| 1. |
- Bahsi, Hayretdin, et al.
(author)
-
The cyber-insurance market in Norway
- 2019
-
In: Information and Computer Security. - Bingley, West Yorkshire, England, UK : Emerald Group Publishing Limited. - 2056-4961. ; 28:1, s. 54-67
-
Journal article (peer-reviewed)abstract
- PurposeThis paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.Design/methodology/approachThe study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries.FindingsThe Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets.Practical implicationsSome policy lessons for different stakeholders are identified.Originality/valueEmpirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.
|
|
| 2. |
- Bergström, Erik, 1976-, et al.
(author)
-
Revisiting information security risk management challenges : a practice perspective
- 2019
-
In: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 27:3, s. 358-372
-
Journal article (peer-reviewed)abstract
- Purpose – The study aims to revisit six previously defined challenges in information security risk management to provide insights into new challenges based on current practices.Design/methodology/approach – The study is based on an empirical study consisting of in-depth interviews with representatives from public sector organisations. The data were analysed by applying a practice-based view, i.e. the lens of knowing (or knowings). The results were validated by an expert panel.Findings – Managerial and organisational concerns that go beyond a technical perspective have been . found, which affect the ongoing social build-up of knowledge in everyday information security work.Research limitations/implications – The study has delimitation as it consists of data from four public sector organisations, i.e. statistical analyses have not been in focus, while implying a better understanding of what and why certain actions are practised in their security work.Practical implications – The new challenges that have been identified offer a refined set of actionable advice to practitioners, which, for example, can support cost-efficient decisions and avoid unnecessary security trade-offs.Originality/value – Information security is increasingly relevant for organisations, yet little is still known about how related risks are handled in practice. Recent studies have indicated a gap between the espoused and the actual actions. Insights from actual, situated enactment of practice can advise on process adaption and suggest more fit approaches.
|
|
| 3. |
- Framner, Erik, et al.
(author)
-
Making secret sharing based cloud storage usable
- 2019
-
In: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 27:5, s. 647-667
-
Journal article (peer-reviewed)abstract
- The purpose of this paper is to develop a usable configuration management for Archistar, whichutilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure andprivacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and othersettings for securely storing the secret data shares, while meeting all of end user’s requirements and otherrestrictions, is a complex task. In particular, complex trade-offs between different protection goals and legalprivacy requirements need to be made.
|
|
| 4. |
- Kävrestad, Joakim, 1989-, et al.
(author)
-
Understanding passwords – a taxonomy of password creation strategies
- 2019
-
In: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 27:3, s. 453-467
-
Journal article (peer-reviewed)abstract
- Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet. Findings The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.
|
|
