Nurul Nuha Abdul Molok

Information security awareness through the use of social media

The proliferation of online social media use amongst employees has been reported to be incriminating organizational information security. Despite the benefits of social media to organizations, there were cases of information leakage, malware, identity theft, espionage and sabotage through such use. This paper explores employees awareness of information security around social media and presents the initial findings of a study on a tertiary education institution in Malaysia. As an extension to a previous study, this study also found that employees were not only disclosing personal information but they are also disclosing organizational information on social media. This indicates there is a potential for information security threats to organizations through employees use of social media. Nevertheless, the findings demonstrate that some participants were aware about the implications of employees use of social media to information security.

Online Social Networking: A Source of Intelligence for Advanced Persistent Threats

The professionalization of computer crime has resulted in a shift in motivation away from bragging rights towards financial gain. As a result, the operational tactics of cyber criminals is beginning to incorporate reconnaissance and intelligence gathering to inform attack planning. This paper discusses why information leakage in general, and Online Social Networking (OSN) in particular, has become a source of intelligence for attackers. Further, the paper profiles a range of security measures available to organizations to combat information leakage through OSN and identifies future directions for research into security culture and behaviour change.

A case analysis of securing organisations against information leakage through online social networking

Abstract The inadvertent leakage of sensitive information through Online Social Networking (OSN) represents a significant source of security risk to organisations. Leakage of sensitive information such as trade secrets, intellectual property and personal details of employees can result in a loss of competitive advantage, loss of reputation, and erosion of client trust. We present 4 case studies which examine drivers for employee leakage behaviour and corresponding security management strategies. Drawing on these case studies, we present a maturity framework for organisational OSN Leakage Mitigation Capability (OSN-LMC) and lessons learned from the case analysis.

Information Security Behavior among Employees from the Islamic Perspective

This paper discusses employees information security behavior from the perspective of Islam and provides a behavioral framework that is developed based on the combination of Western contemporary studies and the Islamic principles. In particular, the framework is based on the categorizations of Muslims behavior and the concepts of rewards and punishment in Islam which can be reflected in managing information security behavior among employees. The proposed framework defines the taxonomy of each categorized information security behavior that can give better understanding for academia and organizations. This taxonomy can be used to identify the influencing factor of each categorized information security behavior and the strategies to manage such behavior.

Persuasive Technology for Improving Information Security Awareness and Behavior: Literature Review

The use of Persuasive Technology in various fields is rapidly increasing. It can be applied in many fields such as computing, marketing, sales, environment, education, and health. Persuasive Technology has been found effective in bringing a required change in users behaviors and attitudes. However, the use of persuasive technology is scarce in the field of Information Security awareness. This paper reviews extensive literature review which focuses on a perspective on how to create awareness among users for good information security practices by applying Persuasive Technology techniques and approaches. The conceptual findings suggest there is a tremendous potential of Persuasive Technology to be applied to persuade users to change their behavior and perception toward Information Security practices.