The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, we combine formal modeling and analysis of infrastructures of organizations with sociological explanation to provide a framework for insider threat analysis. We use the higher order logic (HOL) proof assistant Isabelle/HOL to support this framework. In the formal model, we exhibit and use a common trick from the formal verification of security protocols, showing that it is applicable...
Sexual harassment at workplace has been a criticalchallenge for women, especially in the service sector due to oddworking hours. Companies and Government on their part havetaken up measures to protect women employees but theproblem seems persistent. To address this, we have designed aregulatory solution based on operant conditioning. Operantconditioning argues that people's behaviors are primarilycontrolled...
Software development teams apply security practices to prevent vulnerabilities in the software they ship. However, vulnerabilities can be difficult to find, and security practices take time and effort. Stakeholders can better guide software development if they have empirical data on how security practices are applied by development teams. The goal of this paper is to inform managers and developers...
In order to develop efficient and effective framework for managing any conflict between security and privacy Non-Functional requirements and to reduce risk impact in software system, the goals set by the stakeholders need to be ascertained, and then the modeling language, tools, implementation and validation procedures need to be altered accordingly. Overall, this research is aimed for constructing...
The evolution of the economy, competition, development of new technologies and globalization explain the blooming of inter-organizations cooperation. The interorganizations cooperation represents a new opportunity to answer to complex challenges that a single organization can't face alone. Cloud Computing is an emerging computation paradigm in information technology and networking. Most recently business...
This study empirically tests the model of the Technology Threats Avoidance Theory (TTAT) in a healthcare context to investigate health information technology (HIT) avoidance behaviors when used in unsecure environment. Testing the model in this new context explained avoidance behaviors towards HIT in a holistic way. It is found that the HIT avoidance is predicted by levels of perceived threat, avoidance...
Cloud computing is an emerging economic modelthat provides a broad network access to services with manybenefits to many tenants at the same time. Although it createsa large potential to develop new online services the evolution ofcloud computing has been accompanied by the proliferation ofvarious attacks against the services on the cloud infrastructures. The importance of risk management in cloud...
It took 10 years for the city of Munich to migrate 15,000 PCs from Windows to the Linux operating system. Was it worth it? This article focuses on how to effectively cope with open source software (OSS) adoption in an organizational context. Based on the Linux in Munich case, the authors present challenges and risks for IT decision makers and propose recommendations for evaluating and calculating...
In the collaborative systems, in order to establish successful and protected collaboration, the trust management is first established between the participating entities and the trust score of each entity is calculated. This score is obtained based on the three trust criteria (satisfaction, reputation and recommendation) that are redefined and reused in our model: Tr-OrBAC. The evaluation of these...
Cloud Computing did come up with so many attractive advantages such as scalability, flexibility, accessibility, rapid application deployment, and user self service. However in hindsight, Cloud Computing makes ensuring security within these environments so much challenging. Therefore traditional security mechanisms such as firewalls and antivirus softwares have proven insufficient and incapable of...
This paper discusses the factors influencing Indian Small and Medium Enterprises' (SMEs) adoption of Cloud based services. This research, through an extensive literature review, analyzes the current situation, benefits, and challenges of Cloud based services adoption for Indian SMEs. It identifies and confirms the key factors (e.g., Cost reduction, relative advantage, security, regulatory support,...
In this paper we deal with the cloud brokering problem in the context of a multi-cloud infrastructure. The problem is by nature a multi-criterion optimization problem. The focus is put mainly (but not only) on the security/trust criterion which is rarely considered in the litterature. We use the well known Promethee method to solve the problem which is original in the context of cloud brokering. In...
The vertiginous change in technologies and the increasing sophistication that cyber space present require organization and permanent preparation. However, time, education and training, results too short and not appropriate enough through traditional training methods. Training through simulation may offer proper preparation to fight against new threats that exist in this digital battlefield. The paper...
In today's technology dependent world, business leaders within organizations must address information technology (IT) incident response needs. Yet, piecemeal and inadequate incident response tools frequently stymie their engagement. This paper discusses a user-centered approach undertaken to design, develop and evaluate an initial leader-centric IT incident response visualization that would facilitate...
Cloud computing is bringing significant changes in the way that public organizations interact with information systems. Existing research exploring cloud computing adoption in the public sector tends to privilege the technological factors. This paper contributes to the understanding of cloud computing adoption decisions in the public sector by also considering the organizational and environmental...
In this work we study information leakage through discussions in online social networks. In particular, we focus on articles published by news pages, in which a person's name is censored, and we examine whether the person is identifiable (de-censored) by analyzing comments and social network graphs of commenters. As a case study for our proposed methodology, in this paper we considered 48 articles...
As distributed, on-line communities are increasingly supported by the global, interconnected computing infrastructure, methods must be developed to securely manage their interactions. The virtual organization (VO) concept provides a security and discovery context whereby collaboration across multiple administrative domains can be enabled while enforcing joint security policies. In the era of cloud...
In the last years, the increasingly use of ICT in Healthcare has led to the generation of several healthcare information systems, such as Electronic Health Record systems, which enable the management and sharing of digital clinical data. Since clinical data is generally characterized by very sensitive information, such information systems have to be able to limit their sharing of it, by enabling or...
Analyzing the role of target-related information in a security attack is an understudied topic in the behavioral information security research field. This paper presents an empirical investigation of the effect of adding information about the target in phishing attacks. Data was collected by conducting two phishing experiments using a sample of 158 employees at five Swedish organizations. The first...
The secure interaction between different applications and services requires negotiation of their security properties. This is typically defined as a security policy contract, which aims at coordinating diverse security policies of different actors. Although considerable attention has been attracted to this theme in the recent literature of e-contract and negotiation, there is not a complete framework...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.