for Journals by Title or ISSN
for Articles by Keywords

Publisher: Emerald   (Total: 335 journals)

 A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  

        1 2 | Last   [Sort by number of followers]   [Restore default list]

Showing 1 - 200 of 335 Journals sorted alphabetically
A Life in the Day     Hybrid Journal   (Followers: 9)
Academia Revista Latinoamericana de Administraci√≥n     Open Access   (Followers: 2, SJR: 0.144, h-index: 4)
Accounting Auditing & Accountability J.     Hybrid Journal   (Followers: 28)
Accounting Research J.     Hybrid Journal   (Followers: 25, SJR: 0.26, h-index: 7)
Accounting, Auditing and Accountability J.     Hybrid Journal   (Followers: 19, SJR: 0.88, h-index: 40)
Advances in Accounting Education     Hybrid Journal   (Followers: 13, SJR: 0.514, h-index: 5)
Advances in Appreciative Inquiry     Hybrid Journal   (SJR: 0.124, h-index: 5)
Advances in Autism     Hybrid Journal   (Followers: 4)
Advances in Dual Diagnosis     Hybrid Journal   (Followers: 47, SJR: 0.228, h-index: 2)
Advances in Gender Research     Full-text available via subscription   (Followers: 3, SJR: 0.229, h-index: 7)
Advances in Intl. Marketing     Full-text available via subscription   (Followers: 4, SJR: 0.123, h-index: 11)
Advances in Mental Health and Intellectual Disabilities     Hybrid Journal   (Followers: 59, SJR: 0.29, h-index: 5)
Advances in Mental Health and Learning Disabilities     Hybrid Journal   (Followers: 28)
African J. of Economic and Management Studies     Hybrid Journal   (Followers: 11, SJR: 0.125, h-index: 2)
Agricultural Finance Review     Hybrid Journal  
Aircraft Engineering and Aerospace Technology     Hybrid Journal   (Followers: 171, SJR: 0.391, h-index: 18)
American J. of Business     Hybrid Journal   (Followers: 15)
Annals in Social Responsibility     Full-text available via subscription  
Anti-Corrosion Methods and Materials     Hybrid Journal   (Followers: 10, SJR: 0.215, h-index: 25)
Arts and the Market     Hybrid Journal   (Followers: 9)
Asia Pacific J. of Marketing and Logistics     Hybrid Journal   (Followers: 7, SJR: 0.244, h-index: 15)
Asia-Pacific J. of Business Administration     Hybrid Journal   (Followers: 3, SJR: 0.182, h-index: 7)
Asian Association of Open Universities J.     Open Access  
Asian Education and Development Studies     Hybrid Journal   (Followers: 5)
Asian J. on Quality     Hybrid Journal   (Followers: 1)
Asian Review of Accounting     Hybrid Journal   (Followers: 2, SJR: 0.29, h-index: 7)
Aslib J. of Information Management     Hybrid Journal   (Followers: 21, SJR: 0.65, h-index: 29)
Aslib Proceedings     Hybrid Journal   (Followers: 246)
Assembly Automation     Hybrid Journal   (Followers: 2, SJR: 0.657, h-index: 26)
Baltic J. of Management     Hybrid Journal   (Followers: 3, SJR: 0.354, h-index: 14)
Benchmarking : An Intl. J.     Hybrid Journal   (Followers: 11, SJR: 0.556, h-index: 38)
British Food J.     Hybrid Journal   (Followers: 15, SJR: 0.329, h-index: 35)
Built Environment Project and Asset Management     Hybrid Journal   (Followers: 15, SJR: 0.232, h-index: 4)
Business Process Re-engineering & Management J.     Hybrid Journal   (Followers: 8, SJR: 0.614, h-index: 42)
Business Strategy Series     Hybrid Journal   (Followers: 6, SJR: 0.201, h-index: 6)
Career Development Intl.     Hybrid Journal   (Followers: 15, SJR: 0.686, h-index: 32)
China Agricultural Economic Review     Hybrid Journal   (Followers: 1, SJR: 0.238, h-index: 10)
China Finance Review Intl.     Hybrid Journal   (Followers: 5)
Chinese Management Studies     Hybrid Journal   (Followers: 4, SJR: 0.216, h-index: 12)
Circuit World     Hybrid Journal   (Followers: 15, SJR: 0.346, h-index: 17)
Collection Building     Hybrid Journal   (Followers: 12, SJR: 0.829, h-index: 10)
COMPEL: The Intl. J. for Computation and Mathematics in Electrical and Electronic Engineering     Hybrid Journal   (Followers: 3, SJR: 0.269, h-index: 22)
Competitiveness Review : An Intl. Business J. incorporating J. of Global Competitiveness     Hybrid Journal   (Followers: 6)
Construction Innovation: Information, Process, Management     Hybrid Journal   (Followers: 14, SJR: 0.508, h-index: 8)
Corporate Communications An Intl. J.     Hybrid Journal   (Followers: 6, SJR: 0.703, h-index: 26)
Corporate Governance Intl. J. of Business in Society     Hybrid Journal   (Followers: 7, SJR: 0.309, h-index: 29)
Critical Perspectives on Intl. Business     Hybrid Journal   (Followers: 1, SJR: 0.32, h-index: 15)
Cross Cultural & Strategic Management     Hybrid Journal   (Followers: 8, SJR: 0.356, h-index: 13)
Development and Learning in Organizations     Hybrid Journal   (Followers: 7, SJR: 0.138, h-index: 8)
Digital Library Perspectives     Hybrid Journal   (Followers: 15)
Direct Marketing An Intl. J.     Hybrid Journal   (Followers: 6)
Disaster Prevention and Management     Hybrid Journal   (Followers: 20, SJR: 0.533, h-index: 32)
Drugs and Alcohol Today     Hybrid Journal   (Followers: 127, SJR: 0.241, h-index: 4)
Education + Training     Hybrid Journal   (Followers: 20, SJR: 0.532, h-index: 30)
Education, Business and Society : Contemporary Middle Eastern Issues     Hybrid Journal   (SJR: 0.141, h-index: 10)
Emerald Emerging Markets Case Studies     Hybrid Journal   (Followers: 1)
Employee Relations     Hybrid Journal   (Followers: 6, SJR: 0.435, h-index: 22)
Engineering Computations     Hybrid Journal   (Followers: 4, SJR: 0.387, h-index: 39)
Engineering, Construction and Architectural Management     Hybrid Journal   (Followers: 14, SJR: 0.541, h-index: 28)
Equal Opportunities Intl.     Hybrid Journal   (Followers: 3)
Equality, Diversity and Inclusion : An Intl. J.     Hybrid Journal   (Followers: 14, SJR: 0.239, h-index: 9)
EuroMed J. of Business     Hybrid Journal   (Followers: 1, SJR: 0.145, h-index: 9)
European Business Review     Hybrid Journal   (Followers: 7, SJR: 0.481, h-index: 21)
European J. of Innovation Management     Hybrid Journal   (Followers: 23, SJR: 0.596, h-index: 30)
European J. of Marketing     Hybrid Journal   (Followers: 20, SJR: 0.933, h-index: 55)
European J. of Training and Development     Hybrid Journal   (Followers: 9, SJR: 0.489, h-index: 23)
Evidence-based HRM     Hybrid Journal   (Followers: 6)
Facilities     Hybrid Journal   (Followers: 2, SJR: 0.371, h-index: 18)
Foresight     Hybrid Journal   (Followers: 7, SJR: 0.486, h-index: 20)
Gender in Management : An Intl. J.     Hybrid Journal   (Followers: 16, SJR: 0.359, h-index: 22)
Grey Systems : Theory and Application     Hybrid Journal   (Followers: 1)
Health Education     Hybrid Journal   (Followers: 3, SJR: 0.383, h-index: 17)
Higher Education, Skills and Work-based Learning     Hybrid Journal   (Followers: 43, SJR: 0.172, h-index: 4)
History of Education Review     Hybrid Journal   (Followers: 13, SJR: 0.141, h-index: 2)
Housing, Care and Support     Hybrid Journal   (Followers: 9, SJR: 0.174, h-index: 4)
Human Resource Management Intl. Digest     Hybrid Journal   (Followers: 17, SJR: 0.121, h-index: 6)
Humanomics     Hybrid Journal   (Followers: 2, SJR: 0.14, h-index: 4)
IMP J.     Hybrid Journal  
Indian Growth and Development Review     Hybrid Journal   (SJR: 0.163, h-index: 4)
Industrial and Commercial Training     Hybrid Journal   (Followers: 5, SJR: 0.217, h-index: 14)
Industrial Lubrication and Tribology     Hybrid Journal   (Followers: 6, SJR: 0.322, h-index: 19)
Industrial Management & Data Systems     Hybrid Journal   (Followers: 6, SJR: 0.63, h-index: 69)
Industrial Robot An Intl. J.     Hybrid Journal   (Followers: 3, SJR: 0.375, h-index: 32)
Info     Hybrid Journal   (Followers: 1, SJR: 0.25, h-index: 21)
Information and Computer Security     Hybrid Journal   (Followers: 22)
Information Technology & People     Hybrid Journal   (Followers: 45, SJR: 0.576, h-index: 28)
Interactive Technology and Smart Education     Hybrid Journal   (Followers: 14, SJR: 0.112, h-index: 1)
Interlending & Document Supply     Hybrid Journal   (Followers: 62, SJR: 0.48, h-index: 13)
Internet Research     Hybrid Journal   (Followers: 42, SJR: 1.746, h-index: 57)
Intl. J. for Lesson and Learning Studies     Hybrid Journal   (Followers: 3)
Intl. J. for Researcher Development     Hybrid Journal   (Followers: 9)
Intl. J. of Accounting and Information Management     Hybrid Journal   (Followers: 7, SJR: 0.304, h-index: 7)
Intl. J. of Bank Marketing     Hybrid Journal   (Followers: 7, SJR: 0.515, h-index: 38)
Intl. J. of Climate Change Strategies and Management     Hybrid Journal   (Followers: 15, SJR: 0.416, h-index: 7)
Intl. J. of Clothing Science and Technology     Hybrid Journal   (Followers: 6, SJR: 0.279, h-index: 25)
Intl. J. of Commerce and Management     Hybrid Journal   (Followers: 1)
Intl. J. of Conflict Management     Hybrid Journal   (Followers: 14, SJR: 0.763, h-index: 38)
Intl. J. of Contemporary Hospitality Management     Hybrid Journal   (Followers: 12, SJR: 1.329, h-index: 35)
Intl. J. of Culture Tourism and Hospitality Research     Hybrid Journal   (Followers: 16, SJR: 0.399, h-index: 5)
Intl. J. of Development Issues     Hybrid Journal   (Followers: 9)
Intl. J. of Disaster Resilience in the Built Environment     Hybrid Journal   (Followers: 7, SJR: 0.225, h-index: 7)
Intl. J. of Educational Management     Hybrid Journal   (Followers: 5, SJR: 0.424, h-index: 32)
Intl. J. of Emergency Services     Hybrid Journal   (Followers: 4, SJR: 0.179, h-index: 1)
Intl. J. of Emerging Markets     Hybrid Journal   (Followers: 4, SJR: 0.199, h-index: 5)
Intl. J. of Energy Sector Management     Hybrid Journal   (Followers: 3, SJR: 0.25, h-index: 12)
Intl. J. of Entrepreneurial Behaviour & Research     Hybrid Journal   (Followers: 5, SJR: 0.694, h-index: 28)
Intl. J. of Event and Festival Management     Hybrid Journal   (Followers: 6, SJR: 0.32, h-index: 8)
Intl. J. of Gender and Entrepreneurship     Hybrid Journal   (Followers: 5, SJR: 0.638, h-index: 6)
Intl. J. of Health Care Quality Assurance     Hybrid Journal   (Followers: 9, SJR: 0.352, h-index: 32)
Intl. J. of Health Governance     Hybrid Journal   (Followers: 26, SJR: 0.277, h-index: 15)
Intl. J. of Housing Markets and Analysis     Hybrid Journal   (Followers: 10, SJR: 0.201, h-index: 5)
Intl. J. of Human Rights in Healthcare     Hybrid Journal   (Followers: 9, SJR: 0.13, h-index: 2)
Intl. J. of Information and Learning Technology     Hybrid Journal   (Followers: 7)
Intl. J. of Innovation Science     Hybrid Journal   (Followers: 9, SJR: 0.173, h-index: 5)
Intl. J. of Intelligent Computing and Cybernetics     Hybrid Journal   (Followers: 3, SJR: 0.258, h-index: 10)
Intl. J. of Intelligent Unmanned Systems     Hybrid Journal   (Followers: 4, SJR: 0.145, h-index: 2)
Intl. J. of Islamic and Middle Eastern Finance and Management     Hybrid Journal   (Followers: 8)
Intl. J. of Law and Management     Hybrid Journal   (Followers: 2, SJR: 0.107, h-index: 2)
Intl. J. of Law in the Built Environment     Hybrid Journal   (Followers: 4, SJR: 0.111, h-index: 2)
Intl. J. of Leadership in Public Services     Hybrid Journal   (Followers: 14)
Intl. J. of Lean Six Sigma     Hybrid Journal   (Followers: 7, SJR: 0.562, h-index: 15)
Intl. J. of Logistics Management     Hybrid Journal   (Followers: 12, SJR: 0.998, h-index: 15)
Intl. J. of Managerial Finance     Hybrid Journal   (Followers: 6, SJR: 0.212, h-index: 11)
Intl. J. of Managing Projects in Business     Hybrid Journal   (Followers: 2)
Intl. J. of Manpower     Hybrid Journal   (Followers: 2, SJR: 0.354, h-index: 37)
Intl. J. of Mentoring and Coaching in Education     Hybrid Journal   (Followers: 22)
Intl. J. of Migration, Health and Social Care     Hybrid Journal   (Followers: 10, SJR: 0.261, h-index: 5)
Intl. J. of Numerical Methods for Heat & Fluid Flow     Hybrid Journal   (Followers: 10, SJR: 0.594, h-index: 32)
Intl. J. of Operations & Production Management     Hybrid Journal   (Followers: 17, SJR: 2.198, h-index: 94)
Intl. J. of Organizational Analysis     Hybrid Journal   (Followers: 3, SJR: 0.222, h-index: 11)
Intl. J. of Pervasive Computing and Communications     Hybrid Journal   (Followers: 3, SJR: 0.165, h-index: 9)
Intl. J. of Pharmaceutical and Healthcare Marketing     Hybrid Journal   (Followers: 4, SJR: 0.304, h-index: 12)
Intl. J. of Physical Distribution & Logistics Management     Hybrid Journal   (Followers: 11, SJR: 1.694, h-index: 66)
Intl. J. of Prisoner Health     Hybrid Journal   (Followers: 10, SJR: 0.254, h-index: 10)
Intl. J. of Productivity and Performance Management     Hybrid Journal   (Followers: 6, SJR: 0.785, h-index: 31)
Intl. J. of Public Sector Management     Hybrid Journal   (Followers: 21, SJR: 0.272, h-index: 37)
Intl. J. of Quality & Reliability Management     Hybrid Journal   (Followers: 8, SJR: 0.544, h-index: 63)
Intl. J. of Quality and Service Sciences     Hybrid Journal   (Followers: 2, SJR: 0.133, h-index: 1)
Intl. J. of Retail & Distribution Management     Hybrid Journal   (Followers: 6, SJR: 0.543, h-index: 36)
Intl. J. of Service Industry Management     Hybrid Journal   (Followers: 2)
Intl. J. of Social Economics     Hybrid Journal   (Followers: 9, SJR: 0.227, h-index: 25)
Intl. J. of Sociology and Social Policy     Hybrid Journal   (Followers: 48, SJR: 0.361, h-index: 5)
Intl. J. of Sports Marketing and Sponsorship     Hybrid Journal   (Followers: 1)
Intl. J. of Structural Integrity     Hybrid Journal   (Followers: 2, SJR: 0.325, h-index: 8)
Intl. J. of Sustainability in Higher Education     Hybrid Journal   (Followers: 12, SJR: 0.616, h-index: 29)
Intl. J. of Tourism Cities     Hybrid Journal   (Followers: 2)
Intl. J. of Web Information Systems     Hybrid Journal   (Followers: 5, SJR: 0.208, h-index: 13)
Intl. J. of Wine Business Research     Hybrid Journal   (Followers: 6, SJR: 0.196, h-index: 12)
Intl. J. of Workplace Health Management     Hybrid Journal   (Followers: 11, SJR: 0.358, h-index: 8)
Intl. Marketing Review     Hybrid Journal   (Followers: 16, SJR: 1.076, h-index: 57)
J. for Multicultural Education     Hybrid Journal   (Followers: 3, SJR: 0.124, h-index: 11)
J. of Accounting & Organizational Change     Hybrid Journal   (Followers: 5, SJR: 0.346, h-index: 7)
J. of Accounting in Emerging Economies     Hybrid Journal   (Followers: 7)
J. of Adult Protection, The     Hybrid Journal   (Followers: 15, SJR: 0.291, h-index: 7)
J. of Advances in Management Research     Hybrid Journal   (Followers: 3)
J. of Aggression, Conflict and Peace Research     Hybrid Journal   (Followers: 47, SJR: 0.177, h-index: 9)
J. of Agribusiness in Developing and Emerging Economies     Hybrid Journal   (Followers: 1)
J. of Applied Accounting Research     Hybrid Journal   (Followers: 15, SJR: 0.22, h-index: 5)
J. of Applied Research in Higher Education     Hybrid Journal   (Followers: 51)
J. of Asia Business Studies     Hybrid Journal   (Followers: 3, SJR: 0.115, h-index: 1)
J. of Assistive Technologies     Hybrid Journal   (Followers: 18, SJR: 0.215, h-index: 6)
J. of Business & Industrial Marketing     Hybrid Journal   (Followers: 8, SJR: 0.664, h-index: 48)
J. of Business Strategy     Hybrid Journal   (Followers: 12, SJR: 0.381, h-index: 17)
J. of Centrum Cathedra     Open Access  
J. of Children's Services     Hybrid Journal   (Followers: 5, SJR: 0.167, h-index: 9)
J. of Chinese Economic and Foreign Trade Studies     Hybrid Journal   (Followers: 1, SJR: 0.188, h-index: 4)
J. of Chinese Entrepreneurship     Hybrid Journal   (Followers: 3)
J. of Chinese Human Resource Management     Hybrid Journal   (Followers: 7, SJR: 0.112, h-index: 3)
J. of Communication Management     Hybrid Journal   (Followers: 7, SJR: 0.735, h-index: 6)
J. of Consumer Marketing     Hybrid Journal   (Followers: 18, SJR: 0.613, h-index: 62)
J. of Corporate Real Estate     Hybrid Journal   (Followers: 3, SJR: 0.633, h-index: 5)
J. of Criminal Psychology     Hybrid Journal   (Followers: 121, SJR: 0.13, h-index: 1)
J. of Criminological Research, Policy and Practice     Hybrid Journal   (Followers: 54)
J. of Cultural Heritage Management and Sustainable Development     Hybrid Journal   (Followers: 11, SJR: 0.109, h-index: 5)
J. of Documentation     Hybrid Journal   (Followers: 183, SJR: 0.936, h-index: 50)
J. of Economic and Administrative Sciences     Hybrid Journal   (Followers: 3)
J. of Economic Studies     Hybrid Journal   (Followers: 10, SJR: 0.498, h-index: 26)
J. of Educational Administration     Hybrid Journal   (Followers: 5, SJR: 0.848, h-index: 36)
J. of Engineering, Design and Technology     Hybrid Journal   (Followers: 17, SJR: 0.173, h-index: 10)
J. of Enterprise Information Management     Hybrid Journal   (Followers: 4, SJR: 0.433, h-index: 38)
J. of Enterprising Communities People and Places in the Global Economy     Hybrid Journal   (Followers: 1, SJR: 0.212, h-index: 8)
J. of Entrepreneurship and Public Policy     Hybrid Journal   (Followers: 9)
J. of European Industrial Training     Hybrid Journal   (Followers: 2)
J. of European Real Estate Research     Hybrid Journal   (Followers: 4, SJR: 0.52, h-index: 7)
J. of Facilities Management     Hybrid Journal   (Followers: 3)
J. of Family Business Management     Hybrid Journal   (Followers: 5)
J. of Fashion Marketing and Management     Hybrid Journal   (Followers: 13, SJR: 0.529, h-index: 30)
J. of Financial Crime     Hybrid Journal   (Followers: 381, SJR: 0.158, h-index: 5)
J. of Financial Economic Policy     Hybrid Journal  
J. of Financial Management of Property and Construction     Hybrid Journal   (Followers: 8, SJR: 0.234, h-index: 1)
J. of Financial Regulation and Compliance     Hybrid Journal   (Followers: 9)
J. of Financial Reporting and Accounting     Hybrid Journal   (Followers: 12)
J. of Forensic Practice     Hybrid Journal   (Followers: 49, SJR: 0.225, h-index: 8)
J. of Global Mobility     Hybrid Journal   (Followers: 1)
J. of Global Responsibility     Hybrid Journal   (Followers: 4)
J. of Health Organisation and Management     Hybrid Journal   (Followers: 20, SJR: 0.67, h-index: 27)
J. of Historical Research in Marketing     Hybrid Journal   (Followers: 3, SJR: 0.376, h-index: 8)
J. of Hospitality and Tourism Technology     Hybrid Journal   (Followers: 4, SJR: 0.672, h-index: 10)
J. of Human Resource Costing & Accounting     Hybrid Journal   (Followers: 5)
J. of Humanitarian Logistics and Supply Chain Management     Hybrid Journal   (Followers: 13)

        1 2 | Last   [Sort by number of followers]   [Restore default list]

Journal Cover Information and Computer Security
  [22 followers]  Follow
   Hybrid Journal Hybrid journal (It can contain Open Access articles)
   ISSN (Print) 0968-5227 - ISSN (Online) 2056-4961
   Published by Emerald Homepage  [335 journals]
  • Tightroping Between APT and BCI in Small Enterprises
    • Authors: Jesse Kaukola, Jukka Ruohonen, Antti Tuomisto, Sami Hyrynsalmi, Ville Leppänen
      First page: 226
      Abstract: Information and Computer Security, Volume 25, Issue 3, July 2017.
      Purpose The contemporary Internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced persistent threat (APT) catalyzes the important perspective of longitudinal persistence; attacks are not only carefully planned and targeted, but the subsequent exploitation period covers long periods of time. If an APT successfully realizes into such exploitation, information assets may be continuously monitored for harvesting the business critical information (BCI). These threats are relevant for the security of small enterprises and this study examines the qualitative factors that shape the security mindsets among these. Design/methodology/approach The data is collected with semi-structured interviews of six enterprises in a small regional market segment. The analysis is based on a fourfold taxonomy that delivers three mindset profiles, while particular emphasis is placed on the subjective security notions that shape the typical strategizing among enterprises. Findings APT is poorly understood among the observed segment, which tends to often also explicitly downplay the strategic relevance of the concept, but a more pressing challenge relates to the observation that business data is often perceived to have no value. The delivered results can be used to improve the situation. Originality/value This study is among the firsts to explore perceptions of small enterprises towards APT and BCI. The results reveal problematic mindsets and offers new avenues for practitioners as well as academics to study and improve the situation.
      Citation: Information and Computer Security
      PubDate: 2017-05-24T11:28:30Z
      DOI: 10.1108/ICS-07-2016-0047
  • Analysing Information Security in a Bank using Soft Systems Methodology
    • Authors: Temesgen Kitaw Damenu, Chris Beaumont
      First page: 240
      Abstract: Information and Computer Security, Volume 25, Issue 3, July 2017.
      Purpose This paper explores the use of Soft Systems Methodology (SSM) to analyse the socio-technical information security issues in a major bank. Design/methodology/approach Case study research was conducted on a major bank. Semi-structured interviews with a purposive sample of key stakeholders in the business, comprising senior managers, security professionals and branch employees were conducted. Findings SSM was particularly useful for exploring the holistic information security issues, enabling models to be constructed which were valuable analytical tools and easily understood by stakeholders, which increased the receptiveness of the bank, and assisted with member validation. Significant risks were apparent from internal sources with weaknesses in aspects of governance and security culture. Research limitations/implications This research uses a single case study and whilst it cannot be generalised, it identifies potential security issues others may face and solutions they may apply. Practical implications Information security is complex and addresses technical, governance, management and cultural risks. Banking attacks are changing, with greater focus on employees and customers. A systemic approach is required for full consideration. SSM is a suitable approach for such analysis within large organisations. Originality/value Demonstrates how important benefits can be obtained by using SSM alongside traditional risk assessment approaches to identify holistic security issues. A holistic approach is particularly important given the increasing complexity of the security threat surface. Banking was selected as a case study since it is both critical to society and is a prime target for attack. Furthermore, developing economies are under-represented in information security research, this paper adds to the evidence base. Since global finance is highly interconnected, it is important that banks in such economies do not comprise a weak link and hence results from this case have value for the industry as a whole.
      Citation: Information and Computer Security
      PubDate: 2017-05-24T11:28:29Z
      DOI: 10.1108/ICS-07-2016-0053
  • A general morphological analysis: Delineating a cyber-security culture
    • Authors: Noluxolo Gcaza, Rossouw von Solms, Marthie M Grobler, Joey Jansen van Vuuren
      First page: 259
      Abstract: Information and Computer Security, Volume 25, Issue 3, July 2017.
      Purpose The purpose of this paper is to define and delineate cyber-security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber- security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber-security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber- security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded or defined. Design/methodology/approach A General Morphological Analysis (GMA) is employed to define, structure and analyse the national cyber-security culture environment. Findings This paper identifies the most important variables in cultivating a national cyber-security culture. Research limitations/implications The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions. Practical implications Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors. Originality/value Delineating and defining the cyber-security culture domain more precisely could greatly contribute to realising the elements that collectively play a role in cultivating such a culture fro a national perspective.
      Citation: Information and Computer Security
      PubDate: 2017-05-24T11:28:29Z
      DOI: 10.1108/ICS-12-2015-0046
  • Measuring employees’ compliance - the importance of value pluralism
    • Authors: Fredrik Karlsson, Martin Karlsson, Joachim Åström
      First page: 279
      Abstract: Information and Computer Security, Volume 25, Issue 3, July 2017.
      Purpose This paper investigates two different types of compliance measures; the first measure is a value-monistic compliance measure, while the second is a value-pluralistic measure, which introduces the idea of competing organisational imperatives. Design/methodology/approach A survey was developed using two sets of items to measure compliance. The survey was sent to 600 white-collar workers and analysed through ordinary least squares. Findings The results suggest that when using the value-monistic measure, employees’ compliance was a function of employees’ intentions to comply, their self-efficacy and awareness of information security policies. In addition, compliance was not related to the occurrence of conflicts between information security and other organisational imperatives. However, when the dependent variable was changed to a value-pluralistic measure, the results suggest that employees’ compliance was, to a great extent, a function of the occurrence of conflicts between information security and other organisational imperatives; indirect conflicts with other organisational values. Research limitations/implications The results are based on small survey, yet the findings are interesting and justify further investigation. The results suggests that relevant organisational imperatives and value systems, along with information security values, should be included in measures for employees’ compliance with information security policies. Practical implications Practitioners and researchers should be aware that there is a difference in measuring employees’ compliance using value monistic and value pluralism measurements. Originality/value Few studies exist that critically compare the two different compliance measures for the same population.
      Citation: Information and Computer Security
      PubDate: 2017-05-24T11:28:32Z
      DOI: 10.1108/ICS-11-2016-0084
  • The Role of the Chief Information Security Officer in the Management of IT
    • Authors: erastus karanja
      First page: 300
      Abstract: Information and Computer Security, Volume 25, Issue 3, July 2017.
      Purpose There is a dearth of academic research literature on the role of a Chief Information Security Officer (CISO) in the management of Information Technology (IT) security. The limited research literature exists despite the increasing number and complexity of IT security breaches that lead to significant erosions in business value. The aim of this study is to advance research on the position of the CISO by investigating the role that CISOs play before and after an IT security breach. Design/methodology/approach The study makes use of content analysis and agency theory to explore a sample of US firms that experienced IT security breaches between 2009-2015 and how these firms reacted to the IT security breaches. Findings The results indicate that following the IT security breaches, a number of the impacted firms adopted a reactive plan that entailed a re-organization of the existing IT security strategy and the hiring of a CISO. Also, there is no consensus on the CISO reporting structure since most of the firms that hired a CISO for the first time had the CISO report either to the Chief Executive Officer or Chief Information Officer. Research limitations/implications The findings will inform researchers, IT educators, and industry practitioners on the roles of CISOs as well as advance research on how to mitigate IT security vulnerabilities. Originality/value The need for research that advances an understanding of how to effectively manage the security of IT resources is timely and is driven by the growing frequency and sophistication of the IT security breaches as well as the significant direct and indirect costs incurred by both the affected firms and their stakeholders.
      Citation: Information and Computer Security
      PubDate: 2017-05-24T11:28:31Z
      DOI: 10.1108/ICS-02-2016-0013
  • Mobile Device User`s Privacy Security Assurance Behavior: A Technology
           Threat Avoidance Perspective
    • Authors: Hao Chen, wenli Li
      First page: 330
      Abstract: Information and Computer Security, Volume 25, Issue 3, July 2017.
      Purpose Recently, the spread of malicious IT causes serious privacy threats to mobile device users, which hampers the efficient use of mobile devices for individual and business. In order to understand the privacy security assurance behavior of mobile device users, this study develops a theoretical model based on technology threat avoidance theory (TTAT) to capture motivation factors in predicting mobile device user`s voluntary adoption of the security defensive software. Design/methodology/approach A survey is conducted to validate the proposed research model. 284 valid survey data are collected and PLS-based structural equation modeling is used to test the model. Findings Results highlight that both privacy concern and coping appraisal have a significant impact on the intention to adopt the security defensive software. Meanwhile, privacy security awareness is a crucial determinant to stimulate mobile device user`s threat and coping appraisal processes in the voluntary context. Our results indicate that the emotional-based coping appraisal of anticipated regret is also imperative to arouse personal intention to adopt the security tool. Practical implications This result should be of interest to practitioners. Information security awareness training and education programs should be developed in a variety of forms to intensify personal security knowledge and skills. Besides, emotion-based warnings can be designed to arouse user’s protection behavior. Originality/value This paper embeds TTAT theory within the mobile security context, we extent TTAT by taking anticipated regret into consideration to capture emotional-based coping appraisal, and information security awareness is employed as the antecedent factor. The extent offers a useful starting point for further empirical study of emotion elements in information security context.
      Citation: Information and Computer Security
      PubDate: 2017-05-24T11:16:18Z
      DOI: 10.1108/ICS-04-2016-0027
  • Running the Risk IT – More Perception and Less Probabilities in
           Uncertain Systems
    • Authors: Adrian Munteanu
      First page: 345
      Abstract: Information and Computer Security, Volume 25, Issue 3, July 2017.
      Purpose To argue that in the case of quantitative security risk assessment individuals do not estimate probabilities as a measure of likelihood of event occurrence . Design/methodology/approach The study uses the most commonly used quantitative assessment approach: Annualized Loss Expectancy (ALE) to support the three research hypotheses Findings The estimated probabilities used in quantitative models are subjective. Research limitations/implications The ALE model used in security risk assessment, although it is presented in the literature as quantitative is in fact qualitative being influenced by bias. Practical implications The study provides a factual basis showing that quantitative assessment is neither realistic, nor practical to the real world. Originality/value A model that cannot be tested experimentally is not a scientific model. In fact, the probability used in ISRM is an empirical probability or estimator of a probability because estimates probabilities from experience and observation.
      Citation: Information and Computer Security
      PubDate: 2017-05-24T11:16:10Z
      DOI: 10.1108/ICS-07-2016-0055
  • Organisational Culture, Procedural Countermeasures, and Employee Security
           Behaviour: A Qualitative Study
    • First page: 118
      Abstract: Information and Computer Security, Volume 25, Issue 2, June 2017.
      Purpose This paper provides new insights about security behaviour in selected U.S. and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee security actions. An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. While recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches, the extant security literature tends to focus on technical issues. Design/methodology/approach This paper builds on general deterrence theory and prior organisational culture literature. The methodology adapted for this study draws on the analytical grounded theory approach employing a constant comparative method. Findings This paper demonstrates that procedural security countermeasures and organisational culture tend to affect security behaviour in organisational settings. Research limitations/implications This paper fills the void in information security research and takes its place amongst the very few studies that focus on behavioural as opposed to technical issues. Practical implications This paper highlights the important role of procedural security countermeasures, information security awareness, and organisational culture in managing illicit behaviour of employees. Originality/value This study extends general deterrence theory in a novel way by including information security awareness in the research model and by investigating both negative and positive behaviours.
      Citation: Information and Computer Security
      PubDate: 2017-04-27T11:40:01Z
      DOI: 10.1108/ICS-03-2017-0013
  • Productivity vs. Security: Mitigating Conflicting Goals in Organizations
    • First page: 137
      Abstract: Information and Computer Security, Volume 25, Issue 2, June 2017.
      Purpose This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals. Design/methodology/approach This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small to medium-sized organizations (SMEs) with overall 90 employees. Findings The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees. Research limitations/implications Both studies rely on self-reported data and are therefore likely to contain some kind of bias. Practical implications Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations. Originality/value This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.
      Citation: Information and Computer Security
      PubDate: 2017-04-27T11:40:16Z
      DOI: 10.1108/ICS-03-2017-0014
  • The Application of Behavioural Thresholds to Analyse Collective Behaviour
           in Information Security
    • First page: 152
      Abstract: Information and Computer Security, Volume 25, Issue 2, June 2017.
      Purpose The purpose of this study is to perform an exploratory investigation into the feasibility of behavioural threshold analysis as a possible aid in security awareness campaigns. Design/methodology/approach Generic behavioural threshold analysis is presented and then applied in the domain of information security by collecting data on the behavioural thresholds of individuals in a group setting and how the individuals influence each other when it comes to security behaviour. Findings Initial experimental results show that behavioural threshold analysis is feasible in the context of information security and may provide useful guidelines on how to construct information security awareness programs. Practical implications Threshold analysis may contribute in a number of ways to information security, e.g. identification of security issues that are susceptible to peer pressure and easily influenced by peer behaviour; serve as a countermeasure against security fatigue; contribute to the economics of information security awareness programs; track progress of security awareness campaigns; and provides a new measure for determining the importance of security awareness issues. Originality/value This paper describes the very first experiment to test the behavioural threshold analysis concepts in the context of information security.
      Citation: Information and Computer Security
      PubDate: 2017-04-27T11:40:26Z
      DOI: 10.1108/ICS-03-2017-0015
  • Comparing three models to explain precautionary online behavioural
    • First page: 165
      Abstract: Information and Computer Security, Volume 25, Issue 2, June 2017.
      Purpose The purpose of this paper is to compare three social cognitive models in their ability to explain intentions of precautionary online behaviour. The models were protection motivation theory (PMT), the reasoned action approach (RAA) and an integrated model comprising variables of these models. Design/methodology/approach Data were collected from 1200 Dutch users of online banking by means of an online survey and were analysed with partial-least-squares path-modelling. Findings The two separate models explain about equally much variance in precautionary online behaviour; in the integrated model the significant predictors of the two models remained significant. Precautionary online behaviour is largely driven by response efficacy, attitude towards behaviour and self-efficacy. Research limitations/implications One limitation is that the predictor variables self-efficacy and attitude are represented by one item only in the path-analysis because of high cross-loadings of the other items with the dependent variable. Practical implications Our results give practitioners potentially a wider range of options to design preventative measures. Originality/value The three models are successfully applied to online banking. We conclude that both PMT and RAA make a unique contribution in explaining variance for precautionary online behaviour. This article is a republication of a previous conference paper (Jansen and van Schaik, 2016).
      Citation: Information and Computer Security
      PubDate: 2017-04-27T11:39:46Z
      DOI: 10.1108/ICS-03-2017-0018
  • Managing Information Security Awareness at an Australian Bank: A
           comparative study
    • First page: 181
      Abstract: Information and Computer Security, Volume 25, Issue 2, June 2017.
      Purpose The aim of the research was firstly, to confirm that a specific bank’s employees were generally more information-security aware than employees in other Australian industries, and secondly, to identify the major factors that contributed to this bank’s high levels of ISA. Design/methodology/approach A web-based questionnaire (the HAIS-Q) was used in two separate studies to assess the Information Security Awareness (ISA) of individuals who used computers at their place of work. The first study assessed 198 employees at an Australian bank and the second study assessed 500 working Australians from a whole range of industries. Both studies used a Qualtrics-based questionnaire that was distributed via an email link.. Findings The results demonstrated that the average level of ISA for the bank’s employees was consistently 20% higher than for the general workforce participants in all focus areas and overall. There were no significant differences between the ISA scores for those who received more frequent training compared to those who received less frequent training. This result suggests that the frequency of training is not a contributing factor to an employee’s level of ISA. Research limitations/implications This current research did not investigate the InfoSec culture that prevailed within the bank in question because the objective of the research was to compare a bank's employees with general workforce employees rather than compare organisations. The HAIS-Q unfortunatelydid not include questions relating to the type of training participants had received at work. Originality/value This study provided the bank’s InfoSec management with evidence that their multi-channelled InfoSec training regime was responsible for a substantially higher-than-average ISA for their employees. Future research of this nature should examine the effectiveness of various ISA programs in light of individual differences and learning styles. This would form the basis of an Adaptive Control Framework (ACF) that would complement many of the current International Standards, such as ISO’s 27000 series, NIST’s SP800 series and ISACA’s COBIT5.
      Citation: Information and Computer Security
      PubDate: 2017-04-27T11:39:39Z
      DOI: 10.1108/ICS-03-2017-0017
  • Factors in an End-User Security Expertise Instrument
    • First page: 190
      Abstract: Information and Computer Security, Volume 25, Issue 2, June 2017.
      Purpose Security and computer expertise of end users can be significant determinants of human behaviour and interactions in the security and privacy context. Standardized, externally valid instruments for measuring end-user security expertise are non-existent. Design/methodology/approach A questionnaire encompassing skills and knowledge based questions was developed to identify critical factors that constitute expertise in end-users. Exploratory factor analysis was applied on the results from 898 participants from a wide range of populations. Cluster analysis was applied to characterize the relationship between computer and security expertise. Ordered logistic regression models were applied to measure efficacy of the proposed security and computing factors in predicting user comprehension of security concepts: phishing and certificates. Findings There are levels to peoples’ computer and security expertise that could be reasonably measured and operationalized. Four factors that constitute computer security related skills and knowledge: basic computer skills, advanced computer skills, security knowledge, and advanced security skills, was identified as determinants of computer expertise. Practical implications Findings from this work can be used to guide design security interfaces such that it caters to people with different expertise levels and does not force users to exercise more cognitive processes than required. Originality/value This work identified four factors that constitute security expertise in end users. Findings from this work was integrated to propose a framework called Security SRK for guiding further research on security expertise. This work posits that security expertise instrument for end-user should measure three cognitive dimensions: security skills, rules and knowledge.
      Citation: Information and Computer Security
      PubDate: 2017-04-27T11:40:47Z
      DOI: 10.1108/ICS-04-2017-0020
  • Social Engineering Defence Mechanisms and Counteracting Training
    • First page: 206
      Abstract: Information and Computer Security, Volume 25, Issue 2, June 2017.
      Purpose The paper aims to outline strategies for defence against social engineering that are missing in current best practices of IT security. Reason for the incomplete training techniques in IT security is the interdisciplinary of the field. Social engineering is focusing on exploiting human behaviour and this is not sufficiently addressed in IT security. Instead most defence strategies are devised by IT security experts with a background in information systems rather than human behaviour. We aim to outline this gap and point out strategies to fill the gaps. Design/methodology/approach We conducted a literature review from viewpoint IT security and viewpoint social psychology. In addition, we mapped the results to outline gaps and analysed how these gaps could be filled using established methods from social psychology and discussed our findings. Findings We analysed gaps in social engineering defences and mapped them to underlying psychological principles of social engineering attacks e.g. social proof. Furthermore, we discuss which type of countermeasure proposed in social psychology should be applied to counteract which principle. We derived two training strategies from these results that go beyond the state of the art trainings in IT security and allow security professionals to raise companies’ bars against social engineering attacks. Originality/value Our training strategies outline how interdisciplinary research between computer science and social psychology can lead to a more complete defence against social engineering by providing reference points for researchers and IT security professionals with advice on how to improve training.
      Citation: Information and Computer Security
      PubDate: 2017-04-27T11:40:54Z
      DOI: 10.1108/ICS-04-2017-0022
  • Design and validation of a trust-based opportunity-enabled risk management
    • First page: 2
      Abstract: Information and Computer Security, Volume 25, Issue 1, March 2017.
      Purpose The Bring-Your-Own-Device (BYOD) paradigm favors the use of personal and public devices and communication means in corporate environments, thus representing a challenge for the traditional security and risk management systems. In this dynamic and heterogeneous setting, the purpose of the paper is to present a methodology called Opportunity-Enabled Risk Management (OPPRIM), which supports the decision-making process in access control to remote corporate assets. Design/methodology/approach OPPRIM relies on a logic-based risk policy model combining estimations of trust, threats, and opportunities. Moreover, it is based on a mobile client-server architecture, where the OPPRIM application running on the user device interacts with the company IT security server in order to manage every access request to corporate assets. Findings As a mandatory requirement in the highly flexible BYOD setting, in the OPPRIM approach mobile device security risks are identified automatically and dynamically depending on the specific environment in which the access request is issued and on the previous history of events. Originality/value The main novelty of the OPPRIM approach is the combined treatment of threats (resp., opportunities) and costs (resp., benefits) in a trust-based setting. The OPPRIM system is validated with respect to an economic perspective: cost-benefit sensitivity analysis is conducted through formal methods using the PRISM model checker and through agent-based simulations using the Anylogic framework.
      Citation: Information and Computer Security
      PubDate: 2017-01-23T12:26:35Z
      DOI: 10.1108/ICS-05-2016-0037
  • Cloud computing assurance – a review of literature guidance
    • First page: 26
      Abstract: Information and Computer Security, Volume 25, Issue 1, March 2017.
      Purpose The board and executive management are tasked with ensuring proper governance of organizations, which should in the end contribute to a sense of assurance. Assurance is understood to be a part of corporate governance which provides stakeholders with confidence in a subject matter by evaluating evidence about that subject matter. Evidence will include proof that proper controls and structures are in place, that risks are managed and that compliance with internal and external requirements is demonstrated with regard to the subject matter. Decisions regarding the use of cloud computing in organizations bring these responsibilities to the fore. Design/methodology/approach The design of this paper is based on an extensive review of literature, predominantly best practices and standards, from the fields covering IT governance, cloud computing and assurance. Findings The results from this paper can be used to formulate cloud computing assurance evidence statements, as part of IT governance mandates. Originality/value This paper aims to add value by; 1) highlighting the responsibility of managers to ensure assurance when exploiting opportunities presented through IT advances, such as cloud computing 2) serving to inform management about the advances that have and are being made in the field of cloud computing guidelines and 3) to motivate that these guidelines be used for assurance on behalf of organizations adopting and using cloud computing.
      Citation: Information and Computer Security
      PubDate: 2017-01-23T12:26:38Z
      DOI: 10.1108/ICS-09-2015-0037
  • So long, and thanks for only using readily available scripts
    • First page: 47
      Abstract: Information and Computer Security, Volume 25, Issue 1, March 2017.
      Purpose It is often argued that the increased automation and availability of offensive cyber tools has decreased the skill and knowledge required by attackers. Some say that all it takes to succeed with an attack is to follow some instructions and push some buttons. This paper tests this idea empirically through live exploits and vulnerable machines in a cyber range. Design/methodology/approach The experiment involved 204 vulnerable machines in a cyber range. Exploits were chosen based on the results of automated vulnerability scanning. Each exploit was executed following a set of carefully planned actions that enabled reliable tests. A total of 1223 exploitation attempts were performed. Findings A mere eight exploitation attempts succeeded. All these involved the same exploit module (ms08_067_netapi). It is concluded that server-side attacks still are too complicated for novices who lack the skill or knowledge to tune their attacks. Originality/value This paper presents the largest conducted test of exploit effectiveness to date. It also presents a sound method for reliable tests of exploit effectiveness (or system vulnerability).
      Citation: Information and Computer Security
      PubDate: 2017-01-23T12:26:35Z
      DOI: 10.1108/ICS-08-2016-0069
  • Privacy-preserving recommendations in context-aware mobile environments
    • First page: 62
      Abstract: Information and Computer Security, Volume 25, Issue 1, March 2017.
      Purpose Mobile recommender systems aim to solve the information overload problem by recommending products or services to users of web services on mobile devices, such as smartphones or tablets, at any given point in time and in any possible location. They utilize recommendation methods, such as collaborative filtering or content-based filtering and use a considerable amount of contextual information in order to provide relevant recommendations. However due to privacy concerns users are not willing to provide the required personal information that would allow their views to be recorded and make these systems usable. Design/methodology/approach This work is focused on user privacy by providing a method for context privacy-preservation and privacy protection at user interface level. Thus, a set of algorithms that are part of the method have been designed with privacy protection in mind, which is done by using realistic dummy parameter creation. To demonstrate the applicability of the method, a relevant context-aware dataset has been used to run performance and usability tests. Findings The proposed method has been experimentally evaluated using performance and usability evaluation tests and is shown that with a small decrease in terms of performance user privacy can be protected. Originality/value This is a novel research paper that proposes a method for protecting the privacy of mobile recommender systems users when context parameters are used.
      Citation: Information and Computer Security
      PubDate: 2017-01-23T12:26:42Z
      DOI: 10.1108/ICS-04-2016-0028
  • Must I, can I? I don’t understand your ambiguous password rules.
    • First page: 80
      Abstract: Information and Computer Security, Volume 25, Issue 1, March 2017.
      Purpose The purpose of this research is to investigate user comprehension of ambiguous terminology in password rules. Although stringent password policies are in place to protect information system security, such complexity does not have to mean ambiguity for users. While many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects user comprehension of password rules. Design/methodology/approach This research used a combination of quantitative and qualitative methods in a usable security study with 60 participants. Study tasks contained password rules based on real-world password requirements. Tasks consisted of: 1) character-selection tasks that varied the terms for non-alphanumeric characters to explore users’ interpretations of password rule language, and 2) compliance-checking tasks to investigate how well users can apply their understanding of the allowed character space. Findings Results show that manipulating password rule terminology causes users’ interpretation of the allowed character space to shrink or expand. Users are confused by the terms “non-alphanumeric,” “symbols,” “special characters,” and “punctuation marks” in password rules. Additionally, users are confused by partial lists of allowed characters using “e.g.” or “etc.” Practical implications This research provides data-driven usability guidance on constructing clearer language for password policies. Improving language clarity will help usability without sacrificing security, as simplifying password rule language does not change security requirements. Originality/value This is the first usable security study to systematically measure the effects of ambiguous password rules on user comprehension of the allowed character space.
      Citation: Information and Computer Security
      PubDate: 2017-01-23T12:26:41Z
      DOI: 10.1108/ICS-06-2016-0043
  • Auditing for privacy in threshold PKE e-voting
    • First page: 100
      Abstract: Information and Computer Security, Volume 25, Issue 1, March 2017.
      Purpose This paper investigates importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client like Helios and use a bulletin board (BB). Design/methodology/approach Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy, analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect. Findings The paper shows that without PKI support or -more generally- authenticated BB ``append'' operations, TPKE-based e-voting such systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters, hence it can learn how the voters have voted. As countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system. Originality/value As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy in an e-voting system has been mostly overlooked. This paper reveals design weaknesses present in noticeable TPKE-based e-voting systems that can lead to a total breach of voters' privacy and shows how auditing can be applied for providing strong provable privacy guarantees.
      Citation: Information and Computer Security
      PubDate: 2017-01-23T12:26:36Z
      DOI: 10.1108/ICS-07-2016-0056
School of Mathematical and Computer Sciences
Heriot-Watt University
Edinburgh, EH14 4AS, UK
Tel: +00 44 (0)131 4513762
Fax: +00 44 (0)131 4513327
Home (Search)
Subjects A-Z
Publishers A-Z
Your IP address:
About JournalTOCs
News (blog, publications)
JournalTOCs on Twitter   JournalTOCs on Facebook

JournalTOCs © 2009-2016