ICT education: bridging with the Industry

This paper presents the practical forms of university/industry co-operation which we have developed over the years at the Department of Information Systems and Operations Management (ISOM) at the University of Auckland, New Zealand. Most of these practices are well known but we think that the ISOM Department set up a comprehensive policy in this area

Clustering and Topic Modelling: A New Approach for Analysis of National Cyber security Strategies

The consequences of cybersecurity attacks can be severe for nation states and their people. Recently many nations have revisited their national cybersecurity strategies (NCSs) to ensure that their cybersecurity capabilities is sufficient to protect their citizens and cyberspace. This study is an initial attempt to compare NCSs by using clustering and topic modelling methods to investigate the similarity and differences between them. We also aimed to identify underlying topics that are appeared in NCSs. We have collected and examined 60 NCSs that have been developed during 2003-2016. By relying on institutional theories, we found that memberships in the international intuitions could be a determinant factor for harmonization and integration between NCSs. By applying hierarchical clustering method, we noticed a stronger similarities between NCSs that are developed by the EU or NATO members. We also found that public-private partnerships, protection of critical infrastructure, and defending citizen and public IT systems are among those topics that have been received considerable attention in the majority of NCSs. We also argue that topic modeling method, LDA, can be used as an automated technique for analysis and understanding of textual documents by policy makers and governments during the development and reviewing of national strategies and policies

Modelling Organizational Resilience in the Cloud

Cloud computing (CC) is a promising information and communication technologies (ICT) services delivery model that has already had a significant impact on Government agencies, small and medium enterprises and large organisations. Even though its adoption is moving from the early stage to mainstream, many organisations are still afraid that their resilience might deteriorate because of the additional levels of abstraction that CC introduces. This additional complexity makes the assessment of ICT operational resilience more difficult and no consensus exists of such analysis. Following a multi-method approach, this research proposal first extends prior research in the field, looking at new possible categories of resilience-oriented requirements when working in CC environments. Based on the results, this research will propose a conceptual model that helps organisations to maintain and improve Organisational Resilience (OR) when working in CC environments, from the ICT operational perspective. Particularly, as a lack of coordination has been identified as one of the main problems when facing disruptive incidents, using coordination theory, this research will identify the fundamental coordination processes involved in the proposed model. The results of this research should be of interest to academic researchers and practitioners

A Taxonomy for Social Engineering attacks

As the technology to secure information improves, hackers will employ less technical means to get access to unauthorized data. The use of Social Engineering as a non tech method of hacking has been increasingly used during the past few years. There are different types of social engineering methods reported but what is lacking is a unifying effort to understand these methods in the aggregate. This paper aims to classify these methods through taxonomy so that organizations can gain a better understanding of these attack methods and accordingly be vigilant against them

Effects Of Information Seeking Modes On Users’ Online Social Engineering Vulnerabilities

Hackers are increasingly exploiting the social movement on the Internet, which is responsible for domestication of the web and its associated technologies, by using novel methods of online social engineering (OSE) . While most research to date in this field has focused on one type of OSE vector-phishing, there is a need to understand user vulnerabilities to other types of OSE attack vectors. This research in progress proposal first extends prior published classifications and presents a new typology of OSE attack vectors that manifest during the various information seeking contexts that users engage while online. This provides a conceptual starting point to build our empirical model that we propose will be useful in testing variance in human vulnerability to the different OSE attack vectors. The results of this research should be of interest to academic researchers, practitioners, consumer protection agencies and government regulatory authorities

A Typology Of Social Engineering Attacks – An Information Science Perspective

Hackers are increasingly exploiting the social movement on the Internet, which is responsible for domestication of the web and its associated technologies, by using novel methods of online social engineering. However, there is not enough support in the form of published research that can help us gain a holistic understanding of human vulnerabilities that are central to online social engineering attacks. This paper extends prior published classifications and presents a new typology of online social engineering methods that manifest during the various information seeking contexts that users engage while online. Concepts borrowed from the field of information science hel p us to build this typology that groups attack vectors with different human information seeking modes. The typology can be readily used as educational material to improve end user awareness about online social engineering. In addition, the typology can be used as a conceptual starting point for future empirical research on human vulnerabilities in different information seeking contexts which in turn can informsystems designers to design more effective solutions that can help mitigate the effects of such attacks

Cyber Defense Capability Model: A Foundation Taxonomy

Cyber attacks have significantly increased over the last few years, where the attackers are highly skilled, more organized and supported by other powerful actors to devise attacks towards specific targets. To aid the development of a strategic plan to defend against emerging attacks, we present a high-level taxonomy along with a cyber defense model to address the interaction and relationships between taxonomy elements. A cyber-kinetic reference model which is used widely by U.S Air Force is adopted as a baseline for the model and taxonomy development. Asset, Cyber Capability, and Preparation Process are the three high-level elements that are presented for the cyber defense capability model. The Cyber Capability, as the focal point of the study, uses three classifiers to characterize the strategic cyber defense mechanisms, which are classified by active, passive and collaborative defense. To achieve a proper cyber defense strategy, the key actors, assets and associated preparation procedure are identified. Finally, the proposed taxonomy is extensible so that additional dimensions or classifications can be added to future needs

A Proposed Framework for Examining Information Systems Security Research

As information security becomes increasingly important, more research is being conducted in this area. In an attempt to better understand current research activities in Information Systems Security (ISsec) and to guide future explorations, a number of authors have made tentative attempts to survey/review the existing literature. However, the criteria employed in these reviews are neither consistent nor complete, which weakens their validity. Drawing on previous research, we propose an improved examination framework for systematically investigating ISsec research. This framework will allow researchers to gain a more thorough understanding of what has been done so far and to target future research efforts more effectively

Privacy Issues of Electronic Medical Records from the Patient’s Perspective

This research was aimed on addressing patients’ perspective in medical field. A self-selection questionnaire was developed and distributed among patients at selected healthcare providers. Specifically we wanted to evaluate patients’ opinions in big cities. From the results we have found that participants in both environments (big cities v rural regions) exhibit similar attitudes towards the security of their medical records. Habitants of big cities demonstrated higher trust in the Electronic Medical Records (EMR) which was presumably related to being more electronically adept

IOT: Challenges in Information Security Training

Both consumers and businesses are rapidly adopting IoT premised on convenience and control. Industry and academic literature talk about billions of embedded IoT devices being implemented with use-cases ranging from smart speakers in the home, to autonomous trucks, and trains operating in remote industrial sites. Historically information systems supporting these disparate use-cases have been categorised as Information Technology (IT) or Operational Technology (OT), but IoT represents a fusion between these traditionally distinct information security models. This paper presents a review of IEEE and Elsevier peer reviewed papers that identifies the direction in IoT education and training around information security. It concludes that the education/training still is largely distinct and is not addressing the needs of this hybrid IT and OT model. IoT is complex as it melds embedded systems and software in support of interaction with physical systems. While literature contains implementation specific research, papers that address appropriate methodologies and content around secure design are piecemeal in nature. We conclude that in the rush to find implementation specific strategies the overarching strategy around education and training of secure IoT design is not being adequately addressed. Consequently, we propose a novel approach to how IoT education training can better incorporate the topic of secure design at a foundational level