Search results

1 – 10 of 13
Per page
102050
Citations:
Loading...
Access Restricted. View access options
Article
Publication date: 1 December 2004

Hein S. Venter, Martin S. Olivier and Jan H.P. Eloff

It is well‐known that the primary threat against misuse of private data about individuals is present within the organisation; proposes a system that uses intrusion detection…

1067

Abstract

It is well‐known that the primary threat against misuse of private data about individuals is present within the organisation; proposes a system that uses intrusion detection system (IDS) technologies to help safeguard such private information. Current IDSs attempt to detect intrusions on a low level whereas the proposed privacy IDS (PIDS) attempts to detect intrusions on a higher level. Contains information about information privacy and privacy‐enhancing technologies, the role that a current IDS could play in a privacy system, and a framework for a privacy IDS. The system works by identifying anomalous behaviour and reacts by throttling access to the data and/or issuing reports. It is assumed that the private information is stored in a central networked repository. Uses the proposed PIDS on the border between this repository and the rest of the organisation to identify attempts to misuse such information. A practical prototype of the system needs to be implemented in order to determine and test the practical feasibility of the system. Provides a source of information and guidelines on how to implement a privacy IDS based on existing IDSs.

Details

Internet Research, vol. 14 no. 5
Type: Research Article
ISSN: 1066-2243

Keywords

Access Restricted. View access options
Article
Publication date: 1 August 2001

Reinhardt A. Botha and Jan H.P. Eloff

Workflow systems are often associated with business process re‐engineering (BPR). This paper argues that the functional access control requirements in workflow systems are rooted…

1226

Abstract

Workflow systems are often associated with business process re‐engineering (BPR). This paper argues that the functional access control requirements in workflow systems are rooted in the scope of a BPR project. A framework for access control in workflow systems is developed. The framework suggests that existing role‐based access control mechanisms can be used as a foundation in workflow systems. The framework separates the administration‐time and the run‐time aspects. Key areas that must be investigated to meet the functional requirements imposed by workflow systems on access control services are identified.

Details

Information Management & Computer Security, vol. 9 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

Access Restricted. View access options
Article
Publication date: 17 June 2019

Estee van der Walt and Jan Eloff

This paper aims to describe requirements for a model that can assist in identity deception detection (IDD) on social media platforms (SMPs). The model that was discovered…

303

Abstract

Purpose

This paper aims to describe requirements for a model that can assist in identity deception detection (IDD) on social media platforms (SMPs). The model that was discovered demonstrates the usefulness of the requirements. The aim of the model is to identify humans lying about their identity on SMPs.

Design/methodology/approach

The requirements of a model for IDD will be determined through a literature study combined with a study that identifies currently available identity related metadata on SMPs. This metadata refers to the attributes that describe a user account on an SMP. The aim is to restrict IDD to be only based on these types of attributes, as opposed to or combined with the contents of a single or multiple communications.

Findings

Data science experiments were conducted and in particular supervised machine learning models were discovered that indeed detects identity deception on SMPs with an area under the receiver operator characteristics curve (ROC-AUC) of 75.5 per cent.

Originality/value

SMPs allow any user to easily communicate with their friends or the general public at large. People can now be targeted at great scale, most often for malicious purposes. The reality is that many of these cyber-attacks involve some form of identity deception, where the attackers lie about who they are. Much focus to date has been on the identification of non-human deceptive accounts. This paper focuses on deceptive human accounts that target vulnerable individuals on SMPs.

Details

Information & Computer Security, vol. 27 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Access Restricted. View access options
Article
Publication date: 1 December 1970

‘A MAP OF THE WORLD that does not include Utopia is not worth glancing at’ wrote Oscar Wilde. ‘It leaves out the one country at which humanity is always landing. And when it lands…

133

Abstract

‘A MAP OF THE WORLD that does not include Utopia is not worth glancing at’ wrote Oscar Wilde. ‘It leaves out the one country at which humanity is always landing. And when it lands there it looks out and, seeing a better country, sets sail again. Progress is the realization of Utopias’.

Details

Work Study, vol. 19 no. 12
Type: Research Article
ISSN: 0043-8022

Access Restricted. View access options
Article
Publication date: 4 June 2020

Antonia Michael and Jan Eloff

Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat…

411

Abstract

Purpose

Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an “Insider IT Sabotage” threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not technical but rather behavioural. The problem is that owing to the high volume and complexity of emails, the risk of insider IT sabotage cannot be diminished with rule-based approaches.

Design/methodology/approach

Malicious human behaviours that insiders within the insider IT sabotage category would possess are studied and mapped to phrases that would appear in email communications. A large email data set is classified according to behavioural characteristics of these employees. Machine learning algorithms are used to identify occurrences of this insider threat type. The accuracy of these approaches is measured.

Findings

It is shown in this paper that suspicious behaviour of disgruntled employees can be discovered, by means of machine intelligence techniques. The output of the machine learning classifier depends mainly on the depth and quality of the phrases and behaviour analysis, cleansing and number of email attributes examined. This process of labelling content in isolation could be improved if other attributes of the email data are included, such that a confidence score can be computed for each user.

Originality/value

This research presents a novel approach to show that the creation of a prototype that can automate the detection of insider IT sabotage within email systems to mitigate the risk within organizations.

Details

Information & Computer Security, vol. 28 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Available. Open Access. Open Access
Article
Publication date: 16 August 2021

Jan-Halvard Bergquist, Samantha Tinet and Shang Gao

The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.

2449

Abstract

Purpose

The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.

Design/methodology/approach

To address the purpose of this research, a case study in a Swedish municipality was conducted. Data was collected through a mixture of techniques such as literature, document and website review. Empirical data was collected through interviews with 11 employees working within 7 different sections of the municipality.

Findings

This study resulted in an information classification model that is tailored to the specific needs of Swedish municipalities. In addition, a set of steps for tailoring an information classification model to suit a specific public organization are recommended. The findings also indicate that for a successful information classification it is necessary to educate the employees about the basics of information security and classification and create an understandable and unified information security language.

Practical implications

This study also highlights that to have a tailored information classification model, it is imperative to understand the value of information and what kind of consequences a violation of established information security principles could have through the perspectives of the employees.

Originality/value

It is the first of its kind in tailoring an information classification model to the specific needs of a Swedish municipality. The model provided by this study can be used as a tool to facilitate a common ground for classifying information within all Swedish municipalities, thereby contributing the first step toward a Swedish municipal model for information classification.

Access Restricted. View access options
Article
Publication date: 10 October 2008

Janne Merete Hagen, Eirik Albrechtsen and Jan Hovden

The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.

7298

Abstract

Purpose

The purpose of this paper is to study the implementation of organizational information security measures and assess the effectiveness of such measures.

Design/methodology/approach

A survey was designed and data were collected from information security managers in a selection of Norwegian organizations.

Findings

Technical‐administrative security measures such as security policies, procedures and methods are the most commonly implemented organizational information security measures in a sample of Norwegian organizations. Awareness‐creating activities are applied by the organizations to a considerably lesser extent, but are at the same time these are assessed as being more effective organizational measures than technical‐administrative ones. Consequently, the study shows an inverse relationship between the implementation of organizational information security measures and assessed effectiveness of the organizational information security measures.

Originality/value

Provides insight into the non‐technological side of information security. While most other studies look at the effectiveness of single organizational security measures, the present study considers combinations of organizational security measures.

Details

Information Management & Computer Security, vol. 16 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Access Restricted. View access options
Article
Publication date: 1 October 2009

G.K. Goldswain

This study analyses and discusses the application and constitutionality of the general onus of proof provision (section 82 of the Income Tax Act 58 of 1962 [the “Act”]), the…

502

Abstract

This study analyses and discusses the application and constitutionality of the general onus of proof provision (section 82 of the Income Tax Act 58 of 1962 [the “Act”]), the presumption in favour of the State when criminal sanctions are applied to an offending taxpayer (section 104(2) of the Act) and the mechanics for imposing administrative sanctions in terms of section 76(1)(b) of the Act. The conclusion reached is that the reverse onus presumption, as provided for in terms of section 104(2) of the Act, is unconstitutional. It is penal in nature and offends against the constitutional right of an accused to a fair trial (sections 35(3) of the Constitution of the Republic of South Africa Act, 108 of 1996 [the “Constitution”]). The section 36 limitation of rights clause of the Constitution does not save it. Section 76(1)(b) of the Act read in conjunction with the deeming provision of section 76(5) of the Act, is inextricably linked to the section 82 general reverse onus provision of the Act. Hence, when these three sections are applied together, they create a reverse onus that, prima facie, violates the right to just administrative action (section 33 of the Constitution). Regarding the general reverse onus burden as provided for in terms of section 82 of the Act, the conclusion reached is that it is reasonable and justifiable in an open and democratic society and can therefore be regarded as constitutional.

Details

Meditari Accountancy Research, vol. 17 no. 2
Type: Research Article
ISSN: 1022-2529

Keywords

Access Restricted. View access options
Article
Publication date: 11 February 2019

Sheshadri Chatterjee

The purpose of this study is to identify how the privacy policy can be framed for protection of personal data and how the latest judgement of full bench of Supreme Court of India…

1401

Abstract

Purpose

The purpose of this study is to identify how the privacy policy can be framed for protection of personal data and how the latest judgement of full bench of Supreme Court of India has dealt with right to privacy in India.

Design/methodology/approach

The study uses the latest Supreme Court judgement on right to privacy and historical cases on right to privacy in India. This paper uses Indian Constitution as a source of Information for study along with case laws and judgements of different courts in India.

Findings

This paper tries to find if personal data privacy is a fundamental right in India. In addition, the paper provides recommendations to different concerned authorities on protecting personal information in online platform.

Research limitations/implications

This study deals with privacy issues so far as Indian citizens are concerns and does not focus on other countries. Moreover, the study tries to understand the issue of fundamental rights from Indian Constitution perspective. In addition, the recommendations provided to the policymakers and other authorities of India have wide implications for formulation of new policy and management of personal data, so that it should not go to wrong hands and the personal data and privacy is protected of the citizens.

Practical implications

Millions of people put their personal information in online platform. In addition, there are few government initiatives in India such as Aadhaar card where the biometric information is taken from the residents of India, and in many cases, the personal data are compromised under various circumstances. As the personal data of the citizens are in question, thus the study has direct practical implication mainly for all the citizens whose personal data are available in online platform.

Social implications

This study has social implication as it dealt with the “personal data” of the citizens of India. As the paper discusses the issue of protection of personal data in the context of right to privacy, thus this study has a direct social impact so far as online citizen of India is concerned.

Originality/value

This paper is timely, original and discusses the contemporary issue of online data privacy and fundamental right in India. This paper is a useful resource for the researchers, policymakers and online users who deal with personal data-, right to privacy and data privacy policy-related areas.

Details

International Journal of Law and Management, vol. 61 no. 1
Type: Research Article
ISSN: 1754-243X

Keywords

Available. Open Access. Open Access
Article
Publication date: 5 July 2024

Garret Murray, Malin Falkeling and Shang Gao

The purpose of this paper is to provide an overview of the trends and challenges relating to research into the human aspects of ransomware.

642

Abstract

Purpose

The purpose of this paper is to provide an overview of the trends and challenges relating to research into the human aspects of ransomware.

Design/methodology/approach

A systematic mapping study was carried out to investigate the trends in studies into the human aspects of ransomware, identify challenges encountered by researchers and propose directions for future research. For each of the identified papers from this study, the authors mapped the year of publication, the type of paper, research strategy and data generation method, types of participants included, theories incorporated and lastly, the authors mapped the challenges encountered by the researchers.

Findings

Fifty-nine papers published between 2006 and 2022 are included in the study. The findings indicate that literature on the human aspects of ransomware was scarce prior to 2016. The most-used participant groups in this area are students and cybersecurity professionals, and most studies rely on a survey strategy using the questionnaire to collect data. In addition, many papers did not use theories for their research, but from those that did, game theory was used most often. Furthermore, the most reported challenge is that being hit with ransomware is a sensitive topic, which results in individuals and organisations being reluctant to share their experiences.

Research limitations/implications

This mapping study reveals that the body of literature in the area of human aspects of ransomware has increased over the past couple of years. The findings highlight that being transparent about ransomware attacks, when possible, can help others. Moreover, senior management plays an important role in shaping the information security culture of an organisation, whether to have a culture of transparency or of secrecy.

Originality/value

This study is the first of its kind of systematic mapping studies contributing to the body of knowledge on the human aspects of ransomware.

Details

Information & Computer Security, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2056-4961

Keywords

1 – 10 of 13
Per page
102050