a qualitative research amongst ICT professionals

Ruivo, P., Santos, V., & Oliveira, T. (2014). Data protection in services and support roles: a qualitative research amongst ICT professionals. In CENTERIS 2014 - Conference On Enterprise Information Systems / Projman 2014 - International Conference On Project Management / Hcist 2014 - International Conference On Health And Social Care Information Systems And Technologies (Vol. 16, pp. 710-717). (Procedia Technology). DOI: 10.1016/j.protcy.2014.10.020Customers expect their data to be protected and not used in a manner inconsistent. The protection of their data is paramount to customers, and they evaluate ICTs in part on how well they handle and protect it from being stolen or used improperly. In many industries customers are specifically mandated to evaluate how ICTs firms protects their data. When customers create an account with ICTs firms, or use their services, they expect that a set of specific rules around how ICTs are used to manage their information. This qualitative research studied which recommendations service and support professionals should follow in their daily tasks to ensure customer data protection. It present 12 recommendations: Data classification (three categories: low, medium and high business impact), Encryption security tools, Password protection, Services tools for data collection and storage, Who access data, How many access data, Testing customer data, Geographic rules, Data retention, Data minimization, Escalating issues, and Readiness and training. This paper is intended to help ICTs how to apply key data protection principles on their daily work. Provides important data protection recommendations that ICTs are expected to apply when handle customer data. By handling customer data safely, ICTs firms build trust and loyalty.publishersversionpublishe

combining traditional interviews with delphi method

Ruivo, P., Santos, V., & Oliveira, T. (2019). Success factors for data protection in services and support roles: combining traditional interviews with delphi method. In Censorship, Surveillance, and Privacy: Concepts, Methodologies, Tools, and Applications (Vol. 2, pp. 814-829). IGI Global. DOI: 10.4018/978-1-5225-7113-1.ch042The transformation of today’s information and communications technology (ICT) firms requires the services and support organizations to think differently about customers data protection. Data protection represents one of the security and privacy areas considered to be the next “blue ocean” in leveraging the creation of business opportunities. Based in contemporary literature, the authors conducted a two phases’ qualitative methodology - the expert’s interviews and Delphi method to identify and rank 12 factors on which service and support professionals should follow in their daily tasks to ensure customer data protection: 1) Data classification, 2) Encryption, 3) Password protection, 4) Approved tools, 5) Access controls, 6) How many access data, 7) Testing data, 8) Geographic rules, 9) Data retention, 10) Data minimization, 11) Escalating issues, and 12) Readiness and training. This paper contribute to the growing body of knowledge of data protection filed. The authors provide directions for future work for practitioners and researchers.authorsversionpublishe

Privacy through security: policy and practice in a small-medium enterprise.

The chapter discusses how one small business planned for, and implemented, the security of its data in a new enterprise-wide system. The companys data was perceived as sensitive, and any breach of privacy as commercially critical. From this perspective, the chapter outlines the organizational and technical facets of the policies and practices evidenced. Lessons for other businesses can be drawn from the case by recognizing the need for investments to be made that will address threats in business critical areas. By highlighting the need for organizations to understand the nature of the risk and the probability of an event occurring, the security approaches highlight the need to address both the threats and actions in the event of an incident to reduce the risk to privacy

THE INVESTIGATION OF THE FACTORS ASSOCIATING CONSUMERS’ TRUST IN E-COMMERCE ADOPTION

The success of electronic commerce significantly depends on providing security and privacy for its consumers’ sensitive personal information. Consumers’ lack of acceptance in electronic commerce adoption today is not merely due to the concerns on security and privacy of their personal information, but also lack of trust and reliability of web vendors. Consumers’ trust in online transactions is crucial for the continuous growth and development of electronic commerce. Since Business to Consumer (B2C) e-commerce requires the consumers to engage the technologies, the consumers face a variety of security risks. This study addressed the role of security, privacy and risk perceptions of consumers to shop online in order to establish a consensus among them. The findings provided reliability, factors analysis for the research variables and for each of the study’s research constructs, correlations as well as regression analyses for both non-online purchasers’ and online purchasers’ perspectives, and structural equation modeling (SEM) for overall model fit. The overall model was tested by AMOS 18.0 and the hypothesis, assumptions for SEM and descriptive statistics were analyzed by SPSS 12.0. The empirical results of the first study indicated that there were poor correlations existed between consumers’ perceived security and consumers’ trust as well as between consumers’ perceived privacy and consumers’ trust regarding e-commerce transactions. However, the construct of perceived privacy manifested itself primarily through perceived security and trustworthiness of web vendors. While trustworthiness of web vendors was a critical factor in explaining consumers’ trust to adopt ecommerce, it was important to pay attention to the consumers’ risk concerns on ecommerce transactions. It was found that economic incentives and institutional trust had no impact on consumers’ perceived risk. Findings from the second study indicated that perceived privacy was still to be the slight concern for consumers’ trust in e-commerce transactions, though poor vi i relationships or associations existed between perceived security and consumers’ trust, between trustworthiness of web vendors and consumers’ trust, and between perceived risk and consumers’ trust. The findings also showed that the construct of perceived privacy manifested itself primarily through perceived security and trustworthiness of web vendors. It was found that though economic incentives influenced a consumers’ perceived risk in online transactions, institutional trust had no impact on consumers’ perceived risk. Overall findings suggested that consumers’ perceived risk influenced their trust in e-commerce transactions, while the construct of perceived privacy manifested itself primarily through perceived security as well as trustworthiness of web vendors. In addition, though economic incentives had no impact on consumers’ perceived risk, institutional trust influenced a consumers’ perceived risk in online transactions. The findings also suggested that economic incentives and institutional trust had relationships or associations with consumers’ perceived privacy. The findings from this research showed that consumers’ perceived security and perceived privacy were not mainly concerned to their trust in e-commerce transactions though consumers’ perceived security and perceived privacy might slightly influence on the trustworthiness of web vendors in dealing with online store sites abroad. Furthermore, consumers’ perceptions on the trustworthiness of web vendors were also related to their perceived risks and the concern about privacy was also addressed to perceived risks. Index terms: Perceived security; perceived privacy; perceived risk; trust; consumers’ behaviour; SE

Análisis bibliométrico de la producción científica sobre Economía Experimental

La Economía Experimental (EE) es un método de trabajo de la Economía del comportamiento que desarrolla modelos teóricos de comportamiento humano en ámbitos económicos. Los experimentos económicos tienen ya una larga tradición, y han proporcionado resultados espectaculares y conclusiones ampliamente admitidas sobre la dinámica de mercados y el efecto de las instituciones económicas. Las nuevas tecnologías facilitan la realización y el análisis de estos experimentos. El objetivo principal de este estudio es la revisión sistemática de la producción científica sobre Economía Experimental, desde el año 1990 hasta finales de 2021, en las bases de datos de Web of Science Core Collection y Scopus. El análisis descriptivo de datos se realizó con el software Rstudio, mientras que el análisis de redes se hizo con el software Vosviewer. El estudio muestra, entre otras cosas, que la producción bibliográfica en este campo se ha intensificado exponencialmente; así como, que el país con más investigaciones es Estados Unidos y el autor más citado es Urs Fischbacher.Experimental Economics (EE) is a working method of behavioral economics that develops theoretical models of human behavior in economic settings. Economic experiments have a long tradition, and have provided spectacular results and widely accepted conclusions about market dynamics and the effect of economic institutions. New technologies facilitate the conduct and analysis of these experiments. The main objective of this study is the systematic review of the scientific production on Experimental Economics, from 1990 to the end of 2021, in the Web of Science Core Collection and Scopus databases. Descriptive data analysis was performed with Rstudio software, while network analysis was performed with Vosviewer software. The study shows, among other things, that the bibliographic production in this field has intensified exponentially; as well as, that the country with the most research is 2 the United States and the most cited author is Urs Fischbacher.Universidad de Sevilla. Doble Grado en Matemáticas y Estadístic

THE INVESTIGATION OF THE FACTORS ASSOCIATING CONSUMERS’ TRUST IN E-COMMERCE ADOPTION

The success of electronic commerce significantly depends on providing security and privacy for its consumers’ sensitive personal information. Consumers’ lack of acceptance in electronic commerce adoption today is not merely due to the concerns on security and privacy of their personal information, but also lack of trust and reliability of web vendors. Consumers’ trust in online transactions is crucial for the continuous growth and development of electronic commerce. Since Business to Consumer (B2C) e-commerce requires the consumers to engage the technologies, the consumers face a variety of security risks. This study addressed the role of security, privacy and risk perceptions of consumers to shop online in order to establish a consensus among them. The findings provided reliability, factors analysis for the research variables and for each of the study’s research constructs, correlations as well as regression analyses for both non-online purchasers’ and online purchasers’ perspectives, and structural equation modeling (SEM) for overall model fit. The overall model was tested by AMOS 18.0 and the hypothesis, assumptions for SEM and descriptive statistics were analyzed by SPSS 12.0. The empirical results of the first study indicated that there were poor correlations existed between consumers’ perceived security and consumers’ trust as well as between consumers’ perceived privacy and consumers’ trust regarding e-commerce transactions. However, the construct of perceived privacy manifested itself primarily through perceived security and trustworthiness of web vendors. While trustworthiness of web vendors was a critical factor in explaining consumers’ trust to adopt ecommerce, it was important to pay attention to the consumers’ risk concerns on ecommerce transactions. It was found that economic incentives and institutional trust had no impact on consumers’ perceived risk. Findings from the second study indicated that perceived privacy was still to be the slight concern for consumers’ trust in e-commerce transactions, though poor vi i relationships or associations existed between perceived security and consumers’ trust, between trustworthiness of web vendors and consumers’ trust, and between perceived risk and consumers’ trust. The findings also showed that the construct of perceived privacy manifested itself primarily through perceived security and trustworthiness of web vendors. It was found that though economic incentives influenced a consumers’ perceived risk in online transactions, institutional trust had no impact on consumers’ perceived risk. Overall findings suggested that consumers’ perceived risk influenced their trust in e-commerce transactions, while the construct of perceived privacy manifested itself primarily through perceived security as well as trustworthiness of web vendors. In addition, though economic incentives had no impact on consumers’ perceived risk, institutional trust influenced a consumers’ perceived risk in online transactions. The findings also suggested that economic incentives and institutional trust had relationships or associations with consumers’ perceived privacy. The findings from this research showed that consumers’ perceived security and perceived privacy were not mainly concerned to their trust in e-commerce transactions though consumers’ perceived security and perceived privacy might slightly influence on the trustworthiness of web vendors in dealing with online store sites abroad. Furthermore, consumers’ perceptions on the trustworthiness of web vendors were also related to their perceived risks and the concern about privacy was also addressed to perceived risks. Index terms: Perceived security; perceived privacy; perceived risk; trust; consumers’ behaviour; SE

A framework for the implementation of B2C e-commerce in Saudi Arabia : a comparative study of Saudis living in Saudi Arabia and those living in the UK, and the perception of Saudi companies

In this digital technology era, e-commerce (EC) has revolutionised the way people engage in business activities. Users now enjoy tremendous advantages, such as buying and selling between multiple parties at different levels of business through computers and smart devices, regardless of their geographical locations, thereby being provided with better choices and prices. However, EC brings its own challenges and users face unknown risks when moving to the digital market. Some countries have been quicker in providing the necessary requirements for the expansion of EC and helped in addressing users’ worries about trust and fraud. Others have been slow in adopting EC, and both customers and business are missing considerable opportunities. In general, EC is well adopted and used in the advanced countries but struggles to take off in developing countries. Saudi Arabia (SA) is one such country.This study has developed a theoretical framework appropriate to the implementation of Business to Customer (B2C) EC in Saudi Arabia, after reviewing the literature on B2C EC, and testing several factors pertinent to the Saudi Arabian context. The researcher has adopted a novel approach by securing the perceptions of Saudi nationals living in Saudi Arabia and those living in the UK with a view to appreciating the differences and learning from the experience of these two communities. Additionally, the researcher conducted a survey of a sample of Saudi companies to understand their views and aspirations in adopting B2C EC. Data was collected using mixed methods and embracing both quantitative and qualitative research methods. The data was collected in Saudi Arabia via a questionnaire survey of 606 Saudi nationals, and in the UK from 169 questionnaires and interviews with 25 companies. The questionnaire responses were analysed quantitatively by descriptive and statistical methods (percentages and t-test for two independent samples), and the findings were validated by the interview data. From the results, the theoretical framework was developed, thus allowing for an understanding of Saudi customers’ attitudes towards online shopping in the two different environments of B2C EC (SA as a developing country and the UK as a developed country) to be gained. The influence of different environmental variables upon customer choice is seen as significant variations occurred in the two different environments. The framework is potentially useful for policy-makers, the commercial sector, and the government in SA. Hence, the research contributes to knowledge about the key differences in customer behaviour toward B2C EC in SA. The study signifies the first of its kind and thus lays the ground for further research in the area

Mixed structural models for decision making under uncertainty using stochastic system simulation and experimental economic methods: application to information security control choice

This research is concerned with whether and to what extent information security managers may be biased in their evaluation of and decision making over the quantifiable risks posed by information management systems where the circumstances may be characterized by uncertainty in both the risk inputs (e.g. system threat and vulnerability factors) and outcomes (actual efficacy of the selected security controls and the resulting system performance and associated business impacts). Although ‘quantified security’ and any associated risk management remains problematic from both a theoretical and empirical perspective (Anderson 2001; Verendel 2009; Appari 2010), professional practitioners in the field of information security continue to advocate the consideration of quantitative models for risk analysis and management wherever possible because those models permit a reliable economic determination of optimal operational control decisions (Littlewood, Brocklehurst et al. 1993; Nicol, Sanders et al. 2004; Anderson and Moore 2006; Beautement, Coles et al. 2009; Anderson 2010; Beresnevichiene, Pym et al. 2010; Wolter and Reinecke 2010; Li, Parker et al. 2011) The main contribution of this thesis is to bring current quantitative economic methods and experimental choice models to the field of information security risk management to examine the potential for biased decision making by security practitioners, under conditions where information may be relatively objective or subjective and to demonstrate the potential for informing decision makers about these biases when making control decisions in a security context. No single quantitative security approach appears to have formally incorporated three key features of the security risk management problem addressed in this research: 1) the inherently stochastic nature of the information system inputs and outputs which contribute directly to decisional uncertainty (Conrad 2005; Wang, Chaudhury et al. 2008; Winkelvos, Rudolph et al. 2011); 2) the endogenous estimation of a decision maker’s risk attitude using models which otherwise typically assume risk neutrality or an inherent degree of risk aversion (Danielsson 2002; Harrison, Johnson et al. 2003); and 3) the application of structural modelling which allows for the possible combination and weighting between multiple latent models of choice (Harrison and Rutström 2009). The identification, decomposition and tractability of these decisional factors is of crucial importance to understanding the economic trade-offs inherent in security control choice under conditions of both risk and uncertainty, particularly where established psychological decisional biases such as ambiguity aversion (Ellsberg 1961) or loss aversion (Kahneman and Tversky 1984) may be assumed to be endemic to, if not magnified by, the institutional setting in which these decisions take place. Minimally, risk averse managers may simply be overspending on controls, overcompensating for anticipated losses that do not actually occur with the frequency or impact they imagine. On the other hand, risk-seeking managers, where they may exist (practitioners call them ‘cowboys’ – they are a familiar player in equally risky financial markets) may be simply gambling against ultimately losing odds, putting the entire firm at risk of potentially catastrophic security losses. Identifying and correcting for these scenarios would seem to be increasingly important for now universally networked business computing infrastructures. From a research design perspective, the field of behavioural economics has made significant and recent contributions to the empirical evaluation of psychological theories of decision making under uncertainty (Andersen, Harrison et al. 2007) and provides salient examples of lab experiments which can be used to elicit and isolate a range of latent decision-making behaviours for choice under risk and uncertainty within relatively controlled conditions versus those which might be obtainable in the field (Harrison and Rutström 2008). My research builds on recent work in the domain of information security control choice by 1) undertaking a series of lab experiments incorporating a stochastic model of a simulated information management system at risk which supports the generation of observational data derived from a range of security control choice decisions under both risk and uncertainty (Baldwin, Beres et al. 2011); and 2) modeling the resulting decisional biases using structural models of choice under risk and uncertainty (ElGamal and Grether 1995; Harrison and Rutström 2009; Keane 2010). The research contribution consists of the novel integration of a model of stochastic system risk and domain relevant structural utility modeling using a mixed model specification for estimation of the latent decision making behaviour. It is anticipated that the research results can be applied to the real world problem of ‘tuning’ quantitative information security risk management models to the decisional biases and characteristics of the decision maker (Abdellaoui and Munier 1998