Information Security and Privacy

Permanent URI for this collection


Recent Submissions

Now showing 1 - 5 of 9
  • Item
    Should You Disclose a Data Breach via Social Media? Evidence from US Listed Companies
    ( 2018-01-03) Rosati, Pierangelo ; Deeney, Peter ; Cummins, Mark ; van der Werff, Lisa ; Lynn, Theo
    Data breaches represent one of the main concerns for executives across all sectors. Data breaches open a period of crisis for the affected firm and require them to disclose complex information to a variety of stakeholders in a timely and proper manner. This paper investigates the relationship between social media disclosure of a data breach and its cost, as proxied by the response of the affected firm’s stock price. Using an event study methodology on a sample of 32 data breaches from 29 US publicly-traded firms from 2011 to 2014, we find that social media disclosure exacerbates the negative stock price’ s response to the announcement. However, such a negative association is contingent on firm’s visibility on traditional media with social media disclosure having a beneficial effect for low-visibility companies.
  • Item
    Future Prospects of Cyber Security in Manufacturing: Findings from a Delphi Study
    ( 2018-01-03) Kannus, Katariina ; Ilvonen, Ilona
    Cyber security professionals need to make decisions in a constantly changing threat landscape, with a plethora of known threats that need reacting to in addition to the less well-known future threats. The objective of this paper is to provide insight in the cyber security landscape of manufacturing in 2021, and thus help decision making in the area. The Delphi study found out that internet of things, digitalization, industry 4.0, and the security of the industrial automation would be the most important drivers for the cyber security of manufacturing industry in 2021. The paper presents several important themes to be considered by security professionals.
  • Item
    Crowdsourcing Privacy Design Critique: An Empirical Evaluation of Framing Effects
    ( 2018-01-03) Ayalon, Oshrat ; Toch, Eran
    When designed incorrectly, information systems can thwart people’s expectations of privacy. An emerging technique for evaluating systems during the development stage is the crowdsourcing design critique, in which design evaluations are sourced using crowdsourcing platforms. However, we know that information framing has a serious effect on decision-making and can steer design critiques in one way or another. We investigate how the framing of design cases can influence the outcomes of privacy design critiques. Specifically, we test whether -˜Personas’, a central User-Centered Design tool for describing users, can inspire empathy in users while criticizing privacy designs. In an experiment on Amazon Mechanical Turk workers (n=456), we show that describing design cases by using personas causes intrusive designs to be criticized more harshly. We discuss how our results can be used to enhance privacy-by-design processes and encourage user-centered privacy engineering.
  • Item
    Host Inventory Controls and Systems Survey: Evaluating the CIS Critical Security Control One in Higher Education Networks
    ( 2018-01-03) Kobezak, Philip ; Marchany, Randy ; Raymond, David ; Tront, Joseph
    Within the field of information security, the identification of what we are trying to secure is essential to reducing risk. In private networks, this means understanding the classification of host end-points, identifying responsible users, and knowing the location of hosts. For the context of this paper, the authors are considering the challenges faced by higher education institutions in implementing the first Center for Internet Security (CIS) Critical Security Control: inventory of authorized and unauthorized devices. The authors developed and conducted a survey of chief information security officers at these institutions. The survey evaluated their confidence in meeting the goals of host inventory tracking. The results of the survey, along with analysis of the implications for information security operations, are presented in this paper. Changes in technology, such as BYOD, IoT, wireless, virtual machines, and application containers, are contributing to changes in the effectiveness of host inventory controls.
  • Item
    Web Tracking - A Literature Review on the State of Research
    ( 2018-01-03) Ermakova, Tatiana ; Fabian, Benjamin ; Bender, Benedict ; Klimek, Kerstin
    Web tracking seems to become ubiquitous in online business and leads to increased privacy concerns of users. This paper provides an overview over the current state of the art of web-tracking research, aiming to reveal the relevance and methodologies of this research area and creates a foundation for future work. In particular, this study addresses the following research questions: What methods are followed? What results have been achieved so far? What are potential future research areas? For these goals, a structured literature review based upon an established methodological framework is conducted. The identified articles are investigated with respect to the applied research methodologies and the aspects of web tracking they emphasize.