Multiple Sources for Security: Seeking Online Safety Information and their Influence on Coping Self-efficacy and Protection Behavior Habits

Internet users face threats of increasing complexity and severity. To protect themselves they rely on sources for online safety information. These sources may either build up, or undermine, the coping self-efficacy and motivation needed to protect oneself. A survey of 800 subjects asked about which sources they relied on for information about online safety: media, work, school, friends and family, and specialized web sites. Individuals who said they had no comprehensive source for information reported the lowest levels of both coping self-efficacy (b= -0.609, p\u3c 0.001) and protection habit strength (b= -0.900, p\u3c 0.001). On the other hand, those who had an affiliation of school, work and specialized web sites had a positive relationship with both coping self-efficacy (b= 0.517, p\u3c 0.05) and protection habit strength (b= 0.692, p\u3c 0.05). Results suggest that some information affiliation networks are correlated with higher coping self-efficacy and stronger protection habits

Examining the Effects of Cultural Dimensions on Deviant IS Use Behaviour in a Developing Economy Context

Information System (IS) tools and applications create opportunities for a positive digital change to all individuals and organizations in the global workplace to improve competitiveness and quality of work life. Recent studies have shown that the most problematic areas in IS security incidences are people-related factors. In this regard, employees are causing IS security risks and vulnerabilities as they use those resources, especially by exercising their legitimate and lawful rights, mainly because people are the weakest link on IS security matters. On the one hand, the effects of organizational sanctions are not always effective due to socio-cultural variabilities, and so far they have not been able to fully defend employee related IS misuse or misconduct. On the other hand, the use of neutralization techniques supports individuals to justify their deviant actions, but differently to people in different socio-cultural bases. To examine such a problem, therefore, culture as a moderator, criminological constructs and level of employees’ awareness to IS security as independent variables are employed to explain IS misuse intention in unison are proposed through a comprehensive conceptual research model. A positivist research paradigm using a cross-sectional quantitative survey data collection approach will be adapted to help empirically test the model. To validate the model and its constructs, the study will apply SEM-PLS data analysis techniques using Smart-PLS and SPSS with Amos. Finally, this study in progress discusses the potential practical and theoretical contributions and plans to provide scientific evidence based on its findings

Are You Ready? A Proposed Framework For The Assessment Of Digital Forensic Readiness

This dissertation develops a framework to assess Digital Forensic Readiness (DFR) in organizations. DFR is the state of preparedness to obtain, understand, and present digital evidence when needed. This research collects indicators of digital forensic readiness from a systematic literature review. More than one thousand indicators were found and semantically analyzed to identify the dimensions to where they belong. These dimensions were subjected to a q-sort test and validated using association rules, producing a preliminary framework of DFR for practitioners. By classifying these indicators into dimensions, it was possible to distill them into 71 variables further classified into either extant or perceptual variables. Factor analysis was used to identify latent factors within the two groups of variables. A statistically-based framework to assess DFR is presented, wherein the extant indicators are used as a proxy of the real DFR status and the perceptual factors as the perception of this status

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

Determining Small Business Cybersecurity Strategies to Prevent Data Breaches

Cybercrime is one of the quickest growing areas of criminality. Criminals abuse the speed, accessibility, and privacy of the Internet to commit diverse crimes involving data and identity theft that cause severe damage to victims worldwide. Many small businesses do not have the financial and technological means to protect their systems from cyberattack, making them vulnerable to data breaches. This exploratory multiple case study, grounded in systems thinking theory and routine activities theory, encompassed an investigation of cybersecurity strategies used by 5 small business leaders in Middlesex County, Massachusetts. The data collection process involved open-ended online questionnaires, semistructured face-to-face interviews, and review of company documents. Based on methodological triangulation of the data sources and inductive analysis, 3 emergent themes identified are policy, training, and technology. Key findings include having a specific goal and tactical approach when creating small business cybersecurity strategies and arming employees with cybersecurity training to increase their awareness of security compliance. Recommendations include small business use of cloud computing to remove the burden of protecting data on their own, thus making it unnecessary to house corporate servers. The study has implications for positive social change because small business leaders may apply the findings to decrease personal information leakage, resulting from data breaches, which affects the livelihood of individuals or companies if disclosure of their data occurs

The Effects of Antecedents and Mediating Factors on Cybersecurity Protection Behavior

This paper identifies opportunities for potential theoretical and practical improvements in employees\u27 awareness of cybersecurity and their motivational behavior to protect themselves and their organizations from cyberattacks using the protection motivation theory. In addition, it contributes to the literature by examining additional variables and mediators besides the core constructs of the Protection Motivation Model (PMT). This article uses empirical data and structural equation modeling to test the antecedents and mediators of employees\u27 cybersecurity motivational behavior. The study offers theoretical and pragmatic guidance for cybersecurity programs. First, the model developed in this study can partially explain how people may change their cybersecurity protection behavior about security threats and coping actions. Secondly, the result of the study indicates that security coping factors are reliable predictors in projecting individual intention to take protective measures. Third, organizational effort in combatting cyber threats and increasing employee awareness is significantly associated with the use of cyber threat coping processes. Additionally, several practical prescriptions are suggested based on gender, generations, and types of organizations. For example, government organizations have taken well-designed cybersecurity measures and developed detailed protocols to enhance employees’ motivational behavior. Finally, future cybersecurity training materials should adapt to the unique traits of different generations, especially the Gen Edge group and digital natives for all cybersecurity subjects