The Value of User-Visible Internet Cryptography

Cryptographic mechanisms are used in a wide range of applications, including email clients, web browsers, document and asset management systems, where typical users are not cryptography experts. A number of empirical studies have demonstrated that explicit, user-visible cryptographic mechanisms are not widely used by non-expert users, and as a result arguments have been made that cryptographic mechanisms need to be better hidden or embedded in end-user processes and tools. Other mechanisms, such as HTTPS, have cryptography built-in and only become visible to the user when a dialogue appears due to a (potential) problem. This paper surveys deployed and potential technologies in use, examines the social and legal context of broad classes of users, and from there, assesses the value and issues for those users

An ontology based approach to data surveillance

Nowadays the terrorist threat took proportions that concern governments and the national security organizations, all over the world. A successful terrorist incident usually brings catastrophic results. However if a terrorist attack can be predicted and characterized, it may be possible to organize a proper intervention in order to avoid it or to reduce its impact. The management of information is becoming an important issue in the domain of security information systems. The information access and association, analysis and assessment, and finally exploitation have become the focus for all security information services and governments. Current surveillance approaches are not very efficient leading innocent citizen to the confrontation of law enforcement services. One reason for this, result from the difficulties of the current system to extract knowledge or concepts abstracted from massive databases of information. Knowledge based methods, such as ontologies can integrate data surveillance, and enable a proper data analyse improving the performance of the security information services. This paper intends to present a perspective about the use of ontologies in the context of data surveillance, and present its importance in the current security services domain.(undefined

ICIS Panel Summary: Should Institutional Trust Matter in Information Systems Research?

This paper summarizes and expands the panel on Should Institutional Trust Matter in Information Systems Research? that was presented during the ICIS 2005 Conference in Las Vegas. The panel was co-chaired by Paul A. Pavlou of the University of California and by David Gefen of Drexel University. The panelists were Izak Benbasat of the University of British Columbia, Harrison McKnight of Michigan State University, Katherine Stewart of the University of Maryland, and Detmar W. Straub of Georgia State University. There were about 150 people attending the panel and taking part in the lively discussion that pursued. Due to the interest the panel aroused, this paper expands on the topics discussed and presents them in a much broader perspective in a set of appendices

Towards a Heuristic Model for Usable and Secure Online Banking

The main purpose of this paper is to propose a heuristic model for usable and secure online banking. The model is based on identified heuristics that contribute to the design of usable security in the context of online banking security. Little research has focused on the balance between usability and security in online banking authentication mechanisms when evaluating the effectiveness of security systems. Nielsen’s ten usability principles are still fundamentally important in designing usable secure systems, as indicated by the analysis of heuristics developed from recent studies. Online banking users are vulnerable to numerous old and new sophisticated online security threats that are increasingly being developed and targeting this unsuspecting group of users. An investigation into this aspect of security design can certainly benefit both the online banking users and online banking merchants, and foster a secure and usable banking environment. In this paper, a heuristic model for usable online banking security is developed, based on security design principles found in literature. Using data collected from users of online banking in South Africa through a questionnaire and banking security personnel interviews, we envisaged refining the identified heuristics and developing a checklist for each heuristic used, for heuristic evaluation by field experts

Do Information Privacy Concerns Affect Students’ Feeling of Alienation?

Organizations such as universities collect and use personal data about customers such as students. How do students feel about their university’s practices related to the collection and use of personal data? Using data collected via a survey of 187 students at a large U.S. university, we investigate the effects of these two privacy concerns on students’ feeling of alienation. Implications of the results are discussed in light of ethics, strategy, design, control and administration of personal information management systems

Understanding user behavior towards passwords through acceptance and use modelling

The security of computer systems that store our data is a major issue facing the world. This research project investigated the roles of ease of use, facilitating conditions, intention to use passwords securely, experience and age on usage of passwords, using a model based on the Unified Theory of Acceptance and Use of technology. Data was collected via an online survey of computer users, and analyzed using PLS. The results show there is a significant relationship between ease of use of passwords, intention to use them securely and the secure usage of passwords. Despite expectations, facilitating conditions only had a weak impact on intention to use passwords securely and did not influence actual secure usage. Computing experience was found to have an effect on intention to use passwords securely, but age did not. The results of this research lend themselves to assisting in policy design and better understanding user behavior

Me, Myself and I: Aggregated and Disaggregated Identities on Social Networking Services

In this article I explore some of the legal issues arising from the transformation of SNS operators to providers of digital identity. I consider the implications of the involvement of private sector entities in the field of identity management and discuss some of the privacy implications, as well as the prospects for conciliation between online anonymity and pseudonymity, on the one hand, and the need for identifiability and accountability on the other hand.