Information security collaboration formation in organisations

Safa, Nader Sohrabi; Maple, Carsten; Watson, Tim; Furnell, Steven

doi:10.1049/iet-ifs.2017.0257

Cited by 17 publications

(10 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bauer et al (2017) similarly concluded that IS intervention influenced users' neutralization behaviors and improved IS knowledge and responsibilities. Finally, experience effectively increased awareness of potential IS threats and positively influenced attitudes about policy compliance, in line with other studies (e.g., Safa et al, 2017;Tatu et al, 2018).…”

Section: Zhu Et Al (2023)supporting

confidence: 86%

“…Thus, an individual can become more proficient after expending the effort and time to gain experience in a field and more prone to handle problems by looking for effective solutions (Blythe & Coventry, 2018;Liang et al, 2022;Tatu et al, 2018). In IS, experience increases user awareness of potential threats (Tatu et al, 2018), an important aspect of a secure information environment (Safa et al, 2017). This informed the seventh hypothesis:…”

Section: Information Security Experiencementioning

confidence: 99%

“…It can facilitate sending, improving, or reviewing knowledge and expand the knowledge communicated between employees and IT security specialists, alerting both to threats and breaches and raising their security awareness. In this way, collaboration helps minimize such incidents, protect against breaches, and draw employee attention to the significance of compliance with ISPP Safa et al, 2017;Tatu et al, 2018). These ideas led to the fifth hypothesis:…”

Section: Information Security Collaborationmentioning

confidence: 99%

“…Attitudes are based on three components: a cognitive component, the ideas and beliefs about something; an affective component, involving how the person, issue, or event affects emotions and feelings; and a behavioral component, determining how attitude can affect behavior or intention to perform a behavior (Cherry, 2018). Moreover, past and present experience shapes attitudes (Ajzen, 2001;Mutambik et al, 2023b;Safa et al, 2017). This applies to IS, where a positive attitude toward policy compliance should result in more employee compliance.…”

Section: Attitudementioning

confidence: 99%

See 3 more Smart Citations

Enforcing Information System Security

Almuqrin,

Mutambik,

Alomran

et al. 2023

International Journal on Semantic Web and Information Systems

View full text Add to dashboard Cite

Every year brings numerous security breaches that lead to highly destructive ransomware attacks, data leaks, and reputational damage to governments, companies, and other organizations around the world. As a result, there is a growing need to ensure that workers comply with critical policies put in place to avoid such incidents. This study investigated how factors from social bond theory and involvement theory affected compliance with information security policies and procedures. All of the factors examined were found to have a significant influence on attitudes about compliance, and attitude had a significant impact on intention to comply. The findings of this study revealed that it is vital to raise employees' awareness about compliance with security policies by improving their information security behavior. Moreover, all the factors were found to have a significant influence on the attitude of employees towards compliance with their organizational information security policies and procedures.

show abstract

Section: Zhu Et Al (2023)supporting

confidence: 86%

Section: Information Security Experiencementioning

confidence: 99%

Section: Information Security Collaborationmentioning

confidence: 99%

Section: Attitudementioning

confidence: 99%

See 2 more Smart Citations

Enforcing Information System Security

Almuqrin,

Mutambik,

Alomran

et al. 2023

International Journal on Semantic Web and Information Systems

View full text Add to dashboard Cite

show abstract

“…Theory of planned behavior The theory says that the attitude toward the behavior and subjective norms form an individual's behavioral intentions and actions 3,30,31 Neutralization theory Neutralization theory is a psychological method for people to turn off "inner resistance" when they perform or are about to perform something that they perceive as ethically wrong 3 Learning theory Learning theory explains how information is understood, treated, and retained by participants during the learning process 3 Protection motivation theory The protection motivation theory argues that people guard themselves based on four factors: (a) the perceived severity of an event and the occurrence; (b) vulnerability of the person; (c) the person's ability for the preventive behavior; and (d) believe in his ability to protect 3,30 General deterence theory General Deterrence is a plan designed to deter an opponent from taking actions which are not yet initiated or in another case to prevent people from performing actions that opponent wants them to do 30 Social learning theory Social Learning Theory asserts that people acquire knowledge from one another, via perception, memory, and modeling 30 Social bonding theory Social bond theory is used to explain social issues. Factors of social bonding comprise an attachment to families, devotion to social norms and institutions, engagement in activities, and the faith that these things are essential [30][31][32] General strains theory Innovation happens when community stresses culturally acceptable goals but at the same time provides insufficient opportunity to accomplish these goals with the legal institutionalized means. People finding themselves in financial strain may find a solution of crime in order to achieve goals 30 Organizational injustice If the leaders of the institution are authoritarian, their effort to solve the problems may be ineffective due to many reasons and may increase organizational stress and efficiency of the employees.…”

Section: Theory Explanation Referencesmentioning

confidence: 99%

Contemplating social engineering studies and attack scenarios: A review study

Yasin

Fatima

Liu

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

The previous year has seen an enormous increase in the studies related to social engineering. This increase is partly due to increasing number of social engineering attacks and partly due to people's inability to identify the attack. Thus, it is of great importance to find solutions which are helpful for human to understand the social engineering attacks and scenarios. To address this, we have performed a literature review of studies (on social engineering) in top-notch journals and conferences. In this paper, we have enlisted the types of attacks, and the persuasion techniques used by social engineers as listed in the literature. We also combined different theories which researchers tried to use to explain various activities of social engineers. Furthermore, we have mentioned that a better understanding of the social engineering attack scenarios can be done using thematic and game-based analysis techniques.Preliminary empirical evaluation of the proposed game based method shows overall neutral results. Future extension and evaluation is needed for the proposed methods. K E Y W O R D Scybercrime, cyber-security, human factors, human-centered, information security, review, social engineering

show abstract

An opportunistic resource management model to overcome resource‐constraint in the Internet of Things

Safa

Maple

Haghparast

et al. 2018

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

Experts believe that the Internet of Things (IoT) is a new revolution in technology and has brought many advantages for our society. However, there are serious challenges in terms of information security and privacy protection. Smart objects usually do not have malware detection due to resource limitations and their intrusion detection work on a particular network. Low computation power, low bandwidth, low battery, storage, and memory contribute to a resource-constrained effect on information security and privacy protection in the domain of IoT. The capacity of fog and cloud computing such as efficient computing, data access, network and storage, supporting mobility, location awareness, heterogeneity, scalability, and low latency in secure communication positively influence information security and privacy protection in IoT. This study illustrates the positive effect of fog and cloud computing on the security of IoT systems and presents a decision-making model based on the object's characteristics such as computational power, storage, memory, energy consumption, bandwidth, packet delivery, hop-count, etc. This helps an IoT system choose the best nodes for creating the fog that we need in the IoT system. Our experiment shows that the proposed approach has less computational, communicational cost, and more productivity in compare with the situation that we choose the smart objects randomly to create a fog.KEYWORDS cloud, Fog, information security, Internet of Things, privacy, resource INTRODUCTIONThe Internet has provided a backbone for connecting different objects to each other and has changed human life significantly. The ubiquitous things is a new concept that has been created by the interconnection and intercommunication amongst smart objects. 1 We are faced with a huge volume of data in this environment. Network traffic, increasing demands of real time, latency-sensitive applications, resource-constraints (computational power, storage, memory, etc) in actuators, mobility and geo-distribution of smart objects, and heterogeneity that are new challenges in the domain of IoT. 2 These weaknesses directly or indirectly influence information security and privacy violation in IoT systems. 3Resource-constraint in actuators jeopardises secure communication between different smart objects. 4 Messages need to be sent encrypted;they will be decrypted for process in the target. The result of the process should be encrypted and send to the same object or other smart objects.We have latency; this delays not only creates risk for information security, but it may also impact human safety in some applications of IoT, such as smart vehicles. Lightweight cryptography has been presented to overcome this challenge in vehicle-to-vehicle (V2V) communication and in many other secure communications in IoT. 5 Smart objects usually do not have malware detection due to limitation in resources; their intrusion detection only can detect attacks in particular networks (not hybrid). These are examples of common problems in the IoT domain.Cloud...

show abstract

Information security collaboration formation in organisations

Cited by 17 publications

References 44 publications

Enforcing Information System Security

Enforcing Information System Security

Contemplating social engineering studies and attack scenarios: A review study

An opportunistic resource management model to overcome resource‐constraint in the Internet of Things

Contact Info

Product

Resources

About