Deliver security awareness training, then repeat:{deliver; measure efficacy}

Organisational information security policy contents are disseminated by awareness and training drives. Its success is usually judged based on immediate post-training self-reports which are usually subject to social desirability bias. Such self-reports are generally positive, but they cannot act as a proxy for actual subsequent behaviours.This study aims to formulate and test a more comprehensive way of measuring the efficacy of these awareness and training drives, called ASTUTE. We commenced by delivering security training. We then assessed security awareness (post-training), and followed up by measuring actual behaviours. When we measured actual behaviours after a single delivery of security awareness training, the conversion from intention to behaviour was half of the desired 100%. We then proceeded to deliver the training again, another two times.The repeated training significantly reduced the gap between self-reported intention and actual secure behaviours

Is the responsibilization of the cyber security risk reasonable and judicious?

Cyber criminals appear to be plying their trade without much hindrance. Home computer users are particularly vulnerable to attack by an increasingly sophisticated and globally dispersed hacker group. The smartphone era has exacerbated the situation, offering hackers even more attack surfaces to exploit. It might not be entirely coincidental that cyber crime has mushroomed in parallel with governments pursuing a neoliberalist agenda. This agenda has a strong drive towards individualizing risk i.e. advising citizens how to take care of themselves, and then leaving them to face the consequences if they choose not to follow the advice. In effect, citizens are “responsibilized .” Whereas responsibilization is effective for some risks, the responsibilization of cyber security is, we believe, contributing to the global success of cyber attacks. There is, consequently, a case to be made for governments taking a more active role than the mere provision of advice, which is the case in many countries. We conclude with a concrete proposal for a risk regulation regime that would more effectively mitigate and ameliorate cyber risk

A crowdsourcing, smart city model for a developing country

With the growing number of people living in cities, the challenges faced by government to maintain service delivery to an acceptable standard are immense. ‘Smart cities’ is a new and innovative approach that allows the city to use current infrastructure and resources more efficiently. Not many smart city projects have been implemented in developing countries, where challenges that will affect the success of the project are very different from developed countries. These challenges include low literacy rates, high unemployment rates, high poverty levels and the limited availability of technology, all of which will impact on the implementation and success of a smart city. The purpose of the study was to investigate what variables need to be present in order to implement a smart city project making use of crowdsourcing in a developing country. The study found that there are three variables that will must be present to implement a smart city project in a developing country. These include the city management, the trust of the citizens in the smart city initiative, and the crowdsourcing system. The recommendation of this paper then is then that these variables must be considered by city management in order to successfully implement smart city projects in South Africa

Restoring trust by verifying information integrity through continuous auditing

Corporate scandals such as Enron, WorldCom and Parmalat, have focused recent governance efforts in the domain of financial reporting due to fraudulent and/or erroneous accounting practices. In addition, the ineffectiveness of the current system of controls has been highlighted, including that some directors have been weak and ineffective monitors of managers. This board of director ‘weakness’ has called for additional mechanisms for monitoring and controlling of management, focusing on financial reporting. This problem intensifies in that today companies function in real-time, and decisions are based on available realtime financial information. However, the assurances provided by traditional auditing take place months after the transactions have occurred and therefore, a trust problem arises because information is not verified in real-time. Consequently, the errors and fraud concealed within the financial information is not discovered until months later. To address this trust problem a conceptual causal model is proposed in this study based on the principles of systems theory. The emergent property of the causal model is increased trust and control. This study establishes that mutual assurances assist in building trust and that information security assists in safeguarding trust. Subsequently, in order to have a positive relationship between the company directors and various stakeholders, uncertainty needs to be contained, and the level of trust needs to surpass the perceived risks. The study concludes that assurances need to be provided in real-time to restore stakeholder confidence and trust in the domain of financial reporting. In order to provide assurances in real-time, continuous auditing is required to verify the integrity of financial information when it becomes available, and not months later. A continuous auditing process has its foundations grounded in information technology and attends to the challenges in real-time by addressing the standardisation of data to enable effective analysis, the validation of the accuracy of the data and the reliability of the system

A feedback loop model to facilitate communication between citizens and local government in Buffalo City

An increasing number of people move to cities in search of better opportunities for themselves and their families. This movement makes it difficult for the local government to understand citizens’ needs fully, particularly pertaining to public safety matters. Thus, in the city of East London where this issue is prevalent, a smart city project was introduced to help alleviate these concerns. During the first phase of the Public Safety Smart City (PSSC) project, it was identified that there is a need for a feedback loop to facilitate the effective communication of public safety issues between citizens and local government. Part of the problem is that local government is reacting to these public safety issues rather than being proactive. The study followed an interpretivism paradigm and the research methodology employed is the qualitative approach in order to gain a deeper understanding of the issues involved. Semi-structured interviews were conducted with eleven East London citizens and four managers from the Department of Public Safety from the Buffalo City Municipality in order to gain further insights. It was ascertained that the lack of feedback concerning public safety issues between citizens and local government leads to citizens’ dissatisfaction. Based on the De Fleur model of communication, the paper concludes that the introduction of an Information and Communication Technology (ICT) enabled feedback loop between citizens and local government can help to reduce these concerns

The mediating role of perceived risks and benefits when self-disclosing:a study of social media trust and FoMO

Self-disclosure as influenced by perceived risks and benefits plays an important role within the context of social media use and the associated privacy risk. Some social media platforms, like Facebook (now part of Meta Platforms Inc.), provide users with elaborate means to control privacy risk. Conversely, Instagram (also part of Meta) provides users with fewer such mechanisms as a function of self-disclosure. Therefore, self-disclosure as a product of risk and benefit assessment may differ considerably as a function of the technological affordances that control such disclosure. This is particularly the case considering that such a benefit and risk assessment is further influenced by a user's trust in that provider, not to mention their proclivity for disclosing without any rational risk and benefit assessments, as is the case when disclosing as a function of fear of missing out (FoMO). Given the influence that provider trust and FoMO might have when assessing risks and benefits, this study evaluated the extent to which perceived risks and benefits mediate self-disclosure on Facebook and Instagram, in particular within the context of provider trust and FoMO. Based on an adapted version of privacy calculus, we evaluated our research model by analyzing 720 survey responses using partial least squares path modeling. Our results indicate that perceived benefits mediate the relationship between FoMO and intention to self-disclose when using Instagram, but not when using Facebook. Additionally, we found perceived benefits and perceived risks to mediate the relationship between trust in provider and intention to self-disclose for Facebook and Instagram. Surprisingly, we found no evidence to suggest that the relationship between FoMO and intention to self-disclose is mediated by perceived risks when using Facebook, with the converse being true when using Instagram. We conclude that the transitory (ephemeral) nature of some methods of self-disclosure on Instagram are used as a means to mitigate privacy risks.</p

Evaluating the Usability of a Multilingual Passphrase Policy

The literature shows that users struggle to generate secure passwords. This has led to systems administrators implementing password expiry policies that burden and frustrate users. This study explores the security and usability of a multilingual passphrase policy, as multilingualism has the potential to enhance security. A total of 224 participants were invited to participate in an experiment to generate and recall short passwords and multilingual passphrases. The findings of this study show that, although a multilingual passphrase policy made passphrase generation slightly more difficult, its use motivated users to generate unique memorable passphrases. Arguably, repeated use of passphrases promotes memorability and cognitive fluency. Furthermore, the multilingual passphrases in this study proved to be stronger than those reported in the literature

Identification Now and in the Future: Social Grant Distribution Process in South Africa

Abstract. This paper seeks to apply Identity Management (IDM) principles to the social grant distribution process in South Africa, which has been prone to fraud and corruption. It discusses the social grant distribution process and the problems encountered. Suggested solutions to the problems are highlighted and these include moving from an Isolated IDM architecture to either a Federated and/or Centralised IDM architecture

Socially desirable responding within the context of privacy-related research:a personality perspective

Background: Socially desirable responding within the context of self-reported surveys is a well-known and persistent problem that plagues quantitative studies. Such forms of responding are particularly problematic within the context of personality-based studies that investigate privacy-related decision-making. In such instances, certain respondents may feel pressured to provide socially desirable responses, which reduces the overall quality of the collected data.Objectives: The objective of this study was to evaluate the extent to which the Big Five personality traits (openness, conscientiousness, extraversion, agreeableness and neuroticism) elicit socially desirable responses within the context of privacy-related decision-making.Method: To evaluate their hypotheses, the authors empirically situate their study within the context of respondents’ intended use of Facebook privacy settings. To this end, 576 survey responses were analysed using partial least squares structural equation modelling (PLS-SEM).Results: It was found that some personality traits were indeed significantly related to socially desirable responding – albeit not always as expected. For example, highly agreeable individuals were unlikely to provide socially desirable responses: choosing honest responses. Neuroticism, on the other hand, had the opposite effect.Conclusion: Based on the results, the authors conclude that neurotic individuals seem predisposed towards responding in a socially desirable manner within the context of privacy-related surveys. The authors, therefore, advise researchers within the field of privacy-based personality studies to take care when analysing their results