Search results
1 – 10 of 19Ruti Gafni and Yair Levy
While data breaches are reported daily, organizations are struggling with quantifying their cybersecurity posture. This paper aims to introduce the Universal Cybersecurity…
Abstract
Purpose
While data breaches are reported daily, organizations are struggling with quantifying their cybersecurity posture. This paper aims to introduce the Universal Cybersecurity Footprint Index (UCFI), an organizational measure of Cybersecurity Footprint. The UCFI helps organizations understand the challenges related to their overall cybersecurity posture and be able to assess it for their supply chain cybersecurity. The Theory of Cybersecurity Footprint states that the risk and damage that can be caused by an attacked organization are not related to the size of the organization but to a range of parameters that may affect the interconnected entities in their supply chain.
Design/methodology/approach
Based on the 26 elements found in prior research, a survey was conducted, using 27 subject matter experts to reveal the most relevant elements and then specify their importance level to calculate their relative weight.
Findings
Results indicated that 20 of the 26 elements were validated, and their weights were calculated. Finally, an equation representing the UCFI for an organization is introduced.
Practical implications
Organizations can choose their partners according to a minimum value of the UCFI to reduce their cybersecurity risks.
Social implications
Supply chain cybersecurity incidents have demonstrated in the past several years to provide a massive impact on society. Thus, further assisting in mitigation of cyberattacks to the supply chain is significant.
Originality/value
This research aims to provide further assistance for organizations in quantifying their cybersecurity footprint in effort to help reduce cyber incidents, especially those for small organizations.
Details
Keywords
Ruti Gafni and Yair Levy
Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate…
Abstract
Purpose
Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate the role of AI in automating many of the routine tasks associated with cybersecurity. As such, AI enables cybersecurity personnel to reduce their workloads and focus on more strategic aspects of their work.
Design/methodology/approach
This study is an exploratory field study. The authors started by conducting a literature review to assess the possibility that AI tools can provide and how they can improve cybersecurity efficacy. Following this, the authors identified the specific core tasks for two cybersecurity work roles (technical and managerial) and searched for specific commercial tools that can perform each of the tasks. Then, the authors used the free ChatGPT 3.5 to list the current cybersecurity systems that use AI for the associated tasks, which the authors then reviewed with the tools’ documentation and websites to confirm these tasks were conducted or assisted by AI.
Findings
Results indicated that all 14 cybersecurity tasks of the technical work role are currently noted to be performed by commercial cybersecurity systems with AI-integrated capabilities, while only 11 of the 17 managerial work role tasks currently appear to be performed by AI.
Practical implications
The rapid integration of AI capabilities into commercial cybersecurity systems may suggest that the cybersecurity workforce must be currently trained on how to use AI tools in their daily operations, especially as it pertains to technical cybersecurity work roles.
Social implications
The cybersecurity workforce shortage is reported to exceed four million cybersecurity workers worldwide in 2023. Thus, further understanding of the role of AI in improving the efficiency of technical and managerial cybersecurity tasks is significant.
Originality/value
The value of this research lies in the initial assessment of the current AI capabilities of commercial cybersecurity systems, which will ultimately provide the “super-human” performances resulting from human-AI teaming.
Details
Keywords
Melissa Carlton, Yair Levy and Michelle Ramim
Users’ mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in…
Abstract
Purpose
Users’ mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in substantial financial and intellectual property losses. This paper aims to design, develop and empirically test a set of scenarios-based hands-on tasks to measure the cybersecurity skills of non-information technology (IT) professionals.
Design/methodology/approach
This study was classified as developmental in nature and used a sequential qualitative and quantitative method to validate the reliability of the Cybersecurity Skills Index (CSI) as a prototype-benchmarking tool. Next, the prototype was used to empirically test the demonstrated observable hands-on skills level of 173 non-IT professionals.
Findings
The importance of skills and hands-on assessment appears applicable to cybersecurity skills of non-IT professionals. Therefore, by using an expert-validated set of cybersecurity skills and scenario-driven tasks, this study established and validated a set of hands-on tasks that measure observable cybersecurity skills of non-IT professionals without bias or the high-stakes risk to IT.
Research limitations/implications
Data collection was limited to the southeastern USA and while the sample size of 173 non-IT professionals is valid, further studies are required to increase validation of the results and generalizability.
Originality/value
The validated and reliable CSI operationalized as a tool that measures the cybersecurity skills of non-IT professionals. This benchmarking tool could assist organizations with mitigating threats due to vulnerabilities and breaches caused by employees due to poor cybersecurity skills.
Details
Keywords
Molly Cooper, Yair Levy, Ling Wang and Laurie Dringus
This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.
Abstract
Purpose
This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.
Design/methodology/approach
This study has three phases. The first phase included 32 subject matter experts that provided feedback toward a phishing alert and warning system. The second phase included development and a pilot study to validate a phishing alert and warning system prototype. The third phase included delivery of the Phishing Alert and Warning System (PAWSTM mobile app) to 205 participants. This study designed, developed, as well as empirically tested the PAWSTM mobile app that alerted and warned participants to the signs of phishing in emails on mobile devices.
Findings
The results of this study indicated audio alerts and visual warnings potentially lower phishing susceptibility in emails. Audiovisual warnings appeared to assist study participants in noticing phishing emails more easily and in less time than without audiovisual warnings.
Practical implications
This study's implications to mitigation of phishing emails are key, as it appears that alerts and warnings added to email applications may play a significant role in the reduction of phishing susceptibility.
Originality/value
This study extends the existing information security body of knowledge on phishing prevention and awareness by using audiovisual alerts and warnings to email recipients tested in real-life applications.
Details
Keywords
Yair Levy and Ruti Gafni
This paper aims to introduce the concept of cybersecurity footprint.
Abstract
Purpose
This paper aims to introduce the concept of cybersecurity footprint.
Design/methodology/approach
Characteristics of cybersecurity footprint are presented based on documented cases, and the domino effect of cybersecurity is illustrated. Organizational and individual cybersecurity footprints are outlined. Active and passive – digital vs cybersecurity footprints are then reviewed. Taxonomy of aware/unaware vs active/passive cybersecurity footprints are presented, followed by brief discussion of the implications for future research.
Findings
The concept of cybersecurity footprint is defined, and the evidence from prior cyber incidents is shown to emphasize the concept. Smaller organizations may have a large cybersecurity footprint, whereas larger organizations may have smaller one. Cyberattacks are focusing on the individuals or small organizations that are in the supply chain of larger organizations causing the domino effect.
Practical implications
Implications of cybersecurity footprint to individuals, organizations, societies and governments are discussed. The authors present organizations with ways to lower cybersecurity footprint along with recommendations for future research.
Social implications
Cybersecurity has a significant social implication worldwide, as the world is becoming cyber dependent. With the authors’ introduction of the cybersecurity footprint concept and call to further understand how organizations can measure and reduce it, the authors envision it as another perspective of assessing cyber risk and further help mitigate future cyber incidents.
Originality/value
This paper extends the existing information and computer security body of knowledge on the concept of cybersecurity footprint with illustrated cases.
Details
Keywords
Anthony Duke Giwah, Ling Wang, Yair Levy and Inkyoung Hur
The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user…
Abstract
Purpose
The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobile technology.
Design/methodology/approach
This study was an empirical study that gathered survey data from 390 mobile users. Delphi study and pilot study were conducted prior to the main survey study. Partial Least Square Structural Equation Modeling was used to analyze the survey data after conducting pre-analysis data screening.
Findings
This study shows that information security training programs must be designed by practitioners to target the mobile self-efficacy (MSE) of device users. It also reveals that practitioners must design mobile device management systems along with processes and procedures that guides users to take practical steps at protecting their devices. This study shows the high impact of MSE on users’ protection motivation (PM) to protect their mobile devices. Additionally, this study reveals that the PM of users influences their usage of mobile device security.
Originality/value
This study makes theoretical contributions to the existing information security literature. It confirms PM theory’s power to predict user behavior within the context of mobile device security usage. Additionally, this study investigates mobile users’ actual security usage. Thus, it goes beyond users’ intention.
Details
Keywords
Yair Levy, Michelle M. Ramim, Steven M. Furnell and Nathan L. Clarke
Concerns for information security in e‐learning systems have been raised previously. In the pursuit for better authentication approaches, few schools have implemented students'…
Abstract
Purpose
Concerns for information security in e‐learning systems have been raised previously. In the pursuit for better authentication approaches, few schools have implemented students' authentication during online exams beyond passwords. This paper aims to assess e‐learners' intention to provide multibiometric data and use of multibiometrics during online exams.
Design/methodology/approach
Based on data collected from 163 e‐learners from two institutions, the authors compared such measures when provided by their university versus by a third‐party service vendor. The multibiometrics discussed included fingerprint, face, and voice recognition.
Findings
The results show a clear indication by the learners that they are significantly more willing to provide their biometric data and intend to use multibiometrics when provided by their university compared with same services provided by a third‐party vendor.
Research limitations/implications
Research implications include the need for better understanding of multibiometrics implementations in educational settings.
Practical implications
The findings are profound for vendors of multibiometrics as they must adjust their approach when implementing such technologies at higher educational institutions, rather than simply opt to license the use of such solutions and to host them.
Originality/value
This study helps higher educational institutions better understand that learners do not appear to object to the use of multibiometrics technologies during online exams, rather the way in which such technologies are implemented and managed on‐campus.
Details
Keywords
– The purpose of this paper is to investigate the effect of information quality (IQ) on citizens ' trust in e-government systems.
Abstract
Purpose
The purpose of this paper is to investigate the effect of information quality (IQ) on citizens ' trust in e-government systems.
Design/methodology/approach
This study used a mixed-method approach. In the first phase, the study drew IQ characteristics from the literature pool and then administered a qualitative questionnaire to a sample of 20 citizens who use e-government systems. In the second phase, the study delivered a quantitative survey via web to a group of about 1,000 citizens.
Findings
This two-phased study uncovered citizens ' perceived IQ factors and determined the influence of the IQ factors on trust in e-government systems.
Research limitations/implications
There were some limitations to the study. Citizen ' s demographics, along with the type of e-government interaction, were not taken into consideration.
Practical implications
Understanding IQ characteristics that improve trust would enhance the relationship between citizens and e-government systems, as well as aide in the design and development of such systems.
Originality/value
This paper applied an established IQ framework, and used the value focus approach in assessing IQ characteristics that effect citizens ' trust in e-government systems.
Details