وبلاگ بلیان

Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, ... and Communication Technology, 658)

معرفی کتاب «Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, ... and Communication Technology, 658)» نوشتهٔ Nathan Clarke (editor), Steven Furnell (editor)، منتشرشده توسط نشر Springer International Publishing AG در سال 2022. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This book constitutes the proceedings of the 16th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2022, held in Mytilene, Lesbos, Greece, in July 2022. The 25 papers presented in this volume were carefully reviewed and selected from 30 submissions. They are organized in the following topical sections: cyber security education and training; cyber security culture; privacy; and cyber security management. Preface Organization Contents Cyber Security Education and Training Visual Programming in Cyber Range Training to Improve Skill Development 1 Introduction 2 Background 3 Related Work 4 Integrating a VPL into Cyber Range Training 4.1 Cyber Range Concept 4.2 SIEM Rule Creation with Blockly 5 Evaluation 5.1 Method and Procedure 5.2 Results and Discussion 6 Conclusion References Survey of Users’ Willingness to Adopt and Pay for Cybersecurity Training 1 Introduction 2 Methodology 3 Results 4 Discussion 4.1 Answering the Research Questions 4.2 Contributions 4.3 Limitations and Future Work References A Thematic Content Analysis of the Cybersecurity Skills Demand in South Africa 1 Introduction 2 Related Literature 3 Thematic Content Analysis Using ATLAS.ti 3.1 First Phase: Pre-analysis 3.2 Second Phase: Material Exploration 3.3 Third Phase: Interpretation 4 General Results and Findings 4.1 Identified Industries 4.2 Job Locations 4.3 Job Levels 4.4 Qualifications and Certifications 5 Job Roles Results and Findings 5.1 Identified Job Roles, Knowledge, Skills and Abilities 5.2 Mapping of Identified Skills and Abilities to Job Categories 6 Discussion and Implications 7 Conclusion References Applying PDCA to Security, Education, Training and Awareness Programs 1 Introduction 2 Plan the SETA Program 2.1 The Source 2.2 The Type of Message 2.3 The Media 2.4 The Target 3 Do the SETA Program 4 Check the SETA Program 5 Adjust the SETA Program 6 Discussion and Perspectives 7 Conclusion References Exploring CyBOK with Topic Modeling Techniques 1 Introduction 2 Related Work 2.1 Topic Modeling 2.2 Cyber Security Frameworks 2.3 Text Mining in Cyber Security 3 Materials and Methods 3.1 BERTopic 3.2 Corpus Generation 3.3 Topic Modeling with BERTopic 4 Results 4.1 Topic Model Analysis 4.2 Topic Model vs CyBOK Chapters 5 Discussion 5.1 Topic Model Analysis 5.2 Topic Model vs CyBOK Chapters 5.3 Possible Expansions 5.4 Limitations 6 Conclusion 6.1 Future Work References COLTRANE – Towards a Methodology and Platform Supported Educational Basis for Cybersecurity Education 1 Introduction 2 COLTRANE Methodology 3 A Pilot Study 4 Outlook and Conclusion References An Investigation into Educational Process Models for Teaching Secure Programming 1 Introduction 2 Research Methodology 3 Secure Programming Education and Training 4 Educational Process Models 5 Thematic Content Analysis of Educational Process Models 5.1 Inputs 5.2 Integration (Combination) 5.3 Output 5.4 Reflection 6 Educational Process Model Elements for Teaching Secure Programming 6.1 Inputs for Teaching Secure Programming 6.2 Integration for Teaching Secure Programming 6.3 Outputs for Teaching Secure Programming 6.4 Reflection 7 Conclusion References Cybersecurity Knowledge Requirements for a Water Sector Employee 1 Introduction 2 Research Methodology 3 Planning the Review 3.1 Identifying the Need for a Review 3.2 Development of a Review Protocol 4 Conducting the Review 4.1 Searching the Literature 4.2 Screening for Inclusion and Exclusion 4.3 Data Extraction 4.4 Screening for Eligibility 4.5 Quality Assessment 5 Data Analysis and Synthesis 5.1 Familiarisation with the Data 5.2 Generating Initial Codes 5.3 Searching for Themes 5.4 Reviewing the Themes 5.5 Reporting on Findings 5.6 Framework for Defining the Cybersecurity Knowledge 6 Conclusion 6.1 Limitations and Future Research References CAP: Patching the Human Vulnerability 1 Introduction 2 Literature Review 2.1 Existing Cyber Security Awareness and Training 2.2 Related Studies 2.3 Assessing and Measuring Skills 3 CAP Design 4 CAP Implementation and Analysis 4.1 CAP – User Viewpoint and Admin Configuration 4.2 Testing, Results, and Analysis 5 Conclusion References A Novel Framework for the Development of Age Appropriate Information Security Serious Games 1 Introduction 2 Background 2.1 Erikson’s Stages of Psychosocial Development 2.2 Bandura’s Social Cognitive Theory 2.3 Information Security Serious Games 3 Method 4 Framework Evaluation 4.1 3rdStage: 3–6 Years Old 4.2 4thStage: 6 Years Old to Adolescence, and 5thStage: Adolescence 5 Conclusion and Future Work References Cyber Security Culture Security Culture in Industrial Control Systems Organisations: A Literature Review 1 Introduction 2 Background on Security Culture 3 Methodology 4 Results 5 Discussion 6 Conclusion References Systematic Review of Factors that Influence the Cybersecurity Culture 1 Introduction 2 Research Aims 3 Background 4 Information Security and Cybersecurity 5 Research Method 5.1 Data Sources and Selection Criteria 5.2 Results 5.3 Cybersecurity Culture Factors 6 Discussion and Contribution 7 Limitations and Future Work 8 Conclusion Appendix References Cyber4Dev Security Culture Model for African Countries 1 Introduction 2 Research Problem and Research Questions 3 Background 3.1 Defining Information Security Culture and Cyber4Dev Security Culture 3.2 Cyber Security Challenges in Africa 3.3 Cyber Awareness in Africa 3.4 Why Promote a Cyber4Dev Security Culture? 4 Research Method 4.1 Information Sources 4.2 Eligibility Criteria 4.3 Data Collection 5 Results 5.1 Synthesis of the Results 5.2 The African Perspective 6 Cyber4Dev Security Culture Model 7 Conclusion and Future Work References A Model for Information Security Culture with Innovation and Creativity as Enablers 1 Introduction 2 Background 2.1 Information Security Culture 2.2 Creativity and Innovation in an Organisation 2.3 Applying Creativity and Innovation in Information Security Culture 3 Research Methodology 4 Results 4.1 Creativity and Innovation in the Information Security Culture Context 4.2 Creativity and Innovation in an Organisational Culture Context 4.3 Conceptual Model 5 Conclusion and Future Work References Understanding Phishing in Mobile Instant Messaging: A Study into User Behaviour Toward Shared Links 1 Introduction 2 Literature Review 3 Methodology 4 Results 5 Discussion and Limitations 6 Conclusions References Privacy How Privacy Concerns Impact Swedish Citizens’ Willingness to Report Crimes 1 Introduction 2 Methodology 3 Results 3.1 Analysis of the Results 3.2 Discussion of the Results 4 Conclusions References ``Your Cookie Disclaimer is Not in Line with the Ideas of the GDPR. Why?'' 1 Introduction 2 Related Work 3 Background 4 Methodology 4.1 Design Decisions for Communication 4.2 Procedure 5 Results 6 Discussion 7 Conclusion References A Survey of Australian Attitudes Towards Privacy: Some Preliminary Results 1 Introduction 2 Related Work 3 Method 4 Results and Discussion 4.1 Trust 4.2 Behaviour 4.3 Control 4.4 Awareness and Knowledge 5 The COVID-19 Effect 6 Conclusion References Designing and Evaluating a Prototype for Data-Related Privacy Controls in a Smart Home 1 Introduction 2 Background 2.1 Privacy Control Design Factors and Sub-factors 2.2 Translating Privacy Control Design Factors into Design 3 Method 3.1 Stimulus (Prototype App) 3.2 Pre-study 3.3 Interview Study 3.4 Survey Study 4 Results 4.1 Task Accuracy 4.2 User Experience 4.3 Usability 4.4 Perceived Information Control 4.5 User Satisfaction 4.6 Behavioral Intention to Use 4.7 User Feedback 5 Discussion 5.1 Design Recommendations 5.2 Limitations and Future Work 6 Conclusion References Cyber Security Management An Exploratory Factor Analysis of Personality Factors: An Insider Threat Perspective 1 Introduction 2 Related Work 3 Theoretical Framing 4 Research Methodology 5 Data Analysis 6 Discussion of Findings 7 Implications for Theory and Practice 8 Conclusions Appendix A: Rotated Factor Loading References Policy Components - A Conceptual Model for Tailoring Information Security Policies 1 Introduction 2 Related Research 3 Research Method 4 Policy Component – Conceptual Model 5 Policy Component – Demonstration 5.1 Policy Component: Managing E-mails 5.2 Two Tailored Information Security Policies 6 Conclusion and Future Research References Security Fatigue: A Case Study of Data Specialists 1 Introduction 2 Literature Review 2.1 Security Complexity and Fatigue 2.2 Managing Security Fatigue 3 Research Design 3.1 Case Organisation and Participants 3.2 Data Collection and Analysis 4 Analysis and Findings 4.1 Awareness of Risks 4.2 Influence of Compliance Effort 4.3 Influence of Psychological Stress 4.4 Adequacy of Knowledge 5 Conclusion References Factors Influencing Cybercrime Reporting Behaviour in South African State-Owned Entities 1 Introduction 2 Conceptual Background and Hypotheses Development 2.1 Perceptions of Law Enforcement Agencies 2.2 Emotional Response to Cybercrime 2.3 Cybercrime Reporting Awareness 2.4 The Cost-Benefit of Cybercrime Reporting 2.5 Organisational Subjective Norm 2.6 Self-Efficacy 2.7 Facilitating Conditions 2.8 Anonymity of Cybercrime Reporting 2.9 Research Model 3 Research Methodology 3.1 Sampling Strategy 3.2 Data Analysis Methods 4 Findings 4.1 Demographic Profile 4.2 Construct Validity 4.3 Reliability 4.4 Correlation Analysis 4.5 Hypotheses Testing 4.6 Discussion and Implications 5 Conclusion Appendix A: Research Instrument References Online Security Attack Experience and Worries of Young Adults in the United Kingdom 1 Introduction 2 Method 2.1 Participants 2.2 Online Questionnaire 3 Results 4 Discussion and Conclusions References PowerQoPE: A Personal Quality of Internet Protection and Experience Configurator 1 Introduction 2 Background and Related Work 2.1 Quality of Protection 3 System Design 3.1 Design Goals 3.2 Choosing Parameters 3.3 System Overview 3.4 Architectural Components 4 Evaluation 4.1 Methodology 5 Results 5.1 Influence of Security Cost Information on Users' Choice of Security Level 5.2 Empirical Performance Impact of Users' Choice of Security Level 6 Discusion 7 Conclusion and Future Work References Author Index
دانلود کتاب Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, ... and Communication Technology, 658)