Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users’ compliance to information security policies. We contribute to this literature by arguing that proper implementation of security policies requires effective training. Specifically, we argue that adherence to security policies could be improved by using training strategies where written policies are ‘shown’. To test our assertion, we use a scenario that users often face when browsing – installation of java applets. Based on previous literature, we identified key antecedents of compliance and tested their effectiveness in an experimental setting. One group of users received guidance from a written policy, whereas the other group was ‘shown’ the meaning of the written policy in the form of a video. Our contribution is simple yet powerful – effective information security training can be accomplished when users are shown the reasons behind the written policies. In other words, in addition to written policies, it is beneficial to actually ‘show’ what the policies accomplish

Privacy Threat Model for Data Portability in Social Network Applications

The advent of the participatory Web and social network applications has changed our communication behavior and the way we express ourselves on the Web. Social network application providers benefit from the increasing amount of personally identifiable information willingly displayed on their sites but, at the same time, risks of data misuse threaten the information privacy of individual users as well as the providers’ business model. From recent research, this paper reports the major requirements for developing privacy-preserving social network applications and proposes a privacy threat model that can be used to enhance the information privacy in data or social network portability initiatives by determining the issues at stake related to the processing of personally identifiable information

Java Applet Awareness Impacting User Web Browsing Behavior

The purpose of this study is to investigate the web browsing behaviors of computer users and how awareness about threats impacts their behaviors. This research focused on how users behave towards web browser alerts which prompt users to install Java Applets. Applets have become common tools for enhancing user experience. However, installing these features overrides security mechanisms inherent in browsers and provides complete access to users’ computing resources. A survey was administered to two separate groups of students from the University of Massachusetts Boston to collect data. The first group took the survey after being given a few details about the study. The same survey was then given to a second set of students after they watched a video. The video educated participants on the dangers of installing Java Applets. Results showed that after watching the video participants had increased Java Applet Security Awareness and Information Security Awareness. This study can inform management on effective training procedures to improve compliance with security

Does This Icon Tell Me This Site Is Secure?: A Study Of User Perceptions

This research examined how people perceive current site connection indicator icons and corresponding informational message statements found in six web browsers. The paper begins by providing some background of the research area as well as an overview of the site connection indicator icon and informational message statement. An online survey was also conducted, which asked participants to best match statements from the informational messages with site connection indicator icons. The main finding of this research was that based on the wording of the informational message statements, participants often chose corresponding site connection indicator icons in a manner similar to how web browser developers paired the site connection indicator icons and informational message statements. This provides evidence that web browser users perceive the informational message statements as generally matching the site connection indicator icons that represent them.Master of Science in Information Scienc

Factors and Predictors of Online Security and Privacy Behavior

Assumptions and habits regarding computer and Internet use are among the major factors which influence online privacy and security of Internet users. In our study a survey was performed on 312 subjects (college students who are Internet users with IT skills) that investigated how assumptions and habits of Internet users are related to their online security and privacy. The following four factors of online security and privacy related behaviors were revealed in factor analysis: F1 – conscientiousness in the maintenance of the operating system, upgrading of the Internet browser and use of antivirus and antispyware programs; F2 –engagement in risky and careless online activities with lack of concern for personal online privacy; F3 – disbelief that privacy violations and security threats represent possible problems; F4 – lack of fear regarding potential privacy and security threats with no need for change in personal online behavior. Statistically significant correlations were found between some of the discovered factors on the one side, and criteria variables occurrence of malicious code (C1) and data loss on the home computer (C2) on the other. In addition, a regression analysis was performed which revealed that the potentially risky online behaviors of Internet users were associated with the two criteria variables. To properly interpret the results of correlation and regression analyses a conceptual model was developed of the potential causal relationships between the behavior of Internet users and their experiences with online security threats. An additional study was also performed which partly confirmed the conceptual model, as well as the factors of online security and privacy related behaviors

Developing a framework for e-commerce privacy and data protection in developing nations: a case study of Nigeria

The emergence of e-commerce has brought about many benefits to a country s economy and individuals, but the openness of the Internet has given rise to misuse of personal data and Internet security issues. Therefore, various countries have developed and implemented cyber-security awareness measures to counter this. However, there is currently a definite lack in this regard in Nigeria, as there are currently, little government-led and sponsored Internet security awareness initiatives. In addition, a security illiterate person will not know of the need to search for these awareness programmes online, particularly in Nigeria s case, where personal information security may not be regarded as an overly important issue for citizens. Therefore, this research attempts to find a means to reduce the privacy and data protection issues. It highlights the privacy and data protection problem in developing countries, using Nigeria as a case study, and seeks to provide a solution focusing on improving Internet security culture rather than focusing on solely technological solutions. The research proves the existence of the privacy and data protection problem in Nigeria by analysing the current privacy practices, Internet users perceptions and awareness knowledge, and by identifying factors specific to Nigeria that influence their current privacy and data protection situation. The research develops a framework for developing countries that consists of recommendations for relevant stakeholders and awareness training. In the case of Nigeria, the stakeholders are the government and organisations responsible for personal information security, and an awareness training method has been created to take into account Nigeria s unique factors. This training method encompasses promoting Internet security awareness through contextual training and promoting awareness programmes. Industry experts and Nigerian Internet users validated the framework. The findings obtained from the validation procedure indicated that the framework is applicable to the current situation in Nigeria and would assist in solving the privacy and Internet problem in Nigeria. This research offers recommendations that will assist the Nigerian government, stakeholders such as banks and e commerce websites, as well as Nigerian Internet users, in resolving the stated problems

Vie privée en commerce électronique

Thèse numérisée par la Direction des bibliothèques de l'Université de Montréal