Tanya McGill

Organizations make large investments to secure data and networks, but information security breaches as a result of insiders continue to rise. One possible contributor to this is poor information security culture. This study investigated the key factors that contribute to effective information security culture in government organizations in Bhutan and how information security culture influences employee security behavior. A research model was developed for the study based on an analysis of the information security literature. Data was collected using an online survey of 181 government employees. Senior management support, information security policy, training and awareness campaigns, interpersonal trust, and job- versus employee-oriented organizational culture were all found to influence information security culture, and information security culture contributed to information security behavior. The study extends understanding of the roles of trust and different dimensions of organizational culture in improving information security culture and behavior. The findings should help government policy makers and information security practitioners when developing information security strategies and programs.

This paper examines study efficiency and time distortion experienced by student users of YouTube. Using multi-group structural equation modelling on data from 792 Malaysian university students, the study identified links between YouTube use motivation, conscientiousness (a personality trait), time distortion, and perceived study efficiency. It also shows how these characteristics and the links between them varied when students were grouped by pattern of use, defined (using two-step cluster analysis) as occasional, regular, or problematic. Time distortion had a negative effect on perceived study efficiency, but conscientiousness counteracted this effect - particularly for occasional users, the only group with positive perceived study efficiency in this study. Motivation to use YouTube for learning was not associated with time distortion, whilst using YouTube for escape and entertainment increased motivation. Occasional users were less motivated than others to use YouTube for these purposes and therefore less likely to experience the entertainment use flow on effects of time distortion to perceived study efficiency. Implications for practice or policy: Motivating students to use YouTube for learning is unlikely to reduce study efficiency. Use of diagnostic tools to understand a student's pattern of social media use, as well as motivation for use, personality and sense of time distortion, could help advisers identify reasons for low study efficiency. Digital literacy education focused on increasing self-discipline and goal-orientation could help students reduce poorly controlled use of social media for entertainment and escape, and hence improve study efficiency.

The constant increase in users’ bandwidth needs, through a large variety of multimedia applications, creates the need for highly effective network traffic control. This need is imperative in wireless networks, where the available bandwidth is limited, but is very important for wired networks as well. In this work we focus on the problem of policing video traffic from sources encoded with H.264 and H.265, given that these are the major state-of-the-art standards currently in the market. Building on work that has shown that classic traffic policing schemes can lead to unnecessarily strict policing for conforming video sources, we propose the use of Artificial Intelligence (AI) – based traffic policing schemes for video traffic. We conduct a performance evaluation of several AI – based schemes with the classic token bucket and we show that our proposed Frame Size Predictor and Policer scheme improve the performance of the classic token bucket by around 90% for conforming users, while providing only slightly worse policing results for non-conforming users.

As video has become the dominant type of traffic over wired and wireless networks, the efficient transmission of video streams is of paramount importance. Hence, especially for wireless networks, the optimum utilization of the available bandwidth while preserving the users’ Quality of Service and Quality of Experience requirements is crucial. Towards this goal, the accurate prediction of upcoming video frame sizes can play a significant role. This work focuses on achieving such an accurate prediction for videos encoded with H.264 and H.265, which are the major state-of-the-art standards based on their current market share. Unlike previous studies, we use single-step and multi-step approaches to capture the long-range dependence and short-range dependence properties of variable bit rate video traces through neural networks-based modeling. We evaluate the accuracy of Long Short Term Memory, Convolutional Neural Networks and Sequence-to-Sequence models and compare them with existing approaches. Our models show significantly higher accuracy for a variety of videos. We also provide a case study on how our model can be used for traffic policing purposes.

Email users are vulnerable to phishing threats and a greater understanding of how to protect them is needed. This research investigates how response costs and rewards influence users’ protective and maladaptive security behaviours in the domain of phishing by testing a model that extends Protection Motivation Theory to more explicitly consider the role of maladaptive behaviour. The results show that rewards influence maladaptive behaviour rather than protective behaviour in response to email phishing threats, and that response costs influence both maladaptive and protective behaviours. That is, any perceived benefits from not performing protective behaviours against email phishing threats will result in an increase in the performance of maladaptive behaviours. Similarly, any increases in costs perceived to be incurred for performing protective behaviours against email phishing threats will result in a decrease in protective behaviour and an increase in maladaptive behaviour. These findings have both practical implications and implications for future research into protections against phishing threats.

Purpose

Information technology users often fail to adopt necessary security and privacy measures, leading to increased risk of cybercrimes. There has been limited research on how demographic differences influence information security behaviour and understanding this could be important in identifying users who may be more likely to have poor information security behaviour. This study aims to investigate whether there are any gender differences in security and privacy behaviours and perceptions, to identify potential differences that may have implications for protecting users’ privacy and securing their devices, software and data.

Design/methodology/approach

This paper addresses this research gap by investigating security behaviours and perceptions in the following two studies: one focussing on information security and one on information privacy. Data was collected in both studies using anonymous online surveys.

Findings

This study finds significant differences between men and women in over 40% of the security and privacy behaviours considered, suggesting that overall levels of both are significantly lower for women than for men, with behaviours that require more technical skill being adopted less by female users. Furthermore, individual perceptions exhibited some gender differences.

Originality/value

This research suggests that potential gender differences in some security and privacy behaviours and perceptions should be taken into account when designing information security education, training and awareness initiatives for both organisations and the broader community. This study also provides a strong foundation to explore information security individual differences more deeply.

Modern web technologies provide a highly customizable and dynamic interaction medium, yet their potential to accommodate individual user preferences and needs is largely untapped. This research empirically demonstrates the significant interaction of user culture with website usability and satisfaction on a set of translated Australian and Chinese websites. By implementing culturally specific design elements it is possible to have a positive influence on user performance and satisfaction, but these relationships are more complex than originally hypothesized. This work highlights the importance of accommodating the different information presentation and interaction styles of culturally diverse users to improve their performance and satisfaction when using the web.

Given the centrality of research and innovation to the information technology (IT) industry, teaching IT students about research is important and can potentially provide students with a range of benefits. This study investigated student perceptions of their achievement of the proposed benefits of explicit inclusion of research into undergraduate information technology degrees. Students enrolled in one or both of two dedicated research skills courses that first introduce them to information technology research and then allow them to undertake a complete research project were surveyed about their perceptions of the benefits of undertaking the courses. The results showed that they considered increased learning about information technology to be the major benefit, followed by improved lifelong learning and employability skills. The study also explored the factors proposed to determine whether students gain these benefits, and found motivation positively influenced whether students believed they had achieved these benefits. Beliefs and extent of participation in research also played a role in achievement of perceived benefits but influenced different subsets of them. This improved understanding of integration of research into information technology education should provide guidance to academics as they design courses and degrees that support achievement of these benefits.

Electronic health records (EHRs) are electronic versions of longitudinal individual health records that are easily accessible and can be shared among relevant stakeholders. Their use can contribute to improved health outcomes. This research aimed to identify the key factors influencing healthcare consumer adoption of EHRs by testing an EHR consumer adoption model that extends the Decomposed Theory of Planned Behavior to include security and privacy concerns and perceived health literacy. The model explained 65% of the variation in intention tgo use EHRs, with attitude and subjective norm as the key factors directly influencing it. Security and privacy concerns were found to be an important predictor of attitude toward EHRs, but contrary to expectations perceived health literacy did not play a role. These results can inform healthcare educators and professionals, as well as government policymakers as they try to better understand EHR acceptance from a consumer perspective.

Though there is a tension between citizens' privacy concerns and their acceptance of government surveillance, there is little systematic research in this space and less still in a cross‐cultural context. We address the research gap by modeling the factors that drive public acceptance of government surveillance, and by exploring the influence of national culture. The research involved an online survey of 242 Australian and Sri Lankan residents. Data were analyzed using partial least squares, revealing that privacy concerns around initial collection of citizens' data influenced levels of acceptance of surveillance in Australia but not Sri Lanka, whereas concerns about secondary use of data did not influence levels of acceptance in either country. These findings suggest that respondents conflate surveillance with the collection of data and may not consider subsequent secondary use. We also investigate cultural differences, finding that societal collectivism and power distance significantly affect the strength of the relationships between privacy concerns and acceptance of surveillance, on the one hand, and adoption of privacy protections, on the other. Our research also considers the role of trust in government, and perceived need for surveillance. Findings are discussed with their implications for theory and practice.