Empirical study of cultural dimensions and cybersecurity development

yesThis study seeks to investigate how the development of e-government services impacts on cybersecurity. The study uses the methods of correlation and multiple regression to analyse two sets of global data, the e-government development index of the 2015 United Nations e-government survey and the 2015 Inter-national Telecommunication Union global cybersecurity develop-ment index (GCI 2015). After analysing the various contextual factors affecting e-government development , the study found that, various composite measures of e-government development are significantly correlated with cybersecurity development. The therefore study contributes to the understanding of the relation-ship between e-government and cybersecurity development. The authors developed a model to highlight this relationship and have validated the model using empirical data. This is expected to provide guidance on specific dimensions of e-government services that will stimulate the development of cybersecurity. The study provided the basis for understanding the patterns in cybersecurity development and has implication for policy makers in developing trust and confidence for the adoption e-government services.National Information Technology Development Agency, Nigeria

Empirical study of the impact of e-government services on cybersecurity development

YesThis study seeks to investigate how the development of e-government services impacts on cybersecurity. The study uses the methods of correlation and multiple regression to analyse two sets of global data, the e-government development index of the 2015 United Nations e-government survey and the 2015 Inter-national Telecommunication Union global cybersecurity develop-ment index (GCI 2015). After analysing the various contextual factors affecting e-government development , the study found that, various composite measures of e-government development are significantly correlated with cybersecurity development. The therefore study contributes to the understanding of the relation-ship between e-government and cybersecurity development. The authors developed a model to highlight this relationship and have validated the model using empirical data. This is expected to provide guidance on specific dimensions of e-government services that will stimulate the development of cybersecurity. The study provided the basis for understanding the patterns in cybersecurity development and has implication for policy makers in developing trust and confidence for the adoption e-government services.National Information Technology Development Agency, Nigeria

Кибербезопасность в образовательных сетях

The paper discusses the possible impact of digital space on a human, as well as human-related directions in cyber-security analysis in the education: levels of cyber-security, social engineering role in cyber-security of education, “cognitive vaccination”. “A Human” is considered in general meaning, mainly as a learner. The analysis is provided on the basis of experience of hybrid war in Ukraine that have demonstrated the change of the target of military operations from military personnel and critical infrastructure to a human in general. Young people are the vulnerable group that can be the main goal of cognitive operations in long-term perspective, and they are the weakest link of the System.У статті обговорюється можливий вплив цифрового простору на людину, а також пов'язані з людиною напрямки кібербезпеки в освіті: рівні кібербезпеки, роль соціального інжинірингу в кібербезпеці освіти, «когнітивна вакцинація». «Людина» розглядається в загальному значенні, головним чином як та, що навчається. Аналіз надається на основі досвіду гібридної війни в Україні, яка продемонструвала зміну цілей військових операцій з військовослужбовців та критичної інфраструктури на людину загалом. Молодь - це вразлива група, яка може бути основною метою таких операцій в довгостроковій перспективі, і вони є найслабшою ланкою системи.В документе обсуждается возможное влияние цифрового пространства на человека, а также связанные с ним направления в анализе кибербезопасности в образовании: уровни кибербезопасности, роль социальной инженерии в кибербезопасности образования, «когнитивная вакцинация». «Человек» рассматривается в общем смысле, в основном как ученик. Анализ представлен на основе опыта гибридной войны в Украине, которая продемонстрировала изменение цели военных действий с военного персонала и критической инфраструктуры на человека в целом. Молодые люди являются уязвимой группой, которая может быть главной целью когнитивных операций в долгосрочной перспективе, и они являются самым слабым звеном Систем

Employees’ behavioural intention to smartphone security:a gender-based, cross-national study

Despite the benefits of bring your own device (BYOD) programmes, they are considered one of the top security risks companies are facing. Furthermore, there is a gap in the literature in understanding gender differences in employees' smartphone security behavioural intention. This research analyses gender differences in smartphone security behavioural intention among employees in the United Arab Emirates (UAE) and the United States (US). The research develops a new model, the behavioural model of cybersecurity (BMS), based on a combination of the protection motivation theory (PMT), the general deterrence theory (GDT) and Hofstede's cultural dimensions. A questionnaire was distributed to employees in both countries. A total of 1156 useable responses were analysed using partial least squares-structural equation modelling. The findings show that gender differences exist, but neither male nor female employees in either country are aware of the risks associated with their use of smartphones, despite their awareness of the existence of their company's BYOD security policies. The research provides theoretical and practical contributions by developing a new model combining the PMT, GDT and Hofstede's cultural dimensions and suggests gender differences in employees' smartphone security behavioural intention in a cross-national context. It has several practical implications for practitioners and policymakers

A comparative assessment of human factors in cybersecurity: Implications for cyber governance

This paper provides an extensive overview of cybersecurity awareness in the young, educated, and technology-savvy population of the United Arab Emirates (UAE), compared to the United States of America (USA) for advancing the scholarship and practice of global cyber governance. We conducted comparative empirical studies to identify differences in specific human factors that affect cybersecurity behaviour in the UAE and the USA. In addition, we employed several control variables to observe reliable results. We used Hofstede’s theoretical framework on culture to advance our investigation. The results show that the targeted population in the UAE exhibits contrasting interpretations of cybersecurity awareness of critical human factors as compared to their counterparts from the USA. We identify possible explanations for this relatively different behaviour in the UAE population. Our key contributions are to provide valuable information for cybersecurity policymakers in the UAE and Gulf Cooperation Council (GCC) region to further enhance cyber safety, governance, awareness, and trust among citizens

A Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI)

Cybercrime against critical infrastructure such as nuclear reactors, power plants, and dams has been increasing in frequency and severity. Recent literature regarding these types of attacks has been extensive but due to the sensitive nature of this field, there is very little empirical data. We address these issues by integrating Routine Activity Theory and Rational Choice Theory, and we create a classification tool called TRACI (Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure). We take a Design Science Research approach to develop, evaluate, and refine the proposed artifact. We use mix methods to demonstrate that our taxonomy can successfully capture the characteristics of various cyberattacks against critical infrastructure. TRACI consists of three dimensions, and each dimension contains its own subdimensions. The first dimension comprises of hacker motivation, which can be financial, socio-cultural, thrill-seeking, and/or economic. The second dimension represents the assets such as cyber, physical, and/or cyber-physical components. The third dimension is related to threats, vulnerabilities, and controls that are fundamental to establishing and maintaining an information security posture and overall cyber resilience. Our work is among the first to utilize criminological theories and Design Science to create an empirically validated artifact for improving critical infrastructure risk management

A Replication Study of the Impact of Impulsivity on Risky Cybersecurity Behaviors

Hadlington (2017) conducted a survey using respondents from the United Kingdom (UK) to examine the relationship between the three dimensions of impulsivity and risky cybersecurity behavior. His results showed that risky cybersecurity behavior was positively correlated to attentional impulsivity and motor impulsivity, but was negatively correlated with non-planning impulsivity. He also examined the relationship between internet addiction and attitude towards cybersecurity, and, risky cybersecurity behaviors. Our longer term goal is to conduct research to gain an in-depth understanding of the role of impulsivity in cybersecurity. Towards this end, we conducted a methodological replication of the Hadlington study to determine the generalizability of his results for respondents from a different country, i.e., USA. Our replication confirmed most of the correlations between the variables in Hadlington’s study, though there are some differences that need further examination. We further explored the data in search of meaningful patterns in risky cybersecurity behaviors scale and its relationship with different impulsivity components. Our exploratory analysis suggests a need for a typology of cybersecurity behaviors. Overall, we see a sufficient basis to pursue research on the effects of impulsivity on risky security behaviors

Examining the Effects of Cultural Dimensions on Deviant IS Use Behaviour in a Developing Economy Context

Information System (IS) tools and applications create opportunities for a positive digital change to all individuals and organizations in the global workplace to improve competitiveness and quality of work life. Recent studies have shown that the most problematic areas in IS security incidences are people-related factors. In this regard, employees are causing IS security risks and vulnerabilities as they use those resources, especially by exercising their legitimate and lawful rights, mainly because people are the weakest link on IS security matters. On the one hand, the effects of organizational sanctions are not always effective due to socio-cultural variabilities, and so far they have not been able to fully defend employee related IS misuse or misconduct. On the other hand, the use of neutralization techniques supports individuals to justify their deviant actions, but differently to people in different socio-cultural bases. To examine such a problem, therefore, culture as a moderator, criminological constructs and level of employees’ awareness to IS security as independent variables are employed to explain IS misuse intention in unison are proposed through a comprehensive conceptual research model. A positivist research paradigm using a cross-sectional quantitative survey data collection approach will be adapted to help empirically test the model. To validate the model and its constructs, the study will apply SEM-PLS data analysis techniques using Smart-PLS and SPSS with Amos. Finally, this study in progress discusses the potential practical and theoretical contributions and plans to provide scientific evidence based on its findings