International Journal of Information Security and Privacy最新文献

{"title":"The impact of attitudinal factors on intention to report workplace Internet abuse","authors":"Matt Campbell, Antonis C. Stylianou, Jordan Shropshire","doi":"10.1080/15536548.2016.1160677","DOIUrl":"https://doi.org/10.1080/15536548.2016.1160677","url":null,"abstract":"ABSTRACT Why do employees actually report workplace Internet abuse? The prevailing theory is that employees make deliberate, calculated decisions only after weighing the pros and cons of reporting. This research proposes a behavioral model in which attitudinal factors are largely responsible for shaping employee intentions to report workplace Internet abuse. Theories of idealism, perceived organizational risk, social influence, and managerial position are synthesized to better understand workers’ motivations. A survey 315 American workers tested the proposed hypotheses and research model using structural equation modeling. Results confirm the validity of the proposed model. Each of the attitudinal factors had a significant impact on employee willingness to report Internet violations. This study underscores the importance of attitudinal factors in a space that primarily portrays employees as rational, unemotional actors.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"37 1","pages":"68 - 83"},"PeriodicalIF":0.8,"publicationDate":"2016-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75400485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Discovering Computers 2016: Tools, Apps, Devices, and the Impact of Technology, by Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Jennifer T. Campbell, and Mark Frydenburg","authors":"Faruk Arslan","doi":"10.1080/15536548.2016.1174492","DOIUrl":"https://doi.org/10.1080/15536548.2016.1174492","url":null,"abstract":"Discovering Computers 2016 is the 18th edition of an evolving textbook, which has been used widely in the introductory computer education. This textbook is geared towards introducing the students to the fundamental concepts of computers and computing, along with the discussion of the most up to date technologies and current computer trends. The authors assume that their audience has no prior experience with computers; thus this textbook is well suited for a one-semester undergraduate-level introduction to computer information systems course. The authors introduce several interesting features, which can enhance the students’ learning experience. These features include the use of rich visual drawings to explain many relatively complex concepts effectively, offering interactive capabilities using web-integrated content, and providing students with the practical knowledge relevant to their day-to-day activities. Within the context of information security and privacy, I find two features of this book very relevant and of significance: Secure IT and Ethics & Issues sections. These two sections exist in every chapter and enable the students to broaden their knowledge or challenge their understanding of the security and ethical issues surrounding the topic being discussed.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"97 1","pages":"103 - 104"},"PeriodicalIF":0.8,"publicationDate":"2016-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82151750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Twibel: A matter of Internet privacy","authors":"Raymond L. Placid, J. Wynekoop","doi":"10.1080/15536548.2016.1160678","DOIUrl":"https://doi.org/10.1080/15536548.2016.1160678","url":null,"abstract":"ABSTRACT Social media websites have become a powerful communication tool, where an individual can communicate with one person or millions of people at once. As a consequence, individuals are utilizing social media to report newsworthy events, as well as to post opinions, which may include posting negative information about another person or entity that can be harmful to such person’s or entity’s reputation (i.e., defamation), a phenomenon that is new to the legal system. This article reviews the legal precedent in the United States that addresses the legal impact of a defamatory statement sent through a social media website such as Twitter. Although the law in the United States is evolving, precedent indicates that the website’s nature is generally less important than the nature of the communication. However, the law is not settled for cases in which a private tweet is released into the public domain unintentionally or by an accidental cause, such as a software defect.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"1 1","pages":"84 - 92"},"PeriodicalIF":0.8,"publicationDate":"2016-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89743173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Editorial preface","authors":"K. Bagchi","doi":"10.1080/15536548.2016.1174490","DOIUrl":"https://doi.org/10.1080/15536548.2016.1174490","url":null,"abstract":"The second issue of JIPS, 2016 contains four interesting research articles. The first article titled, “The impact of exposure to news about electronic government surveillance on concerns about government intrusion, privacy self-efficacy, and privacy protective behavior” is authored by Stanislav Mamonov and Marios Koufaris. The authors observe that the exposure to news about government surveillance results in an increase in the level of concerns about government intrusion. They also find that this exposure has a negative impact on privacy self-efficacy. The second article titled, “The impact of attitudinal factors on intention to report workplace Internet abuse,” by Matt Campbell, Antonis Stylianou, and Jordan Shropshire found that employees are not always rational and unemotional, and that the importance of attitudinal factors matter. They developed a structured equation model (SEM) and tested it, finding that factors such as perceived organizational risk and social influence are highly significant in explaining intention to report workplace internet abuse. The third article titled, “Twibel: A matter of Internet privacy,” by Raymond Placid and Judy Wynekoop deals with the important issue of communications on a social media website. They observe that the legal precedent indicates that the nature of the website (i.e., Twitter) is generally less important than the nature of the communication. They also note that when a private tweet is released into the public domain unintentionally, the law is unclear. The fourth article titled, “Social media policies in the Department of Defense—Do they address the risk?,” by Katherine “Suzy” Cole-Miller, William “Doug” Ward, Ann Fruhling, and Kathryn Dempsey Cooper examines the social media policies of the U.S. Department of Defense. The study provides recommendations based on the analysis and review of the policies. In the Book Review section, Faruk Arslan reviews the book, Discovering Computers 2016: Tools, Apps, Devices, and the Impact of Technology, by Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Jennifer T. Campbell, and Mark Frydenburg. Faruk observes that the textbook is well suited for a one-semester undergraduate-level introduction to computer information systems course. We acknowledge services of Dr. Adolfo S. Coronado (Department of Computer Science, Indiana University-Purdue University Fort Wayne) as a book reviewer. We thank him all for his thoughtful book reviews. Thanks are also due to our Editorial Board members and Associate Editors for their untiring efforts to provide critical reviews in a timely manner.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"35 1","pages":"55 - 55"},"PeriodicalIF":0.8,"publicationDate":"2016-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82519756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Recent survey of various defense mechanisms against phishing attacks","authors":"A. Tewari, A. Jain, B. Gupta","doi":"10.1080/15536548.2016.1139423","DOIUrl":"https://doi.org/10.1080/15536548.2016.1139423","url":null,"abstract":"ABSTRACT In the recent years, the phishing attack has become one of the most serious threats faced by Internet users, organizations, and service providers. In a phishing attack, the attacker tries to defraud Internet users and steal their personal information either by using spoofed emails or by using fake websites or both. Several approaches have been proposed in the literature for the detection and filtering of phishing attacks; however, the Internet community is still looking for a complete solution to secure the Internet from these attacks. This article discusses recent developments and protection mechanisms (i.e., detection and filtering) against a variety of phishing attacks (e.g., email phishing, website phishing, zero-day attacks). In addition, the strengths and weaknesses of these approaches is discussed. This article provides a better understanding of the phishing attack problem in the current solution space and also addresses the scope of future research to deal with such attacks efficiently.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"33 1","pages":"13 - 3"},"PeriodicalIF":0.8,"publicationDate":"2016-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84996877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy-preserved data publishing of evolving online social networks","authors":"Wei Chang, Jie Wu","doi":"10.1080/15536548.2016.1143765","DOIUrl":"https://doi.org/10.1080/15536548.2016.1143765","url":null,"abstract":"ABSTRACT The increasing growth of online social networks provides an unprecedented opportunity to study the complex interactions among human beings. Privacy-preserved network-data publishing is becoming increasingly popular in both industry and academia. This articles focuses on evolving social subscription networks (ESSN), which indicate social actors’ participation in certain media channels, such as Hollywood stars’ Twitter pages, during a series of time intervals. The discussion first introduces a new identity disclosure attack by exploring the subscribed channel sizes of a social actor and the actor’s frequency of joining/leaving the channels. For privacy protection, K-anonymity should be ensured for the whole evolving graph. However, unlike the conventional topology information, such as node degree, the ESSN data points are much more sparse. Moreover, during the construction of anonymous groups, the unpopular channel-related information is likely to be discarded. How to maximally preserve ESSN data utility during anonymization is an open problem. These authors propose an effective three-step framework to solve it: data space compression, anonymity construction, and realizable publishing. Also provided are comprehensive studies on the performance of this approach. Extensive results show that this approach is effective in terms of privacy, utility, and efficacy. To the best of the knowledge of these authors, this work is the first systematic study to the anonymization of time-evolving multi-relation graphs.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"15 12 1","pages":"14 - 31"},"PeriodicalIF":0.8,"publicationDate":"2016-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86921015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mechanism design for Data Replica Placement (DRP) problem in strategic settings","authors":"Minzhe Guo, P. Bhattacharya","doi":"10.1080/15536548.2016.1139425","DOIUrl":"https://doi.org/10.1080/15536548.2016.1139425","url":null,"abstract":"ABSTRACT This article addresses the problem of Data Replica Placement, an important technique used in storage-capable distributed networks to improve system availability, reliability, and fault-tolerance. The study focuses on the Data Replica Placement problem in strategic settings inspired by practical market-based data replication applications, such as content delivery networks. Multiple self-interested players with private preferences own data objects for replication. Players compete for storage space among replication servers for placing replicas with the objective to optimize their own profits. Using mechanism design approach, the authors consider the problem as a sequential composition of knapsack auctions and design an algorithmic mechanism DRPMECH to aggregate players’ preferences and approximate a social efficient allocation for the problem. This work analyzes both the economic and computational properties of DRPMECH, validates the properties using experiments, and compares its performance against related game-theoretical solutions.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"15 1","pages":"32 - 54"},"PeriodicalIF":0.8,"publicationDate":"2016-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79929156","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Special Issue on Attacks and Distinct Features in Networks","authors":"D. Agrawal","doi":"10.1080/15536548.2016.1139422","DOIUrl":"https://doi.org/10.1080/15536548.2016.1139422","url":null,"abstract":"Emergence of Internet of Things (IoT) has enlarged the scope of the network even in daily life, and today many household items are being served or connected together. Due to such infiltration of networking, the need for security and secured communication has become increasingly important. Security simply means protection from any potential harm to valuable assets (data and/or information) or deterrence of malicious behavior. In contrast, secured communication implies two communicating entities should not be heard or modified by any third person. That type of communication means the encrypted shared information between two entities cannot be interpreted by anyone else as information is encoded by the sender that can be easily decoded by the intended receiver. If transmission is achieved in multi-hop fashion, the paths should not be traceable by unauthorized entities. Other than spoken face-to-face interaction, it can be generalized that no communication is guaranteed to be secure; despite trying to provide all technical support, the sheer volume of communication could limit the amount of surveillance. This Special Issue addresses some of these issues in wired communication. This Special Issue contains three articles dealing with different aspects of attacks. These outbreaks are possible by intruders and phishing attacks sending an email to the victim that appears to be from a legitimate organization. The idea is to obtain the victim’s credentials at some false webpage or install some spyware on the victim’s machine. This type of attack has become one of the most serious threats to all Internet users. Several approaches have been considered in the literature. The first article deals with a comprehensive solution to detect and filter the various types of phishing attacks. These attacks include email phishing that an attacker can easily perform by copying any legitimate website, whereas detection of phishing attacks is not as easy as it appears. Such an attack can be initiated when an attacker sends a spoofed email with embedded malicious links to a user to update their account information that appears to be legitimate. More attention is being paid to the use of phishing links on the Internet in sending promotional and monetary e-mails to attract the users. Strengths and associated weakness of different approaches have been considered and recent developments have been included. The scope of future research has also been outlined in this article. The growth of on-line social networks has been explosive, even though maintaining privacy is becoming important both in Industry and Academia. Most of the existing works on the privacypreserved online social networks are based on static graphs. Users’ social interests are used to form “channel subscriptions”. Exploring a social actor’s subscribed channel sizes and the frequency of joining/leaving the channels can be used to indicate multiple relations among social actors that represent evolving social subscri","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"8 1","pages":"1 - 2"},"PeriodicalIF":0.8,"publicationDate":"2016-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74028833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Information Security and Privacy: 21st Australasian Conference, ACISP 2016, Melbourne, VIC, Australia, July 4-6, 2016, Proceedings, Part I","authors":"Wei Chen, Xiapu Luo, Chengyu Yin, Bin Xiao, M. Au, Yajuan Tang","doi":"10.1007/978-3-319-40253-6","DOIUrl":"https://doi.org/10.1007/978-3-319-40253-6","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"37 1","pages":""},"PeriodicalIF":0.8,"publicationDate":"2016-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84232276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Information Assurance for the Enterprise: A Roadmap to Information Security, by C. Schou and D. Shoemaker","authors":"Adolfo S. Coronado","doi":"10.1080/15536548.2015.1105662","DOIUrl":"https://doi.org/10.1080/15536548.2015.1105662","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"32 1","pages":"274 - 275"},"PeriodicalIF":0.8,"publicationDate":"2015-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80653752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}