Cyber security fear appeals:unexpectedly complicated

Cyber security researchers are starting to experiment with fear appeals, with a wide variety of designs and reported efficaciousness. This makes it hard to derive recommendations for designing and deploying these interventions. We thus reviewed the wider fear appeal literature to arrive at a set of guidelines to assist cyber security researchers. Our review revealed a degree of dissent about whether or not fear appeals are indeed helpful and advisable. Our review also revealed a wide range of fear appeal experimental designs, in both cyber and other domains, which confirms the need for some standardized guidelines to inform practice in this respect. We propose a protocol for carrying out fear appeal experiments, and we review a sample of cyber security fear appeal studies, via this lens, to provide a snapshot of the current state of play. We hope the proposed experimental protocol will prove helpful to those who wish to engage in future cyber security fear appeal research

Critical analysis of information security culture definitions

This article aims to advance the understanding of information security culture through a critical reflection on the wide-ranging definitions of information security culture in the literature. It uses the hermeneutic approach for conducting literature reviews. The review identifies 16 definitions of information security culture in the literature. Based on the analysis of these definitions, four different views of culture are distinguished. The shared values view highlights the set of cultural value patterns that are shared across the organization. An action-based view highlights the behaviors of individuals in the organization. A mental model view relates to the abstract view of the individual’s thinking on how information security culture must work. Finally, a problem-solving view emphasizes a combination of understanding from shared value-based and action-based views. The paper analyzes and presents the limitations of these four views of information security culture definitions

Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA

<p>Many organisations create, store, or purchase information that links individuals’ identities to other data. Termed personally identifiable information (PII), this information has become the lifeblood of many firms across the globe. As organisations accumulate their constituencies’ PII (e.g. customers’, students’, patients’, and employees’ data), individuals’ privacy will depend on the adequacy of organisations’ information privacy safeguards. Despite existing protections, many breaches still occur. For example, US organisations reported around 4,500 PII-breach events between 2005 and 2015. With such a high number of breaches, determining all threats to PII within organisations proves a burdensome task. In light of this difficulty, we utilise text-mining and cluster analysis techniques to create a taxonomy of various organisational PII breaches, which will help drive targeted research towards organisational PII protection. From an organisational systematics perspective, our classification system provides a foundation to explain the diversity among the myriad of threats. We identify eight major PII-breach types and provide initial literature reviews for each type of breach. We detail how US organisations differ regarding their exposure to these breaches, as well as how the level of severity (i.e. number of records affected) differs among these PII breaches. Finally, we offer several paths for future research.</p

Evaluation of HIV type 1 strains in men having sex with men and in female sex workers in Mombasa, Kenya.

We compared HIV-1 strains in incident and prevalent infections in a cohort of men having sex with men (MSM) and female sex workers (FSW) near Mombasa, Kenya and conducted a cross-sectional study of viral isolates from a sample of HIV-1-infected MSM and FSW in Kilifi, Coast Province, Kenya. RNA extracted from plasma of 13 MSM, 9 FSW, and one heterosexual male was amplified by nested RT-PCR and the products were directly sequenced. HIV-1 strains from 21 individuals were characterized with one or more complete genome sequences, and two were sequenced in the Nef gene. The envelope quasispecies was also studied in one individual. Among MSM, eight strains were subtype A and five were recombinant. There were two epidemiologically linked pairs of sequences; one pair was subtype A and the other pair was a complex AA2CD recombinant of identical structure. Another MSM was dually infected with DG recombinant strains of related, but nonidentical, structure. MSM also harbored AC and AD recombinant strains. The FSW harbored seven subtype A strains, an AD recombinant, and an AA2D strain related to CRF16_A2D. The one heterosexual male studied had a subtype A infection. This MSM epidemic in Kenya appears to be of local origin, harboring many strains typical of the broader Kenyan epidemic. Characteristics of a close social network were identified, with extended chains of transmission, novel recombinant strains possibly generated within the network, and a relatively high proportion of recombinant and dual infections