Information security value in e-entrepreneurship

This paper researches the information security value in e-entrepreneurship by revising the literature that establishes the entrepreneurial domain and by relating it with the development of technological resources that create value for the customer in an online business. It details multiple paradigms regarding consumer’s values of information security, while relating them with common practices and previous researches in technological entrepreneurship. This research presents and discusses the benefits of information security standards in e-entrepreneurship. It details and discusses the ISO 27001 and PCI-DSS information security standards that can be used to differentiate security initiatives to achieve competitive advantage, while preserving information leadership as a critical resource for online business success. Based on the literature review, a theoretical research model is presented and research hypotheses are discussed. This model believes that information security affects information leadership and that information leadership, as a unique resource in e-business, contributes to e-entrepreneurship success. The adoption of information security standards affects customer’s trust in e-business, which also benefits e-entrepreneurial strategy.

What Influences Information Security Behavior? A Study with Brazilian Users

The popularization of software to mitigate Information Security threats can produce an exaggerated notion about its full effectiveness in the elimination of any threat. This situation can result reckless users behavior, increasing vulnerability. Based on behavioral theories, a theoretical model and hypotheses were developed to understand the extent to which human perception of threat, stress, control and disgruntlement can induce responsible behavior. A self-administered questionnaire was created and validated. The data were collected in Brazil, and complementary results regarding similar studies conducted in USA were found. The results show that there is influence of information security orientations provided by organizations in the perception about severity of the threat. The relationship between threat, effort, control and disgruntlement, and the responsible behavior towards information security was verified through linear regression. The contributions also involve relatively new concepts in the field and a new research instrument.

Application of rank correlation, clustering and classification in information security

This article is devoted to experimental investigation of a novel application of a clustering technique introduced by the authors recently in order to use robust and stable consensus functions in information security, where it is often necessary to process large data sets and monitor outcomes in real time, as it is required, for example, for intrusion detection. Here we concentrate on a particular case of application to profiling of phishing websites. First, we apply several independent clustering algorithms to a randomized sample of data to obtain independent initial clusterings. Silhouette index is used to determine the number of clusters. Second, rank correlation is used to select a subset of features for dimensionality reduction. We investigate the effectiveness of the Pearson Linear Correlation Coefficient, the Spearman Rank Correlation Coefficient and the Goodman--Kruskal Correlation Coefficient in this application. Third, we use a consensus function to combine independent initial clusterings into one consensus clustering. Fourth, we train fast supervised classification algorithms on the resulting consensus clustering in order to enable them to process the whole large data set as well as new data. The precision and recall of classifiers at the final stage of this scheme are critical for the effectiveness of the whole procedure. We investigated various combinations of several correlation coefficients, consensus functions, and a variety of supervised classification algorithms.

A methodology of health information security evaluation

With the conversion of paper health records to electronic health records, the health care sector is increasingly relying on technology to maintain the integrity of and update patients’ data. This reliance on technology requires an acute level of protection from technological disasters and/or threats of human error or sabotage. Research has shown there are inadequacies in the installation and use of security controls for health information records and that current methods of security analysis lack the techniques to analyse the technical and social aspects of security. This paper reports on progress towards development of a health information security evaluation methodology based on Unified Modelling Language techniques, and discusses an imminent case study that will be used for validation of the methodology.

Health information security evaluation: continued development of an object-oriented method

With the convergence of paper to electronic, the health industry is relying more on technology to maintain and update the well-being of patients. This reliance on technology requires an acute level of protection from
unwanted technological disasters and/or human threats. Research shows insufficiencies with the implementation and use of security controls; as well as current analysis methods lacking the techniques to analyse technical and social aspects of security. The aim of this paper is to introduce an information security evaluation methodology for health information systems based on UML.