Conceptualizing human resilience in the face of the global epidemiology of cyber attacks

Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime

Assessment of users\u27 information security behavior in smartphone networks

With the exponential growth of smartphone usage, providing information security has become one of the main challenges that researchers and information-security specialists must consider. In contrast to traditional mobile phones that only enable people to talk and text, smartphone networks give users a variety of convenient functions such as connection to the Internet, online shopping, e-mail and social media, data storage, global positioning systems, and many other applications. Providing security in smartphone networks is critical for the overall information security of individuals and businesses. Smartphone networks could become vulnerable to security breaches if users do not practice safe behaviors such as selecting strong passwords, encrypting their stored data, downloading applications only from authorized websites, not opening emails from unknown sources, and updating authorized security patches. Users of smartphone devices play an important role in providing information security in smartphone networks, which affects the information security of private and public networks. This study assessed the factors that affect users’ security behavior on smartphone networks. By reviewing the theoretical frameworks that evaluate human behavior, this study formed a research model. The research model identified attitude, intention, computing experience, breaching experience, and facilitation condition as the main and direct factors that influence information security behavior in smartphone networks. This study performed several analyses on the investigator-developed survey questionnaire to ensure validity and reliability. Examining all of the proposed direct constructs, this study found that users’ facilitation condition does not have significant impact on the information security behavior in smartphones. This research also showed that gender and employment status have moderating effects on several hypothesized paths. The findings of this research could help information security developers to design better systems that could provide stronger information security for individuals and businesses that share their networks with users’ smartphones

Understanding User Perception and Intention to Use Smart Homes for Energy Efficiency: A Survey

The positive impact of Smart Homes on energy efficiency is heavily dependent on how consumers use the system after adoption. While the technical aspects of Smart Home systems and their potential to reduce energy usage is a focus of various studies, there is a limited consideration of behavioral psychology while designing systems for energy management. To investigate users' perception and intention to use Smart Homes to support energy efficiency, we design a research model by combining a theory of planned behavior and the norm activation model. We design a questionnaire and conduct a survey targeting current smart home users (over 350 responses). To analyze the survey results, we extend the partial least squares structural equation modeling (PLS-SEM) by a random forest algorithm. The findings suggest that personal norms have the strongest influence on behavioral intention to use Smart Homes for energy efficiency, followed by the ascription of responsibility. Furthermore, the results support the effects of attitudes, subjective norms, awareness of consequences, as well as the moderating effect of past behavior on the relationship between personal norms and behavioral intentions

Risk homeostasis in information security:challenges in confirming existence and verifying impact

The central premise behind risk homeostasis theory is that humans adapt their behaviors, based on external factors, to align with a personal risk tolerance level. In essence, this means that the safer or more secure they feel, the more likely it is that they will behave in a risky manner. If this effect exists, it serves to restrict the ability of risk mitigation techniques to effect improvements.The concept is hotly debated in the safety area. Some authors agree that the effect exists, but also point out that it is poorly understood and unreliably predicted. Other re-searchers consider the entire concept fallacious. It is important to gain clarity about whether the effect exists, and to gauge its impact if such evidence can indeed be found.In this paper we consider risk homeostasis in the context of information security. Similar to the safety area, information security could well be impaired if a risk homeostasis effect neutralizes the potential benefits of risk mitigation measures. If the risk homeostasis effect does indeed exist and does impact risk-related behaviors, people will simply elevate risky behaviors in response to feeling less vulnerable due to following security procedures and using protective technologies.Here we discuss, in particular, the challenges we face in confirming the existence and impact of the risk homeostasis effect in information security, especially in an era of ethical research practice

Browser Update Practices in Households: Insights from Protection Motivation Theory and Customer Satisfaction

Web Browser is the most common tool used for surfing the Internet. With personal computer users growing by leaps and bounds, the use of browsers is also increasing at a similar rate. Outdated versions of browsers have security flaws and hence represent a significant threat to the cyber infrastructure. Yet many users do not keep their browsers updated. Given the fact that voluntariness of action characterizes personal computer users\u27 security behavior, we argue that satisfaction derived from using the browser along with perceptions of threat severity and vulnerability play an important role in browser update intention. However, considering the inconsistency of household computer users\u27 behavior, we posit that urgency plays a role in the browser update behavior. Using a combined model of Customer Satisfaction and Protection Motivation Theory along with positive and negative urgency as direct antecedents’ to behavior, we evaluate the important antecedents to browser update intentions

Information security behaviour : a descriptive analysis on a Malaysian public university

The critical issues of information security have gradually increased. Effective information security management require a great understanding both technological and human dimensions. Thus, the purpose of this research is to investigate the university student?s behavior towards information security and to examine factors influencing information security behavior. The study adopted the quantitative approach by conducting a survey among students in one of the public universities in Malaysia. Questionnaires were distributed to the targeted respondents. Then, the SPSS software was used to systematically analyze all data obtained and generate statistical information and detailed analyses of the survey results. This study is helpful in exploring issues related to information security behavior. Hopefully, this study contributed to an understanding of the influencing factors towards the university students? behavior in relation to information security

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Why Do Employees Report Cyber Threats? Comparing Utilitarian and Hedonic Motivations to Use Incident Reporting Tools

Organizational cybersecurity is threatened by increasingly sophisticated cyberattacks. Early detection of such threats is paramount to ensure organizations’ welfare. Particularly for advanced cyberattacks, such as spear phishing, human perception can complement or even outperform technical detection procedures. However, employees’ usage of reporting tools is scarce. Whereas prior cybersecurity literature has limited its scope to utilitarian motives, we specifically take hedonic motives in the form of warm glow into account to provide a more nuanced understanding of cyber incident reporting behavior. Drawing on a vignette experiment, we test how the design features of report reasoning and risk indication impact users’ reporting tool acceptance. The results of our mediation analysis offer important contributions to information systems literature by uncovering the dominant and under-investigated role of hedonic motives in employees’ cyber incident reporting activities. From a practice perspective, our findings provide critical insights for the design of cyber incident reporting tools