Cyber Risk Perception in the Maritime Domain: A Systematic Literature Review

This paper aims to present an approach to investigate cyber risk perception with use of recognized psychological models, and to give an overview of state-of-the-art research within the field of cyber risk perception in general and in the context of the maritime domain. The focus will be on determinative dimensions within the psychometric paradigm and cognitive biases, and to give recommendations on further research within these fields. Okoli and Schabram’s eight-step guide to plan, select, extract, and execute a systematic literature review is used as guidance. The search process resulted in 25 relevant articles which describes 24 dimensions of cyber risk perception in different online environments. Research within the area of maritime cyber security is increasing, however, no studies relevant for our literature review were found within the maritime domain. The nine dimensions in the psychometric model, perceived benefit and the optimistic bias is presented and discussed in a maritime context. Cyber risk perception is a complex research-area where both determinative factors and other cognitive processes can be influenced by each other. This can indicate that the dimensions differ across populations and professions, creating grounds for why context-specific studies are important. Further research may benefit from more multidisciplinary, descriptive, and inductive approaches, and contextual studies within maritime cyber risk perception can contribute to develop targeted tools for risk mitigation to enhance safety at sea.publishedVersio

Investigating People’s Privacy Risk Perception

Although media reports often warn about risks associated with using privacy-threatening technologies , most lay users lack awareness of particular adverse consequences that could result from this usage. Since this might lead them to underestimate the risks of data collection, we investigate how lay users perceive different abstract and specific privacy risks. To this end, we conducted a survey with 942 participants in which we asked them to rate nine different privacy risk scenarios in terms of probability and severity. The survey included abstract risk scenarios as well as specific risk scenarios, which describe specifically how collected data can be abused, e.g., to stalk someone or to plan burglaries. To gain broad insights into people\u27s risk perception, we considered three use cases: Online Social Networks (OSN), smart home, and smart health devices. Our results suggest that abstract and specific risk scenarios are perceived differently, with abstract risk scenarios being evaluated as likely, but only moderately severe, whereas specific risk scenarios are considered to be rather severe, but only moderately likely. People, thus, do not seem to be aware of specific privacy risks when confronted with an abstract risk scenario. Hence, privacy researchers or activists should make people aware of what collected and analyzed data can be used for when abused (by the service or even an unauthorized third party)

Perceção individual sobre a transmissibilidade dos dados pessoais no online

O uso dos dados pessoais de consumidores, é percecionado pelas empresas como uma atividade capaz de criar valor em termos de negócio. A ascensão do fenómeno das redes sociais, tem convidado à crescente partilha de informação por parte dos utilizadores-consumidores, permitindo a sua recolha, tratamento e uso, de forma a agregar uma maior disponibilização de informação por parte das empresas que atuam neste setor. Entender como a gestão de privacidade é afetada pelas perceções individuais, é um desafio relevante na área de gestão de privacidade (Soczka, 2014). Por conseguinte, é objetivo deste estudo determinar que sentimentos estão inerentes à partilha de dados pessoais no online, assim como as variações na partilha de informação pessoal mediante a área a que se destina. A natureza do estudo é quantitativa. O questionário de investigação deste estudo foi desenvolvido através da revisão da literatura, posteriormente partilhado nas redes sociais, tendo sido recolhidos 103 questionários válidos. A análise de dados foi realizada utilizando os programas IBM SPSS Statistics e excell. Os resultados obtidos, permitem compreender que perceções tem a população relativamente à partilha de dados, sugerindo que a perceção individual sobre a transmissibilidade dos dados pessoais no online começa a ser uma área de intresse para a sociedade, uma vez que existe uma maior sensibilização para os perigos no online, apesar de isso não refletir um maior índice de conhecimento sobre o assunto. O caminho para uma sociedade mais eficaz e eficiente, tem um determinado preço ou consequência, nomeadamente a nossa liberdade e privacidade.The use of consumer personal data is perceived by companies as an activity capable of creating value in terms of business. The rise of the phenomenon of social networks has invited the increasing sharing of information by users-consumers, allowing its collection, treatment and use, in order to add a greater availability of information by companies operating in this sector. Understanding how privacy management is affected by individual perceptions is a relevant challenge in the area of privacy management (Soczka, 2014). Therefore, the objective of this study is to determine what feelings are inherent to the sharing of personal data online, as well as the variations in the sharing of personal information according to the area for which it is intended. The nature of the study is quantitative. The investigation questionnaire of this study was developed through a literature review, later shared on social networks, having collected 103 valid questionnaires. Data analysis was performed using IBM SPSS Statistics and excell programs. The results obtained allow us to understand what perceptions the population has regarding data sharing, suggesting that the individual perception of the transmissibility of personal data online is beginning to be an area of interest for society, since there is a greater awareness of the dangers online, although this does not reflect a higher level of knowledge on the subject. The path to a more effective and efficient society has a certain price or consequence, namely our freedom and privacy

“Access denied”? Barriers for staff accessing, using and sharing published information online within the National Health Service (NHS) in England: technology, risk, culture, policy and practice

The overall aim of the study was to investigate barriers to online professional information seeking, use and sharing occurring within the NHS in England, their possible effects (upon education, working practices, working lives and clinical and organisational effectiveness), and possible explanatory or causative factors. The investigation adopted a qualitative case study approach, using semi-structured interviews and documentary analysis as its methods, with three NHS Trusts of different types (acute - district general hospital, mental health / community, acute – teaching) as the nested sites of data collection. It aimed to be both exploratory and explanatory. A stratified sample of participants, including representatives of professions whose perspectives were deemed to be relevant, and clinicians with educational or staff development responsibilities, was recruited for each Trust. Three non-Trust specialists (the product manager of a secure web gateway vendor, an academic e-learning specialist, and the senior manager at NICE responsible for the NHS Evidence electronic content and web platform) were also interviewed. Policy documents, statistics, strategies, reports and quality accounts for the Trusts were obtained via public websites, from participants or via Freedom of Information requests. Thematic analysis following the approach of Braun and Clarke (2006) was adopted as the analytic method for both interviews and documents. The key themes of the results that emerged are presented: barriers to accessing and using information, education and training, professional cultures and norms, information governance and security, and communications policy. The findings are discussed under three main headings: power, culture, trust and risk in information security; use and regulation of Web 2.0 and social media, and the system of professions. It became evident that the roots of problems with access to and use of such information lay deep within the culture and organisational characteristics of the NHS and its use of IT. A possible model is presented to explain the interaction of the various technical and organisational factors that were identified as relevant. A number of policy recommendations are put forward to improve access to published information at Trust level, as well as recommendations for further research

Risk perception of internet-related activities

When people choose to engage in an online activity, such as doing their banking online, or making a purchase through an online merchant, they are making a trust decision about the supplier and source of the website in question. It appears that a large majority of users commonly place their trust in most, if not all, websites they encounter, and this causes significant security problems. Any solutions proposed to reduce the threat of online attacks must include a consideration of the psychological processes of the end users. This paper presents a study with the aim of understanding users' perceptions of the risks involved in engaging in online interactions. Our main findings suggest that users report higher risks associated with activities that are related to finances, such as online banking and online purchases, but attribute lower risk to online activities that are less financially-related, such as using a search engine or engaging in social networking, which are highly valued targets for attackers