In today’s world, information security is a trending as well as a crucial topic for both individuals and organizations. Experts believe that nothing can guarantee any system’s security unless humans’ information security behavior is taken under consideration. Opening an e-mail attachment without checking its source, sharing account information with other people and browsing websites without checking its reliability can be considered as common mistakes in information security behavior. This study examines the factors affecting information security behavior by scrutinising its relationship with different variables which are information knowledge sharing, information security organization policy, the intention of attending information security training and self-efficacy. The present study extensively analyses the data collected from a survey of 630 people ranging from students to managers aged between 15 to 79 in order to generalize the Turkish context. The results of reliability measures and confirmatory factor analysis support the scale of the study. The present study’s findings show that there is a positive relationship between the factors mentioned above and information security behavior.
Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training.
In this paper we research the following question: What motivational factors relate, in which degree, to intentions on compliance to ISP and how could these insights be utilized to promote endusers compliance within a given organization? The goal of this research is to provide more insight in the motivational factors applicable to ISP and their influence on end-user behavior, thereby broadening knowledge regarding information systems security behaviors in organizations from the viewpoint of non-malicious abuse and offer a theoretical explanation and empirical support. The outcomes are also useful for practitioners to complement their security training and awareness programs, in the end helping enterprises better effectuate their information security policies. In this study an instrument is developed that can be used in practice to measure an organizational context on the effects of six motivational factors recognized. These applicable motivational factors are determined from literature and subsequently evaluated and refined by subject matter experts. A survey is developed, tested in a pilot, refined and conducted within four organizations. From the statistical analysis, findings are reported and conclusions on the hypothesis are drawn. Recommended Citation Straver, Peter and Ravesteyn, Pascal (2018) "End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors," Communications of the IIMA: Vol. 16 : Iss. 4 , Article 1. Available at: https://scholarworks.lib.csusb.edu/ciima/vol16/iss4/1
MULTIFILE
Het senior management op C-niveau stelt steeds vaker een CISO (Chief Information Security Officer) aan welke plaats neemt in het management team of hier rechtstreeks aan rapporteert. Maar de CISO is vaak een persoon met een bèta achtergrond. Vaktechnisch inhoudelijk zijn deze personen vaak zeer bekwaam maar missen veelal de juiste skills om zich staande te kunnen houden op managementniveau. Dit onderzoek richt zich op de doorlopende evolutie van CISO leidershap en benodigde skills om successvol te woren en blijven.
Today, embedded devices such as banking/transportation cards, car keys, and mobile phones use cryptographic techniques to protect personal information and communication. Such devices are increasingly becoming the targets of attacks trying to capture the underlying secret information, e.g., cryptographic keys. Attacks not targeting the cryptographic algorithm but its implementation are especially devastating and the best-known examples are so-called side-channel and fault injection attacks. Such attacks, often jointly coined as physical (implementation) attacks, are difficult to preclude and if the key (or other data) is recovered the device is useless. To mitigate such attacks, security evaluators use the same techniques as attackers and look for possible weaknesses in order to “fix” them before deployment. Unfortunately, the attackers’ resourcefulness on the one hand and usually a short amount of time the security evaluators have (and human errors factor) on the other hand, makes this not a fair race. Consequently, researchers are looking into possible ways of making security evaluations more reliable and faster. To that end, machine learning techniques showed to be a viable candidate although the challenge is far from solved. Our project aims at the development of automatic frameworks able to assess various potential side-channel and fault injection threats coming from diverse sources. Such systems will enable security evaluators, and above all companies producing chips for security applications, an option to find the potential weaknesses early and to assess the trade-off between making the product more secure versus making the product more implementation-friendly. To this end, we plan to use machine learning techniques coupled with novel techniques not explored before for side-channel and fault analysis. In addition, we will design new techniques specially tailored to improve the performance of this evaluation process. Our research fills the gap between what is known in academia on physical attacks and what is needed in the industry to prevent such attacks. In the end, once our frameworks become operational, they could be also a useful tool for mitigating other types of threats like ransomware or rootkits.
Door de vergrijzing neemt het aantal ouderen met complexe revalidatievragen sterk toe. Deze revalidatie vindt toenemend plaats in een ambulant traject. Therapeuten in de geriatrische revalidatiezorg geven aan dat het daardoor steeds moeilijker wordt om zicht te krijgen op de voortgang van de revalidatie. In een samenwerking tussen de Hogeschool van Amsterdam (HvA) en het Amsterdam UMC is Hipper ontwikkeld, een combinatie van een behandelprotocol en technologie om op afstand de activiteit van revalidanten thuis te meten. Via een dashboard kunnen de therapeuten de data bekijken en hun behandeling bijstellen. De B.V. Hipper Therapeutics (HipperTx) exploiteert de dienst en levert momenteel aan een aantal zorginstellingen. De zorginstellingen willen weten of ze door het inzetten van eHealth toepassingen zoals Hipper ook daadwerkelijk hun kosten kunnen verlagen in het huidige zorgstelsel. Technologieleveranciers – die Hipper en andere eHealth toepassingen willen implementeren – hebben vragen over hoe deze kunnen voldoen aan de richtlijnen voor informatiebeveiliging in de zorg: zijn de vereiste certificeringen haalbaar? In het voorliggende voorstel schetsen wij een project waarbij het Amsterdam UMC samen met de betrokken zorginstellingen een business case voor de zorg maakt en waarbij de HvA i.s.m. de technologieleveranciers de informatieprocessen in de dienst in kaart brengt voor een adequate certificering. Aan het eind van het project zal er een whitepaper geschreven zijn waarin de business case beschreven staat en zullen de voorbereidende werkzaamheden voor een NEN7150 certificering zijn uitgevoerd. Het whitepaper zal openbaar zijn en zal kunnen dienen als een voorbeeld case voor vergelijkbare implementaties. Het project draagt bij aan het Missiegedreven Innovatiebeleid, meer specifiek de missie ‘In 2030 wordt zorg 50% meer (of vaker) in de eigen leefomgeving georganiseerd, in plaats van in zorginstelling’. Daarnaast kan op basis van de uitkomsten van dit voorstel een onderzoeksaanvraag rondom doelmatigheid van ambulante revalidatie gedaan worden.
