41 |
A Comparison of Users' Personal Information Sharing Awareness, Habits, and Practices in Social Networking Sites and E-Learning SystemsBall, Albert 01 January 2012 (has links)
Although reports of identity theft continue to be widely published, users continue to post an increasing amount of personal information online, especially within social networking sites (SNS) and e-learning systems (ELS). Research has suggested that many users lack awareness of the threats that risky online personal information sharing poses to their personal information. However, even among users who claim to be aware of security threats to their personal information, actual awareness of these security threats is often found to be lacking. Although attempts to raise users' awareness about the risks of sharing their personal information have become more common, it is unclear if users are unaware of the risks, or are simply unwilling or unable to protect themselves.
Research has also shown that users' habits may also have an influence on their practices. However, user behavior is complex, and the relationship between habit and practices is not clear. Habit theory has been validated across many disciplines, including psychology, genetics, and economics, with very limited attention in IS. Thus, the main goal of this study was to assess the influence of users' personal information sharing awareness (PISA) on their personal information sharing habits (PISH) and personal information sharing practices (PISP), as well as to compare the three constructs between SNS and ELS. Although habit has been studied significantly in other disciplines, a limited number of research studies have been conducted regarding IS usage and habit. Therefore, this study also investigated the influence of users' PISH on their PISP within the contexts of SNS and ELS. An empirical survey instrument was developed based on prior literature to collect and analyze data relevant to these three constructs. Path analysis was conducted on the data to determine the influence of users' PISA on their PISH and PISP, as well as the influence of users' PISH on their PISP. This study also utilized ANCOVA to determine if, and to what extent, any differences may exist between users' PISA, PISH, and PISP within SNS and ELS.
The survey was deployed to the student body and faculty members at a small private university in the Southeast United States; a total of 390 responses was received. Prior to final data analysis, pre-analysis data screening was performed to ensure the validity and accuracy of the collected data. Cronbach's Alpha was performed on PISA, PISH, and PISP, with all three constructs demonstrating high reliability. PISH was found to be the most significant factor evaluated in this study, as users' habits were determined to have the strongest influence on their PISP within the contexts of SNS and ELS.
The main contribution of this study was to advance the understanding of users' awareness of information security threats, their personal information sharing habits, and their personal information sharing practices. Information gained from this study may help organizations in the development of better approaches to the securing of users' personal information.
|
42 |
Understanding Information Security Culture in an Organization: An Interpretive Case StudyBess, Donald Arlo 01 January 2012 (has links)
Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information security program is heavily dependent upon the actions of the organizational members that interact with the information security program. Because of the interaction between people and the information security program an appropriate information security culture is required to effectively influence and control the actions of the members within that organization.
While the importance of an information security culture has been well established by researchers there has been little research conducted to date that assist in understanding and managing information security culture within organizations. To expand the body of knowledge in this area this study will explore the information security culture of a large organization using interpretive case study methodology. The use of semi-structured interviews to collect data has allowed the researcher to report back their interpretation of shared meanings, consciousness, language and artifacts observed while at the research site. Structuration theory was applied as a theoretical lens with which to better understand information security culture and explore ways in which organizations can better understand and manage information security culture.
We found structures of signification and legitimacy were the most influential on employee's behavior towards information security. While the structure of domination exerted minimal influence over employee's behavior.
This research study contributes to the existing body of knowledge regarding information security culture by examining the role of structural properties exhibited within information security culture. Structural properties of information security culture have not been adequately considered within the existing literature. By expanding our understanding of the role of social structures such as systems of meaning, power and legitimacy on information security culture researchers will have a deeper understanding of this phenomena call information security culture. This will enable us to better understand how to develop and manage an appropriate information security culture.
|
43 |
Extracting Windows event logs using memory forensicsVeca, Matthew 18 December 2015 (has links)
Abstract Microsoft’s Windows Operating System provides a logging service that collects, filters and stores event messages from the kernel and applications into log files (.evt and .evtx). Volatility, the leading open source advanced memory forensic suite, currently allows users to extract these events from memory dumps of Windows XP and Windows 2003 machines. Currently there is no support for users to extract the event logs (.evtx) from Windows Vista, Win7 or Win8 memory dumps, and Volatility users have to rely on outside software in order to do this. This thesis discusses a newly developed evtxlogs.py plugin for Volatility, which allows users the same functionality with Windows Vista, Win7 and Win8 that they had with Windows XP and Win 2003’s evtlogs.py plugin. The plugin is based on existing mechanisms for parsing Windows Vista-format event logs, but adds fully integrated support for these logs to Volatility.
|
44 |
Behavioural monitoring via network communicationsAlotibi, Gaseb January 2017 (has links)
It is commonly acknowledged that using Internet applications is an integral part of an individual’s everyday life, with more than three billion users now using Internet services across the world; and this number is growing every year. Unfortunately, with this rise in Internet use comes an increasing rise in cyber-related crime. Whilst significant effort has been expended on protecting systems from outside attack, only more recently have researchers sought to develop countermeasures against insider attack. However, for an organisation, the detection of an attack is merely the start of a process that requires them to investigate and attribute the attack to an individual (or group of individuals). The investigation of an attack typically revolves around the analysis of network traffic, in order to better understand the nature of the traffic flows and importantly resolves this to an IP address of the insider. However, with mobile computing and Dynamic Host Control Protocol (DHCP), which results in Internet Protocol (IP) addresses changing frequently, it is particularly challenging to resolve the traffic back to a specific individual. The thesis explores the feasibility of profiling network traffic in a biometric-manner in order to be able to identify users independently of the IP address. In order to maintain privacy and the issue of encryption (which exists on an increasing volume of network traffic), the proposed approach utilises data derived only from the metadata of packets, not the payload. The research proposed a novel feature extraction approach focussed upon extracting user-oriented application-level features from the wider network traffic. An investigation across nine of the most common web applications (Facebook, Twitter, YouTube, Dropbox, Google, Outlook, Skype, BBC and Wikipedia) was undertaken to determine whether such high-level features could be derived from the low-level network signals. The results showed that whilst some user interactions were not possible to extract due to the complexities of the resulting web application, a majority of them were. Having developed a feature extraction process that focussed more upon the user, rather than machine-to-machine traffic, the research sought to use this information to determine whether a behavioural profile could be developed to enable identification of the users. Network traffic of 27 users over 2 months was collected and processed using the aforementioned feature extraction process. Over 140 million packets were collected and processed into 45 user-level interactions across the nine applications. The results from behavioural profiling showed that the system is capable of identifying users, with an average True Positive Identification Rate (TPIR) in the top three applications of 87.4%, 75% and 61.9% respectively. Whilst the initial study provided some encouraging results, the research continued to develop further refinements which could improve the performance. Two techniques were applied, fusion and timeline analysis techniques. The former approach sought to fuse the output of the classification stage to better incorporate and manage the variability of the classification and resulting decision phases of the biometric system. The latter approach sought to capitalise on the fact that whilst the IP address is not reliable over a period of time due to reallocation, over shorter timeframes (e.g. a few minutes) it is likely to reliable and map to the same user. The results for fusion across the top three applications were 93.3%, 82.5% and 68.9%. The overall performance adding in the timeline analysis (with a 240 second time window) on average across all applications was 72.1%. Whilst in terms of biometric identification in the normal sense, 72.1% is not outstanding, its use within this problem of attributing misuse to an individual provides the investigator with an enormous advantage over existing approaches. At best, it will provide him with a user’s specific traffic and at worst allow them to significantly reduce the volume of traffic to be analysed.
|
45 |
SECURITY PRACTICES: KEEPING INDIVIDUALS SAFE AND AWARE IN THE CYBER WORLDRespicio, Annie 01 June 2019 (has links)
We currently live in a day and age where nearly everyone uses electronic devices and connects to the web. Whether it be from a desktop, laptop, or smartphone, staying connected and having information at your fingertips is easier than ever. Although technology has become so intermingled with our daily lives, the idea around security is not as momentous as it should be. As mentioned by the Multi-State Information Sharing and Analysis Center (MS-ISAC), “based on recent statistics, the average unprotected computer can be compromised in a matter of minutes. The majority of individuals who thought their computers were safe…were wrong.” (MS-ISAC 2)
This paper specifically investigates what types of security practices individuals in Southern California are aware of, how much of these practices are actively implemented and how can we not only further spread awareness, but also keep them engaged in these practices. This study shows that most of the participants feel confident about their level of knowledge regarding basic cyber security practices. Similarly, they were also confident in their active and frequent implementation of security practices.
Nonetheless, it is imperative that implementing security measures become an active part of people’s behavior. As technology and interconnectedness continues to grow, security will only become even more at risk. Since it is a difficult task to change the behavior of people, this study suggests the best route is to begin consistently teaching people at a young age. By doing so, many of these practices can become embedded within people and nearly function as second nature as they mature. Although this suggestion does not focus on security awareness and implementation on those individuals who currently use smartphones, computers, and other devices, it is a sure way of ensuring the future populations become more engaged in understanding the importance of security measures and practice them.
|
46 |
A soft approach to management of information security.Armstrong, Helen L. January 1999 (has links)
The key theme of this research is the planning and management of information security and in particular, the research focuses on the involvement of information stakeholders in this process. The main objective of the research is to study the ownership of, and acceptance of responsibility for, information security measures by stakeholders having an interest in that information.
|
47 |
Information Security Service Industry - EverGreen International Development Co Ltd.. - Entrepreneur Case StudyHsu, Yu-Tsung 07 September 2004 (has links)
With the increasing number of enterprises which provides e-business via Internet and the complex of information system, Information Security becomes more and more important to a company. Information Security not only can improve a company¡¦s information system but also can protect its information asset. It becomes a basic element for e-business. In addition, since information today goes beyond boundaries, a company may face the threat of being attacked by hackers or virus all the time. Maintaining system operation and protecting internal information become an essential issue to a company. Due to this new trend, Information Security Service Industry becomes one of the newly developed industries. At present, a company has the urgent need of adopting information technology to increase competitive advantages. The importance of Information Security is increasing day by day.
This research mostly focuses on Taiwan Information Security Service Industry which is still lack of research literatures. The research uses a local Information Security Service company as its research target. Case study, field observation, and reading company¡¦s related materials help to understand how entrepreneurs analyze environment and evaluate opportunities, required resources, threats, and key success/failure factors. The research mainly focuses on how environment and opportunities analysis, entrepreneur team and organization structure, product strategy and operating model, consumers and market, product competitive advantage and implementation influence a company¡¦s success.
|
48 |
Time trends and advertising presentation of information security advertisementWeng, Wen-di 08 October 2004 (has links)
There are many studies about information security, but merely limited in the technologic and managerial fields. The purpose of this research is to discover information security advertisement in two ways ¡V the time trends and the advertising presentation.
The research uses the content analysis with four variances ¡V time, category of products, type of enterprises, and targeted customers to analyze information security advertisement on computer magazines in the past ten years (1994~2003).
According to research findings, there are some obvious changes in category of product, appeal strategy, amount of advertising message, topic reply and brand image in time trends. On the other hand, picture-headline effect, proportion structure, appeal strategy, presentation type, and brand image have apparent differences in advertising presentation. It can be concluded to eight findings from research results:
1.¡¨product¡¨ is always the main marketing objective;
2.advertising presentation is from ration to emotion;
3.follow the ¡§product life period¡¨ and ¡§advertising strategy¡¨ rule;
4.the amount of topic reply has gradually decreased;
5.different advertising purposes have different advertising presentation;
6.¡§expression of safety¡¨ is primary objective;
7.huge amounts of image usage;
8.the amount of advertising messages in information security advertisement is more than other types of advertisements.
|
49 |
Network Security Planning for New Generation Network Service ProvidersHuang, Shao-Chuan 25 July 2009 (has links)
The internet network and e- commerce become more and more popular currently.
Various applications of the network and services already become the indispensable important tools to most enterprises, such as the application of e mail , to establish the entry website of company, installing server to provide employees with information sharing, etc..
As the internet network providing the convenience and business opportunity , as well as e commerce be further developed, all of such IT applications created unbelievable values to enterprises. However, the security of the internet network becomes an endless issues. The external attacks , such as the electronic virus , the worm, special Lip river depends on the hobbyhorse ( Trojan Horse), procedure of back door, spy's software, the network hacker's depend event and activities have never been stopped.
From which, the enterprises suffered with great losses. Therefore, the IT people of company are requested to develop and installed a suitable protection system to guarantee the security of company information assets.
The case company specified in my paper is the biggest ISP in Taiwan. It owns more than three millions of customers. The company also provides its over 20,000 staffs with internal network and management network equipment for conducting routine jobs. The network and information security concerns are more complicated than that of regular commercial companies.
This research will discuss the management & Network Security planning of this company from the structure and system views. Not only to create potential benefit of rigid information Security for existing network, but also to offer IT planning people with valuable reference as they are performing the related works.
|
50 |
Information security management in Australian universities : an exploratory analysisLane, Tim January 2007 (has links)
Australian Universities increasingly rely on Information Technology (IT) systems for essential business operations, including administration, teaching, learning and research. Applying information security to university IT systems is strategically important to maintaining overall business continuity in universities. However, the process of effectively implementing information security management in the university sector is challenging for security practitioners. University environments consist of a cultural mix of academic freedoms, student needs and compliance mandates. Consequently, unique and divergent demands are placed on securing and accessing university IT systems. This research undertook a qualitative based exploratory analysis of information security management in Australian universities. The aims and objectives of the research (represented as the research questions) were to determine: 1) What is the current status of information security management practices in the Australian university sector? 2) What are the key issues and influencing factors surrounding the effectiveness of information security management practices? 3) How could improvements in information security management be achieved? The findings from the research led to a comprehensive and insightful examination of the current status, issues and challenges facing information security practitioners in Australian universities. The research findings culminated in the development of a Security Practitioner's Management Model. An essential aim of the model is to assist security practitioners to successfully implement and progress information security in the Australian university environment. The research improves current understanding of information security issues and reinforces the pertinence of information security management as a strategically important business function for Australian universities.
|
Page generated in 0.0307 seconds