Reducing the risk of e-mail phishing in the state of Qatar through an effective awareness framework

In recent years, cyber crime has focused intensely on people to bypass existing sophisticated security controls; phishing is one of the most common forms of such attack. This research highlights the problem of e-mail phishing. A lot of previous research demonstrated the danger of phishing and its considerable consequences. Since users behaviour is unpredictable, there is no reliable technological protective solution (e.g. spam filters, anti-viruses) to diminish the risk arising from inappropriate user decisions. Therefore, this research attempts to reduce the risk of e-mail phishing through awareness and education. It underlines the problem of e-mail phishing in the State of Qatar, one of world s fastest developing countries and seeks to provide a solution to enhance people s awareness of e-mail phishing by developing an effective awareness and educational framework. The framework consists of valuable recommendations for the Qatar government, citizens and organisations responsible for ensuring information security along with an educational agenda to train them how to identify and avoid phishing attempts. The educational agenda supports users in making better trust decisions to avoid phishing that could complement any technical solutions. It comprises a collection of training methods: conceptual, embedded, e-learning and learning programmes which include a television show and a learning session with a variety of teaching components such as a game, quizzes, posters, cartoons and a presentation. The components were tested by trial in two Qatari schools and evaluated by experts and a representative sample of Qatari citizens. Furthermore, the research proves the existence and extent of the e-mail phishing problem in Qatar in comparison with the UK where people were found to be less vulnerable and more aware. It was discovered that Qatar is an attractive place for phishers and that a lack of awareness and e-law made Qatar more vulnerable to the phishing. The research identifies the factors which make Qatari citizens susceptible to e-mail phishing attacks such as cultural, country-specific factors, interests and beliefs, religion effect and personal characteristics and this identified the need for enhancing Qatari s level of awareness on phishing threat. Since literature on phishing in Qatar is sparse, empirical and non-empirical studies involved a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government

Investigating Information Security Policy Characteristics: Do Quality, Enforcement and Compliance Reduce Organizational Fraud?

Organizational fraud, a deceitful practice or willful device resorted to with intent to deprive another of his right, or in some manner to do harm or injury, is a growing global concern. While cyberattacks from the outside are more expected, the internal security threat from trusted insiders is responsible for significantly more information compromise than external threats. Information systems make life easier but are increasingly used by employees to perpetrate fraudulent activities. For example, a trusted insider employee with access to sensitive customer databases could misappropriate information and sell it to a competitor for personal gain. These type losses are typical of organizational fraud averaging 5% of annual revenues, and current detection and prevention methods are not fully adequate to address the threat. This research examines how organizational fraud is affected by information security policy characteristics. We specifically study the effects of quality and enforcement as mediated by security compliance using a sampling of survey data from selected organizations. Our results show that increased quality and enforcement supports increased compliance. We found an inverse relationship between policy compliance and organizational fraud. Additionally, our model demonstrates that compliance fully mediates between policy quality, policy enforcement, and the dependent variable fraud

Managing Risk and Information Security: Protect to Enable (Second Edition)

Computer scienc

SNS Use, Risk, and Executive Behavior

Andrew Green April 2020 Personal social networking sites (SNS) are popular outlets for people to share information about themselves, their family and friends, and their personal and professional lives. On the surface, the information shared may seem to be innocuous or nonthreatening. However, prior studies have shown that cybercriminals can take information shared via personal SNS and use it to conduct attacks against organizations. Organization executives are of particular interest to cybercriminals because they have access to sensitive data, and they also have the ability to command actions from their subordinates. The purpose of this study was to explore what executive personal SNS behaviors pose financial risks to an organization. This study utilized grounded theory method (GTM) to interview nine information security professionals to discover their perceptions regarding executives’ personal SNS behaviors that could pose a financial risk to an organization. The researcher used a semistructured interview process in order to collect thick, rich data for analysis. Respondents came from a diverse array of industries, thus providing data from multiple perspectives. The resulting data analysis revealed four overarching dimensions: Loss of Intellectual Property or Sensitive Data; Compliance Violations; Harm to Reputation, and Fraudulent Transaction Loss. These overarching dimensions were supported by multiple themes, which were built on concepts identified from respondent interview data. These overarching dimensions were used to build an emergent theoretical model to explain what personal executive SNS behaviors pose financial risks to an organization

The Evolution of Smart Buildings: An Industrial Perspective of the Development of Smart Buildings in the 2010s

Over the course of the 2010s, specialist research bodies have failed to provide a holistic view of the changes in the prominent reason (as driven by industry) for creating a smart building. Over the 2010s, research tended to focus on remaining deeply involved in only single issues or value drivers. Through an analysis of the author’s peer reviewed and published works (book chapters, articles, essays and podcasts), supplemented with additional contextual academic literature, a model for how the key drivers for creating a smart building have evolved in industry during the 2010s is presented. The critical research commentary within this thesis, tracks the incremental advances of technology and their application to the built environment via academic movements, industrial shifts, or the author’s personal contributions. This thesis has found that it is demonstrable, through the chronology and publication dates of the included research papers, that as the financial cost and complexity of sensors and cloud computing reduced, smart buildings became increasingly prevalent. Initially, sustainability was the primary focus with the use of HVAC analytics and advanced metering in the early 2010s. The middle of the decade saw an economic transformation of the commercial office sector and the driver for creating a smart building was concerned with delivering flexible yet quantifiably used space. Driven by society’s emphasis on health, wellbeing and productivity, smart buildings pivoted their focus towards the end of the 2010s. Smart building technologies were required to demonstrate the impacts of architecture on the human. This research has evidenced that smart buildings use data to improve performance in sustainability, in space usage or for humancentric outcomes

AI, Robotics, and the Future of Jobs

This report is the latest in a sustained effort throughout 2014 by the Pew Research Center's Internet Project to mark the 25th anniversary of the creation of the World Wide Web by Sir Tim Berners-Lee (The Web at 25).The report covers experts' views about advances in artificial intelligence (AI) and robotics, and their impact on jobs and employment

Services on Multinationals Operating in Different Countries in Automation and Performance in Organizations as A New Way of Increasing Profit and Cutting Costs

The thesiss main purpose is to focus shared services on multinationals operating in different countries and take the automation process as a new way of increasing profit and cutting costs. However, on the other hand, the effect of automation on employment will be targeted. The thesis project is focused on papers that detail the above measures. They are combined, and the primary goal of the analysis is to illustrate that technology cannot substitute people. Does the research include the methodology for determining what a study report is? And what are the numerous kinds? Finally, it is shown that automation is efficient for businesses but cannot replace people on the other hand because creativity and the ability to develop new processes can never be at hand. We chose AZADEA for research support. We interviewed the operations manager and HR team semi-structured to show that although the shared service process is being implemented, it is important to keep our staff there

Using the Control Balance Theory to Explain Social Media Deviance

Online Social Media Deviance (OSMD) is one the rise; however, research in this area traditionally has lacked a strong theoretical foundation. Following calls to reveal the theoretical underpinnings of this complex phenomenon, our study examines the causes of OSMD from several novel angles not used in the literature before, including: (1) the influence of control imbalances (CIs) on deviant behavior, (2) the role of perceived accountability and deindividuation in engendering CI, (3) and the role of IT in influencing accountability and deindividuation. Using an innovative factorial survey method that enabled us to manipulate the IT artifacts for a nuanced view, we tested our model with 507 adults and found strong support for our model. The results should thus have a strong impetus not only on future SM research but also for social media (SM) designers who can use these ideas to further develop SM networks that are safe, supportive, responsible, and constructive

Social Engineering: How U.S. Businesses Strengthen the Weakest Link against Cybersecurity Threats

The purpose of this transcendental phenomenological qualitative study was to investigate how IS professionals working in U.S. businesses make sense of their lives and experiences as they address and prevent vulnerabilities to social engineering attacks. This larger problem was explored through an in-depth study of social engineering and its effect on IS professionals working in U.S. businesses operating within healthcare, financial services, and educational industries across the central and northwest regions of Louisiana. Through its use of a phenomenological research design, the study bridged a gap in the social engineering literature, which was primarily comprised of studies that utilized a quantitative methodology. The use of a qualitative approach allowed participants to give voice to their beliefs, thoughts, and motivations about the work they do. The findings, consisting of ten themes and two subthemes, present the essence of experience of six IS professionals addressing and preventing social engineering vulnerabilities in their workplace. The findings revealed that the lived experience of protecting an organization from social engineering attacks involves the unification of people across the enterprise to develop a strong security-minded culture. Additionally, participants shared two primary beliefs, (1) that social engineering attacks would never be eradicated and (2) that IS professionals depend on everyone in the organization to protect the organization from social engineering attacks. The study offers recommendations to IS professionals, business leadership, HR professionals, educators, consultants, vendors, and researchers

Individual Online Routines: External Guardianship, Personal Guardianship, and the Influence of Breaches

Computer crime increases in frequency and cost each year. Of all computer crimes, data breaches are the costliest to organizations. In addition to the harm data breaches cause to organizations, these breaches often involve the exposure of individuals personal data, placing the affected individuals at greater risk of computer crimes such as credit card fraud, tax fraud, and identity theft. Despite the breadth and severity of consequences for individuals, existing IS literature lacks coverage of how users respond to data breaches. Routine Activity Theory provides the studys theoretical frame. Routine Activity Theory states that crime occurs when the routine activities of a potential target place them in proximity to a motivated offender in the absence of a capable guardian. This work examines in detail the target-guardian dyad. Using semi-structured interviews, we inquire into potential antecedents to users beliefs about external guardians, how users beliefs about external guardians affect users online routines, and how this process alters in the aftermath of a data breach. This study employs a qualitative case study design to explore, at an individual level, the process by which users outside organizations determine their online routines, in light of their reliance for data protection on external guardians over which they have little to no control, and how the process is affected by awareness of a data breach. The cases selected are 1) the 2017 data breach at the consumer credit agency Equifax and 2) the Facebook Cambridge Analytica data compromise that became public in 2018. Our findings show that users individual, situational, and data characteristics affect users\u27 external guardianship beliefs and online routines. Additionally, under certain circumstances, users can fail to identify data guardians or develop adversarial feelings towards organizations that act as data guardians through control of user data. With some well-defined limitations, after data breaches users report changes in individual characteristics, perceptions of situational and data characteristics, and online routines. Based on these findings, we draw conclusions for future research and practice