233 research outputs found
Addressing consumerisation of IT risks with nudging
In this work we address the main issues of Information Technology (IT) consumerisation that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a âsoftâ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context
Addressing consumerisation of IT risks with nudging
In this work we address the main issues of Information Technology (IT) consumerisation that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a âsoftâ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context
Addressing consumerization of IT risks with nudging
In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a âsoftâ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context
Addressing consumerization of IT risks with nudging
In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a âsoftâ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context
Cybersecurity Strategies for Universities With Bring Your Own Device Programs
The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study\u27s conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals\u27 tasks include identifying and implementing network security strategies. The study\u27s implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations
Cybersecurity Strategies for Universities With Bring Your Own Device Programs
The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study\u27s conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals\u27 tasks include identifying and implementing network security strategies. The study\u27s implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations
Mobile Software Assurance Informed through Knowledge Graph Construction: The OWASP Threat of Insecure Data Storage
Many organizations, to save costs, are moving to the Bring Your Own Mobile Device (BYOD) model and adopting applications built by third-parties at an unprecedented rate. Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection, mitigation, and prevention. This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project (OWASP). OWASP maintains lists of the top ten security threats to web and mobile applications. We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code. We analyze 200+ healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten mobile threats, the threat of âInsecure Data Storage.â We find that many of the applications are storing personally identifying information (PII) in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data
Mitigating the Risk of Knowledge Leakage in Knowledge Intensive Organizations: a Mobile Device Perspective
In the current knowledge economy, knowledge represents the most strategically
significant resource of organizations. Knowledge-intensive activities advance
innovation and create and sustain economic rent and competitive advantage. In
order to sustain competitive advantage, organizations must protect knowledge
from leakage to third parties, particularly competitors. However, the number
and scale of leakage incidents reported in news media as well as industry
whitepapers suggests that modern organizations struggle with the protection of
sensitive data and organizational knowledge. The increasing use of mobile
devices and technologies by knowledge workers across the organizational
perimeter has dramatically increased the attack surface of organizations, and
the corresponding level of risk exposure. While much of the literature has
focused on technology risks that lead to information leakage, human risks that
lead to knowledge leakage are relatively understudied. Further, not much is
known about strategies to mitigate the risk of knowledge leakage using mobile
devices, especially considering the human aspect. Specifically, this research
study identified three gaps in the current literature (1) lack of in-depth
studies that provide specific strategies for knowledge-intensive organizations
based on their varied risk levels. Most of the analysed studies provide
high-level strategies that are presented in a generalised manner and fail to
identify specific strategies for different organizations and risk levels. (2)
lack of research into management of knowledge in the context of mobile devices.
And (3) lack of research into the tacit dimension of knowledge as the majority
of the literature focuses on formal and informal strategies to protect explicit
(codified) knowledge.Comment: The University of Melbourne PhD Thesi
Think twice before you click! : exploring the role of human factors in cybersecurity and privacy within healthcare organizations
The urgent need to protect sensitive patient data and preserve the integrity of
healthcare services has propelled the exploration of cybersecurity and privacy within
healthcare organizations [1]. Recognizing that advanced technology and robust security
measures alone are insufficient [2], our research focuses on the often-overlooked
human element that significantly influences the efficacy of these safeguards. Our
motivation stems from the realization that individual behaviors, decision-making
processes, and organizational culture can be both the weakest link and the most potent
tool in achieving a secure environment. Understanding these human dimensions is
paramount as even the most sophisticated protocols can be undone by a single lapse in
judgment. This research explores the impact of human behavior on cybersecurity and
privacy within healthcare organizations and presents a new methodological approach
for measuring and raising awareness among healthcare employees. Understanding the
human influence in cybersecurity and privacy is critical for mitigating risks and
strengthening overall security posture. Moreover, the thesis aims to place emphasis on
the human aspects focusing more on the often-overlooked factors that can shape the
effectiveness of cybersecurity and privacy measures within healthcare organizations.
We have highlighted factors such as employee awareness, knowledge, and behavior that
play a pivotal role in preventing security incidents and data breaches [1]. By focusing on
how social engineering attacks exploit human vulnerabilities, we underline the necessity
to address these human influenced aspects. The existing literature highlights the crucial
role that human factors and awareness training play in strengthening cyber resilience,
especially within the healthcare sector [1]. Developing well-customized training
programs, along with fostering a robust organizational culture, is vital for encouraging a
secure and protected digital healthcare setting [3]. Building on the recognized
significance of human influence in cybersecurity within healthcare organizations, a
systematic literature review became indispensable. The existing body of research might
not have fully captured all ways in which human factors, such as psychology, behavior,
and organizational culture, intertwined with technological aspects. A systematic
literature review served as a robust foundation to collate, analyze, and synthesize
existing knowledge, and to identify gaps where further research was needed. In
complement to our systematic literature review and investigation of human factors, our
research introduced a new methodological approach through a concept study based on
an exploratory survey [4]. Recognizing the need to uncover intricate human behavior and
psychology in the context of cybersecurity, we designed this survey to probe the
multifaceted dimensions of cybersecurity awareness. The exploratory nature of the
survey allowed us to explore cognitive, emotional, and behavioral aspects, capturing
information that is often overlooked in conventional analyses. By employing this tailored
survey, we were able to collect insights that provided a more textured understanding of how individuals within healthcare organizations perceive and engage with cybersecurity measures
- âŠ