International Journal of Information Security and Privacy最新文献

{"title":"Utilizing normative theories to develop ethical actions for better privacy practices","authors":"Zareef A. Mohammed, G. Tejay, Joseph Squillace","doi":"10.1080/15536548.2017.1419018","DOIUrl":"https://doi.org/10.1080/15536548.2017.1419018","url":null,"abstract":"ABSTRACT This study examines the privacy practices of organizations. We argue that successful deployment of privacy practices based on ethical actions will strengthen privacy protection measures to better protect clients’ PII. We propose a set of ethical actions based on six normative theories following multiple case study approach to study three prominent data breaches. Our analysis indicates that ethical actions based on normative theories can be effective in developing better privacy practices for organizations. The theory that has the strongest effect on privacy practices is the deontological approach, while the liberal-intuitive has the weakest effect on privacy practices.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"117 1","pages":"296 - 315"},"PeriodicalIF":0.8,"publicationDate":"2017-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79082392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"RSVP a temporal method for graphical authentication","authors":"Ashley A. Cain, J. Still","doi":"10.1080/15536548.2017.1397263","DOIUrl":"https://doi.org/10.1080/15536548.2017.1397263","url":null,"abstract":"ABSTRACT We present a Rapid, Serial, Visual Presentation method (RSVP) for recognition-based graphical authentication. It presents a stream of rapid, degraded images, which makes the object recognition process difficult for casual attackers. Three studies investigated success rates for authenticating, RSVP’s resistance to over-the-shoulder attacks (OSAs), approaches for facilitating learnability, and effects of resetting a passcode. We found that participants could successfully authenticate and could not complete OSAs. Learnability was promoted by the presentation of degraded versions of the images during the memorization phase. When a passcode was reset, participants successfully retrained themselves even when the previous passcode was recycled as distractors.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"57 1","pages":"226 - 237"},"PeriodicalIF":0.8,"publicationDate":"2017-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83097100","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A study of web privacy policies across industries","authors":"Razieh Nokhbeh Zaeem, Suzanne Barber","doi":"10.1080/15536548.2017.1394064","DOIUrl":"https://doi.org/10.1080/15536548.2017.1394064","url":null,"abstract":"ABSTRACT Today, more than ever, companies collect their customers’ Personally Identifiable Information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ privacy practices. We thoroughly study privacy policies of 600 companies (10% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries and investigate 10 different privacy pertinent factors in them. The study reveals interesting trends: for example, more than 30% of the companies still lack privacy policies, and the rest tend to collect users’ information but claim to use it only for the intended purpose. Furthermore, almost one out of every two companies provides the collected information to law enforcement without asking for a warrant or subpoena. We found that the majority of the companies do not collect children’s PII, one out of every three companies lets users correct their PII but does not allow complete deletion, and the majority post new policies online and expect the user to check the privacy policy frequently. The findings of this study can help companies improve their privacy policies, enable lawmakers to create better regulations and evaluate their effectiveness, and finally educate users with respect to the current state of privacy practices in an industry.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"43 1","pages":"169 - 185"},"PeriodicalIF":0.8,"publicationDate":"2017-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84982831","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Long-term market implications of data breaches, not","authors":"Russell Lange, Eric W. Burger","doi":"10.1080/15536548.2017.1394070","DOIUrl":"https://doi.org/10.1080/15536548.2017.1394070","url":null,"abstract":"ABSTRACT This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies’ stock, with a focus on the results relative to the performance of the firms’ peer industries, as represented through selected indices rather than the market as a whole. financial performance is considered over a range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer-term perspective on the impact of the breach announcement.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"90 1","pages":"186 - 206"},"PeriodicalIF":0.8,"publicationDate":"2017-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81518220","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy protection and adding security strength","authors":"Chuleeporn Changchit, K. Bagchi","doi":"10.1080/15536548.2017.1357381","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357381","url":null,"abstract":"This is the third issue of 2017. I am glad to see that the journal continues to grow and we have begun to see articles submitted from many countries of the world as well as a variety of topics. The current issue includes a wide spectrum of articles. The main focus lies on the issues of protecting consumers’ privacy as well as strengthening the security by using a stronger password. The first article titled “Detecting and Preventing Inference Attacks in Online Social Networks: A DataDriven and Holistic Framework” by Xiaoyun He and Haibing Lu proposed a framework to alleviate the rule-based inference problem by detecting and breaking the inferences that are represented as rules of attributes and/or attribute values. The authors believed that the proposed framework should enable individual users to check their online profiles for satisfaction of their privacy preferences and allow them tomodify profiles to prevent the disclosure of private information. In this article, the authors also proposed a novel method to minimize the modifications to user profiles in order to prevent inference attacks while preserving the utility. In the second article titled “Invasion of Privacy by Smart Meters: An Analysis of Consumer Concerns,” the authors ZiyueHuang andPrashant Palvia developed an instrument tomeasure the consumers’ concerns for information privacy (CFIP) in adopting smart meters. They then proposed a conceptual model to examine the relationship between privacy concerns, trusting beliefs, risk beliefs, and intention to adopt smart meters. Based on the data collected from 217 survey respondents, the study findings revealed that consumers’ information privacy concerns about adopting smart meters can be measured by three dimensions: collection, secondary use, and improper access. In addition, the effect of information privacy concerns on behavioral intention is fully mediated by risk beliefs. The result also suggested that among the control variables, education has a positive effect on intention, while privacy experience has a negative effect. The third article titled “Valuing Information Security: A Look at the Influence of User Engagement on Information Security Strength” by Randall J. Boyle, Chandrashekar D. Challa, and Jeffrey A. Clements focused on the influence of user engagement on users’ information security practices. The study took a closer look at the passwords people are using. The authors pointed out that password strength is affected by some factors, such as the length of the password, the types of characters people used, the number of duplicate passwords, and the number of uncrackable passwords. The main focus of this study is to understand why some people choose better passwords than others. The findings generally support the view that higher levels of engagement are associated with stronger passwords. In the Book Review section, FarukArslan reviews the book titledWeapons ofMathDestruction: HowBig Data Increases Inequality and Threatens Demo","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"39 1","pages":"103 - 103"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74660056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detecting and preventing inference attacks in online social networks: A data-driven and holistic framework","authors":"Xiaoyun He, Haibing Lu","doi":"10.1080/15536548.2017.1357383","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357383","url":null,"abstract":"ABSTRACT With increasing user involvement, social networks nowadays serve as a repository of all kinds of information. While there have been various studies demonstrating that private information can be inferred from social networks, few have taken a holistic view on designing mechanisms to detect and alleviate the inference attacks. In this study, we present a framework that leverages the social network data and data mining techniques to proactively detect and prevent possible inference attacks against users. A novel method is proposed to minimize the modifications to user profiles in order to prevent inference attacks while preserving the utility.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"34 1","pages":"104 - 119"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81957611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Invasion of privacy by smart meters: An analysis of consumer concerns","authors":"Ziyue Huang, Prashant C. Palvia","doi":"10.1080/15536548.2017.1357385","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357385","url":null,"abstract":"ABSTRACT While smart meters offer an innovative way to solve energy problems, they have also brought concerns regarding consumer privacy. In this study, we develop an instrument to measure the consumers’ concerns for information privacy (CFIP) in adopting smart meters, and propose a conceptual model to examine the relationship between privacy concerns, trusting beliefs, risk beliefs, and intention to adopt smart meters. Using both focus group study and survey methods, we show that CFIP can be measured by three dimensions: collection, secondary use, and improper access, and that the effect of CFIP on behavioral intention is fully mediated by risk beliefs.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"120 - 136"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80868750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy, by Cathy O’Neil","authors":"Faruk Arslan","doi":"10.1080/15536548.2017.1357388","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357388","url":null,"abstract":"Data science has become one of the prominent topics both in academia and in industry in the recent years. With the growing capability of big data technologies coupled with many extant quantitative ...","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"31 1","pages":"157 - 159"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78063633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Valuing Information Security: A Look at the Influence of User Engagement on Information Security Strength","authors":"Randall J. Boyle, Chandrashekar D. Challa, Jeffrey A. Clements","doi":"10.1080/15536548.2017.1357387","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357387","url":null,"abstract":"ABSTRACT This study looks at the influence of user engagement on users’ information security practices. A model describing how user engagement (user posts) may influence a person’s decision to employ better security measures (stronger passwords) is tested. Password strength was determined by looking at password length, the types of characters used, the variety of character sequences used, the number of duplicate passwords, and the number of uncrackable passwords. Passwords were tested using a variety of cracking techniques. This study found that individuals from an online gaming site who made more posts to the user forum employed stronger passwords.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"25 5","pages":"137 - 156"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72593771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Handling confidentiality and privacy on cloud-based health information systems","authors":"C. Serrão, Elsa Cardoso","doi":"10.1080/15536548.2017.1322415","DOIUrl":"https://doi.org/10.1080/15536548.2017.1322415","url":null,"abstract":"ABSTRACT Health-related data include not only the patient’s personal information, but also specific information about the patient health problems, supplementary diagnostic examination results, and much more. All this information is extremely sensitive and should only be accessed by the proper entities and actors, for special specific purposes. Described herein is an approach to address security and privacy of health-related data based on rights management technologies, with an architecture to minimize security risks and privacy conerns. This approach consists of the reutilisation of an open-source and open-specifications rights management system, and designing and adapting the necessary components to address the specific security and privacy requirements that must be faced when managing health and patient data.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"69 1","pages":"51 - 68"},"PeriodicalIF":0.8,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81410868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}