Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: System Privacy and Protection Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 4 Year: 2008 Month: 1 X-DOI: 10.1080/2333696X.2008.10855830 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855830 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Elizabeth White Baker Author-X-Name-First: Elizabeth Author-X-Name-Last: White Baker Title: Responding to Critical Infrastructure Threats of Reliability and Security: Economic, Organizational and Technical Perspectives for a Next Generation US Electric Grid Abstract: The US electricity grid is a central piece of critical infrastructure, extremely vulnerable to exogenous attacks, and requiring an enhanced command and control system to be prepared for emergencies. The current economic climate of deregulation of the electricity industry has made this objective of grid emergency preparedness simultaneously more imperative and more difficult to achieve. This paper outlines essential components of an information systems-based technical command and control solution for the US grid and discusses the current and future economic, regulatory and organizational factors surrounding the grid that would ensure its reliability should an emergency situation arise. Journal: Journal of Information Privacy and Security Pages: 3-20 Issue: 1 Volume: 4 Year: 2008 Month: 1 X-DOI: 10.1080/2333696X.2008.10855831 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855831 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:1:p:3-20 Template-Type: ReDIF-Article 1.0 Author-Name: Taeha Kim Author-X-Name-First: Taeha Author-X-Name-Last: Kim Author-Name: Youngshin Kim Author-X-Name-First: Youngshin Author-X-Name-Last: Kim Author-Name: Alex Talalayevsky Author-X-Name-First: Alex Author-X-Name-Last: Talalayevsky Title: Managing Anti-Circumvention Technology for Digital Content Abstract: Anti-circumvention technologies offer content providers interesting opportunities to protect and distribute various forms of digital content. This work takes an economic approach to the investigation of the relationships between the legal and technological protections of digital content as well as associated managerial implications that impact the overall profitability of content providers. The resulting findings about optimal pricing are interesting and suggest that the price of digital content does not have a simple linear relationship with levels of protection. Thus, content providers should consider such parameters as legal & technological protection levels, consumer disutility due to anti-circumvention technologies, and composition of consumers with different circumventing attitudes when a content provider sets the price in order to optimize its overall profit. We find that an optimal level of protection exists when consumers start to feel significant disutility at the lower levels of technological protection. This work also demonstrates that content providers may often have to adjust price downward in conjunction with the lower range of technological protection in order to stimulate consumption. Furthermore, we find that setting maximum protection levels may not always be optimal if consumers are sensitive to technological protections. Journal: Journal of Information Privacy and Security Pages: 21-41 Issue: 1 Volume: 4 Year: 2008 Month: 1 X-DOI: 10.1080/2333696X.2008.10855832 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855832 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:1:p:21-41 Template-Type: ReDIF-Article 1.0 Author-Name: Anil Gurung Author-X-Name-First: Anil Author-X-Name-Last: Gurung Author-Name: Xin Luo Author-X-Name-First: Xin Author-X-Name-Last: Luo Author-Name: M.K Raja Author-X-Name-First: M.K Author-X-Name-Last: Raja Title: An Empirical Investigation on Customer’s Privacy Perceptions, Trust and Security Awareness in E-commerce Environment Abstract: Privacy concerns of the users have been listed as one of the hindrances in the growth of e-commerce. Understanding the consequences of privacy and its relationship with risk perceptions may help in finding solutions to this problem. Internet users may use different strategies to protect their privacy so that they can become confident in taking part in e-commerce. In this study, we investigate how users can lower their risk perceptions in the context of e-commerce. The relationships among privacy, risk, trust and internet security measures are empirically investigated to predict the behavioral intention to take part in e-commerce. Theoretical contributions and implications are discussed. Journal: Journal of Information Privacy and Security Pages: 42-60 Issue: 1 Volume: 4 Year: 2008 Month: 1 X-DOI: 10.1080/2333696X.2008.10855833 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855833 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:1:p:42-60 Template-Type: ReDIF-Article 1.0 Author-Name: Nathaniel J. Melby Author-X-Name-First: Nathaniel J. Author-X-Name-Last: Melby Title: Interview with: Peter B. McCarthy, Assistant Secretary for Management and CFO United States Department of the Treasury http://www.ustreas.gov/ Journal: Journal of Information Privacy and Security Pages: 61-63 Issue: 1 Volume: 4 Year: 2008 Month: 1 X-DOI: 10.1080/2333696X.2008.10855834 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855834 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:1:p:61-63 Template-Type: ReDIF-Article 1.0 Author-Name: Joseph S. Mollick Author-X-Name-First: Joseph S. Author-X-Name-Last: Mollick Title: Management of Information Security Journal: Journal of Information Privacy and Security Pages: 64-65 Issue: 1 Volume: 4 Year: 2008 Month: 1 X-DOI: 10.1080/2333696X.2008.10855835 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855835 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:1:p:64-65 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Special Issue: Data Privacy, Policies and Frameworks Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 8 Year: 2012 Month: 1 X-DOI: 10.1080/15536548.2012.11082758 File-URL: http://hdl.handle.net/10.1080/15536548.2012.11082758 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Olli Pitkänen Author-X-Name-First: Olli Author-X-Name-Last: Pitkänen Author-Name: Virpi Kristiina Tuunainen Author-X-Name-First: Virpi Kristiina Author-X-Name-Last: Tuunainen Title: Disclosing Personal Data Socially — An Empirical Study on Facebook Users' Privacy Awareness Abstract: Maintaining existing relationships and present oneself to others is easy and inexpensive in social network services, such as Facebook. Nevertheless, the ever-increasing amount of personal data in these online services gives a rise to privacy concerns and risks. In an attempt to understand the factors, especially privacy awareness, that influence users to disclose or hide information in online environment, we view privacy behavior from the perspectives of privacy protection and information disclosing.Our survey of 210 Facebook users indicates, that most active users of this social network service disclose a considerable amount of private information. Contrary to their own beliefs, they are not too well aware of the visibility of their information to people they do not necessarily know. Furthermore, Facebook's privacy policy and the terms of use are largely either not known or understood. With the proliferation of different social media tools and services and the increased interest and involvement of companies and other organizations, understanding users' privacy attitudes and behavior becomes of paramount importance. Journal: Journal of Information Privacy and Security Pages: 3-29 Issue: 1 Volume: 8 Year: 2012 Month: 1 X-DOI: 10.1080/15536548.2012.11082759 File-URL: http://hdl.handle.net/10.1080/15536548.2012.11082759 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:1:p:3-29 Template-Type: ReDIF-Article 1.0 Author-Name: Robert A. Robertson Author-X-Name-First: Robert A. Author-X-Name-Last: Robertson Title: Security Auditing: The Need for Policies and Practices Abstract: Security is a growing concern in organizations, especially as more organizations embrace the arena of E-Commerce. This research surveys the literature in security policy, presents established models in this area, and provides limitations to those models and directions for further research in this area. Journal: Journal of Information Privacy and Security Pages: 30-37 Issue: 1 Volume: 8 Year: 2012 Month: 1 X-DOI: 10.1080/15536548.2012.11082760 File-URL: http://hdl.handle.net/10.1080/15536548.2012.11082760 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:1:p:30-37 Template-Type: ReDIF-Article 1.0 Author-Name: Paul Ambrose Author-X-Name-First: Paul Author-X-Name-Last: Ambrose Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interpreting the Impact of Perceived Privacy and Security Concerns in Patients' Use of Online Health Information Systems Abstract: In this paper the authors examine the various models in the medical domain and the communities that proliferate around these web models. Given that several of these business models have failed, while others continue to exist, it is argued that the key is to understand the individual consumer motivators and inhibitors for such knowledge. In this paper the authors systematically develop a theoretical model to understand such motivators and inhibitors of individuals' obtaining health related information online. The focus of this study is the manner in which individual consumers' use online sources to obtain health and other related medical information. Journal: Journal of Information Privacy and Security Pages: 38-50 Issue: 1 Volume: 8 Year: 2012 Month: 1 X-DOI: 10.1080/15536548.2012.11082761 File-URL: http://hdl.handle.net/10.1080/15536548.2012.11082761 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:1:p:38-50 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Expert Opinion — Part 1 Journal: Journal of Information Privacy and Security Pages: 51-55 Issue: 1 Volume: 8 Year: 2012 Month: 1 X-DOI: 10.1080/15536548.2012.11082762 File-URL: http://hdl.handle.net/10.1080/15536548.2012.11082762 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:1:p:51-55 Template-Type: ReDIF-Article 1.0 Author-Name: Roberto Vinaja Author-X-Name-First: Roberto Author-X-Name-Last: Vinaja Title: Book Review Journal: Journal of Information Privacy and Security Pages: 56-58 Issue: 1 Volume: 8 Year: 2012 Month: 1 X-DOI: 10.1080/15536548.2012.11082763 File-URL: http://hdl.handle.net/10.1080/15536548.2012.11082763 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:1:p:56-58 Template-Type: ReDIF-Article 1.0 Author-Name: Changchit Chuleeporn Author-X-Name-First: Changchit Author-X-Name-Last: Chuleeporn Title: User and Consumer Perceptions of Security Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 4 Volume: 6 Year: 2010 Month: 10 X-DOI: 10.1080/15536548.2010.10855896 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855896 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:4:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Post Gerald V. Author-X-Name-First: Post Author-X-Name-Last: Gerald V. Author-Name: Walchli Suzanne B. Author-X-Name-First: Walchli Author-X-Name-Last: Suzanne B. Title: Consumer Perception of Web Site Security Attributes Abstract: It is known that consumer e-commerce decisions are affected by trust and the perception of security. Two relatively new aspects of Web security have not yet been studied, but have important consequences to site designers and society: the payment-card-industry hacker-tested badge, and enhanced SSL certificates. The hacker-tested badge is an icon that can be added to a Web site. The enhanced security certificates cost hundreds of dollars with no significant added security, but feature a new interface notification. The study results show the enhanced certificate does not increase trust like the hacker-tested logo. The logo result is potentially hazardous because fraudulent sites can easily add counterfeit icons. The perception of site security is also enhanced by the usability of the site and the presence of third-party checkout. By having respondents evaluate actual Web sites, this study goes beyond existing work based on site prototypes and considers these new security elements in the context of a comprehensive structural equation model that depicts the interaction of vendor knowledge, security perception, and intention to purchase. Journal: Journal of Information Privacy and Security Pages: 3-27 Issue: 4 Volume: 6 Year: 2010 Month: 10 X-DOI: 10.1080/15536548.2010.10855897 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855897 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:4:p:3-27 Template-Type: ReDIF-Article 1.0 Author-Name: Luse Andy Author-X-Name-First: Luse Author-X-Name-Last: Andy Author-Name: Mennecke Brian E. Author-X-Name-First: Mennecke Author-X-Name-Last: Brian E. Author-Name: Townsend Anthony M. Author-X-Name-First: Townsend Author-X-Name-Last: Anthony M. Title: User Acceptance of Speech-Enabled Technologies for Configuration of Computer and Network Security Abstract: Computer and network security administration has gained vital importance as online banking, corporate documents, and business to business transactions are now all carried out over computational networks. Designing security systems that satisfy the requirements of both network administrators and end-users brings with it the paradox of ease of use and absolute security. This research investigates the acceptance, by users, of speech recognition as a mechanism for alleviating computer and network security configuration. The study finds that, while the perceived usefulness of speech-enabled systems for security configuration leads to greater future intention to use the system, ease-of-use indirectly affects future use. This is a vital finding for developers of speech-enabled security configuration systems. Journal: Journal of Information Privacy and Security Pages: 28-49 Issue: 4 Volume: 6 Year: 2010 Month: 10 X-DOI: 10.1080/15536548.2010.10855898 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855898 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:4:p:28-49 Template-Type: ReDIF-Article 1.0 Author-Name: Barra Roberta Ann Author-X-Name-First: Barra Author-X-Name-Last: Roberta Ann Author-Name: McLeod Alexander Author-X-Name-First: McLeod Author-X-Name-Last: Alexander Author-Name: Savage Arline Author-X-Name-First: Savage Author-X-Name-Last: Arline Author-Name: Simkin Mark G. Author-X-Name-First: Simkin Author-X-Name-Last: Mark G. Title: Passwords: Do User Preferences and Website Protocols Differ From Theory? Abstract: Despite the availability of superior authentication tools, password security continues to be an important access control in modern, computer-based systems. Are strong passwords used in these systems? Under what conditions are users willing to adopt stronger passwords? To answer these questions, the authors examined the websites of 154 organizations and additionally, analyzed 240 responses from a separate survey of password users. In terms of password length and duration, the answer to our first question was “No, strong passwords are not used.” The answer to our second question regarding willingness to adopt stronger passwords appears to depend upon how often users must change them. Journal: Journal of Information Privacy and Security Pages: 50-69 Issue: 4 Volume: 6 Year: 2010 Month: 10 X-DOI: 10.1080/15536548.2010.10855899 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855899 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:4:p:50-69 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Ravichandra Gunturu Senior Software Engineer Blackthorne Capital Management Journal: Journal of Information Privacy and Security Pages: 70-72 Issue: 4 Volume: 6 Year: 2010 Month: 10 X-DOI: 10.1080/15536548.2010.10855900 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855900 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:4:p:70-72 Template-Type: ReDIF-Article 1.0 Author-Name: Jay Rogers Author-X-Name-First: Jay Author-X-Name-Last: Rogers Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Rework Journal: Journal of Information Privacy and Security Pages: 73-74 Issue: 4 Volume: 6 Year: 2010 Month: 10 X-DOI: 10.1080/15536548.2010.10855901 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855901 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:4:p:73-74 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial preface Journal: Journal of Information Privacy and Security Pages: 55-55 Issue: 2 Volume: 12 Year: 2016 Month: 4 X-DOI: 10.1080/15536548.2016.1174490 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1174490 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:2:p:55-55 Template-Type: ReDIF-Article 1.0 Author-Name: Stanislav Mamonov Author-X-Name-First: Stanislav Author-X-Name-Last: Mamonov Author-Name: Marios Koufaris Author-X-Name-First: Marios Author-X-Name-Last: Koufaris Title: The impact of exposure to news about electronic government surveillance on concerns about government intrusion, privacy self-efficacy, and privacy protective behavior Abstract: Government electronic surveillance programs are an active topic in public debates, yet little is known about how awareness of government electronic surveillance programs affects technology users’ concerns, beliefs, and behaviors. This study examined the impact of exposure to news stories about government surveillance on users’ concerns about government intrusion, their privacy self-efficacy, and the strength of passwords they use to protect information. Findings were that the exposure to news about government surveillance increases the level of concerns about government intrusion and has a negative impact on privacy self-efficacy. Further, contrary to expectations, this exposure also leads to weaker passwords used to protect information. Possible explanations and implications of the findings are discussed. Journal: Journal of Information Privacy and Security Pages: 56-67 Issue: 2 Volume: 12 Year: 2016 Month: 4 X-DOI: 10.1080/15536548.2016.1163026 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1163026 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:2:p:56-67 Template-Type: ReDIF-Article 1.0 Author-Name: Matt Campbell Author-X-Name-First: Matt Author-X-Name-Last: Campbell Author-Name: Antonis C. Stylianou Author-X-Name-First: Antonis C. Author-X-Name-Last: Stylianou Author-Name: Jordan Shropshire Author-X-Name-First: Jordan Author-X-Name-Last: Shropshire Title: The impact of attitudinal factors on intention to report workplace Internet abuse Abstract: Why do employees actually report workplace Internet abuse? The prevailing theory is that employees make deliberate, calculated decisions only after weighing the pros and cons of reporting. This research proposes a behavioral model in which attitudinal factors are largely responsible for shaping employee intentions to report workplace Internet abuse. Theories of idealism, perceived organizational risk, social influence, and managerial position are synthesized to better understand workers’ motivations. A survey 315 American workers tested the proposed hypotheses and research model using structural equation modeling. Results confirm the validity of the proposed model. Each of the attitudinal factors had a significant impact on employee willingness to report Internet violations. This study underscores the importance of attitudinal factors in a space that primarily portrays employees as rational, unemotional actors. Journal: Journal of Information Privacy and Security Pages: 68-83 Issue: 2 Volume: 12 Year: 2016 Month: 4 X-DOI: 10.1080/15536548.2016.1160677 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1160677 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:2:p:68-83 Template-Type: ReDIF-Article 1.0 Author-Name: Raymond Placid Author-X-Name-First: Raymond Author-X-Name-Last: Placid Author-Name: Judy Wynekoop Author-X-Name-First: Judy Author-X-Name-Last: Wynekoop Title: Twibel: A matter of Internet privacy Abstract: Social media websites have become a powerful communication tool, where an individual can communicate with one person or millions of people at once. As a consequence, individuals are utilizing social media to report newsworthy events, as well as to post opinions, which may include posting negative information about another person or entity that can be harmful to such person’s or entity’s reputation (i.e., defamation), a phenomenon that is new to the legal system. This article reviews the legal precedent in the United States that addresses the legal impact of a defamatory statement sent through a social media website such as Twitter. Although the law in the United States is evolving, precedent indicates that the website’s nature is generally less important than the nature of the communication. However, the law is not settled for cases in which a private tweet is released into the public domain unintentionally or by an accidental cause, such as a software defect. Journal: Journal of Information Privacy and Security Pages: 84-92 Issue: 2 Volume: 12 Year: 2016 Month: 4 X-DOI: 10.1080/15536548.2016.1160678 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1160678 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:2:p:84-92 Template-Type: ReDIF-Article 1.0 Author-Name: Katherine “Suzy” Cole-Miller Author-X-Name-First: Katherine “Suzy” Author-X-Name-Last: Cole-Miller Author-Name: William “Doug” Ward Author-X-Name-First: William “Doug” Author-X-Name-Last: Ward Author-Name: Ann Fruhling Author-X-Name-First: Ann Author-X-Name-Last: Fruhling Author-Name: Kathryn Dempsey Cooper Author-X-Name-First: Kathryn Dempsey Author-X-Name-Last: Cooper Title: Social media policies in the Department of Defense—Do they address the risk? Abstract: The rapid adoption and increased availability of social media has brought dynamic changes to the way people and organizations access and distribute information. Use of social media carries an inherent risk. Organizations use policies to encourage acceptable and responsible use of social media while limiting the activities they perceive as causing the most risk. This article will explore the social media policies of the Department of Defense by using a previously established methodology to determine if the policies are sufficiently addressing the risk as well as encouraging responsible use. The aim of this study is to provide recommendations based on the analysis and review of the policies. Journal: Journal of Information Privacy and Security Pages: 93-102 Issue: 2 Volume: 12 Year: 2016 Month: 4 X-DOI: 10.1080/15536548.2016.1180942 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1180942 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:2:p:93-102 Template-Type: ReDIF-Article 1.0 Author-Name: Faruk Arslan Author-X-Name-First: Faruk Author-X-Name-Last: Arslan Title: Discovering Computers 2016: Tools, Apps, Devices, and the Impact of Technology, by Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Jennifer T. Campbell, and Mark Frydenburg Journal: Journal of Information Privacy and Security Pages: 103-104 Issue: 2 Volume: 12 Year: 2016 Month: 4 X-DOI: 10.1080/15536548.2016.1174492 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1174492 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:2:p:103-104 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Editorial Journal: Journal of Information Privacy and Security Pages: 1-1 Issue: 1 Volume: 13 Year: 2017 Month: 1 X-DOI: 10.1080/15536548.2017.1279874 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1279874 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:1:p:1-1 Template-Type: ReDIF-Article 1.0 Author-Name: Rui Chen Author-X-Name-First: Rui Author-X-Name-Last: Chen Author-Name: Jingguo Wang Author-X-Name-First: Jingguo Author-X-Name-Last: Wang Author-Name: Tejaswini Herath Author-X-Name-First: Tejaswini Author-X-Name-Last: Herath Author-Name: H. R. Rao Author-X-Name-First: H. R. Author-X-Name-Last: Rao Title: An examination of an e-authentication service as an intervention in e-mail risk perception Abstract: In this article, we develop a three-stage study to examine the role of an e-mail authentication and identification service (eATS) intervention in affecting end-user e-mail risk perceptions. We deploy the eATS and find that it reduces users’ risk perception. Pre-intervention risk perception is found to be positively associated with user perception of the e-authentication service’s usefulness. Moreover, perceived usefulness of the service negatively relates to e-mail risk perception in the post-use stage. Finally, privacy concerns related to the e-authentication service dilute this relationship between usefulness of service and e-mail risk perception reduction. Journal: Journal of Information Privacy and Security Pages: 2-16 Issue: 1 Volume: 13 Year: 2017 Month: 1 X-DOI: 10.1080/15536548.2016.1257681 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1257681 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:1:p:2-16 Template-Type: ReDIF-Article 1.0 Author-Name: Murad Moqbel Author-X-Name-First: Murad Author-X-Name-Last: Moqbel Author-Name: Valerie Bartelt Author-X-Name-First: Valerie Author-X-Name-Last: Bartelt Author-Name: Mohammed Al-Suqri Author-X-Name-First: Mohammed Author-X-Name-Last: Al-Suqri Author-Name: Azzah Al-Maskari Author-X-Name-First: Azzah Author-X-Name-Last: Al-Maskari Title: Does privacy matter to millennials? The case for personal cloud Abstract: To date, there is little research on the extent to which privacy, security, and trust influence consumer technology-use decisions based on generation. We, therefore, examine, through the lens of the expectancy-valence theory, the extent to which privacy, security, and trust influence the decision to use personal cloud computing among millennials. We also examine the moderating effect of innovativeness on these relationships. Our structural equation modeling (SEM) analysis of 371 millennials shows that privacy is irrelevant for millennials when making decisions to use personal cloud and that individuals with high innovativeness tend to disregard security when making an adoption decision. Journal: Journal of Information Privacy and Security Pages: 17-33 Issue: 1 Volume: 13 Year: 2017 Month: 1 X-DOI: 10.1080/15536548.2016.1243854 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1243854 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:1:p:17-33 Template-Type: ReDIF-Article 1.0 Author-Name: Krishnamurty Muralidhar Author-X-Name-First: Krishnamurty Author-X-Name-Last: Muralidhar Title: Record Re-Identification of Swapped Numerical Microdata Abstract: Government agencies, researchers, healthcare providers, and other organizations release data for public use. To protect the privacy of the data subjects, these organizations mask the data prior to release. One popular masking procedure is data swapping, by which values of records are exchanged before being released. Data swapping is one of the preferred techniques since it is simple, easy to implement, and---based on prior studies---provides a reasonable balance between disclosure risk and data utility. In this study, we investigate the ability of an adversary with limited knowledge (of just a single record) to re-identify a record in the swapped data by using a procedure that reverse engineers the data-swapping process. The study also provides the adversary with the ability to evaluate the effectiveness of the re-identification. We empirically evaluate the effectiveness of data swapping using a dataset that has been used previously to evaluate the effectiveness of masking techniques. Our results demonstrate that data swapping can be vulnerable to disclosure even against this limited knowledge adversary. Journal: Journal of Information Privacy and Security Pages: 34-45 Issue: 1 Volume: 13 Year: 2017 Month: 1 X-DOI: 10.1080/15536548.2017.1281602 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1281602 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:1:p:34-45 Template-Type: ReDIF-Article 1.0 Author-Name: Faruk Arslan Author-X-Name-First: Faruk Author-X-Name-Last: Arslan Title: Thinking with Data: How to Turn Information into Insights, by Max Shron Journal: Journal of Information Privacy and Security Pages: 46-47 Issue: 1 Volume: 13 Year: 2017 Month: 1 X-DOI: 10.1080/15536548.2017.1279876 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1279876 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:1:p:46-47 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Innovation, Technology and Game-Changers Journal: Journal of Information Privacy and Security Pages: 1- Issue: 3 Volume: 5 Year: 2009 Month: 7 X-DOI: 10.1080/15536548.2009.10855866 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855866 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:3:p:1- Template-Type: ReDIF-Article 1.0 Author-Name: Alexander Mills Author-X-Name-First: Alexander Author-X-Name-Last: Mills Author-Name: Rui Chen Author-X-Name-First: Rui Author-X-Name-Last: Chen Author-Name: JinKyu Lee Author-X-Name-First: JinKyu Author-X-Name-Last: Lee Author-Name: H. Raghav Rao Author-X-Name-First: H. Author-X-Name-Last: Raghav Rao Title: Web 2.0 Emergency Applications: How Useful Can Twitter be for Emergency Response? Abstract: Twitter is a free, platform-independent, Web 2.0 communication application that allows users to send short (up to 140 characters) electronic messages to other individual users and user groups. Twitter users can send messages to one another via most internet-enabled devices capable of text messaging. This new and unique service offers great potential for rapid and integrated response to disasters. We explore the upsides and the downsides of this free service as a modern communications tool in the hands of disaster response professionals, government agencies, crisis management organizations (CMOs), organizations, and victims of disasters. Journal: Journal of Information Privacy and Security Pages: 3-26 Issue: 3 Volume: 5 Year: 2009 Month: 7 X-DOI: 10.1080/15536548.2009.10855867 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855867 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:3:p:3-26 Template-Type: ReDIF-Article 1.0 Author-Name: Xia Zhao Author-X-Name-First: Xia Author-X-Name-Last: Zhao Author-Name: Ling Xue Author-X-Name-First: Ling Author-X-Name-Last: Xue Title: A Framework of Using Captive Insurance to Streamline IT Control and Compliance Management Abstract: To streamline IT compliance management and reduce the compliance cost, large companies need to address the issues of incentive and information. This article proposes a framework which illustrates how companies can use a risk management approach - captive insurance - to resolve these issues and ultimately achieve cost-efficient IT compliance management. Journal: Journal of Information Privacy and Security Pages: 27-43 Issue: 3 Volume: 5 Year: 2009 Month: 7 X-DOI: 10.1080/15536548.2009.10855868 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855868 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:3:p:27-43 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Quest for Universal Identification - A Commentary Abstract: This short article is presented as a commentary on trying to understand the underlying impacts of social media and related technologies on privacy and security issues. The focus of this paper is particularly on the individuals and the concept of universal identity (UI) that indirectly results due to the participation in these incredibly pervasive technologies and communication platforms. The author discusses particular features on various sites, socialization and incorporates inputs from interviews and secondary data to support this premise. Finally, lists of key research questions are identified throughout the commentary for future research. Journal: Journal of Information Privacy and Security Pages: 44-54 Issue: 3 Volume: 5 Year: 2009 Month: 7 X-DOI: 10.1080/15536548.2009.10855869 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855869 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:3:p:44-54 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Rhommer Varilla Managing Director and VP of Services, SysLogic Inc. Journal: Journal of Information Privacy and Security Pages: 55-57 Issue: 3 Volume: 5 Year: 2009 Month: 7 X-DOI: 10.1080/15536548.2009.10855870 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855870 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:3:p:55-57 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Personality Not Included Journal: Journal of Information Privacy and Security Pages: 58-60 Issue: 3 Volume: 5 Year: 2009 Month: 7 X-DOI: 10.1080/15536548.2009.10855871 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855871 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:3:p:58-60 Template-Type: ReDIF-Article 1.0 Author-Name: Wu He Author-X-Name-First: Wu Author-X-Name-Last: He Author-Name: Xiaohong Yuan Author-X-Name-First: Xiaohong Author-X-Name-Last: Yuan Title: Guest Editorial Journal: Journal of Information Privacy and Security Pages: 157-159 Issue: 4 Volume: 10 Year: 2014 Month: 10 X-DOI: 10.1080/15536548.2014.974398 File-URL: http://hdl.handle.net/10.1080/15536548.2014.974398 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:4:p:157-159 Template-Type: ReDIF-Article 1.0 Author-Name: Roberto J. Mejias Author-X-Name-First: Roberto J. Author-X-Name-Last: Mejias Author-Name: Pierre A. Balthazard Author-X-Name-First: Pierre A. Author-X-Name-Last: Balthazard Title: A Model of Information Security Awareness for Assessing Information Security Risk for Emerging Technologies Abstract: Information systems (IS) that interconnect emerging technologies have rendered organizations increasingly vulnerable to emerging information technology (IT) attacks. Drawing on IS concepts such as systems and cybernetic theory, technological threat avoidance theory (TTAT) and general deterrence theory (GDT), this study develops an IS security (ISS) risk model that contributes to an understanding of information security awareness (ISA) and the assessment of ISS risk. Results indicate that technical knowledge, organizational impact and attacker assessment generate significant positive path coefficients with ISA. However, the constructs organizational impact and attacker assessment generated stronger path coefficients with ISA than technical knowledge. Research model results also indicate that ISA is strongly associated with ISS risk. Journal: Journal of Information Privacy and Security Pages: 160-185 Issue: 4 Volume: 10 Year: 2014 Month: 10 X-DOI: 10.1080/15536548.2014.974407 File-URL: http://hdl.handle.net/10.1080/15536548.2014.974407 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:4:p:160-185 Template-Type: ReDIF-Article 1.0 Author-Name: Mark A. Harris Author-X-Name-First: Mark A. Author-X-Name-Last: Harris Author-Name: Steven Furnell Author-X-Name-First: Steven Author-X-Name-Last: Furnell Author-Name: Karen Patten Author-X-Name-First: Karen Author-X-Name-Last: Patten Title: Comparing the Mobile Device Security Behavior of College Students and Information Technology Professionals Abstract: Mobile devices are now a standard part of both personal and workplace information technology (IT) usage. However, they introduce a variety of security concerns that users are failing to address. This article examines and compares the security preparedness of 227 IT and non-IT college students about to enter the workforce and 83 predominately non-security-focused IT professionals. Results indicate that all groups put their data and connected networks at risk by failing to properly secure their personal mobile devices. Suggestions include organizational mobile device security policies and mobile device security awareness and training for both current and incoming employees. Journal: Journal of Information Privacy and Security Pages: 186-202 Issue: 4 Volume: 10 Year: 2014 Month: 10 X-DOI: 10.1080/15536548.2014.974429 File-URL: http://hdl.handle.net/10.1080/15536548.2014.974429 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:4:p:186-202 Template-Type: ReDIF-Article 1.0 Author-Name: Rachida F. Parks Author-X-Name-First: Rachida F. Author-X-Name-Last: Parks Author-Name: Rolf T. Wigand Author-X-Name-First: Rolf T. Author-X-Name-Last: Wigand Title: Organizational Privacy Strategy: Four Quadrants of Strategic Responses to Information Privacy and Security Threats Abstract: How do organizations make strategic choices concerning information privacy and security practices? Focusing on organizational privacy strategy, this study describes patterns in response to information privacy threats, firms’ organizational strategy, and responses to institutional pressures. Two theoretical views are converged: Oliver’s (1991) strategic responses framework to institutional processes and Miles and Snow’s (1978) typology of organizational strategy, structure, and processes. Drawing on a healthcare industry study, variations, predictions, and illustrations of four quadrants of conformist, entrepreneur, transformer, and defender privacy strategies are provided. This work’s major contribution is the analysis and conceptualization of organizational privacy strategies, providing an umbrella-like theoretical perspective. Practical implications extend beyond the illustrative setting of the healthcare industry. Journal: Journal of Information Privacy and Security Pages: 203-224 Issue: 4 Volume: 10 Year: 2014 Month: 10 X-DOI: 10.1080/15536548.2014.974435 File-URL: http://hdl.handle.net/10.1080/15536548.2014.974435 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:4:p:203-224 Template-Type: ReDIF-Article 1.0 Author-Name: Gongjun Yan Author-X-Name-First: Gongjun Author-X-Name-Last: Yan Author-Name: Kenneth Shemroske Author-X-Name-First: Kenneth Author-X-Name-Last: Shemroske Author-Name: Gary Black Author-X-Name-First: Gary Author-X-Name-Last: Black Title: Altering Security Perceptions Through the Use of Geo-Authentication Abstract: This article proposes geo-authentication as part of a multi-level security solution to supplement and strengthen existing defenses (e.g., technical and behavioral approaches) against social engineering attacks. The technology behind this tool is explained and several potential applications are discussed related to online banking and voting. Data are collected regarding changes in perceptions of security when using specific applications common among young adults (Facebook and online banking). Findings show geo-authentication is perceived as a useful tool, which has a significant impact on perceptions of security in computer transactions and may affect the decision to use such products. Journal: Journal of Information Privacy and Security Pages: 225-235 Issue: 4 Volume: 10 Year: 2014 Month: 10 X-DOI: 10.1080/15536548.2014.977608 File-URL: http://hdl.handle.net/10.1080/15536548.2014.977608 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:4:p:225-235 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: Data Stewardship: An Actionable Guide to Effective Data Management and Data Governance, by David Plotkin Journal: Journal of Information Privacy and Security Pages: 236-238 Issue: 4 Volume: 10 Year: 2014 Month: 10 X-DOI: 10.1080/15536548.2014.974401 File-URL: http://hdl.handle.net/10.1080/15536548.2014.974401 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:4:p:236-238 Template-Type: ReDIF-Article 1.0 Author-Name: Indranil Bose Author-X-Name-First: Indranil Author-X-Name-Last: Bose Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-3 Issue: 3 Volume: 9 Year: 2013 Month: 7 X-DOI: 10.1080/15536548.2013.10845681 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845681 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:3:p:1-3 Template-Type: ReDIF-Article 1.0 Author-Name: Wang Suk Suh Author-X-Name-First: Wang Suk Author-X-Name-Last: Suh Author-Name: Eun Jung Yoon Author-X-Name-First: Eun Jung Author-X-Name-Last: Yoon Author-Name: Selwyn Piramuthu Author-X-Name-First: Selwyn Author-X-Name-Last: Piramuthu Title: RFID-Based Attack Scenarios in Retailing, Healthcare and Sports Abstract: RFID (Radio Frequency Identification) is increasingly becoming a popular technology due to its many advantages over competing technology (e.g., bar code) across various application areas such as marketing, retailing, health care industry, sport industry, among others. RFID has also been widely adopted due to its relatively low cost when its benefits are also factored in. While we enjoy these benefits of RFID systems, serious privacy and security concerns exist from their wireless communication mode and associated inherent vulnerabilities. We consider potential RFID attack scenarios in a few application domains including retailing, healthcare and sports. Journal: Journal of Information Privacy and Security Pages: 4-17 Issue: 3 Volume: 9 Year: 2013 Month: 7 X-DOI: 10.1080/15536548.2013.10845682 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845682 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:3:p:4-17 Template-Type: ReDIF-Article 1.0 Author-Name: Ashish Kumar Jha Author-X-Name-First: Ashish Kumar Author-X-Name-Last: Jha Author-Name: Indranil Bose Author-X-Name-First: Indranil Author-X-Name-Last: Bose Title: A Framework for Addressing Data Privacy Issues in E-Governance Projects Abstract: The paper discusses privacy and security issues related to data collected by various government agencies. It presents a theoretical framework developed on the basis of specific case studies of e-governance implementation in India and the lessons that can be drawn from the same for better execution of future digitization implementation of government services. This research illustrates with definite examples and situational analysis the dichotomy of centralization versus decentralization. We also describe some successful implementation of e-governance projects around the globe and develop the learning into a framework for analyzing and standardizing the data management and protection needs of e-governance projects. Journal: Journal of Information Privacy and Security Pages: 18-33 Issue: 3 Volume: 9 Year: 2013 Month: 7 X-DOI: 10.1080/15536548.2013.10845683 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845683 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:3:p:18-33 Template-Type: ReDIF-Article 1.0 Author-Name: Yuanrong Hu Author-X-Name-First: Yuanrong Author-X-Name-Last: Hu Author-Name: Xi Chen Author-X-Name-First: Xi Author-X-Name-Last: Chen Author-Name: Indranil Bose Author-X-Name-First: Indranil Author-X-Name-Last: Bose Title: Cybercrime Enforcement Around the Globe Abstract: This paper presents a comparative analysis of the law enforcement toward cybercrime in various countries: the United States, the United Kingdom, Australia, China, and European countries. We summarize cybercriminal events reported by public media in various countries. We focus on criminal activities related to credit card fraud, social networking crime, Internet child pornography and juvenile delinquency. We analyze the punishment differences around the world, and find that European countries and the US tend to punish strictly while China tends to go the other way on the first three kinds of issues. For juvenile delinquencies, all countries punish youth criminals lightly. Journal: Journal of Information Privacy and Security Pages: 34-52 Issue: 3 Volume: 9 Year: 2013 Month: 7 X-DOI: 10.1080/15536548.2013.10845684 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845684 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:3:p:34-52 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Expert Opinion Interview with: Edward B.Talbot, Independent Consultant Journal: Journal of Information Privacy and Security Pages: 53-55 Issue: 3 Volume: 9 Year: 2013 Month: 7 X-DOI: 10.1080/15536548.2013.10845685 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845685 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:3:p:53-55 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: Computer Security Fundamentals, Second Edition Journal: Journal of Information Privacy and Security Pages: 56-58 Issue: 3 Volume: 9 Year: 2013 Month: 7 X-DOI: 10.1080/15536548.2013.10845686 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845686 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:3:p:56-58 Template-Type: ReDIF-Article 1.0 Author-Name: Choton S. Basu Author-X-Name-First: Choton S. Author-X-Name-Last: Basu Author-Name: John Chenoweth Author-X-Name-First: John Author-X-Name-Last: Chenoweth Title: Frameworks and Proposed Models Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 2 Volume: 2 Year: 2006 Month: 4 X-DOI: 10.1080/15536548.2006.10855788 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855788 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:2:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Sherrie Cannoy Author-X-Name-First: Sherrie Author-X-Name-Last: Cannoy Author-Name: Prashant C. Palvia Author-X-Name-First: Prashant C. Author-X-Name-Last: Palvia Author-Name: Richard Schilhavy Author-X-Name-First: Richard Author-X-Name-Last: Schilhavy Title: A Research Framework for Information Systems Security Abstract: Securing the IT infrastructure and the data it contains is one of the most critical components of IT that management faces today. Technologies such as the Internet and the wide-spread dissemination of computers to more users has increased the vulnerabilities of IT infrastructures as well as the likelihood of internal and external threats to companies. Managers are able to prevent or mitigate some of the damage caused by these attacks by aligning security policies with IT infrastructures to protect the organization’s information capital. The purpose of this study was to examine security articles in top-tier IS journals from 1996 to 2005 to determine what types of security research has been performed, to find out if a comprehensive framework for security in IS exists, and; if not, to develop a framework based upon the current literature and theory. Through the analysis of hypotheses, frameworks, and variables, security research appears to be very narrow and highly fragmented, suggesting security research remains fertile, yet immature. Additionally, no comprehensive framework was present in the analyzed literature; thus a comprehensive research framework is proposed for IS security Journal: Journal of Information Privacy and Security Pages: 3-24 Issue: 2 Volume: 2 Year: 2006 Month: 4 X-DOI: 10.1080/15536548.2006.10855789 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855789 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:2:p:3-24 Template-Type: ReDIF-Article 1.0 Author-Name: Kam Fai Wong Author-X-Name-First: Kam Fai Author-X-Name-Last: Wong Author-Name: Matthew Ka Wing Tam Author-X-Name-First: Matthew Ka Wing Author-X-Name-Last: Tam Author-Name: Chun Hung Cheng Author-X-Name-First: Chun Hung Author-X-Name-Last: Cheng Title: e-Government - A WebServices Framework Abstract: e-Government is an exciting area for applying Information and Communication Technologies (ICT). ICT can improve the efficiency and effectiveness in the provision and delivery of citizen services. A critical issue for the e-Government implementation is the interoperation problem among heterogeneous legacy government systems. In this aspect, the universal system interoperability supported by the XML-based webservices technologies can be useful components in a holistic e-Government infrastructure. In this paper, we review the specific requirements for the webservices infrastructure in the government domain. Based on this, a number of webservices models that are appropriate for the e-Government infrastructure are devised. Journal: Journal of Information Privacy and Security Pages: 30-50 Issue: 2 Volume: 2 Year: 2006 Month: 4 X-DOI: 10.1080/15536548.2006.10855790 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855790 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:2:p:30-50 Template-Type: ReDIF-Article 1.0 Author-Name: Nelson Stewart Author-X-Name-First: Nelson Author-X-Name-Last: Stewart Author-Name: Jared Spencer Author-X-Name-First: Jared Author-X-Name-Last: Spencer Author-Name: Nathaniel Melby Author-X-Name-First: Nathaniel Author-X-Name-Last: Melby Title: Developing Trust in M-commerce: A Vendor and Certificate Authority Model Abstract: The goal of creating a secure wireless network in which to conduct commerce is an elusive one. Mobile commerce, (m-commerce) therefore, relies on the wired network to deliver services to its consumers. Trust of the service delivery is a security concern that has prevented a greater acceptance of m-commerce by consumers. This research proposes a new network model that can ensure trust in a mobile commerce environment. A goal of the trusted relationship is to guarantee data and relational integrity in the wireless environment. Research in progress provides a diverse array of solutions from mobile agent systems (Critchlow, 2004, Wang, 2005, Zhang, 2004), the use of a unique asymmetric authentication protocol (He, 2003), to the use of XML to enable Web service efficiencies in architecture (Chang, 2005). This work recognizes and provides plausible solutions to the four elements of challenges and threats to wireless networks outlined by Claessens (2003) and the model is proposed to ensure trust in the m-commerce environment. Journal: Journal of Information Privacy and Security Pages: 51-58 Issue: 2 Volume: 2 Year: 2006 Month: 4 X-DOI: 10.1080/15536548.2006.10855791 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855791 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:2:p:51-58 Template-Type: ReDIF-Article 1.0 Author-Name: Blake Penn Author-X-Name-First: Blake Author-X-Name-Last: Penn Title: Interview with: Ken M. Shaurette, CISSP, CISA, CISM Engagement Manager Jefferson Wells, Inc Madison, WI Journal: Journal of Information Privacy and Security Pages: 59-61 Issue: 2 Volume: 2 Year: 2006 Month: 4 X-DOI: 10.1080/15536548.2006.10855792 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855792 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:2:p:59-61 Template-Type: ReDIF-Article 1.0 Author-Name: John D. Chenoweth Author-X-Name-First: John D. Author-X-Name-Last: Chenoweth Title: Book Review: Who Controls the Internet: Illusions of a Borderless World Journal: Journal of Information Privacy and Security Pages: 62-64 Issue: 2 Volume: 2 Year: 2006 Month: 4 X-DOI: 10.1080/15536548.2006.10855793 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855793 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:2:p:62-64 Template-Type: ReDIF-Article 1.0 Author-Name: S. Choton Basu Author-X-Name-First: S. Author-X-Name-Last: Choton Basu Title: On Issues of Computer Crimes, Online Security and Legal Resources Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 4 Volume: 1 Year: 2005 Month: 10 X-DOI: 10.1080/15536548.2005.10855776 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855776 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:4:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Sree Nilakanta Author-X-Name-First: Sree Author-X-Name-Last: Nilakanta Author-Name: Kevin Scheibe Author-X-Name-First: Kevin Author-X-Name-Last: Scheibe Title: The Digital Persona and Trust Bank: A Privacy Management Framework Abstract: Information privacy and protection in the United States is a source of great debate in both academia and industry. Technological advancements in areas such as data warehousing allow aggregation of data across seemingly unrelated sources to create detailed profiles of individuals making privacy pundits cry foul. This tension begs the question; “ Who owns secondary or transactional information of individuals?” Currently, ownership is with the organization. In this paper, we develop a framework that shifts the ownership to the individual. We show how this shift benefits not only the individual, but also the organization. We introduce a Trust Bank, an organization acting as an agent for consumers, and describe the benefits of allowing the consumer to control their Digital Persona, the electronically aggregated profile created by transactional processes. Journal: Journal of Information Privacy and Security Pages: 3-21 Issue: 4 Volume: 1 Year: 2005 Month: 10 X-DOI: 10.1080/15536548.2005.10855777 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855777 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:4:p:3-21 Template-Type: ReDIF-Article 1.0 Author-Name: G. Keith Roberts Author-X-Name-First: G. Author-X-Name-Last: Keith Roberts Title: Security Breaches, Privacy Intrusions, and Reporting of Computer Crimes Abstract: Computer crimes, in their true sense, typically involve unauthorized access, sabotage, theft of data, or theft of services. The occurrence of such crimes and other information security breaches continue at a fast pace, but there is much more criminal activity occurring in cyberspace than organizations are willing to report. The purpose of this paper is to identify current trends in computer security intrusions, to determine why they are not being fully reported, and to discuss one of the primary sources of United States criminal law that is available to law enforcement authorities for the punishment of computer crimes. Journal: Journal of Information Privacy and Security Pages: 22-32 Issue: 4 Volume: 1 Year: 2005 Month: 10 X-DOI: 10.1080/15536548.2005.10855778 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855778 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:4:p:22-32 Template-Type: ReDIF-Article 1.0 Author-Name: B. Dawn Medlin Author-X-Name-First: B. Dawn Author-X-Name-Last: Medlin Author-Name: Joseph A. Cazier Author-X-Name-First: Joseph A. Author-X-Name-Last: Cazier Title: An Investigative Study: Consumers Password Choices on an E-Commerce Site Abstract: Good passwords are essential to the security of any e-commerce site. Unfortunately, consumers generally have the responsibility of creating their own passwords and often do so without guidance from the web site or system administrator. One thing that is well known about passwords is that consumers do not create long or complicated passwords because they cannot remember them. Through an empirical analysis, this paper examines whether the passwords created by individuals on an e-commerce site fall into a predictable category and if individuals use either positive or negative password practices. Additionally, this paper addresses the issue of gender in relationship to password choice. The results of this study will show the actual password practices from an e-commerce site currently in use. Results indicate that males sampled had slightly more secure passwords than females in the sample. Journal: Journal of Information Privacy and Security Pages: 33-52 Issue: 4 Volume: 1 Year: 2005 Month: 10 X-DOI: 10.1080/15536548.2005.10855779 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855779 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:4:p:33-52 Template-Type: ReDIF-Article 1.0 Author-Name: Linda A. Reid Author-X-Name-First: Linda A. Author-X-Name-Last: Reid Title: Amanda M. Hubbard, J.D., FUIPSight Scholar former Trial Attorney, Computer Crime and Intellectual Property Section, U.S. Department of Justice Journal: Journal of Information Privacy and Security Pages: 53-59 Issue: 4 Volume: 1 Year: 2005 Month: 10 X-DOI: 10.1080/15536548.2005.10855780 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855780 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:4:p:53-59 Template-Type: ReDIF-Article 1.0 Author-Name: William L. Dougan Author-X-Name-First: William L. Author-X-Name-Last: Dougan Title: Book Review: Social, Ethical and Policy Implication of Information Technology by Linda Brennan and Victoria Johnson, Information Science Publishing, 2004 Journal: Journal of Information Privacy and Security Pages: 60-62 Issue: 4 Volume: 1 Year: 2005 Month: 10 X-DOI: 10.1080/15536548.2005.10855781 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855781 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:4:p:60-62 Template-Type: ReDIF-Article 1.0 Author-Name: Basu Choton Author-X-Name-First: Basu Author-X-Name-Last: Choton Title: Wide Spectrum of Articles Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 3 Year: 2007 Month: 1 X-DOI: 10.1080/15536548.2007.10855806 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855806 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Steven A. Brown Author-X-Name-First: Steven A. Author-X-Name-Last: Brown Title: A Theoretical Model to Deliver Value in Electronic Commerce Abstract: Organizations are continually looking for new ways to deliver value to their customers. However, many of the traditional ways of delivering value have had limited success. Delivering value over the Internet, or electronic commerce, takes on a whole new set of challenges since customers have to interact with a Web site and have to realize some intrinsic values for shopping in this new medium. This research utilized a qualitative approach methodology to uncover and propose a theoretical model that organizations can use to increase value to their customers. Journal: Journal of Information Privacy and Security Pages: 3-29 Issue: 1 Volume: 3 Year: 2007 Month: 1 X-DOI: 10.1080/15536548.2007.10855807 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855807 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:1:p:3-29 Template-Type: ReDIF-Article 1.0 Author-Name: B. Dawn Medlin Author-X-Name-First: B. Author-X-Name-Last: Dawn Medlin Author-Name: Adriana Romaniello Author-X-Name-First: Adriana Author-X-Name-Last: Romaniello Title: An Investigative Study: Health Care Workers as Security Threat Suppliers Abstract: Employees are generally responsible for activities that occur on the computer networks as well as the maintenance of confidential patient and administrative records on most health care information systems (HISs). Employees’ passwords are among the first in the line of defense against system intrusions. The purpose of this paper is twofold. First, we address the security threats and consequences of employee’s password choices; second we investigate health care workers passwords in relationship to their safety. Results of this study indicated that the majority of passwords created by employees have significant security problems and could allow for severe damage to the information system. The study should indicate to health care organizations the need for a comprehensive and continuous security training program. Journal: Journal of Information Privacy and Security Pages: 30-46 Issue: 1 Volume: 3 Year: 2007 Month: 1 X-DOI: 10.1080/15536548.2007.10855808 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855808 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:1:p:30-46 Template-Type: ReDIF-Article 1.0 Author-Name: Udaya S. Kumar Author-X-Name-First: Udaya S. Author-X-Name-Last: Kumar Author-Name: V.U.K. Sastry Author-X-Name-First: V.U.K. Author-X-Name-Last: Sastry Author-Name: Vinaya A. Babu Author-X-Name-First: Vinaya A. Author-X-Name-Last: Babu Title: A Block Cipher Based Upon Permutation, Substitution and Iteration Abstract: In this paper, we have developed a block cipher by using the elements of cryptography, namely, permutation, substitution, and iteration. These three ideas cause confusion and diffusion effectively. In this, the plain text is represented as a matrix 28x7 in size containing binary bits. We selected a key containing twenty-eight decimal numbers and represented it as a matrix containing binary bits. The cryptanalysis carried out in this paper clearly indicates that the cipher cannot be broken by any cryptanalytic attack. Journal: Journal of Information Privacy and Security Pages: 47-62 Issue: 1 Volume: 3 Year: 2007 Month: 1 X-DOI: 10.1080/15536548.2007.10855809 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855809 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:1:p:47-62 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Hemadri Gurramkonda Director, Centrica Informatics Journal: Journal of Information Privacy and Security Pages: 63-64 Issue: 1 Volume: 3 Year: 2007 Month: 1 X-DOI: 10.1080/15536548.2007.10855810 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855810 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:1:p:63-64 Template-Type: ReDIF-Article 1.0 Author-Name: Jack Balkin Author-X-Name-First: Jack Author-X-Name-Last: Balkin Author-Name: James Grimmelmann Author-X-Name-First: James Author-X-Name-Last: Grimmelmann Author-Name: Eddan Katz Author-X-Name-First: Eddan Author-X-Name-Last: Katz Author-Name: Nimrod Kozlovski Author-X-Name-First: Nimrod Author-X-Name-Last: Kozlovski Author-Name: Shlomit Wagman Author-X-Name-First: Shlomit Author-X-Name-Last: Wagman Author-Name: Tal Zarsky Author-X-Name-First: Tal Author-X-Name-Last: Zarsky Author-Name: John Chenoweth Author-X-Name-First: John Author-X-Name-Last: Chenoweth Title: Cybercrime: Digital Cops in a Networked Environment Journal: Journal of Information Privacy and Security Pages: 65-66 Issue: 1 Volume: 3 Year: 2007 Month: 1 X-DOI: 10.1080/15536548.2007.10855811 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855811 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:1:p:65-66 Template-Type: ReDIF-Article 1.0 Author-Name: Wingyan Chung Author-X-Name-First: Wingyan Author-X-Name-Last: Chung Title: Social media analytics: Security and privacy issues Journal: Journal of Information Privacy and Security Pages: 105-106 Issue: 3 Volume: 12 Year: 2016 Month: 7 X-DOI: 10.1080/15536548.2016.1213994 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1213994 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:3:p:105-106 Template-Type: ReDIF-Article 1.0 Author-Name: Wingyan Chung Author-X-Name-First: Wingyan Author-X-Name-Last: Chung Title: A simulation-based approach to predicting influence in social media communities: A case of U.S. border security Abstract: Predicting influence in social media (SM) communities has a strong implication for cybersecurity and public policy setting. However, the rapidly growing volume and large variety of SM have made the prediction difficult. Unfortunately, research that combines the power of simulation, SM networks, and SM community features to predict influence is not widely available. In this research, we developed and validated a simulation-based approach to predicting influence in SM communities. The approach uses a power-law distribution to simulate user interaction and leverages statistical distributions to model SM posting and to predict influence of opinion leaders. We applied the approach to analyzing 1,323,940 messages posted by 380,498 users on Twitter about the U.S. border security and immigration issues. Three models for predicting behavioral responses were developed based on exponential distribution, Weibull distribution, and gamma distribution. Evaluation results show that the simulation-based approach accurately modeled real-world SM community behavior. The gamma model achieved the best prediction performance; the Weibull model ranked second; and the exponential model had a significantly lower performance. The research should contribute to developing a simulation-based approach to characterizing SM community behavior, implementing new models for SM behavior prediction, providing new empirical findings for understanding U.S. border security SM community behavior, and offering insights to SM-based cybersecurity. Journal: Journal of Information Privacy and Security Pages: 107-122 Issue: 3 Volume: 12 Year: 2016 Month: 7 X-DOI: 10.1080/15536548.2016.1206758 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1206758 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:3:p:107-122 Template-Type: ReDIF-Article 1.0 Author-Name: Zhan Liu Author-X-Name-First: Zhan Author-X-Name-Last: Liu Author-Name: Jialu Shan Author-X-Name-First: Jialu Author-X-Name-Last: Shan Author-Name: Yves Pigneur Author-X-Name-First: Yves Author-X-Name-Last: Pigneur Title: The role of personalized services and control: An empirical evaluation of privacy calculus and technology acceptance model in the mobile context Abstract: The past few years have witnessed an explosive growth in the use of smartphones. Such widespread use brings with it concerns over the protection of privacy. Building upon existing privacy concern literature, this study has developed a theoretical framework that combines a privacy calculus model with a technology acceptance model (TAM) in the mobile application context. Also examined is the role of personalized services and users’ perceived information control in this domain. Based on a study of 308 participants, the results reveal that perceived enjoyment has replaced perceived ease-of-use as a main predictor of perceived behavioral intentions in a mobile TAM. The findings also show that personalized services and users’ perceived information control have a strong effect on both privacy calculus and mobile TAM. Journal: Journal of Information Privacy and Security Pages: 123-144 Issue: 3 Volume: 12 Year: 2016 Month: 7 X-DOI: 10.1080/15536548.2016.1206757 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1206757 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:3:p:123-144 Template-Type: ReDIF-Article 1.0 Author-Name: Julian M. Montaquila Author-X-Name-First: Julian M. Author-X-Name-Last: Montaquila Author-Name: Cierra N. Godwin Author-X-Name-First: Cierra N. Author-X-Name-Last: Godwin Title: Personnel security and open source intelligence: Employing social media analytics in pre-employment screening and selection Abstract: Inarguably, social networking sites have become immensely popular. The proliferation of the type and number of social media venues are well exceeded by the quantity of data they produce. Moreover, these sites engender collateral information previously unavailable to personnel security professionals. While a recent literature review suggests this data is increasingly used in background investigations, its analysis appears devoid of any standardized protocol. The absence of any uniform procedure appears confirmed via a recent review of background investigation manuals from state peace officer accreditation organizations. As a result, specific resources, techniques, and case examples are discussed, and the federal security clearance process is provided as a recommended protocol for investigators. Journal: Journal of Information Privacy and Security Pages: 145-159 Issue: 3 Volume: 12 Year: 2016 Month: 7 X-DOI: 10.1080/15536548.2016.1213997 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1213997 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:3:p:145-159 Template-Type: ReDIF-Article 1.0 Author-Name: Edgar Gutierrez-Franco Author-X-Name-First: Edgar Author-X-Name-Last: Gutierrez-Franco Author-Name: Mario Marin Author-X-Name-First: Mario Author-X-Name-Last: Marin Author-Name: Luis Rabelo Author-X-Name-First: Luis Author-X-Name-Last: Rabelo Author-Name: John Pastrana Author-X-Name-First: John Author-X-Name-Last: Pastrana Title: Proceedings of The 2015 NSF Workshop on Curricular Development for Computing in Context Journal: Journal of Information Privacy and Security Pages: 160-163 Issue: 3 Volume: 12 Year: 2016 Month: 7 X-DOI: 10.1080/15536548.2016.1214012 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1214012 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:3:p:160-163 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: IT Security Perceptions & Tools Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 2 Volume: 5 Year: 2009 Month: 4 X-DOI: 10.1080/15536548.2009.10855860 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855860 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:2:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Dhiyab Al Abri Author-X-Name-First: Dhiyab Al Author-X-Name-Last: Abri Author-Name: Tanya McGill Author-X-Name-First: Tanya Author-X-Name-Last: McGill Author-Name: Michael Dixon Author-X-Name-First: Michael Author-X-Name-Last: Dixon Title: Examining the Impact of E-privacy Risk Concerns on Citizens’ Intentions to Use E-government Services: An Oman Perspective Abstract: The risks associated with online transactions influencing the use of e-services and e-government services include e-privacy concerns. This study has examined the impact of e-privacy risk concerns on the acceptance of e-government services in Oman using an integrated model. The model is based on Liu, Marchewka, Lu, and Yu’s (2005) privacy-trust-behavioral intention model, the broader technology acceptance literature, and recent work on e-privacy awareness and protection. Data was collected by questionnaire from Omani citizens. The model was then tested using PLS. The study found that e-privacy risk concerns and perceptions of the protection available against risks influence citizens’ intentions to use e-government services via their influence on the perceived trustworthiness of these services. Thus trustworthiness is a factor that could be an obstacle to successful e-government services project implementation. Journal: Journal of Information Privacy and Security Pages: 3-26 Issue: 2 Volume: 5 Year: 2009 Month: 4 X-DOI: 10.1080/15536548.2009.10855861 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855861 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:2:p:3-26 Template-Type: ReDIF-Article 1.0 Author-Name: Wm. Arthur Conklin Author-X-Name-First: Wm. Arthur Author-X-Name-Last: Conklin Author-Name: Alexander McLeod Author-X-Name-First: Alexander Author-X-Name-Last: McLeod Title: Introducing the Information Technology Security Essential Body of Knowledge Framework Abstract: The National Strategy to Secure Cyberspace spurred the development of the Essential Body of Knowledge (EBK) for Information Technology Security. The key feature of this security tool is its ability to act as a framework for analyzing institutional security training needs and managing security workforce development. This is accomplished through a series of steps that map security personnel roles, competency areas, and functional perspectives to an industry accepted matrix of organizational security needs. By capturing the human resource and functional elements of security, the EBK acts as a distillation of best practice, laid out in generic form ready for implementation across a wide spectrum of organizations. This paper introduces the EBK, explains its form and content, and demonstrates how to transition from the generic framework to functional model that is useful in determining organizational security structure and helpful for managing security personnel training and future security needs. Journal: Journal of Information Privacy and Security Pages: 27-41 Issue: 2 Volume: 5 Year: 2009 Month: 4 X-DOI: 10.1080/15536548.2009.10855862 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855862 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:2:p:27-41 Template-Type: ReDIF-Article 1.0 Author-Name: Zaiyong Tang Author-X-Name-First: Zaiyong Author-X-Name-Last: Tang Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Author-Name: Anurag Jain Author-X-Name-First: Anurag Author-X-Name-Last: Jain Title: Explorative Assessment of Internet Hacking: An Agent-Based Modeling Approach Abstract: Internet hacking is fast becoming a significant threat not only to businesses, but government entities, online communities, and individual Internet users as well. We have built an agent-based model (ABM) to study the dynamics of Internet hacking. Several factors that impact the adoption of Internet hacking are evaluated. Through ABM simulations we explore the interactions of various types of Internet users along with their hacking propensity and the resulting hacking trends. The simulations point to several interesting outcomes. For instance, the hacking trend is greatly affected by the quantum of law enforcement and by the influence of hackers on normal users. On the other hand, the number of initial hackers and the degree of interaction do not appear to be significant factors. In addition, the results of the simulation illustrate the impact of the mass media and of “hacking websites” on Internet hacking trends. Journal: Journal of Information Privacy and Security Pages: 42-64 Issue: 2 Volume: 5 Year: 2009 Month: 4 X-DOI: 10.1080/15536548.2009.10855863 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855863 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:2:p:42-64 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Ravi Pakala Manager, FIS (Fidelity National Information Systems) Journal: Journal of Information Privacy and Security Pages: 65-66 Issue: 2 Volume: 5 Year: 2009 Month: 4 X-DOI: 10.1080/15536548.2009.10855864 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855864 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:2:p:65-66 Template-Type: ReDIF-Article 1.0 Author-Name: L. Roger Yin Author-X-Name-First: L. Roger Author-X-Name-Last: Yin Title: The Big Switch: Rewiring the World, from Edison to Google Journal: Journal of Information Privacy and Security Pages: 67-68 Issue: 2 Volume: 5 Year: 2009 Month: 4 X-DOI: 10.1080/15536548.2009.10855865 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855865 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:2:p:67-68 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 2 Volume: 9 Year: 2013 Month: 4 X-DOI: 10.1080/15536548.2013.10845675 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845675 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:2:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Joseph H. Schuessler Author-X-Name-First: Joseph H. Author-X-Name-Last: Schuessler Title: Contemporary Threats Countermeasuresi Abstract: Information Systems Security (ISS) is of major concern to not only network administrators, but also for managers of organizations for a variety of reasons including: the need for organizations to comply with various regulatory agencies, the reliance on information systems to provide the organizational backbone to the organization, and rising operational dependence on ecommerce to conduct daily business activities. These aspects create challenges for network managers who are tasked with balancing the needs of stakeholders with protection of sensitive information and valuable hardware. Despite ISS being largely a managerial issue, managerial concern for ISS is inadequate, evidenced by its consistently low ranking as a key issue in information systems management surveys.This research seeks to examine the current state of threats faced by organizations and the countermeasures they employ by examining prior research on the subject and comparing the results of that research to interview responses from “experts” in positions that required both a technical and managerial understanding of the threats and countermeasures faced and used respectively. Results suggest that, based on interview responses from experts, both threats and countermeasure responses have changed over time. Interpretation of the results will help systems administrators and network managers better understand modern threats and point towards potential remedies to mitigate the risk generated by such threats. Journal: Journal of Information Privacy and Security Pages: 3-20 Issue: 2 Volume: 9 Year: 2013 Month: 4 X-DOI: 10.1080/15536548.2013.10845676 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845676 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:2:p:3-20 Template-Type: ReDIF-Article 1.0 Author-Name: Ammar Alazab Author-X-Name-First: Ammar Author-X-Name-Last: Alazab Author-Name: Jemal Abawajy Author-X-Name-First: Jemal Author-X-Name-Last: Abawajy Author-Name: Michael Hobbs Author-X-Name-First: Michael Author-X-Name-Last: Hobbs Author-Name: Ansam Khraisat Author-X-Name-First: Ansam Author-X-Name-Last: Khraisat Title: Crime Toolkits: The Current Threats to Web Applications Abstract: Increasingly, web applications are being developed over the Internet. Securing these web applications is becoming important as they hold critical security features. However, cybercriminals are becoming smarter by developing a crime toolkit, and employing sophisticated techniques to evade detection. These crime toolkits can be used by any person to target Internet users.In this paper, we explore the techniques used in crime toolkits. We present a current state-of-the-art analysis of crime toolkits and focus on attacks against web applications. The crime toolkit techniques are compared with the vulnerability of web applications to help reveal particular behavior such as popular web application vulnerabilities that malicious writers prefer. In addition, we outline the existing protection mechanism, and observe that the possibility for damage is rising, particularly as specialization and scale increase in cybercrime. Journal: Journal of Information Privacy and Security Pages: 21-39 Issue: 2 Volume: 9 Year: 2013 Month: 4 X-DOI: 10.1080/15536548.2013.10845677 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845677 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:2:p:21-39 Template-Type: ReDIF-Article 1.0 Author-Name: En Mao Author-X-Name-First: En Author-X-Name-Last: Mao Author-Name: Jing Zhang Author-X-Name-First: Jing Author-X-Name-Last: Zhang Title: The Role of Privacy in the Adoption of Location-Based Services Abstract: Businesses are paying increasing attention to engaging mobile phones users through location-based services (LBS). LBS on mobile phones presents a tremendous opportunity for businesses to market their products and services. However, using LBS may pose privacy concerns for consumers. An understanding of what facilitates consumers to adopt LBS on their mobile phones and how privacy concerns may inhibit their adoption would help marketers promote LBS services more effectively. A research model was developed based on the technology acceptance model. We augmented the model with privacy concerns and emotional reactions to LBS. Specifically, we investigated whether and how perceived usefulness, ease of use, affective values, and privacy concerns influence consumers' behavioral intentions to adopt LBS and to spread positive word-of-mouth about LBS. Based on data collected from an online survey of 176 potential LBS adopters, we tested the research model using structural equation modeling. The results suggest that perceived usefulness, affective values, and privacy concerns have significant impacts on LBS adoption intentions, whereas only perceived usefulness and affective values influenced the intentions to spread positive word-of-mouth. Practical and theoretical contributions are discussed. Journal: Journal of Information Privacy and Security Pages: 40-59 Issue: 2 Volume: 9 Year: 2013 Month: 4 X-DOI: 10.1080/15536548.2013.10845678 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845678 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:2:p:40-59 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Expert Opinion Interview with: James Jackson President/COO Slipstream LLC Journal: Journal of Information Privacy and Security Pages: 60-61 Issue: 2 Volume: 9 Year: 2013 Month: 4 X-DOI: 10.1080/15536548.2013.10845679 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845679 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:2:p:60-61 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: Computer Security: Principles and Practice, Second Edition Journal: Journal of Information Privacy and Security Pages: 62-65 Issue: 2 Volume: 9 Year: 2013 Month: 4 X-DOI: 10.1080/15536548.2013.10845680 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845680 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:2:p:62-65 Template-Type: ReDIF-Article 1.0 Author-Name: Suvojit Choton Basu Author-X-Name-First: Suvojit Choton Author-X-Name-Last: Basu Title: Election Systems, Financial Risks and the Chinese Firewall Journal: Journal of Information Privacy and Security Pages: 1-3 Issue: 3 Volume: 2 Year: 2006 Month: 7 X-DOI: 10.1080/15536548.2006.10855794 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855794 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:3:p:1-3 Template-Type: ReDIF-Article 1.0 Author-Name: C.H. Cheng Author-X-Name-First: C.H. Author-X-Name-Last: Cheng Author-Name: K.F. Wong Author-X-Name-First: K.F. Author-X-Name-Last: Wong Title: An Analysis of Security Threats of Electronic Election Systems Abstract: Several electronic election systems have recently been proposed to reduce administrative cost, minimize errors, and boost participation. However, many of these systems either totally ignore the relevant security issues or partially deal with these issues. This has hindered the public acceptance of electronic election. In this paper, we will discuss and address these security threats of electronic election. A prototype system is developed to examine some of these security threats Journal: Journal of Information Privacy and Security Pages: 3-24 Issue: 3 Volume: 2 Year: 2006 Month: 7 X-DOI: 10.1080/15536548.2006.10855795 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855795 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:3:p:3-24 Template-Type: ReDIF-Article 1.0 Author-Name: Jorge Marx Gómez Author-X-Name-First: Jorge Marx Author-X-Name-Last: Gómez Author-Name: Stephan Paxmann Author-X-Name-First: Stephan Author-X-Name-Last: Paxmann Title: Online Security Solutions in the Financial Industry based on a Commercial Risk Assessment Matrix Abstract: The selection process for specific Online Security solutions is often based in practice on either technological security requirements or business driven security requests. The prime focus for such a selection however must be based on its optimum risk mitigation factor, which is a combination of multiple risk areas like technology, legal and commercial factors. A combined Risk Assessment Matrix therefore will significantly improve the selection process of a commercially viable security solution, as it will take all risk areas into Account and makes them comparable. The key success factor to such a commercial risk assessment matrix is the combination of the different and often diverging risk mitigations and a standardized approach to their assessments. Journal: Journal of Information Privacy and Security Pages: 21-41 Issue: 3 Volume: 2 Year: 2006 Month: 7 X-DOI: 10.1080/15536548.2006.10855796 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855796 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:3:p:21-41 Template-Type: ReDIF-Article 1.0 Author-Name: Tierney Bensen Author-X-Name-First: Tierney Author-X-Name-Last: Bensen Author-Name: Patrick Henze Author-X-Name-First: Patrick Author-X-Name-Last: Henze Author-Name: Geoff Farnsworth Author-X-Name-First: Geoff Author-X-Name-Last: Farnsworth Title: The Great Chinese Firewall: A Safeguard or Stop Sign? Abstract: There is a new China on the world stage today. This is a China that is no longer isolated from the rest of the world, a China that has experienced economic and technological booms that have it positioned as a key player in the global economy. Despite this new façade, the ways of old China lie just beneath the surface. For behind this economic engine, is a government clinging to tight control over its people and their networks of communication. This two-sided state has set the stage for a collision course where the conflicting philosophies of old and new clash in a struggle for control. In no other realm have the two philosophies crashed together more directly than in the area of technology. The Chinese government has taken a hard stance on Internet usage. Is this stance a safeguard for a country that finds itself in unchartered waters, or is it a stop sign to future economic gains? This paper will attempt to answer this question by looking at China’s historic economic run and the country’s developing relationship with the Internet. Journal: Journal of Information Privacy and Security Pages: 42-61 Issue: 3 Volume: 2 Year: 2006 Month: 7 X-DOI: 10.1080/15536548.2006.10855797 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855797 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:3:p:42-61 Template-Type: ReDIF-Article 1.0 Author-Name: Suvojit Choton Basu Author-X-Name-First: Suvojit Choton Author-X-Name-Last: Basu Title: Sindey Schueler-Platz State Administrator, Kansas Bureau of Investigation Journal: Journal of Information Privacy and Security Pages: 62-64 Issue: 3 Volume: 2 Year: 2006 Month: 7 X-DOI: 10.1080/15536548.2006.10855798 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855798 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:3:p:62-64 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Book Review: Public Information Technolow and E-Governance: Managing e Virtual State Journal: Journal of Information Privacy and Security Pages: 65-67 Issue: 3 Volume: 2 Year: 2006 Month: 7 X-DOI: 10.1080/15536548.2006.10855799 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855799 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:3:p:65-67 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Data Protection and Privacy Issue Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 3 Volume: 4 Year: 2008 Month: 7 X-DOI: 10.1080/2333696X.2008.10855842 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855842 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:3:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: B. Dawn Medlin Author-X-Name-First: B. Author-X-Name-Last: Dawn Medlin Author-Name: Joseph A. Cazier Author-X-Name-First: Joseph A. Author-X-Name-Last: Cazier Author-Name: Robert M. Weaver Author-X-Name-First: Robert M. Author-X-Name-Last: Weaver Title: Consumer’s PCs: A Study of Hard Drive Forensics, Data Recovery, and Exploitation Abstract: In this paper, we explore discarded hard disks that were obtained in second-hand markets and attempted to find the types of personal and sensitive files that still remained. With careful observation and scanning, we found that most of the hard disks were not adequately cleaned, and included a rather large of amount of private and sensitive information that could be used in computer crimes. Between 50,000 and 300,000 files containing identifiable information were found on the fifty-five hard drives studied. The results of this study indicate a need for further training concerning proper hard drive erasure. Journal: Journal of Information Privacy and Security Pages: 3-15 Issue: 3 Volume: 4 Year: 2008 Month: 7 X-DOI: 10.1080/2333696X.2008.10855843 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855843 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:3:p:3-15 Template-Type: ReDIF-Article 1.0 Author-Name: Juan E. Gilbert Author-X-Name-First: Juan E. Author-X-Name-Last: Gilbert Author-Name: Jonathan MacDonald Author-X-Name-First: Jonathan Author-X-Name-Last: MacDonald Author-Name: Raquel Hill Author-X-Name-First: Raquel Author-X-Name-Last: Hill Author-Name: Derek T. Sanders Author-X-Name-First: Derek T. Author-X-Name-Last: Sanders Author-Name: Idongesit Mkpong-Ruffin Author-X-Name-First: Idongesit Author-X-Name-Last: Mkpong-Ruffin Author-Name: E. Vincent Cross Author-X-Name-First: E. Author-X-Name-Last: Vincent Cross Author-Name: Ken Rouse Author-X-Name-First: Ken Author-X-Name-Last: Rouse Author-Name: Jerome McClendon Author-X-Name-First: Jerome Author-X-Name-Last: McClendon Author-Name: Gregory Rogers Author-X-Name-First: Gregory Author-X-Name-Last: Rogers Title: Prime III: Defense-in-Depth Approach to Electronic Voting Abstract: Usability and security are critical issues in electronic voting system development. With these as the main concern, the Prime III electronic voting system implements usability with security such that all eligible voters regardless of their ability or disability to privately and securely vote using the same model of election machines. The Prime III electronic voting system has openly addressed many of the associated problems of usability, by using a multimodal user interface that enables voters to cast their vote by touch and/or voice. The purpose of this article is to examine the security components within Prime III because very little attention has been given to potential solutions to issues in electronic voting. Journal: Journal of Information Privacy and Security Pages: 16-35 Issue: 3 Volume: 4 Year: 2008 Month: 7 X-DOI: 10.1080/2333696X.2008.10855844 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855844 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:3:p:16-35 Template-Type: ReDIF-Article 1.0 Author-Name: Han Li Author-X-Name-First: Han Author-X-Name-Last: Li Author-Name: Rathindra Sarathy Author-X-Name-First: Rathindra Author-X-Name-Last: Sarathy Author-Name: Jie Zhang Author-X-Name-First: Jie Author-X-Name-Last: Zhang Title: The Role of Emotions in Shaping Consumers’ Privacy Beliefs about Unfamiliar Online Vendors Abstract: The study of information privacy in e-commerce is still in its infancy. Current studies attempting to explain online consumers’ privacy-related behavior based on their general concerns for privacy, have had mixed results. In this study, based on the Theory of Reasoned Action, we assert that to better explain privacy-related behavior it is necessary to focus on perceived privacy protection (privacy belief) specific to an online vendor, when the vendor is unfamiliar to the user. This privacy belief is formed as a result of emotional responses to the consumer’s interaction with the vendor’s Web site (often for a short period of time). In turn, this belief along with emotions can have a significant impact on the decision to give personal information necessary to make the purchase. Thus, online vendors who rely largely on unfamiliar, first-time customers have to pay attention to consumers’ emotional responses to their Web site or risk losing them. Journal: Journal of Information Privacy and Security Pages: 36-62 Issue: 3 Volume: 4 Year: 2008 Month: 7 X-DOI: 10.1080/2333696X.2008.10855845 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855845 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:3:p:36-62 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Andrew Colarik, PhD, MBA Information Security Consultant, Speaker, Author, and Inventor Journal: Journal of Information Privacy and Security Pages: 63-65 Issue: 3 Volume: 4 Year: 2008 Month: 7 X-DOI: 10.1080/2333696X.2008.10855846 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855846 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:3:p:63-65 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Born Digital - Understanding the First Generation of Digital Natives Journal: Journal of Information Privacy and Security Pages: 66-67 Issue: 3 Volume: 4 Year: 2008 Month: 7 X-DOI: 10.1080/2333696X.2008.10855847 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855847 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:3:p:66-67 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-3 Issue: 3 Volume: 8 Year: 2012 Month: 7 X-DOI: 10.1080/15536548.2012.10845657 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845657 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:3:p:1-3 Template-Type: ReDIF-Article 1.0 Author-Name: Selwyn Piramuthu Author-X-Name-First: Selwyn Author-X-Name-Last: Piramuthu Title: Passive Enumeration of Secret Information in LMAP and M2 AP RFID Authentication Protocols Abstract: As RFID tags gain popularity for everyday use, issues related to privacy and security of RFID-tagged objects become important. However, the memory and processing power constraints in low-cost RFID tags make securing these tags difficult, if not impossible. Light-weight protocols have been proposed to address this issue. Li and Wang (2007) report security vulnerabilities in two recently proposed ultra-lightweight RFID mutual authentication protocols - LMAP and M2 AP. Fairly similar in structure, these two protocols use ⊕, ∧, ∨, and sum mod m operations. We use m = 2 in sum mod m operation which is realistic in low-cost tags and, using a passive observer adversary, enumerate the entire set of secret information in two consecutive rounds of authentication. Journal: Journal of Information Privacy and Security Pages: 4-14 Issue: 3 Volume: 8 Year: 2012 Month: 7 X-DOI: 10.1080/15536548.2012.10845658 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845658 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:3:p:4-14 Template-Type: ReDIF-Article 1.0 Author-Name: Lixuan Zhang Author-X-Name-First: Lixuan Author-X-Name-Last: Zhang Author-Name: Clinton Amos Author-X-Name-First: Clinton Author-X-Name-Last: Amos Title: A Model of End Users' Web Threats Information Processing Abstract: Many threats have appeared with an increasingly sophisticated web platform. To cope with these threats, end users have to gather and process relevant information. There are two modes of information processing: systematic processing and heuristic processing. Using the heuristic-systematic model, the study shows the influence of involvement and information insufficiency on the processing mode. The study finds that high involvement is positively related to systematic processing, while low involvement is negatively related to heuristic processing. Information insufficiency has a significant negative relationship with heuristic processing but no significant relationship is found between information insufficiency and systematic processing. The study also shows that systematic processing has a positive relationship with the intention of following recommended protective actions while heuristic processing has a negative relationship with this intention. The results shed light on the role of processing mode related to web threat information. Journal: Journal of Information Privacy and Security Pages: 15-36 Issue: 3 Volume: 8 Year: 2012 Month: 7 X-DOI: 10.1080/15536548.2012.10845659 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845659 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:3:p:15-36 Template-Type: ReDIF-Article 1.0 Author-Name: Roger Blake Author-X-Name-First: Roger Author-X-Name-Last: Blake Author-Name: Ramakrishna Ayyagari Author-X-Name-First: Ramakrishna Author-X-Name-Last: Ayyagari Title: Analyzing Information Systems Security Research to Find Key Topics, Trends, and Opportunities Abstract: What are the key topics for Information Systems (IS) security researchers? How have these topics been changing, and what topics are emerging to offer new opportunities for research? We address these questions by analyzing the abstracts of 261 articles focusing on IS security that have appeared in leading IS journals and journals devoted to this area. Using Latent Semantic Analysis (LSA) to analyze the text of these abstracts uncovers five primary research topics: Security Design & Management, Business Operations Security, Behavioral Aspects, Authentication & Integrity Controls, and Prevention & Detection. These five primary topics are aggregates of more granular topics that are utilized to find trends to understand the changing complexion of IS security research. Our study contributes by developing the key topics and their trends in this area using an analytical and replicable method to synthesize the existing research. Journal: Journal of Information Privacy and Security Pages: 37-67 Issue: 3 Volume: 8 Year: 2012 Month: 7 X-DOI: 10.1080/15536548.2012.10845660 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845660 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:3:p:37-67 Template-Type: ReDIF-Article 1.0 Author-Name: Peeter Kirs Author-X-Name-First: Peeter Author-X-Name-Last: Kirs Title: Expert Opinion Interview with: Jack Vaughn, Technology Implementation Manager (TIM), College of Business Administration, The University of Texas at El Paso Journal: Journal of Information Privacy and Security Pages: 68-71 Issue: 3 Volume: 8 Year: 2012 Month: 7 X-DOI: 10.1080/15536548.2012.10845661 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845661 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:3:p:68-71 Template-Type: ReDIF-Article 1.0 Author-Name: Aurelia Donald Author-X-Name-First: Aurelia Author-X-Name-Last: Donald Title: Business Data Networks and Telecommunications (8th Eds) Journal: Journal of Information Privacy and Security Pages: 72-73 Issue: 3 Volume: 8 Year: 2012 Month: 7 X-DOI: 10.1080/15536548.2012.10845662 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845662 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:3:p:72-73 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Trusting Technology Interaction Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 2 Volume: 3 Year: 2007 Month: 4 X-DOI: 10.1080/15536548.2007.10855812 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855812 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:2:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Nabil Tamimi Author-X-Name-First: Nabil Author-X-Name-Last: Tamimi Author-Name: Rose Sebastianelli Author-X-Name-First: Rose Author-X-Name-Last: Sebastianelli Title: Understanding eTrust Abstract: The aim of this research is to provide a broader understanding of the concept of e-trust as it relates to web site design characteristics. A random sample of US internet shoppers was used, and a survey instrument administered to gauge their perceptions on the importance of e-quality web features. Using principal component factor analysis methods, we analyzed e-trust using three factors reflecting reliability, assurance and credibility. Based on gender, although females generally ranked all three e-trust factors as more important than males did, the assurance factor was significantly more important to females than to males. Assurance was also perceived to be significantly more important to consumers with an annual income of $30,000-$49,999 than those with a higher annual income bracket (i.e., ≥$75,000). Furthermore, our results show that frequent shoppers perceived reliability to be significantly more important than infrequent shoppers did. Additionally, in terms of importance, our findings show that reliability was significantly more important than assurance and credibility. Journal: Journal of Information Privacy and Security Pages: 3-17 Issue: 2 Volume: 3 Year: 2007 Month: 4 X-DOI: 10.1080/15536548.2007.10855813 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855813 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:2:p:3-17 Template-Type: ReDIF-Article 1.0 Author-Name: Xiaoni Zhang Author-X-Name-First: Xiaoni Author-X-Name-Last: Zhang Author-Name: Sakaguchi Toru Author-X-Name-First: Sakaguchi Author-X-Name-Last: Toru Author-Name: Max Kennedy Author-X-Name-First: Max Author-X-Name-Last: Kennedy Title: A Cross-Cultural Analysis of Privacy Notices of the Global 2000 Abstract: To build consumer trust online, many companies place their privacy policies on their websites. Online privacy notices are intended to promote consumer choice and reduce the fear of disclosing information online. The current study examines the leading international companies’ online privacy notices. Particularly, this study examines firms listed on Forbes’ Global 2000 company list and are headquartered in Australia, China and Hong Kong, Japan, the United Kingdom, and the United States and assesses their privacy policy notices. Using the content analysis method, privacy policies on the websites from 125 companies were qualitatively examined and coded along the categories based on the FTC’s privacy principles. Different emphases between countries were found and cultural perspectives were explored. Journal: Journal of Information Privacy and Security Pages: 18-36 Issue: 2 Volume: 3 Year: 2007 Month: 4 X-DOI: 10.1080/15536548.2007.10855814 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855814 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:2:p:18-36 Template-Type: ReDIF-Article 1.0 Author-Name: Ram Dantu Author-X-Name-First: Ram Author-X-Name-Last: Dantu Author-Name: Joao W. Cangussu Author-X-Name-First: Joao W. Author-X-Name-Last: Cangussu Title: An Architecture for Automatic and Adaptive Defense Abstract: Network attacks have become so fast that human mitigation cannot cope with security requirements. In addition, attackers have become smarter by creating attacks which mutate themselves to prevent detection. Therefore, defense mechanisms must be automated to keep up with attack speed and adapted to seek out mutations. An architecture to support this trend in defense mechanisms is proposed here. The architecture is based upon three conceptual pillars. First is the use of a multi-feedback loop control to slow down an attack. Second, machine learning concepts are employed to properly distinguish between normal and abnormal e-attack traffic. And, third, trust and reputation levels are determined through social networks. A case study on the application of the proposed architecture to a worm propagation attack provides the initial evidence of the e-attack and applicability of the approach. Journal: Journal of Information Privacy and Security Pages: 37-58 Issue: 2 Volume: 3 Year: 2007 Month: 4 X-DOI: 10.1080/15536548.2007.10855815 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855815 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:2:p:37-58 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basy Author-X-Name-First: Choton Author-X-Name-Last: Basy Title: Interview with: Peter Zaballos, Vice President Frazier Technology Ventures Seattle, WA http://www.fraziertechnology.com/index.htm Journal: Journal of Information Privacy and Security Pages: 59-60 Issue: 2 Volume: 3 Year: 2007 Month: 4 X-DOI: 10.1080/15536548.2007.10855816 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855816 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:2:p:59-60 Template-Type: ReDIF-Article 1.0 Author-Name: J.J. Luna Author-X-Name-First: J.J. Author-X-Name-Last: Luna Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: How to Be Invisible Journal: Journal of Information Privacy and Security Pages: 61-62 Issue: 2 Volume: 3 Year: 2007 Month: 4 X-DOI: 10.1080/15536548.2007.10855817 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855817 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:2:p:61-62 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Protecting Information Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 5 Year: 2009 Month: 1 X-DOI: 10.1080/15536548.2009.10855854 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855854 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Alice M. Johnson Author-X-Name-First: Alice M. Author-X-Name-Last: Johnson Title: Business and Security Executives Views of Information Security Investment Drivers: Results from a Delphi Study Abstract: A Delphi study used two expert panels of 24 CEOs and 22 security executives to identify and rank factors that motivated organizations to invest in information security. Both panels agreed that legal and regulatory compliances were the most important drivers. However, their different perspectives about other drivers, particularly the extent to which information security provided a competitive advantage, implied that business executives were more likely than security executives to view information security as a cost center rather than a business enabler, thus the author suggested a greater need for technology executives to help business executives better understand how information security investments could provide competitive advantage. In general, the study highlighted the need for more dialogue and information sharing between security executives, who are responsible for designing the organization’s security infrastructure, and business executives who must allocate the funds to support that infrastructure. Journal: Journal of Information Privacy and Security Pages: 3-27 Issue: 1 Volume: 5 Year: 2009 Month: 1 X-DOI: 10.1080/15536548.2009.10855855 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855855 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:1:p:3-27 Template-Type: ReDIF-Article 1.0 Author-Name: June Wei Author-X-Name-First: June Author-X-Name-Last: Wei Author-Name: Ant Ozok Author-X-Name-First: Ant Author-X-Name-Last: Ozok Title: Development of a Mobile Commerce Security Analysis Method Abstract: The objective of this study is to develop a mobile commerce security analysis method for determining mobile commerce security requirements and provide suggestions to m-commerce security system development. Two phases were used to achieve this objective. The first phase developed a Mobile Commerce Security Analysis (MCSA) model. In the second phase, the Mobile Commerce Security Analysis Questionnaire (MCSAQ) was developed from the MCSA model. The MCSAQ is developed to quantitatively measure mobile commerce security attributes in the MCSA model. Data on mobile commerce security attributes for 15 m-commerce tasks were collected using the MCSAQ with subject matter experts. Factor analysis conducted on the survey data resulted in the identification of six mobile commerce security dimensions. The quantification of m-commerce security requirement ratings and possible identification of m-commerce security dimensions would offer potential utility over a range of several practical applications to improve the efficiency of m-commerce security performance. The reliable and valid m-commerce security performance analysis method quantitatively captures broader aspects of m- commerce security performance than previous research. The development of the taxonomy of m-commerce security requirements could provide structure and continuity to many research findings to both the conceptual and practical aspects of m-commerce task performance. Journal: Journal of Information Privacy and Security Pages: 28-48 Issue: 1 Volume: 5 Year: 2009 Month: 1 X-DOI: 10.1080/15536548.2009.10855856 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855856 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:1:p:28-48 Template-Type: ReDIF-Article 1.0 Author-Name: William H. Ross Author-X-Name-First: William H. Author-X-Name-Last: Ross Author-Name: Christopher J. Meyer Author-X-Name-First: Christopher J. Author-X-Name-Last: Meyer Author-Name: Jeng-Chung V. Chen Author-X-Name-First: Jeng-Chung V. Author-X-Name-Last: Chen Author-Name: Paul Keaton Author-X-Name-First: Paul Author-X-Name-Last: Keaton Title: Information Protection at Telecommunications Firms: Human Resource Management Strategies and their Impact on Organizational Justice Abstract: The growth of the wireless telecommunications industry demands increased information security. Because security breaches often involve current employees, Human Resource (HR) departments can play a role in data security. As HR managers integrate information security considerations with strategies involving areas such as selection, training, electronic performance monitoring, and performance appraisal design, they must be mindful of organizational justice considerations. HR strategies designed to enhance data security impact employee beliefs about distributive, procedural, interpersonal, and informational justice; these beliefs must be explicitly considered as such strategies are implemented. A conceptual model is offered to help managers identify key variables as they formulate policies in this area. Journal: Journal of Information Privacy and Security Pages: 49-77 Issue: 1 Volume: 5 Year: 2009 Month: 1 X-DOI: 10.1080/15536548.2009.10855857 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855857 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:1:p:49-77 Template-Type: ReDIF-Article 1.0 Author-Name: Alberta Tai Author-X-Name-First: Alberta Author-X-Name-Last: Tai Author-Name: R. Ayyagari Author-X-Name-First: R. Author-X-Name-Last: Ayyagari Title: Interview with: Anne Scrivener Agee Vice Provost for IT and CIO, University of Massachusetts - Boston On Security and Privacy Issues facing the University Abstract: Journal: Journal of Information Privacy and Security Pages: 78-80 Issue: 1 Volume: 5 Year: 2009 Month: 1 X-DOI: 10.1080/15536548.2009.10855858 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855858 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:1:p:78-80 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Online Consumer Protection: Theories of Human Relativism Journal: Journal of Information Privacy and Security Pages: 81-82 Issue: 1 Volume: 5 Year: 2009 Month: 1 X-DOI: 10.1080/15536548.2009.10855859 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855859 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:1:p:81-82 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Privacy protection and adding security strength Journal: Journal of Information Privacy and Security Pages: 103-103 Issue: 3 Volume: 13 Year: 2017 Month: 7 X-DOI: 10.1080/15536548.2017.1357381 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1357381 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:3:p:103-103 Template-Type: ReDIF-Article 1.0 Author-Name: Xiaoyun He Author-X-Name-First: Xiaoyun Author-X-Name-Last: He Author-Name: Haibing Lu Author-X-Name-First: Haibing Author-X-Name-Last: Lu Title: Detecting and preventing inference attacks in online social networks: A data-driven and holistic framework Abstract: With increasing user involvement, social networks nowadays serve as a repository of all kinds of information. While there have been various studies demonstrating that private information can be inferred from social networks, few have taken a holistic view on designing mechanisms to detect and alleviate the inference attacks. In this study, we present a framework that leverages the social network data and data mining techniques to proactively detect and prevent possible inference attacks against users. A novel method is proposed to minimize the modifications to user profiles in order to prevent inference attacks while preserving the utility. Journal: Journal of Information Privacy and Security Pages: 104-119 Issue: 3 Volume: 13 Year: 2017 Month: 7 X-DOI: 10.1080/15536548.2017.1357383 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1357383 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:3:p:104-119 Template-Type: ReDIF-Article 1.0 Author-Name: Ziyue Huang Author-X-Name-First: Ziyue Author-X-Name-Last: Huang Author-Name: Prashant Palvia Author-X-Name-First: Prashant Author-X-Name-Last: Palvia Title: Invasion of privacy by smart meters: An analysis of consumer concerns Abstract: While smart meters offer an innovative way to solve energy problems, they have also brought concerns regarding consumer privacy. In this study, we develop an instrument to measure the consumers’ concerns for information privacy (CFIP) in adopting smart meters, and propose a conceptual model to examine the relationship between privacy concerns, trusting beliefs, risk beliefs, and intention to adopt smart meters. Using both focus group study and survey methods, we show that CFIP can be measured by three dimensions: collection, secondary use, and improper access, and that the effect of CFIP on behavioral intention is fully mediated by risk beliefs. Journal: Journal of Information Privacy and Security Pages: 120-136 Issue: 3 Volume: 13 Year: 2017 Month: 7 X-DOI: 10.1080/15536548.2017.1357385 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1357385 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:3:p:120-136 Template-Type: ReDIF-Article 1.0 Author-Name: Randall J. Boyle Author-X-Name-First: Randall J. Author-X-Name-Last: Boyle Author-Name: Chandrashekar D. Challa Author-X-Name-First: Chandrashekar D. Author-X-Name-Last: Challa Author-Name: Jeffrey A. Clements Author-X-Name-First: Jeffrey A. Author-X-Name-Last: Clements Title: Valuing Information Security: A Look at the Influence of User Engagement on Information Security Strength Abstract: This study looks at the influence of user engagement on users’ information security practices. A model describing how user engagement (user posts) may influence a person’s decision to employ better security measures (stronger passwords) is tested. Password strength was determined by looking at password length, the types of characters used, the variety of character sequences used, the number of duplicate passwords, and the number of uncrackable passwords. Passwords were tested using a variety of cracking techniques. This study found that individuals from an online gaming site who made more posts to the user forum employed stronger passwords. Journal: Journal of Information Privacy and Security Pages: 137-156 Issue: 3 Volume: 13 Year: 2017 Month: 7 X-DOI: 10.1080/15536548.2017.1357387 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1357387 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:3:p:137-156 Template-Type: ReDIF-Article 1.0 Author-Name: Faruk Arslan Author-X-Name-First: Faruk Author-X-Name-Last: Arslan Title: Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy, by Cathy O’Neil Journal: Journal of Information Privacy and Security Pages: 157-159 Issue: 3 Volume: 13 Year: 2017 Month: 7 X-DOI: 10.1080/15536548.2017.1357388 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1357388 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:3:p:157-159 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Security Systems Framework, Security-Related Research, Web Threats Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 4 Volume: 7 Year: 2011 Month: 10 X-DOI: 10.1080/15536548.2011.10855920 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855920 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:4:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Srinarayan Sharma Author-X-Name-First: Srinarayan Author-X-Name-Last: Sharma Author-Name: Vijayan Sugumaran Author-X-Name-First: Vijayan Author-X-Name-Last: Sugumaran Title: A Framework for Enhancing Systems Security Abstract: Security concerns have grown in sync with the growth of ecommerce. This paper presents a framework for analyzing systems security in terms of three dimensions, namely, technology, process, and people. The paper also advocates a systems development life cycle view of security. It describes different activities that need to be carried out throughout the development cycle in order to improve overall systems security. It also discusses the theoretical and practical implications of the study, and identifies future research directions. Journal: Journal of Information Privacy and Security Pages: 3-22 Issue: 4 Volume: 7 Year: 2011 Month: 10 X-DOI: 10.1080/15536548.2011.10855921 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855921 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:4:p:3-22 Template-Type: ReDIF-Article 1.0 Author-Name: Humayun Zafar Author-X-Name-First: Humayun Author-X-Name-Last: Zafar Title: Security Risk Management at a Fortune 500 Firm: A Case Study Abstract: Information security is a naturally intrusive topic that has not been researched to its full extent in IS. Taking note of a previous information security study that failed and lessons learned from it, we successfully carry out a study of our own with some modifications. The purpose of the study was to successfully identify critical success factors for an effective security risk management program at a Fortune 500 firm. In this paper we detail the modified critical success factor method that was used, which we hope will prove beneficial for academic researchers. The study has practical implications in regard to being able to provide a method that corporations may find suitable when a sensitive subject is being investigated. Journal: Journal of Information Privacy and Security Pages: 23-53 Issue: 4 Volume: 7 Year: 2011 Month: 10 X-DOI: 10.1080/15536548.2011.10855922 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855922 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:4:p:23-53 Template-Type: ReDIF-Article 1.0 Author-Name: Gerhard Steinke Author-X-Name-First: Gerhard Author-X-Name-Last: Steinke Author-Name: Emanuel Tundrea Author-X-Name-First: Emanuel Author-X-Name-Last: Tundrea Author-Name: Kenmoro Kelly Author-X-Name-First: Kenmoro Author-X-Name-Last: Kelly Title: Towards an Understanding of Web Application Security Threats and Incidents Abstract: This paper examines a variety of sources that provide web application security vulnerabilities and incident data. In particular, the research tracks the impact of SQL Injection, Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities. A comparison of vulnerability data versus attacks that have actually resulted in data compromises is studied to determine how the type of vulnerabilities relate to actual methods used to steal data. The paper concludes with recommendations for more secure web applications. Journal: Journal of Information Privacy and Security Pages: 54-69 Issue: 4 Volume: 7 Year: 2011 Month: 10 X-DOI: 10.1080/15536548.2011.10855923 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855923 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:4:p:54-69 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Hemadri Naidu Senior Manager at Cap Gemini Sogeti Journal: Journal of Information Privacy and Security Pages: 70-71 Issue: 4 Volume: 7 Year: 2011 Month: 10 X-DOI: 10.1080/15536548.2011.10855924 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855924 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:4:p:70-71 Template-Type: ReDIF-Article 1.0 Author-Name: Pankaj Palvia Author-X-Name-First: Pankaj Author-X-Name-Last: Palvia Title: Security Risk Management: Building and Information Security Risk Journal: Journal of Information Privacy and Security Pages: 72-73 Issue: 4 Volume: 7 Year: 2011 Month: 10 X-DOI: 10.1080/15536548.2011.10855925 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855925 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:4:p:72-73 Template-Type: ReDIF-Article 1.0 Author-Name: Peeter Kirs Author-X-Name-First: Peeter Author-X-Name-Last: Kirs Author-Name: Godwin Udo Author-X-Name-First: Godwin Author-X-Name-Last: Udo Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 9 Year: 2013 Month: 1 X-DOI: 10.1080/15536548.2013.10845669 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845669 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Krishnamurty Muralidhar Author-X-Name-First: Krishnamurty Author-X-Name-Last: Muralidhar Author-Name: Rathindra Sarathy Author-X-Name-First: Rathindra Author-X-Name-Last: Sarathy Title: Interval Responses for Queries on Confidential Attributes: A Security Evaluation Abstract: Dinur and Nissim (2003) show that perturbed responses to queries on confidential data that provide a fixed guarantee on the quality of the response, are subject to privacy compromise. In this study, we investigate the impact of the Dinur-Nissim results for masking mechanisms that provide interval responses to queries. Our results indicate that when the width of the interval response is related to the magnitude of the query response, privacy compromise is even more likely than the fixed guarantee situation addressed in Dinur-Nissim. Journal: Journal of Information Privacy and Security Pages: 3-16 Issue: 1 Volume: 9 Year: 2013 Month: 1 X-DOI: 10.1080/15536548.2013.10845670 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845670 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:1:p:3-16 Template-Type: ReDIF-Article 1.0 Author-Name: Srikanth Parameswaran Author-X-Name-First: Srikanth Author-X-Name-Last: Parameswaran Author-Name: Srikanth Venkatesan Author-X-Name-First: Srikanth Author-X-Name-Last: Venkatesan Author-Name: Manish Gupta Author-X-Name-First: Manish Author-X-Name-Last: Gupta Title: Cloud Computing Security Announcements: Assessment of Investors' Reaction Abstract: Security and availability risks have become one of the biggest challenges for firms that are transitioning into the cloud and for firms offering the cloud services as well. Security issues have gained prominence in recent years due to the unprecedented growth in Cloud computing service offerings and their adoption. An event of a security breach may impact investors' perceptions of a firm's value. In fact, prior studies have shown that information security breaches and countermeasures have a significant impact on the firm's stock price. Thus, publicly announcing breach and countermeasures is one way by which firms manage these issues related to cloud security. The focus of this paper is to use event study methodology to investigate how cloud security breach and countermeasures announcements affect the firm and its competitor's stock price. Our research shows that cloud security breach announcements have significant negative impact on the firms and its competitor's stock value. Surprisingly, cloud security countermeasure announcements have significant negative impact on the firm and the competitor's stock value. Journal: Journal of Information Privacy and Security Pages: 17-46 Issue: 1 Volume: 9 Year: 2013 Month: 1 X-DOI: 10.1080/15536548.2013.10845671 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845671 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:1:p:17-46 Template-Type: ReDIF-Article 1.0 Author-Name: Peter Meso Author-X-Name-First: Peter Author-X-Name-Last: Meso Author-Name: Yi Ding Author-X-Name-First: Yi Author-X-Name-Last: Ding Author-Name: Shuting Xu Author-X-Name-First: Shuting Author-X-Name-Last: Xu Title: Applying Protection Motivation Theory to Information Security Training for College Students Abstract: As Internet and Web technologies have been used in different fields by various organizations, cyber security has become a significant public concern for the society as a whole. There is a broad consensus on the need for broader and better training and education of the current and future workforce to be able to effectively deal with present, emergent and future cyber security challenges. However, cyber-security education tends to be constrained to computer and information science degree programs. Further, the courses within these programs tend to be offered via conventional instructional mechanisms that entail limited Hands-on learning experiences due to the difficulty, cost, and potential risks of setting up real world like Hands-on security training environments, which are often network-based. Considering cyber security education is a necessary need across all disciplines and majors, we have been undertaking a research project at a public college to (a) construct a model to study the influence of knowledge from lectures and Hands-on experience on security behavior using protection motivation theory (b) develop a series of laboratory based Information Security education modules as easy to tailor and scalable pedagogic tools for helping undergraduate students to comprehend information security at different levels, and (c) test the impact of these modules on students' post-training personal cyber security behavior. Our aim is to identify if indeed students do apply what they learn to confidently and intelligently address personal cyber security challenges, after they have completed these course modules. In this paper, we report (a) our theoretical model (b) the design of security pedagogy modules and, (c) the preliminary findings upon testing and surveying students' post-training knowledge and post-training behavior concerning the security topics covered in the training modules. Journal: Journal of Information Privacy and Security Pages: 47-67 Issue: 1 Volume: 9 Year: 2013 Month: 1 X-DOI: 10.1080/15536548.2013.10845672 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845672 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:1:p:47-67 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Expert Opinion Interview with: Satish Kumar Nampally, Senior Manager, Cognizant Technology Solutions Journal: Journal of Information Privacy and Security Pages: 68-69 Issue: 1 Volume: 9 Year: 2013 Month: 1 X-DOI: 10.1080/15536548.2013.10845673 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845673 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:1:p:68-69 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: Principles of Computer Security: CompTIA Security+™ Journal: Journal of Information Privacy and Security Pages: 70-72 Issue: 1 Volume: 9 Year: 2013 Month: 1 X-DOI: 10.1080/15536548.2013.10845674 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845674 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:1:p:70-72 Template-Type: ReDIF-Article 1.0 Author-Name: Changchit Chuleeporn Author-X-Name-First: Changchit Author-X-Name-Last: Chuleeporn Title: Threat, Authentication, and Privacy Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 2 Volume: 4 Year: 2008 Month: 4 X-DOI: 10.1080/2333696X.2008.10855836 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855836 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:2:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Sindre Guttorm Author-X-Name-First: Sindre Author-X-Name-Last: Guttorm Author-Name: Opdahl Andreas L. Author-X-Name-First: Opdahl Author-X-Name-Last: Andreas L. Title: Misuse Cases for Identifying System Dependability Threats Abstract: Misuse case analysis is a technique for early elicitation of security-related threats and requirements to planned information systems. Since the technique was first proposed in 2000, there have been many follow-up contributions both by the originators, their students and by other researchers. These contributions have focused partly on extensions and adaptations of the technique, and partly on empirical evaluations of its applicability. In this paper we review the work that has been done on misuse cases so far and point to future directions. In addition to the systematic review of previous work, this paper looks into the possibility of applying misuse cases for other dependability factors in addition to security and safety, providing examples where misuse cases are applied for availability, reliability, and robustness. Journal: Journal of Information Privacy and Security Pages: 3-22 Issue: 2 Volume: 4 Year: 2008 Month: 4 X-DOI: 10.1080/2333696X.2008.10855837 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855837 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:2:p:3-22 Template-Type: ReDIF-Article 1.0 Author-Name: Adams Carl Author-X-Name-First: Adams Author-X-Name-Last: Carl Author-Name: Dimitriou Alexandros Author-X-Name-First: Dimitriou Author-X-Name-Last: Alexandros Title: A Two-Phase Authentication Protocol Using the Cell Phone as a Token Abstract: In a climate where personal information is ’freely available’, such as through the internet and via social networking sites, information based authentication systems have inherent weaknesses: Individuals are leaving a rich information footprint’ which is easily accessible to others, and so reducing the currency of private information for authentication purposes. Biometric approaches are expensive and lack user acceptance. Token based authentication offers practical alternatives to increase levels of security for remote access and online transactions. This paper extends an existing token mechanism for authentication using mobile/cell phones and presents a novel protocol to address some of the existing limitations and provide wider applicability. The paper hopes to contribute to theory by bringing an information richness perspective on authentication and, contribute to security practice by providing a route to increased security based on the ubiquitous mobile/cell phone and software tokens. Journal: Journal of Information Privacy and Security Pages: 23-39 Issue: 2 Volume: 4 Year: 2008 Month: 4 X-DOI: 10.1080/2333696X.2008.10855838 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855838 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:2:p:23-39 Template-Type: ReDIF-Article 1.0 Author-Name: Rajavel Maheswari Author-X-Name-First: Rajavel Author-X-Name-Last: Maheswari Author-Name: Karuppuswamy Duraiswamy Author-X-Name-First: Karuppuswamy Author-X-Name-Last: Duraiswamy Title: SVDC: Preserving Privacy in Clustering using Singular Value Decomposition Abstract: Protecting privacy from unauthorized access is one of the primary concerns in data use, from national security to business transactions. It creates a new branch of data mining known as Privacy Preserving Data Mining (PPDM). Privacy-Preserving is a major concern in the application of data mining techniques to datasets containing personal, sensitive, or confidential information. Data distortion is a critical component to preserve privacy in security-related data mining applications; we propose a Singular Value Decomposition (SVD) method for data distortion. We focus primarily on privacy preserving data clustering. Our proposed method, Singular Value Decomposition Clustering (SVDC) distorts only confidential numerical attributes to meet privacy requirements, while preserving general features for clustering analysis. Journal: Journal of Information Privacy and Security Pages: 40-54 Issue: 2 Volume: 4 Year: 2008 Month: 4 X-DOI: 10.1080/2333696X.2008.10855839 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855839 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:2:p:40-54 Template-Type: ReDIF-Article 1.0 Author-Name: Valrie Chambers Author-X-Name-First: Valrie Author-X-Name-Last: Chambers Title: Interview with: Alan T. Lord, Ernst and Young Professor of Accounting and Director Fulbright Scholar, Master of Accountancy Program, Bowling Green State University, Bowling Green Ohio Journal: Journal of Information Privacy and Security Pages: 55-61 Issue: 2 Volume: 4 Year: 2008 Month: 4 X-DOI: 10.1080/2333696X.2008.10855840 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855840 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:2:p:55-61 Template-Type: ReDIF-Article 1.0 Author-Name: Tim Klaus Author-X-Name-First: Tim Author-X-Name-Last: Klaus Title: Security Metrics - Replacing Fear, Uncertainty, and Doubt Journal: Journal of Information Privacy and Security Pages: 62-63 Issue: 2 Volume: 4 Year: 2008 Month: 4 X-DOI: 10.1080/2333696X.2008.10855841 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855841 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:2:p:62-63 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 2 Volume: 8 Year: 2012 Month: 4 X-DOI: 10.1080/15536548.2012.10845651 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845651 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:2:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Han Li Author-X-Name-First: Han Author-X-Name-Last: Li Author-Name: Krishnamurty Muralidhar Author-X-Name-First: Krishnamurty Author-X-Name-Last: Muralidhar Author-Name: Rathindra Sarathy Author-X-Name-First: Rathindra Author-X-Name-Last: Sarathy Title: The Effectiveness of Data Shuffling for Privacy-Preserving Data Mining Applications Abstract: Preserving the confidentiality of sensitive data, while permitting knowledge discovery, is an important goal in privacy-preserving data mining. This paper investigates the effectiveness of data shuffling for classification tree and regression analysis. We compare the effectiveness of data shuffling to the tree based data perturbation method which was developed specifically for the purpose of data mining. Results suggest that data shuffling provides the higher levels of data security and more effectively preserves data mining knowledge than tree based data perturbation method. Journal: Journal of Information Privacy and Security Pages: 3-17 Issue: 2 Volume: 8 Year: 2012 Month: 4 X-DOI: 10.1080/15536548.2012.10845652 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845652 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:2:p:3-17 Template-Type: ReDIF-Article 1.0 Author-Name: Qinghai Gao Author-X-Name-First: Qinghai Author-X-Name-Last: Gao Author-Name: Kamal Shahrabi Author-X-Name-First: Kamal Author-X-Name-Last: Shahrabi Title: Using PRNG Generated Templates to Protect Fingerprint Database Abstract: Fingerprint databases are widely used in background/criminal investigation and physical access control. However, the security mechanisms protecting these databases are often inadequate. Once a hacker or an insider obtains a copy of a database the fingerprints in the database can be utilized easily to conduct identity theft or impersonation. Therefore, it is extremely important to protect the database against possible misuses. In this paper we propose using synthetic fingerprint minutiae templates generated with pseudorandom number generator to protect genuine fingerprint templates. Our experimental results show that fingerprint minutiae templates can still match successfully even after being inserted with large number of foreign minutiae and that the pseudorandomly generated synthetic minutiae templates can be utilized to protect real templates. Journal: Journal of Information Privacy and Security Pages: 18-32 Issue: 2 Volume: 8 Year: 2012 Month: 4 X-DOI: 10.1080/15536548.2012.10845653 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845653 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:2:p:18-32 Template-Type: ReDIF-Article 1.0 Author-Name: Ramakrishna Ayyagari Author-X-Name-First: Ramakrishna Author-X-Name-Last: Ayyagari Title: An Exploratory Analysis of Data Breaches from 2005-2011: Trends and Insights Abstract: Data breaches have become one of the biggest problems for organizations, costing an average of $7.2 million per breach (Symantec, 2011). Previous research on data breaches has focused on: (i) reducing the possibility of data breach by addressing employee compliance behavior, and (ii) understanding the impact of data breaches on organizations. We extended this research by content analyzing 2633 unique data breaches that resulted in loss of more than 500 million individual records. Our results indicate that data breaches continue to be a major issue for organizations. The results imply that the nature of the data breaches is changing. Data breaches are typically associated with hacking - however, our results indicate that breaches due to hacking are decreasing, whereas breaches due to ‘human element’ are increasing. One disconcerting result from our analysis is that data breaches that can be directly attributed to implementation and enforcement of security policies account for a major share. Collectively, the results indicate that organizations need to implement effective training and stricter enforcement of security policies. Journal: Journal of Information Privacy and Security Pages: 33-56 Issue: 2 Volume: 8 Year: 2012 Month: 4 X-DOI: 10.1080/15536548.2012.10845654 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845654 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:2:p:33-56 Template-Type: ReDIF-Article 1.0 Author-Name: Sanjib Sahoo Author-X-Name-First: Sanjib Author-X-Name-Last: Sahoo Title: Expert Opinion – Part 2 Interview with Journal: Journal of Information Privacy and Security Pages: 57-60 Issue: 2 Volume: 8 Year: 2012 Month: 4 X-DOI: 10.1080/15536548.2012.10845655 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845655 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:2:p:57-60 Template-Type: ReDIF-Article 1.0 Author-Name: Richard G. Platt Author-X-Name-First: Richard G. Author-X-Name-Last: Platt Title: Blind Spot a Leader's Guide to IT-Enabled Business Transformation Journal: Journal of Information Privacy and Security Pages: 61-64 Issue: 2 Volume: 8 Year: 2012 Month: 4 X-DOI: 10.1080/15536548.2012.10845656 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845656 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:2:p:61-64 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Information and Security Concern Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 3 Volume: 3 Year: 2007 Month: 7 X-DOI: 10.1080/15536548.2007.10855818 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855818 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:3:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Doug White Author-X-Name-First: Doug Author-X-Name-Last: White Author-Name: Alan Rea Author-X-Name-First: Alan Author-X-Name-Last: Rea Title: Looking for Love in All the Wrong Places: A Security Case Study on Online Identity Theft Abstract: Information systems are only as strong as their weakest elements. A truly secure environment requires effective network security, secure application development guidelines, well written policies and procedures, and a strong user educational component to account for the many potential attacks that can occur on a given day. In this case, the authors cover failed aspects of networking security, Web development, policies and procedures, as well as inadequate user education to illustrate how easily an attacker can glean critical business data from an organization via simple techniques known to the hacking community. This case demonstrates that even with basic physical security in place, social engineering practices, combined with well-known hacking techniques, can thwart an organization’s security procedures and practices. In our discussion, we analyze threats to Web servers and Web services using a sample business: MrLuv’s Online Dating Service. We also provide a scenario analysis to forensically explain the break-in and discuss possible techniques used to acquire customer identity information. Ultimately, we find that although secure technical solutions must be implemented, organizations must also educate system users about potential threats. Throughout the case we provide an explanation of common attacks on Web servers and Web services, as well as include a detailed glossary of relevant security terms to explain the technical vocabulary businesses must understand in order to effectively protect their digital assets. Journal: Journal of Information Privacy and Security Pages: 3-24 Issue: 3 Volume: 3 Year: 2007 Month: 7 X-DOI: 10.1080/15536548.2007.10855819 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855819 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:3:p:3-24 Template-Type: ReDIF-Article 1.0 Author-Name: Carl Adams Author-X-Name-First: Carl Author-X-Name-Last: Adams Author-Name: Vasilios Katos Author-X-Name-First: Vasilios Author-X-Name-Last: Katos Title: Exoinformation Space Audits: An Information Richness View of Privacy and Security Obligations Abstract: The privacy-security challenge for corporations is multifaceted and complex with privacy and security demands seemingly pulling in conflicting directions. In addition, the automated and often unconscious and unintentional flow of data, which Brunk (2002) describes as exoinformation, makes the traditional auditing function inadequate to fully capture the security and privacy aspects facing most corporations. This paper draws upon an existing theoretical model of privacy and security, based on the concept of information richness, to develop a practical framework for wider information audit. The proposed information space audit, a supplement to existing information audits, provides guidance on how to manage the rich set of exoinformation data that is typically unplanned and automatically collected. Collating and combining information from different sources provides further scope to reduce information collection requirements, but also raises privacy concerns. Journal: Journal of Information Privacy and Security Pages: 29-44 Issue: 3 Volume: 3 Year: 2007 Month: 7 X-DOI: 10.1080/15536548.2007.10855820 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855820 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:3:p:29-44 Template-Type: ReDIF-Article 1.0 Author-Name: Rahul Bhaskar Author-X-Name-First: Rahul Author-X-Name-Last: Bhaskar Author-Name: Yi Zhang Author-X-Name-First: Yi Author-X-Name-Last: Zhang Title: Knowledge Sharing in Law Enforcement: A Case Study Abstract: Previous research has mainly focused on knowledge management. This paper seeks to fill the gaps in understanding factors that influence knowledge sharing within law enforcement. The authors take an in-depth, case search approach focusing specifically on the Internet Crimes Against Children Task Force. A total of 30 interviews were conducted with law enforcement executives, investigators and other officers in the task force units. This study reveals that successful knowledge sharing requires attention to individual, organizational, and technological factors in a law enforcement organization. Journal: Journal of Information Privacy and Security Pages: 45-68 Issue: 3 Volume: 3 Year: 2007 Month: 7 X-DOI: 10.1080/15536548.2007.10855821 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855821 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:3:p:45-68 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: A.G. “Fred” Altomare, Partner 1:1 Corporation Milpitas, CA 95035 http://www. 1to1corp.com/index.html Journal: Journal of Information Privacy and Security Pages: 69-70 Issue: 3 Volume: 3 Year: 2007 Month: 7 X-DOI: 10.1080/15536548.2007.10855822 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855822 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:3:p:69-70 Template-Type: ReDIF-Article 1.0 Author-Name: David Rice Author-X-Name-First: David Author-X-Name-Last: Rice Author-Name: Chaton Basu Author-X-Name-First: Chaton Author-X-Name-Last: Basu Title: Geekonomics - The Real Cost of Insecure Software Journal: Journal of Information Privacy and Security Pages: 71-72 Issue: 3 Volume: 3 Year: 2007 Month: 7 X-DOI: 10.1080/15536548.2007.10855823 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855823 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:3:p:71-72 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 187-188 Issue: 4 Volume: 11 Year: 2015 Month: 10 X-DOI: 10.1080/15536548.2015.1105590 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1105590 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:4:p:187-188 Template-Type: ReDIF-Article 1.0 Author-Name: Hongbo Lyu Author-X-Name-First: Hongbo Author-X-Name-Last: Lyu Author-Name: Zuopeng (Justin) Zhang Author-X-Name-First: Zuopeng (Justin) Author-X-Name-Last: Zhang Title: Job Quitters, Information Security Awareness, and Knowledge Management Strategies Abstract: Information security culture plays a crucial role in improving employees’ security awareness within a firm. Knowledge management initiatives can help transform culturally unfit workers into those who will possess the necessary level of security awareness and are aligned with a firm’s information security culture. This research analytically models and studies the best knowledge management performance quotient (KMPQ) in a firm to convert workers who are unfit into those who fit with its security culture in order to improve the firm’s organizational level of security awareness (OLSA) and maximize its total payoff. When the potential security threat comes from all the workers who depart the firm, either voluntarily or involuntarily, findings in this study suggest that the firm should implement full knowledge management initiatives to achieve a KMPQ as high as possible if the loss from the security threat is less than a specific threshold level. This study further differentiates three sources of a security threat (voluntary unfit quitters, voluntary fit quitters, and involuntary quitters), and assesses the firm’s best KMPQ accordingly. In addition, this article illustrates the implementation process of the firm’s knowledge management strategies based on the study’s decision framework. This research provides valuable guidance for practitioners to effectively implement knowledge management strategies to build a successful information security culture within organizations. Journal: Journal of Information Privacy and Security Pages: 189-210 Issue: 4 Volume: 11 Year: 2015 Month: 10 X-DOI: 10.1080/15536548.2015.1105594 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1105594 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:4:p:189-210 Template-Type: ReDIF-Article 1.0 Author-Name: Christopher S. Leberknight Author-X-Name-First: Christopher S. Author-X-Name-Last: Leberknight Author-Name: Michael L. Recce Author-X-Name-First: Michael L. Author-X-Name-Last: Recce Title: The Application of Keystroke Analysis for Physical Security: A Field Experiment Abstract: A major factor restricting the widespread acceptance of biometric security technologies is the lack of experimental results from repeated use in a real world setting. Specifically, with respect to keystroke analysis, previous research has primarily discussed the classification performance of the biometric by controlling different variables during laboratory experiments. This research is an extension of previous work that investigates the classification performance of keystroke analysis using a biometric keypad and several novel typing features during a 5-week field experiment. The ultimate goal is to explore stabilization patterns over time and to test if field study results support the optimal parameters and classification rates identified in the laboratory study. Results from the experiment demonstrate that a classification rate of 87% can be achieved during actual use of the biometric keypad by employing the optimal parameters. This finding helps to validate and extend previous work conducted in a laboratory setting. It also provides useful insight into experimental designs and support for the application of keystroke analysis in a real world environment. Journal: Journal of Information Privacy and Security Pages: 211-227 Issue: 4 Volume: 11 Year: 2015 Month: 10 X-DOI: 10.1080/15536548.2015.1105599 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1105599 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:4:p:211-227 Template-Type: ReDIF-Article 1.0 Author-Name: Gaurav Gupta Author-X-Name-First: Gaurav Author-X-Name-Last: Gupta Author-Name: Indranil Bose Author-X-Name-First: Indranil Author-X-Name-Last: Bose Title: Research Essay Editorial Journal: Journal of Information Privacy and Security Pages: 228-229 Issue: 4 Volume: 11 Year: 2015 Month: 10 X-DOI: 10.1080/15536548.2015.1105601 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1105601 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:4:p:228-229 Template-Type: ReDIF-Article 1.0 Author-Name: Roberto Mugavero Author-X-Name-First: Roberto Author-X-Name-Last: Mugavero Author-Name: Federico Benolli Author-X-Name-First: Federico Author-X-Name-Last: Benolli Author-Name: Valentina Sabato Author-X-Name-First: Valentina Author-X-Name-Last: Sabato Title: Challenges of Multi-Source Data and Information New Era Abstract: As a consequence of the advancement of modern global dynamics, the international debate concerning intelligence strategies is pointing to an investigative tools revolution. To keep up with the pace of advancement, these tools have to be able to collect and convert data taking advantage of the entire spectrum of technological expertise and methodological progress. In this view, a multi-source intelligence technique appears the leading approach to effectively respond to the needs of the community. Actually, a steady interaction among information acquired from the principal disciplines of IMINT, MASINT, SIGINT, GEOINT, HUMINT and OSINT should supply an undeniable value added in order to offer effective products, which are intuitive, clear, and timely. The principal purpose is to analyze and display how the intelligence community’s interactive network operates according to both standard and intelligence, security and defense requests. Journal: Journal of Information Privacy and Security Pages: 230-242 Issue: 4 Volume: 11 Year: 2015 Month: 10 X-DOI: 10.1080/15536548.2015.1105617 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1105617 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:4:p:230-242 Template-Type: ReDIF-Article 1.0 Author-Name: Roberto Mugavero Author-X-Name-First: Roberto Author-X-Name-Last: Mugavero Author-Name: Federico Benolli Author-X-Name-First: Federico Author-X-Name-Last: Benolli Author-Name: Valentina Sabato Author-X-Name-First: Valentina Author-X-Name-Last: Sabato Title: Geospatial Intelligence, Technological Development, and Human Interaction Abstract: In today’s steadily mutable era, threats and hazards are increasingly expanding. In addition to terrorism, asymmetric conflicts and social unrest are endangering international security while technological knowledge and defensive tools symmetrically respond. With this interpretation, it appears clear that the investigative methods require thorough scientific support if they are to be a tool for investigation as well as for decision-making. In contrast, recent worldwide accidents such as the 2001 Twin Towers attack on September 11 in New York City have revealed a lack of intelligence, which cannot be fixed without acknowledging the fundamental value of the human intelligence (HUMINT) contribution. In order to face these issues, it is relevant to characterize the key aspects that allow a suitable interaction among the highly technological geospatial intelligence (GEOINT) and the traditional HUMINT activities, with the goal to design the main procedures for a crucial collaboration. Journal: Journal of Information Privacy and Security Pages: 243-261 Issue: 4 Volume: 11 Year: 2015 Month: 10 X-DOI: 10.1080/15536548.2015.1105652 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1105652 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:4:p:243-261 Template-Type: ReDIF-Article 1.0 Author-Name: Roberto Mugavero Author-X-Name-First: Roberto Author-X-Name-Last: Mugavero Author-Name: Valentina Sabato Author-X-Name-First: Valentina Author-X-Name-Last: Sabato Author-Name: Matteo Basso Author-X-Name-First: Matteo Author-X-Name-Last: Basso Author-Name: Wanda D’Amico Author-X-Name-First: Wanda Author-X-Name-Last: D’Amico Author-Name: Federico Benolli Author-X-Name-First: Federico Author-X-Name-Last: Benolli Title: Bioterrorism: New Technologies for Global Emergencies and Public Health Abstract: Nowadays, the increasing number of unconventional biological attacks around the world, as well as innovative technologies and a larger availability of tools and materials, contribute to a wider expertise on dealing with devices and agents due to their inherent dual-use nature. This report focuses on modern technologies that offer proper protection against those attacks, in order to provide support in preventing and reducing their related risks. What is unprecedented in such attacks is the huge number of healthcare workers and first responders who have been infected or injured. The aim of this article is to propose a modern exploitation of advanced technologies in overcoming that lack of proper protection and in helping prevention and reduction of both risks and consequences for emergency teams through vehicles provided with innovative and integrated solutions for biohazard protection. The proposed solution is a new way to address global and public health emergencies, not only from natural and anthropogenic threats, but also from intentional and deliberated human actions as bioterrorism, moving the “operational protection” through a collective approach. Journal: Journal of Information Privacy and Security Pages: 262-273 Issue: 4 Volume: 11 Year: 2015 Month: 10 X-DOI: 10.1080/15536548.2015.1105658 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1105658 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:4:p:262-273 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: Information Assurance for the Enterprise: A Roadmap to Information Security, by C. Schou and D. Shoemaker Journal: Journal of Information Privacy and Security Pages: 274-275 Issue: 4 Volume: 11 Year: 2015 Month: 10 X-DOI: 10.1080/15536548.2015.1105662 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1105662 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:4:p:274-275 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Privacy and Security Concerns with Healthcare Data and Social Media Usage Journal: Journal of Information Privacy and Security Pages: 49-50 Issue: 2 Volume: 13 Year: 2017 Month: 4 X-DOI: 10.1080/15536548.2017.1322413 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1322413 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:2:p:49-50 Template-Type: ReDIF-Article 1.0 Author-Name: Carlos Serrão Author-X-Name-First: Carlos Author-X-Name-Last: Serrão Author-Name: Elsa Cardoso Author-X-Name-First: Elsa Author-X-Name-Last: Cardoso Title: Handling confidentiality and privacy on cloud-based health information systems Abstract: Health-related data include not only the patient’s personal information, but also specific information about the patient health problems, supplementary diagnostic examination results, and much more. All this information is extremely sensitive and should only be accessed by the proper entities and actors, for special specific purposes. Described herein is an approach to address security and privacy of health-related data based on rights management technologies, with an architecture to minimize security risks and privacy conerns. This approach consists of the reutilisation of an open-source and open-specifications rights management system, and designing and adapting the necessary components to address the specific security and privacy requirements that must be faced when managing health and patient data. Journal: Journal of Information Privacy and Security Pages: 51-68 Issue: 2 Volume: 13 Year: 2017 Month: 4 X-DOI: 10.1080/15536548.2017.1322415 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1322415 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:2:p:51-68 Template-Type: ReDIF-Article 1.0 Author-Name: Wachiraporn Arunothong Author-X-Name-First: Wachiraporn Author-X-Name-Last: Arunothong Author-Name: Derek L. Nazareth Author-X-Name-First: Derek L. Author-X-Name-Last: Nazareth Title: The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data Abstract: As healthcare providers seek to comply with HIPAA and endeavor to secure their data from external breaches, they also need to realize that another threat to misuse of this data is inappropriate internal use by employees. Not all instances of misuse constitute a HIPAA violation, but they have the potential to become one. Medical data misuse by employees can be alleviated and curbed through the appropriate use of procedural and technological countermeasures. This paper seeks to determine whether electronic health records (EHR) policy and auditing procedures play a role in the propensity of providers to misuse medical data. Through an on-line survey of US physicians, nurses, medical students, and nursing students, using four case vignettes representing various forms of misuse, this research found that providers who were more aware of institutional security policy were more likely to adhere to policies than their counterparts who were not similarly informed. Likewise, providers who believed that their organizations monitored their EHR usage were less likely to engage in misuse than their counterparts who believed they were not monitored. The findings underscore the need for healthcare organizations to emphasize the importance of HIPAA compliance, and inform employees about the steps that the institution takes to maintain compliance, both from a procedural as well as technological standpoint. This study suggests that increasing the awareness of security and policy measures among employees is a vital part of preventing misuse. Journal: Journal of Information Privacy and Security Pages: 69-83 Issue: 2 Volume: 13 Year: 2017 Month: 4 X-DOI: 10.1080/15536548.2017.1322421 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1322421 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:2:p:69-83 Template-Type: ReDIF-Article 1.0 Author-Name: En Mao Author-X-Name-First: En Author-X-Name-Last: Mao Author-Name: Jing Zhang Author-X-Name-First: Jing Author-X-Name-Last: Zhang Title: What Affects Users to Click on Display Ads on Social Media? The Roles of Message Values, Involvement, and Security Abstract: This project represents one of the few efforts in studying the effectiveness of social media advertising (ads). Specifically, the effects of three major communication components—message, channel/media, and receiver/audience—on ad clicks are examined. The message component includes perceived informativeness, entertainment, and intrusiveness of the ad; the media component focuses on social media security and the audience component focuses on their involvement. The effects of ad clicks on product evaluations and then on intentions to spread positive word-of-mouth are also investigated. A research model is developed and tested with online-survey data from 572 social media users. The contributions, practical implications, and future research directions are discussed in the context of social media. Journal: Journal of Information Privacy and Security Pages: 84-96 Issue: 2 Volume: 13 Year: 2017 Month: 4 X-DOI: 10.1080/15536548.2017.1322434 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1322434 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:2:p:84-96 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Interview With Lionel Cassin Journal: Journal of Information Privacy and Security Pages: 97-98 Issue: 2 Volume: 13 Year: 2017 Month: 4 X-DOI: 10.1080/15536548.2017.1322437 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1322437 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:2:p:97-98 Template-Type: ReDIF-Article 1.0 Author-Name: Faruk Arslan Author-X-Name-First: Faruk Author-X-Name-Last: Arslan Title: Security and Privacy in Social Networks, by Yaniv Altshuler, Yuval Elovici, Armin B. Cremers, Nadav Aharony, Alex Pentland Journal: Journal of Information Privacy and Security Pages: 99-102 Issue: 2 Volume: 13 Year: 2017 Month: 4 X-DOI: 10.1080/15536548.2017.1322439 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1322439 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:2:p:99-102 Template-Type: ReDIF-Article 1.0 Author-Name: Dharma P. Agrawal Author-X-Name-First: Dharma P. Author-X-Name-Last: Agrawal Title: Special Issue on Attacks and Distinct Features in Networks Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 12 Year: 2016 Month: 1 X-DOI: 10.1080/15536548.2016.1139422 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1139422 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Aakanksha Tewari Author-X-Name-First: Aakanksha Author-X-Name-Last: Tewari Author-Name: A. K. Jain Author-X-Name-First: A. K. Author-X-Name-Last: Jain Author-Name: B. B. Gupta Author-X-Name-First: B. B. Author-X-Name-Last: Gupta Title: Recent survey of various defense mechanisms against phishing attacks Abstract: In the recent years, the phishing attack has become one of the most serious threats faced by Internet users, organizations, and service providers. In a phishing attack, the attacker tries to defraud Internet users and steal their personal information either by using spoofed emails or by using fake websites or both. Several approaches have been proposed in the literature for the detection and filtering of phishing attacks; however, the Internet community is still looking for a complete solution to secure the Internet from these attacks. This article discusses recent developments and protection mechanisms (i.e., detection and filtering) against a variety of phishing attacks (e.g., email phishing, website phishing, zero-day attacks). In addition, the strengths and weaknesses of these approaches is discussed. This article provides a better understanding of the phishing attack problem in the current solution space and also addresses the scope of future research to deal with such attacks efficiently. Journal: Journal of Information Privacy and Security Pages: 3-13 Issue: 1 Volume: 12 Year: 2016 Month: 1 X-DOI: 10.1080/15536548.2016.1139423 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1139423 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:1:p:3-13 Template-Type: ReDIF-Article 1.0 Author-Name: Wei Chang Author-X-Name-First: Wei Author-X-Name-Last: Chang Author-Name: Jie Wu Author-X-Name-First: Jie Author-X-Name-Last: Wu Title: Privacy-preserved data publishing of evolving online social networks Abstract: The increasing growth of online social networks provides an unprecedented opportunity to study the complex interactions among human beings. Privacy-preserved network-data publishing is becoming increasingly popular in both industry and academia. This articles focuses on evolving social subscription networks (ESSN), which indicate social actors’ participation in certain media channels, such as Hollywood stars’ Twitter pages, during a series of time intervals. The discussion first introduces a new identity disclosure attack by exploring the subscribed channel sizes of a social actor and the actor’s frequency of joining/leaving the channels. For privacy protection, K-anonymity should be ensured for the whole evolving graph. However, unlike the conventional topology information, such as node degree, the ESSN data points are much more sparse. Moreover, during the construction of anonymous groups, the unpopular channel-related information is likely to be discarded. How to maximally preserve ESSN data utility during anonymization is an open problem. These authors propose an effective three-step framework to solve it: data space compression, anonymity construction, and realizable publishing. Also provided are comprehensive studies on the performance of this approach. Extensive results show that this approach is effective in terms of privacy, utility, and efficacy. To the best of the knowledge of these authors, this work is the first systematic study to the anonymization of time-evolving multi-relation graphs. Journal: Journal of Information Privacy and Security Pages: 14-31 Issue: 1 Volume: 12 Year: 2016 Month: 1 X-DOI: 10.1080/15536548.2016.1143765 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1143765 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:1:p:14-31 Template-Type: ReDIF-Article 1.0 Author-Name: Minzhe Guo Author-X-Name-First: Minzhe Author-X-Name-Last: Guo Author-Name: Prabir Bhattacharya Author-X-Name-First: Prabir Author-X-Name-Last: Bhattacharya Title: Mechanism design for Data Replica Placement (DRP) problem in strategic settings Abstract: This article addresses the problem of Data Replica Placement, an important technique used in storage-capable distributed networks to improve system availability, reliability, and fault-tolerance. The study focuses on the Data Replica Placement problem in strategic settings inspired by practical market-based data replication applications, such as content delivery networks. Multiple self-interested players with private preferences own data objects for replication. Players compete for storage space among replication servers for placing replicas with the objective to optimize their own profits. Using mechanism design approach, the authors consider the problem as a sequential composition of knapsack auctions and design an algorithmic mechanism DRPMECH to aggregate players’ preferences and approximate a social efficient allocation for the problem. This work analyzes both the economic and computational properties of DRPMECH, validates the properties using experiments, and compares its performance against related game-theoretical solutions. Journal: Journal of Information Privacy and Security Pages: 32-54 Issue: 1 Volume: 12 Year: 2016 Month: 1 X-DOI: 10.1080/15536548.2016.1139425 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1139425 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:1:p:32-54 Template-Type: ReDIF-Article 1.0 Author-Name: Linda Reid Author-X-Name-First: Linda Author-X-Name-Last: Reid Title: Information Security: Risks and Solutions Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 2 Year: 2006 Month: 1 X-DOI: 10.1080/15536548.2006.10855782 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855782 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Raymond J. Elson Author-X-Name-First: Raymond J. Author-X-Name-Last: Elson Author-Name: Rey LeClerc Author-X-Name-First: Rey Author-X-Name-Last: LeClerc Title: Customer Information: Protecting the Organization’s Most Critical Asset from Misappropriation and Identity Theft Abstract: Identity theft is on the rise, evidenced by the increased complaints of such incidences reported to the Federal Trade Commission in 2004. One estimate is that 10 million customers are victims of identity theft each year. In fact, it is difficult to avoid news on public disclosure of security breaches to corporate databases that companies made in 2005. A typical example was the backup computer tape containing personal data for 3.9 million customers that was lost by the world’s largest financial services company in transit by courier to a credit reporting bureau. Consumers are clearly alarmed and some are switching banks or changing their online behavior in order to protect their identity. As a result, there is increased pressure on organizations to improve data security and therefore provide customers with some assurance that their personal information will not be misappropriated.This paper discusses identity theft and the risk to consumers as well as current efforts by federal and state governments to protect the privacy of their constituents. It offers steps that could be taken by organizations to protect their most critical asset - customer information — against identity theft. Journal: Journal of Information Privacy and Security Pages: 3-15 Issue: 1 Volume: 2 Year: 2006 Month: 1 X-DOI: 10.1080/15536548.2006.10855783 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855783 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:1:p:3-15 Template-Type: ReDIF-Article 1.0 Author-Name: Merrill Warkentin Author-X-Name-First: Merrill Author-X-Name-Last: Warkentin Author-Name: Allen C. Johnston Author-X-Name-First: Allen C. Author-X-Name-Last: Johnston Title: An XML-Based Intelligent Agent Protocol Design Framework for Individualized Privacy Postures within Trusted Network Environments Abstract: Future inter-networking environments will involve extensive interaction between multiple servers, users and their agents. Currently, numerous forms of trusted network environments facilitate the use of agents. Corporate intranets, secure extranets, B2B partnerships, and collaborative e-marketplaces are just a few examples. Although these environments presume trust, they still provide considerable risk to privacy and liability exposure to all parties involved. Therefore, it will be imperative that intelligent agents act according to the desired intentions of the agents’ owners who develop and introduce them. The XML-based protocol presented in this paper provides a practical approach to the provision of such compliance. Agents, if embedded with these protocols, will demonstrate behavior consistent with the desired privacy posture of the owner along several key continua, while still maintaining an autonomous nature. Journal: Journal of Information Privacy and Security Pages: 16-28 Issue: 1 Volume: 2 Year: 2006 Month: 1 X-DOI: 10.1080/15536548.2006.10855784 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855784 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:1:p:16-28 Template-Type: ReDIF-Article 1.0 Author-Name: Joseph S. Mollick Author-X-Name-First: Joseph S. Author-X-Name-Last: Mollick Title: Do Concerns about Error in Data and Access to Data Affect Students’ Feeling of Alienation? Abstract: Organizations such as universities collect and use personal data about customers such as students. How do students feel about their university’s practices related to error in data and access to personal data? Using data collected via a survey of 187 students at a large U.S. university, we investigate the effects of these two privacy and security concerns on students’ feeling of alienation. Implications of the results are discussed in light of ethics, strategy, design, control and administration of personal information management systems. Journal: Journal of Information Privacy and Security Pages: 29-45 Issue: 1 Volume: 2 Year: 2006 Month: 1 X-DOI: 10.1080/15536548.2006.10855785 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855785 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:1:p:29-45 Template-Type: ReDIF-Article 1.0 Author-Name: Linda A. Reid Author-X-Name-First: Linda A. Author-X-Name-Last: Reid Title: Amanda M. Hubbard, J.D. Fulbright Scholar Former Trial Attorney, Computer Crime and Intellectual Property Section, U.S. Department of Justice Journal: Journal of Information Privacy and Security Pages: 47-56 Issue: 1 Volume: 2 Year: 2006 Month: 1 X-DOI: 10.1080/15536548.2006.10855786 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855786 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:1:p:47-56 Template-Type: ReDIF-Article 1.0 Author-Name: John D. Chenoweth Author-X-Name-First: John D. Author-X-Name-Last: Chenoweth Title: Book Review: Information Ethics: Privacv, Propem, and Power Journal: Journal of Information Privacy and Security Pages: 57-59 Issue: 1 Volume: 2 Year: 2006 Month: 1 X-DOI: 10.1080/15536548.2006.10855787 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855787 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:1:p:57-59 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Intrusion and Hacking Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 4 Volume: 3 Year: 2007 Month: 10 X-DOI: 10.1080/15536548.2007.10855824 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855824 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:4:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Yun Wang Author-X-Name-First: Yun Author-X-Name-Last: Wang Author-Name: Nathaniel J. Melby Author-X-Name-First: Nathaniel J. Author-X-Name-Last: Melby Author-Name: Inyoung Kim Author-X-Name-First: Inyoung Author-X-Name-Last: Kim Title: Profiling User Behavior for Intrusion Detection Using Item Response Modeling Abstract: Item response theory (IRT) is a modern test measurement theory that has been widely used in many research areas over the last decade. This paper presents an IRT modeling approach that fits network traffic to a “test” (normal or abnormal) model and estimates an expected test score of being anomaly-free to profile user behavior. With four anomaly-free associated variables identified from previous studies, the findings demonstrate that there is a remarkable difference in item characteristic curves between the user behavior patterns with anomalies and those that are anomaly-free, and such a difference can be quantitatively measured with the expected test score ranging from 0 to 100 where a high score is more likely to be associate with an anomaly-free pattern. More specifically, there are approximately 25 (SD = 4.0) points’ differences between a pattern with anomalies and one without. Our study demonstrates the potential feasibility and achievability of applying IRT for modern network security. Journal: Journal of Information Privacy and Security Pages: 3-18 Issue: 4 Volume: 3 Year: 2007 Month: 10 X-DOI: 10.1080/15536548.2007.10855825 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855825 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:4:p:3-18 Template-Type: ReDIF-Article 1.0 Author-Name: Jorge Marx Gómez Author-X-Name-First: Jorge Marx Author-X-Name-Last: Gómez Author-Name: Jens Lichtenberg Author-X-Name-First: Jens Author-X-Name-Last: Lichtenberg Title: Intrusion Detection Management System for eCommerce Security Abstract: This paper introduces the idea of an intrusion detection management system to enhance the security of eCommerce systems. An Intrusion Management System applies different Intrusion Detection Systems (IDS) to not only detect a threat but also analyze it and propose counter measures to avoid compromising the guarded system. Numerous intrusion detection systems, using different techniques are linked to an attack analyzer. The attack analyzer gathers the information from n different IDS within the system and diagnoses a treatment plan. The system administrator or a response planning module aiding the administrator can also query the analyzer for information about the attack character, possible goals and the impending threat level. For the treatment plan, depending on the analysis, a multitude of counter measures is identified and ranked. The counter measure identification is done using data mining techniques on a counter measure repository, the final ranking through sorting algorithms. A feasibility study has shown that an analyzer can match a problem against a solution repository and find the optimal treatment suggestions, applied with a ranking, in an acceptable short period of time. Journal: Journal of Information Privacy and Security Pages: 19-31 Issue: 4 Volume: 3 Year: 2007 Month: 10 X-DOI: 10.1080/15536548.2007.10855826 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855826 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:4:p:19-31 Template-Type: ReDIF-Article 1.0 Author-Name: Randall Young Author-X-Name-First: Randall Author-X-Name-Last: Young Author-Name: Lixuan Zhang Author-X-Name-First: Lixuan Author-X-Name-Last: Zhang Title: Illegal Computer Hacking: An Assessment of Factors that Encourage and Deter the Behavior Abstract: This study examines illegal hacking behavior through the lens of general deterrence theory, social bond theory, and social learning theory. Data was gathered from a survey of 127 individuals who attended a hacker’s conference. The results suggest that the greater an individual’s commitment to conventional activities and the stronger the individual’s belief in following the norms of society, the less likely he or she will engage in illegal hacking behavior. Interaction with other computer hackers also significantly impacts illegal hacking behavior. One finding is that the severity of punishment does not deter hacking, while the certainty of punishment does. Journal: Journal of Information Privacy and Security Pages: 33-52 Issue: 4 Volume: 3 Year: 2007 Month: 10 X-DOI: 10.1080/15536548.2007.10855827 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855827 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:4:p:33-52 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Damani Short, CIO United States Olympic Committee http://www.usoc.org/ Journal: Journal of Information Privacy and Security Pages: 53-54 Issue: 4 Volume: 3 Year: 2007 Month: 10 X-DOI: 10.1080/15536548.2007.10855828 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855828 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:4:p:53-54 Template-Type: ReDIF-Article 1.0 Author-Name: Robert Cutshall Author-X-Name-First: Robert Author-X-Name-Last: Cutshall Title: Computer Privacy Annoyances — How to Avoid the Most Annoying Invasions of Your Personal and Online Privacy Journal: Journal of Information Privacy and Security Pages: 55-56 Issue: 4 Volume: 3 Year: 2007 Month: 10 X-DOI: 10.1080/15536548.2007.10855829 File-URL: http://hdl.handle.net/10.1080/15536548.2007.10855829 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:3:y:2007:i:4:p:55-56 Template-Type: ReDIF-Article 1.0 Author-Name: Suvojit Choton Basu Author-X-Name-First: Suvojit Choton Author-X-Name-Last: Basu Title: Toward a Long Term Discourse on Privacy, Security, Legal and Ethical Issues of Information Journal: Journal of Information Privacy and Security Pages: 1-3 Issue: 1 Volume: 1 Year: 2005 Month: 1 X-DOI: 10.1080/15536548.2005.10855757 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855757 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:1:p:1-3 Template-Type: ReDIF-Article 1.0 Author-Name: Carol Sánchez Author-X-Name-First: Carol Author-X-Name-Last: Sánchez Title: An Interview with Ian Browde Director of Strategy and Business Development, Enterprise Solutions Division, Nokia, Inc. Journal: Journal of Information Privacy and Security Pages: 4-9 Issue: 1 Volume: 1 Year: 2005 Month: 1 X-DOI: 10.1080/15536548.2005.10855758 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855758 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:1:p:4-9 Template-Type: ReDIF-Article 1.0 Author-Name: Michael S. Korotka Author-X-Name-First: Michael S. Author-X-Name-Last: Korotka Author-Name: L. Roger Yin Author-X-Name-First: L. Author-X-Name-Last: Roger Yin Author-Name: Suvojit Choton Basu Author-X-Name-First: Suvojit Choton Author-X-Name-Last: Basu Title: Information Assurance Technical Framework and End User Information Ownership: A Critical Analysis Abstract: This paper reviews the recent history of the Information Assurance (IA) movement and examines the Information Assurance Technical Framework (IATF) proposed by the United States Government’s National Information Assurance Partnership (NIAP) in the height of the potential terrorist attacks on the cyberspace that draw no geographical or temporal boundaries. Under the heightened alert, all organizations scramble to plug the security holes of their information infrastructure to assure safe end user access to the mission-critical information. This paper argues that the focus of IATF is based on the enforcement of a top-down information infrastructure without specifying the impact to the end users or “information consumers. “ Furthermore, a complete IA defensive strategy built on a Defence-in-Depth Strategy dictates only what people executing operations through the use of technology can achieve. The IATF addresses the technology portion of this strategy to defend against five classes of attacks: Passive, Active, Insider, Close-in, and Distribution. This is accomplished through four overlapping approaches and layers of protection, referred to collectively as Defence-in-Depth technology areas. The paper concludes by highlighting the implications and impact of the IATF and related issues to all citizens in the end user community, particularly the possible gains and sacrifices that end users are facing, particularly the key issue of assurance of information ownership. Journal: Journal of Information Privacy and Security Pages: 10-26 Issue: 1 Volume: 1 Year: 2005 Month: 1 X-DOI: 10.1080/15536548.2005.10855759 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855759 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:1:p:10-26 Template-Type: ReDIF-Article 1.0 Author-Name: Matthew J. Stippich Author-X-Name-First: Matthew J. Author-X-Name-Last: Stippich Author-Name: Christopher J. Stippich Author-X-Name-First: Christopher J. Author-X-Name-Last: Stippich Title: A Holistic Perspective on the Science of Computer Forensics Abstract: Recent development in the field of information technology has raised new challenges and problems for the prevention and control of computer crime. Criminal exploitation of digital technologies requires not only research and development to counter these crimes but to also implement strong security policies. Proactive stance on issues such as network intrusion are extremely important but when criminal activity does take place, the field of compute forensics can be invaluable in addressing the problems in such complicated crimes. This article discusses some of the key tenets in the field of forensic computing and makes the case for a need to approach computer forensics as a science. The process view of a forensic investigation is also discussed. Journal: Journal of Information Privacy and Security Pages: 27-39 Issue: 1 Volume: 1 Year: 2005 Month: 1 X-DOI: 10.1080/15536548.2005.10855760 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855760 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:1:p:27-39 Template-Type: ReDIF-Article 1.0 Author-Name: Suvojit Choton Basu Author-X-Name-First: Suvojit Choton Author-X-Name-Last: Basu Title: An Interview with Sindey Schueler-Platz State Administrator, Kansas Bureau of Investigation Journal: Journal of Information Privacy and Security Pages: 40-42 Issue: 1 Volume: 1 Year: 2005 Month: 1 X-DOI: 10.1080/15536548.2005.10855761 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855761 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:1:p:40-42 Template-Type: ReDIF-Article 1.0 Author-Name: John D. Chenoweth Author-X-Name-First: John D. Author-X-Name-Last: Chenoweth Title: Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management Journal: Journal of Information Privacy and Security Pages: 43-44 Issue: 1 Volume: 1 Year: 2005 Month: 1 X-DOI: 10.1080/15536548.2005.10855762 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855762 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:1:p:43-44 Template-Type: ReDIF-Article 1.0 Author-Name: John D. Chenoweth Author-X-Name-First: John D. Author-X-Name-Last: Chenoweth Title: Computer Security: 20 things Every Employee Should Know. New York. Journal: Journal of Information Privacy and Security Pages: 45- Issue: 1 Volume: 1 Year: 2005 Month: 1 X-DOI: 10.1080/15536548.2005.10855763 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855763 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:1:p:45- Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Privacy Concerns and Offshore Outsourcing Security Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 2 Volume: 7 Year: 2011 Month: 4 X-DOI: 10.1080/15536548.2011.10855908 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855908 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:2:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: A. S. Sodiya Author-X-Name-First: A. S. Author-X-Name-Last: Sodiya Author-Name: O. Folorunso Author-X-Name-First: O. Author-X-Name-Last: Folorunso Author-Name: P. B. Komolafe Author-X-Name-First: P. B. Author-X-Name-Last: Komolafe Author-Name: O. P. Ogunderu Author-X-Name-First: O. P. Author-X-Name-Last: Ogunderu Title: Preventing Authentication Systems From Keylogging Attack Abstract: In this work, a countermeasure scheme known as the “Fool the Keylogger Model (FKM) “ was developed for preventing keylogging attacks on Password Authentication Systems. In the FKM, an algorithm called Secured Keystroke Authenticated Password Against Keylogger (SKAPAK algorithm) was developed for dissuading attackers. The model divides the process of user authentication into 3 domains; the User, the Fooled, and the Authentication Domain. The User Domain provides environment for formulation of counterfeit-password. The counterfeit-password is a product of mixture of password characters and random alphanumeric characters or noise characters. This counterfeit-password is then used by the user a non-normal authentication data to login. The Fooled Domain creates an interface for the implementation of SKAPAK algorithm. The algorithm intelligently extracts password token from the counterfeit-password after which it has scaled beyond the visibility scope of the Keylogger. The algorithm then makes a valid authentication request using the normal authentication request data. The final verification and acknowledgement of user’s credentials takes place in the Authentication Domain. The results of data analyzed for this research showed over 99.5% concealment of password from Keylogger and over 95% usability and acceptability of the model. The result revealed a complete elimination of shoulder surfing threats, which simply means spying a user login session and showed that the proposed scheme provides adequate protection against keylogging attack. Journal: Journal of Information Privacy and Security Pages: 3-27 Issue: 2 Volume: 7 Year: 2011 Month: 4 X-DOI: 10.1080/15536548.2011.10855909 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855909 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:2:p:3-27 Template-Type: ReDIF-Article 1.0 Author-Name: Binto George Author-X-Name-First: Binto Author-X-Name-Last: George Author-Name: Anna Valeva Author-X-Name-First: Anna Author-X-Name-Last: Valeva Author-Name: George Mangalaraj Author-X-Name-First: George Author-X-Name-Last: Mangalaraj Title: Usable Authentication in EBusiness: Challenges and Opportunities Abstract: The traditional approach of system centered security seems to be inadequate for consumer ebusiness models where the user plays a critical role to ensure computer security. Moreover, human factors are increasingly being exploited for defeating security as evidenced by ever increasing trend in human-centered attacks. Although many of the attacks exploiting human aspects generally do not require high technical skills, their detection and prevention are usually complex. Valid user authentication requires both customer and ebusiness correctly authenticating each other. As would be seen in the paper, usable security plays a crucial role in this mutual authentication process. The paper surveys the major research findings in the area, explores the cotemporary industry practices and discusses some potential future directions. Journal: Journal of Information Privacy and Security Pages: 28-64 Issue: 2 Volume: 7 Year: 2011 Month: 4 X-DOI: 10.1080/15536548.2011.10855910 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855910 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:2:p:28-64 Template-Type: ReDIF-Article 1.0 Author-Name: Sherrie Drye Cannoy Author-X-Name-First: Sherrie Author-X-Name-Last: Drye Cannoy Author-Name: Pamela E. Carter Author-X-Name-First: Pamela E. Author-X-Name-Last: Carter Title: Information Politics in Health Information Exchange Networks Abstract: There have been recent mandates for the implementation of Electronic Health Records to improve the quality of healthcare. The sharing of Electronic Health Record information between health providers is called Health Information Exchange (HIE). In the quest to implement Health Information Exchange, technological factors have been emphasized, ignoring important cultural factors. Health Information Exchange requires the collaboration and harmonization of efforts between many stakeholders who often have conflicting views about how information should be shared. Industry-specific cultural factors such as legal, social, and political issues are critical to understand in the context of complex network environments such as Health Information Exchange. This study draws upon multiple theoretical perspectives to develop a conceptual theory to explain information politics in complex network environments. Davenport, Eccles, and Prusak’s (1992) information politics theory is applied and extended through this longitudinal case study of the HIE Privacy and Security State Network. Through examination of a three-year project (Health Information Security and Privacy Collaboration), it was found that stages of information polity evolved. The contributions of this study include the application and extension of information politics theory from the organizational level to the complex network level. Implications for practice and research are provided. Journal: Journal of Information Privacy and Security Pages: 65-90 Issue: 2 Volume: 7 Year: 2011 Month: 4 X-DOI: 10.1080/15536548.2011.10855911 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855911 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:2:p:65-90 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Eric Kiernan Partner, KC Computers Journal: Journal of Information Privacy and Security Pages: 91-93 Issue: 2 Volume: 7 Year: 2011 Month: 4 X-DOI: 10.1080/15536548.2011.10855912 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855912 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:2:p:91-93 Template-Type: ReDIF-Article 1.0 Author-Name: Ling Zhu Author-X-Name-First: Ling Author-X-Name-Last: Zhu Title: Code Version 2.0 Journal: Journal of Information Privacy and Security Pages: 94-97 Issue: 2 Volume: 7 Year: 2011 Month: 4 X-DOI: 10.1080/15536548.2011.10855913 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855913 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:2:p:94-97 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 139-140 Issue: 3 Volume: 11 Year: 2015 Month: 7 X-DOI: 10.1080/15536548.2015.1073505 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1073505 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:3:p:139-140 Template-Type: ReDIF-Article 1.0 Author-Name: Mohsen Damshenas Author-X-Name-First: Mohsen Author-X-Name-Last: Damshenas Author-Name: Ali Dehghantanha Author-X-Name-First: Ali Author-X-Name-Last: Dehghantanha Author-Name: Kim-Kwang Raymond Choo Author-X-Name-First: Kim-Kwang Raymond Author-X-Name-Last: Choo Author-Name: Ramlan Mahmud Author-X-Name-First: Ramlan Author-X-Name-Last: Mahmud Title: M0Droid: An Android Behavioral-Based Malware Detection Model Abstract: Anti-mobile malware has attracted the attention of the research and security community in recent years due to the increasing threat of mobile malware and the significant increase in the number of mobile devices. M0Droid, a novel Android behavioral-based malware detection technique comprising a lightweight client agent and a server analyzer, is proposed here. The server analyzer generates a signature for every application (app) based on the system call requests of the app (termed app behavior) and normalizes the generated signature to improve accuracy. The analyzer then uses Spearman’s rank correlation coefficient to identify malware with similar behavior signatures in a previously generated blacklist of malwares signatures. The main contribution of this research is the proposed method to generate standardized mobile malware signatures based on their behavior and a method for comparing generated signatures. Preliminary experiments running M0Droid against Genome dataset and APK submissions of Android client agent or developers indicate a detection rate of 60.16% with 39.43% false-positives and 0.4% false-negatives at a threshold value of 0.90. Increasing or decreasing the threshold value can adjust the strictness of M0Droid. As the threshold value increases, the false-negative rate will also increase, and as the threshold value decreases, the detection and false-positive rates will also decrease. The authors hope that this research will contribute towards Android malware detection techniques. Journal: Journal of Information Privacy and Security Pages: 141-157 Issue: 3 Volume: 11 Year: 2015 Month: 7 X-DOI: 10.1080/15536548.2015.1073510 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1073510 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:3:p:141-157 Template-Type: ReDIF-Article 1.0 Author-Name: Victoria Kisekka Author-X-Name-First: Victoria Author-X-Name-Last: Kisekka Author-Name: Rajarshi Chakraborty Author-X-Name-First: Rajarshi Author-X-Name-Last: Chakraborty Author-Name: Sharmistha Bagchi-Sen Author-X-Name-First: Sharmistha Author-X-Name-Last: Bagchi-Sen Author-Name: H. Raghav Rao Author-X-Name-First: H. Raghav Author-X-Name-Last: Rao Title: Investigating Factors Influencing Web-Browsing Safety Efficacy (WSE) Among Older Adults Abstract: This research investigates the ability of older adults to perceive online threats. Specifically, the factors that influence web-browsing safety efficacy (WSE) among older adults are investigated. The factors investigated are: attitude towards unsolicited email senders, risk aversion, perceived efficacy in finding information, security education, and perceived social connectivity. Partial least squares regression analysis was used to analyze a sample of older adults age 55 years and older. The results showed that risk aversion, security education, and perceived ability in finding information online were positively associated with WSE among older adults. No relationship was found between social connectedness and attitude towards unsolicited e-mail senders. Journal: Journal of Information Privacy and Security Pages: 158-173 Issue: 3 Volume: 11 Year: 2015 Month: 7 X-DOI: 10.1080/15536548.2015.1073534 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1073534 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:3:p:158-173 Template-Type: ReDIF-Article 1.0 Author-Name: Mohammad S. Eyadat Author-X-Name-First: Mohammad S. Author-X-Name-Last: Eyadat Title: Information Security: SETA Program Status at Jordanian Universities Abstract: An information security education awareness training (SETA) program is considered one of the key factors for making the information technology environment more secure and efficient. This research aimed at investigating and determining the status of the SETA program in Jordanian universities. The findings indicated an alarmingly high rate of unawareness of security, with no education and training programs available in the surveyed Jordanian universities. The lack of adequate knowledge and security implementation among the majority of the communities of the surveyed universities showed the need of a well-designed SETA program in Jordanian universities. Journal: Journal of Information Privacy and Security Pages: 174-181 Issue: 3 Volume: 11 Year: 2015 Month: 7 X-DOI: 10.1080/15536548.2015.1073535 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1073535 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:3:p:174-181 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with Allen Hsieh, Business Consultant, China Journal: Journal of Information Privacy and Security Pages: 182-183 Issue: 3 Volume: 11 Year: 2015 Month: 7 X-DOI: 10.1080/15536548.2015.1073536 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1073536 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:3:p:182-183 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: Introduction to Computer Security, by M. T. Goodrich and R. Tamassia Journal: Journal of Information Privacy and Security Pages: 184-186 Issue: 3 Volume: 11 Year: 2015 Month: 7 X-DOI: 10.1080/15536548.2015.1073538 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1073538 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:3:p:184-186 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 4 Volume: 8 Year: 2012 Month: 10 X-DOI: 10.1080/15536548.2012.10845663 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845663 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:4:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Ludwig Slusky Author-X-Name-First: Ludwig Author-X-Name-Last: Slusky Author-Name: Parviz Partow-Navid Author-X-Name-First: Parviz Author-X-Name-Last: Partow-Navid Title: Students Information Security Practices and Awareness Abstract: As cyber threats continue to grow at an exponential rate, the need for training in information security awareness spreads far beyond the Information Technology college curriculum. Information Security proliferates into various domains of knowledge and becomes more context-aware. Consequently, the training in information awareness at a college level must cater more specifically to students' practices. This paper presents the results of the Information Security survey conducted among students of the College of Business and Economics at California State University, Los Angeles in spring 2011. The survey revealed several characteristics of students' practices and their awareness of risks and countermeasures related to computer skills, mobile computing, loss and encryption of data, online social networking, awareness training, correlation between practice and awareness, and others. The survey also revealed that the major problem with security awareness is not due to a lack of security knowledge, but in the way the students apply that knowledge in real-world situations. Simply, the compliance with information security awareness is lower than the understanding of it. The findings discussed in this paper are provided to assist colleges in designing curriculum that includes more context-based Information Security training. Journal: Journal of Information Privacy and Security Pages: 3-26 Issue: 4 Volume: 8 Year: 2012 Month: 10 X-DOI: 10.1080/15536548.2012.10845664 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845664 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:4:p:3-26 Template-Type: ReDIF-Article 1.0 Author-Name: Saini Das Author-X-Name-First: Saini Author-X-Name-Last: Das Author-Name: Arunabha Mukhopadhyay Author-X-Name-First: Arunabha Author-X-Name-Last: Mukhopadhyay Author-Name: Manoj Anand Author-X-Name-First: Manoj Author-X-Name-Last: Anand Title: Stock Market Response to Information Security Breach: A Study Using Firm and Attack Characteristics Abstract: The recent global surge in information security breaches emphasizes the importance of their impact determination for proper risk assessment. In this paper we used event study to compute the cumulative abnormal response (CAR) of the stock market to publicly announced breaches on a sample of Indian and US firms. We also used linear regression and moderation analysis to identify the factors that affect CAR individually and in combination with each other. From regression analysis, firm type, firm size and Damage Potency of the attack emerged as factors that individually impacted CAR. Further, moderation analysis revealed that Denial of Service attacks on e-commerce companies and information theft attacks on BFSI companies generated significantly negative CAR. We also observed that if a subsidiary company is breached, then the parent's stock market performance is not significantly negatively impacted. However, if a vendor suffers a breach, then the client is significantly negatively affected in the stock market. Journal: Journal of Information Privacy and Security Pages: 27-55 Issue: 4 Volume: 8 Year: 2012 Month: 10 X-DOI: 10.1080/15536548.2012.10845665 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845665 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:4:p:27-55 Template-Type: ReDIF-Article 1.0 Author-Name: Wingyan Chung Author-X-Name-First: Wingyan Author-X-Name-Last: Chung Author-Name: Lewis Hershey Author-X-Name-First: Lewis Author-X-Name-Last: Hershey Title: Enhancing Information Privacy and Data Sharing in a Healthcare IT Firm: The Case of Ricerro Communications Abstract: Information privacy and data sharing are two conflicting but important data management concerns. As more data are shared among stakeholders, the design of information systems (IS) often emphasizes on data sharing at the expense of information privacy. Unfortunately, existing IS research on designing tools to enhance information privacy is isolated from actual use of the tools. In this research, we examined the design of a data sharing system in a real-world company. The company, Ricerro Communications, Inc., produces and markets wearable communications devices used mainly in healthcare organizations. Poor data sharing in Ricerro's multiple systems resulted in loss of information privacy and security and inefficiency, seriously affecting customer relationship management. A consulting team has analyzed Ricerro's needs, gathered stakeholder requirements, and developed a privacy-enhancing data integration solution, which consists of database schema integration and data migration from various sources to a Web-based transaction processing system. Through this industry case, we illustrate how our developed principles and guidelines for designing IT artifacts incorporate the benefits of information privacy and data sharing. Journal: Journal of Information Privacy and Security Pages: 56-78 Issue: 4 Volume: 8 Year: 2012 Month: 10 X-DOI: 10.1080/15536548.2012.10845666 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845666 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:4:p:56-78 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Expert Opinion- Part 4 Interview with: Joseph Neuman CEO GotApps.com Journal: Journal of Information Privacy and Security Pages: 79-80 Issue: 4 Volume: 8 Year: 2012 Month: 10 X-DOI: 10.1080/15536548.2012.10845667 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845667 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:4:p:79-80 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: Corporate Computer and Network Security Journal: Journal of Information Privacy and Security Pages: 81-84 Issue: 4 Volume: 8 Year: 2012 Month: 10 X-DOI: 10.1080/15536548.2012.10845668 File-URL: http://hdl.handle.net/10.1080/15536548.2012.10845668 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:8:y:2012:i:4:p:81-84 Template-Type: ReDIF-Article 1.0 Author-Name: Changchit Chuleeporn Author-X-Name-First: Changchit Author-X-Name-Last: Chuleeporn Title: Online Privacy, Information Security and Security Investment Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 6 Year: 2010 Month: 1 X-DOI: 10.1080/15536548.2010.10855878 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855878 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Cho Hichang Author-X-Name-First: Cho Author-X-Name-Last: Hichang Title: Determinants of Behavioral Responses to Online Privacy: The Effects of Concern, Risk Beliefs, Self-Efficacy, and Communication Sources on Self-Protection Strategies Abstract: This study identifies the underlying dimensions of privacy protection behavior and examines how it is selectively influenced by central theoretical constructs such as affect/attitude (operationalized here as privacy concern), cognitive beliefs (risk beliefs and self-efficacy beliefs), and external factors (communication effects) pertaining to online privacy. The findings reveal three unique dimensions of privacy protection behavior (i.e., opt-out, proactive, and use of privacy enhancing technologies [PET]). The results, based on survey data (n = 836), reveal that privacy concerns, risk beliefs, and self efficacy have a significant impact on self-protective action, though their impact varies across the types of behavioral strategy. While opt-out and proactive protection strategies were mainly influenced by privacy concern, the use of PET was directly influenced by risk beliefs (perceived vulnerability) and self-efficacy beliefs. Communication factors figured as an antecedent to risk beliefs (personal- and societal-level risk judgments). The theoretical and practical implications of the findings are discussed. Journal: Journal of Information Privacy and Security Pages: 3-27 Issue: 1 Volume: 6 Year: 2010 Month: 1 X-DOI: 10.1080/15536548.2010.10855879 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855879 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:1:p:3-27 Template-Type: ReDIF-Article 1.0 Author-Name: Zhang Feng Author-X-Name-First: Zhang Author-X-Name-Last: Feng Author-Name: Dayarathn Rasika Author-X-Name-First: Dayarathn Author-X-Name-Last: Rasika Title: Is Your Email Box Safe? Abstract: Electronic mail (email) is a widely adopted communication mechanism often used to communicate sensitive and confidential information. Therefore, safeguarding the security of email accounts and letters has become an important issue. There are frequent media reports pertaining to security problems with email accounts. Therefore, studies on strengths, limitations, and possible improvements about email security are essential. This paper examined security and privacy protection mechanisms of four leading email service providers: Gmail, Yahoo Mail, Hotmail, and AOL Mail. A number of observations and experiments were conducted in order to understand existing security and privacy protection mechanisms of these providers. After that, this paper proposes some recommended protection mechanisms, which can be implemented by service providers, system developers, and email users. This study also explores several research avenues for academia. Journal: Journal of Information Privacy and Security Pages: 28-52 Issue: 1 Volume: 6 Year: 2010 Month: 1 X-DOI: 10.1080/15536548.2010.10855880 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855880 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:1:p:28-52 Template-Type: ReDIF-Article 1.0 Author-Name: Cavusoglu Hasan Author-X-Name-First: Cavusoglu Author-X-Name-Last: Hasan Title: Making Sound Security Investment Decisions Abstract: Despite the fundamental importance of information security, organizations make less than optimal investments in it. Since neither under or overinvestment are desirable, organizations should understand barriers that adversely affect their decision-making processes, and may prevent sound investment decisions in the context of information security. In this paper, we highlight major obstacles that decision-makers face when making investment decisions pertaining to information security and suggest ways to deal with those obstacles. Journal: Journal of Information Privacy and Security Pages: 53-71 Issue: 1 Volume: 6 Year: 2010 Month: 1 X-DOI: 10.1080/15536548.2010.10855881 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855881 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:1:p:53-71 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Peter Ells Director of Strategic Alliances, SoftwareONE Journal: Journal of Information Privacy and Security Pages: 72-74 Issue: 1 Volume: 6 Year: 2010 Month: 1 X-DOI: 10.1080/15536548.2010.10855882 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855882 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:1:p:72-74 Template-Type: ReDIF-Article 1.0 Author-Name: Ellen Weave Author-X-Name-First: Ellen Author-X-Name-Last: Weave Title: Groundswell: Winning in a World Transformed by Social Technologies Journal: Journal of Information Privacy and Security Pages: 75-78 Issue: 1 Volume: 6 Year: 2010 Month: 1 X-DOI: 10.1080/15536548.2010.10855883 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855883 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:1:p:75-78 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Security Protection and Management Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 4 Volume: 4 Year: 2008 Month: 10 X-DOI: 10.1080/2333696X.2008.10855848 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855848 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:4:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Sunil Hazari Author-X-Name-First: Sunil Author-X-Name-Last: Hazari Author-Name: William Hargrave Author-X-Name-First: William Author-X-Name-Last: Hargrave Author-Name: Beth Clenney Author-X-Name-First: Beth Author-X-Name-Last: Clenney Title: An Empirical Investigation of Factors Influencing Information Security Behavior Abstract: The topic of information security has been studied mostly in the context of organizational and enterprise security. Today, organizational employees who are also home users of computing technology are vulnerable to security breaches unless they abide by company policy to use safeguards such as firewalls and antivirus programs. It is important to understand factors that influence Work Related Home Computing (WRHC) users to maintain information security. This study uses Ajzen’s Theory of Planned Behavior to investigate factors related to WRHC users’ information security awareness. Demographic characteristics, attitudes, subjective norm, and perceived behavioral control that affect behavioral intention were studied to identify determinants of information security behavior. It was found that intention to maintain information security behavior was predicted mostly by exogenous variables of attitude and confidence of participants in the study. Journal: Journal of Information Privacy and Security Pages: 3-20 Issue: 4 Volume: 4 Year: 2008 Month: 10 X-DOI: 10.1080/2333696X.2008.10855849 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855849 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:4:p:3-20 Template-Type: ReDIF-Article 1.0 Author-Name: S. Malliga Author-X-Name-First: S. Author-X-Name-Last: Malliga Author-Name: A. Tamilarasi Author-X-Name-First: A. Author-X-Name-Last: Tamilarasi Title: A Distributed Defensive Architecture for DoS/DDoS Attacks Abstract: Denial of Service (DoS) and Distributed DoS (DDoS) attacks pose a great security threat to the availability of Internet resources to users. Despite research efforts, progress in solving these flooding attacks is limited. Present techniques place the burden of detection on the violated machines. To address this situation, an integrated defense solution, implemented in a distributed manner throughout the network to prevent, detect, filter and rate limit is essential. Such a distributed system requires integration of various components to perform the aforementioned tasks. This paper advocates a distributed architecture of heterogeneous entities, placed at various points of a network working co-operatively to yield an effective defense against the attacks. Through analysis, we prove our system offers very little bandwidth to attack traffic while maximizing the bandwidth to legitimate traffic. Our system also saves significant CPU cycles by detecting and filtering the spoofed traffic at the earliest possible time. Instead of a single point of deployment, we find that this shift to a new paradigm outperforms the previously existing techniques. Journal: Journal of Information Privacy and Security Pages: 21-44 Issue: 4 Volume: 4 Year: 2008 Month: 10 X-DOI: 10.1080/2333696X.2008.10855850 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855850 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:4:p:21-44 Template-Type: ReDIF-Article 1.0 Author-Name: Hennie Kruger Author-X-Name-First: Hennie Author-X-Name-Last: Kruger Author-Name: Tjaart Steyn Author-X-Name-First: Tjaart Author-X-Name-Last: Steyn Author-Name: B. Dawn Medlin Author-X-Name-First: B. Author-X-Name-Last: Dawn Medlin Author-Name: Lynette Drevin Author-X-Name-First: Lynette Author-X-Name-Last: Drevin Title: An Empirical Assessment of Factors Impeding Effective Password Management Abstract: Since passwords are one of the main mechanisms used to protect data and information, it is important to ensure that passwords are managed correctly and that those factors which will have a significant impact on password management are identified and prioritized. Therefore, in order for an information and communication technology (ICT) overall security program to be successful, a security awareness program or component must be included. The aim of this paper is to perform an exploratory study with the objective of introducing certain fundamental causes that may impact password management. Empirical results, followed by a survey as well as the application of several management science techniques are presented. Journal: Journal of Information Privacy and Security Pages: 45-59 Issue: 4 Volume: 4 Year: 2008 Month: 10 X-DOI: 10.1080/2333696X.2008.10855851 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855851 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:4:p:45-59 Template-Type: ReDIF-Article 1.0 Author-Name: Kian Kim Lim Author-X-Name-First: Kian Author-X-Name-Last: Kim Lim Title: Interview with: Meng Chow Kang, CISSP, CISA Convener, ISO/IEC JTC 1/SC 27/WG 4-Security Controls and Services Standards Working Group Journal: Journal of Information Privacy and Security Pages: 60-63 Issue: 4 Volume: 4 Year: 2008 Month: 10 X-DOI: 10.1080/2333696X.2008.10855852 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855852 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:4:p:60-63 Template-Type: ReDIF-Article 1.0 Author-Name: James K. Fugate Author-X-Name-First: James K. Author-X-Name-Last: Fugate Title: CyberRegs - A Business Guide to Web Property, Privacy, and Patents Journal: Journal of Information Privacy and Security Pages: 64-65 Issue: 4 Volume: 4 Year: 2008 Month: 10 X-DOI: 10.1080/2333696X.2008.10855853 File-URL: http://hdl.handle.net/10.1080/2333696X.2008.10855853 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:4:y:2008:i:4:p:64-65 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Trust, Acceptance, and Data Sanitization Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 3 Volume: 7 Year: 2011 Month: 7 X-DOI: 10.1080/15536548.2011.10855914 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855914 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:3:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Byung Cho Kim Author-X-Name-First: Byung Author-X-Name-Last: Cho Kim Author-Name: Lara Khansa Author-X-Name-First: Lara Author-X-Name-Last: Khansa Author-Name: Tabitha James Author-X-Name-First: Tabitha Author-X-Name-Last: James Title: Individual Trust and Consumer Risk Perception Abstract: This paper examines the relationship between trust and risk perceptions of online activities. Specifically, we study the impact of an individual’s trust of other people on the severity and certainty of risk, which in turn influence an individual’s risk perception. We administer a 23-item survey to 386 participants at a large southeastern university, and test our model using structural equation modeling. We find evidence that supports the proposed relationship, implying that perceived certainty of risk is negatively associated with trust of individuals and that both certainty and severity of risk have a positive impact on an individual’s risk perception. Our results indicate that users may underestimate risks when they interact with people they trust, suggesting the need for a higher level of protection for transactions between individuals who are familiar with each other. From a modeling perspective, our straightforward model of trust and risk could be used in future studies that examine specific online activities. Journal: Journal of Information Privacy and Security Pages: 3-22 Issue: 3 Volume: 7 Year: 2011 Month: 7 X-DOI: 10.1080/15536548.2011.10855915 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855915 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:3:p:3-22 Template-Type: ReDIF-Article 1.0 Author-Name: Barbara Hewitt Author-X-Name-First: Barbara Author-X-Name-Last: Hewitt Author-Name: Alexander McLeod Author-X-Name-First: Alexander Author-X-Name-Last: McLeod Title: Modeling Security in Acceptance of Electronic Health Record Systems Abstract: Transactional systems are ubiquitous in most industries; however, healthcare organizations continue to slowly diffuse Electronic Health Record (EHR) systems. This research integrates security features such as biometrics for authentication purposes, multiple access connections, and single sign-on systems into the Technology Acceptance Model to explore whether these features might improve user acceptance of EHR. Security potentially affects user perceptions of ease of use and usefulness, improving acceptance of EHR systems. This work contributes to the literature by exploring whether security features are important in shaping health care worker attitudes towards EHR systems. Journal: Journal of Information Privacy and Security Pages: 23-45 Issue: 3 Volume: 7 Year: 2011 Month: 7 X-DOI: 10.1080/15536548.2011.10855916 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855916 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:3:p:23-45 Template-Type: ReDIF-Article 1.0 Author-Name: Ashley L. Podhradsky Author-X-Name-First: Ashley L. Author-X-Name-Last: Podhradsky Author-Name: Kevin Streff Author-X-Name-First: Kevin Author-X-Name-Last: Streff Title: Testing Data Sanitization Practices of Retired Drives with The Digital Forensics Data Recovery Project Abstract: There are several empirical studies that have focused on the analysis of retired digital media on the secondary market. Gutmann highlighted data remanence in semiconductor devices, specifically disk drives, Garfinkel and Shelat, researchers from MIT conducted a study, “Remembrance of Data Passed: A Study of Disk Sanitization Practices, “ and Jones, et al have an ongoing research project initiated in 200. In the research studies listed above, they all identified sanitization issues with used media. All of their research had a historical impact on not only the technology community but the business community alike.This research paper is focused on taking data remanence a step further to analyze residual data on sanitized media within the secondary market. Prior research was analyzing any discarded media, this research aims to acquire drives in which due diligence has been taken to ensure data privacy. The specific research question this research will address is how effective is current data sanitization practices within key, regulated industries. Furthermore, if residual data is found, is there enough data available to comprise an identity. The researchers theorize that current practices are ineffective and private data of innocent individuals is being comprised.This research will introduce the Digital Forensics Recovery (DFDR) study, where five key industries-government, education, businesses, electronic recycle centers, and individual home users were targeted to test effectiveness of data sanitization practices with used media. This paper will report the case study findings while outlining future work for the study. Furthermore, this study seeks to bring the issue of liability and ownership of discarded data to light. Journal: Journal of Information Privacy and Security Pages: 46-63 Issue: 3 Volume: 7 Year: 2011 Month: 7 X-DOI: 10.1080/15536548.2011.10855917 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855917 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:3:p:46-63 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Ntoh O. Etta Director of Strategic Projects & Corporate Security at NetworkSolutions LLC Journal: Journal of Information Privacy and Security Pages: 64-66 Issue: 3 Volume: 7 Year: 2011 Month: 7 X-DOI: 10.1080/15536548.2011.10855918 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855918 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:3:p:64-66 Template-Type: ReDIF-Article 1.0 Author-Name: Ling Zhu Author-X-Name-First: Ling Author-X-Name-Last: Zhu Title: Privacy in Context: Technology, Policy, and the Integrity of Social Life Journal: Journal of Information Privacy and Security Pages: 67-71 Issue: 3 Volume: 7 Year: 2011 Month: 7 X-DOI: 10.1080/15536548.2011.10855919 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855919 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:3:p:67-71 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 161-163 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1394724 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1394724 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:161-163 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Future of privacy and security – the Four Horsemen Abstract: In this article, the author focuses on four key issues that are expected to impact the future of privacy and security. These have been labeled — the Four Horsemen, for obvious reasons. In our assessment, these topics or “horsemen” have the potential to change the fundamental tenets of our society. They impact our banking system, medical breakthroughs, use of the internet and web-enabled devices and services. Together, these topics touch the entire range of technical, regulatory, social, legal, and commercial issues. The Four Horsemen are Net Neutrality (and U.S. Internet Privacy Laws), Internet of Things (IoT), Human Genome (Medical), and Cryptocurrency. Journal: Journal of Information Privacy and Security Pages: 164-168 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1422421 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1422421 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:164-168 Template-Type: ReDIF-Article 1.0 Author-Name: Razieh Nokhbeh Zaeem Author-X-Name-First: Razieh Author-X-Name-Last: Nokhbeh Zaeem Author-Name: K. Suzanne Barber Author-X-Name-First: K. Suzanne Author-X-Name-Last: Barber Title: A study of web privacy policies across industries Abstract: Today, more than ever, companies collect their customers’ Personally Identifiable Information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ privacy practices. We thoroughly study privacy policies of 600 companies (10% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries and investigate 10 different privacy pertinent factors in them. The study reveals interesting trends: for example, more than 30% of the companies still lack privacy policies, and the rest tend to collect users’ information but claim to use it only for the intended purpose. Furthermore, almost one out of every two companies provides the collected information to law enforcement without asking for a warrant or subpoena. We found that the majority of the companies do not collect children’s PII, one out of every three companies lets users correct their PII but does not allow complete deletion, and the majority post new policies online and expect the user to check the privacy policy frequently. The findings of this study can help companies improve their privacy policies, enable lawmakers to create better regulations and evaluate their effectiveness, and finally educate users with respect to the current state of privacy practices in an industry. Journal: Journal of Information Privacy and Security Pages: 169-185 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1394064 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1394064 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:169-185 Template-Type: ReDIF-Article 1.0 Author-Name: Russell Lange Author-X-Name-First: Russell Author-X-Name-Last: Lange Author-Name: Eric W. Burger Author-X-Name-First: Eric W. Author-X-Name-Last: Burger Title: Long-term market implications of data breaches, not Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies’ stock, with a focus on the results relative to the performance of the firms’ peer industries, as represented through selected indices rather than the market as a whole. financial performance is considered over a range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer-term perspective on the impact of the breach announcement. Journal: Journal of Information Privacy and Security Pages: 186-206 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1394070 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1394070 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:186-206 Template-Type: ReDIF-Article 1.0 Author-Name: Lixuan Zhang Author-X-Name-First: Lixuan Author-X-Name-Last: Zhang Author-Name: Iryna Pentina Author-X-Name-First: Iryna Author-X-Name-Last: Pentina Author-Name: Wendy Fox Kirk Author-X-Name-First: Wendy Author-X-Name-Last: Fox Kirk Title: Who uses mobile apps to meet strangers: The roles of core traits and surface characteristics Abstract: Digital space continues to be a popular venue for meeting new people. However, little is known about who uses mobile context-aware social networking apps to initiate new relationships. This study investigates the roles of individual core traits and surface characteristics in the adoption of social discovery features on WeChat, a mobile social networking app in China. Analysis of survey data collected from 213 WeChat users finds the core traits of agreeableness and neuroticism to be negatively related to the use of these social discovery features. The surface characteristic of sensation seeking is positively related to the use of social discovery features, while the surface characteristic of loneliness is not. Based on the findings, directions for future research and implications for app developers and marketers are suggested. Journal: Journal of Information Privacy and Security Pages: 207-225 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1394072 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1394072 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:207-225 Template-Type: ReDIF-Article 1.0 Author-Name: Ashley A Cain Author-X-Name-First: Ashley A Author-X-Name-Last: Cain Author-Name: Jeremiah D Still Author-X-Name-First: Jeremiah D Author-X-Name-Last: Still Title: RSVP a temporal method for graphical authentication Abstract: We present a Rapid, Serial, Visual Presentation method (RSVP) for recognition-based graphical authentication. It presents a stream of rapid, degraded images, which makes the object recognition process difficult for casual attackers. Three studies investigated success rates for authenticating, RSVP’s resistance to over-the-shoulder attacks (OSAs), approaches for facilitating learnability, and effects of resetting a passcode. We found that participants could successfully authenticate and could not complete OSAs. Learnability was promoted by the presentation of degraded versions of the images during the memorization phase. When a passcode was reset, participants successfully retrained themselves even when the previous passcode was recycled as distractors. Journal: Journal of Information Privacy and Security Pages: 226-237 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1397263 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1397263 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:226-237 Template-Type: ReDIF-Article 1.0 Author-Name: Faruk Arslan Author-X-Name-First: Faruk Author-X-Name-Last: Arslan Author-Name: Niharika Dayyala Author-X-Name-First: Niharika Author-X-Name-Last: Dayyala Title: Cultural and Generational Influences on Information Privacy Concerns within Online Social Networks: An Empirical Evaluation of the Miltgen and Peyrat-Guillard Model Abstract: Growing use of the data generated via online social networking sites (SNS) for big data analytics renders the topic of information privacy as a critical concern and calls for a deeper investigation of individuals’ information privacy beliefs and behaviors. The primary goal of our research is to empirically test the effectiveness of the Miltgen and Peyrat-Guillard model in explaining the information privacy behavior of social network site users using a large-N sample from the European Union (EU). Results from the factor-based partial least squares - structural equation modeling (PLS-SEM) analysis provide partial support to this model. We elaborate on enhancements and discuss possible extensions to the model. Journal: Journal of Information Privacy and Security Pages: 238-259 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1412114 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1412114 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:238-259 Template-Type: ReDIF-Article 1.0 Author-Name: Tatyana Ryutov Author-X-Name-First: Tatyana Author-X-Name-Last: Ryutov Author-Name: Nicole Sintov Author-X-Name-First: Nicole Author-X-Name-Last: Sintov Author-Name: Mengtian Zhao Author-X-Name-First: Mengtian Author-X-Name-Last: Zhao Author-Name: Richard S. John Author-X-Name-First: Richard S. Author-X-Name-Last: John Title: Predicting information security policy compliance intentions and behavior for six employee-based risks Abstract: Employees’ non-compliance with organizational information security policies poses a significant threat to organizations. Enhancing our understanding of compliance behavior is crucial for improving security. Although research has identified numerous psychological factors that affect intentions to comply with security policies, how such intentions map onto actual compliance behavior is not well understood. Building on a well-supported model of security policy compliance intentions, we evaluate compliance with each of six types of information security policies using decision vignettes, and compare parameters across models. The study contributes to information security compliance research by examining each risk separately and exploring heterogeneity across risk types. Journal: Journal of Information Privacy and Security Pages: 260-281 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1418632 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1418632 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:260-281 Template-Type: ReDIF-Article 1.0 Author-Name: Gundars Kaupins Author-X-Name-First: Gundars Author-X-Name-Last: Kaupins Author-Name: Janet Stephens Author-X-Name-First: Janet Author-X-Name-Last: Stephens Title: Development of Internet of Things-Related Monitoring Policies Abstract: The Internet of Things (IoT) is a loosely defined term describing internet-connected sensors that among other capabilities enable companies to monitor individuals. New privacy-related challenges can arise when sensors communicate with each other. These challenges call for changes to corporate privacy policies to incorporate potential IoT issues and guidance. This research investigates existing privacy policies and IoT-related research to provide IoT privacy policy recommendations. Privacy policy questions include: Who or what is notified of monitoring? When and where should there be expectations of privacy? Why and how is user data collected and how should monitoring problems be communicated? The analysis concludes with IoT-related privacy policy recommendations. Journal: Journal of Information Privacy and Security Pages: 282-295 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1419014 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1419014 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:282-295 Template-Type: ReDIF-Article 1.0 Author-Name: Zareef A. Mohammed Author-X-Name-First: Zareef A. Author-X-Name-Last: Mohammed Author-Name: Gurvirender P. Tejay Author-X-Name-First: Gurvirender P. Author-X-Name-Last: Tejay Author-Name: Joseph Squillace Author-X-Name-First: Joseph Author-X-Name-Last: Squillace Title: Utilizing normative theories to develop ethical actions for better privacy practices Abstract: This study examines the privacy practices of organizations. We argue that successful deployment of privacy practices based on ethical actions will strengthen privacy protection measures to better protect clients’ PII. We propose a set of ethical actions based on six normative theories following multiple case study approach to study three prominent data breaches. Our analysis indicates that ethical actions based on normative theories can be effective in developing better privacy practices for organizations. The theory that has the strongest effect on privacy practices is the deontological approach, while the liberal-intuitive has the weakest effect on privacy practices. Journal: Journal of Information Privacy and Security Pages: 296-315 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1419018 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1419018 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:296-315 Template-Type: ReDIF-Article 1.0 Author-Name: Faruk Arslan Author-X-Name-First: Faruk Author-X-Name-Last: Arslan Title: Bazzell, M., & Carroll, J. (2016). The Complete Privacy & Security Desk Reference-Volume I Digital. United States of America: CreateSpace Independent Publishing Platform, 478 pp Journal: Journal of Information Privacy and Security Pages: 316-318 Issue: 4 Volume: 13 Year: 2017 Month: 10 X-DOI: 10.1080/15536548.2017.1394060 File-URL: http://hdl.handle.net/10.1080/15536548.2017.1394060 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:13:y:2017:i:4:p:316-318 Template-Type: ReDIF-Article 1.0 Author-Name: Dharma P. Agrawal Author-X-Name-First: Dharma P. Author-X-Name-Last: Agrawal Title: Special Issue on Secured Communication in Wireless and Wired Networks Journal: Journal of Information Privacy and Security Pages: 59-61 Issue: 2 Volume: 11 Year: 2015 Month: 4 X-DOI: 10.1080/15536548.2015.1044863 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1044863 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:2:p:59-61 Template-Type: ReDIF-Article 1.0 Author-Name: Xiaoen Ju Author-X-Name-First: Xiaoen Author-X-Name-Last: Ju Author-Name: Kang G. Shin Author-X-Name-First: Kang G. Author-X-Name-Last: Shin Title: Location Privacy Protection for Smartphone Users Using Quadtree Entropy Maps Abstract: The ever-increasing popularity of location-based services poses a serious threat to users’ location privacy. Most protection systems, however, rely on an anonymization server, which itself becomes one source of untrustworthiness. This article presents EMP2—a new location privacy protection scheme based on a quadtree entropy map, enabling the protection of users’ location privacy only with their smartphones. EMP2 accurately estimates the uncertainty of users' intended destinations and dynamically adjusts the protection level to defend against sophisticated inference attacks based on query correlation. Our evaluation demonstrates that EMP2 can effectively protect users’ location privacy with reasonable computation time and resource consumption. Journal: Journal of Information Privacy and Security Pages: 62-79 Issue: 2 Volume: 11 Year: 2015 Month: 4 X-DOI: 10.1080/15536548.2015.1045372 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1045372 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:2:p:62-79 Template-Type: ReDIF-Article 1.0 Author-Name: Pallavi Meharia Author-X-Name-First: Pallavi Author-X-Name-Last: Meharia Author-Name: Dharma P. Agrawal Author-X-Name-First: Dharma P. Author-X-Name-Last: Agrawal Title: The Human Key: Identification and Authentication in Wearable Devices Using Gait Abstract: With the advent of wearable devices and the commonality of on-body monitoring devices, a future is anticipated in which the body-area networks will become commonplace in daily life. It is envisioned that the whole process will be automated wherein a user wearing such a device automatically enables the associated security mechanism and establishes communication between that user and her surroundings. This article addresses a technique to identify the wearer of the device and proposes an encryption scheme for secure communication, allowing for identification and authentication before establishing communication. It suggests using gait as a metric for identity association using wearable sensors. Journal: Journal of Information Privacy and Security Pages: 80-96 Issue: 2 Volume: 11 Year: 2015 Month: 4 X-DOI: 10.1080/15536548.2015.1046286 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1046286 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:2:p:80-96 Template-Type: ReDIF-Article 1.0 Author-Name: Jeffrey Medsger Author-X-Name-First: Jeffrey Author-X-Name-Last: Medsger Author-Name: Avinash Srinivasan Author-X-Name-First: Avinash Author-X-Name-Last: Srinivasan Author-Name: Jie Wu Author-X-Name-First: Jie Author-X-Name-Last: Wu Title: Information Theoretic and Statistical Drive Sanitization Models Abstract: Current drive sanitization techniques employ little or no intelligence to determine if the area being sanitized, with data overwriting, actually contains sensitive resident data. All data blocks in the target area are sanitized, utilizing brute-force sanitization techniques of one to several wipe passes. In reality, a significant number of drives needing sanitization may contain areas with no sensitive data—or even any data. Consequently, sanitizing such areas is counterintuitive and counterproductive. This article proposes two information-theoretic techniques—ERASE and ERASERS, which utilize an entropy measurement of data blocks for quick and effective drive sanitization. The first technique, ERASE, computes the entropy of each data block in the target area. Subsequently, all data blocks, which have an entropy within the user-specified sensitivity range, are wiped. The second technique, ERASERS, which is an extension of ERASE, employs random sampling to enhance the speed performance of ERASE. To achieve this goal, ERASERS divides the target area into subpopulations, performs random sampling of blocks from each subpopulation, and computes the entropy of each sampled block. If the entropy of any sampled block, within a subpopulation, is within the user-specified sensitive entropy range, the entire subpopulation is wiped. Journal: Journal of Information Privacy and Security Pages: 97-117 Issue: 2 Volume: 11 Year: 2015 Month: 4 X-DOI: 10.1080/15536548.2015.1045380 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1045380 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:2:p:97-117 Template-Type: ReDIF-Article 1.0 Author-Name: B. B. Gupta Author-X-Name-First: B. B. Author-X-Name-Last: Gupta Author-Name: S. Gupta Author-X-Name-First: S. Author-X-Name-Last: Gupta Author-Name: S. Gangwar Author-X-Name-First: S. Author-X-Name-Last: Gangwar Author-Name: M. Kumar Author-X-Name-First: M. Author-X-Name-Last: Kumar Author-Name: P. K. Meena Author-X-Name-First: P. K. Author-X-Name-Last: Meena Title: Cross-Site Scripting (XSS) Abuse and Defense: Exploitation on Several Testing Bed Environments and Its Defense Abstract: Today cyber physical systems (CPS) facilitate physical world devices to integrate with several Internet data sources and services. In the contemporary era of Web 2.0 technologies, web applications are being developed on several advanced technologies (e.g., AJAX, JavaScript, Flash, ASP.net). However, due to the frequent usage in daily life, web applications are constantly under attack. Cross-site scripting (XSS) attacks are presently the most exploited security problems in the modern web applications. XSS attacks are generally caused by the improper sanitization of user-supplied input on the applications. These attacked use vulnerabilities in the source code, resulting in serious consequences such as stealing of session-identifications embedded in cookies, passwords, credit card numbers, and several other related personal credentials. This article describes a three-fold approach: 1) testing the vulnerabilities of XSS attack on the local host server Apache Tomcat by utilizing the malicious scripts from XSS cheat sheet website; 2) exploiting the same vulnerabilities on Web Goat; and 3) exploiting encoded versions of the injected scripts for testing the level of XSS attack prevention capability. Based on the observed results, further work is also discussed. Journal: Journal of Information Privacy and Security Pages: 118-136 Issue: 2 Volume: 11 Year: 2015 Month: 4 X-DOI: 10.1080/15536548.2015.1044865 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1044865 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:2:p:118-136 Template-Type: ReDIF-Article 1.0 Author-Name: Dehghantanha Ali Author-X-Name-First: Dehghantanha Author-X-Name-Last: Ali Title: Mining the Social Web: Data Mining Facebook, Twitter, LinkedIn, Google+, Github, and More, by Matthew A. Russell Journal: Journal of Information Privacy and Security Pages: 137-138 Issue: 2 Volume: 11 Year: 2015 Month: 4 X-DOI: 10.1080/15536548.2015.1046287 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1046287 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:2:p:137-138 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 10 Year: 2014 Month: 1 X-DOI: 10.1080/15536548.2014.912473 File-URL: http://hdl.handle.net/10.1080/15536548.2014.912473 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Spyros T. Halkidis Author-X-Name-First: Spyros T. Author-X-Name-Last: Halkidis Author-Name: Alexander Chatzigeorgiou Author-X-Name-First: Alexander Author-X-Name-Last: Chatzigeorgiou Author-Name: George Stephanides Author-X-Name-First: George Author-X-Name-Last: Stephanides Title: Brief Review of Software Security History with an Emphasis on Efforts Focused at Early Stages of the Software Lifecycle Abstract: The importance of software security has been profound recently. The main issue during the early efforts of the late 90s was how to counterattack the buffer overflows problem. However, emphasis has recently shifted on how to counterfeit software attacks at the design level starting with the introduction of security patterns. We have qualitatively analyzed the most important security patterns, and quantitatively evaluated software systems based on their design, using fuzzy risk analysis, based on the security patterns they contain and the STRIDE model of attacks. Additionally, we have analyzed the effectiveness of code obfuscation techniques, which we think is a starting point for future research. Journal: Journal of Information Privacy and Security Pages: 3-27 Issue: 1 Volume: 10 Year: 2014 Month: 1 X-DOI: 10.1080/15536548.2014.912481 File-URL: http://hdl.handle.net/10.1080/15536548.2014.912481 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:1:p:3-27 Template-Type: ReDIF-Article 1.0 Author-Name: Hwee-Joo Kam Author-X-Name-First: Hwee-Joo Author-X-Name-Last: Kam Author-Name: Pairin Katerattanakul Author-X-Name-First: Pairin Author-X-Name-Last: Katerattanakul Title: Information Security in Higher Education: A Neo-Institutional Perspective Abstract: External pressures could be a compelling force that drives higher education institutions to attain information security. Drawing on the neo-institutional theory, this study examined how the three external expectations: regulative, normative, and cognitive expectations drive the higher education of the United States to attain information security. The research findings suggest that, through regulatory and social normative pressure, cognitive expectation indirectly promotes information security in higher education. That is, cognitive expectation or stakeholder’s perception of higher education determines information security in higher education by harnessing the coercive force of regulatory pressure and leveraging the pressure of meeting social normative expectation. Journal: Journal of Information Privacy and Security Pages: 28-43 Issue: 1 Volume: 10 Year: 2014 Month: 1 X-DOI: 10.1080/15536548.2014.912482 File-URL: http://hdl.handle.net/10.1080/15536548.2014.912482 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:1:p:28-43 Template-Type: ReDIF-Article 1.0 Author-Name: Mohammed Kaosar Author-X-Name-First: Mohammed Author-X-Name-Last: Kaosar Author-Name: Quazi Mamun Author-X-Name-First: Quazi Author-X-Name-Last: Mamun Title: Privacy-Preserving Interest Group Formation in Online Social Networks (OSNs) Using Fully Homomorphic Encryption Abstract: In online social networks (OSNs), interest groups are becoming increasingly popular due to the growth of social networking sites and their users. These groups can serve various purposes including political, professional, and religious interests. These interest group formation procedures involve the disclosure of user identities and interests, which can be considered as a violation of privacy. To date, no significant and effective research has addressed this issue so that the OSN users can form groups securely. This study proposes a cryptography-based privacy-preserving solution that will allow users to form groups by disclosing neither their identities nor their interests. Even users within the group will enjoy the privacy-preserving communication if they want. This study also show that this fully homomorphic encryption-based proposed solution is secure against some possible attacks. Journal: Journal of Information Privacy and Security Pages: 44-52 Issue: 1 Volume: 10 Year: 2014 Month: 1 X-DOI: 10.1080/15536548.2014.912909 File-URL: http://hdl.handle.net/10.1080/15536548.2014.912909 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:1:p:44-52 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: Information Technology Control and Audit (4th ed.) by Sandra Senft,Frederick Gallegos, and Aleksandra Davis Journal: Journal of Information Privacy and Security Pages: 53-55 Issue: 1 Volume: 10 Year: 2014 Month: 1 X-DOI: 10.1080/15536548.2014.912474 File-URL: http://hdl.handle.net/10.1080/15536548.2014.912474 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:1:p:53-55 Template-Type: ReDIF-Article 1.0 Author-Name: Kumar Anil Author-X-Name-First: Kumar Author-X-Name-Last: Anil Author-Name: Kumar Poonam Author-X-Name-First: Kumar Author-X-Name-Last: Poonam Title: Issues and Challenges of the Diffusion of Web 2.0 on User Privacy Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 2 Volume: 6 Year: 2010 Month: 4 X-DOI: 10.1080/15536548.2010.10855884 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855884 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:2:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Kumar Anil Author-X-Name-First: Kumar Author-X-Name-Last: Anil Author-Name: Kumar Poonam Author-X-Name-First: Kumar Author-X-Name-Last: Poonam Title: Managing Privacy of User Generated Information in a Web 2.0 World Abstract: Web 2.0 based social networking services (SNSs) have experienced phenomenal growth in the last several years. The potential economic benefits created by the growth of these SNSs have been accompanied by challenges to managing privacy of user-generated information. As the growth of these SNSs continues organizations struggle to cope with managing privacy of user generated information. This paper identifies three principles that if followed will help an organization ensure that privacy of user generated information on SNSs is managed effectively. Failure to address privacy by SNSs can lead to legal challenges by users, privacy advocacy groups, society and the government. Increased legislation that is harsh and unpopular will limit SNSs from exploiting economic opportunities and users of these applications can end up losing a potential source of sharing data with friends and family. Journal: Journal of Information Privacy and Security Pages: 3-16 Issue: 2 Volume: 6 Year: 2010 Month: 4 X-DOI: 10.1080/15536548.2010.10855885 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855885 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:2:p:3-16 Template-Type: ReDIF-Article 1.0 Author-Name: Gray Deborah M. Author-X-Name-First: Gray Author-X-Name-Last: Deborah M. Author-Name: Christiansen Linda Author-X-Name-First: Christiansen Author-X-Name-Last: Linda Title: A Call to Action: The Privacy Dangers Adolescents Face through Use of Facebook.com Abstract: Adolescents today will spend the equivalent of 23 years of their lifetime on the Internet; 10 years of that span will be spent on social networking sites like Facebook and MySpace. Research has been conducted that suggests teens are largely unaware and unconcerned about protecting their privacy online. They are also unaware of the future implications of creating a digital footprint in today’s online legal environment. In fact, industry reports suggest teens openly divulge risky behavior on their social networking web pages. Currently in the U.S., adolescents between the ages of 13 and 18 are treated as adults in terms of information privacy law. The Children’s Online Privacy Protection Act (COPPA) law currently restricts data collection from children under the age of 13, but does not restrict data collection from teens 13 or older. Conventional wisdom suggests businesses, policy makers, educators, and parents should be informed of social networking uses that will have a negative future impact on adolescents. No research has been conducted that explores the complexity of privacy policies that apply to this privacy-naive segment of the market. This paper advances teen information privacy research by reviewing current research, comparing the complexity of privacy policies as they apply to the COPPA law and addressing the immediate need for future research. Journal: Journal of Information Privacy and Security Pages: 17-32 Issue: 2 Volume: 6 Year: 2010 Month: 4 X-DOI: 10.1080/15536548.2010.10855886 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855886 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:2:p:17-32 Template-Type: ReDIF-Article 1.0 Author-Name: Rossi Camilla Author-X-Name-First: Rossi Author-X-Name-Last: Camilla Title: A Place for Friends? Abstract: This paper presents part of a two-year research carried on the social networking site MySpace.com to examine the perception of MySpace as a “place for friends.” A qualitative methodology using observation and interviews was used to examine the perceptions of 29 Italian and American music-related MySpace users. What emerges from the findings is a widespread users’ perception of MySpace as a friendly environment, where information must and can be disclosed. A grounded study on this perception of friendliness is used to present an analysis of the elements that constitute this perception. The element of surveillance that has been widely accounted for in literature is present in this perception, though what emerges to be potentially dangerous for privacy is one’s own deliberate disclosure of information, which might be related to the perception of finding oneself in a harmless environment. Based on the findings of this exploratory study, the paper highlights directions for future research to understand the dangers and perception of privacy disclosure online, and, in particular, on social networking sites. Journal: Journal of Information Privacy and Security Pages: 33-51 Issue: 2 Volume: 6 Year: 2010 Month: 4 X-DOI: 10.1080/15536548.2010.10855887 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855887 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:2:p:33-51 Template-Type: ReDIF-Article 1.0 Author-Name: Anil Kumar Author-X-Name-First: Anil Author-X-Name-Last: Kumar Title: Interview with: Rainey Reitman Director of Communications Privacy Rights Clearinghouse Journal: Journal of Information Privacy and Security Pages: 52-56 Issue: 2 Volume: 6 Year: 2010 Month: 4 X-DOI: 10.1080/15536548.2010.10855888 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855888 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:2:p:52-56 Template-Type: ReDIF-Article 1.0 Author-Name: Anil Kumar Author-X-Name-First: Anil Author-X-Name-Last: Kumar Title: Understanding Privacy Journal: Journal of Information Privacy and Security Pages: 57-58 Issue: 2 Volume: 6 Year: 2010 Month: 4 X-DOI: 10.1080/15536548.2010.10855889 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855889 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:2:p:57-58 Template-Type: ReDIF-Article 1.0 Author-Name: John D. Chenoweth Author-X-Name-First: John D. Author-X-Name-Last: Chenoweth Title: Issues of Coordination and Compliance in Complex Systems Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 3 Volume: 1 Year: 2005 Month: 7 X-DOI: 10.1080/15536548.2005.10855770 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855770 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:3:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Rahul Bhaskar Author-X-Name-First: Rahul Author-X-Name-Last: Bhaskar Title: A Proposed Integrated Framework for Coordinating Computer Security Incident Response Team Abstract: Traditionally, computer security incident response teams (CSIRT) are expected to respond to hacking incidents, rogue employees, or virus outbreaks. Recently, they are maturing into a critical tool for maintaining business operations, homeland security, and compliance with new regulations. Alberts et al (2004) define a CSIRT to be “a capability or team that provides services and support to a defined constituency for preventing, handling, and responding to computer security incidents.” Among the most important aims of these CSIRTs is a focus on processes related to incident and security management. A type of CSIRT called, “Coordinating CSIRTs (C-CSIRT) “ facilitate the handling of incidents, vulnerabilities, and general information across a variety of external and internal organizations. These C-CSIRTs play a crucial role in performing security and incident management across multiple organizations. Examples of these C-CSIRTs include AusCERT (Australia Computer Emergency Response Team) and CISCO PSIRT (CISCO Product Security Incident Response Team).The main focus of a C-CSIRT is to get its constituent organizations’ computer related infrastructure back to an operational state as soon as possible (Killcerece, 2003). This is done by concentrating primarily on incident, security and IT management. In our view, a C-CSIRT must include related processes such as communication with the public and media and the investigative processes that help to find the root causes of the attack to prevent not only irreparable harm to the public image and services of a business, but also recurring attacks. In the proposed framework, we integrate issues of communication and investigation into the processes that a C-CSIRT performs to fulfill its basic function of security, IT and incident management. Journal: Journal of Information Privacy and Security Pages: 3-17 Issue: 3 Volume: 1 Year: 2005 Month: 7 X-DOI: 10.1080/15536548.2005.10855771 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855771 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:3:p:3-17 Template-Type: ReDIF-Article 1.0 Author-Name: Mark Chan Author-X-Name-First: Mark Author-X-Name-Last: Chan Author-Name: Irene Woon Author-X-Name-First: Irene Author-X-Name-Last: Woon Author-Name: Atreyi Kankanhalli Author-X-Name-First: Atreyi Author-X-Name-Last: Kankanhalli Title: Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior Abstract: A large number of information security breaches in the workplace result from employees’ failure to comply with organizational information security guidelines. Recent surveys report that 78% of computer attacks appear in the form of viruses embedded in email attachments. Employees who open e-mail attachments from unknown sources risk infecting their own computers as well as other computers sharing the same network. Therefore, more attention needs to be paid to learning why non-compliant behavior takes place so that appropriate measures for curbing the occurrence of such behavior can be found. With such motivation in mind, this study examines the effects of social contextual factors on employees’ compliance with organizational security policies. The research model is developed based on concepts adapted from safety climate literature that has been used to explain the safe behavior of employees in organizations. Data was collected from a sample of 140 employees from two large IT intensive organizations using a 28- item survey instrument and analyzed using structured equation modeling. Management practices, supervisory practices, and coworker’s socialization were found to be positively related to employees’ perception of information security climate in the organization. Perception of security climate and self-efficacy had positive impacts on compliant behavior. Implications of this study for research and practice are discussed. Journal: Journal of Information Privacy and Security Pages: 18-41 Issue: 3 Volume: 1 Year: 2005 Month: 7 X-DOI: 10.1080/15536548.2005.10855772 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855772 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:3:p:18-41 Template-Type: ReDIF-Article 1.0 Author-Name: Sumit Chakraborty Author-X-Name-First: Sumit Author-X-Name-Last: Chakraborty Author-Name: Sushil Kumar Sharma Author-X-Name-First: Sushil Kumar Author-X-Name-Last: Sharma Title: Privacy Preserving Combinatorial Reverse Auction Protocol for a Market-Oriented Grid Based on Secure Group Communication Abstract: Negotiation is a means for intelligent agents of a market-oriented grid to communicate and compromise for reaching mutually beneficial agreements in terms of cost and quality of service. In this paper, we have presented a secure negotiation protocol for efficient management of resources in a market-oriented grid environment. The protocol enables both the resource providers and the resource consumers to find optimal deals in combinatorially and strategically complex settings through secure group communication. Preserving the privacy of the participants’ data is an important issue in this protocol. Journal: Journal of Information Privacy and Security Pages: 42-56 Issue: 3 Volume: 1 Year: 2005 Month: 7 X-DOI: 10.1080/15536548.2005.10855773 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855773 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:3:p:42-56 Template-Type: ReDIF-Article 1.0 Author-Name: John D. Chenoweth Author-X-Name-First: John D. Author-X-Name-Last: Chenoweth Title: Kelly Hansen, CEO, Neohapsis Inc. Journal: Journal of Information Privacy and Security Pages: 57-58 Issue: 3 Volume: 1 Year: 2005 Month: 7 X-DOI: 10.1080/15536548.2005.10855774 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855774 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:3:p:57-58 Template-Type: ReDIF-Article 1.0 Author-Name: John D. Chenoweth Author-X-Name-First: John D. Author-X-Name-Last: Chenoweth Title: Book Review: Secrets & Lies: Didtal Security in a Networked World Bruce Schneier, Wiley Publishing, 2000. Journal: Journal of Information Privacy and Security Pages: 59-60 Issue: 3 Volume: 1 Year: 2005 Month: 7 X-DOI: 10.1080/15536548.2005.10855775 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855775 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:3:p:59-60 Template-Type: ReDIF-Article 1.0 Author-Name: John Chenoweth Author-X-Name-First: John Author-X-Name-Last: Chenoweth Title: Asking the right question? Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 4 Volume: 2 Year: 2006 Month: 10 X-DOI: 10.1080/15536548.2006.10855800 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855800 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:4:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Gerald V. Post Author-X-Name-First: Gerald V. Author-X-Name-Last: Post Author-Name: Albert Kagan Author-X-Name-First: Albert Author-X-Name-Last: Kagan Title: The Efficacy of Emphasizing a Legal System Approach to Computer Security Abstract: Computer security is increasingly relying on legal remedies. But is the legal system capable and ready to handle the complexities of security issues? This study surveys various members of legal institutions to identify readiness and potential shortcomings that need to be addressed to make the legal system an effective component of computer security. Journal: Journal of Information Privacy and Security Pages: 3-29 Issue: 4 Volume: 2 Year: 2006 Month: 10 X-DOI: 10.1080/15536548.2006.10855801 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855801 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:4:p:3-29 Template-Type: ReDIF-Article 1.0 Author-Name: Donald G. Marks Author-X-Name-First: Donald G. Author-X-Name-Last: Marks Author-Name: John Hale Author-X-Name-First: John Author-X-Name-Last: Hale Title: Security Service Packages: Partitioning the Security Space Abstract: The Common Criteria has been developed, through an international effort, to represent elementary security specifications. Protection Profiles for Security Service Packages (SSPs) are being investigated as a way to bundle these security specifications into larger packages than currently provided by the Common Criteria. The basic utility of an SSP is to provide some assistance in selecting appropriate security functional requirements (SFRs) in the construction of Protection Profiles and Security Targets. As a consequence, the principal challenge in using and evaluating an SSP is to understand the subtle relationships between the SSP under consideration and any unresolved Target of Evaluation (TOE) environmental threats and assumptions. This article describes a project that produced a draft SSP for access control and used the draft SSP to help write a Security Target.A Security Target was developed for the Axalto Cryptoflextm smart card using the access control SSP. While the SSP did make this task easier, it also illustrated the problem of choosing to write an SSP aimed at a “typical” system utilization versus a “minimal” system. The Cryptoflextm is a minimal system implementing access control. As a result, there were some problems discriminating between requirements for the card and requirements for the system using the card. Our experience with SSPs indicates that some systems will have to augment the SSP’s security requirements; others (such as the smart card) will delete requirements from the SSP. The value of using a Security Service Package to write an ST is therefore to make documents easier and quicker to write, to enhance completeness, and to promote consistency across the set of SSPs. Journal: Journal of Information Privacy and Security Pages: 30-44 Issue: 4 Volume: 2 Year: 2006 Month: 10 X-DOI: 10.1080/15536548.2006.10855802 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855802 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:4:p:30-44 Template-Type: ReDIF-Article 1.0 Author-Name: Brian Dobosz Author-X-Name-First: Brian Author-X-Name-Last: Dobosz Author-Name: Kathleen Green Author-X-Name-First: Kathleen Author-X-Name-Last: Green Author-Name: Guy Sisler Author-X-Name-First: Guy Author-X-Name-Last: Sisler Title: Behavioral Marketing: Security and Privacy Issues Abstract: The internet has presented a host of opportunities for companies to bombard the consumers with various marketing information. Some of these techniques and strategies infringe on privacy and present the consumers with security issues. This article examines some of the leading tools that are being employed by companies under the umbrella of behavioral marketing. The privacy and security dimensions of these strategies are also discussed. Journal: Journal of Information Privacy and Security Pages: 45-59 Issue: 4 Volume: 2 Year: 2006 Month: 10 X-DOI: 10.1080/15536548.2006.10855803 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855803 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:4:p:45-59 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Author-Name: Jeremy Fields Author-X-Name-First: Jeremy Author-X-Name-Last: Fields Title: Interview with: Robert Voliva and Jeremy Fields BankingMv Wav.com IT Developers and Analysts Fort Atkinson, WI Journal: Journal of Information Privacy and Security Pages: 60-62 Issue: 4 Volume: 2 Year: 2006 Month: 10 X-DOI: 10.1080/15536548.2006.10855804 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855804 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:4:p:60-62 Template-Type: ReDIF-Article 1.0 Author-Name: Roger Yin Author-X-Name-First: Roger Author-X-Name-Last: Yin Title: I. T. Wars Managing the Business-Technology Weave in the New Millennium by David Scott Journal: Journal of Information Privacy and Security Pages: 63-64 Issue: 4 Volume: 2 Year: 2006 Month: 10 X-DOI: 10.1080/15536548.2006.10855805 File-URL: http://hdl.handle.net/10.1080/15536548.2006.10855805 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:2:y:2006:i:4:p:63-64 Template-Type: ReDIF-Article 1.0 Author-Name: Humayun Zafar Author-X-Name-First: Humayun Author-X-Name-Last: Zafar Title: Guest Editorial Journal: Journal of Information Privacy and Security Pages: 57-58 Issue: 2 Volume: 10 Year: 2014 Month: 6 X-DOI: 10.1080/15536548.2014.924806 File-URL: http://hdl.handle.net/10.1080/15536548.2014.924806 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:2:p:57-58 Template-Type: ReDIF-Article 1.0 Author-Name: Michele Maasberg Author-X-Name-First: Michele Author-X-Name-Last: Maasberg Author-Name: Nicole L. Beebe Author-X-Name-First: Nicole L. Author-X-Name-Last: Beebe Title: The Enemy Within the Insider: Detecting the Insider Threat Through Addiction Theory Abstract: “Insiders” remain a significant threat to organizations—evidenced by recent cases involving Robert Hansen, Bradley Manning, and Edward Snowden—even in light of significant movement toward neutralizing the threat through detection and prevention. Insiders pose detection challenges for security professionals because they often have legitimate access and intimate organizational knowledge. Nonetheless, past insider threat detection research has predominantly focused on signature-based detection of digital indicators of insider activity and behavioral profiling. This article develops a novel relationship between addiction theory and the insider threat from an information systems perspective. This discussion introduces seven propositions concerning this relationship, addiction antecedents, and the factors moderating the relationship between addiction and the insider threat. This model has significant implications for the insider threat detection challenge, as it provides new signals that may be useful for detection, supporting practitioners, and future research. Journal: Journal of Information Privacy and Security Pages: 59-70 Issue: 2 Volume: 10 Year: 2014 Month: 6 X-DOI: 10.1080/15536548.2014.924807 File-URL: http://hdl.handle.net/10.1080/15536548.2014.924807 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:2:p:59-70 Template-Type: ReDIF-Article 1.0 Author-Name: Herbert J. Mattord Author-X-Name-First: Herbert J. Author-X-Name-Last: Mattord Author-Name: Yair Levy Author-X-Name-First: Yair Author-X-Name-Last: Levy Author-Name: Steven Furnell Author-X-Name-First: Steven Author-X-Name-Last: Furnell Title: Factors for Measuring Password-Based Authentication Practices Abstract: Organizations rely on password-based authentication methods to control access to their Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in such systems, focusing on three component areas: 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. This study explores the criteria required to define these component areas and validated proposed measurement criteria by use of an expert panel from industry and academia. An opportunity sample of web-based ISs in two groups were assessed to examine the use of the Authentication Method System Index (AMSI). Journal: Journal of Information Privacy and Security Pages: 71-94 Issue: 2 Volume: 10 Year: 2014 Month: 6 X-DOI: 10.1080/15536548.2014.924812 File-URL: http://hdl.handle.net/10.1080/15536548.2014.924812 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:2:p:71-94 Template-Type: ReDIF-Article 1.0 Author-Name: Michael E. Whitman Author-X-Name-First: Michael E. Author-X-Name-Last: Whitman Author-Name: Humayun Zafar Author-X-Name-First: Humayun Author-X-Name-Last: Zafar Title: Student Perceptions of Computer Use Ethics: A Decade in Comparison Abstract: This study examines student attitudes toward software piracy and questionable computer use acceptability. The study included computer use scenarios describing situations with ethical considerations and questions that examined the role of the individuals in the scenarios. Results from the current population of students were compared with the results from prior data collection. While the findings indicated only minor differences from the previous study, the true value of this research is in the provision of a set of scenarios and other perspectives that can be used in in-class discussions of ethics, policy and law. Journal: Journal of Information Privacy and Security Pages: 95-107 Issue: 2 Volume: 10 Year: 2014 Month: 6 X-DOI: 10.1080/15536548.2014.924815 File-URL: http://hdl.handle.net/10.1080/15536548.2014.924815 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:2:p:95-107 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: IT Auditing: Using Controls to Protect Information Assets (1st ed.), by Chris Davis, Mike Schiller, and Kevin Wheeler Journal: Journal of Information Privacy and Security Pages: 108-109 Issue: 2 Volume: 10 Year: 2014 Month: 6 X-DOI: 10.1080/15536548.2014.924819 File-URL: http://hdl.handle.net/10.1080/15536548.2014.924819 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:2:p:108-109 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 11 Year: 2015 Month: 1 X-DOI: 10.1080/15536548.2015.1010976 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1010976 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Lixuan Zhang Author-X-Name-First: Lixuan Author-X-Name-Last: Zhang Author-Name: Clinton Amos Author-X-Name-First: Clinton Author-X-Name-Last: Amos Author-Name: Iryna Pentina Author-X-Name-First: Iryna Author-X-Name-Last: Pentina Title: Information Disclosure on a Chinese Social Media Platform Abstract: The study examines drivers of information disclosure on a Chinese social media platform. Drawing on the privacy calculus theory, a research model is developed to simultaneously investigate the roles of perceived benefits vs. risks in users’ disclosure behavior. Analysis of survey data collected from 221 Weibo users revealed that, while the perception of benefits is strongly related to information disclosure, the perceived risks do not affect the disclosure behavior. In addition, findings also suggest that government intrusion concern is significantly related to perceived risk, while identification with Weibo community is significantly related to perceived benefits of information disclosure. Journal: Journal of Information Privacy and Security Pages: 3-18 Issue: 1 Volume: 11 Year: 2015 Month: 1 X-DOI: 10.1080/15536548.2015.1010981 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1010981 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:1:p:3-18 Template-Type: ReDIF-Article 1.0 Author-Name: Alana Platt Author-X-Name-First: Alana Author-X-Name-Last: Platt Author-Name: Levi Citrin Author-X-Name-First: Levi Author-X-Name-Last: Citrin Author-Name: Cynthia Hood Author-X-Name-First: Cynthia Author-X-Name-Last: Hood Title: Healthshark: Using Twitter for Situational Awareness in Public Health Abstract: Monitoring outbreaks of contagious diseases is an important task for public health officials and they must receive outbreak information quickly to respond to this threat. Social network sites such as Twitter can be leveraged to track self-reporting of diseases in real time. This work presents a prototype system, HealthShark, which monitors Twitter for mentions of contagious diseases. The authors outline the features of HealthShark, perform a user study to assess its usefulness as a tool for monitoring disease outbreaks, and discuss potential privacy concerns’ impact on the design of such a system. Journal: Journal of Information Privacy and Security Pages: 19-37 Issue: 1 Volume: 11 Year: 2015 Month: 1 X-DOI: 10.1080/15536548.2015.1010984 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1010984 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:1:p:19-37 Template-Type: ReDIF-Article 1.0 Author-Name: Abubakar Bello Garba Author-X-Name-First: Abubakar Bello Author-X-Name-Last: Garba Author-Name: Jocelyn Armarego Author-X-Name-First: Jocelyn Author-X-Name-Last: Armarego Author-Name: David Murray Author-X-Name-First: David Author-X-Name-Last: Murray Author-Name: William Kenworthy Author-X-Name-First: William Author-X-Name-Last: Kenworthy Title: Review of the Information Security and Privacy Challenges in Bring Your Own Device (BYOD) Environments Abstract: With increasing development and adoption of information and communication technology initiatives internationally, evolving trends such as bring your own device (BYOD) is rapidly changing operational methods of organizations in attempt to improve efficiency and productivity. However, for organizations to successfully benefit from BYOD, several dynamics relating to security and privacy in BYOD environments must be examined and understood. This article reviews information security and privacy, mobile computing, and current organizational practices that shed light on BYOD and the issues behind its adoption. The review will assist organizations and IT professionals to understand the increasing demands of BYOD, and its challenges. Journal: Journal of Information Privacy and Security Pages: 38-54 Issue: 1 Volume: 11 Year: 2015 Month: 1 X-DOI: 10.1080/15536548.2015.1010985 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1010985 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:1:p:38-54 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: Security Planning & Disaster Recovery, by Eric Maiwald and William Sieglein Journal: Journal of Information Privacy and Security Pages: 55-57 Issue: 1 Volume: 11 Year: 2015 Month: 1 X-DOI: 10.1080/15536548.2015.1010988 File-URL: http://hdl.handle.net/10.1080/15536548.2015.1010988 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:11:y:2015:i:1:p:55-57 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi, Editor in Chief Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi, Editor in Chief Title: Editorial preface Journal: Journal of Information Privacy and Security Pages: 165-165 Issue: 4 Volume: 12 Year: 2016 Month: 10 X-DOI: 10.1080/15536548.2016.1243847 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1243847 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:4:p:165-165 Template-Type: ReDIF-Article 1.0 Author-Name: Ruth Halperin Author-X-Name-First: Ruth Author-X-Name-Last: Halperin Author-Name: Yuval Dror Author-X-Name-First: Yuval Author-X-Name-Last: Dror Title: Information privacy and the digital generation gap: An exploratory study Abstract: Over the past decade, the demise of privacy has been repeatedly pronounced by renowned technology executives such as Mark Zuckerberg, who have declared privacy to be passé and anachronistic—“so 20th century”—or the concern of old people. However, there has been relatively little research into privacy perception and behavior among different generations that may relate to how people navigate their private lives in online settings. Furthermore, recent research has revealed the ways in which privacy concerns of young Internet users are enacted, thus challenging overgeneralized claims of a clear-cut generation gap associated with online privacy. As information privacy problems are becoming thornier, unfounded statements voiced by stakeholders with vested interests should be put to one side. Instead, systematic research is needed to understand how privacy is perceived and managed by people of different age groups, and what measures can and should be taken to address current and future concerns of Internet users across generations. We explore these questions and account for the results using a representative sample from Israel. Journal: Journal of Information Privacy and Security Pages: 166-180 Issue: 4 Volume: 12 Year: 2016 Month: 10 X-DOI: 10.1080/15536548.2016.1243852 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1243852 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:4:p:166-180 Template-Type: ReDIF-Article 1.0 Author-Name: Olusegun Folorunso Author-X-Name-First: Olusegun Author-X-Name-Last: Folorunso Author-Name: Femi Emmanuel Ayo Author-X-Name-First: Femi Emmanuel Author-X-Name-Last: Ayo Author-Name: Y. E. Babalola Author-X-Name-First: Y. E. Author-X-Name-Last: Babalola Title: Ca-NIDS: A network intrusion detection system using combinatorial algorithm approach Abstract: A signature-based system (SBS) is a common approach for intrusion detection and the most preferable by researchers. In spite of the popularity of SBS, it cannot detect new attacks on the network compared to anomaly-based systems (ABS). The most challenging problem of SBS is keeping an up-to-date database of known attack signatures and the setting of a suitable threshold level for intrusion detection. In this article, a network intrusion detection system based on combinatorial algorithm (CA-NIDS) is proposed. The CA-NIDS uses additional databases to enable the SBS to act as an ABS for the purpose of detecting new attacks and to speed up network traffic during traffic analysis by the combinatorial algorithm. A suitable threshold of 12 was also set based on the study of past works to lower the false positive rate. The CA-NIDS was evaluated with similar online schemes and result shows a small false-positive rate of 3% and a better accuracy of 96.5% compared with related online algorithms. Journal: Journal of Information Privacy and Security Pages: 181-196 Issue: 4 Volume: 12 Year: 2016 Month: 10 X-DOI: 10.1080/15536548.2016.1257680 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1257680 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:4:p:181-196 Template-Type: ReDIF-Article 1.0 Author-Name: Dustin Ormond Author-X-Name-First: Dustin Author-X-Name-Last: Ormond Author-Name: Merrill Warkentin Author-X-Name-First: Merrill Author-X-Name-Last: Warkentin Author-Name: Allen C. Johnston Author-X-Name-First: Allen C. Author-X-Name-Last: Johnston Author-Name: Samuel C. Thompson Author-X-Name-First: Samuel C. Author-X-Name-Last: Thompson Title: Perceived deception: Evaluating source credibility and self-efficacy Abstract: Detecting scareware messages that seek to deceive users with fear-inducing words and images is critical to protect users from sharing their identity information, money, and/or time with bad actors. Through a scenario-based experiment, the present study evaluated factors that aid users in perceiving deceptive communications. An online experiment was administered yielding 213 usable responses. The data from the study indicate high levels of deception detection self-efficacy and source trustworthiness increase the likelihood an individual will perceive a scareware message as deceptive. Additionally, technology awareness enhances self-efficacy to detect deception and reduces individual perceptions of source trustworthiness. Finally, the data significantly illustrate behavioral intention to use scareware is lower when the message is perceived as deceptive. Journal: Journal of Information Privacy and Security Pages: 197-217 Issue: 4 Volume: 12 Year: 2016 Month: 10 X-DOI: 10.1080/15536548.2016.1243857 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1243857 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:4:p:197-217 Template-Type: ReDIF-Article 1.0 Author-Name: Faruk Arslan Author-X-Name-First: Faruk Author-X-Name-Last: Arslan Title: Social Physics: How Good Ideas Spread-The Lessons from a New Science, by Alex Pentland Journal: Journal of Information Privacy and Security Pages: 218-220 Issue: 4 Volume: 12 Year: 2016 Month: 10 X-DOI: 10.1080/15536548.2016.1243849 File-URL: http://hdl.handle.net/10.1080/15536548.2016.1243849 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:12:y:2016:i:4:p:218-220 Template-Type: ReDIF-Article 1.0 Author-Name: Changchit Chuleeporn Author-X-Name-First: Changchit Author-X-Name-Last: Chuleeporn Title: Privacy Concerns and Offshore Outsourcing Security Abstract: Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 3 Volume: 6 Year: 2010 Month: 7 X-DOI: 10.1080/15536548.2010.10855890 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855890 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:3:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Parks Rachida Author-X-Name-First: Parks Author-X-Name-Last: Rachida Author-Name: Chu Chao-Hsien Author-X-Name-First: Chu Author-X-Name-Last: Chao-Hsien Author-Name: Xu Heng Author-X-Name-First: Xu Author-X-Name-Last: Heng Title: RFID Privacy Issues in Healthcare: Exploring the Roles of Technologies and Regulations Abstract: With the deployment and use of Radio Frequency Identification (RFID) technology in the healthcare domain, there are increasing privacy concerns regarding the technical designs of RFID systems vis-à-vis the requirements of the healthcare regulations. This paper reviews and analyzes the impact of privacy issues in the RFID adoption in the healthcare domain, and presents a conceptual framework for analyzing the relationship between technology and regulations in light of the Fair Information Practice (FIP) principles to ensure patients’ privacy. Our conceptual framework uses the FIP principles as a guideline to examine the design of Privacy Enhancing Technologies (PETs) and analyze existing regulations to assess the compliance issues. The conceptual analyses show that current PETs fail to incorporate the FIP principles and thus organizations in the healthcare sector face complex challenges to comply with security and privacy standards and regulations. Using the groundwork laid down in this study, future research along these directions could contribute significantly to address privacy concerns pertaining to RFID for both academia research and industry practice in the context of healthcare. Journal: Journal of Information Privacy and Security Pages: 3-28 Issue: 3 Volume: 6 Year: 2010 Month: 7 X-DOI: 10.1080/15536548.2010.10855891 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855891 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:3:p:3-28 Template-Type: ReDIF-Article 1.0 Author-Name: Wei June Author-X-Name-First: Wei Author-X-Name-Last: June Author-Name: O’Connell Jason Author-X-Name-First: O’Connell Author-X-Name-Last: Jason Author-Name: Loho-Noya Meiga Author-X-Name-First: Loho-Noya Author-X-Name-Last: Meiga Title: Information Technology Offshore Outsourcing Security Risks and Safeguards Abstract: Information security is important when information technology (IT) moves to offshore outsourcing. This paper aims at discovering information security risk factors and providing safeguards for IT offshore outsourcing. Specifically, first, information security risks and safeguards are identified during IT offshore outsourcing based on literature review and interviewing with subject matter experts. And IT offshore outsourcing process (ITOOP) model was developed to logically link these information security risks based on flow and task analysis in the client and vendor environments. Safeguards are also developed to protect information security attacks by linking to these information security risks. The ITOOP model with information security risks and safeguard solutions from this research will help decision makers in offshore IT outsourcing identify possible occurrences of security risks in offshore processes; and thereby, incorporate wise decisions on safeguards to protect information and improve security levels. Journal: Journal of Information Privacy and Security Pages: 29-46 Issue: 3 Volume: 6 Year: 2010 Month: 7 X-DOI: 10.1080/15536548.2010.10855892 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855892 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:3:p:29-46 Template-Type: ReDIF-Article 1.0 Author-Name: Clouse Shawn F. Author-X-Name-First: Clouse Author-X-Name-Last: Shawn F. Author-Name: Wright Ryan T. Author-X-Name-First: Wright Author-X-Name-Last: Ryan T. Author-Name: Pike Ronald E. Author-X-Name-First: Pike Author-X-Name-Last: Ronald E. Title: Employee Information Privacy Concerns with Employer Held Data: A Comparison of Two Prevalent Privacy Models Abstract: The privacy stream of research has been studied considerably over the past 20 years. This included applying privacy questions to different online contexts such as health care, ecommerce, and government. The purpose of this article is to empirically compare and evaluate two prevalent privacy models; Concern for Information Privacy (CFIP) and Internet Users’ Information Privacy Concerns (IUIPC) within the organizational context of employment. By doing so, this research: I) evaluates the two privacy models to see which best predicts behavioral intention within an employee/employer relationship, and, 2) prescribes to organizations how individuals view the privacy of their information held by employers. This research extends the literature by validating IS privacy models in this new domain and provides valuable information to managers of information systems resources for organizations. Using a seeded sample of 457 employed individuals ranging in age from 18 to 71, the authors conclude that IUIPC is substantially superior for predicting behavioral intentions regarding employment privacy concerns. Journal: Journal of Information Privacy and Security Pages: 47-71 Issue: 3 Volume: 6 Year: 2010 Month: 7 X-DOI: 10.1080/15536548.2010.10855893 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855893 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:3:p:47-71 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Antonio Fernandez Senior Program Manager Supersaver.com Journal: Journal of Information Privacy and Security Pages: 72-73 Issue: 3 Volume: 6 Year: 2010 Month: 7 X-DOI: 10.1080/15536548.2010.10855894 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855894 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:3:p:72-73 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Internet Safety Journal: Journal of Information Privacy and Security Pages: 74-75 Issue: 3 Volume: 6 Year: 2010 Month: 7 X-DOI: 10.1080/15536548.2010.10855895 File-URL: http://hdl.handle.net/10.1080/15536548.2010.10855895 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:6:y:2010:i:3:p:74-75 Template-Type: ReDIF-Article 1.0 Author-Name: Suvojit Choton Basu Author-X-Name-First: Suvojit Choton Author-X-Name-Last: Basu Title: On issues of Convenience, Privacy and Security Journal: Journal of Information Privacy and Security Pages: 1-3 Issue: 2 Volume: 1 Year: 2005 Month: 4 X-DOI: 10.1080/15536548.2005.10855764 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855764 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:2:p:1-3 Template-Type: ReDIF-Article 1.0 Author-Name: Sunil G. Dewan Author-X-Name-First: Sunil G. Author-X-Name-Last: Dewan Author-Name: Lei-da Chen Author-X-Name-First: Lei-da Author-X-Name-Last: Chen Title: Mobile Payment Adoption in the US: A Cross-industry, Crossplatform Solution Abstract: Enabled by a wide array of wireless and mobile technologies, a new form of electronic commerce, “mMobile eCommerce “, is gaining growing attention from both business and academic communities. Proliferation of mobile commerce, especially in the business-to-consumer sectors, require ubiquitously available, globally accepted, easy-to-use, and secure methods of payment. Mobile payment (mPayment) entails making payments using mobile devices including wireless handsets, personal digital assistants, and other radio frequency (RF) and near field communication (NFC) based devices. While mPayment is still in its infancy, its acceptance is expected to increase exponentially in the coming years. Today, increasing acceptance of mPayment methods is witnessed in Europe and Asia, but in the US, the potential of mPayment is still largely unexplored. Many attribute the slow adoption of mPayment methods in the US to lack of unified standards, security and privacy concerns, and slow mCommerce diffusion. This article aims to offer readers a clear understanding of the state of mPayment and explore the factors that will determine the adoption of mPayment by US consumers. It also provides readers with the blueprint of a cross-industry and cross-platform mPayment solution that offers consumers speedy and convenient payment processes for both online and point-of-sale transactions. Journal: Journal of Information Privacy and Security Pages: 4-28 Issue: 2 Volume: 1 Year: 2005 Month: 4 X-DOI: 10.1080/15536548.2005.10855765 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855765 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:2:p:4-28 Template-Type: ReDIF-Article 1.0 Author-Name: Nico Brehm Author-X-Name-First: Nico Author-X-Name-Last: Brehm Author-Name: Jorge Marx Gómez Author-X-Name-First: Jorge Marx Author-X-Name-Last: Gómez Title: Secure Web service-based resource sharing in ERP Networks Abstract: Enterprise Resource Planning (ERP) systems integrate operational application systems of different enterprise sectors. Logistics, human resource management and business accountancy are the most important components, the business Junctions of ERP systems can be assigned to. Besides the advantages of an integrated solution a number of disadvantages arise from the complexity of such systems. Particularly small- and medium-sized enterprises (SME) are affected by typical disadvantages like high operating- and maintenance costs which means that they cannot afford to buy and maintain an enterprise-wide integrated ERP system. A feasible opportunity to counter these problems is to develop a distributed (federated) system architecture based on loosely coupled components and their functions in order to partly reduce the complexity of the super-ordinate system. The presented paper describes the distribution of ERP systems on the basis of Web Services and gives a first proposal of a prototype. ERP system functions are distributed within a peer-to-peer architecture and are managed by different network nodes (providers). The major risks of this approach are connected to security problems which appear when confidential enterprise data is handled. A continuously automated function (service) integration from service discovery until service response processing increases the already existing risks. An important issue in this context is the consideration of trust relationships between service consumers and service providers. In our proposed solution security configurations based on XML policies are used to meet the security requirements of both communication partners in an open network. Journal: Journal of Information Privacy and Security Pages: 29-48 Issue: 2 Volume: 1 Year: 2005 Month: 4 X-DOI: 10.1080/15536548.2005.10855766 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855766 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:2:p:29-48 Template-Type: ReDIF-Article 1.0 Author-Name: Richard S. Swart Author-X-Name-First: Richard S. Author-X-Name-Last: Swart Author-Name: Bryan A. Marshall Author-X-Name-First: Bryan A. Author-X-Name-Last: Marshall Author-Name: Matthew E. Harris Author-X-Name-First: Matthew E. Author-X-Name-Last: Harris Author-Name: Karen A. Forcht Author-X-Name-First: Karen A. Author-X-Name-Last: Forcht Author-Name: David Olsen Author-X-Name-First: David Author-X-Name-Last: Olsen Title: Dimensions of Network Security Planning For Web Services Abstract: Web Services technologies are gaining prominence in industry and are displacing established standards such as Electronic Data Interchange (EDI) for B2B transactions. The highly distributed nature of Web Services, and the tight tie between the network and application layers, creates new vulnerabilities requiring Information Security professionals to re-evaluate their network and application security planning. This paper reviews Web Services technologies, challenges to their implementation, demonstrates nine ways that traditional security best practices are inapplicable to Web Services, and suggests possible solutions to these problems. Journal: Journal of Information Privacy and Security Pages: 49-66 Issue: 2 Volume: 1 Year: 2005 Month: 4 X-DOI: 10.1080/15536548.2005.10855767 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855767 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:2:p:49-66 Template-Type: ReDIF-Article 1.0 Author-Name: Suvojit Choton Basu Author-X-Name-First: Suvojit Choton Author-X-Name-Last: Basu Title: Marilyn Wood, Security Officer Jim Amundson, Server Administration & Network Solutions Department of Agriculture, Trade and Consumer Protection (DATCP - Wisconsin) Journal: Journal of Information Privacy and Security Pages: 67-68 Issue: 2 Volume: 1 Year: 2005 Month: 4 X-DOI: 10.1080/15536548.2005.10855768 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855768 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:2:p:67-68 Template-Type: ReDIF-Article 1.0 Author-Name: John D. Chenoweth Author-X-Name-First: John D. Author-X-Name-Last: Chenoweth Title: Book Review: The Art of Deception: Controlling the Human Element of Security Journal: Journal of Information Privacy and Security Pages: 69-70 Issue: 2 Volume: 1 Year: 2005 Month: 4 X-DOI: 10.1080/15536548.2005.10855769 File-URL: http://hdl.handle.net/10.1080/15536548.2005.10855769 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:1:y:2005:i:2:p:69-70 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 1 Volume: 7 Year: 2011 Month: 1 X-DOI: 10.1080/15536548.2011.10855902 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855902 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:1:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Raymond Placid Author-X-Name-First: Raymond Author-X-Name-Last: Placid Author-Name: Judy Wynekoop Author-X-Name-First: Judy Author-X-Name-Last: Wynekoop Title: Tracking the Footprints of Anonymous Defamation in Cyberspace: A Review of the Law and Technology Abstract: The rise of the Internet has made anonymous defamation a reality. Tracking the footprints of anonymous defamation in cyberspace can be difficult from a legal and technological perspective. Legally, the injured party may need to pursue two defendants - the website that hosted the defamatory statement and the anonymous defamer. This process can be taxing from both an economic and personal perspective, and in some cases will lead to a dead end due to technological roadblocks. One of the primary reasons that the footprints of anonymous defamation can lead to a dead end is that the IP address logs may have been purged. Currently there are no regulations or standards in the industry requiring IP address logs to be preserved for a minimum time period. This article addresses the legal and technological roadblocks that can lead to anonymous defamation and suggests regulatory systems for IP address logs as a means of combating unacceptable anonymous behavior on the Internet. Journal: Journal of Information Privacy and Security Pages: 3-24 Issue: 1 Volume: 7 Year: 2011 Month: 1 X-DOI: 10.1080/15536548.2011.10855903 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855903 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:1:p:3-24 Template-Type: ReDIF-Article 1.0 Author-Name: Princely Ifinedo Author-X-Name-First: Princely Author-X-Name-Last: Ifinedo Title: An Exploratory Study of the Relationships between Selected Contextual Factors and Information Security Concerns in Global Financial Services Institutions Abstract: This paper examines the relationships between three contextual factors i.e. transparency levels, information and communication technologies (ICT) use laws, and national legal systems efficiency and information security concerns in the global financial services institutions (GFSI). This research essentially seeks to expand the breadth of knowledge provided in the 2009 Deloitte Touche Tohmatsu (DTT) survey, which reported on information security issues in GFSI. This current study used secondary data sources for its analysis. The inference from the 2009 DTT survey was that information security concerns across GFSI are being informed solely by industry-related standards or imperatives. To that end, perceptions and attitudes toward such issues were thought to remain unchanged in differing national contexts. However, this study’s data analysis showed that the perceptions of information security concerns among GFSI employees across the world compare somewhat and also differ, in other respects. Also, this research’s findings indicated that GFSI practitioners need to be aware of two information security concerns: a) how information security and business initiatives are appropriately aligned in their organizations, b) the issue of who has the responsibility for privacy in their setups. Against the backdrop of the countries used in this study and the three contextual factors considered, this study found that these two issues to be significantly relevant to the management of security and privacy concerns in GFSI. The implications of the study’ findings for practitioners and academic researchers are discussed, and possible areas of future research outlined. Journal: Journal of Information Privacy and Security Pages: 25-49 Issue: 1 Volume: 7 Year: 2011 Month: 1 X-DOI: 10.1080/15536548.2011.10855904 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855904 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:1:p:25-49 Template-Type: ReDIF-Article 1.0 Author-Name: Rui Chen Author-X-Name-First: Rui Author-X-Name-Last: Chen Author-Name: Sushil K. Sharma Author-X-Name-First: Sushil K. Author-X-Name-Last: Sharma Title: Human Flesh Search - Facts and Issues Abstract: This article studies an interesting Internet phenomenon known as Human Flesh Search which illustrates the far-reaching impacts of the Internet that is less documented. Due to its huge threat on individual privacy, human flesh search has introduced huge controversy and invited heated debate in China. This paper reviews its growth, explores the impetuses, identifies the distinctions from the alternative search engines, and summarizes the benefits and drawbacks. Furthermore, the paper develops a systematic review of the prior literature in human flesh search by surveying major sources such as academic journals, national and international conferences, and public and private databases. Finally, the paper identifies five research gaps in the literature and offers an initial interpretation and analysis of these remaining research issues. Human flesh search is still growing and the current study helps the computing field learn the past and present of this emerging phenomenon and properly manage its future development. Journal: Journal of Information Privacy and Security Pages: 50-71 Issue: 1 Volume: 7 Year: 2011 Month: 1 X-DOI: 10.1080/15536548.2011.10855905 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855905 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:1:p:50-71 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Pradeep Jain An Entrepreneur and Technology Architect in the Content Industry Journal: Journal of Information Privacy and Security Pages: 51-73 Issue: 1 Volume: 7 Year: 2011 Month: 1 X-DOI: 10.1080/15536548.2011.10855906 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855906 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:1:p:51-73 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Handbook of Information Security Management Journal: Journal of Information Privacy and Security Pages: 74-75 Issue: 1 Volume: 7 Year: 2011 Month: 1 X-DOI: 10.1080/15536548.2011.10855907 File-URL: http://hdl.handle.net/10.1080/15536548.2011.10855907 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:7:y:2011:i:1:p:74-75 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 1-2 Issue: 4 Volume: 9 Year: 2013 Month: 10 X-DOI: 10.1080/15536548.2013.10845687 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845687 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:4:p:1-2 Template-Type: ReDIF-Article 1.0 Author-Name: Alice M. Johnson Author-X-Name-First: Alice M. Author-X-Name-Last: Johnson Author-Name: Belinda P. Shipps Author-X-Name-First: Belinda P. Author-X-Name-Last: Shipps Title: Acquiring Subject Participation for Information Security Survey Research: A Content and Correspondence Analysis Approach Abstract: Twenty-four business executives and 22 security executives had previously participated in a study about information security investment. The current study asked participants to comment on their reasons for participating in that research. A total of 1003 reasons were submitted which were used to perform a content analysis of information security survey research (ISSR) participation factors. Security and business executives' reasons for participating differed. Reasons also differed by industry. The findings will help researchers to properly communicate the benefits of their studies and thus increase participation rates for ISSR. Greater participation will perhaps contribute to efforts to improve information security. Journal: Journal of Information Privacy and Security Pages: 3-30 Issue: 4 Volume: 9 Year: 2013 Month: 10 X-DOI: 10.1080/15536548.2013.10845688 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845688 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:4:p:3-30 Template-Type: ReDIF-Article 1.0 Author-Name: Sunil Hazari Author-X-Name-First: Sunil Author-X-Name-Last: Hazari Author-Name: Cheryl Brown Author-X-Name-First: Cheryl Author-X-Name-Last: Brown Title: An Empirical Investigation of Privacy Awareness and Concerns on Social Networking Sites Abstract: Privacy affects every user who exchanges information over the Internet. In the past few years, the growth of information on social networks (such as Facebook, Twitter, LinkedIn) has increased exponentially. Companies are harvesting this information with and without the knowledge of individuals. While the exchange of information and seamless interaction between individuals and groups has become an easy task, issues related to this exchange, such as information privacy and security, have created new challenges. This study investigated respondents' attitudes towards privacy on social networking sites. In addition, the study sought to ascertain whether socio-demographic variables and knowledge of privacy issues influence attitudes and privacy concerns towards using social computing sites. Data analysis includes descriptive profile analysis, and statistical validation of attitudes and privacy concerns by means of correlation, regression, and cluster analysis. There was a significant relationship between privacy awareness and knowledge based on information provided by respondents. Most socio-demographic variables did not show significant effects on information privacy concerns. Implications of the findings are discussed. Further research is needed to investigate individual concerns on specific information that is being collected, stored, and shared on popular social networking sites. Journal: Journal of Information Privacy and Security Pages: 31-51 Issue: 4 Volume: 9 Year: 2013 Month: 10 X-DOI: 10.1080/15536548.2013.10845689 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845689 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:4:p:31-51 Template-Type: ReDIF-Article 1.0 Author-Name: Jeffrey D. Wall Author-X-Name-First: Jeffrey D. Author-X-Name-Last: Wall Author-Name: Prashant Palvia Author-X-Name-First: Prashant Author-X-Name-Last: Palvia Author-Name: Paul Benjamin Lowry Author-X-Name-First: Paul Benjamin Author-X-Name-Last: Lowry Title: Control-Related Motivations and Information Security Policy Compliance: The Role of Autonomy and Efficacy Abstract: Employees' failures to follow information security policy can be costly to organizations, causing organizations to implement security controls to motivate secure behavior. Information security research has explored many control-related motivations (e.g., self-efficacy, response efficacy, and behavioral control) in the context of ISP compliance; however, the behavioral effects of perceptions of autonomous functioning are not well understood in security contexts. This paper examines employee autonomy as a control-related motivation from the lens of self-determination theory and psychological reactance theory. Self-determination theory is widely used in other disciplines to explain intrinsically driven behavior, but has not been applied to security research. Psychological reactance theory is also widely used, but is only beginning to receive attention in security research. Self-determination and psychological reactance offer complementary yet opposite conceptualizations of trait-based autonomy. This paper posits that perceptions of trait-based autonomy influence self-efficacy and response efficacy. Through a survey of government employees, we provide support for several hypotheses. We also discuss important directions for the use of self-determination theory and psychological reactance theory in future research. Journal: Journal of Information Privacy and Security Pages: 52-79 Issue: 4 Volume: 9 Year: 2013 Month: 10 X-DOI: 10.1080/15536548.2013.10845690 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845690 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:4:p:52-79 Template-Type: ReDIF-Article 1.0 Author-Name: Sadaf Ashtari Author-X-Name-First: Sadaf Author-X-Name-Last: Ashtari Title: I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy Journal: Journal of Information Privacy and Security Pages: 80-82 Issue: 4 Volume: 9 Year: 2013 Month: 10 X-DOI: 10.1080/15536548.2013.10845691 File-URL: http://hdl.handle.net/10.1080/15536548.2013.10845691 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:9:y:2013:i:4:p:80-82 Template-Type: ReDIF-Article 1.0 Author-Name: Chuleeporn Changchit Author-X-Name-First: Chuleeporn Author-X-Name-Last: Changchit Title: Privacy Governance, Law, and Growth Perspective in Security Journal: Journal of Information Privacy and Security Pages: 1- Issue: 4 Volume: 5 Year: 2009 Month: 10 X-DOI: 10.1080/15536548.2009.10855872 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855872 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:4:p:1- Template-Type: ReDIF-Article 1.0 Author-Name: Jan Gayness Clark Author-X-Name-First: Jan Author-X-Name-Last: Gayness Clark Author-Name: Nicole Lang Beebe Author-X-Name-First: Nicole Author-X-Name-Last: Lang Beebe Author-Name: Karen Williams Author-X-Name-First: Karen Author-X-Name-Last: Williams Author-Name: Linda Shepherd Author-X-Name-First: Linda Author-X-Name-Last: Shepherd Title: Security and Privacy Governance: Criteria for Systems Design Abstract: Security and privacy issues are often an afterthought when it comes to systems design. However, failure to address these issues during analysis and design could result in catastrophic effects such as an erosion of trust among those in the stakeholder community once a loss of privacy is experienced, along with the additional expenditures that are necessary to secure a system that has been compromised. We present a conceptual model for creating subsystems of security and privacy governance that are integral parts of the system architecture. Additionally, we propose that knowledge created or acquired during the development and use of the system, especially knowledge about security and privacy, be well documented and stored within a Knowledge Management System (KMS). Viewing, updating, and manipulating the knowledge database throughout the life of the system can enhance its success. In addition, as a knowledge repository, a KMS can contribute to best practices in the development of future systems. Journal: Journal of Information Privacy and Security Pages: 3-30 Issue: 4 Volume: 5 Year: 2009 Month: 10 X-DOI: 10.1080/15536548.2009.10855873 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855873 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:4:p:3-30 Template-Type: ReDIF-Article 1.0 Author-Name: Deborah M. Gray Author-X-Name-First: Deborah M. Author-X-Name-Last: Gray Author-Name: Linda Christiansen Author-X-Name-First: Linda Author-X-Name-Last: Christiansen Title: Protecting Adolescents’ Personal Information Online: Constraints and Parameters Abstract: Cable News Network recently reported that today’s children will spend an average of 23 years of their lifetime connected to the Internet. The Department of Education reports that 100% of teens today have Internet access at school. Currently, no laws protecting teens from the collection of their personal data (known or unknown) while online exist. The personal information they post today can be collected today—or 20 years from now and can be used against them when they seek employment or apply for health insurance. This study examines the issue of adolescent consumer privacy protection from the perspective of those entities responsible for protecting and educating them about safe Internet use (educators, marketers, and policy makers). An analysis of transcripts from an expert panel (collected via telephone interview) is used to determine who is responsible for protecting teens’ privacy and how to accomplish this task. Journal: Journal of Information Privacy and Security Pages: 31-50 Issue: 4 Volume: 5 Year: 2009 Month: 10 X-DOI: 10.1080/15536548.2009.10855874 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855874 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:4:p:31-50 Template-Type: ReDIF-Article 1.0 Author-Name: Randall Young Author-X-Name-First: Randall Author-X-Name-Last: Young Title: Growth Perspective of Information Security Abstract: Organizations are expected to manage the overall information security posture through various information security evaluation methodologies. Current information security evaluation methodologies have limitations which are discussed. This paper utilizes benchmark variables to examine a stages-of-growth perspective of the information security function. Findings show correlation between six of the eight benchmark variables. The findings also show a positive relationship between the number of information security policies and more advanced stages of information security posture. The results shed light on the current state of information security in organizations. Journal: Journal of Information Privacy and Security Pages: 51-67 Issue: 4 Volume: 5 Year: 2009 Month: 10 X-DOI: 10.1080/15536548.2009.10855875 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855875 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:4:p:51-67 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Interview with: Uday Awasthi Project Manager, Sun Microsystems Journal: Journal of Information Privacy and Security Pages: 68-69 Issue: 4 Volume: 5 Year: 2009 Month: 10 X-DOI: 10.1080/15536548.2009.10855876 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855876 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:4:p:68-69 Template-Type: ReDIF-Article 1.0 Author-Name: Choton Basu Author-X-Name-First: Choton Author-X-Name-Last: Basu Title: Disrupting Class How Disruptive Innovation Will Change the Way the World Learns Journal: Journal of Information Privacy and Security Pages: 70-71 Issue: 4 Volume: 5 Year: 2009 Month: 10 X-DOI: 10.1080/15536548.2009.10855877 File-URL: http://hdl.handle.net/10.1080/15536548.2009.10855877 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:5:y:2009:i:4:p:70-71 Template-Type: ReDIF-Article 1.0 Author-Name: Kallol Bagchi Author-X-Name-First: Kallol Author-X-Name-Last: Bagchi Title: Editorial Preface Journal: Journal of Information Privacy and Security Pages: 111-112 Issue: 3 Volume: 10 Year: 2014 Month: 7 X-DOI: 10.1080/15536548.2014.952590 File-URL: http://hdl.handle.net/10.1080/15536548.2014.952590 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:3:p:111-112 Template-Type: ReDIF-Article 1.0 Author-Name: Gerald V. Post Author-X-Name-First: Gerald V. Author-X-Name-Last: Post Author-Name: Suzanne B. Walchli Author-X-Name-First: Suzanne B. Author-X-Name-Last: Walchli Title: Social Network Privacy: Trusting Friends Abstract: Early social networks were generally open with minimal privacy controls. Some anecdotal evidence suggests that people might want more control over privacy on social networks. As an example of one response to this desire, the network Google+ was introduced as a major change by offering circles or groups to make it easier for users to share specific items with selected individuals. Building on earlier research that focuses primarily on trust in the web provider, this research model uses a social network as a function of privacy concerns and trust in contacts and tests the model using several groups of people. The model examines a personal need or desire for privacy, trust in friends, and attitudes towards social networks, and evaluates the impact of these variables on the usage of social networks. The results show that the demand for privacy and trust in friends does have direct impacts on the attitudes towards social networks. In addition, this network attitude in turn affects the rate of an individual’s usage of the networks. The results are applicable to any organization that includes social interactions on its site. Journal: Journal of Information Privacy and Security Pages: 113-137 Issue: 3 Volume: 10 Year: 2014 Month: 7 X-DOI: 10.1080/15536548.2014.952596 File-URL: http://hdl.handle.net/10.1080/15536548.2014.952596 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:3:p:113-137 Template-Type: ReDIF-Article 1.0 Author-Name: Roberto Mugavero Author-X-Name-First: Roberto Author-X-Name-Last: Mugavero Author-Name: Valentina Sabato Author-X-Name-First: Valentina Author-X-Name-Last: Sabato Title: Analysis and Estimation of Expected Cyber-Attack Scenarios and Consequences Abstract: The cyberspace is becoming one of the main elements of vulnerability in national security and has led to a critical situation because the system is always more focused on information sharing and on quick communication all over the world than security. The cyberspace is, in fact, the “easier vector” of the information environment, comprising independent networks of different communication and telecommunication infrastructures. Through this vector it is possible to perform a wide range of cyber-attacks, causing possibly huge negative effects on systems and assets; however, these attacks do not cause human loss or physical damages to the society. In order to protect from this danger, it is necessary to understand and analyze how many and which are the risks as well as the possible actions needed to minimize the consequences of a dangerous event. Journal: Journal of Information Privacy and Security Pages: 138-152 Issue: 3 Volume: 10 Year: 2014 Month: 7 X-DOI: 10.1080/15536548.2014.952963 File-URL: http://hdl.handle.net/10.1080/15536548.2014.952963 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:3:p:138-152 Template-Type: ReDIF-Article 1.0 Author-Name: Adolfo S. Coronado Author-X-Name-First: Adolfo S. Author-X-Name-Last: Coronado Title: CCNP Security IPS 642-627 Official Cert Guide Journal: Journal of Information Privacy and Security Pages: 153-155 Issue: 3 Volume: 10 Year: 2014 Month: 7 X-DOI: 10.1080/15536548.2014.952598 File-URL: http://hdl.handle.net/10.1080/15536548.2014.952598 File-Format: text/html File-Restriction: Access to full text is restricted to subscribers. Handle: RePEc:taf:uipsxx:v:10:y:2014:i:3:p:153-155