Global ETD Search

31	ASSESSING AND IMPROVING SECURITY AWARENESS AND CONCERNS IN TELEWORKING Biliangyu Wu (10716789) 29 April 2021 (has links) <p>The unexpected and unprecedented global pandemic of COVID-19 has brought dramatic changes to the whole world. As a result of social distancing instituted to slow the pandemic, teleworking has become the new norm in many organizations. The prevalence of teleworking has brought not only benefits to organizations, but also security risks. Although teleworking has existed for decades and many security related issues have been studied by previous research, the researcher didn’t find any studies that have assessed organization employee’s security awareness and concerns in teleworking. Considering the vital importance of human security awareness in protecting information security, it is necessary to learn the security awareness situation in teleworking. Furthermore, employees with low security awareness should be trained to improve the awareness level. Therefore, this research intends to examine the current teleworking security awareness and concerns in organizations by conducting a survey of workers. Through the survey answers, the researcher found that the security awareness varies in groups of teleworkers who are at different ages, from different industries and different-sized organizations. Meanwhile, the researcher also found that COVID-19 pandemic does not have much impact on people’s security concern in teleworking scenarios. <br></p> Computer System Security Private Policing and Security Services Teleworking Security Awareness Assessment Security Concern
32	A study of information security awareness on teleworking security risks and recommendations since Covid19 pandemic Galajda, Lukas January 2023 (has links) This study is looking at “the changed” world for employees that were lucky and could continue their work from places other than the office since the Covid-19 pandemic outbreak using teleworking tools. Their numbers grew exponentially and while they still had to perform their duties as usual, they could not rely on the security infrastructure built at the office. The attackers saw this immediately and took the opportunity to unleash various techniques with malicious intent. Now the time is right to find out whether the coronavirus pandemic did at least some good and to what extent the remote workers are aware of information security guidelines. This quantitative study begins with the formation of the research question and first thoughts about the research model. Then the search thru the literature thoroughly finds mostly used attacks as well as the best way how to protect against them and the review of theory builds a research model that fits the aim of the study. Thru a quantitative online survey via snowballing method answers from users from all over the world are collected and analyzed and the hypotheses drawn from the model are verified. Lastly, results are discussed, and a conclusion is provided. The study findings are that the teleworkers are quite highly aware of information security awareness or ISA, thanks to sufficient knowledge and attitude towards information security, and in turn, this awareness leads to correct behavior in information security. More specifically, knowledge is more strongly associated with ISA of telework risks than recommendations, attitude, on the other hand, is more strongly related to telework recommendations than the risks, also ISA of telework risks has a greater influence on behavior than ISA of telework recommendations. The contribution of this study is the revelation that the impact of telework and the coronavirus pandemic did not change the course of information security awareness perception in comparison to pre-pandemic studies. Also, thanks to the subcategorization of ISA to risks and recommendations it was revealed that awareness of teleworking risk is quite higher than awareness of recommendations after the Covid-19 period. information security awareness teleworking security risks security recommendations Information Systems
33	Phishing : A qualitative study of users' e-mail classification process, and how it is influenced by the subjective knowledge Puke Andersson, Hanna, Stenberg, Sofie January 2022 (has links) Background. E-mail phishing is a type of social engineering where the threat actor sends e-mails with the intention to, for example, gain sensitive information or gain access to sensitive assets. Anyone can be a target of a phishing attempt, and any user that uses a digital environment should be aware of which factors to be attentive to in an e-mail. Objectives. This thesis intends to study the practical ability to identify phishing e-mails among users and what factors they are looking for when performing the classification. The intention is also to investigate if subjective knowledge impacts practical ability. Methods. A user study was conducted where the participants were to classify e-mails from an inbox as either phishing or legitimate. During the observation, the participants thought-out-loud for the authors of this thesis to hear their approach and which factors they noticed. A questionnaire also was conducted to capture the participants' knowledge, previous experience, and confidence in their classifications. Results. The results show that the majority of the participants did not know what factors to look after, nor how to inspect them, to make a justified classification of an e-mail. Most participants made the classifications based on their gut feelings. Those participants who had any theoretical knowledge showed more confidence and identified more phishing attempts. Conclusions. This thesis concluded that the participants lacked the required knowledge to identify phishing attempts. Further, it concludes that subjective knowledge leads to high confidence, which helps users make the correct classification. Therefore, this topic needs to be further enlightened to bring more awareness, and education needs to be conducted. phishing social engineering security awareness user study data security Computer Sciences Datavetenskap (datalogi)
34	An Integrated Intelligent Approach to Enhance the Security Control of IT Systems. A Proactive Approach to Security Control Using Artificial Fuzzy Logic to Strengthen the Authentication Process and Reduce the Risk of Phishing Salem, Omran S.A. January 2012 (has links) Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.
35	Security Aspects of Users' Information Sharing on Social Media Alharbi, Mohannad Abdulltef 05 1900 (has links) This study aims to investigate college students' security awareness of using social media in sharing information. The two theories that have guided this study are the theory of planned behavior (TPB) and the technology acceptance model (TAM). Data was collected from both undergraduate and graduate students from the University of North Texas (UNT) in Denton. The total responses included 380 students from different majors with 291 valid responses for data analysis; The structural equation model (SEM) Lavaan package was used to find out the best fit of the model. A diagonally weighted least squares (DWLS) was used to model the variables as ordinal in this study's analysis as ordinal data made the model fit substantially. The study found that 6 factors: attitude (AB), subjective norm (SN), perceived behavior control (PBC), perceived usefulness (PU), perceived risks (PR), and security awareness (SA) influenced behavior intention (BI). Also, I found that AB was influenced by PR and SA, as well as SN influenced by SA. Self-efficacy (SE) influenced PBC. On the other hand, the study found that controllability (C) did not influence PBC; perhaps, an individual's skills do not interact with social media security settings. Perceived ease of use (PEOU) did not influence BI; perhaps this occurred because of an individual's inability to prevent his or her information from being disclosed in the future, even if they had taken the right precautions. This study contributed to literature on understanding the nature of information sharing among college students on social media. The results may help college security professionals to evaluate or revise the rules and policies regarding cybersecurity and privacy. Security Awareness Risk Information Sharing Social Media Cybersecurity Theory of Planned Behavior (TPB) Technology Acceptance Model (TAM).
36	Understanding Awareness of Cyber Security Threat Among IT Employees Al-Mohannadi, Hamad, Awan, Irfan U., Al Hamar, J., Al Hamar, Y., Shah, M., Musa, Ahmad S. 11 October 2018 (has links) yes / Cyber-attacks have been an increasing threat on people and organisations, which led to massive unpleasant impact. Therefore, there were many solutions to handle cyber-attacks, including Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS). These solutions will provide a huge number of alarms that produce more are false positives. Therefore, the IDS tool result should be operated by a human intelligent be filtered effectively the huge amount of alerts to identify true positive attacks and perform accordingly to the incident response rule. This requires the IT employees to have enough knowledge and competency on operating IDS, IPS and incident handling. This paper aims to examine the awareness of cyber security threat among all IT employees, focusing on three domains: Knowledge, Monitoring and Prevention. Cyber-attack Security awareness Cyber threat IT employees Knowledge Monitoring Prevention
37	Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users Edwards, Keith 01 January 2015 (has links) Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the incentive to take security awareness training on their own. Research in security awareness and security behavior has produced conflicting results. Therefore, it is not clear, how security aware home computer users are or to what extent security awareness affects the security behavior of home computer users. The goal of this study was to determine if there is a relationship between security awareness and users practicing good security behavior. This study adapted its research model from the health belief model (HBM), which accesses a patient’s decision to perform health related activities. The research model included the HBM constructs of perceived severity, perceived susceptibility, perceived threat, perceived benefits, perceived barriers, cues to action, and self-efficacy. The research model also contained the security awareness (SA) and concern for information privacy (CFIP) constructs. The model used SA to ascertain the effect of security awareness on a person’s self-efficacy in information security (SEIS), perceived threat, CFIP, and security behavior. The research model included CFIP to ascertain its effect on security behavior. The developed survey measured the participants' security awareness, concern for information privacy, self-efficacy, expectations of security actions, perceived security threats, cues to action, and security behavior. SurveyMonkey administered the survey. SurveyMonkey randomly selected 267 participants from its 30 million-member base. The findings of this study indicate home computer users are security aware. SA does not have a direct effect on a user’s security behavior, perceived threat, or CFIP. However, it does have influence on SEIS. SEIS has a weak effect on expectations. CFIP has an effect on a user’s security behavior after removing perceived threat from the research model. Perceived susceptibility has a direct effect on a user’s security behavior, but perceived severity or perceived threat does not. Information privacy concerns Information security awareness Information Security Behavior Information technology Computer science Computer Sciences Computer Security
38	A Comparison of Users' Personal Information Sharing Awareness, Habits, and Practices in Social Networking Sites and E-Learning Systems Ball, Albert 01 January 2012 (has links) Although reports of identity theft continue to be widely published, users continue to post an increasing amount of personal information online, especially within social networking sites (SNS) and e-learning systems (ELS). Research has suggested that many users lack awareness of the threats that risky online personal information sharing poses to their personal information. However, even among users who claim to be aware of security threats to their personal information, actual awareness of these security threats is often found to be lacking. Although attempts to raise users' awareness about the risks of sharing their personal information have become more common, it is unclear if users are unaware of the risks, or are simply unwilling or unable to protect themselves. Research has also shown that users' habits may also have an influence on their practices. However, user behavior is complex, and the relationship between habit and practices is not clear. Habit theory has been validated across many disciplines, including psychology, genetics, and economics, with very limited attention in IS. Thus, the main goal of this study was to assess the influence of users' personal information sharing awareness (PISA) on their personal information sharing habits (PISH) and personal information sharing practices (PISP), as well as to compare the three constructs between SNS and ELS. Although habit has been studied significantly in other disciplines, a limited number of research studies have been conducted regarding IS usage and habit. Therefore, this study also investigated the influence of users' PISH on their PISP within the contexts of SNS and ELS. An empirical survey instrument was developed based on prior literature to collect and analyze data relevant to these three constructs. Path analysis was conducted on the data to determine the influence of users' PISA on their PISH and PISP, as well as the influence of users' PISH on their PISP. This study also utilized ANCOVA to determine if, and to what extent, any differences may exist between users' PISA, PISH, and PISP within SNS and ELS. The survey was deployed to the student body and faculty members at a small private university in the Southeast United States; a total of 390 responses was received. Prior to final data analysis, pre-analysis data screening was performed to ensure the validity and accuracy of the collected data. Cronbach's Alpha was performed on PISA, PISH, and PISP, with all three constructs demonstrating high reliability. PISH was found to be the most significant factor evaluated in this study, as users' habits were determined to have the strongest influence on their PISP within the contexts of SNS and ELS. The main contribution of this study was to advance the understanding of users' awareness of information security threats, their personal information sharing habits, and their personal information sharing practices. Information gained from this study may help organizations in the development of better approaches to the securing of users' personal information. E-learning Systems Information Security Information Security Awareness Information Security Habits Information Security Practices Social Networks Computer Sciences
39	A malware threat avoidance model for online social network users Ikhalia, Ehinome January 2017 (has links) The main purpose of this thesis is to develop a malware threat avoidance model for users of online social networks (OSNs). To understand the research domain, a comprehensive and systematic literature review was conducted and then the research scope was established. Two design science iterations were carried out to achieve the research aim reported in this thesis. In the first iteration, the research extended the Technology Threat Avoidance Theory (TTAT) to include a unique characteristic of OSN - Mass Interpersonal Persuasion (MIP). The extended model (TTAT-MIP), focused on investigating the factors that needs to be considered in a security awareness system to motivate OSN users to avoid malware threats. Using a quantitative approach, the results of the first iteration suggests perceived severity, perceived threat, safeguard effectiveness, safeguard cost, self-efficacy and mass interpersonal persuasion should be included in a security awareness system to motivate OSN users to avoid malware threats. The second iteration was conducted to further validate TTAT-MIP through a Facebook video animation security awareness system (referred in this thesis as Social Network Criminal (SNC)). SNC is a Web-based application integrated within Facebook to provide security awareness to OSN users. To evaluate TTAT-MIP through SNC, three research techniques were adopted: lab experiments, usability study and semi-structured interviews. The results suggest that participants perceived SNC as a useful tool for malware threat avoidance. In addition, SNC had a significant effect on the malware threat avoidance capabilities of the study participants. Moreover, the thematic analysis of the semi-structured interviews demonstrated that the study participants' found SNC to be highly informative; persuasive; interpersonally persuasive; easy to use; relatable; fun to use; engaging; and easy to understand. These findings were strongly related to the constructs of TTAT-MIP. The research contributes to theory by demonstrating a novel approach to design and deploy security awareness systems in a social context. This was achieved by including users' behavioural characteristic on the online platform where malware threats occur within a security awareness system. Besides, this research shows how practitioners keen on developing systems to improve security behaviours could adopt the TTAT-MIP model for other related contexts.
40	Studies on Employees’ Information Security Awareness Häußinger, Felix 13 May 2015 (has links) No description available. 330 Information Security Awareness Information Security Behahavior Information Systems Security Antecedents of Information Security Endogenous Motivation Wirtschaftswissenschaften (PPN621567140)

Search results