Hybrid VFT/Delphi Method to Facilitate the Development of Information Security Strategies in Developing Countries

As systems become more interconnected the vulnerability to cyber attack also increases. The increased use of information and communication technology (ICT) in developing countries and the dangers associated with interconnectivity grows equally. The lack of an established guideline for information security planning and execution in developing countries further complicates this problem. There is the need for a holistic approach to information security planning. This study will use a combination of the Value Focused Thinking methodology and the measured Delphi Method to develop a framework that can assist decision makers and stakeholders in developing countries to craft and execute their information security strategies

A Conceptual Model of an Information Security Domain Knowledge Base

Information Security breaches and threats continue to grow worldwide. Securing information systems issues persist despite the development of several Information security standards. The low adoption rate of these security standards is one of the main contributing factors for this growing problem. As emerging economies seek to be a part of the digital economy it is prudent that they make information security a priority. The lack of effective Information Security Strategies in developing countries has resulted in these countries facing the problem of becoming targets for cyber criminals. In this research we present a Conceptual Model and a design of an Information Security Domain Knowledge Base (InfoSec DKB) that can assist in developing and managing information security strategies. This design is based on a combination of decision making, security and auditing frameworks, namely concepts of the Value Focused Thinking (VFT) approach used in decision making, the Guidelines for Management of IT security (ISO/IEC 27001), Control Objectives for Information and Related Technologies (COBIT)

A holistic multi-methodology for sustainable renovation

A review of the barriers for building renovation has revealed a lack of methodologies, which can promote sustainability objectives and assist various stakeholders during the design stage of building renovation/retrofitting projects. The purpose of this paper is to develop a Holistic Multi-methodology for Sustainable Renovation, which aims to deal with complexity of renovation projects. It provides a framework through which to involve the different stakeholders in the design process to improve group learning and group decision-making, and hence make the building renovation design process more robust and efficient. Therefore, the paper discusses the essence of multifaceted barriers in building renovation regarding cultural changes and technological/physical changes. The outcome is a proposal for a multi-methodology framework, which is developed by introducing, evaluating and mixing methods from Soft Systems Methodologies (SSM) with Multiple Criteria Decision Making (MCDM). The potential of applying the proposed methodology in renovation projects is demonstrated through a case study

Disruption Response Support For Inland Waterway Transportation

Motivated by the critical role of the inland waterways in the United States\u27 transportation system, this dissertation research focuses on pre- and post- disruption response support when the inland waterway navigation system is disrupted by a natural or manmade event. Following a comprehensive literature review, four research contributions are achieved. The first research contribution formulates and solves a cargo prioritization and terminal allocation problem (CPTAP) that minimizes total value loss of the disrupted barge cargoes on the inland waterway transportation system. It is tailored for maritime transportation stakeholders whose disaster response plans seek to mitigate negative economic and societal impacts. A genetic algorithm (GA)-based heuristic is developed and tested to solve realistically-sized instances of CPTAP. The second research contribution develops and examines a tabu search (TS) heuristic as an improved solution approach to CPTAP. Different from GA\u27s population search approach, the TS heuristic uses the local search to find improved solutions to CPTAP in less computation time. The third research contribution assesses cargo value decreasing rates (CVDRs) through a Value-focused Thinking based methodology. The CVDR is a vital parameter to the general cargo prioritization modeling as well as specifically for the CPTAP model for inland waterways developed here. The fourth research contribution develops a multi-attribute decision model based on the Analytic Hierarchy Process that integrates tangible and intangible factors in prioritizing cargo after an inland waterway disruption. This contribution allows for consideration of subjective, qualitative attributes in addition to the pure quantitative CPTAP approach explored in the first two research contributions

Individual values of GenZ in managing their Internet Privacy: a decision analytic assessment

A nossa investigação coloca a importância dos valores individuais como o centro de qualquer discussão sobre questões de privacidade. Os valores têm um papel essencial no discurso científico. Notamos que o conceito de valores é um dos poucos discutidos e utilizados em várias disciplinas das ciências sociais. Para isso, nesta investigação, apresentamos objetivos baseados em valores para a privacidade na Internet da GenZ. Os objetivos são classificados em duas categorias - os objetivos fundamentais e os meios para os atingir. Em síntese, os nossos seis objetivos fundamentais orientam a gestão das questões de privacidade da Internet da GenZ. Os objetivos são: Aumentar a confiança nas interações online; Maximizar a responsabilidade dos detentores de dados; Maximizar o direito à privacidade; Maximizar a capacidade individual de gerir o controlo da privacidade; Maximizar a percepção da funcionalidade da plataforma; Garantir que os dados pessoais não são alterados. Coletivamente, os objetivos fundamentais e de meios são uma base valiosa para a GenZ avaliar a sua postura de privacidade. Os objetivos também são úteis para que as empresas de media social e outras plataformas relacionadas elaborem as suas políticas de privacidade de acordo com o que a GenZ deseja. Finalmente, os objetivos são uma ajuda útil para o desenvolvimento de leis e regulamentos; Individual values of GenZ in managing their Internet Privacy: a decision analytic assessment Abstract: Online privacy is a growing concern. As individuals and businesses connect, the problem of privacy continues to remain significant. In this thesis, we address three primary questions - What are the individual values of GenZ concerning online privacy? What are the fundamental objectives of GenZ in terms of protecting their online privacy? What are the means objectives GenZ consider for protecting their online privacy? We argue that online privacy for GenZ is vital to protect. We also argue that protection can be ensured if we understand and know what privacy-related values behold GenZ and define their objectives accordingly. Our research brings the importance of individual values to be central to any discussion of privacy concerns. Values have an essential place in scientific discourse. We note that the concept of values is one of the very few discussed and employed across several social science disciplines. To that effect, in this research, we present value-based objectives for GenZ internet privacy. The objectives are classified into two categories – the fundamental objectives and the means to achieve them. In a final synthesis, our six fundamental objectives guide the management of GenZ Internet Privacy Concerns. The objectives are: Increase trust in online interactions; Maximize responsibility of data custodians; Maximize right to be left alone; Maximize individual ability to manage privacy controls; Maximize awareness of platform functionality; Ensure that personal data does not change. Collectively our fundamental and means objectives are a valuable basis for GenZ to evaluate their privacy posture. The objectives are also helpful for the social media companies and other related platforms to design their privacy policies according to the way GenZ wants. Finally, the objectives are a helpful policy aid for developing laws and regulations

An information security risk-driven investment model for analysing human factors

Purpose The purpose of this paper is to introduce a risk-driven investment process model for analysing human factors that allows information security managers to capture possible risk–investment relationships and to reason about them. The overall success of an information security system depends on analysis of the risks and threats so that appropriate protection mechanism can be in place to protect them. However, lack of appropriate analysis of risks may potentially results in failure of information security systems. Existing literature does not provide adequate guidelines for a systematic process or an appropriate modelling language to support such analysis. This work aims to fill this gap by introducing the process and reason about the risks considering human factors. Design/methodology/approach To develop risk-driven investment model along with the activities that support the process. These objectives were achieved through the collection of quantitative and qualitative data utilising requirements engineering and secure tropos methods. Findings The proposed process and model lead to define a clear relationship between risks, incidents and investment and allows organisations to calculate them based on their own figures. Research limitations/implications One of the major limitations of this model is that it only supports incident-based investment. This creates some sort of difficulties to be presented to the executive board. Secondly, because of the nature of human factors, quantification does not exactly reflect the monetary value of the factors. Practical implications Applying the information security risk-driven investment model in a real case study shows that this can help organisations apply and use it in other incidents, and more importantly, to the incidents which critical human factors are a grave concern of organisations. The importance of providing a financial justification is clearly highlighted and provided for seeking investment in information security. Social implications It has a big social impact that technically could lead for cost justifications and decision-making process. This would impact the whole society by helping individuals to keep their data safe. Originality/value The novel contribution of this work is to analyse specific critical human factors which have subjective natures in an objective and dynamic domain of risk, security and investment. </jats:sec

Framework for Dealing with Uncertainty in the Port Planning Process: An Icelandic Case of the Ports of Isafjordur Network

Ports have always been evolving to satisfy the new or changing demands of stakeholders. In this unstable world, ports as dynamic systems are developed under a high degree of uncertainty. Furthermore, black-swan events, for instance, the financial crisis in 2008, the avalanche in Flateyri (Iceland) in 2020, the COVID-19 pandemic in 2020-2021 make successful port planning a challenging task. Indeed, the ever-increasing complexity of a port system and its long technical lifetime make uncertainty considerations inevitable in the planning process. Therefore, this research presents a structured framework to deal with uncertainties, including opportunities and vulnerabilities, in the port planning process. To this end, a structured stakeholder analysis is performed to effectively and timely engage stakeholders in the planning process. Fuzzy logic 3-dimensional decision surface is used to identify the salient stakeholders. Subsequently, the success of the future port is defined in terms of the specific objectives of the stakeholders. To develop this definition, a problem structuring method and fuzzy multi-attribute group decision-making method are synthesized. Then, a port throughput forecast is conducted that accounts for epistemic uncertainty, including model and parameters uncertainties, and thus increases the reliability of forecast results. The method identifies the influencing macroeconomic variables on port throughput by mutual information and then applies the Bayesian statistical method to forecast the port throughput. Effective actions are planned to seize opportunities and manage vulnerabilities that manifest in the projected lifetime. Therefore, the port can adapt or better withstand the vagaries of the future. The nonlinearity of dealing with uncertainty by application of the framework provides a robust and better plan toward its success. The framework supports decision making under uncertainty and facilitates adaptive port planning. The framework is applied to the Ports of Isafjordur Network in Iceland. The results indicate that the uncertainties mainly present opportunities in the short-time horizon, while in the middle-time horizon the port network is confronted with multiple vulnerabilities.Hið öfluga og sívaxandi flókna eðli hafnarkerfa í margbreytilegum heimi skapar mikla óvissu varðandi þróunaráætlanir hafna. Enn fremur þá leiða óvæntir atburðir, svonefndir svartir svanir, eins og til dæmis efnahagshrunið 2008, snjóflóðið á Flateyri 2020 og COVID-19 faraldurinn, til þess að skipulagsgerð hafna er sérstaklega krefjandi verkefni sem er háð mikilli óvissu. Flækjustig hafnarkerfa og óvissa á löngum líftíma hafna gerir það óumflýjanlegt að taka tillit til óvissu í skipulagsferlinu. Þessi rannsókn setur fram skipulagsramma til að takast á við óvissu, þar á meðal tækifæri og veikleika, í skipulagsferli hafnar. Þessi rannsókn kynnir skipulagða hagsmunagreiningu til að virkja hagsmunaaðila hafna tímanlega í skipulagsferlinu. Þrívíddar ákvörðunaryfirborð byggt á loðinni (e. fuzzy) rökfræði er notað til að bera kennsl á mikilvæga hagsmunaaðila með mismunandi áhrif og hagsmuni. Í kjölfarið er árangur skipulagsins skilgreindur út frá markmiðum hagsmunaaðila og með samtvinnun eldri aðferðar og loðinnar rökfræði. Notuð er aðferð við gerð spár fyrir flæði um höfnina sem tekur tillit til þekkingaróvissu og eykur þannig áreiðanleika niðurstaðna spárinnar. Aðferðin skilgreinir þjóðhagslega áhrifaþætti á afkastagetu hafna með aðferð gagnkvæmra upplýsinga (e. mutual information) og beitir síðan Bayesískri tölfræði til að spá fyrir um afköst hafnarinnar. Árangursríkar aðgerðir eiga að geta nýtt tækifæri og takmarkað veikleika á áætluðum líftíma hafnarinnar, þar sem höfnin getur aðlagast eða þolað duttlunga framtíðarinnar betur. Sá ólínuleiki í að takast á við óvissu með því að beita skipulagsrammanum stuðlar að betra hafnarskipulagi. Skipulagsamminn styður ákvarðanatöku í óvissu umhverfi með því að auðvelda sveigjanlega skipulagsgerð fyrir hafnir. Skipulagsrammanum er beitt á hafnir Ísafjarðar. Helstu niðurstöður benda til þess að óvissan feli aðallega í sér tækifæri til skamms tíma, en til lengri tíma stendur hafnarkerfið frammi fyrir veikleikum.University of Iceland, Municipality of Isafjordur, Icelandic Road and Coastal AdministrationFina

Manipulation of Online Reviews: Analysis of Negative Reviews for Healthcare Providers

There is a growing reliance on online reviews in today’s digital world. As the influence of online reviews amplified in the competitive marketplace, so did the manipulation of reviews and evolution of fake reviews on these platforms. Like other consumer-oriented businesses, the healthcare industry has also succumbed to this phenomenon. However, health issues are much more personal, sensitive, complicated in nature requiring knowledge of medical terminologies and often coupled with myriad of interdependencies. In this study, we collated the literature on manipulation of online reviews, identified the gaps and proposed an approach, including validation of negative reviews of the 500 doctors from three different states: New York and Arizona in USA and New South Wales in Australia from the RateMDs website. The reviews of doctors was collected, which includes both numerical star ratings (1-low to 5-high) and textual feedback/comments. Compared to other existing research, this study will analyse the textual feedback which corresponds to the clinical quality of doctors (helpfulness and knowledge criteria) rather than process quality experiences. Our study will explore pathways to validate the negative reviews for platform provider and rank the doctors accordingly to minimise the risks in healthcare

Value focused assessment of cyber risks to gain benefits from security investments

Doutoramento em GestãoCom a multiplicação de dispositivos tecnológicos e com as suas complexas interacções, os ciber riscos não param de crescer. As entidades supervisoras estabelecem novos requisitos para forçar organizações a gerir os ciber riscos. Mesmo com estas crescentes ameaças e requisitos, decisões para a mitigação de ciber riscos continuam a não ser bem aceites pelas partes interessadas e os benefícios dos investimentos em segurança permanecem imperceptíveis para a gestão de topo. Esta investigação analisa o ciclo de vida da gestão de ciber risco identificando objectivos de mitigação de ciber risco, capturados de especialistas da área, prioritizando esses objectivos para criar um modelo de decisão para auxiliar gestores de risco tendo em conta vários cenários reais, desenvolvendo um conjunto de princípios de gestão de risco que possibilitam o estabelecimento de uma base para a estratégia de ciber risco aplicável e adaptável às organizações e finalmente a avaliação dos benefícios dos investimentos em segurança para mitigação dos ciber riscos seguindo uma abordagem de melhoria contínua. Duas frameworks teóricas são integradas para endereçar o ciclo de vida completo da gestão de ciber risco: o pensamento focado em valor guia o processo de decisão e a gestão de benefícios assegura que os benefícios para o negócio são realizados durante a implementação do projecto, depois de tomada a decisão para investir numa solução de segurança para mitigação do ciber risco.With the multiplication of technological devices and their multiple complex interactions, the cyber risks keep increasing. Supervision entities establish new compliance requirements to force organizations to manage cyber risks. Despite these growing threats and requirements, decisions in cyber risk minimization continue not to be accepted by stakeholders and the business benefits of security investments remain unnoticed to top management. This research analyzes the cyber risk management lifecycle by identifying cyber risk mitigation objectives captured from subject matter experts, prioritizing those objectives in a cyber risk management decision model to help risk managers in the decision process by taking into account multiple real scenarios, developing the baseline of cyber risk management principles to form a cyber risk strategy applicable and adaptable to current organizations and finally evaluating the business benefits of security investments to mitigate cyber risks in a continuous improvement approach. Two theoretical frameworks are combined to address the full cyber risk management lifecycle: value focused thinking guides the decision process and benefits management ensures that business benefits are realized during project implementation, after the decision is taken to invest in a security solution to mitigate cyber risk.info:eu-repo/semantics/publishedVersio

A Risk-Driven Investment Model for Analysing Human Factors in Information Security

Information systems are of high importance in organisations because of the revolutionary industrial transformation undergone by digital and electronic platforms. A wide range of factors and issues forming the current business environments have created an unprecedented level of uncertainty and exposure to risks in all areas of strategic and operational activities in organisations including IT management and information security. Subsequently, securing these systems, which keep assets safe, serves organisational objectives. The Information Security System (ISS) is a process that organisations can adopt to achieve information security goals. It has gained the attention of academics, businesses, governments, security and IT professionals in recent years. Like any other system, the ISS is highly dependent on human factors as people are the primary concern of such systems and their roles should be taken into consideration. However, identifying reasoning and analysing human factors is a complex task. This is due to the fact that human factors are hugely subjective in nature and depend greatly on the specific organisational context. Every ISS development has unique demands both in terms of human factor specifications and organisational expectations. Developing an ISS often involves a notable proportion of risk due to the nature of technology and business demands; therefore, responding to these demands and technological challenges is critical. Furthermore, every business decision has inherent risk, and it is crucial to understand and make decisions based on the cost and potential value of that risk. Most research is solely concentrated upon the role of human factors in information security without addressing interrelated issues such as risk, cost and return of investment in security. The central focus and novelty of this research is to develop a risk-driven investment model within the security system framework. This model will support the analysis and reasoning of human factors in the information system development process. It contemplates risk, cost and the return of investment on security controls. The model will consider concepts from Requirements Engineering (RE), Security Tropos and organisational context. This model draws from the following theories and techniques: Socio-technical theory, Requirements Engineering (RE), SWOT analysis, Delphi Expert Panel technique and Force Field Analysis (FFA). The findings underline that the roles of human factors in ISSs are not being fully recognised or embedded in organisations and there is a lack of formalisation of main human factors in information security risk management processes. The study results should confirm that a diverse level of understanding of human factors impacts security systems. Security policies and guidelines do not reflect this reality. Moreover, information security has been perceived as being solely the domain of IT departments and not a collective responsibility, with the importance of the support of senior management ignored. A further key finding is the validation of all components of the Security Risk-Driven Model (RIDIM). Model components were found to be iterative and interdependent. The RIDIM model provides a significant opportunity to identify, assess and address these elements. Some elements of ISSs offered in this research can be used to evaluate the role of human factors in enterprise information security; therefore, the research presents some aspects of computer science and information system features to introduce a solution for a business-oriented problem. The question of how to address the psychological dimensions of human factors related to information security would, however, be a rich topic of research on its own. The risk-driven investment model provides tangible methods and values of relevant variables that define the human factors, risk and return on investment that contribute to organisations’ information security systems. Such values and measures need to be interpreted in the context of organisational culture and the risk management model. Further research into the implementation of these measurements and evaluations for improving organisational risk management is required