Guidelines for Developers and Recommendations for Users to Mitigate Phishing Attacks:An Interdisciplinary Research Approach

Phishing attacks are common these days. If successful, these attacks cause psychological, emotional, and financial damage to the victims. Such damages may have a long-term impact. The overall objective of this Ph.D. research is to contribute to mitigating phishing victimization risks by exploring phishing prevalence, user-related risk factors, and vulnerable target groups and by designing (1) guidelines for social website developers focused on internet user vulnerabilities and (2) recommendations for users to avoid such attacks. The Ph.D. research acknowledges that phishing attacks are technical in nature, while the impact is financial and psychological. Therefore, an interdisciplinary research approach focusing on empirical research methods from social sciences (i.e., focus groups and surveys) and computer science (i.e., data-driven techniques such as machine learning) is adopted for the research. In particular, we aim to use a machine learning model for data analytics and quantitative and qualitative research design for psychological analysis. The research outcome of this Ph.D. work is expected to provide recommendations for internet users and organizations developing social-media-based software systems through more phishing aware development practices.</p

Compliance Checking of Shipment Request by Utilizing Process Mining Concepts:An Evaluation of Smart Auditing Framework

Risk regulations and compliance management require business controls automation. Business processes execution yield event logs and analysis of these logs can produce valuable knowledge for organizational product and/or service improvements. In this paper we have explored a monitoring scenario of shipment request and evaluated it on the basis of Smart auditing framework. A combination of process mining techniques and business process ontologies is evaluated on simulated data in order to identify the auditing/monitoring capability of PROM plug-in's. The initial evaluation revealed that rule based audit is successful on machine-crafted data in PROM tool. Moreover, this paper also highlights lack of automated rule translation in LTL-checker (PROM plug-in) for smart audit frameworks evaluations

Feeling good, bad or nothing: A Qualitative study of emotions towards mobile app permissions

Smartphone users install apps for various purposes. Before getting hands-on over the functionality of a desired app, a user must give several types of permissions such as access to camera, gallery, messages etc. Since giving app permission expose users to phone security and user privacy, this study seeks to investigate the user emotional experiences while they are going through the process of giving access to mobile ap

From Analysis of Information Needs towards an Information Model of Railway Infrastructure

Railway is a tightly coupled network, where the operations are directly effected by the condition of rail infrastructure. With the advancement of ICT, a railway network exploit various computerized systems for efficient railway monitoring, maintenance and operations. However, these systems suffer from number of limitations, mainly, the data related to each asset type (e.g. Track, Bridge, etc) are stored in separate database management system. Such scattered and isolated nature of data present the island of information, while making it impossible to perform the sound decision analysis. In this paper, we propose a nework wide information model of railway infrastructure that structure the railway object, specify their properties and identify their inter-relationships. The presented information model supports the railway monitoring, maintenance and operations by providing the layout of railway infrastructure. Structuring data in the form of railway assets, railway risk assessment, railway load management, railway maintenance, and railway failure will provide a solid base to railway stakeholders, e.g. infrastructure managers, to take informed decisions based on data properties

Modeling E-Business Customization with e3value Modeling

E-commerce ideas demand validation regarding their economic effectiveness on businesses. For identifying relevant business values, some value modeling techniques are currently available in the research arena, and the e3value framework is an easy-to-use option. This framework has a notation to express different values in e-business scenarios. For most of customers, customization of requirements is usually necessary for standard products and services. In this paper, we discuss the need of e-Business customization, and design it using the e3value framework. We present then an approach of e-Business customization, followed by case-based evaluation

Information technology project management viewpoint:A case study from PTCL

The big question of how to successfully complete the project with its constraints always exist with every project. Some set of rules and patterns are needed for project management. Project management strategies provide us set of standards and rules to successfully complete the project and project management viewpoints are one of them. In this paper we have considered most effecting views on information system, and produced a project management viewpoint (PMV) diamond. Dependency relationship among different phases of project management have been explored. Main focus is most common project management viewpoints such as architectural, financial, informational / functional, development, deployment and operational viewpoints. To validate an initial validation of the PMV diamonds on an example scenario of Pakistan telecommunication company limited (PTCL) have been perform

Availability Incidents in the Telecommunication Domain:A Literature Review

Non-availability incidents in public telecom services may have a wide-spread impact, such as disruption of internet services, mobile services, and land-line communication. This, in turn, may disrupt the life of consumers and citizens, and the provision of services by commercial and public organizations. These incidents are always analyzed and solved by the provider. In Europe, there is a legal obligation to report the analysis and solution of the incident to the national telecom regulator. However, these reports are highly confidential, and beyond some elementary descriptive statistics, they are not analyzed. This means that a significant opportunity is missed to draw lessons from these incidents, which could be valuable to other providers and to standardization bodies. In the LINC project, we aim to develop a method to draw lessons learned from registered non-availability incidents without compromising the confidentiality of those registrations. As a preparation for that, we have conducted a systematic literature review of non-availability incidents in public telecom services reported in the scientific and professional literature, to see what we can learn from the reported incident model and analysis methods used. In this report, we present an incident analysis taxonomy to establish a common terminological ground among researchers and practitioners.<br/