An analysis of security systems for electronic information for establishing secure internet of things environments: Focusing on research trends in the security field in South Korea
创建安全物联网环境的电子信息安全系统分析:聚焦韩国安全领域研究趋势
Future Generation Computer Systems, Volume 82, May 2018, Pages 769-782
Seungwan Hong, Sangho Park, Lee Won Park, Minseo Jeon, Hangbae Chang
摘要:In the Internet of Things (IoT) era, a variety of devices that accumulate a range of data and electronic information are connected to the internet. This information is intelligently processed to create new services. As a result, the range of security risks is expanded, and the risk of compromise of electronic information is increasing. To combat this risk, research and investments in electronic information security technology is steadily increasing, and various security systems are being steadily developed. However, since electronic information security technology suitable for the IoT environment is not classified, many security systems perform redundant functions. The use of redundant security systems not only wastes costs in terms of security management, but also inefficiently performs security operations.
The impact of information security threat awareness on privacy-protective behaviors
信息安全风险意识对隐私保护行为的冲击
Computers in Human Behavior, Volume 83, June 2018, Pages 32-44
Stanislav Mamonov, Raquel Benbunan-Fich
摘要:In this study, we examine how to motivate computer users to protect themselves from potential security and privacy threats. We draw on the Information Processing framework which posits that threat mitigation commonly occurs before full cognitive threat assessment and we conduct an empirical study to evaluate the effects of an exposure to general information security threats on the strength of passwords and the disclosure of personal information. Through an online experiment, we compare immediate computer user reactions to potential non-individually specific security and privacy threats in an extra-organizational context. We find evidence consistent with automatic security and privacy protective actions in response to these threats. Computer users exposed to news stories about corporate security breaches limit the disclosure of sensitive personal information and choose stronger passwords. The study complements the existing behavior modification research in information security by providing the theoretical and empirical foundation for the exploration of automatic security and privacy threat mitigation strategies across different contexts.
Performance evaluation of the recommendation mechanism of information security risk identification
信息安全风险鉴定推荐机制效果评估
Neurocomputing, Volume 279, 1 March 2018, Pages 48-53
Yu-Chih Wei, Wei-Chen Wu, Ya-Chi Chu
摘要:In recent decades, information security has become crucial for protecting the benefits of a business operation. Many organizations perform information security risk management in order to analyze their weaknesses, and enforce the security of the business processes. However, identifying the threat–vulnerability pairs for each information asset during the processes of risk assessment is not easy and time-consuming for the risk assessor. Furthermore, if the identified risk diverges from the real situation, the organization may put emphasis on the unnecessary controls to prevent the non-existing risk. In order to resolve the problem mentioned above, we utilize the data mining approach to discover the relationship between assets and threat–vulnerability pairs. In this paper, we propose a risk recommendation mechanism for assisting user in identifying threats and vulnerabilities. In addition, we also implement a risk assessment system to collect the historical selection records and measure the elapsed time. The result shows that with the assistance of risk recommendations, the mean elapsed time is shorter than with the traditional method by more than 21%. The experimental results show that the risk recommendation system can improve both the performance of efficiency and accuracy of risk identification.
Information security investments: An exploratory multiple case study on decision-making, evaluation and learning
信息安全投资:决策评估与学习描述型多个实例研究
Computers & Security, In press, corrected proof, Available online 8 February 2018
Eva Weishäupl, Emrah Yasasin, Guido Schryen
摘要:The need to protect resources against attackers is reflected by huge information security investments of firms worldwide. In the presence of budget constraints and a diverse set of assets to protect, organizations have to decide in which IT security measures to invest, how to evaluate those investment decisions, and how to learn from past decisions to optimize future security investment actions. While the academic literature has provided valuable insights into these issues, there is a lack of empirical contributions. To address this lack, we conduct a theory-based exploratory multiple case study. Our case study reveals that (1) firms' investments in information security are largely driven by external environmental and industry-related factors, (2) firms do not implement standardized decision processes, (3) the security process is perceived to impact the business process in a disturbing way, (4) both the implementation of evaluation processes and the application of metrics are hardly existent and (5) learning activities mainly occur at an ad-hoc basis.
Security design with interim public information
基于临时(中间)公共信息的安全设计
Journal of Mathematical Economics, Volume 76, May 2018, Pages 113-130
André Stenzel
摘要:We consider a security design problem where public information about the security’s underlying cash-flow arrives between trading periods. The optimal security minimizes less-than-full realization of gains from trade due to limited cash in the market, which may depend on the interim information. We show that the optimal security can be expressed as a convex combination of securities solving minimization problems for which the solutions share many debt-like features but exhibit endogenous tranching. We provide conditions for the non-optimality of standard debt contracts and show that implementation of the class of optimal securities can be achieved by mezzanine tranche retention, providing a public information rationale for departure from the pecking order.
