Search results

1 – 3 of 3
Per page
102050
Citations:
Loading...
Available. Open Access. Open Access
Article
Publication date: 20 June 2019

Per Håkon Meland, Karin Bernsmed, Christian Frøystad, Jingyue Li and Guttorm Sindre

Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing…

4639

Abstract

Purpose

Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing digitalisation and coupling between the cyber and physical world, security has become an additional concern in these industries. The purpose of this paper is to evaluate how well bow-tie analysis performs in the context of security, and the study’s hypothesis is that the bow-tie notation has a suitable expressiveness for security and safety.

Design/methodology/approach

This study uses a formal, controlled quasi-experiment on two sample populations – security experts and security graduate students – working on the same case. As a basis for comparison, the authors used a similar experiment with misuse case analysis, a well-known technique for graphical security modelling.

Findings

The results show that the collective group of graduate students, inexperienced in security modelling, perform similarly as security experts in a well-defined scope and familiar target system/situation. The students showed great creativity, covering most of the same threats and consequences as the experts identified and discovering additional ones. One notable difference was that these naïve professionals tend to focus on preventive barriers, leading to requirements for risk mitigation or avoidance, while experienced professionals seem to balance this more with reactive barriers and requirements for incident management.

Originality/value

Our results are useful in areas where we need to evaluate safety and security concerns together, especially for domains that have experience in health, safety and environmental hazards, but now need to expand this with cybersecurity as well.

Details

Information & Computer Security, vol. 27 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Access Restricted. View access options
Article
Publication date: 28 February 2005

Bernd Carsten Stahl

E‐Teaching as the use of information and communication technology (ICT) in education is of growing importance for educational theory and practice. Many universities and other…

516

Abstract

E‐Teaching as the use of information and communication technology (ICT) in education is of growing importance for educational theory and practice. Many universities and other higher education institutions use ICT to support teaching. However, there are contradicting opinions about the value and outcome of e‐teaching. This paper starts with a review of the literature on e‐teaching and uses this as a basis for distilling success factors for e‐teaching. It then discusses the case study of an e‐voting system used for giving student feedback and marking student presentations. The case study is critically discussed in the light of the success factors developed earlier. The conclusion is that e‐teaching, in order to be successful, should be embedded in the organisational and individual teaching philosophy.

Details

Interactive Technology and Smart Education, vol. 2 no. 1
Type: Research Article
ISSN: 1741-5659

Keywords

Access Restricted. View access options
Article
Publication date: 13 June 2016

Reza Alavi, Shareeful Islam and Haralambos Mouratidis

The purpose of this paper is to introduce a risk-driven investment process model for analysing human factors that allows information security managers to capture possible…

1543

Abstract

Purpose

The purpose of this paper is to introduce a risk-driven investment process model for analysing human factors that allows information security managers to capture possible risk–investment relationships and to reason about them. The overall success of an information security system depends on analysis of the risks and threats so that appropriate protection mechanism can be in place to protect them. However, lack of appropriate analysis of risks may potentially results in failure of information security systems. Existing literature does not provide adequate guidelines for a systematic process or an appropriate modelling language to support such analysis. This work aims to fill this gap by introducing the process and reason about the risks considering human factors.

Design/methodology/approach

To develop risk-driven investment model along with the activities that support the process. These objectives were achieved through the collection of quantitative and qualitative data utilising requirements engineering and secure tropos methods.

Findings

The proposed process and model lead to define a clear relationship between risks, incidents and investment and allows organisations to calculate them based on their own figures.

Research limitations/implications

One of the major limitations of this model is that it only supports incident-based investment. This creates some sort of difficulties to be presented to the executive board. Secondly, because of the nature of human factors, quantification does not exactly reflect the monetary value of the factors.

Practical implications

Applying the information security risk-driven investment model in a real case study shows that this can help organisations apply and use it in other incidents, and more importantly, to the incidents which critical human factors are a grave concern of organisations. The importance of providing a financial justification is clearly highlighted and provided for seeking investment in information security.

Social implications

It has a big social impact that technically could lead for cost justifications and decision-making process. This would impact the whole society by helping individuals to keep their data safe.

Originality/value

The novel contribution of this work is to analyse specific critical human factors which have subjective natures in an objective and dynamic domain of risk, security and investment.

1 – 3 of 3
Per page
102050