Search results

This study aimed to investigate how honest participants perceived an attacker to be during shoulder surfing scenarios that varied in terms of which Principle of Persuasion in Social Engineering (PPSE) was used, whether perceived honesty changed as scenarios progressed, and whether any changes were greater in some scenarios than others.

Participants read one of six shoulder surfing scenarios. Five depicted an attacker using one of the PPSEs. The other depicted an attacker using as few PPSEs as possible, which served as a control condition. Participants then rated perceived attacker honesty.

The results revealed honesty ratings in each condition were equal during the beginning of the conversation, participants in each condition perceived the attacker to be honest during the beginning of the conversation, perceived attacker honesty declined when the attacker requested the target perform an action that would afford shoulder surfing, perceived attacker honesty declined more when the Distraction and Social Proof PPSEs were used, participants perceived the attacker to be dishonest when making such requests using the Distraction and Social Proof PPSEs and perceived attacker honesty did not change when the attacker used the target’s computer.

To the best of the authors’ knowledge, this experiment is the first to investigate how persuasion tactics affect perceptions of attackers during shoulder surfing attacks. These results have important implications for shoulder surfing prevention training programs and penetration tests.

This study aims to examine how social engineers use persuasion principles during vishing attacks.

In total, 86 examples of real-world vishing attacks were found in articles and videos. Each example was coded to determine which persuasion principles were present in that attack and how they were implemented, i.e. what specific elements of the attack contributed to the presence of each persuasion principle.

Authority (A), social proof (S) and distraction (D) were the most widely used persuasion principles in vishing attacks, followed by liking, similarity and deception (L). These four persuasion principles occurred in a majority of vishing attacks, while commitment, reciprocation and consistency (C) did not. Further, certain sets of persuasion principles (i.e. authority, distraction, liking, similarity, and deception and social proof; , authority, commitment, reciprocation, and consistency, distraction, liking, similarity and deception, and social proof; and authority, distraction and social proof) were used more than others. It was noteworthy that despite their similarities, those sets of persuasion principles were implemented in different ways, and certain specific ways of implementing certain persuasion principles (e.g. vishers claiming to have authority over the victim) were quite rare.

To the best of authors’ knowledge, this study is the first to investigate how social engineers use persuasion principles during vishing attacks. As such, it provides important insight into how social engineers implement vishing attacks and lays a critical foundation for future research investigating the psychological aspects of vishing attacks. The present results have important implications for vishing countermeasures and education.

Nonexperts do not always follow the advice in cybersecurity warning messages. To increase compliance, it is recommended that warning messages use nontechnical language, describe how the cyberattack will affect the user personally and do so in a way that aligns with how the user thinks about cyberattacks. Implementing those recommendations requires an understanding of how nonexperts think about cyberattack consequences. Unfortunately, research has yet to reveal nonexperts’ thinking about cyberattack consequences. Toward that end, the purpose of this study was to examine how nonexperts think about cyberattack consequences.

Nonexperts sorted cyberattack consequences based on perceived similarity and labeled each group based on the reason those grouped consequences were perceived to be similar. Participants’ labels were analyzed to understand the general themes and the specific features that are present in nonexperts’ thinking.

The results suggested participants mainly thought about cyberattack consequences in terms of what the attacker is doing and what will be affected. Further, the results suggested participants thought about certain aspects of the consequences in concrete terms and other aspects of the consequences in general terms.

This research illuminates how nonexperts think about cyberattack consequences. This paper also reveals what aspects of nonexperts’ thinking are more or less concrete and identifies specific terminology that can be used to describe aspects that fall into each case. Such information allows one to align warning messages to nonexperts’ thinking in more nuanced ways than would otherwise be possible.

The purpose of this paper is to present results of an action research addressing climate change adaptation of selected social housing stock in the UK. Climate change continues to pose major challenges to those responsible for the management of built assets. The adaptation required to address long-term building performance affected by climate change rarely get prioritised above more immediate, short-term needs (general built asset management needs).

The study adopts an in-depth participatory action research with a London-based social landlord and integrates climate change adaptation framework and performance-based model established through author’s previous research projects.

A staged process for including adaptation measures in built asset management strategy is developed along with metrics to analyse the performance of the housing stock against climate change impact of flooding. The prioritisation of adaptation measure implementation into long-term built asset management plans was examined through cost-based appraisal.

The research was carried out with a singular organisation, already acquainted with potential climate change impact, vulnerability and adaptive capacity assessment. The process adopted will differ for similar organisation in the sector with different settings and limited working knowledge of climate change impact assessment.

The paper concludes with a ten-step process developed as an aide memoir to guide social landlords through the climate change adaptation planning process.

In addition to the practical results from the study, the paper outlines a novel process that integrates resilience concepts, risk framing (to climate change impact) and performance management into built asset management (maintenance and refurbishment) planning.

In the last four years, since Volume I of this Bibliography first appeared, there has been an explosion of literature in all the main functional areas of business. This wealth of material poses problems for the researcher in management studies — and, of course, for the librarian: uncovering what has been written in any one area is not an easy task. This volume aims to help the librarian and the researcher overcome some of the immediate problems of identification of material. It is an annotated bibliography of management, drawing on the wide variety of literature produced by MCB University Press. Over the last four years, MCB University Press has produced an extensive range of books and serial publications covering most of the established and many of the developing areas of management. This volume, in conjunction with Volume I, provides a guide to all the material published so far.

Aim of the present monograph is the economic analysis of the role of MNEs regarding globalisation and digital economy and in parallel there is a reference and examination of some legal aspects concerning MNEs, cyberspace and e‐commerce as the means of expression of the digital economy. The whole effort of the author is focused on the examination of various aspects of MNEs and their impact upon globalisation and vice versa and how and if we are moving towards a global digital economy.

This paper aims to investigate how digital capabilities associated with building information modelling (BIM) can integrate a wide range of information to improve built asset management (BAM) decision-making during the in-use phase of hospital buildings.

A comprehensive document analysis and a participatory case study was undertaken with a regional NHS hospital to review the type of information that can be used to better inform BAM decision-making to develop a conceptual framework to improve information use during the health-care BAM process, test how the conceptual framework can be applied within a BAM division of a health-care organisation and develop a cloud-based BIM application.

BIM has the potential to facilitate better informed BAM decision-making by integrating a wide range of information related to the physical condition of built assets, resources available for BAM and the built asset’s contribution to health-care provision within an organisation. However, interdepartmental information sharing requires a significant level of time and cost investment and changes to information gathering and storing practices within the whole organisation.

This research demonstrated that the implementation of BIM during the in-use phase of hospital buildings is different to that in the design and construction phases. At the in-use phase, BIM needs to integrate and communicate information within and between the estates, facilities division and other departments of the organisation. This poses a significant change management task for the organisation’s information management systems. Thus, a strategically driven top-down organisational approach is needed to implement BIM for the in-use phase of hospital buildings.