Enhanced risk assessment equation for IPV6 deployment

Deploying IPv6 concomitant with the emerging technologies exposes the enterprise networks to the unforeseen threats as well as the existing threats.In mitigating the threats, calculating the risks value for each of the identified threats is vital. However, the existing equation for risk assessment is inappropriate to be applied in assessing the risks in IPv6 because of their limitation in asset determination.Therefore, this paper highlights the modification made in the existing risk assessment equation.The enhanced risk assessment equation is used to calculate the risk value for IPv6 deployment.The enhanced equation adapts three elements: confidentiality, integrity and availability in achieving security goals. The importance of having the enhanced equation is it enables the network administrator to calculate the potential risks for each of the potential IPv6 attack.Securing the enterprise networks is an iterative process that has no ended points. Hence, it is crucial to modify and adapt a proper equation when performing the risk assessment.In the future, more experiments will be conducted to test for feasibility of the equation

Business technology innovation as a precursor to information security risks

Abstract: Business technology research has often focused on value creation of platforms that leverage on execution of innovative strategies. This work espouses organizational innovation and the pursue of strategies that may at times result to unintended consequences on the security of business information systems. The organizational innovation theory is applied as a theoretical lens to explain the impact of innovation on information security. A quantitative mono-method of analysis was used to analyze data using statistical methods with a view to identify innovation constructs and testing relationships to find which had the most significant impact to the security of business information systems. The findings of the work undertaken provides useful insights to businesses by showing that constructs such as innovative design, structure and skill sets were most likely to exacerbate security risk to business information systems if these innovations were not in alignment to business goals. The importance of this research is that businesses need to take consideration of information security risks when being innovative

The design and evaluation of a user-centric information security risk assessment and response framework

Abstract: The risk of sensitive information disclosure and modification through the use of online services has increased considerably and may result in significant damage. As the management and assessment of such risks is a well-known discipline for organizations, it is a challenge for users from the general public. Users have difficulties in using, understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. Motivated by the lack of risk assessment solutions and limited impact of awareness programs tailored for users of the general public, this paper aims to develop a structured approach to help in protecting users from threats and vulnerabilities and, thus, reducing the overall information security risks. By focusing on the user and that different users react differently to the same stimuli, the authors developed a user-centric risk assessment and response framework that assesses and communicates risk on both user and system level in an individualized, timely and continuous way. Three risk assessment models were proposed that depend on user-centric and behavior-related factors when calculating risk. This framework was evaluated using a scenario-based simulation of a number of users and results analyzed. The analysis demonstrated the effectiveness and feasibility of the proposed approach. Encouragingly, this analysis provided an indication that risk can be assessed differently for the same behavior based upon a number of user-centric and behavioral-related factors resulting in an individualized granular risk score/level. This granular risk assessment, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks

The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework

Abstract: The risk of sensitive information disclosure and modification through the use of online services has increased considerably and may result in significant damage. As the management and assessment of such risks is a well-known discipline for organizations, it is a challenge for users from the general public. Users have difficulties in using, understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. Motivated by the lack of risk assessment solutions and limited impact of awareness programs tailored for users of the general public, this paper aims to develop a structured approach to help in protecting users from threats and vulnerabilities and, thus, reducing the overall information security risks. By focusing on the user and that different users react differently to the same stimuli, the authors developed a user-centric risk assessment and response framework that assesses and communicates risk on both user and system level in an individualized, timely and continuous way. Three risk assessment models were proposed that depend on user-centric and behavior-related factors when calculating risk. This framework was evaluated using a scenario-based simulation of a number of users and results analyzed. The analysis demonstrated the effectiveness and feasibility of the proposed approach. Encouragingly, this analysis provided an indication that risk can be assessed differently for the same behavior based upon a number of user-centric and behavioral-related factors resulting in an individualized granular risk score/level. This granular risk assessment, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks

Conceptualising antecedents of systems innovation on information security risks

Abstract : This research represents a comprehensive conceptualisation of antecedents of systems innovation and how they affect systems innovation in an organisational context. It further examines the relationship between information security risks and systems innovation. Antecedents of systems innovation are identified based on the existing theories such as Diffusion of Innovation (DoI) and Organisational Innovation. This research makes use of new systems and technologies which include Big Data/Cloud Computing, Blockchain, Internet of Things (IoT), Virtual/Augmented reality and Artificial Intelligence (AI) to examine organisations strides towards systems innovation. This research is underpinned by the increase in systems innovation and the growing concerns of information security risks faced by organisations. A quantitative method of analysis was used to analyse data using statistical methods with a view to identify relationships between variables. Data collected shows that systems and technology must have increased benefits in order to be adopted and the complexity of systems does not affect the adoption of such systems and technologies. Individual characteristics were found to have no effect in systems innovation whereas organisational and environmental elements highly influence innovation in the organisation. A relationship could not be established between systems innovation and information security risks. This research highlights the importance of ensuring that new systems and technologies adds value to the organisation and equally important is to ensure management of organisational and environmental elements that affect systems innovation. Information security risks should also not be a deterrence for systems innovation.M.Com. (Business Management

A Model for User-centric Information Security Risk Assessment and Response

Managing and assessing information security risks in organizations is a well understood and accepted approach, with literature providing a vast array of proposed tools, methods and techniques. They are, however, tailored for organizations, with little literature supporting how these can be achieved more generally for end-users, i.e. users, who are solely responsible for their devices, data and for making their own security decisions. To protect against them, technical countermeasures alone has been found insufficient as it can be misused by users and become vulnerable to various threats. This research focuses on better understanding of human behavior which is vital for ensuring an efficient information security environment. Motivated by the fact that different users react differently to the same stimuli, identifying the reasons behind variations in security behavior and why certain users could be “at risk” more than others is a step towards developing techniques that can enhance user’s behavior and protect them against security attacks. A user survey was undertaken to explore users security behavior in several domains and to investigate the correlation between users characteristics and their risk taking behavior. Analysis of the results demonstrated that user’s characteristics do play a significant role in affecting their security behavior risk levels. Based upon these findings, this study proposed a user-centric model that is intended to provide a comprehensive framework for assessing and communicating information security risks for users of the general public with the aim of monitoring, assessing and responding to user’s behavior in a continuous, individualized and timely manner. The proposed approach is built upon two components: assessing risks and communicating them. Aside from the traditional risk assessment formula, three risk estimation models are proposed: a user-centric, system-based and an aggregated model to create an individualized risk profile. As part of its novelty, both user-centric and behavioral-related factors are considered in the assessment. This resulted in an individualized and timely risk assessment in granular form. Aside from the traditional risk communication approach of one message/one-size-fits-all, a gradual response mechanism is proposed to individually and persuasively respond to risk and educate the user of his risk-taking behavior. Two experiments and a scenario-based simulation of users with varying user-centric factors has been implemented to simulate the proposed model, how it works and to evaluate its effectiveness and usefulness. The proposed approach worked in the way it was expected to. The analysis of the experiments results provided an indication that risk could be assessed differently for the same behavior based upon a number of user-centric and behavioral-related factors resulting in an individualized granular risk score/level. This granular risk assessment, away from high, medium and low, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks