Network Effects and Data Breaches: Investigating the Impact of Information Sharing and the Cyber Black Market

This paper was motivated by the growing data breach activities confronting organizations. Building on the literature on information sharing and network effects, we attempt to empirically examine how the number of security breaches may change as a result of two opposing network effects in the data breach battlefield, namely, the positive network effects driven by industry-wide information sharing efforts, and the negative network effects driven by the supply and demand changes in the underground cybercrime ecosystem, and whether a feedback loop can be formed so that the information sharing efforts can influence the costs and availability of malicious tools and suppress their demand. As one of the first studies to empirically examine the dynamics in the cybercrime economy, our research will provide important policy guidance to improve collaborative mechanisms to enhance industry wide information security, and illuminate a new way to monitor and curtail the flow of cyber-criminal activities

Investigation on Willingness of Employees to Share Information Security Advice

As modern organizations rely more on their information systems, mitigating information security risks becomes essential. Weaknesses in the information security management chain have continued to be challenged by employees. Therefore, enhancing employee security awareness becomes critical. Considering the effectiveness of informal methods, this research examines security advice sharing as one of the operative ways. Accordingly, in this paper, by adapting the theory of planned behavior as our theoretical lens, we propose a conceptual model of factors that are anticipated to impact the willingness of employees to share security advice. Finally, conclusion and avenues for future research are discussed

Understanding Crowdsourcing Contest Fitness Strategic Decision Factors and Performance: An Expectation-Confirmation Theory Perspective

Contest-based intermediary crowdsourcing represents a powerful new business model for generating ideas or solutions by engaging the crowd through an online competition. Prior research has examined motivating factors such as increased monetary reward or demotivating factors such as project requirement ambiguity. However, problematic issues related to crowd contest fitness have received little attention, particularly with regard to crowd strategic decision-making and contest outcomes that are critical for success of crowdsourcing platforms as well as implementation of crowdsourcing models in organizations. Using Expectation-Confirmation Theory (ECT), we take a different approach that focuses on contest level outcomes by developing a model to explain contest duration and performance. We postulate these contest outcomes are a function of managing crowdsourcing participant contest-fitness expectations and disconfirmation, particularly during the bidding process. Our empirical results show that contest fitness expectations and disconfirmation have an overall positive effect on contest performance. This study contributes to theory by demonstrating the adaptability of ECT literature to the online crowdsourcing domain at the level of the project contest. For practice, important insights regarding strategic decision making and understanding how crowd contest-fitness are observed for enhancing outcomes related to platform viability and successful organizational implementation

Decision Framework for Engaging Cloud-Based Big Data Analytics Vendors

Organizations face both opportunities and risks with big data analytics vendors, and the risks are now profound, as data has been likened to the oil of the digital era. The growing body of research at the nexus of big data analytics and cloud computing is examined from the economic perspective, based on agency theory (AT). A conceptual framework is developed for analyzing these opportunities and challenges regarding the use of big data analytics and cloud computing in e-business environments. This framework allows organizations to engage in contracts that target competitive parity with their service-oriented decision support system (SODSS) to achieve a competitive advantage related to their core business model. A unique contribution of this paper is its perspective on how to engage a vendor contractually to achieve this competitive advantage. The framework provides insights for a manager in selecting a vendor for cloud-based big data services

Detecting threatening insiders with lightweight media forensics

This research uses machine learning and outlier analysis to detect potentially hostile insiders through the automated analysis of stored data on cell phones, laptops, and desktop computers belonging to members of an organization. Whereas other systems look for specific signatures associated with hostile insider activity, our system is based on the creation of a “storage profile” for each user and then an automated analysis of all the storage profiles in the organization, with the purpose of finding storage outliers. Our hypothesis is that malicious insiders will have specific data and concentrations of data that differ from their colleagues and coworkers. By exploiting these differences, we can identify potentially hostile insiders. Our system is based on a combination of existing open source computer forensic tools and datamining algorithms. We modify these tools to perform a “lightweight” analysis based on statistical sampling over time. In this, our approach is both efficient and privacy sensitive. As a result, we can detect not just individuals that differ from their co-workers, but also insiders that differ from their historic norms. Accordingly, we should be able to detect insiders that have been “turned” by events or outside organizations. We should also be able to detect insider accounts that have been taken over by outsiders. Our project, now in its first year, is a three-year project funded by the Department of Homeland Security, Science and Technology Directorate, Cyber Security Division. In this paper we describe the underlying approach and demonstrate how the storage profile is created and collected using specially modified open source tools. We also present the results of running these tools on a 500GB corpus of simulated insider threat data created by the Naval Postgraduate School in 2008 under grant from the National Science Foundation

Key parameters linking cyber-physical trust anchors with embedded internet of things systems

Integration of the Internet of Things (IoT) in the automotive industry has brought benefits as well as security challenges. Significant benefits include enhanced passenger safety and more comprehensive vehicle performance diagnostics. However, current onboard and remote vehicle diagnostics do not include the ability to detect counterfeit parts. A method is needed to verify authentic parts along the automotive supply chain from manufacture through installation and to coordinate part authentication with a secure database. In this study, we develop an architecture for anti-counterfeiting in automotive supply chains. The core of the architecture consists of a cyber-physical trust anchor and authentication mechanisms connected to blockchain-based tracking processes with cloud storage. The key parameters for linking a cyber-physical trust anchor in embedded IoT include identifiers (i.e., serial numbers, special features, hashes), authentication algorithms, blockchain, and sensors. A use case was provided by a two-year long implementation of simple trust anchors and tracking for a coffee supply chain which suggests a low-cost part authentication strategy could be successfully applied to vehicles. The challenge is authenticating parts not normally connected to main vehicle communication networks. Therefore, we advance the coffee bean model with an acoustical sensor to differentiate between authentic and counterfeit tires onboard the vehicle. The workload of secure supply chain development can be shared with the development of the connected autonomous vehicle networks, as the fleet performance is degraded by vehicles with questionable replacement parts of uncertain reliability

Multiple Myeloma Treatment in Real-world Clinical Practice : Results of a Prospective, Multinational, Noninterventional Study

Funding Information: The authors would like to thank all patients and their families and all the EMMOS investigators for their valuable contributions to the study. The authors would like to acknowledge Robert Olie for his significant contribution to the EMMOS study. Writing support during the development of our report was provided by Laura Mulcahy and Catherine Crookes of FireKite, an Ashfield company, a part of UDG Healthcare plc, which was funded by Millennium Pharmaceuticals, Inc, and Janssen Global Services, LLC. The EMMOS study was supported by research funding from Janssen Pharmaceutical NV and Millennium Pharmaceuticals, Inc. Funding Information: The authors would like to thank all patients and their families and all the EMMOS investigators for their valuable contributions to the study. The authors would like to acknowledge Robert Olie for his significant contribution to the EMMOS study. Writing support during the development of our report was provided by Laura Mulcahy and Catherine Crookes of FireKite, an Ashfield company, a part of UDG Healthcare plc, which was funded by Millennium Pharmaceuticals, Inc, and Janssen Global Services, LLC. The EMMOS study was supported by research funding from Janssen Pharmaceutical NV and Millennium Pharmaceuticals, Inc. Funding Information: M.M. has received personal fees from Janssen, Celgene, Amgen, Bristol-Myers Squibb, Sanofi, Novartis, and Takeda and grants from Janssen and Sanofi during the conduct of the study. E.T. has received grants from Janssen and personal fees from Janssen and Takeda during the conduct of the study, and grants from Amgen, Celgene/Genesis, personal fees from Amgen, Celgene/Genesis, Bristol-Myers Squibb, Novartis, and Glaxo-Smith Kline outside the submitted work. M.V.M. has received personal fees from Janssen, Celgene, Amgen, and Takeda outside the submitted work. M.C. reports honoraria from Janssen, outside the submitted work. M. B. reports grants from Janssen Cilag during the conduct of the study. M.D. has received honoraria for participation on advisory boards for Janssen, Celgene, Takeda, Amgen, and Novartis. H.S. has received honoraria from Janssen-Cilag, Celgene, Amgen, Bristol-Myers Squibb, Novartis, and Takeda outside the submitted work. V.P. reports personal fees from Janssen during the conduct of the study and grants, personal fees, and nonfinancial support from Amgen, grants and personal fees from Sanofi, and personal fees from Takeda outside the submitted work. W.W. has received personal fees and grants from Amgen, Celgene, Novartis, Roche, Takeda, Gilead, and Janssen and nonfinancial support from Roche outside the submitted work. J.S. reports grants and nonfinancial support from Janssen Pharmaceutical during the conduct of the study. V.L. reports funding from Janssen Global Services LLC during the conduct of the study and study support from Janssen-Cilag and Pharmion outside the submitted work. A.P. reports employment and shareholding of Janssen (Johnson & Johnson) during the conduct of the study. C.C. reports employment at Janssen-Cilag during the conduct of the study. C.F. reports employment at Janssen Research and Development during the conduct of the study. F.T.B. reports employment at Janssen-Cilag during the conduct of the study. The remaining authors have stated that they have no conflicts of interest. Publisher Copyright: © 2018 The AuthorsMultiple myeloma (MM) remains an incurable disease, with little information available on its management in real-world clinical practice. The results of the present prospective, noninterventional observational study revealed great diversity in the treatment regimens used to treat MM. Our results also provide data to inform health economic, pharmacoepidemiologic, and outcomes research, providing a framework for the design of protocols to improve the outcomes of patients with MM. Background: The present prospective, multinational, noninterventional study aimed to document and describe real-world treatment regimens and disease progression in multiple myeloma (MM) patients. Patients and Methods: Adult patients initiating any new MM therapy from October 2010 to October 2012 were eligible. A multistage patient/site recruitment model was applied to minimize the selection bias; enrollment was stratified by country, region, and practice type. The patient medical and disease features, treatment history, and remission status were recorded at baseline, and prospective data on treatment, efficacy, and safety were collected electronically every 3 months. Results: A total of 2358 patients were enrolled. Of these patients, 775 and 1583 did and did not undergo stem cell transplantation (SCT) at any time during treatment, respectively. Of the patients in the SCT and non-SCT groups, 49%, 21%, 14%, and 15% and 57%, 20%, 12% and 10% were enrolled at treatment line 1, 2, 3, and ≥ 4, respectively. In the SCT and non-SCT groups, 45% and 54% of the patients had received bortezomib-based therapy without thalidomide/lenalidomide, 12% and 18% had received thalidomide/lenalidomide-based therapy without bortezomib, and 30% and 4% had received bortezomib plus thalidomide/lenalidomide-based therapy as frontline treatment, respectively. The corresponding proportions of SCT and non-SCT patients in lines 2, 3, and ≥ 4 were 45% and 37%, 30% and 37%, and 12% and 3%, 33% and 27%, 35% and 32%, and 8% and 2%, and 27% and 27%, 27% and 23%, and 6% and 4%, respectively. In the SCT and non-SCT patients, the overall response rate was 86% to 97% and 64% to 85% in line 1, 74% to 78% and 59% to 68% in line 2, 55% to 83% and 48% to 60% in line 3, and 49% to 65% and 36% and 45% in line 4, respectively, for regimens that included bortezomib and/or thalidomide/lenalidomide. Conclusion: The results of our prospective study have revealed great diversity in the treatment regimens used to manage MM in real-life practice. This diversity was linked to factors such as novel agent accessibility and evolving treatment recommendations. Our results provide insight into associated clinical benefits.publishersversionPeer reviewe

IT Project Crisis and Escalation

Crises caused by IT failures of one sort or another are in the news. The Queensland Health payroll implementation (Glass 2013) and the United States Office of Personnel Management’s Retirement Systems Modernization program (Fahrenthold 2014) are examples of failures in IT project management. Some failures are perceived as a crisis. For example, the rollout of the Healtcare.gov website was extremely public and was understood at the time as a threat to the universal health insurance agenda of the United States President (Brill 2015). \ \ Three threads of research are relevant to IT projects in enough trouble to constitute a crisis. One is that of crisis frameworks which describe the development of a crisis in terms of recognizable (and predictable) phases (e.g., Pearson and Mitroff 1993). Second there is research into adapting or developing tools for assisting in crisis management, such as social media (see Vaast, et al 2017 for a case study investigating microblogging during the 2010 Gulf of Mexico oil spill). Third, there is research into the role of de-escalation in resolving IT crises which resulted in a four-phase model (see Montealegre and Keal 2000 for a case study of the IT project behind the baggage handling system Denver International Airport during the 1990s). \ \ Open for investigation are the actions taken to recover from an IT crisis. In particular, what are the procedures and techniques used to resolve a crisis? Do crises follow the paths laid out by the crisis frameworks and does the resolution of the crisis follow any of the existing escalation (or de-escalation) phase models? Answers to these questions may provide useful tools which can be incorporated into best practices for project managers. \ \ For this work, we have chosen to conduct case research and to start with a single case. We have chosen to study the Healthcare.gov website rollout and rescue of 2013. The advantage of studying this event is that it is a well-known event involving a successful recovery after a disastrous start. There is an existing public record, documents are available through FOI (Freedom of Information) requests and the major players are still active

Exploring the Propagation of Fake Cyber News: An Experimental Approach

The rising trend of fake news in cyberspace has escalated with increasing velocity of information exchange and an explosion of information sources. Combating fake news in the cyber security context is important due to its use as a content-based social engineering attack, or weaponization of information to compromise corporate information assets. This research aims to explore the proliferation of this type of threat through initial empirical analysis of propagation of cyber news with particular emphasis on potential for generation of weaponized information in the form of fake cyber news. Antecedents of the propagation of cyber news were examined using the Theory of Engagement. An exploratory experiment was conducted with 84 subjects in the field of cyber security on a social network platform. An analysis of the data showed that aesthetics and readability were important factors at the point of entry, but after initial engagement with the news, only novelty influenced propagation