Global ETD Search

11	Empirical Assessment of Mobile Device Users’ Information Security Behavior towards Data Breach: Leveraging Protection Motivation Theory Giwah, Anthony Duke 01 January 2019 (has links) User information security behavior has been an area of growing demand in information systems (IS) research. Unfortunately, most of the previous research done in user information security behavior have been in broad contexts, therefore creating a gap in the literature of similar research that focuses on specific emerging technologies and trends. With the growing reliance on mobile devices to increase the flexibility, speed and efficiency in how we work, communicate, shop, seek information and entertain ourselves, it is obvious that these devices have become data warehouses and platform for data in transit. This study was an empirical and quantitative study that gathered data leveraging a web-survey. Prior to conducting the survey for the main data collection, a Delphi study and pilot study were conducted. Convenience sampling was the category of nonprobability sampling design used to gather data. The 7-Point Likert Scale was used on all survey items. Pre-analysis data screening was conducted prior to data analysis. The Partial Least Square Structural Equation Modeling (PLS-SEM) was used to analyze the data gathered from a total of 390 responses received. The results of this study showed that perceived threat severity has a negative effect on protection motivation, while perceived threat susceptibility has a positive effect on protection motivation. Contrarily, the results from this study did not show that perceived response cost influences protection motivation. Response efficacy and mobile self-efficacy had a significant positive influence on protection motivation. Mobile device security usage showed to be significantly influenced positively by protection motivation. This study brings additional insight and theoretical implications to the existing literature. The findings reveal the PMT’s capacity to predict user behavior based on threat and coping appraisals within the context of mobile device security usage. Additionally, the extension of the PMT for the research model of this study implies that mobile devices users also can take recommended responses to protect their devices from security threats. data breach mobile device security mobile device user protection motivation theory user information security behavior Computer Sciences
12	The value of cybersecurity : Stock market reactions to security breach announcements / Värdet av datasäkerhet : Marknadsreaktioner på datasäkerhetsincidenter Nyrén, Paul, Isaksson, Oscar January 2019 (has links) Companies around the world invest an increasing amount of money trying to protect themselves from cybercrime and unauthorized access of valuable data. The nature of these covert threats makes it seemingly impossible to quantify the risk of getting attacked. While it is possible to estimate the tangible costs of a security breach it is much harder to asses what a company stands to lose in terms of intangible costs. This thesis uses the Event Study methodology to determine the intangible losses of listed American companies who suffered data breaches. On average, the companies in the dataset loses 0.21% of their market cap after a security breach which, although not being statistically significant, translates to $267 million. Despite looking at several parameters to find significant predictors, only one turned out to be statistically significant, namely the number of records breached. These weak correlation is a result in itself; because of the low impact of a breach perhaps the companies lack proper incentives to protect their users' data. / Det ständigt växande cyberhotet gör att allt fler företag väljer att göra stora investeringar i datasäkerhet. Den dolda hotbilden gör det i stort sett omöjligt att kvantifiera sannolikheten för att råka ut för en attack. Även om det går att avgöra och förutspå de direkta kostnaderna kring ett dataintrång så är det nästintill omöjligt att avgöra de indirekta kostnaderna kring ett dataintrång. Detta arbete använder eventstudie-metodologin för att uppskatta de indirekta kostnaderna hos börsnoterade amerikanska företag efter att de haft ett dataintrång. Företagen i den undersökta datamängden förlorar i genomsnitt 0.21% av sitt marknadsvärde vilket, även om det saknar statistisk signifikans, motsvarar $267 miljoner. Arbetet undersöker ett antal parametrar för att hitta signifikanta prediktorer men endast en av de prediktorer vi undersökte var statistiskt signifikant, nämligen antalet läckta uppgifter. Dessa svaga samband är i sig intressanta; den till synes svaga inverkan av dataintrång på företagens börsvärde antyder att de kanske inte har så stora finansiella incitament att skydda sina kunders data. Cybersecurity Information security InfoSec Event study cyberinsurance data breach Datasäkerhet informationssäkerhet infosec Eventstudie cyberförsäkring dataintrång Engineering and Technology Teknik och teknologier
13	An Analysis of the Impact of Information Security Policies on Computer Security Breach Incidents in Law Firms Heikkila, Faith M. 01 January 2009 (has links) Law firms maintain and store voluminous amounts of highly confidential and proprietary data, such as attorney-client privileged information, intellectual properties, financials, trade secrets, personal, and other sensitive information. There is an ethical obligation to protect law firm client data from unauthorized access. Security breaches jeopardize the reputation of the law firm and could have a substantial financial impact if these confidential data are compromised. Information security policies describe the security goals of a law firm and the acceptable actions and uses of law firm information resources. In this dissertation investigation, the author examined the problem of whether information security policies assist with preventing unauthorized parties from accessing law firm confidential and sensitive information. In 2005, Doherty and Fulford performed an exploratory analysis of security policies and security breach incidents that highlighted the need for research with different target populations. This investigation advanced Doherty and Fulford's research by targeting information security policies and security breach incidents in law firms. The purpose of this dissertation investigation was to determine whether there is a correlation between the timing of security policy development (proactive versus reactive policy development) and the frequency and severity of security breach incidents in law firms of varying sizes. Outcomes of this investigation correlated with Doherty and Fulford's general findings of no evidence of statistically significant relationships between the existence of a written information security policy and the frequency and severity of security breach incidents within law firms. There was also a weak relationship between infrequency of information security policy updates and increase of theft resources. Results demonstrated that, generally, written information security policies in law firms were not created in response to a security breach incident. These findings suggest that information security policies generally are proactively developed by law firms. Important contributions to the body of knowledge from this analysis included the effectiveness of information security policies in reducing the number of computer security breach incidents of law firms, an under represented population, in the information assurance field. Also, the analysis showed the necessity for law firms to become more immersed in state security breach notification law requirements. computer security breach data breach incidents information security policy law firms personally identifiable information state security breach notification laws Computer Sciences
14	Náklady na zabezpečení dat ve firemním prostředí / The Cost of Data Security in a Business Environment Gottwald, Matěj January 2013 (has links) The thesis focuses on the benefits of company data security in Czech environment calculation based on the additional total cost of ownership for the full disk data encryption and the average expected cost for data breach. In addition to the history of encryption, basics of cryptography, information breach statistics and company data encryption common routine, the theoretical part of the thesis above all introduces the method of company data encryption cost and benefits calculation. Within the practical part of the thesis, each step of the method is customized to match the Czech environment, modified by the organization headcount and applied to three virtual companies. The results are then evaluated, the benefits of data encryption compared by the company size in the Czech environment and also the critical discussion is carried out.
15	Uso de la ciencia de datos en las organizaciones / Use of data science in the organizations Chafloque Arévalo, Wilmert Ulises, Zaravia Mioca, Ana Cecilia 20 August 2021 (has links) Suele decirse que los datos son el petróleo del siglo XXI, pero estos, por sí solos no producen valor, así que es necesario que las empresas gestionen y analicen eficientemente grandes volúmenes de datos que se generan gracias a una sociedad que se conecta a diversos dispositivos. Por ello, teniendo en cuenta la importancia que ha adquirido la ciencia de datos, la presente investigación se centra en exponer y analizar las diferentes posturas, en un marco temporal comprendido entre los años 2012-2021, respecto al uso de la ciencia de datos en las organizaciones. Los autores revisados coinciden en que existe una correlación entre el rendimiento de las empresas con el uso de los datos, razón por la que las organizaciones están obligadas a gestionar y analizar, de manera eficiente, grandes volúmenes de datos. Sin embargo, la rapidez con la que cambian los datos hace que el proceso de adaptación en las organizaciones sea lento y se pierda información valiosa. Frente a esto, las organizaciones deben implementar mecanismos de análisis de datos, impulsar una cultura organizacional productiva y fomentar el liderazgo democrático con miras a mejorar las capacidades tecnológicas y del personal, y, finalmente, establecer regulaciones que delimiten el alcance del uso de datos personales para evitar riesgos de vulneración de datos. / It is often said that data is the oil of the 21st century, but data alone does not produce value, so it is necessary for companies to efficiently manage and analyze large volumes of data that are generated thanks to a society that connects to various devices . Therefore, taking into account the importance that data science has acquired, this research focuses on exposing and analyzing the different positions, in a time frame between the years 2012-2021, regarding the use of data science in the organizations. The reviewed authors agree that there is a correlation between the performance of companies with the use of data, which is why organizations are obliged to efficiently manage and analyze large volumes of data. However, the speed with which data changes makes the adaptation process in organizations slow and valuable information is lost. Faced with this, organizations must implement data analysis mechanisms, promote a productive organizational culture and foster democratic leadership with a view to improving technological and personnel capacities, and, finally, establish regulations that define the scope of the use of personal data. to avoid risks of data breach. / Trabajo de Suficiencia Profesional Gestión de datos Vulneración de datos Regulación Data management Data breach Regulation
16	Modelování kybernetického rizika pomocí kopula funkcí / Cyber risk modelling using copulas Spišiak, Michal January 2020 (has links) Cyber risk or data breach risk can be estimated similarly as other types of operational risk. First we identify problems of cyber risk models in existing literature. A large dataset consisting of 5,713 loss events enables us to apply extreme value theory. We adopt goodness of fit tests adjusted for distribution functions with estimated parameters. These tests are often overlooked in the literature even though they are essential for correct results. We model aggregate losses in three different industries separately and then we combine them using a copula. A t-test reveals that potential one-year global losses due to data breach risk are larger than the GDP of the Czech Republic. Moreover, one-year global cyber risk measured with a 99% CVaR amounts to 2.5% of the global GDP. Unlike others we compare risk measures with other quantities which allows wider audience to understand the magnitude of the cyber risk. An estimate of global data breach risk is a useful indicator not only for insurers, but also for any organization processing sensitive data.
17	User Privacy Perception and Concerns Regarding the Use of Cloud-Based Assistants Awojobi, Abiodun 12 1900 (has links) Cloud-based assistants like the Google Home and the Amazon Alexa have become ubiquitous in our homes. Users can simply communicate with the devices using a smartphone application. There are privacy concerns associated with cloud-based assistants. For example, users do not know what type of information is being sent to the device manufacturer, if the device is stealthily listening to conversations, data retention, or who else has access to the data. Privacy is about perception. The goal of this study is to determine user privacy concerns regarding cloud-based assistants by adopting a quantitative research method. The study used a privacy decision framework that lists three core components, which are technology controls, understanding user privacy preference, and government regulations. The research used Dervin's sensemaking model to describe users' privacy perception using the privacy decision framework and improved on a privacy perception survey instrument from previous dissertations. An understanding of user privacy concerns with cloud-based assistants is required to provide a comprehensive privacy guidance to stakeholders. The significance of this study is in the identification of the privacy perception of users of cloud-based assistants and the extent to which the components of the theoretical framework can impact user privacy perception. The results of this study serve as a guide for device manufacturers and other stakeholders in prioritizing privacy design decisions. Privacy Privacy perception user privacy alexa amazon alexa google home apple siri smart assistant cloud-based assistants brenda dervin model user preference eavesdropping data breach privacy breach Information Science Artificial Intelligence
18	Mieux vaut prévenir et guérir : la réaction du public envers la posture de cyber-résilience des entreprises après un vol de données Toma, Traian 08 1900 (has links) Les recherches montrent que les clients ne prennent guère de mesures pour se protéger des crimes qui peuvent découler d’une brèche de renseignements confidentiels au sein d’une entreprise. Plutôt, ils considèrent que la firme — hébergeuse de leurs informations personnelles — a la responsabilité absolue en matière de la confidentialité continue de leurs données. Les commerces qui manquent de protéger adéquatement les informations clients risquent en contrepartie de subir des torts réputationnels ruineux. Cela dit, peu de travaux explicatifs sont effectués sur la résilience des entreprises face à la réaction négative du public après un vol de données. Ainsi, une étude expérimentale basée sur des vignettes de cas a été menée à l’aide du modèle de la victime « idéale ». Les mises en situation illustrent : (1) une entreprise victime décrite comme ayant une forte posture de cyber-résilience ; (2) une entreprise victime décrite comme ayant une faible posture de cyber-résilience. Un échantillon final de 664 participants a été aléatoirement affecté à l’une des deux conditions expérimentales principales. Les résultats révèlent que, comparativement à une faible posture de cyber-résilience, une bonne posture de cyber-résilience minimise les attitudes négatives des clients et favorise leurs intentions comportementales positives vis-à-vis la firme victime. À la lumière de ces résultats, la cyber-résilience, qui a principalement fait l’objet d’une attention conceptuelle, acquiert un fondement empirique. Par ailleurs, ce projet de recherche contribue plus généralement au développement de la victimologie des entreprises. / Research shows that customers take few measures to protect themselves from crimes that may follow data theft at a business. They rather consider that the firm—the host of their personal information—holds exclusive responsibility over the continued confidentiality of their data. Companies that fail to properly secure customer information may, in return, risk experiencing ruinous reputational harm. That said, little explanatory research is done on the resilience of businesses to negative public reaction after data theft. Consequently, a vignette-based experimental study was conducted using the “ideal” victim model. The scenarios feature: (1) a breached business described as having a strong cyber-resilience posture; (2) a breached business described as having a weak cyber-resilience posture. A final sample of 664 participants was randomly assigned to one of the two main experimental conditions. Results reveal that compared to a weak cyber-resilience posture, a good cyber-resilience posture minimizes negative customer attitudes and promotes positive customer behavioural intentions towards the company. Considering these results, cyber-resilience, which has mainly received conceptual attention, gains empirical support. Furthermore, this research project contributes more broadly to the evolution of the victimology of businesses. Cybersécurité Cyber-résilience Brèche de données Réputation Réaction sociale Gestion des risques Communication de crise Faute de la victime Victime idéale Vignettes de cas Cybersecurity Cyber-resilience Data breach Social reaction Risk management Crisis communication Victim blaming Ideal victim Vignettes

Search results