Search results

This paper aims to propose a tool to help policy makers understand the dynamic relationships between security and privacy on a strategic (macro) level.

The methodology is ported from the discipline of Macroeconomics, and applied to the information security and privacy domain. The methodology adopted is the so‐called “cross methodology” which claims ownership of the well‐known supply/demand market equilibrium exercise.

Early evaluation reveals that this is a potentially very effective tool in understanding societal behaviour and position towards information security and privacy and therefore makes this a suitable tool for investigating and exploring scenarios that can assist in policy making.

Up to date, research on the economics of security and privacy has been primarily focusing on a micro level. The main contribution of this paper is a methodology for investigating privacy and security on a macro level. We believe that our approach in undertaking this research is new and looking at the issues and relationships between security and privacy at a macro level, gives a better understanding of the problems at hand and how to resolve them.

The proposed tool may increase the efficiency of policy making and planning as it enables the policy makers on a governmental and strategic level to run scenarios in order to investigate the effect of their decisions (for example, an introduction of a stricter law relating to computer misuse) to the delicate balance of security and privacy.

This study aims to empirically examine the role of privacy, security, trust and autonomy in Millennials’ continued use of online dating applications. Emerging markets have been famous for their rapid modernization, growth and cultural shifts. Yet, consumer worries about online dating consumption need to be addressed in the literature through a better understanding of their behavioural intentions. This study examines the interplay of the underlying variables by testing a conceptual framework grounded on the theory of reasoned action (TRA), the self-determination theory (SDT) and the information systems continuance theory (ISCT) with regard to an emerging market.

A cross-sectional and quantitative research design is adopted. Using a well-designed structured questionnaire adapted from established scales, data was collected through a survey featuring 332 substantive responses from actively involved Millennial users of online dating apps in India. The data was analysed using confirmatory factor analysis (CFA) and structural equation modelling (SEM) through IBM SPSS AMOS (Analysis of Moment Structures) 24.0 to provide evidence of the reliability and validity of constructs alongside testing the hypothesis in the proposed model. Furthermore, Preacher and Hayes’ (2004) approach is used to explore mediation effects.

The results show that autonomy and trust positively affect the continued use of online dating apps. The study further reveals that autonomous behaviour motivates Millennials to use online dating apps, overriding their concerns for privacy and security. Furthermore, the results indicate that trust fully mediates the relationship between concern for privacy, perceived security and continued usage intention. Therefore, trust affects users’ intentions to continue using online dating apps as it bridges the effect of users’ concern for privacy and the perceived security in the online dating platform, making these dimensions relevant as a whole.

This study provides critical insights into the theory and practice. The findings demonstrate that autonomy is more significant in motivating Millennials to use online dating apps than concerns about privacy and perceptions of security. In addition, trust plays a crucial role in mediating the relationship between these variables. Therefore, app developers, app marketers and app stores can use the findings to motivate Millennials to continue using their platforms by encouraging a sense of freedom and a better inner self, fostering engagement and conveying user trust.

Several studies have investigated the pre-adoption behaviour of users of online dating apps, and little attention has been paid to continuance usage. This study provides a unique theoretical research model and perspective for online dating apps that uncovers the role of concern for privacy, perceived security and trust that affect post-adoption behaviour by integrating the TRA, SDT and ISCT. This integration offers a more futuristic and refined perspective on human behaviour by considering both cognitive and motivational aspects. The study establishes that autonomy outweighs concern for privacy and perceived security.

Contact tracing apps have emerged to collect data and mitigate the spread of infectious diseases. However, privacy and security concerns have caused individuals to hesitate to adopt these solutions. Our objective is to evaluate the role of the political environment, information privacy, security and users’ intentions to use contact tracing apps.

We scraped the digital app store and collected 399 relevant reviews and other data from 21 contact tracing apps in the USA. A semi-supervised machine learning model was developed to extract information on privacy and security aspects from the reviews.

Our findings show a positive connection between security controls and user adoption, as reflected in star ratings. Users residing in states with blue political environments tend to assign higher ratings to apps, especially when robust security controls are in place. These findings confirm the influence of the political environment on the adoption of contact tracing apps. In times of a pandemic, our findings suggest that users prioritize security over privacy concerns, emphasizing the critical role of strong security features in promoting app acceptance.

This paper emphasizes the political environment of the state offering the app intersects with concerns about security and privacy as well as the effectiveness of security and privacy measures, influencing the app’s ratings. Also, it shows the importance of understanding and addressing the role of the political environment when designing and promoting such public health tools, regardless of the specific disease or outbreak.

This study aims to argue that user’s continued use behavior is contingent upon two perceptions (i.e. the app and the provider). This study examines the moderating effects of user’s perceptions of apps and providers on the effects of security and privacy concerns and investigate whether assurance mechanisms decrease such concerns.

This study conducts a scenario-based survey with 694 mobile cloud computing (MCC) app users to understand their perceptions and behaviors.

This study finds that while perceived value of data transfer to the cloud moderates the effects of security and privacy concerns on continued use behavior, trust only moderates the effect of privacy concerns. This study also finds that perceived effectiveness of security and privacy intervention impacts privacy concerns but does not decrease security concerns.

Prior mobile app studies mainly focused on mobile apps and did not investigate the perceptions of app providers along with app features in the same study. Furthermore, International Organization for Standardization 27018 certification and privacy policy notification are the interventions that exhibit data assurance mechanisms. However, it is unknown whether these interventions are able to decrease users’ security and privacy concerns after using MCC apps.

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.

In this research, the authors focus on mobile cloud computing (MCC) collaboration apps that are multiplatform and send the users’ data to the cloud. Despite their benefits, MCC collaboration apps raise privacy concerns, as the users’ information is sent to the cloud where users lack direct control. This study aims to investigate why users disclose information to MCC apps despite privacy concerns and examine the effect of security and assurance mechanisms (i.e. privacy policies and ISO/IEC 27018 certification) on users’ perceptions and information disclosure. Based on three surveys conducted in 2016 (n = 515), 2017 (n = 505) and 2018 (n = 543), this study finds mixed results regarding the relationships among security, assurance mechanisms, utilitarian benefits and information disclosure.

This study conducted three scenario-based surveys in the USA in 2016 (n = 515), 2017 (n = 505) and 2018 (n = 543).

This study finds mixed results of relationships among security, assurance mechanisms, utilitarian benefit and information disclosure.

With proliferation of MCC apps, the investigation of how users make privacy decision to disclose personal information to these apps is sparse. This study, for the first time, investigates whether the signals of assurance mechanism decrease users’ privacy concerns. This study also examines the interplay between security and privacy within information disclosure behavior. Finally, this study was conducted in 3 years to enhance the generalizability and robustness of findings.

The purpose of this paper is to develop an approach for investigating the impact of surveillance technologies used to facilitate security and its effect upon privacy.

The authors develop a methodology by drawing on an isomorphy of concepts from the discipline of Macroeconomics. This proposal is achieved by considering security and privacy as economic goods, where surveillance is seen as security technologies serving identity (ID) management and privacy is considered as being supported by ID assurance solutions.

Reflecting upon Ashby's Law of Requisite Variety, the authors conclude that surveillance policies will not meet espoused ends and investigate an alternative strategy for policy making.

The result of this exercise suggests that the proposed methodology could be a valuable tool for decision making at a strategic and aggregate level.

The paper extends the current literature on economics of privacy by incorporating methods from macroeconomics.

This paper’s purpose is to provide a current best practice approach that can be used to identify and manage bring your own device (BYOD) security and privacy risks faced by organisations that use mobile devices as part of their business strategy. While BYOD deployment can provide work flexibility, boost employees’ productivity and be cost cutting for organisations, there are also many information security and privacy issues, with some widely recognised, and others less understood. This paper focuses on BYOD adoption, and its associated risks and mitigation strategies, investigating how both information security and privacy can be effectively achieved in BYOD environments.

This research paper used a qualitative research methodology, applying the case study approach to understand both organisational and employee views, thoughts, opinions and actions in BYOD environments.

This paper identifies and understands BYOD risks, threats and influences, and determines effective controls and procedures for managing organisational and personal information resources in BYOD.

The scope of this paper is limited to the inquiry and findings from organisations operating in Australia. This paper also suggests key implications that lie within the ability of organisations to adequately develop and deploy successful BYOD management and practices.

This paper expands previous research investigating BYOD practices, and also provides a current best practice approach that can be used by organisations to systematically investigate and understand how to manage security and privacy risks in BYOD environments.

This study investigated the attitudes and concerns of Saudi higher educational institution (HEI) academics about privacy and security in online teaching during the COVID-19 pandemic.

Online Questionnaire questionnaire was designed to explore Saudi HEI academic’s attitudes and concerns about privacy and security issues in online teaching. The questionnaire asked about attitudes and concerns held before the pandemic and since the pandemic. The questionnaire included four sections. At the beginning of the questionnaire, participants were asked what the phrase “online privacy and security” meant to them, to gain an initial understanding of what it meant to academics. A definition for what we intended for the survey was then provided: “that a person’s data, including their identity, is not accessible to anyone other than themselves and others whom they have authorised and that their computing devices work properly and are free from unauthorised interference” (based on my reading of a range of sources, e.g. Schatz et al., 2017; Steinberg, 2019; NCS; Windley, 2005). This was to ensure that participants did understand what I was asking about in subsequent sections.

This study investigated the attitudes and concerns of Saudi HEI academics about privacy and security in online teaching during the COVID-19 pandemic. The findings provide several key insights: Key aspects of online privacy and security for Saudi HEI academics: Saudi HEI academic’s notion of online privacy and security is about the protection of personal data, preventing unauthorized access to data and ensuring the confidentiality and integrity of data. This underscores the significance of robust measures to safeguard sensitive information in online teaching, but also the need to make academics aware of the other aspects of online privacy and security. Potential to improve policies and training about online privacy and security in Saudi HEIs: Although many participants were aware of the online privacy and security policies of their HEI, only a small percentage had received training in this area. Thus, there is a need to improve the development and dissemination of policies and to provide academics with appropriate training in this area and encourage them to take available training. Use of videoconferencing and chat technologies and cultural sensitivities: The study highlighted moderate levels of concern among Saudi HEI academics regarding the use of videoconferencing and online chat technologies, and their concerns about cultural factors around the use of these technologies. This emphasizes the need for online teaching and the growing use of technologies in such teaching to respect cultural norms and preferences, highlighting the importance of fostering a culturally sensitive approach to technology deployment and use. Surprising low webcam use: An unexpected finding is the low use of webcams by both academics and students during online teaching sessions, prompting a need for a deeper understanding of the dynamics surrounding webcam engagement in such sessions. This calls for a reevaluation of the effectiveness of webcam use in the teaching process and underscores the importance of exploring methods for enhancing engagement and interaction in online teaching. In summary, this paper investigated the attitudes and concerns about privacy and security in the online teaching of Saudi HEI academics during the coronavirus pandemic. The study reveals areas where further research and policy development can enhance the online teaching experience. As the education landscape continues to evolve, institutions must remain proactive in addressing the concerns of their academics while fostering a culturally sensitive approach to technology deployment.

One limitation of this study is the relatively small qualitative data sample, despite the adequate size of the sample including 36 academics from various Saudi Arabian HEIs for quantitative analysis. It was necessary to make the most of the open-ended questions optional – participants did not have to answer about concerns if they did not want to, as we did not want to make the questionnaire too long and onerous to complete. Consequently, the number of academics responding to the open-ended questions was limited, emphasizing the need for additional data and alternative research methods to further these issues. The study was focused on investigating the concerns of HEI Saudi academics, recognizing that the attitudes and concerns of academics in other countries may differ. Furthermore, the research also includes an exploration of the changes in academic attitudes and concerns before and since the COVID-19 pandemic, which will be the subject of further data analysis.

This research delves into Saudi HEI academics' perceptions and concerns regarding privacy and security in online education during the COVID-19 Pandemic. Notably, it highlights the moderate priority placed on online privacy and security, the unexpectedly low usage of webcams and the potential for enhancing policies and training. The study emphasizes the necessity for comprehensive measures to protect sensitive data and the importance of tailored policies for educators. It also underscores the need for a more nuanced understanding of webcam usage dynamics, offering valuable insights for institutions aiming to improve online education and address educators' concerns amidst evolving educational landscapes.

The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards.

The paper draws conceptually upon an existing security standard's framework and omissions in information privacy compliance frameworks are recognized. As a result, an extended framework of information security and privacy standards is developed. Moreover, taking into account the different attributes and focus of information privacy as compared to information security, the elicitation of usability criteria for web applications and interfaces that will assist users to protect their privacy, is being proposed.

Within ICT standards numerous information security standards exist, which enable a common understanding of security requirements and promote global rules and practices for security mechanisms. Through their usage, designed information systems ultimately reach a commonly accepted security level and interoperate with other systems in an efficient and secure way. Nevertheless, a similar compliance environment is missing with regard to information privacy. Often security controls are seen as the solution to privacy protection and security compliance frameworks are regarded as guidance to information privacy as well. This is clearly the wrong approach since the main security and privacy attributes are different; information security refers to information stored, processed and transmitted for completing the information system's functions and purpose, while information privacy is the protection of the information's subject identity.

The identified gaps in compliance environments are based on extensive literature review, while the proposed enhancements for the information privacy standards are, at this stage, an opinion‐based piece of work.

Currently, information privacy is treated mostly as a legal compliance requirement and thus is not adequately handled by security standards. The paper provides recommendations and further guidance in managerial, procedural and technical level for handling information privacy.