A review of behavioural research on data security

Protection of confidential information or data from being leaked to the public is a growing concern among organisations and individuals. This paper presents the results of the search for literature on behavioural and security aspects of data protection. The topics covered by this review include a summary of the changes brought about by the EU GDPR (General Data Protection Regulation). It covers human and behavioural aspects of data protection, security and data breach or loss (threats), IT architectures to protect data (prevention), managing data breaches (mitigation), risk assessment and data protection audits. A distinction is made between threats and prevention from within an organisation and from the outside

Leaking Corporate Electronic Information and Employees’ Happiness: Is There a Connection?

Nowadays, most organizations accumulate massive electronic information including sensitive and proprietary information. This article introduces a theoretical model to investigate the relationship between employee happiness and their intentions to leak such proprietary corporate information. Additionally, the Happiness-Ethical- Leaking (HaEL) model aims at two separate types of leaking proprietary information including leaking for ethical reasons, referred also in literature as ‘whistleblowing,’ and leaking for unethical reasons, known as ‘sabotage.’ The proposed HaEL model hypothesizes the role of employee’s job satisfaction, happiness, perceived organizational ethical commitment, commitment to the organization, and their role on the two types of intentions to leak proprietary corporate information. Brief discussions and recommendations for validation of the HaEL model are provided

Understanding the Whistle-blowing Intention to Report Breach of Confidentiality

We examine the factors that encourage employees to whistle-blow wrongdoings in relation to confidentiality breaches. We investigate how their anticipated regret about remaining silent changes over time, how such changes influence their whistle-blowing intentions, and what employee characteristics and organizational policies moderate this relationship. Drawing on attribution theory, we develop three hypotheses. Our experiment findings show that: 1) employees’ perceptions of the controllability and intentionality (but not stability) of the wrongdoing act affect how their anticipated regret evolves, 2) anticipated regret increases employees’ whistle-blowing intentions, 3) anticipated regret has a stronger effect on whistle-blowing intentions when organizations implement policies that promote efforts to protect information confidentiality, and 4) employees with information technology knowledge have a stronger intention to whistle-blow. Theoretically, our study extends the organization security literature’s focus to individuals’ whistle-blowing and highlights an IS research agenda around whistle-blowing in relation to confidentiality breaches. Practically, it informs organizations about how to encourage employees to whistle-blow when they observe confidentiality breaches

Efficiency and Automation in Threat Analysis of Software Systems

Context: Security is a growing concern in many organizations. Industries developing software systems plan for security early-on to minimize expensive code refactorings after deployment. In the design phase, teams of experts routinely analyze the system architecture and design to find potential security threats and flaws. After the system is implemented, the source code is often inspected to determine its compliance with the intended functionalities. Objective: The goal of this thesis is to improve on the performance of security design analysis techniques (in the design and implementation phases) and support practitioners with automation and tool support.Method: We conducted empirical studies for building an in-depth understanding of existing threat analysis techniques (Systematic Literature Review, controlled experiments). We also conducted empirical case studies with industrial participants to validate our attempt at improving the performance of one technique. Further, we validated our proposal for automating the inspection of security design flaws by organizing workshops with participants (under controlled conditions) and subsequent performance analysis. Finally, we relied on a series of experimental evaluations for assessing the quality of the proposed approach for automating security compliance checks. Findings: We found that the eSTRIDE approach can help focus the analysis and produce twice as many high-priority threats in the same time frame. We also found that reasoning about security in an automated fashion requires extending the existing notations with more precise security information. In a formal setting, minimal model extensions for doing so include security contracts for system nodes handling sensitive information. The formally-based analysis can to some extent provide completeness guarantees. For a graph-based detection of flaws, minimal required model extensions include data types and security solutions. In such a setting, the automated analysis can help in reducing the number of overlooked security flaws. Finally, we suggested to define a correspondence mapping between the design model elements and implemented constructs. We found that such a mapping is a key enabler for automatically checking the security compliance of the implemented system with the intended design. The key for achieving this is two-fold. First, a heuristics-based search is paramount to limit the manual effort that is required to define the mapping. Second, it is important to analyze implemented data flows and compare them to the data flows stipulated by the design

Efficacy of prompted voiding for reversing urinary incontinence in older adults hospitalized in a functional recovery unit: Study protocol

Aims: To assess the efficacy of a prompted voiding programme for restoring urinary continence at discharge in hospitalized older adults who presented with reversible urinary incontinence (UI) on admission to a functional recovery unit (FRU). To assess the maintenance of the outcomes achieved after hospitalization. To identify modifiable and unmodifiable factors associated with the success of the prompted voiding programme. Design: Quasi-experimental, pre-/post-intervention study without a control group. Methods: Participants were aged 65 and over with a history of reversible UI in the previous year who had been admitted to a FRU and were on a prompted voiding programme throughout their hospitalization period. The sample consisted of 221 participants. A non-probabilistic sampling method, in order of recruitment after signing the informed consent form, was used. The primary outcomes were UI assessed at discharge and 1 month, 3 months and 6 months after discharge. Funding was granted in July 2019 by the Spain Health Research Fund (PI19/00168, Ministry of Health). The proposal was approved by the Spanish Research Ethics Committee. Discussion: The prompted voiding programme described can reverse UI or decrease the frequency and amount of urine loss in hospitalized older adults. Impact: Urinary incontinence is highly prevalent in hospitalized older adults. There is a need for care aimed at prevention, recovery and symptom control. Prompted voiding is a therapy provided by the nursing team during hospitalization and can also be provided by family caregivers at home after receiving proper training by the nursing team. Prompted voiding will enhance the health, functional ability and quality of life of older adults with UI, resulting in the reduction of associated healthcare costs and the risk of developing complicationsThis study has been funded by Instituto de Salud Carlos III through the project “PI19/00168” (Co-funded by European Regional Development Fund/ European Social Fund “A way to make Europe”/“Investing in your future”

A Systematic Review on Image Data Protection Methods

Securing data is the main goal of any data security system (DSS). Valuable data must be protected all the time and stored in a very highly secure data storage device. This need has become more critical due to the continuous growth of data size.  Furthermore, non-text data in the form of images, audio, and videos can now be transferred and processed easily and thus become part of sensitive data that needs to be protected. Since there is a need to secure and protect data in any form in order to keep them private and valid, it is expected that there would be many attempts already that have been proposed in the literature for this purpose. This paper reviews a group of these proposed strategies and methods that have been applied to different kinds of DSSs. Challenges and future trends of DSSs are also discussed. A number of main findings are grouped and organized as follows: (1) there are many different kinds of security techniques, each of which offers varying degrees of performance in terms of the amount of data and information that can be managed securely, (2) depending on the architecture of the proposed method, the tactics or strategies of the security system, the kinds of DSSs, as well as a few other factors, some methods are more appropriate for the storage of certain categories of data than others