International Journal of Information Security and Privacy最新文献

{"title":"Interview With Lionel Cassin","authors":"Chuleeporn Changchit","doi":"10.1080/15536548.2017.1322437","DOIUrl":"https://doi.org/10.1080/15536548.2017.1322437","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"72 1","pages":"97 - 98"},"PeriodicalIF":0.8,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90896504","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Security and Privacy in Social Networks, by Yaniv Altshuler, Yuval Elovici, Armin B. Cremers, Nadav Aharony, Alex Pentland","authors":"Faruk Arslan","doi":"10.1080/15536548.2017.1322439","DOIUrl":"https://doi.org/10.1080/15536548.2017.1322439","url":null,"abstract":"Security and Privacy in Social Networks is an edited collection of an introduction and 10 scholarly articles, which are partially based on the research work presented at the Workshop on Security and Privacy in Social Networks, in connection with the 2012 IEEE Social Computing Conference. Given the growing prominence of online social networks (OSN) and their corresponding security and privacy problems, this book aims to propose solutions as well as develop a common language for use between researchers and practitioners. The authors organized the book into 11 chapters, dedicating the first chapter to introduction and the remaining 10 to research articles. In the upcoming paragraphs, I will provide a review of the key ideas discussed in each chapter and then conclude my review.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"23 1","pages":"102 - 99"},"PeriodicalIF":0.8,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76347677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"What Affects Users to Click on Display Ads on Social Media? The Roles of Message Values, Involvement, and Security","authors":"E. Mao, Jing Zhang","doi":"10.1080/15536548.2017.1322434","DOIUrl":"https://doi.org/10.1080/15536548.2017.1322434","url":null,"abstract":"ABSTRACT This project represents one of the few efforts in studying the effectiveness of social media advertising (ads). Specifically, the effects of three major communication components—message, channel/media, and receiver/audience—on ad clicks are examined. The message component includes perceived informativeness, entertainment, and intrusiveness of the ad; the media component focuses on social media security and the audience component focuses on their involvement. The effects of ad clicks on product evaluations and then on intentions to spread positive word-of-mouth are also investigated. A research model is developed and tested with online-survey data from 572 social media users. The contributions, practical implications, and future research directions are discussed in the context of social media.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"30 1","pages":"84 - 96"},"PeriodicalIF":0.8,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85172767","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data","authors":"W. Arunothong, D. Nazareth","doi":"10.1080/15536548.2017.1322421","DOIUrl":"https://doi.org/10.1080/15536548.2017.1322421","url":null,"abstract":"ABSTRACT As healthcare providers seek to comply with HIPAA and endeavor to secure their data from external breaches, they also need to realize that another threat to misuse of this data is inappropriate internal use by employees. Not all instances of misuse constitute a HIPAA violation, but they have the potential to become one. Medical data misuse by employees can be alleviated and curbed through the appropriate use of procedural and technological countermeasures. This paper seeks to determine whether electronic health records (EHR) policy and auditing procedures play a role in the propensity of providers to misuse medical data. Through an on-line survey of US physicians, nurses, medical students, and nursing students, using four case vignettes representing various forms of misuse, this research found that providers who were more aware of institutional security policy were more likely to adhere to policies than their counterparts who were not similarly informed. Likewise, providers who believed that their organizations monitored their EHR usage were less likely to engage in misuse than their counterparts who believed they were not monitored. The findings underscore the need for healthcare organizations to emphasize the importance of HIPAA compliance, and inform employees about the steps that the institution takes to maintain compliance, both from a procedural as well as technological standpoint. This study suggests that increasing the awareness of security and policy measures among employees is a vital part of preventing misuse.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"48 1","pages":"69 - 83"},"PeriodicalIF":0.8,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76303175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy and Security Concerns with Healthcare Data and Social Media Usage","authors":"Chuleeporn Changchit, K. Bagchi","doi":"10.1080/15536548.2017.1322413","DOIUrl":"https://doi.org/10.1080/15536548.2017.1322413","url":null,"abstract":"First of all, I’m glad to be back on board and allow Dr. Bagchi to take a good break for a while. It is nice to be in touch with everyone again. The second issue of the Journal of Information Privacy & Security (JIPS) for 2017 contains three articles, one expert opinion, and one book review. The first two articles focus on the importance of protecting personal information and securing data in the healthcare industries. The third article discusses the influence of consumers’ security perception on their social advertising usage. In the Expert Opinion section, Mr. Lionel Cassin, an information security officer at Texas A&M University–Corpus Christi, discusses the major issues of security and privacy that the university is facing, and points out that it is crucial to improve awareness of information security and privacy on campus. In the Book Review section, Dr. Arslan reviews the book titled Security and Privacy in Social Networks by Yaniv Altshuler, Yuval Elovici, Armin B. Cremers, Nadav Aharony, and Alex Pentland. More details are as follows: The first article is titled “Handling Confidentiality and Privacy on Cloud-based Health Information Systems.” The authors Carlos Serrao and Elsa Cardoso propose an approach to minimize the security risks in health-related data based on rights management technologies. Based on a trend that the health-related data may be migrated into the cloud, opportunities are increasing for cybercriminals to commit fraud or other similar criminal schemes after directing their attacks towards health and medical data of patients. To prevent organizations from financial and reputational losses, several initiatives have been created to improve the confidentiality and privacy requirements of the health and medical information. In this article, the authors propose the usage of the rights management systems as this approach can offer a governed environment and enables critical privacy and security mechanism. Although the system will not solve all the problems, it can help reducing the impact of large data breaches, making it more difficult for potential attacker to access unprotected information. The second article, “The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data,” authored by Wachiraporn Arunothong and Derek L. Nazareth, discusses the healthcare providers’ concern about the threat to misuse of medical data by internal users such as their employees. Even though the use of electronic medical records (EMRs) and electronic health records (EHRs) can help increase the efficiency and effectiveness of healthcare services, it is crucial to cultivate the awareness of security and to ensure that the employees follow the policy measures to avoid misuse. The results from conducting an online survey with physicians, nurses, medical students, and nursing students revealed that the healthcare providers who have more conscious of institutional security policy were less likely to engag","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"23 1","pages":"49 - 50"},"PeriodicalIF":0.8,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88522801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Does privacy matter to millennials? The case for personal cloud","authors":"Murad A. Moqbel, Valerie L. Bartelt, M. Al-Suqri, A. Al-Maskari","doi":"10.1080/15536548.2016.1243854","DOIUrl":"https://doi.org/10.1080/15536548.2016.1243854","url":null,"abstract":"ABSTRACT To date, there is little research on the extent to which privacy, security, and trust influence consumer technology-use decisions based on generation. We, therefore, examine, through the lens of the expectancy-valence theory, the extent to which privacy, security, and trust influence the decision to use personal cloud computing among millennials. We also examine the moderating effect of innovativeness on these relationships. Our structural equation modeling (SEM) analysis of 371 millennials shows that privacy is irrelevant for millennials when making decisions to use personal cloud and that individuals with high innovativeness tend to disregard security when making an adoption decision.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"32 1","pages":"17 - 33"},"PeriodicalIF":0.8,"publicationDate":"2017-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75874888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Record Re-Identification of Swapped Numerical Microdata","authors":"K. Muralidhar","doi":"10.1080/15536548.2017.1281602","DOIUrl":"https://doi.org/10.1080/15536548.2017.1281602","url":null,"abstract":"ABSTRACT Government agencies, researchers, healthcare providers, and other organizations release data for public use. To protect the privacy of the data subjects, these organizations mask the data prior to release. One popular masking procedure is data swapping, by which values of records are exchanged before being released. Data swapping is one of the preferred techniques since it is simple, easy to implement, and---based on prior studies---provides a reasonable balance between disclosure risk and data utility. In this study, we investigate the ability of an adversary with limited knowledge (of just a single record) to re-identify a record in the swapped data by using a procedure that reverse engineers the data-swapping process. The study also provides the adversary with the ability to evaluate the effectiveness of the re-identification. We empirically evaluate the effectiveness of data swapping using a dataset that has been used previously to evaluate the effectiveness of masking techniques. Our results demonstrate that data swapping can be vulnerable to disclosure even against this limited knowledge adversary.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"58 1","pages":"34 - 45"},"PeriodicalIF":0.8,"publicationDate":"2017-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90984068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An examination of an e-authentication service as an intervention in e-mail risk perception","authors":"Rui Chen, Jingguo Wang, Tejaswini C. Herath, H. Rao","doi":"10.1080/15536548.2016.1257681","DOIUrl":"https://doi.org/10.1080/15536548.2016.1257681","url":null,"abstract":"ABSTRACT In this article, we develop a three-stage study to examine the role of an e-mail authentication and identification service (eATS) intervention in affecting end-user e-mail risk perceptions. We deploy the eATS and find that it reduces users’ risk perception. Pre-intervention risk perception is found to be positively associated with user perception of the e-authentication service’s usefulness. Moreover, perceived usefulness of the service negatively relates to e-mail risk perception in the post-use stage. Finally, privacy concerns related to the e-authentication service dilute this relationship between usefulness of service and e-mail risk perception reduction.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"1 1","pages":"16 - 2"},"PeriodicalIF":0.8,"publicationDate":"2017-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90050687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Thinking with Data: How to Turn Information into Insights, by Max Shron","authors":"Faruk Arslan","doi":"10.1080/15536548.2017.1279876","DOIUrl":"https://doi.org/10.1080/15536548.2017.1279876","url":null,"abstract":"As the emerging field of data science permeates many domains inclusive of information security and privacy, understanding the process of turning information into insights continues to be a major endeavor. In this book, Max Shron provides a practice-oriented set of guidelines, which is geared towards expanding the soft skills required for making the most out of the data. As a data strategy consultant, Mr. Shron acknowledges the importance of hard skills such as data cleaning, mathematical modeling, and data visualization; however, he notes that the soft skills have been ignored within the data science field. He emphasizes that these soft skills, which include “translating vague problems into precisely answerable ones, and combining multiple lines or arguments into one useful result,” can be adapted from other disciplines. The author organizes the book into six chapters. Chapter 1 deals with problem scoping and introduces the readers to a practical framework called CoNVO, which stands for context, need, vision, and outcome. Chapter 2 focuses on techniques to refine the original vision and elaborates on the scaffolding strategy, which is geared toward the initial exploration of data to ensure proper understanding of the problem on hand. Chapter 3 deals with building and presenting arguments, while Chapter 4 discusses three groups of reasoning patterns, which facilitate the structuring of useful arguments. Chapter 5 is dedicated to causal reasoning, whereas the final chapter synthesizes the materials covered from Chapter 1 to 5. The author concludes the book with an appendix dedicated to reading materials, which can be used to further investigate the concepts discussed within the book. In the upcoming paragraphs, I will provide a review of the key ideas discussed in each chapter and conclude my review.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"113 1","pages":"46 - 47"},"PeriodicalIF":0.8,"publicationDate":"2017-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88811660","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Ca-NIDS: A network intrusion detection system using combinatorial algorithm approach","authors":"O. Folorunso, F. E. Ayo, Y. Babalola","doi":"10.1080/15536548.2016.1257680","DOIUrl":"https://doi.org/10.1080/15536548.2016.1257680","url":null,"abstract":"ABSTRACT A signature-based system (SBS) is a common approach for intrusion detection and the most preferable by researchers. In spite of the popularity of SBS, it cannot detect new attacks on the network compared to anomaly-based systems (ABS). The most challenging problem of SBS is keeping an up-to-date database of known attack signatures and the setting of a suitable threshold level for intrusion detection. In this article, a network intrusion detection system based on combinatorial algorithm (CA-NIDS) is proposed. The CA-NIDS uses additional databases to enable the SBS to act as an ABS for the purpose of detecting new attacks and to speed up network traffic during traffic analysis by the combinatorial algorithm. A suitable threshold of 12 was also set based on the study of past works to lower the false positive rate. The CA-NIDS was evaluated with similar online schemes and result shows a small false-positive rate of 3% and a better accuracy of 96.5% compared with related online algorithms.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"6 1","pages":"181 - 196"},"PeriodicalIF":0.8,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87582066","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}