Information and Computer Security

A collaborative cybersecurity framework for higher education

Ahmed Ali Otoom, Issa Atoum, Heba Al-Harahsheh, Mahmoud Aljawarneh, Mohammed N. Al Refai, Mahmoud Baklizi

The purpose of this paper is to present the educational computer emergency response team (EduCERT) framework, an integrated response mechanism to bolster national cybersecurity…

Validating and extending the unified model of information security policy compliance

Marcus Gerdin

The purpose of this study is to further validate and extend the unified model of information security policy compliance (UMISPC) developed by Moody et al. (2018).

Large-scale agile security practices in software engineering

Cláudia Ascenção, Henrique Teixeira, João Gonçalves, Fernando Almeida

Security in large-scale agile is a crucial aspect that should be carefully addressed to ensure the protection of sensitive data, systems and user privacy. This study aims to…

How demographic and appearance cues of a potential social engineer influence trust perception and risk-taking among targets?

Israa Abuelezz, Mahmoud Barhamgi, Armstrong Nhlabatsi, Khaled Md. Khan, Raian Ali

The aim of this study is to investigate how the demographics and appearance cues of potential social engineers influence the likelihood that targets will trust them and accept…

Comparing experts’ and users’ perspectives on the use of password workarounds and the risk of data breaches

Michael J Rooney, Yair Levy, Wei Li, Ajoy Kumar

The increased use of Information Systems (IS) as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password…

Unraveling the dynamics of password manager adoption: a deeper dive into critical factors

Xiaoguang Tian

The purpose of this study is to comprehensively explore the password manager adoption landscape, delving into crucial factors such as performance, trust, social influence…

Understanding the factors that motivate South African home fibre users to protect their home networking devices: a protection motivation theory

Luzuko Tekeni, Reinhardt A. Botha

As home users are increasingly responsible for securing their computing devices and home networks, there is a growing need to develop interventions to assist them in protecting…

The effects of persuasion principles on perceived honesty during shoulder surfing attacks

Keith S. Jones, McKenna K. Tornblad, Miriam E. Armstrong, Jinwoo Choi, Akbar Siami Namin

This study aimed to investigate how honest participants perceived an attacker to be during shoulder surfing scenarios that varied in terms of which Principle of Persuasion in…

Understanding information security awareness: evidence from the public healthcare sector

Martina Neri, Elisabetta Benevento, Alessandro Stefanini, Davide Aloini, Federico Niccolini, Annalaura Carducci, Ileana Federigi, Gianluca Dini

Information security awareness (ISA) mainly refers to those aspects that need to be addressed to effectively respond to information security challenges. This research used focus…

Hey “CSIRI”, should I report this? Investigating the factors that influence employees to report cyber security incidents in the workplace

Kristiina Ahola, Marcus Butavicius, Agata McCormac, Daniel Sturman

Cyber security incidents pose a major threat to organisations. Reporting cyber security incidents and providing organisations with information about their true nature, type and…

Expressing opinions about information security in an organization: the spiral of silence theory perspective

Gregor Petrič, Špela Orehek

Expressing views on organizational information security (IS) by employees is vital for improving security processes, policies and trainings, while non-communication may conceal…

Trends and challenges in research into the human aspects of ransomware: a systematic mapping study

Garret Murray, Malin Falkeling, Shang Gao

The purpose of this paper is to provide an overview of the trends and challenges relating to research into the human aspects of ransomware.

A taxonomy of factors that contribute to organizational Cybersecurity Awareness (CSA)

Joakim Kävrestad, Felicia Burvall, Marcus Nohlberg

Developing cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and…

Cybersecurity in digital supply chains in the procurement process: introducing the digital supply chain management framework

Mari Aarland

This paper aims to explore the cybersecurity challenges the electric power industry faces due to its increased reliance on digital supply chains (DSCs), focusing on the…

Human-centric cyber security: Applying protection motivation theory to analyse micro business owners’ security behaviours

Hassan Jamil, Tanveer Zia, Tahmid Nayeem, Monica T. Whitty, Steven D'Alessandro

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However…

Information security policy effectiveness: a managerial perspective of the financial industry in Vietnam

Thai Pham, Farkhondeh Hassandoust

Information security (InfoSec) policy violations are of great concern to all organisations worldwide, especially in the financial industry. Although the importance of InfoSec…

Human factors in remote work: examining cyber hygiene practices

Tuğçe Karayel, Bahadır Aktaş, Adem Akbıyık

The purpose of this paper is to investigate the cyber hygiene practices of remote workers.