From information to cybersecurity: bridging the public-private divide

No abstract available

Towards a development of a users’ ratified acceptance of multi-biometrics intentions model (RAMIM): Initial empirical results

User authentication is a continuous balance between the level of invasiveness and system security. Password protection has been the most widely user authentication approach used, however, it is easily compromised. Biometrics authentication devices have been implemented as less compromised approach. This paper reports on initial results of user perceptions about their acceptance of a multi-biometrics authentication approach in the context of elearning systems. Specifically, this paper reports on the initial empirical results on the development of a learners’ Ratified Acceptance of Multibiometrics Intentions Model (RAMIM). The model proposed look at the contributions of learners’ code of conduct awareness, perceived ease-of-use, perceived usefulness, and ethical decision making to their intention to use multi-biometrics for authentication during e-learning exams. The study participants included 97 managers from service oriented organization and government agencies who attended e-learning courses. Results demonstrated high reliability for all constructs measured and indicated that perceived easeof-use and perceived usefulness are significant contributors to learners’ intention to use multi-biometrics. Conversely, code of conduct awareness appears to have little or no contribution on learners’ intention to use multibiometrics, while learners’ ethical decision making appears to have marginal contribution

Enhancing Information Security Risk Management with Security Analytics: A Dynamic Capabilities Perspective

The importance of information security risk management (ISRM) and its potential strategic role in protecting organisational information assets is widely studied in literature. Less attention is given to how ISRM can be enhanced using security analytics to contribute to a competitive advantage. This paper proposes a model showing that security analytics capabilities (the ability to effectively use security data for informed security related decision making) and ISRM capabilities (the ability to effectively identify and protect organizational information assets) indirectly influence competitive advantage in ISRM through two key mediating links: analytics-enabled ISRM capabilities (the ability to effectively leverage insights gleaned from security data to make informed ISRM decisions) and ISRM dynamic capabilities (the ability to reconfigure analytics-enabled ISRM capabilities to address turbulent environments). Environmental turbulence moderates the process by which security analytics and ISRM capabilities influence competitive advantage. The paper concludes by calling for evaluation and refinement of the research model

Information Security Strategy in Organisations: Review, Discussion and Future Research Directions

Dependence on information, including for some of the world’s largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences continue to indicate that attacks are still escalating on organisations when conducting these information-based activities. Clearly, more research is needed to better understand how organisations should formulate strategy to secure their information. Through a thematic review of academic security literature, we (1) analyse the antecedent conditions that motivate the potential adoption of a comprehensive information security strategy, (2) the current perspectives of strategy and (3) the yields and benefits that could be enjoyed post-adoption. Our contributions include a definition of information security strategy. We argue for a paradigm shift to extend from internally-focussed protection of organisation-wide information towards a strategic view that considers the inter-organisational level. Our findings are then used to suggest future research directions

Initial development of a learners’ ratified acceptance of multibiometrics intentions model (RAMIM)

Authenticating users is a continuous tradeoff between the level of invasiveness and the degree of system security. Password protection has been the most widely authentication approach used, however, it is easily compromised. Biometric authentication devices have been implemented as a more robust approach. This paper reports on initial results of student perceptions about their acceptance of a multibiometrics authentication approach in the context of e-learning systems. Specifically, this paper reports on the initial empirical development of a learners’ Ratified Acceptance of Multibiometrics Intentions Model (RAMIM). The model proposed investigates the impact of students’ code of conduct awareness, perceived ease-of-use, perceived usefulness, and ethical decision making on learners’ intention to use multibiometrics for authentication during elearning exams. The study’s participants included 97 non-information technology (IT) students who attended e-learning courses. Additionally, results of a path analysis using Partial Least Square (PLS) indicate that perceived usefulness has the most significant impact on learners’ intention to use multibiometrics during e-learning exams. Students’ ethical decision making and perceived usefulness demonstrated significant impact on their intention to use multibiometrics. Additionally, students’ code of conduct awareness appears to have a positive impact on their ethical decision making. Conclusions are discussed including recommendations for future research on extending this initial research into applied experiments to address e-learning security issues

Безпека інформаційних систем як чинник ефективності мережевого управління

The purpose of the study is to determine the main aspects and directions of ensuring the security of information systems of state authorities as a factor of effectiveness network management. The relevance of the research is determined by the importance and necessity of researching the problems in the indicated direction, in particular regarding the protection of networks from unauthorized access, countering data leakage, prevention of cyber attacks, prevention of the spread of viruses, malicious software, etc. The results. The areas of research of foreign scientists engaged in the scientific search for problems of the functioning of information and analytical networks in the public sector, the role of information in the network economy, management of state information systems, aspects of cyber security and problems of building network infrastructure for public administration entities have been analyzed. Approaches to the modern analysis of standards and policies, which help to determine requirements for the security of networks and information systems, have been studied. Conclusions. The use of modern technologies, such as cloud computing, artificial intelligence, data analytics significantly improve the functioning of state information networks, emphasize the importance of establishing standards, principles and regulatory rules in the field of information technologies and networks in order to ensure compatibility and security, emphasize the importance of integrating modern technologies, cyber security and effective information management to improve network management and ensure the quality of services to citizens. It was found that scientists apply the concept of "network security management" and justify approaches to improving its architecture, interpreting this process as a set of solutions and strategies designed to implement complex management of information flow in the organization's networks. It was emphasized that information and cyber security are becoming key elements of modern state administration in all spheres of social development, and the use of an automated and integrated architecture of its functioning will ensure the proper quality of network management.Мета дослідження полягає у визначенні  основних  аспектів  і  напрямів забезпечення безпеки інформаційних систем органів державної влади як чинника ефективності мережевого управління.  Актуальність дослідження обумовлюється важливістю та необхідністю дослідження проблем за вказаним напрямом, зокрема щодо захисту мереж від несанкціонованого доступу, протидії витоку даних, попередження кібератак, запобігання поширенню вірусів, шкідливого програмного забезпечення тощо.  Результати. Проаналізовано напрями досліджень зарубіжних вчених, які займаються науковим пошуком проблем функціонування інформаційно-аналітичних мереж у державному секторі, ролі інформації в мережевій економіці, управління державними інформаційними системами, аспектів кібербезпеки та проблем розбудови мережевої інфраструктури для суб’єктів державного управління. Досліджено підходи до сучасного аналізу стандартів і політик, які допомагають визначити вимоги до безпеки мереж та інформаційних систем. Висновки. Використання сучасних технологій, таких як хмарні обчислення, штучний інтелект, аналітика даних значно покращують функціонування державних інформаційних мереж, наголошують на важливості встановлення стандартів, принципів та правил регулювання в галузі інформаційних технологій та мереж з метою забезпечення сумісності та безпеки, підкреслюють важливість інтеграції сучасних технологій, кібербезпеки й ефективного управління інформацією для покращення мережевого управління та забезпечення якості надання послуг громадянам. З’ясовано, що науковці застосовують поняття «управління мережевою безпекою» та обґрунтовують підходи щодо удосконалення її архітектури, тлумачачи цей процес як набір рішень і стратегій, призначених для реалізації комплексного управління інформаційним обігом у мережах організації. Наголошено, що інформаційна та кібербезпека стають ключовими елементами сучасного державного управління в усіх сферах суспільного розвитку, а використання автоматизованої та інтегрованої архітектури її функціонування дозволяє забезпечити належну якість мережевого управління

The development of a framework for enterprise security architecture and its application in organizations

The main purpose of this study is to develop an enterprise security framework that is based on a comprehensive following the Zachman EA architecture. The enterprise architecture (EA) is a long-term view or blueprint for an organization. It is a very important blueprint for balancing business and IT technology and for adding value to an organization. Security is also an essential dimension for enterprises nowadays. This paper will incorporate the security dimension with the Zachman EA framework, which intends to serve as an enterprise security framework in assisting an organization to successfully and effectively implement security

Towards a Sustainable and Efficient Component-based Information Security Framework

Information security and information systems (IS) security both have top management priority in many companies and organizations. In various information security models researchers recommend several important components to sustainably and efficiently enforce information security. There is little research aiming at approaches that combine theoretically and empirically substantiated principles. To fill this research gap, the aim of this paper is to discuss the adequacy of “academic” information security components, to analyze practical relevance using an empirical study and to consolidate identified factors using a principle component analysis to enhance applicability. Findings suggest two main factors which are identified as short-term and long-term as well as 18 sub-components. The results can assist companies and organizations in sustainably and efficiently implementing information security