SMEs' Confidentiality Concerns for Security Information Sharing

Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs' cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self-paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self-reporting questionnaires to collect companies' information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies' willingness to share their information. Security information sharing decreases the risk of incidents and increases users' self-efficacy in security awareness programs. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self Determination Theory. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities. The final publication is available at Springer via https://doi.org/10.1007/978-3-030-57404-8_22Comment: 10 pages, 2 figures, 14th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2020

Genetic Diversity of the ORF5 Gene of Porcine Reproductive and Respiratory Syndrome Virus Isolates in Southwest China from 2007 to 2009

To gain insight into the molecular epidemiology and possible mechanisms of genetic variation of porcine reproductive and respiratory syndrome (PRRS) in Yunnan Province of China, the ORF5 gene of 32 PRRSV isolates from clinical samples collected from 2007 to 2009 were sequenced and analyzed. Nucleotide and amino acid analyses were carried out on 32 isolates and representative strains of the North American genotype, European genotype and two representative Chinese isolates. Results revealed that these isolates share 86.9–99.0% nucleotide and 87.5–98.0% amino acid identity with VR-2332 the prototypical North American PRRSV, 61.7–62.9% and 54.3–57.8% with Lelystad virus (LV) the representative strain of European genotype, 91.2–95.4% and 90.0–94.5% with CH-1a that was isolated in mainland China in 1996, 88.1–99.3% and 85.5–99.0% with JX-A1 the representative strain of High pathogenic PRRSV in China, and 86.2–99.8% and 85.5–100.0% between isolated strains of different years, respectively. Phylogenetic analysis revealed that all 32 PRRSV isolates belonged to the North American genotype and were further divided into two different subgenotypes. Subgenotype 1 comprised twenty two Yunnan isolates which divided into two branches. Subgenotype 2 comprised ten isolates which closely related to the RespPRRS vaccine and its parent strain VR-2332. The functional domains of GP5 such as the signal peptide, ectodomain, transmembrane regions and endodomain were identified and some motifs in GP5 with known functions, such as primary neutralizing epitope (PNE) and decoy epitope were also further analyzed. Our study shown the great genetic diversity of PRRSV in southwest China, rendering the guide for control and prevention of this disease

IT controls in the public cloud : success factors for allocation of roles and responsibilities

The rapid adoption of cloud computing by organizations has resulted in the transformation of the roles and responsibilities of staff in managing the information technology (IT) resources (via IT governance controls) that have migrated to the cloud. Hence, the objective of this research is to provide a set of success factors that can assist IT managers to allocate the roles and responsibilities of IT controls appropriately to staff to manage the migrated IT resources. Accordingly, we generated a set of success factors from behavioral and information systems (IS) literature. These success factors were verified using in-depth interviews of executives from the United Arab Emirates (UAE). The empirical intervention suggests that the role allocation is driven predominantly by people’s skills, competencies, organizational strategy, structures, and policies. In addition, the research made clear that the most significant competency and skill for a person allocated to IT controls is to be able to evaluate and manage a cloud service provider, especially in terms of risks, compliance, and security issues related to public cloud technology. The findings of this study not only offer new insights for scholars and practitioners involved in assigning responsibilities but also provide extensions for IT governance framework authorities to align their guidelines to the emerging cloud technology

Inter-organizational governance and trilateral trust building: a case study of crowdsourcing-based open innovation in China

In a case study of a Chinese crowdsourcing intermediary, we explore the impact of inter-organizational governance on trilateral trust-building. We show that formal control and relational governance mechanisms are essential for swift and knowledge-based trust in R&D crowdsourcing. The case also indicates that Chinese businesses continue to use guanxi (informal personal connections) as a relational and contingent mechanism to maintain affect-based trust, but guanxi is shown to inhibit the growth of Internet-based crowdsourcing for open innovation in China

Healthcare Engineering Defined: A White Paper

Engineering has been playing an important role in serving and advancing healthcare. The term "Healthcare Engineering" has been used by professional societies, universities, scientific authors, and the healthcare industry for decades. However, the definition of "Healthcare Engineering" remains ambiguous. The purpose of this position paper is to present a definition of Healthcare Engineering as an academic discipline, an area of research, a field of specialty, and a profession. Healthcare Engineering is defined in terms of what it is, who performs it, where it is performed, and how it is performed, including its purpose, scope, topics, synergy, education/training, contributions, and prospects