Search results

1 – 10 of 29
Article
Publication date: 4 July 2023

Ruti Gafni and Yair Levy

While data breaches are reported daily, organizations are struggling with quantifying their cybersecurity posture. This paper aims to introduce the Universal Cybersecurity…

Abstract

Purpose

While data breaches are reported daily, organizations are struggling with quantifying their cybersecurity posture. This paper aims to introduce the Universal Cybersecurity Footprint Index (UCFI), an organizational measure of Cybersecurity Footprint. The UCFI helps organizations understand the challenges related to their overall cybersecurity posture and be able to assess it for their supply chain cybersecurity. The Theory of Cybersecurity Footprint states that the risk and damage that can be caused by an attacked organization are not related to the size of the organization but to a range of parameters that may affect the interconnected entities in their supply chain.

Design/methodology/approach

Based on the 26 elements found in prior research, a survey was conducted, using 27 subject matter experts to reveal the most relevant elements and then specify their importance level to calculate their relative weight.

Findings

Results indicated that 20 of the 26 elements were validated, and their weights were calculated. Finally, an equation representing the UCFI for an organization is introduced.

Practical implications

Organizations can choose their partners according to a minimum value of the UCFI to reduce their cybersecurity risks.

Social implications

Supply chain cybersecurity incidents have demonstrated in the past several years to provide a massive impact on society. Thus, further assisting in mitigation of cyberattacks to the supply chain is significant.

Originality/value

This research aims to provide further assistance for organizations in quantifying their cybersecurity footprint in effort to help reduce cyber incidents, especially those for small organizations.

Details

Information & Computer Security, vol. 31 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 2 July 2024

Ruti Gafni and Yair Levy

Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate…

Abstract

Purpose

Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate the role of AI in automating many of the routine tasks associated with cybersecurity. As such, AI enables cybersecurity personnel to reduce their workloads and focus on more strategic aspects of their work.

Design/methodology/approach

This study is an exploratory field study. The authors started by conducting a literature review to assess the possibility that AI tools can provide and how they can improve cybersecurity efficacy. Following this, the authors identified the specific core tasks for two cybersecurity work roles (technical and managerial) and searched for specific commercial tools that can perform each of the tasks. Then, the authors used the free ChatGPT 3.5 to list the current cybersecurity systems that use AI for the associated tasks, which the authors then reviewed with the tools’ documentation and websites to confirm these tasks were conducted or assisted by AI.

Findings

Results indicated that all 14 cybersecurity tasks of the technical work role are currently noted to be performed by commercial cybersecurity systems with AI-integrated capabilities, while only 11 of the 17 managerial work role tasks currently appear to be performed by AI.

Practical implications

The rapid integration of AI capabilities into commercial cybersecurity systems may suggest that the cybersecurity workforce must be currently trained on how to use AI tools in their daily operations, especially as it pertains to technical cybersecurity work roles.

Social implications

The cybersecurity workforce shortage is reported to exceed four million cybersecurity workers worldwide in 2023. Thus, further understanding of the role of AI in improving the efficiency of technical and managerial cybersecurity tasks is significant.

Originality/value

The value of this research lies in the initial assessment of the current AI capabilities of commercial cybersecurity systems, which will ultimately provide the “super-human” performances resulting from human-AI teaming.

Article
Publication date: 16 July 2024

Michael J Rooney, Yair Levy, Wei Li and Ajoy Kumar

The increased use of Information Systems (IS) as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password…

Abstract

Purpose

The increased use of Information Systems (IS) as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password entropy, users still often participate in deviant password behaviors, known as “password workarounds” or “shadow security.” These deviant password behaviors can put individuals and organizations at risk, resulting in a data breach. This paper aims to engage IS users and Subject Matter Experts (SMEs), focused on designing, developing and empirically validating the Password Workaround Cybersecurity Risk Taxonomy (PaWoCyRiT) – a 2x2 taxonomy constructed by aggregated scores of perceived cybersecurity risks from Password Workarounds (PWWAs) techniques and their usage frequency.

Design/methodology/approach

This research study was a developmental design conducted in three phases using qualitative and quantitative methods: (1) A set of 10 PWWAs that were identified from the literature were validated by SMEs along with their perspectives on the PWWAs usage and risk for data breach; (2) A pilot study was conducted to ensure reliability and validity and identify if any measurement issues would have hindered the results and (3) The main study data collection was conducted with a large group of IS users, where also they reported on coworkers' engagement frequencies related to the PWWAs.

Findings

The results indicate that statistically significant differences were found between SMEs and IS users in their aggregated perceptions of risks of the PWWAs in causing a data breach, with IS users perceiving higher risks. Engagement patterns varied between the two groups, as well as factors like years of IS experience, gender and job level had statistically significant differences among groups.

Practical implications

The PaWoCyRiT taxonomy that the we have developed and empirically validated is a handy tool for organizational cyber risk officers. The taxonomy provides organizations with a quantifiable means to assess and ultimately mitigate cybersecurity risks.

Social implications

Passwords have been used for a long time to grant controlled access to classified spaces, electronics, networks and more. However, the dramatic increase in user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure a high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. Thus, the taxonomy that the authors have developed and empirically validated provides broader implications for society, as it assists organizations in all industries with the ability to mitigate the risks of data breaches that can result from PWWAs.

Originality/value

The taxonomy the we have developed and validated, the PaWoCyRiT, provides organizations with insights into password-related risks and behaviors that may lead to data breaches.

Details

Information & Computer Security, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 11 February 2019

Melissa Carlton, Yair Levy and Michelle Ramim

Users’ mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in…

2071

Abstract

Purpose

Users’ mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in substantial financial and intellectual property losses. This paper aims to design, develop and empirically test a set of scenarios-based hands-on tasks to measure the cybersecurity skills of non-information technology (IT) professionals.

Design/methodology/approach

This study was classified as developmental in nature and used a sequential qualitative and quantitative method to validate the reliability of the Cybersecurity Skills Index (CSI) as a prototype-benchmarking tool. Next, the prototype was used to empirically test the demonstrated observable hands-on skills level of 173 non-IT professionals.

Findings

The importance of skills and hands-on assessment appears applicable to cybersecurity skills of non-IT professionals. Therefore, by using an expert-validated set of cybersecurity skills and scenario-driven tasks, this study established and validated a set of hands-on tasks that measure observable cybersecurity skills of non-IT professionals without bias or the high-stakes risk to IT.

Research limitations/implications

Data collection was limited to the southeastern USA and while the sample size of 173 non-IT professionals is valid, further studies are required to increase validation of the results and generalizability.

Originality/value

The validated and reliable CSI operationalized as a tool that measures the cybersecurity skills of non-IT professionals. This benchmarking tool could assist organizations with mitigating threats due to vulnerabilities and breaches caused by employees due to poor cybersecurity skills.

Details

Information & Computer Security, vol. 27 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Open Access
Article
Publication date: 14 July 2021

Molly Cooper, Yair Levy, Ling Wang and Laurie Dringus

This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.

1910

Abstract

Purpose

This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.

Design/methodology/approach

This study has three phases. The first phase included 32 subject matter experts that provided feedback toward a phishing alert and warning system. The second phase included development and a pilot study to validate a phishing alert and warning system prototype. The third phase included delivery of the Phishing Alert and Warning System (PAWSTM mobile app) to 205 participants. This study designed, developed, as well as empirically tested the PAWSTM mobile app that alerted and warned participants to the signs of phishing in emails on mobile devices.

Findings

The results of this study indicated audio alerts and visual warnings potentially lower phishing susceptibility in emails. Audiovisual warnings appeared to assist study participants in noticing phishing emails more easily and in less time than without audiovisual warnings.

Practical implications

This study's implications to mitigation of phishing emails are key, as it appears that alerts and warnings added to email applications may play a significant role in the reduction of phishing susceptibility.

Originality/value

This study extends the existing information security body of knowledge on phishing prevention and awareness by using audiovisual alerts and warnings to email recipients tested in real-life applications.

Details

Organizational Cybersecurity Journal: Practice, Process and People, vol. 1 no. 1
Type: Research Article
ISSN: 2635-0270

Keywords

Article
Publication date: 10 March 2021

Yair Levy and Ruti Gafni

This paper aims to introduce the concept of cybersecurity footprint.

1236

Abstract

Purpose

This paper aims to introduce the concept of cybersecurity footprint.

Design/methodology/approach

Characteristics of cybersecurity footprint are presented based on documented cases, and the domino effect of cybersecurity is illustrated. Organizational and individual cybersecurity footprints are outlined. Active and passive – digital vs cybersecurity footprints are then reviewed. Taxonomy of aware/unaware vs active/passive cybersecurity footprints are presented, followed by brief discussion of the implications for future research.

Findings

The concept of cybersecurity footprint is defined, and the evidence from prior cyber incidents is shown to emphasize the concept. Smaller organizations may have a large cybersecurity footprint, whereas larger organizations may have smaller one. Cyberattacks are focusing on the individuals or small organizations that are in the supply chain of larger organizations causing the domino effect.

Practical implications

Implications of cybersecurity footprint to individuals, organizations, societies and governments are discussed. The authors present organizations with ways to lower cybersecurity footprint along with recommendations for future research.

Social implications

Cybersecurity has a significant social implication worldwide, as the world is becoming cyber dependent. With the authors’ introduction of the cybersecurity footprint concept and call to further understand how organizations can measure and reduce it, the authors envision it as another perspective of assessing cyber risk and further help mitigate future cyber incidents.

Originality/value

This paper extends the existing information and computer security body of knowledge on the concept of cybersecurity footprint with illustrated cases.

Article
Publication date: 11 November 2019

Anthony Duke Giwah, Ling Wang, Yair Levy and Inkyoung Hur

The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user…

1349

Abstract

Purpose

The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobile technology.

Design/methodology/approach

This study was an empirical study that gathered survey data from 390 mobile users. Delphi study and pilot study were conducted prior to the main survey study. Partial Least Square Structural Equation Modeling was used to analyze the survey data after conducting pre-analysis data screening.

Findings

This study shows that information security training programs must be designed by practitioners to target the mobile self-efficacy (MSE) of device users. It also reveals that practitioners must design mobile device management systems along with processes and procedures that guides users to take practical steps at protecting their devices. This study shows the high impact of MSE on users’ protection motivation (PM) to protect their mobile devices. Additionally, this study reveals that the PM of users influences their usage of mobile device security.

Originality/value

This study makes theoretical contributions to the existing information security literature. It confirms PM theory’s power to predict user behavior within the context of mobile device security usage. Additionally, this study investigates mobile users’ actual security usage. Thus, it goes beyond users’ intention.

Details

Journal of Intellectual Capital, vol. 21 no. 2
Type: Research Article
ISSN: 1469-1930

Keywords

Article
Publication date: 29 March 2011

Yair Levy, Michelle M. Ramim, Steven M. Furnell and Nathan L. Clarke

Concerns for information security in e‐learning systems have been raised previously. In the pursuit for better authentication approaches, few schools have implemented students'…

Abstract

Purpose

Concerns for information security in e‐learning systems have been raised previously. In the pursuit for better authentication approaches, few schools have implemented students' authentication during online exams beyond passwords. This paper aims to assess e‐learners' intention to provide multibiometric data and use of multibiometrics during online exams.

Design/methodology/approach

Based on data collected from 163 e‐learners from two institutions, the authors compared such measures when provided by their university versus by a third‐party service vendor. The multibiometrics discussed included fingerprint, face, and voice recognition.

Findings

The results show a clear indication by the learners that they are significantly more willing to provide their biometric data and intend to use multibiometrics when provided by their university compared with same services provided by a third‐party vendor.

Research limitations/implications

Research implications include the need for better understanding of multibiometrics implementations in educational settings.

Practical implications

The findings are profound for vendors of multibiometrics as they must adjust their approach when implementing such technologies at higher educational institutions, rather than simply opt to license the use of such solutions and to host them.

Originality/value

This study helps higher educational institutions better understand that learners do not appear to object to the use of multibiometrics technologies during online exams, rather the way in which such technologies are implemented and managed on‐campus.

Details

Campus-Wide Information Systems, vol. 28 no. 2
Type: Research Article
ISSN: 1065-0741

Keywords

Article
Publication date: 17 March 2014

Ally Lee and Yair Levy

– The purpose of this paper is to investigate the effect of information quality (IQ) on citizens ' trust in e-government systems.

1936

Abstract

Purpose

The purpose of this paper is to investigate the effect of information quality (IQ) on citizens ' trust in e-government systems.

Design/methodology/approach

This study used a mixed-method approach. In the first phase, the study drew IQ characteristics from the literature pool and then administered a qualitative questionnaire to a sample of 20 citizens who use e-government systems. In the second phase, the study delivered a quantitative survey via web to a group of about 1,000 citizens.

Findings

This two-phased study uncovered citizens ' perceived IQ factors and determined the influence of the IQ factors on trust in e-government systems.

Research limitations/implications

There were some limitations to the study. Citizen ' s demographics, along with the type of e-government interaction, were not taken into consideration.

Practical implications

Understanding IQ characteristics that improve trust would enhance the relationship between citizens and e-government systems, as well as aide in the design and development of such systems.

Originality/value

This paper applied an established IQ framework, and used the value focus approach in assessing IQ characteristics that effect citizens ' trust in e-government systems.

Details

Transforming Government: People, Process and Policy, vol. 8 no. 1
Type: Research Article
ISSN: 1750-6166

Keywords

Content available
Article
Publication date: 17 March 2014

Zahir Irani and Muhammad Kamal

128

Abstract

Details

Transforming Government: People, Process and Policy, vol. 8 no. 1
Type: Research Article
ISSN: 1750-6166

1 – 10 of 29