B. Dawn Medlin

A cross‐cultural investigation of situational information security awareness programs

Purpose – The aim of this research is to make users aware of the importance surrounding the issue of security and security awareness while at the same time making educators as well as other individuals aware of the differing effects of cultural dimensions into the learning process.Design/methodology/approach – An inter-cultural study was conducted to investigate if users from the USA and Taiwan exposed to the same situational awareness learning would have different performance in those security awareness outcomes.Findings – The findings confirm that American users who received the situational learning outperformed those users who received the traditional face-to-face instruction. Taiwanese users did not perform significantly differently between these two treatments.Research limitations/implications – The study was only focused on two countries and therefore may limit its implications worldwide. But the study does show that global citizens also react differently to security awareness as would be expected due to differing cultures. Certainly, awareness of the risks and safeguards is the first line of defense that can be employed by any individual, but how individuals address these risks can be very dissimilar in different cultures. Therefore, the implications are apparent that the issue of security awareness should be studied from different cultural perspectives.Originality/value – This paper offers original findings and value into the investigation of whether or not situational security awareness training is culturally-bounded

Password Security: An Empirical Investigation into E-Commerce Passwords and Their Crack Times

Abstract Strong passwords are essential to the security of any e-commerce site as well as to individual users. Without them, hackers can penetrate a network and stop critical processes that assist consumers and keep companies operating. For most e-commerce sites, consumers have the responsibility of creating their own passwords and often do so without guidance from the web site or system administrator. One fact is well known about password creation—consumers do not create long or complicated passwords because they cannot remember them. Through an empirical analysis, this paper examines whether the passwords created by individuals on an e-commerce site use either positive or negative password practices. This paper also addresses the issue of crack times in relationship to password choices. The results of this study will show the actual password practices of current consumers, which could enforce the need for systems administrators to recommend secure password practices on e-commerce sites and in general.

The Role of Privacy Risk in IT Acceptance: An Empirical Study

Privacy risk is increasingly entering the public consciousness when using information technologies. To gain insight into the role of risk in the technology adoption process, we studied the use of information systems for student registration and schedule management at a major U.S. university. We further extended the technology acceptance model (TAM) to include perceptual measures of privacy risk harm and privacy risk likelihood, which apply to the extended model and predict students’ intentions to use technology. Privacy risk factors are found to negatively influence intention and contribute substantially to model predictiveness. This finding underlines the growing importance of privacy risk in the use of information technology.

The cost of electronic retailing: prevalent security threats and their results

Development and innovative applications of e-commerce transactions, as well as the integration of available technology, can provide an organisation with a unique opportunity to remain competitive within todays global business environment. Although technology plays an important role in gaining a competitive advantage for organisations worldwide, information technology professionals, consumers and e-retailers are becoming increasingly aware of the potential harmful impact of the misuse of these same technologies. This paper introduces some of the most prevalent and current security threats such as the introduction of malware, information disclosure, piracy of information and other malicious activities that both e-retailers and consumers face, as well as how each participant can assist in the defence of their own online transactions. In addition, specific recommendations are made in order to protect the system from further harm.

An Empirical Investigation: Health Care Employee Passwords and Their Crack Times in Relationship to HIPAA Security Standards

The purpose of this article is to examine the passwords selected by health care professionals and the security and privacy standards in relationship to those passwords as addressed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Examinations of these passwords have illustrated the connectivity between password length and strength and the need to educate employees as to the importance of their password choices. Through an empirical analysis, this article examines whether the passwords created by employees of a health care agency followed “strong†or “weak†password practices. The results should indicate to health care agencies the importance of comprehensive password policies and employee training.

An e-patient's End-user community (EUCY): The value added of social network applications

Decreasing revenues and increasing expenses has led many healthcare organizations to adopt newer technological applications in order to address the informational needs of their patients. One such adoption technique is to develop a more robust e-patient environment. Health care organizations may increase their effectiveness in meeting the needs of a growing e-patient population through the implementation of high-quality social networking applications such as Twitter. These applications may help to support and maintain a valuable and informed community. A literature review identifies three characteristics that have an impact on information exchange inherent to social networks: number of members, contact frequency, and type of knowledge. Data from a case study of a juvenile diabetic using Twitter helps to demonstrate these aforementioned characteristics. A framework is developed that may be used by health care organizations to better align social network objectives with expectations of an End user community (EUCY). Managerial implications of this study are discussed that can help information technology professionals as well as health administrators when implementing social networks.

Technology-based security threats: taxonomy of sources, targets and a process model of alleviation

Development and innovative application of technology, as well as the integration of available technology, can provide an organisation with a unique opportunity to remain competitive in a global business environment. Although technology plays an important role in gaining competitive advantage for organisations worldwide, information technology professionals are becoming increasingly aware of the potentially harmful impact of misuse of information technologies. This paper provides a review of various technology-based threats and how they affect organisations. The paper further provides a taxonomy that depicts sources and targets of these threats and a process model to assist organisations in alleviating these threats. In addition to the five-stage threat alleviation model, a cause-and-effect diagram has been incorporated as a tool to help identify the sources of these threats as well as the potential outcomes of successful attacks. Organisations worldwide can use the taxonomy developed in this paper and the process to prevent these threats.

Laws and Regulations Dealing with Information Security and Privacy: An Investigative Study

The Internet has dramatically transformed our lives in the past generation; and as our society has become dependent on information technology and more and more of our sensitive information is stored and transferred in electronic form, greater attention is being paid to privacy and security concerns. Governing bodies from states to national entities have passed laws and regulations that are designed to address and impact security and privacy practices. In this article we will examine the laws and regulations of the United States and the European Union (EU) in relationship to the issue of information security and privacy.

Analyzing the Vulnerability of U.S. Hospitals to Social Engineering Attacks: How Many of Your Employees Would Share Their Password?

One of the main threats to keeping health information secure in today’s digital world is that of social engineering. The healthcare industry has benefitted from its employees’ ability to view patient data. Although access to and transmission of patient data may improve care, increase delivery time of services and reduce health care costs, security of that information may be jeopardized due to the innocent sharing of personal and non-personal data with the wrong person. Through the tactic of social engineering, hackers are able to obtain information from employees that may allow them access into the hospitals networked information system. In this study we simulate a social engineering attack in five different hospitals of varying sizes with the goal of obtaining employees passwords. 73% of respondents shared their password. This raises serious concerns about the state of employee security awareness in our healthcare system.

An Investigative Study: Consumers Password Choices on an E-Commerce Site

Abstract Good passwords are essential to the security of any e-commerce site. Unfortunately, consumers generally have the responsibility of creating their own passwords and often do so without guidance from the web site or system administrator. One thing that is well known about passwords is that consumers do not create long or complicated passwords because they cannot remember them. Through an empirical analysis, this paper examines whether the passwords created by individuals on an e-commerce site fall into a predictable category and if individuals use either positive or negative password practices. Additionally, this paper addresses the issue of gender in relationship to password choice. The results of this study will show the actual password practices from an e-commerce site currently in use. Results indicate that males sampled had slightly more secure passwords than females in the sample.