Beyond the Prisoner’s Dilemma: Using the Game Theory Security Model to Develop Robust Information Security Policies

In this research I explore and apply game theory to security policy creation and maintenance for network, mobile, and Internet of Things systems. After introducing game theory’s tenets, I describe the generational development of information security policy and how contemporary socio-technical policy formation fails to address the dynamic nature of ubiquitous computing. Next I assert that the Game Theory Security Model (GTSM) can protect networked, mobile, and IoT systems from a diversity of cyberattacks. Using the zero-sum game strategy, in which losses are a requirement for wins (Davis, 1983), I propose organizational strategies necessary to achieve a state of pragmatic equilibrium (Gintis, 2009, 2011). Further using this model, I recommend policies an organization can implement to minimize data loss and protect critical systems. Finally, I will test the GTSM’s viability through a series of software implementations in diverse contexts. The paper ends with recommendations for effectively implementing the GTSM

Challenges of Mobile Healthcare Application Security

Healthcare information technology has overcome many of the Web application security challenges in the past decade. We can now access information more securely and incidents of unintentional data loss are on the decline. However, more must be done to ensure the confidentiality, integrity, and availability of mobile applications in the healthcare field. Whether it is physicians using iPads to access treatment histories or patients managing healthcare options via smart phones, the proposed CAP framework (checks, assurances, protection) adds additional security and privacy layers to our modern mobile medical needs

The Layered Virtual Reality Commerce System (LaVRCS): An Approach to Creating Viable VRCommerce Sites

In this paper, the authors argue that Virtual Reality (VR) does have a place in an e-commerce environment. However, VR is not yet ready to supplant standard e-commerce Web interfaces with a completely immersive VR environment. Rather, Virtual Reality in e-commerce (VRCommerce) must rely on a mixed platform presentation to account for various levels of usability, user trust, and technical feasibility. The authors propose that e-commerce sites that want to implement VRCommerce offer at least three layers of interaction to users: a standard Web interface, embedded VR objects in a Web interface, and semi-immersive VR within an existing Web interface. This system is termed the Layered Virtual Reality Commerce System, or LaVRCS

Information Security Research within the Information Systems Discipline: Analyzing, Categorizing, and Classifying the Historical Underpinnings and Theoretical Assumptions

Academics examine and improve organizational systems, but oftentimes lag in techniques and theories because time is necessary to thoroughly study solutions. This research explores Information Security (InfoSec) concepts and theories within the Information Systems (IS) discipline to determine historical approaches, theoretical assumptions, and suggest where to strengthen InfoSec research areas. In our paper, we present our basic methodology; illustrate our approach by applying it to one of the “Basket of Eight” Association for Information Systems journals, the European Journal of Information Systems; and report our initial results. In subsequent research we will then use our proposed methodology for the remaining seven journals and beyond. By analyzing how researchers have historically examined information security, we can focus future InfoSec studies in necessary critical directions and maintain a closer pace with new techniques and theories to secure organizational information systems

Do Pair Programming Approaches Transcend Coding? Measuring Agile Attitudes in Diverse Information Systems Courses

Agile methods and approaches such as eXtreme programming (XP) have become the norm for successful organizations not only in the software industry but also for businesses seeking to improve internal software processes. Pair programming in some form is touted as a major functionality and productivity improvement. However, numerous studies show that simply placing two programmers side by side in front of a single computer screen is not enough. We must look at other factors such as programmer expertise, project preparation, and perceived solution quality to understand pair programming’s promises and pitfalls. In our study, we apply tailored programming challenges to a multifaceted group of first-year through senior Information Systems (IS) and non-IS majors to analyze how participant attitudes and perceived benefits of pair programming change from pre- to post-study, as well as determine whether the quality and functionality of the solutions differ across education levels and disciplines. Our findings show a strong interaction effect of gender and major composition (CIS vs. non-CIS majors) in all four dimensions of the ATMI attitude scale. Findings also suggest that experience in problem solving and solution formation are more important than prior specific domain knowledge. Finally, participants’ perceived ability, sense of accomplishment, and completion of the assigned work, regardless of background or demographic, determined their performance outcome on the pair-programming tasks, which suggests that not all forms of attitude and perceived benefits contribute to the performance outcome

The Jing An Telescope Factory (JATF): A Network Security Case Study

This case—an examination of a real world break-in to a Web server—provides a forensic examination of what happened to the Jing An Telescope Factory (JATF) and a suggested model for preventing such attacks. The case specifically focuses on the “hack” break-in that is commonplace with Web servers and illustrates the well-known mistakes made in the security arrangements by JATF. Select hacking techniques and an overview of network vulnerabilities, as well as discussions about tools and techniques that security professionals use are discussed in this paper. The authors propose a set of techniques and models that business should follow to guard against similar attacks. Students are encouraged to assess and implement solutions using the tools and techniques presented in the case

The Bring your own device conundrum for organizations and investigators: An examination of the policy and legal concerns in light of investigatory challenges

In recent years, with the expansion of technology and the desire to downsize costs within the corporate culture, the technology trend has steered towards the integration of personally owned mobile devices (i.e. smartphones) within the corporate and enterprise environment. The movement, known as “Bring Your Own Device” (hereinafter referred to as “BYOD”), seeks to minimize or eliminate the need for two separate and distinct mobile devices for one employee. While taken at face value this trend seems favorable, the corporate policy and legal implications of the implementation of BYOD are further complicated by significant investigatory issues that far outweigh the potential benefits of integrating a BYOD policy. In this paper we first set a context for the BYOD conundrum, then examine associated corporate policies, highlight the limitations to the digital investigator’s reach regarding digital evidence and review the investigatory challenges presented to the involved parties (such as the forensic examiner) from a BYOD environment. We conclude by offering recommendations such as implementing finely crafted policies and procedures (such as incident response), utilizing Mobile Device Management and other software, corporate owned devices, and enforcing signed agreements

Web 2.0 and Virtual World Technologies: A Growing Impact on IS Education

Web 2.0 and virtual world technologies are here to stay. Today, our students come to our classroom with a presence on Facebook, the latest concert as a podcast on their MP3 player, and experience playing games in virtual worlds. In some respects, students are more tech-savvy than their Information Systems professors. Research showing the benefits of collaborative learning is being conducted across disciplines. This Special Issue looks at the use of Web 2.0 and virtual world technologies in information systems classes. In this paper, we introduce this Special Issue by discussing the different types of Web 2.0 technologies, looking at how they are used in information systems education, and examining some of the advantages and disadvantages of using them in the classroom. The final section of this paper addresses some future thoughts regarding the use of Web 2.0 technologies in our classes

To License or Not To License Updated: An Examination of State Statutes Regarding Private Investigators and Digital Examiners

In this update to the 2009 year\u27s study, the authors examine statutes that regulate, license, and enforce investigative functions in each US state. After identification and review of Private Investigator licensing requirements, the authors find that very few state statutes explicitly differentiate between Private Investigators and Digital Examiners, but do see a trend of more states making some distinction. The authors contacted all state regulatory agencies where statutory language was not explicit, and as a result, set forth the various state approaches to professional Digital Examiner licensing. As was the case in the previous two iterations of this research, the authors conclude that states must differentiate between Private Investigator and Digital Examiner licensing requirements and oversight

To License or Not to License Reexamined: An Updated Report on Licensing of Digital Examiners Under State Private Investigator Statutes

In this update to the 2015 study, the authors examine US state statutes and regulations relating to licensing and enforcement of Digital Examiner functions under each state’s private investigator/detective statute. As with the prior studies, the authors find that very few state statutes explicitly distinguish between Private Investigators (PI) and Digital Examiners (DE), and when they do, they either explicitly require a license or exempt them from the licensing statute. As noted in the previous 2015 study there is a minor trend in which some states are moving to exempt DE from PI licensing requirements. We examine this trend as well as look at some additional information in terms of exemptions including those relating to practicing attorneys, employer/employee relationships, expert testimony, and penalties for violation of the PI statutes where it is believed a PI license is required. As with the previous studies (Lonardo et al., 2008, 2009, 2012, 2015) we reviewed all state statues relating to PI licensing. Where statutory language did not explicitly address exemption or inclusion of Digital Examiners, we contacted the relevant state regulatory body (i.e., Secretary of State’s office, State Police, regulatory agency) to assess the applicability of Digital Examiners under the respective state statues. Based on this statutory review and regulatory feedback we present the various state approaches to professional Digital Examiner licensing. Our recommendation remains the same: states must differentiate between Private Investigator and Digital Examiner licensing requirements and oversight