A Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context

An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information security culture in Saudi Arabian organizations. We plan to use this framework to investigate whether security culture has emerged into practices in Saudi Arabian organizations.

A risk simulation framework for information infrastructure protection

Information communication and technology (ICT) systems are almost ubiquitous in the modern world. It is hard to identify any industry, or for that matter any part of society, that is not in some way dependent on these systems and their continued secure operation. Therefore the security of information infrastructures, both on an organisational and societal level, is of critical importance. Information security risk assessment is an essential part of ensuring that these systems are appropriately protected and positioned to deal with a rapidly changing threat environment. The complexity of these systems and their inter-dependencies however, introduces a similar complexity to the information security risk assessment task. This complexity suggests that information security risk assessment cannot, optimally, be undertaken manually. Information security risk assessment for individual components of the information infrastructure can be aided by the use of a software tool, a type of simulation, which concentrates on modelling failure rather than normal operational simulation. Avoiding the modelling of the operational system will once again reduce the level of complexity of the assessment task. The use of such a tool provides the opportunity to reuse information in many different ways by developing a repository of relevant information to aid in both risk assessment and management and governance and compliance activities. Widespread use of such a tool allows the opportunity for the risk models developed for individual information infrastructure components to be connected in order to develop a model of information security exposures across the entire information infrastructure. In this thesis conceptual and practical aspects of risk and its underlying epistemology are analysed to produce a model suitable for application to information security risk assessment. Based on this work prototype software has been developed to explore these concepts for information security risk assessment. Initial work has been carried out to investigate the use of this software for information security compliance and governance activities. Finally, an initial concept for extending the use of this approach across an information infrastructure is presented.

The role of strategic intelligence in anticipating transnational organised crime: A literary review

Transnational Organised Crime (TOC) has become a focal point for a range of private and public stakeholders. While not a new phenomenon, the rapid expansion of TOC activities and interests, its increasingly complex structures and ability to maximise opportunity by employing new technologies at a rate impossible for law enforcement to match complicates law enforcement’s ability to develop strategies to detect, disrupt, prevent and investigate them. In an age where the role of police has morphed from simplistic response and enforcement activities to one of managing human security risk, it is argued that intelligence can be used to reduce the impact of strategic surprise from evolving criminal threats and environmental change. This review specifically focuses on research that has implications for strategic intelligence and strategy setting in a TOC context. The review findings suggest that current law enforcement intelligence literature focuses narrowly on the management concept of intelligence-led policing in a tactical, operational setting. As such the review identifies central issues surrounding strategic intelligence and highlights key questions that future research agendas must address to improve strategic intelligence outcomes, particularly in the fight against TOC.

Strategic Intelligence in Law Enforcement: A Review

In an age where the role of police has morphed from simplistic response and enforcement activities to one of managing human security risk, it is argued that intelligence can be used to reduce the impact of strategic surprise from evolving criminal threats and environmental change. This review specifically focusses on research that has implications for strategic intelligence in law enforcement. The review findings highlight the absence of detailed research of law enforcement strategic intelligence. Findings suggest that current law enforcement intelligence literature focuses narrowly on the management concept of intelligence-led policing in a tactical, operational setting. As a result there is little theory on how to improve strategic intelligence outcomes. This is despite the fact that intelligence –led policing is envisaged as a management tool to guide strategic decision making. the review identifies central issues surrounding strategic intelligence and highlights key questions that future research agendas must address to improve strategic intelligence outcomes

Modelling the intention to adopt cloud computing services : a transaction cost theory perspective

This paper uses transaction cost theory to study cloud computing adoption. A model is developed and tested with data from an Australian survey. According to the results, perceived vendor opportunism and perceived legislative uncertainty around cloud computing were significantly associated with perceived cloud computing security risk. There was also a significant negative relationship between perceived cloud computing security risk and the intention to adopt cloud services. This study also reports on adoption rates of cloud computing in terms of applications, as well as the types of services used.

Susceptibility to social engineering in social networking sites: The case of Facebook

Past research has suggested that social engineering poses the most significant security risk. Recent studies have suggested that social networking sites (SNSs) are the most common source of social engineering attacks. The risk of social engineering attacks in SNSs is associated with the difficulty of making accurate judgments regarding source credibility in the virtual environment of SNSs. In this paper, we quantitatively investigate source credibility dimensions in terms of social engineering on Facebook, as well as the source characteristics that influence Facebook users to judge an attacker as credible, therefore making them susceptible to victimization. Moreover, in order to predict users’ susceptibility to social engineering victimization based on their demographics, we investigate the effectiveness of source characteristics on different demographic groups by measuring the consent intentions and behavior responses of users to social engineering requests using a role-play experiment.

Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Work engagement and its antecedents in high-risk occupations : a police service case study

Introduction: Work engagement is a recent application of positive psychology and refers to a positive, fulfilling, work-related state of mind characterized by vigor, dedication and absorption. Despite theoretical assumptions, there is little published research on work engagement, due primarily to its recent emergence as a psychological construct. Furthermore, examining work engagement among high-stress occupations, such as police, is useful because police officers are generally characterized as having a high level of work engagement. Previous research has identified job resources (e.g. social support) as antecedents of work engagement. However detailed evaluation of job demands as an antecedent of work engagement within high-stress occupations has been scarce. Thus our second aim was to test job demands (i.e. monitoring demands and problem-solving demands) and job resources (i.e. time control, method control, supervisory support, colleague support, and friend and family support) as antecedents of work engagement among police officers. Method: Data were collected via a self-report online survey from one Australian state police service (n = 1,419). Due to the high number of hypothesized antecedent variables, hierarchical multiple regression analysis was employed rather than structural equation modelling. Results: Work engagement reported by police officers was high. Female officers had significantly higher levels of work engagement than male officers, while officers at mid-level ranks (sergeant) reported the lowest levels of work engagement. Job resources (method control, supervisor support and colleague support) were significant antecedents of three dimensions of work engagement. Only monitoring demands were significant antecedent of the absorption. Conclusion: Having healthy and engaged police officers is important for community security and economic growth. This study identified some common factors which influence work engagement experienced by police officers. However, we also note that excessive work engagement can yield negative outcomes such as psychological distress.