Information security research: External hacking, insider breach, and profound technologies

Information assets are one of the most valuable intangible productive capital for a company to compete with its rivals, to learn consumers’ shopping habits, to guide its development directions, and to standout to retain its profitability. However, with the Internet’s characteristic of pervasiveness, information breaches from both external hacking and internal corruption are continuously encroaching a company’s economic profit. This dissertation consists of three studies where each study investigates the different aspects of information security, and it is aimed to address the growing concern of securing a company’s information assets. The first study examines the external hackers’ behaviors and models a Bayesian game between a firm and two discrete types of hackers (domestic and international) based on the framework of Inspection Game. This study explains why external hackings, especially the international ones, are hard to prevent effectively. The second study is an empirical work and explores the other side of information security data breach, which is mainly due to insiders’ (e.g., employee) malicious deeds or noncompliance with information security policy. This study shows that individual reward and punishment together with 100% detection is the best incentive structure to reduce insider data breaches. In addition, the second study finds that individual reward is more effective than individual punishment, which can better explain why employees are more willing to spend time to comply with security policy when a reward is present. Lastly, the third study is a conceptual work and relies on the Theory of Bounded Rationality to discuss how the Blockchain technology can undermine the motivations of both external and internal intruders in order to prevent information breaches. Overall, this dissertation discusses the current issues of hacking, constructs a payment/incentive structure to regulate noncompliance, empirically tests the validity of the proposed structure, points out a solution to advance information security defense, and provides some managerial recommendations to practitioners

Online privacy policy of the thirty Dow Jones corporations: Compliance with FTC Fair Information Practice Principles and readability assessment

This project conducted a statistical study of online privacy to examine how well corporations comply with FIPs and assess how easy their privacy was to read

Do You Need to Pay For Online Community: A Comparison Study

Despite the importance and benefits of the online community, there is a lack of discussions in the literature about whether it is necessary for a firm to sponsor its online community economically. This study aims to answer the following research questions: what will affect consumers’ participation potential in new product development? Could leaders’ responses enhance consumers’ involvement in online communities? How will brand interact with customers’ participation potential in innovation? An online survey instrument is employed and data is collected from two online communities. Structural Equation Modeling is used to assess the research model. We find that firms are not necessary to sponsor its online brand community economically. In addition, brand trust and brand knowledge play different roles for company-initiated and consumer-initiated online brand communities. Furthermore, we find that both brand knowledge and brand trust have significant mediation effects between leaders’ responses and consumers’ participation potentials in new product developments

Deep Extrinsic Manifold Representation for Vision Tasks

Non-Euclidean data is frequently encountered across different fields, yet there is limited literature that addresses the fundamental challenge of training neural networks with manifold representations as outputs. We introduce the trick named Deep Extrinsic Manifold Representation (DEMR) for visual tasks in this context. DEMR incorporates extrinsic manifold embedding into deep neural networks, which helps generate manifold representations. The DEMR approach does not directly optimize the complex geodesic loss. Instead, it focuses on optimizing the computation graph within the embedded Euclidean space, allowing for adaptability to various architectural requirements. We provide empirical evidence supporting the proposed concept on two types of manifolds, $SE(3)$ and its associated quotient manifolds. This evidence offers theoretical assurances regarding feasibility, asymptotic properties, and generalization capability. The experimental results show that DEMR effectively adapts to point cloud alignment, producing outputs in $SE(3)$, as well as in illumination subspace learning with outputs on the Grassmann manifold

Digital Business Strategy and Firm Performance: the Mediation Effects of E-collaboration Capability

Nowadays, digital technologies (e.g., big data, cloud and mobility) have changed the firms’ activities. Many firms begin to utilize digital resources to formulate and execute digital business strategy. However, there is little empirical research focusing on explaining this novel phenomenon. In this paper, we proposed a framework which describes the value creation and appropriation process of digital business strategy in the digital settings. Our research model is tested by survey data and financial data from a sample of 138 manufacturing firms which adopted e-selling process. The result provides strong supports to the proposed research model. In particular, we find that, as hypothesized, the impact of digital business strategy on firm performance is completely mediated by e-collaboration capability which is one kind of digital capabilities. Theoretical and practical implications of the research are discussed

Information Security Policy Compliance

One of the most challenging problems modern firms face is that their weakest link in maintaining information security is the behavior of employees: clicking on phishing emails, telling friends and family private information, and searching for private information about themselves (Loch, Carr and Warkentin 1992). A survey conducted by the Computer Security Institute reported that the average monetary loss per incident was $288,618 and that 44% of those who responded to the survey reported insider security-related abuse, making it the second-most frequently occurring computer security incident (Richardson 2008). This paper uses a questionnaire from Hu, West and Smarandescu (2015) to test for the efficacy of different reward and punishment schemes in preventing insider security-related abuse. Hu et al.’s (2015) scenarios elicit from participants whether they would recommend violating company IT policies. Real monetary payments provide motivation.3 The results indicate that, if a company can detect abuses with some degree of certainty, the best strategy among those tested is to regularly reward individual employees with small rewards for complying with company policy and punish every detected violation. This recommendation contrasts with the existing literature, which focuses almost entirely on punishment for detected security breaches. This focus on punishment is referred to as General Deterrence Theory (Straub Jr 1990). The results in this paper suggest strongly that General Deterrence Theory does not provide an effective strategy for preventing security breaches

Online Privacy Policy of the Thirty Dow Jones Corporations: Compliance with FTC Fair Information Practice Principles and Readability Assessment

Privacy policy in corporation’s business refers to a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client\u27s personal data such as name, age, address, gender, email, etc. (“Privacy Policy,” 2012). In 1998, the United States Federal Trade Commission (FTC) reported a study of online privacy concerns to Congress, which described a widely-accepted Fair Information Practice Principles (FIPs) of Notice, Choice, Access, and Security (Landesberg, Levin, Curtin, & Lev, 1998). This project conducted a statistical study by examining the FIPs compliance for each Dow Jones Corporation’s (DJC’s) online privacy policy. In addition, a study by George Milne, Mary Culnan, and Henry Greene showed that online privacy had grown in length as well as had declined in readability (Milne, Culnan, & Greene, 2006). Therefore, this research assessed also the readability of DJC’s online privacy policy by measuring widely adopted Flesch Reading Ease Score (FRES) and Flesch-Kincaid Grade Level (FKGL). Furthermore, in order to better understand the practical situations regarding privacy concerns and policy readability from a customer’s point of view, a customer survey was given to business students at the College of Business and Public Administration at California State University, San Bernardino

RGB-NIR image categorization with prior knowledge transfer

Abstract Recent development on image categorization, especially scene categorization, shows that the combination of standard visible RGB image data and near-infrared (NIR) image data performs better than RGB-only image data. However, the size of RGB-NIR image collection is often limited due to the difficulty of acquisition. With limited data, it is difficult to extract effective features using the common deep learning networks. It is observed that humans are able to learn prior knowledge from other tasks or a good mentor, which is helpful to solve the learning problems with limited training samples. Inspired by this observation, we propose a novel training methodology for introducing the prior knowledge into a deep architecture, which allows us to bypass the burdensome labeling large quantity of image data to meet the big data requirements in deep learning. At first, transfer learning is adopted to learn single modal features from a large source database, such as ImageNet. Then, a knowledge distillation method is explored to fuse the RGB and NIR features. Finally, a global optimization method is employed to fine-tune the entire network. The experimental results on two RGB-NIR datasets demonstrate the effectiveness of our proposed approach in comparison with the state-of-the-art multi-modal image categorization methods.https://deepblue.lib.umich.edu/bitstream/2027.42/146762/1/13640_2018_Article_388.pd