| 1. |
|
|
| 2. |
- Faizi, Ana, et al.
(författare)
-
From rationale to lessons learned in the cloud information security risk assessment : a study of organizations in Sweden
- 2022
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 30:2, s. 190-205
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose:This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.Design/methodology/approach:Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices.Findings:The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services.Originality/value:As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.
|
|
| 3. |
- Habibipour, Abdolrasoul, 1979-, et al.
(författare)
-
Exploring Factors Influencing Participant Drop-Out Behavior in a Living Lab Environment
- 2017
-
Ingår i: Scandinavian Conference on Information Systems. - Cham : Springer. - 9783319646947 - 9783319646954 ; , s. 28-40
-
Konferensbidrag (refereegranskat)abstract
- The concept of “living lab” is a rather new phenomenon that facilitates user involvement in open innovation activities. The users’ motivations to contribute to the living lab activities at the beginning of the project are usually higher than once the activities are underway. However, the literature still lacks an understanding of what actions are necessary to reduce the likelihood of user drop-out throughout the user engagement process. This study aims to explore key factors that are influential on user drop-out in a living lab setting by engaging users to test an innovation during the pilot phase of the application’s development. The stability of the prototype, ease of use, privacy protection, flexibility of the prototype, effects of reminders, and timing issues are the key influential factors on user drop-out behavior. This paper summarizes the key lessons learned from the case study and points to avenues for future research.
|
|
| 4. |
- Habibipour, Abdolrasoul, 1979-, et al.
(författare)
-
Social, Ethical and Ecological Issues in Wearable Technologies
- 2019
-
Ingår i: AMCIS 2019 Proceedings. - : Association for Information Systems.
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- The rapid growth of Internet of Things (IoT) has given rise to a plethora of wearable devices integrated into daily life, however achieving end-user’s long-term adoption is still an issue. The purpose of this paper is to investigate social, ethical and ecological issues related to wearable technologies from end-users’ perspectives. We undertook a systematic literature review as well as two rounds of interviews with domain experts as well as end-users of IoT wearable devices to find relevant issues related to social, ethical and ecological. After synthesizing the results, eighteen issues found to be relevant to the wearable technologies. These issues have important implications for reducing the negative barriers that challenge the adoption of wearable technologies. The originality of this study lies with its non-technological focus that provides insights into issues that are rooted into individuals’ concerns.
|
|
| 5. |
- Islami, Lejla
(författare)
-
Envisioning Usable Privacy in Smart Environments : A Technical and Intercultural Perspective
- 2024
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Smart environments provide users with a large number of new services that will improve their lives, such as smarter and more efficient transportation, advanced smart home services, and pervasive healthcare. Yet, they also have the potential for collecting staggering amounts of personal information, which, if misused, poses a multitude of privacy threats to users ranging from tracking, stalking to monitoring and profiling. Consequently, the users’ right to informational self-determination is at stake in smart environments. Therefore, there is a need for solutions that empower individuals with control over their data in smart environments. Privacy-Enhancing Technologies (PETs) and privacy by design and by default can help to protect users’ privacy. In particular, usable Privacy-Enhancing Identity Management (PE-IdM) can re-establish user control and, thus, informational self-determination by offering users a selection of meaningful preference-based privacy settings that they could choose from to lessen the configuration burden of privacy settings. However, different privacy trade-offs need to be considered and managed for the configuration of the identity management system, as well as various factors influencing users’ privacy preferences. Guidelines for the design of usable management of privacy settings that address varying end-user preferences for control, location sharing and privacy conflicting goals are needed. The objective of this thesis is to propose viable approaches for enforcing usable PE-IdM for smart environments, with a focus on vehicular ad hoc networks (VANETs). To that end, we unravel the technical state of the art regarding the problem space and solutions. We employ qualitative and quantitative empirical Human-Computer Interaction (HCI) research methods to investigate different users’ privacy preferences and factors affecting such preferences. Our results demonstrate a cultural and regional influence on willingness to share location data and preferences for trade-offs for location privacy. Based on our results, we elicit end-users and design requirements and propose high-level design guidelines for usable PE-IdM for VANETs. These guidelines aim to simplify privacy and identity management for users by offering selectable settings that will cater for their different privacy needs and preferences.
|
|
| 6. |
- Lindqvist, Gunnar, et al.
(författare)
-
How do Bitcoin Users Manage Their Private Keys?
- 2021
-
Ingår i: Proceedings of the 7th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2021). ; , s. 11-21
-
Konferensbidrag (refereegranskat)abstract
- Bitcoin has emerged as the most recognisable cryptocurrency due to its usages as a speculative asset,medium of exchange and store of value. The fundamental characteristics of trustless and secure soundmoney have made it appealing to people. As a result of the immutability of Bitcoin, monetary lossescaused by user security mistakes such as lose possession of private keys may hinder Bitcoin usage. Wesurveyed 339 Bitcoin users to explore the interaction between individuals and the technology of Bitcoinof how they safeguard their Bitcoin private keys. The results showed that users employed technologiesto enhance the protection of their Bitcoin private keys, such as encryption and multi-signature. However,a proportion of users employed less secure approaches. The study results suggest that users preferencrypting their private keys rather than multi-signature due to convenience and ease of use. Hardwarewallets were moreover the most used wallet by the participants.
|
|
| 7. |
- Lundgren, Martin, et al.
(författare)
-
A Review of Cyber Threat (Artificial) Intelligence in Security Management
- 2023. - 1
-
Ingår i: Artificial Intelligence and Cybersecurity. - Cham : Springer Nature Switzerland AG. - 9783031150296 - 9783031150326 - 9783031150302 ; , s. 29-45
-
Bokkapitel (refereegranskat)abstract
- Managing cybersecurity within organizations typically relies on careful consideration and management of its risks. By following an iterative—often sequential—risk management process, an organization’s exposure to risks can be assessed by weighing organizational digital asset values against the probability of being harmed by a threat [29]. However, this approach has been criticized for reflecting only a snapshot of the organization’s assets and threats. Furthermore, identifying threats and the ability to remain updated on current threats and vulnerabilities are often dependent on skilled and experienced experts, causing risks to be primarily determined based on subjective judgment [46]. Nevertheless, this also poses a challenge to organizations that cannot stay up-to-date with what assets are vulnerable or attain personnel with the necessary experience and know-how to obtain relevant information on cybersecurity threats towards those assets [8, 30, 37].
|
|
| 8. |
- Lundgren, Martin, et al.
(författare)
-
Security and Privacy of Smart Homes : Issues and Solutions
- 2021
-
Ingår i: Security and Privacy in the Internet of Things. - : John Wiley & Sons. - 9781119607748 - 9781119607755 - 9781119607762 - 9781119607779 ; , s. 235-260
-
Bokkapitel (refereegranskat)abstract
- The current discussion and adoption of new technologies such as Internet of Things and smart technologies, like smart homes, have blossomed over the last decade. The user-centric aspect plays a vital role in the development of smart homes, since its spread and usage is fundamentally depending on people adopting new technologies into their normal everyday lives. This chapter contributes to raising our understanding of the security and privacy challenges and solutions that exist within smart homes. It first investigates various dimensions of information security and privacy in order to build a framework to analyze actual or perceived security and privacy issues that can arise from new technologies like smart homes. The chapter presents what security techniques and mechanisms are available to address these. Finally, it discusses what the future might hold in terms of security and privacy of smart homes, followed by a section highlighting the contributions of this chapter.
|
|
| 9. |
- Mannebäck, Emelie, et al.
(författare)
-
Challenges of Managing Information Security during the Pandemic
- 2021
-
Ingår i: Challenges. - : MDPI. - 2078-1547. ; 12:2
-
Tidskriftsartikel (refereegranskat)abstract
- The COVID-19 pandemic of 2019 surprised information security practitioners in the organizations due to the change imposed on employees’ work routines. Employees were asked to work from home, and therefore changes were necessary to reduce information security risks actively. The abrupt change of work environments brought many challenges to the practitioners, which caused them to make decisions regarding organizational information security. This article aims to uncover those challenges through an ethnography study within an organization during the fourteen months of teleworking. On an overarching level, we found four challenges to be of concern: technical security, regulations and policies, employee awareness of security issues, and, finally, preparedness for the new work environment of teleworking. We believe that the challenges brought by the analysis will inspire discussions about the future of research and practice regarding information security management in case of disasters.
|
|
| 10. |
- Padyab, Ali
(författare)
-
Exploring Impacts of Secondary Information Use on Individual Privacy
- 2018
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Information collected from individuals via online social networks and Internet of things devices can be used by institutions and service providers for different business purposes to tailor and customize their services, which is defined as secondary use of information. Although the literature on secondary use is well developed, prior studies have largely focused on direct use of information such as those instances of information use that do not stem from data mining. Advances in data mining and information-processing techniques facilitate discovery of customers’ and users’ behaviors and needs. Research shows that individuals’ behavior can be inferred with high accuracy from their shared information, which may in turn jeopardize privacy. A recent scandal of Cambridge Analytica using about 87 million Facebook profiles to target those users with customized micro-targeted political ads has created public outrage and raised criticisms of secondary use. Given this background, the purpose of this thesis is to explore impacts of organizations’ and service providers’ secondary use of personal information in order to draw conclusions related to how individuals’ attitudes are formed and what role secondary use plays in managing privacy.This research investigates user awareness and attitudes towards potential secondary uses of information. To pursue this, a multi-method qualitative approach using a descriptive questionnaire with 1000 European citizens and a total of 10 focus groups with 43 participants was employed. A qualitative content analysis using both inductive and deductive approaches was conducted to analyze the results. The conceptual framework employed in this thesis was genres of disclosure.The research results suggest that user awareness of the potential for indirect personal information disclosure was relatively low. It was consequently found that participant attitudes toward privacy and disclosure shifted from affective to cognitive when they experienced firsthand the potential inferences that could be made from their own data. Generally, the participant users only considered their direct disclosure of information; through observing potential indirect inferences about their own shared contents and information, however, the participants became more aware of potential infringements on their privacy.The study contributes to information privacy and information systems literature by raising understanding of the impacts of secondary use, in particular its effects on individual privacy management. In addition, this thesis suggests that information privacy is affected differently by direct and indirect uses. Its contribution to information privacy research is to complement previous methodological approaches by suggesting that if users are made aware of indirect inferences that can be made from their content, negative affective responses decrease while cognitive reactions increase through the processing of information related to their disclosure genres. The reason is that indirect use of information inhibits the negotiation of information privacy boundaries and creating unresolved tensions within those boundaries. Cognitive awareness of inferences made to individual information significantly affects the privacy decision-making process. The implication is that there is a need for more dynamic privacy awareness mechanisms that can empower users by providing them with increased awareness of the indirect information they are sharing.
|
|
