Improving Cybersecurity Behaviors: A Proposal for Analyzing Four Types of Phishing Training

Phishing is an attack on organizational data that involves employees. In order to prepare for these attacks some safeguards can be put into place, but ultimately employees need to be trained in how to identify and respond to phishing attacks. There are a number of different methods that can be used for employee phishing training, but are these methods effective? This proposal presents a plan to analyze the effectiveness of four different types of organizational phishing training in order to determine which types of phishing training methods are effective

Got Phished! Role of Top Management Support in Creating Phishing Safe Organizations

In this research, we examine the role of top management involvement in creating phishing awareness in an organization. This study deploys field study experiment with phishing deception. The study was carried out in two phases – phase 1 involved training the employee-participants of a Midwestern US University randomly using two different phishing awareness training videos – one showcasing chancellor of a Midwestern University, and another one showcasing a newly hired IT officer. Phase 2 involved three phishing attacks with varying regarding the degree of sophistication (or social engineering). The results show that there is a significant positive impact of perceived top management involvement in creating phishing awareness and preventing employees from getting phished. The paper concludes by discussing theoretical and managerial implications

DEFENDING AGAINST SPEAR PHISHING: MOTIVATING USERS THROUGH FEAR APPEAL MANIPULATIONS

Phishing is a pervasive form of online fraud that causes billions in losses annually. Spear phishing is a highly targeted and successful type of phishing that uses socially engineered emails to defraud most of its recipients. Unfortunately, anti-phishing training campaigns struggle with effectively fighting this threat—partially because users see security as a secondary priority, and partially because users are rarely motivated to undergo lengthy training. An effective training approach thus needs to be non-disruptive and brief as to avoid being onerous, and yet, needs to inspire dramatic behavioral change. This is a tremendous, unsolved challenge that we believe can be solved through a novel application of theory: Using fear appeals and protection-motivation theory (PMT), we outline how brief training can educate users and evoke protection motivation. We further invoke construal-level theory (CLT) to explain how fear appeals can stimulate threat perceptions more quickly and more powerfully. This research-in-progress study further proposes a field experiment to verify the effectiveness of our proposed training approach in an ecologically valid environment. Overall, we (1) improve training based on PMT and CLT, (2) expand PMT for guiding fear appeal design; and (3) demonstrate a full application of CLT

A Taxonomy of Phishing: Attack Types Spanning Economic, Temporal, Breadth, and Target Boundaries

Phishing remains a pernicious problem for organizations. Phishing attacks are increasing in sophistication, which hinders the ability of cybersecurity functions to effectively defend against them. These attacks are becoming increasingly complex, dynamic, and multifaceted to evade the organizational, individual, and technical countermeasures employed in a cybersecurity ecosystem. Information security (ISec) phishing research and practice have provided an understanding of generalized phishing attacks and their subsequent defense. Yet by applying generalized phishing rules to these studies, it may not be sufficient to understand and defend escalated forms of phishing. This study seeks to develop a taxonomy of phishing to provide a more nuanced understanding of this phenomena. This taxonomy may assist ISec research in providing theoretical guidance for the understanding and defense of the various forms of phishing

Themes in Information Security Research in the Information Systems Discipline: A Topic Modeling Approach

Information security continues to grow in importance in all aspects of society, and therefore evolves as a prevalent research area. The Information Systems (IS) discipline offers a unique perspective from which to move this stream of literature forward. Using a semi-automated thematic analysis approach based on the topic modeling technique, we review a broad range of information security literature to investigate how we might theorize about information security on a grander scale. Five themes resulted from our analysis: Software Security Decisions, Firm Security Strategy, Susceptibility, Information Security Policy Compliance, and Other Developing Themes. Implications of our findings and future research directions are discussed

The Effects of the Quantification of Faculty Productivity: Perspectives from the Design Science Research Community

In recent years, efforts to assess faculty research productivity have focused more on the measurable quantification of academic outcomes. For benchmarking academic performance, researchers have developed different ranking and rating lists that define so-called high-quality research. While many scholars in IS consider lists such as the Senior Scholar’s basket (SSB) to provide good guidance, others who belong to less-mainstream groups in the IS discipline could perceive these lists as constraining. Thus, we analyzed the perceived impact of the SSB on information systems (IS) academics working in design science research (DSR) and, in particular, how it has affected their research behavior. We found the DSR community felt a strong normative influence from the SSB. We conducted a content analysis of the SSB and found evidence that some of its journals have come to accept DSR more. We note the emergence of papers in the SSB that outline the role of theory in DSR and describe DSR methodologies, which indicates that the DSR community has rallied to describe what to expect from a DSR manuscript to the broader IS community and to guide the DSR community on how to organize papers for publication in the SSB

Multiple Treatment Modeling for Target Marketing Campaigns: A Large-Scale Benchmark Study

Machine learning and artificial intelligence (ML/AI) promise higher degrees of personalization and enhanced efficiency in marketing communication. The paper focuses on causal ML/AI models for campaign targeting. Such models estimate the change in customer behavior due to a marketing action known as the individual treatment effect (ITE) or uplift. ITE estimates capture the value of a marketing action when applied to a specific customer and facilitate effective and efficient targeting. We consolidate uplift models for multiple treatments and continuous outcomes and perform a benchmarking study to demonstrate their potential to target promotional monetary campaigns. In this use case, the new models facilitate selecting the optimal discount amount to offer to a customer. Large-scale analysis based on eight marketing data sets from leading B2C retailers confirms the significant gains in the campaign return on marketing when using the new models compared to relevant model benchmarks and conventional marketing practices.Peer Reviewe

Research Perspectives: The Rise of Human Machines: How Cognitive Computing Systems Challenge Assumptions of User-System Interaction

Cognitive computing systems (CCS) are a new class of computing systems that implement more human-like cognitive abilities. CCS are not a typical technological advancement but an unprecedented advance toward human-like systems fueled by artificial intelligence. Such systems can adapt to situations, perceive their environments, and interact with humans and other technologies. Due to these properties, CCS are already disrupting established industries, such as retail, insurance, and healthcare. As we make the case in this paper, the increasingly human-like capabilities of CCS challenge five fundamental assumptions that we as IS researchers have held about how users interact with IT artifacts. These assumptions pertain to (1) the direction of the user-artifact relationship, (2) the artifact’s awareness of its environment, (3) functional transparency, (4) reliability, and (5) the user’s awareness of artifact use. We argue that the disruption of these five assumptions limits the applicability of our extant body of knowledge to CCS. Consequently, CCS present a unique opportunity for novel theory development and associated contributions. We argue that IS is well positioned to take this opportunity and present research questions that, if answered, will lead to interesting, influential, and original theories

COVID-19 Pandemic in the New Era of Big Data Analytics: Methodological Innovations and Future Research Directions

Although scholars in management recognise the value of harnessing big data to understand, predict and respond to future events, there remains little or very limited overview of how various analytics techniques can be harnessed to provide the basis for guiding scholars in studying contemporary management topics and global grand challenges raised by the COVID19 pandemic. In this Methodology Corner, we present a review of the methodological innovations in studying big data analytics and how they can be better utilised to examine contemporary organisational issues. We provide insights on methods in descriptive/diagnostic, predictive, and prescriptive analytics, and how they can be leveraged to study “black swan” events such as the COVID-19 related global crisis and its aftermath’s implications for managers and policymakers

Development of an historical landscape photography database to support landscape change analysis in the Northeast of Portugal

Repeat photography is an efficient, effective and useful method to identify trends of changes in the landscapes. It was used to illustrate long-term changes occurring in the landscapes. In the Northeast of Portugal, landscapes changes is currently driven mostly by agriculture abandonment and agriculture and energy policy. However, there is a need to monitoring changes in the region using a multitemporal and multiscale approach. This project aimed to establish an online repository of oblique digital photography from the region to be used to register the condition of the landscape as recorded in historical and contemporary photography over time as well as to support qualitative and quantitative assessment of change in the landscape using repeat photography techniques and methods. It involved the development of a relational database and a series of web-based services using PHP: Hypertext Preprocessor language, and the development of an interface, with Joomla, of pictures uploading and downloading by users. The repository will make possible to upload, store, search by location, theme, or date, display, and download pictures for Northeastern Portugal. The website service is devoted to help researchers to obtain quickly the photographs needed to apply RP through a developed search engine. It can be accessed at: http://esa.ipb.pt/digitalandscape/.A fotografia histórica é um método útil e eficiente para realizar estudos comparativos e evolutivos das alterações da paisagem e, em geral, da geografia. Tem sido amplamente usado para ilustrar as alterações mais importantes ocorridas cronologicamente nas paisagens. No Nordeste de Portugal, as alterações da paisagem devem-se, sobretudo, ao abandono da exploração agrícola que teve como consequência a florestação de novas áreas, bem como pelas construções para aproveitamento da energia hidráulica ou eólica. Em súmula, é evidente a necessidade de monitorizar as alterações da geografia da região usando uma abordagem multi-temporal e multi-escala. Este trabalho teve por objetivo principal a implementação de um repositório digital para registos fotográficos históricos da paisagem da região de Trás-os-Montes, com o intuito de disponibilizar serviços web que permitem o armazenamento e o acesso aos registos fotográficos históricos e contemporâneos das paisagens da região, permitindo assim uma análise quantitativa e qualitativa da evolução dessas paisagens. Em termos práticos, envolveu a criação de uma base de dados relacional e uma pletora de serviços web usando recursos de programação para a web, nomeadamente PHP e Javascript. Requereu igualmente a criação de um website para a centralização e disponibilização dos serviços, este foi elaborado com base em Joomla. Assim, disponibiliza-se à comunidade académica, e não só, um conjunto de serviços digitais para o estudo, com base em fotografia, das alterações na paisagem em Trás-os-Montes. O website pode ser acedido em http://esa.ipb.pt/digitalandscape/