Search results for "Information Security"
showing 10 items of 102 documents
Building Situational Awareness of GDPR
2023
Because previous academic research does not comment sufficiently on how the relevant content of the European Union (EU) General Data Protection Regulation (GDPR has been properly communicated to the organisations, or how the situational awareness (SA) of GDPR has been built in the organisations, this qualitative empirical research was regarded as a valuable approach for gathering authentic research material on the practical bases of this phenomena. The aim of this empirical case study (CS) is to develop a picture of what processes organisations use to build SA of the GDPR requirements. To guide the CS, we asked how the SA for decision-making was constructed and how it was perceived in organ…
Strategic Cyber Environment Management with Zero Trust and Cyber Counterintelligence
2022
Organisations need to improve their information security practices, given the volume of successful cyberattacks and crimes. To enhance security in an organisation, information security must be considered a business issue, instead of a technical problem. Hence, organisations must change the security protocol from reactive action to proactive operation; must develop information security strategies that support the business; should implement better controls, systems, and services; and must create a process to proactively gather information about the possible threats and adversaries. This study proposes a novel method for combining a zero-trust strategy with cyber counterintelligence to gain th…
Leveraging National Auditing Criteria to Implement Cybersecurity Safeguards for the Automotive Emergency Response Vehicles : A case study from Finland
2017
A modern Emergency Response Vehicle (ERV) is a combination of emergency services and functional mobile office on the wheels. The mobile office is aiming to leverage the benefits of fixed office while moving on the wheels. Researchers have observed that emergency response personnel including Law Enforcement Authorities (LEAs), Police and border guards, could be on the duty while having possibility to use same services compared to fixed office. On the one hand, demand of mobile office has significantly improved the emergency response services. On the other hand, emergency vehicle designers should rethink the demand of users. This resulted into modern standard emergency response vehicle with t…
Exploring determinants of different information security behaviors
2016
Aim: The aim was to introduce new explanatory construct, namely illegitimate tasks from Stress-as-Offense-to-Self Theory (SOS), to better understand information security behavior (ISB). In addition, more commonly used constructs from Deterrence theory (DT) and Protection Motivation Theory (PMT) were used to explain ISB. This study also investigated several behaviors separately to evaluate the generalizability of the behavioral determinants. Methods: Four ISBs, namely general ISP compliance (ISP), not copying sensitive information to the unsecured USB drive (USB), locking or logging out from the computer (LOG), and not writing down passwords (PSW). Formal and informal sanctions from DT, thre…
Supporting Cyber Resilience with Semantic Wiki
2016
Cyber resilient organizations, their functions and computing infrastructures, should be tolerant towards rapid and unexpected changes in the environment. Information security is an organization-wide common mission; whose success strongly depends on efficient knowledge sharing. For this purpose, semantic wikis have proved their strength as a flexible collaboration and knowledge sharing platforms. However, there has not been notable academic research on how semantic wikis could be used as information security management platform in organizations for improved cyber resilience. In this paper, we propose to use semantic wiki as an agile information security management platform. More precisely, t…
Employees’ adherence to information security policies: An exploratory field study
2014
The key threat to information security comes from employees who do not comply with information security policies. We developed a new multi-theory based model that explained employees' adherence to security policies. The paradigm combines elements from the Protection Motivation Theory, the Theory of Reasoned Action, and the Cognitive Evaluation Theory. We validated the model by using a sample of 669 responses from four corporations in Finland. The SEM-based results showed that perceived severity of potential information security threats, employees' belief as to whether they can apply and adhere to information security policies, perceived vulnerability to potential security threats, employees…
Is My Office 365 GDPR Compliant? : Security Issues in Authentication and Administration
2018
The General Data Protection Regulation, commonly referred as GDPR, will be enforced in all European Union countries in May 2018. GDPR sets requirements for processing EU citizens’ personal data regardless of the physical location of the organisation processing the data. Over 40 percent of European organisations are using Office 365. Microsoft claims that Office 365 service is GDPR compliant, and has provided tools to help Office 365 customers to ensure their GDPR compliancy. In this paper, we present some security issues related to the very foundation of Office 365 service, namely Azure Active Directory and administrative tools, and assess their GDPR compliancy. Our findings reveal that per…
Revisiting rainfall to explore exam questions and performance on CS1
2015
The Rainfall problem comprises small tasks that have been used to investigate student performance in introductory programming. We conducted several kinds of analyses to inform our understandings of student performance in CS1 relating to this problem. We analyzed implementation approaches and program errors, as in related studies, and also explored the role of test writing vis-a-vis the most common student error. Finally, using correlation analyses and manual inspection of the exam answers, we studied how well the Rainfall problem served as an exam question. The students' implementation choices reflected their familiarity with particular loop constructs, while the single most common error co…
Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations
2014
The information systems (IS) field continues to debate the relative importance of rigor and relevance in its research. While the pursuit of rigor in research is important, we argue that further effort is needed to improve practical relevance, not only in terms of topics, but also by ensuring contextual relevance. While content validity is often performed rigorously, validated survey instruments may still lack contextual relevance and be out of touch with practice. We argue that IS behavioral research can improve its practical relevance without loss of rigor by carefully addressing a number of contextual issues in instrumentation design. In this opinion article, we outline five guidelines – …
Creating modern blue pills and red pills
2019
The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package that is designed to detect such blue pills. Since the blue pill was originally proposed there has been an ongoing arms race between developers that try to develop stealthy hypervisors and developers that try to detect such stealthy hypervisors. Furthermore, hardware advances have made several stealth attempts impossible while other advances enable even more stealthy operation. In this paper we describe the current status of detecting stealth hypervisors and methods to counter them. peerReviewed