When Colleagues Fail: Examining the Role of Information Security Awareness on Extra-Role Security Behaviors

Although prior information security research predominantly focuses on organizational in-role security behaviors (e.g., information security policy (ISP) compliance), the role of extra-role security behaviors – secure actions unspecified in ISPs but beneficial to organizations – has not seen nearly as much attention. At the same time, employees’ awareness manifests itself as prerequisite for security behavior but without research having really understood all of its potential impacts. Therefore this study ex-amines the role of information security awareness (ISA) in enhancing extra-role security behaviors in addition to in-role security behaviors. In particular, we propose that general ISA enhances promotive extra-role security behaviors (i.e., helping and voice) and ISP awareness fosters prohibitive extra-role security behaviors (i.e., stewardship and whistle-blowing). Data was collected from a field study, where employees responded to incoming emails from co-workers and supervisors asking for password sharing, unsafe data sharing via private emails, as well as the use of private cloud services and unau-thorized software. Our findings show that general ISA and ISP awareness are indeed driving both in-role and extra-role security behaviors. We discuss our implications for theory and practice, and con-clude with interesting avenues for further research

WSC-07: Evolving the Web Services Challenge

Service-oriented architecture (SOA) is an evolving architectural paradigm where businesses can expose their capabilities as modular, network-accessible software services. By decomposing capabilities into modular services, organizations can share their offerings at multiple levels of granularity while also creating unique access points for their peer organizations. The true impact of SOA will be realized when 3rd party organizations can obtain a variety of services, on-demand, and create higher-order composite business processes. The Web Services Challenge (WSC) is a forum where academic and industry researchers can share experiences of developing tools that automate the integration of web services. In the third year (i.e. WSC-07) of the Web Services Challenge, software platforms will address several new composition challenges. Requests and results will be transmitted within SOAP messages. In addition, semantic representations will be both represented in the eXtensible Markup Language (XML) and in the Web Ontology Language (OWL). Finally, composite processes will have both sequential and concurrent branches

A NEUROSECURITY PERSPECTIVE ON THE FORMATION OF INFORMATION SECURITY AWARENESS – PROPOSING A MULTI-METHOD APPROACH

In today’s digital age, in which all kinds of information can be accessed electronically at all times, organizations are under continuous pressure of keeping their information systems (IS) secure. To protect IS and information assets from insider threats, information security awareness (ISA) has been established as a crucial factor in influencing employees’ behaviour that is supportive or disruptive of IS security. But yet to date, there is still a lack of in-depth and structured understanding of the factors influencing ISA. In this research-in-progress paper, we conduct a literature review to categorize determinants of ISA into four levels of origin (individual, organizational, social-environmental, and application-specific) and identify topics that are promising for future research. We then present our planned study as an example to pursue our recommendations. In the IS security context of phishing, we aim to uncover the extent to which non-IS professionals are able to develop an eye for technical aspects of IS security and pay higher visual attention to security and fraud indicators of web browsers and e-mails after being subject to different organizational awareness-raising activities. Among a survey and literature analysis, the multi-method approach uses the objective data collection instrument of eye tracking. We expect to contribute into the nascent area of neurosecurity research by offering new insights on the effectiveness of organizational means to increase employees’ ISA

Possible climate change impacts on water resources availability in a large semi-arid catchment in Northeast Brazil.

The semiarid region of Northeast Brazil is characterized by water scarcity, vulnerability of natural resources, and pronounced climatic variability. An integrated model has been developed to simulate this complex situation with an emphasis on a large-scale representation of hydrological processes and on the sensitivity to climate change. Regional climate change scenarios were obtained by empirical downscaling with large-scale climate information from different GCMs which differ strongly in their projections for future precipitation. The results show that due to these differences, it is still impossible to give quantitative values of the water availability in a forecast sense, i.e. to assign probabilities to the simulated results. However, it becomes clear that efficient and ecologically sound water management is a key question for further development. The results show that, independent of the climate change, agriculture is more vulnerable to drought impacts in the case of rainfed compared to irrigated farming. However, the capacity of irrigation and water infrastructure to enhance resilience with respect to climatic fluctuations is significantly constrained in the case of a negative precipitation trend

What Faces Can(not) Tell – A Multi-Channel Analysis of Emotional Responses to Computer-Transferred Stimuli

In Information Systems (IS) research, emotions are predominantly measured using self-reports of survey participants (e.g. in IS adoption) or facial expressions (e.g. in Human-Computer Interaction). In order to combine both measurement foci, we assess and compare the impact of facial emotional reactions to computer-induced stimuli on self-reported perceptive evaluations towards the respective stimulus and system by using a multi-method experimental approach with multi-channel analysis. We captured implicit emotional expressions of happiness of 176 participants using eye-tracker and webcam technology as implicit emotion measures together with a post-experimental questionnaire containing items for the explicit emotion of pleasure, social presence, and arousal. Results analyzed using the FACS procedure (Ekman and Friesen 1978) and test for mean inequality indicate that facially transmitted happiness in response to hedonic design elements in online job ads leads to an increase in self-report measures for pleasure, but not unambiguously for social presence and arousal. Furthermore, we find support for the effect of implicit emotion expression of happiness on the explicit self-report measures of pleasure and arousal being higher for the measures of pleasure. We contribute to IS research on human behavior by complementing self-reported measures of emotion with a physical emotional measure in response to system’s feature, and by linking these measured emotional physical responses to individual behavior. In addition, by comparing both implicit (physical) and explicit (overt self-reported perceptions) measures of emotional responses we provide a more detailed picture on benefits and limitations of both measures and about their internal relationship

Hidden Biases of End-to-End Driving Models

End-to-end driving systems have recently made rapid progress, in particular on CARLA. Independent of their major contribution, they introduce changes to minor system components. Consequently, the source of improvements is unclear. We identify two biases that recur in nearly all state-of-the-art methods and are critical for the observed progress on CARLA: (1) lateral recovery via a strong inductive bias towards target point following, and (2) longitudinal averaging of multimodal waypoint predictions for slowing down. We investigate the drawbacks of these biases and identify principled alternatives. By incorporating our insights, we develop TF++, a simple end-to-end method that ranks first on the Longest6 and LAV benchmarks, gaining 11 driving score over the best prior work on Longest6.Comment: Accepted at ICCV 2023. Camera ready versio

Security-Related Cynicism: Construct Development and Measurement

The widespread belief that employees are the weakest link in organizational information security leads to exposing them to a myriad of security requirements (i.e., policies and technical controls). Motivated by prior research indicating that such requirements can also have adverse effects, we introduce the concept of security-related cynicism. Based on organizational literature on employee cynicism, we develop a multidimensional construct including three key targets of employees’ security-related cynicism – the people responsible for information security, the employed security technologies, and the information security policies in use. We present our initial development of security-related cynicism by conceptualizing the construct, generating items from literature, and assessing the items’ content validity. By conducting a pretest and a main study, we plan to empirically validate a construct that helps researchers and practitioners alike to measure employees’ cynical attitudes towards information security

Does Your Smile Mean That You’re Happy? – a Multi-Channel Analysis of Emotional Reactions

In Information Systems (IS) research, emotions are primarily measured using facial expressions of participants or self-reported survey results. To unite both measurement foci, we analyze the impact of facial emotional reactions to computer-induced stimuli on self-reported evaluations towards the respective stimulus by using a multi-method experimental approach with multi-channel analysis. We collected emotional expressions of happiness of 176 participants using eye-tracker and webcam technology together with a post-experimental survey. We contribute to IS research by supplementing self-reported measures of emotion with a physical emotional measure in response to a system’s feature, and by relating these measured emotional physical responses to individual behavior

Monitoring Dependencies for SLAs: The MoDe4SLA Approach

In service oriented computing different techniques for monitoring Service Level Agreements (SLAs) are available. Many of these monitoring approaches focus on bilateral agreements between partners. However, when monitoring composite services it is not only important to figure out whether SLAs are violated, but we also need to analyze why these violations have occurred. When offering a composite service a company depends on its content providers to meet the service level they agreed upon. Due to these dependencies a company should not only monitor the SLA of the composite service, but also the SLAs of the services it depends on. By analyzing and monitoring the composite service in this way, causes for SLA violations can be easier found. In this paper we demonstrate how to analyze SLAs during development phase and how to monitor these dependencies using event logs during runtime. We call our approach MoDe4SLA (Monitoring Dependencies for SLAs)

Monitoring Service Compositions In MoDe4SLA: Design of Valdiation

In previous research we introduced the MoDe4SLA approach for monitoring service compositions. MoDe4SLA identifies complex dependencies between Service Level Agreements (SLAs) in a service composition. By explicating these dependencies, causes of SLA violations of a service might be explained by malfunctioning of the services it depends on. MoDe4SLA assists managers in identifying such causes. In this paper we discuss how to evaluate our approach concerning usefulness for the user as well as effectiveness for the business. Usefulness is evaluated by experts who are asked to manage simulated runs of service compositions using MoDe4SLA. Their opinion on the approach is an indicator for its usefulness. Effectiveness is evaluated by comparing runtime results of SLA management using MoDe4SLA with runtime results of unsupported management. Criteria for effectiveness are cost reduction and increase in customer satisfaction