Creating an Ethical Awareness Using the Internet

Information access via the Internet becomes easier, more information becomes available, and more people access that information. Almost daily there are newspaper articles describing security breaches, viruses or other questionable behavior on the Internet. Therefore, the Information Superhighway provides opportunities that have not been previously addressed either legally or ethically. Information Systems (IS) students must not only learn technology and its uses, but must address the social and ethical issues that constantly arise. This paper uses the Internet to develop examples of ethical and legal issues the students face as they graduate into the business organization. A five step ethical analysis offers five moral dimensions of the information age - 1) Information Rights, 2) Property Rights, 3) Accountability, Liability and Control, 4) System Quality, 5) Quality of Life. These five themes encompass concerns often raised in discussions about ethics and information technology. Using these topics, some examples for integration of ethics throughout the undergraduate IS curriculum using the Internet, have been developed. These examples need not be limited to a specific IS course, but can be incorporated throughout the Information Systems undergraduate curriculum. Students need to develop an awareness of ethical issues surrounding emerging technologies

Measuring attitude towards personal data for adaptive cybersecurity

Purpose: This paper presents an initial development of a Personal Data Attitude (PDA) measurement instrument based on established psychometric principles. The aim of the research was to develop a reliable measurement scale for quantifying and comparing attitudes towards personal data that can be incorporated into cybersecurity behavioral research models. Such a scale has become necessary for understanding individuals’ attitudes towards specific sets of data as more technologies are being designed to harvest, collate, share and analyze personal data. Design/methodology/approach: An initial set of 34 five-point Likert style items were developed with 8 sub-scales and administered to participants online. The data collected were subjected to Exploratory and Confirmatory factor analysis and some MANOVA. The results are consistent with multi-dimensionality of attitude theories and suggest the adopted methodology for the study is appropriate for future research with a more representative sample. Findings: Factor analysis of 247 responses identified 6 constructs of individuals’ attitude towards personal data: Protective Behavior, Privacy Concerns, Cost-Benefit, Awareness, Responsibility and Security. This paper illustrates how the PDA scale can be a useful guide for information security research and design by briefly discussing the factor structure of the PDA and related results. Originality/value: This study addresses a genuine gap in the research by taking the first step towards establishing empirical evidence for dimensions underlying personal data attitudes. It also adds a significant benchmark to a growing body of literature on understanding and modelling computer users’ security behaviors

Privacy in crowdsourcing:a systematic review

The advent of crowdsourcing has brought with it multiple privacy challenges. For example, essential monitoring activities, while necessary and unavoidable, also potentially compromise contributor privacy. We conducted an extensive literature review of the research related to the privacy aspects of crowdsourcing. Our investigation revealed interesting gender differences and also differences in terms of individual perceptions. We conclude by suggesting a number of future research directions.</p

A comparative study of cloud services use by prospective IT professionals in five countries

Individuals and organizations utilise the cloud technology and its services in various ways. Cloud-based services are becoming increasingly popular, while there is no adequate knowledge offered for their secure use in the education for future IT professionals. It is important to understand how security and privacy issues are perceived and handled by male/female users and IT professionals of different cultures. The authors aim at presenting and scrutinizing information about cloud services’ use by prospective IT professionals in five countries, namely China, Finland, Greece, Nepal, and the UK. In particular the authors, wanting to find out what are the future IT professionals’ conceptualisations and awareness, collected data from male and female IT students in higher education, who use (or not) cloud services. The authors further illustrate the research findings by proceeding to a comparative analysis considering different perspectives such as: gender, education background, national culture (values and culture), and IT-related knowledge. The final research outcomes reveal attention-grabbing information for future IT professionals’ skills, knowledge, and digital competencies. For the IT professionals and software quality engineering communities the latter comprise a body of realistic knowledge, worthy of note when designing curricula for security technology by accommodating practical and accessible solutions (e.g., cryptography-based cloud security) for developing and enhancing the IT professionals’ role

Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

The elicitation of key performance indicators of e-government providers: A bottom-up approach

Copyright @ 2013 EMCIS.Delivering an adequate e-Government service (e-service) is becoming more of a necessity in today's digital world. In order to improve e-services and increase the engagement of both users' and providers' side, studies on the performance evaluation of such provided e-services are taking places. However a clear identification of the key performance indicators from the e-Government providers’ side is not well explored. This shortcoming hampers the conduct of a holistic evaluation of an e-service provision from the perspective of its stakeholders in order to improve e-services as well as to increase e-services take-ups. In this paper, a systematic process to identify indicators is implemented based on a bottom-up approach. The process used three focus-group meetings with providers, users, and academics in Qatar, Lebanon and UK to collect, identify and validate key indicators from the perspective of e-services’ providers. The approach resulted in the identification of five factors levels (service, technology, employees, policy and management and social responsibilities) with fifteen sub-categories of SMART variables. Hence, leading to the development of a new model, STEPS, that can fully explain and predict e-government success from the providers’ point of view. It will work as a strategic management tool to align various stakeholders on common goal and values based on evidence based evaluation of e-services using smart measurable indicators for the improvement of an e-service at the engagement level in the field of e-government. In addition, other fields can benefit from the outcome of this work, such as logistics service providers, who make their services available across new and existing relationships between the Internet commerce firms, their customers, and their vendors