Understanding computer security

Few things in society and everyday life have changed in the last 10 years as much as the concept of security. From bank robberies to wars, what used to imply a great deal of violence is now silently happening on the Internet. Perhaps more strikingly, the very idea of privacy – a concept closely related to that of individual freedom – is undergoing such a profound revolution that people are suddenly unable to make rational and informed decisions: we protested for the introduction of RFID tags (Kelly and Erickson, 2005; Lee and Kim, 2006) and now we throw away en-masse most of our private information by subscribing to services (social media, free apps, cloud services), which have their reason of existence in the commerce of intimate personal data. The ICT revolution has changed the game, and the security paradigms that were suitable for people and systems just up to 10 years ago are now obsolete. It looks like we do not know what to replace them with. As of today, we keep patching systems but we do not understand how to make them reasonably secure (Rice, 2007); perhaps more importantly, we do not understand what reasonable privacy guarantees are for human beings, let alone how to enforce them. We do not understand how to combine accountability and freedom in this new world, in which firewalls and digital perimeters cannot guarantee security and privacy any longer. We believe that the root of the challenge that we face is understanding security and how information technology can enable and support such an understanding. And just like security is a broad, multidisciplinary topic covering technical as well as non-technical issues, the challenge of understanding security is a multifaceted one, spanning across a myriad of noteworthy topics. Here, we mention just three that we consider particularly important

Environmental uncertainty and end-user security behaviour:a study during the COVID-19 pandemic

The COVID-19 pandemic has forced individuals to adopt online applications and technologies, as well as remote working patterns. However, with changes in technology and working patterns, new vulnerabilities are likely to arise. Cybersecurity threats have rapidly evolved to exploit uncertainty during the pandemic, and users need to apply careful judgment and vigilance to avoid becoming the victim of a cyber-attack. This paper explores the factors that motivate security behaviour, considering the current environmental uncertainty. An adapted model, primarily based on the Protection Motivation Theory (PMT), is proposed and evaluated using data collected from an online survey of 222 respondents from a Higher Education institution. Data analysis was performed using Partial Least Squares Structural Equation Modelling (PLS-SEM). The results confirm the applicability of PMT in the security context. Respondents’ behavioural intention, perceived threat vulnerability, response cost, response efficacy, security habits, and subjective norm predicted self-reported security behaviour. In contrast, environmental uncertainty, attitude towards policy compliance, self-efficacy and perceived threat severity did not significantly impact behavioural intention. The results show that respondents were able to cope with environmental uncertainty and maintain security behaviour

Understanding The Drivers of Interest in Fintech Adoption: Examining The Moderating Influence of Religiosity

Fintech is an innovation in financial services with the application of modern technology to introduce practicality, convenience, ease of access, and affordable costs. The purpose of this study was to examine the impact of attitudes, subjective norms, and behavioral control in the theory of planned behavior on interest in utilizing fintech, using religiosity as a moderation variable. This research is a quantitative study with explanatory research method to prove the research hypotheses. Data were gathered through the distribution of questionnaires to 570 respondents who had or were utilizing fintech, and analyzed using partial least squares (PLS). The findings revealed that attitudes, subjective standards, and behavioral control had a substantial impact on interest in utilizing fintech, while religiosity does not moderate the relationship between variables. As a result, fintech service providers are advised to increase positive assessments of the use of fintech services, to make use of social media, and to collaborate with influencers to hype up Indonesians' interest in using fintech. The research findings could be useful for increasing interest in utilizing fintech by engaging in tangible consumer financial and technology education that supports wider adoption of fintech. Keywords: planned behavior, subjective norm, behavioral control, fintec

Faculty Senate Monthly Packet April 2002

The April 2002 Monthly packet includes the April agenda and appendices and the Faculty Senate minutes and attachments from the meeting held March 2002

Determining Factors of Peer-to-Peer (P2P) Lending Avoidance: Empirical Evidence from Indonesia

P2P lending offers loans to the public with easy processes and terms. However, the level of P2P lending disbursements is still lower than that of the banks. In addition, a comparison of the number of users of P2P lenders and the productive age population of Indonesia shows that there are still many people who do not use P2P lending. This paper examines the factors that make Indonesians avoid P2P lending. This study used an online survey approach for its data collection and structural equation modeling (SEM) to analyze the data from 499 responses. The study found that the perceived threat from P2P lending is influenced by its perceived severity, perceived susceptibility, and risk tolerance. This perceived threat and social influences cause people’s avoidance motivation. This study contributes to the fintech literature by providing empirical evidence on the avoidance of P2P lending from the borrowers’ perspectives using the TTAT model. Other implications are an input for regulators/governments to enforce the rules for user protection and input for the P2P lending service providers to provide educational programs regarding the use of P2P lending

Intention to use new mobile payment systems: a comparative analysis of SMS and NFC payments

The rapid growth of mobile technology among the world’s population has led many companies to attempt to exploit mobile devices as an additional tool in the business of sales. In this sense, the main objective of our study resides in comparing the factors that determine the acceptance by consumers of the SMS (Short Message Service) and NFC (Near Field Communication) mobile payment systems as examples of means of future payment. The model used in our research applies the classic variables of the Technology Acceptance Model, as well as that of Perceived Security, a model deriving from the review of the major relevant recent literature. The results achieved in this study demonstrate that there are differences in the factors that determine the acceptance in each of the systems, as well as the level of the Intention to Use. Finally, we highlight the main implications for management and cite some strategies to reinforce this new business in the context of new technical developments

Organizational cloud security and control: a proactive approach

Purpose The purpose of this paper is to unfold the perceptions around additional security in cloud environments by highlighting the importance of controlling mechanisms as an approach to the ethical use of the systems. The study focuses on the effects of the controlling mechanisms in maintaining an overall secure position for the cloud and the mediating role of the ethical behavior in this relationship. Design/methodology/approach A case study was conducted, examining the adoption of managed cloud security services as a means of control, as well as a large-scale survey with the views of IT decision makers about the effects of such adoption to the overall cloud security. Findings The findings indicate that there is indeed a positive relationship between the adoption of controlling mechanisms and the maintenance of overall cloud security, which increases when the users follow an ethical behavior in the use of the cloud. A framework based on the findings is built suggesting a research agenda for the future and a conceptualization of the field. Research limitations/implications One of the major limitations of the study is the fact that the data collection was based on the perceptions of IT decision makers from a cross-section of industries; however the proposed framework should also be examined in industry-specific context. Although the firm size was indicated as a high influencing factor, it was not considered for this study, as the data collection targeted a range of organizations from various sizes. Originality/value This study extends the research of IS security behavior based on the notion that individuals (clients and providers of cloud infrastructure) are protecting something separate from themselves, in a cloud-based environment, sharing responsibility and trust with their peers. The organization in this context is focusing on managed security solutions as a proactive measurement to preserve cloud security in cloud environments

Preventing identity theft:identifying major barriers to knowledge-sharing in online retail organisations

Purpose: Knowledge-sharing (KS) for preventing identity theft has become a major challenge for organisations. The purpose of this paper is to fill a gap in the literature by investigating barriers to effective KS in preventing identity theft in online retail organisations. Design/methodology/approach: A framework was proposed based on a reconceptualisation and extension of the KS enablers framework (Chong et al., 2011). A qualitative case study research method was used for the data collection. In total, 34 semi-structured interviews were conducted in three online retail organisations in the UK. Findings: The findings suggest that the major barriers to effective KS for preventing identify theft in online retail organisations are: lack of leadership support; lack of employee willingness to share knowledge; lack of employee awareness of KS; inadequate learning opportunities; lack of trust in colleagues; insufficient information-sourcing opportunities and information and communications technology infrastructure; a weak KS culture; lack of feedback on performance; and lack of job rotation. Practical implications: The research provides solutions for removing existing barriers to KS in preventing identity theft. This is important to reduce the number of cases of identity theft in the UK. Originality/value: This research extends knowledge of KS in a new context: preventing identity theft in online retail organisations. The proposed framework extends the KS enablers framework by identifying major barriers to KS in the context of preventing identity theft

Layered Security Solutions Over Dependency Within Any Layer

Considering the advancement of computer systems and security solutions available in today\u27s constantly changing world, there are various philosophies as to what is required (or adequate) in order to protect a system. This investigative study proposed to explore a possible problem with employing a layered security solution\ over dependence or reliance on any layer. A risk analysis was performed to determine where over dependence or reliance could happen and what could be done to prevent this. Various reviews and other findings online were researched and the data compiled using a qualitative methodology. Lastly, a recommendation is made on what is needed to prevent this problem from happening and what can be learned from this

Cybercrimes prevention: promising organisational practices

Contextualising the special issu