................. 133 References ............................................ 134 Chapter 5. ELECTRONIC PAYMENT SYSTEMS.................. 135 Introduction............................................ 135 5.1. The concept of electronic payments.National payment system in Russia ....................................... 136 5.2. Electronic payment systems based on «Client-Bank» and online banking ......................................... 143 5.3. Electronic payments via bank cards ..................... 151 Table of Contents 5 5.4. Electronic payments via digital cash .................... 160 5.5. Internet payment system based on virtual accounts ...... 164 Conclusion ............................................ 166 Self-examination questions ............................. 166 References ............................................ 167 Chapter 6. MANAGEMENT OF THE VIRTUAL ENTERPRISE .... 168 6.1. Virtual enterprise, electronic business, electronic commerce, model of management, manager .................... 168 6.2. Manager .............................................. 174 6.3. Channel ............................................... 175 6.4. Information environment. Knowledge ................... 175 6.5. Problem field .......................................... 176 Self-examination questions ............................. 178 References ............................................ 178 Chapter 7. INTERNET MARKETING ............................ 180 Introduction ........................................... 180 7.1. The concept and structure of the Internet Marketing .... 180 7.2. Market research on the Internet ........................ 182 7.3. Internet advertizing .................................... 187 7.3.1. The concept of Internet advertising .................... 187 7.3.2. Announcement of the search engines and search engine optimization. The concept and purpose of search engine optimization ................................................... 189 7.3.3. Search Engine Advertising ............................ 209 7.3.4. Participation in the rankings and registration in catalogs 215 7.3.5. Banner advertising ................................... 219 7.3.6. Link Exchange ....................................... 236 7.3.7. Profiling and personalization in online advertising........ 239 7.3.8. E-mail-advertising. Basic concepts and advantages e-mailadvertising ................................................. 242 7.3.9. Discussion lists ....................................... 248 7.3.10. Virus marketing. Concept and principles of virus marketing ........................................................ 251 7.3.11. Other methods of advertizing ........................ 258 7.3.12. Analysis of efficiency of Internet advertizing ........... 259 7.3.13. Methods of the collection of information, used for the analysis .................................................... 263 7.4. Marketing in social networks and blogs ................. 282 7.5. Partner programs ...................................... 287 7.6. The problem of return visitors and create a captive audience 292 7.6.1. Statement of the problem of creating a virtual community 292 7.6.2. Methods for creating a virtual community .............. 294 9 Table of Contents 7.7. Off-line support for online projects ...................... 297 Self-examination questions.............................. 298 References ............................................ 299 Chapter 8. REACHING SUSTAINABLE DEVELOPMENT GOALS THROUGH E-GOVERNMENT IN THE POST-2015 AGENDA ............................................. 301 Introduction ........................................... 310 8.1. E-government: definition, functions and stages .......... 302 8.2. E-government: global tendencies ....................... 304 8.3. Formation and development of e-government in Uzbekistan 308 Self-examination questions ............................. 314 References ............................................ 314The development of the universities’ ability to quickly respond to new demands of the labor market and to adapt, update, develop and introduce new areas of study to ensure demand for the graduates provides the participation in the international projects of the European program improving higher education «TEMPUS». The project TEMPUS — ECOMMIS («double-level training programs of e-commerce developing the information society in Russia, Ukraine and Israel») was launched in October 2011, and belongs to a class of joint projects to develop new courses and courses for bachelor’s and master’s degrees. The project consortium involves 12 universities from Germany, the Netherlands, Lithuania, Israel, Russia and Ukraine. The main objective of the project is to develop and implement new academic courses and areas of study, taking into account the current status and trends of economic development and the specific requirements of the labor market on the basis of cooperation between universities in different countries. The main feature and complexity of the project academic content of is that e-commerce as an academic concept is absolute new and it appeared just only in the last decade. It is a new interdisciplinary field of knowledge, which is located at the intersection of economics and computer science and it is not covered by the classical training courses in economics and computer science technology. The aspects of national and international law in connection with the growth of international trade, economic cooperation and the development of new Internet based technologies should be taken into account. For the project’s period of three years on the basis of international cooperation the following results were obtained: 11 Preface 1) The analysis and modernization of existing curricula in the field of e-commerce were carried out; 2) new training modules with the introduction of the European creditmodular system of accumulation and transfer transcripts units ( ECTS ) were developed; new modules and courses: e-commerce, electronic payment systems; Internet trading in the financial markets and the stockmarket systems; Information systems for financial analysis and investment; Information systems for business process modeling; corporate information systems and portals; Customer-oriented systems; Internet Marketing; electronic systems for document management; legal aspects of e-commerce; advanced course security for e-commerce were introduced; 3) two international online games to enhance practical skills in the field with online marketing and online trading were developed and conducted among university students; 4) skills training courses e-commerce for various social groups (students, housewives, pensioners, unemployed) were developed and tested; 5) business offices, e-commerce were established to strengthen cooperation between the universities in the labor market and to create the conditions of commercialization of the project results after the end of financial support from the TEMPUS Program. 6) textbooks on the topic of the project were developed and published. In May — July 2013. 62 teachers targeted universities in Israel, Russia and Ukraine received intensive training in the field of e-commerce in three European universities: FONTYS (NL), TU Berlin (DE), VGTU ( LT ). From October 2013 in target universities of Israel, Russia and Ukraine students’ training began on the courses developed in the framework of the new training courses and modules with using computer classes, equipped in accordance with the project plan with new hardware and software tools. The final stage of the project was intended to develop a five-year detailed plan for sustainable development of the results. Such plan that includes coordinated action to disseminate best practices, development of new joint courses for graduate and post-graduate students, scientificmethodical conferences, joint publications will support the further dynamics of the activities involved universities. Joint work on the implementation of the project ECOMMIS led to the emergence of sustainable professional relationships between organizations in the consortium as the training of new qualified professionals, as well as in the field of scientific and methodological developments. This is confirmed by the present collective monograph E-commerc