Social engineering in social networking sites : phase-based and source-based models

Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

Social engineering in social networking sites : affect-based model

While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs), have been identified as among the most common means of social engineering attacks. Owing to factors that reduce the ability of users to detect social engineering tricks and increase the ability of attackers to launch them, SNSs seem to be perfect breeding ground for exploiting the vulnerabilities of people, and the weakest link in security. This work will contribute to the knowledge of social engineering by identifying different entities and subentities that affect social engineering based attacks in SNSs. Moreover, this paper includes an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

Toward understanding social engineering

There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.

Business Innovation and Disruption in Publishing

This is the first volume in a book series examining how organizations in the creative industries respond to disruptive change and how they themselves generate business innovations. The aspiration of this book series is to understand some of the common forces behind the disruptions occurring in so many creative industries today and identifying the most promising strategies and responses by organizations to create new value propositions, business models and business practices that can enable these industry participants to cope with and eventually thrive as their industries and sectors are transformed. The chapters included in the volume examine the processes of disruption and transformation due to the technology of the Internet, social forces driven by social media, the development of new portable digital devices with greater capabilities and smaller size, the decreasing costs of new information, and the creation of new business models and forms of intellectual property ownership rights for a digitized industry. The context for this volume is the publishing industries, understood as the industries for the publishing of fiction and non-fiction books, academic literature, consumer as well as trade magazines, and daily newspapers. This volume includes chapters by an internationally diverse array of media scholars whose chapters provide insights into these phenomena in Eastern Europe, Finland, France, Germany, Norway, Portugal, Russia, and the United States, using different methodological frameworks including, but not limited to, surveys, in-depth interviews and multiple-case studies. One gap that this book series seeks to fill is that between the study of business innovation and disruption by innovation scholars largely based in business school settings and similar studies by scholarly experts from non-business school disciplines, including the broader social sciences (e.g. sociology, political science, economic geography) and creative industry based professional school disciplines (e.g. architecture, communications, design, film making, journalism, media studies, performing arts, photography and television). Future volumes of this book series will examine disruption and business innovation in the film, video and photography sectors (volume two), the music sector (volume three) and interactive entertainment (volume four), with subsequent volumes focusing on the most relevant developments in creative industry business innovation and disruption that emerge.

The impact of social media features on print media firms’ online business models

Many newspapers and magazines have added “social media features” to their web-based information services in order to allow users to participate in the production of content. This study examines the specific impact of the firm’s investment in social media features on their online business models. We make a comparative case study of four Scandinavian print media firms that have added social media features to their online services. We show how social media features lead to online business model innovation, particularly linked to the firms’ value propositions. The paper discusses the repercussions of this transformation on firms’ relationship with consumers and with traditional content contributors. The modified value proposition also requires firms to acquire new competences in order to reap full benefit of their social media investments. We show that the firms have been unable to do so since they have not allowed the social media features to affect their online revenue models.

Entrenchment of GIS technology for enterprise solutions in Maryland's state and local government

Beginning in 1974, the State of Maryland created spatial databases under the MAGI (Maryland's Automated Geographic Information) system. Since that early GIS, other state and local agencies have begun GISs covering a range of applications from critical lands inventories to cadastral mapping. In 1992, state agencies, local agencies, universities, and businesses began a series of GIS coordination activities, resulting in the formation of the Maryland Local Geographic Information Committee and the Maryland State Government Geographic Information Coordinating Committee. GIS activities and system installations can be found in 22 counties plus Baltimore City, and most state agencies. Maryland's decision makers rely on a variety of GIS reports and products to conduct business and to communicate complex issues more effectively. This paper presents the status of Maryland's GIS applications for local and state decision making.

Trust in merged ERP and open data schemes in the “Cloud”

Enterprise resource planning (ERP) systems are rapidly being combined with “big data” analytics processes and publicly available “open data sets”, which are usually outside the arena of the enterprise, to expand activity through better service to current clients as well as identifying new opportunities. Moreover, these activities are now largely based around relevant software systems hosted in a “cloud computing” environment. However, the over 50- year old phrase related to mistrust in computer systems, namely “garbage in, garbage out” or “GIGO”, is used to describe problems of unqualified and unquestioning dependency on information systems. However, a more relevant GIGO interpretation arose sometime later, namely “garbage in, gospel out” signifying that with large scale information systems based around ERP and open datasets as well as “big data” analytics, particularly in a cloud environment, the ability to verify the authenticity and integrity of the data sets used may be almost impossible. In turn, this may easily result in decision making based upon questionable results which are unverifiable. Illicit “impersonation” of and modifications to legitimate data sets may become a reality while at the same time the ability to audit any derived results of analysis may be an important requirement, particularly in the public sector. The pressing need for enhancement of identity, reliability, authenticity and audit services, including naming and addressing services, in this emerging environment is discussed in this paper. Some current and appropriate technologies currently being offered are also examined. However, severe limitations in addressing the problems identified are found and the paper proposes further necessary research work for the area. (Note: This paper is based on an earlier unpublished paper/presentation “Identity, Addressing, Authenticity and Audit Requirements for Trust in ERP, Analytics and Big/Open Data in a ‘Cloud’ Computing Environment: A Review and Proposal” presented to the Department of Accounting and IT, College of Management, National Chung Chen University, 20 November 2013.)

On cloud computing service considerations for the small and medium enterprises

The concept of cloud computing services is appealing to the small and medium enterprises (SMEs), with the opportunity to acquire modern information technology resources as a utility and avoid costly capital investments in technology resources. However, the adoption of the cloud computing services presents significant challenges to the SMEs. The SMEs need to determine a path to adopting the cloud computing services that would ensure their sustainable presence in the cloud computing environment. Information about approaches to adopting the cloud computing services by the SMEs is fragmented. Through an interpretive design, we suggest that the SMEs need to have a strategic and incremental intent, understand their organizational structure, understand the external factors, consider the human resource capacity, and understand the value expectations from the cloud computing services to forge a successful path to adopting the cloud computing services. These factors would contribute to a model of cloud services for SMEs.

Factors for IT-enabled public sector process improvements in developing economies

IT resources are indispensable in the management of Public Sector Organizations (PSOs) around the world. We investigate the factors that could leverage the IT resources in PSOs in developing economies. While research on ways to leverage IT resources in private sector organizations of developed countries is substantial, our understanding on ways to leverage the IT resources in the public sector in developing countries is limited. The current study aspires to address this gap in the literature by seeking to determine the key factors required to create process value from public sector IT investments in developing countries. We draw on the resource-centric theories to imply the nature of factors that could leverage the IT resources in the public sector. Employing an interpretive design, we identified three factors necessary for IT process value generation in the public sector. We discuss these factors and state their implications to theory and practice.

It’s not only what I think but what they think! The moderating effect of social norms

The current research extends our knowledge of the main effects of attitude, subjective norm, and perceived control over the individual’s technology adoption. We propose a critical buffering role of social influence on the collectivistic culture in the relationship between attitude, perceived behavioral control, and Information Technology (IT) adoption. Adoption behavior was studied among 132 college students being introduced to a new virtual learning system. While past research mainly treated these three variables as being in parallel relationships, we found a moderating role for subjective norm on technology attitude and perceived control on adoption intent. Implications and limitations for understating the role of social influence in the collectivistic society are discussed.

Challenges for integrated design and delivery solutions

A new approach of integrated design and delivery solutions (IDDS) aims to radically improve the performance of the construction industries. IDDS builds upon recent trends in the construction industries that have seen the widespread adoption of technologies such as building information modelling (BIM) and innovative processes such as integrated project delivery. However, these innovations are seen to develop in isolation, with little consideration of the overarching interactions between people, process and technology. The IDDS approach is holistic in that it recognizes that it is only through a combination of initiatives such as skill development, process re-engineering, responsive information technology, enhanced interoperability and integrating knowledge management, among others, that radical change can be achieved. To implement IDDS requires step changes in many project aspects, and this gap between current performance and that required for IDDS is highlighted. The research required to bridge the gaps is identified in four major aspects of collaborative processes, workforce skills, integrated information and knowledge management.

Crisis on impact : responding to cyber attacks on critical information infrastructures

In the developing digital economy, the notion of traditional attack on enterprises of national significance or interest has transcended into different modes of electronic attack, surpassing accepted traditional forms of physical attack upon a target. The terrorist attacks that took place in the United States on September 11, 2001 demonstrated the physical devastation that could occur if any nation were the target of a large-scale terrorist attack. Therefore, there is a need to protect criticalnational infrastructure and critical information infrastructure. In particular,this protection is crucial for the proper functioning of a modern society and for a government to fulfill one of its most important prerogatives – namely, the protection of its people. Computer networks have many benefits that governments, corporations, and individuals alike take advantage of in order to promote and perform their duties and roles. Today, there is almost complete dependence on private sector telecommunication infrastructures and the associated computer hardware and software systems.1 These infrastructures and systems even support government and defense activity.2 This Article discusses possible attacks on critical information infrastructures and the government reactions to these attacks.

Consumer acceptance of Accountable-eHealth systems

In this paper, we present the results of a survey conducted to measure the attitudes of the consumers of eHealth towards Accountable-eHealth systems which are designed for information privacy management. A research model is developed that can identify the factors contributing to system acceptance and is validated using quantitative data from 187 completed survey responses from university students studying non-health related courses at a university in Queensland, Australia. The research model is validated using structural equation modelling and can be used to identify how specific characteristics of Accountable-eHealth systems would affect their overall acceptance by future eHealth consumers.

Social media as online information grounds : a preliminary conceptual framework

Researchers are increasingly grappling with ways of theorizing social media and its use. This review essay proposes that the theory of Information Grounds (IG) may provide a valuable lens for understanding how social media fosters collaboration and social engagement among information professionals. The paper presents literature that helps us understand how social media can be seen as IG, and maps the characteristics of social media to the seven propositions of IG theory. This work is part of a wider study investigating the ways in which Information Technology (IT) professionals experience social media.