首页 > 最新文献

Information and Computer Security最新文献

英文 中文
Informational inequality: the role of resources and attributes in information security awareness 信息不平等:资源和属性在信息安全意识中的作用
Q2 Business, Management and Accounting Pub Date : 2023-11-09 DOI: 10.1108/ics-04-2023-0063
Gregory Lyon
Purpose The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society. Design/methodology/approach This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness. Findings The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively. Social implications The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others. Originality/value This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.
互联网使用和设备连接的快速扩展强调了了解公众网络行为和知识的重要性。尽管如此,很少有研究调查公众对安全信息安全实践的客观认识。本研究的目的是研究客观网络意识如何在整个社会中分布。设计/方法/方法本研究通过对全国成年人进行大规模调查,以检验个人因素(如人口统计属性和社会经济资源)与信息安全意识之间的关系。本研究使用加权逻辑回归估计了几种统计模型来模拟客观的信息安全意识。结果表明,收入和教育等社会经济资源对个人的信息安全意识有显著影响,个人越富有,受教育程度越高,对重要的安全实践和工具的意识越强。此外,年龄和性别代表了社会中一致而明确的信息差距,因为老年人和女性对一系列信息安全实践的了解程度明显低于年轻人和男性。研究结果对我们理解日益数字化和互联的社会中的信息安全行为和用户脆弱性具有重要意义。尽管网络安全在日常生活的几乎所有领域对所有人都越来越重要,但人们对安全网络实践以及用于保护自己免受攻击的工具和技术的认识存在很大的不平等。虽然数字技术将继续渗透到日常生活的许多方面——从金融交易到医疗服务再到社交互动——但研究结果表明,一些用户可能比其他人更容易受到攻击。独创性/价值本研究通过大型调查和统计模型,有助于我们了解一般用户的信息安全意识,从而概括出公众在多个领域的信息安全意识,并促进未来对公众信息安全知识的研究。研究结果表明,一些用户可能比其他人更容易受到攻击。尽管网络安全在日常生活的几乎所有领域对所有人都越来越重要,但人们对安全网络实践以及用于保护自己免受攻击的工具和技术的认识存在很大的不平等。
{"title":"Informational inequality: the role of resources and attributes in information security awareness","authors":"Gregory Lyon","doi":"10.1108/ics-04-2023-0063","DOIUrl":"https://doi.org/10.1108/ics-04-2023-0063","url":null,"abstract":"Purpose The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society. Design/methodology/approach This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness. Findings The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively. Social implications The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others. Originality/value This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135192663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Organizational perspectives on converged security operations 聚合安全操作的组织视角
Q2 Business, Management and Accounting Pub Date : 2023-11-01 DOI: 10.1108/ics-03-2023-0029
Herbert Mattord, Kathleen Kotwica, Michael Whitman, Evan Battaglia
Purpose The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises. Design/methodology/approach This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence? Findings In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel. Research limitations/implications This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn. Practical implications Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations. Social implications Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats. Originality/value Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to
本文的目的是探讨当前商业企业中企业安全和网络安全流程之间的安全融合实践。设计/方法/方法本文是一个计划中的多阶段项目的第一阶段,旨在更好地了解商业组织正在实施的安全优化工作的当前实践,这些组织正在探索在降低运营成本的同时安全运营的手段和方法。调查的研究问题是:网络安全和企业安全融合的一般兴趣水平是什么?组织之间的趋同观点是如何一致的?组织在多大程度上追求融合?组织如何从融合中实现预期的结果?在组织中,向更优化的安全结构的演变,无论是合并还是合作,传统上都是由于计划外或不可预见的事件;例如,剥离/收购,新的安全领导或负面的安全事件是发起者。这与出于降低运营成本和/或改善结果以降低运营风险的原因而改变或增强安全结构的主动管理决策或正式计划形成对比。主要的例外是对监管要求的回应。初步研究结果表明,在单一领导者领导下的组织合并情况下,聚合组织的结果不一定更优化。优化最终可能取决于管理人员、网络安全和企业安全人员之间关系的强度和合作的开放性。本报告及其调查受访者的数量不支持可推广的发现。每个类别的答复太少,无法作出可靠的预测,在分析中,大多数类别的答复数量不足,无法得出可支持的结论。实践意义实践者可能会找到有用的上下文线索,以满足他们对趋同的需求,或者响应本报告中在其他一些组织中发现的趋同指令。随着组织在面对日益严重的网络安全威胁时变得更加高效,提高组织网络安全的有效性和/或降低成本将是一个有用的社会结果。原创性/价值融合作为一个概念在实践和研究界已经存在了一段时间。它最初是由ASIS国际和ISACA于2005年正式推广的。然而,对于这一术语并没有普遍认可的定义,也没有为实现这一定义而采取的措施。此外,为实现这一目标而采取的业务驱动因素和实践仍未得到充分理解。如果与其他结构相比,聚合操作的收敛或优化提供了更好的操作结构,那么就有责任发现是否存在可衡量的好处。本研究希望对安全协同优化的概念进行更全面的界定。最终的目标是开发和推广一种工具,用于组织衡量它们在这种连续体中的位置。
{"title":"Organizational perspectives on converged security operations","authors":"Herbert Mattord, Kathleen Kotwica, Michael Whitman, Evan Battaglia","doi":"10.1108/ics-03-2023-0029","DOIUrl":"https://doi.org/10.1108/ics-03-2023-0029","url":null,"abstract":"Purpose The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises. Design/methodology/approach This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence? Findings In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel. Research limitations/implications This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn. Practical implications Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations. Social implications Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats. Originality/value Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to ","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135220801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Applying the Goal, Question, Metric method to derive tailored dynamic cyber risk metrics 应用目标、问题、度量方法来获得量身定制的动态网络风险度量
Q2 Business, Management and Accounting Pub Date : 2023-10-16 DOI: 10.1108/ics-03-2023-0043
Miguel Calvo, Marta Beltrán
Purpose This paper aims to propose a new method to derive custom dynamic cyber risk metrics based on the well-known Goal, Question, Metric (GQM) approach. A framework that complements it and makes it much easier to use has been proposed too. Both, the method and the framework, have been validated within two challenging application domains: continuous risk assessment within a smart farm and risk-based adaptive security to reconfigure a Web application firewall. Design/methodology/approach The authors have identified a problem and provided motivation. They have developed their theory and engineered a new method and a framework to complement it. They have demonstrated the proposed method and framework work, validating them in two real use cases. Findings The GQM method, often applied within the software quality field, is a good basis for proposing a method to define new tailored cyber risk metrics that meet the requirements of current application domains. A comprehensive framework that formalises possible goals and questions translated to potential measurements can greatly facilitate the use of this method. Originality/value The proposed method enables the application of the GQM approach to cyber risk measurement. The proposed framework allows new cyber risk metrics to be inferred by choosing between suggested goals and questions and measuring the relevant elements of probability and impact. The authors’ approach demonstrates to be generic and flexible enough to allow very different organisations with heterogeneous requirements to derive tailored metrics useful for their particular risk management processes.
本文旨在提出一种基于目标、问题、度量(GQM)方法的自定义动态网络风险度量的新方法。还提出了一个补充它并使其更易于使用的框架。方法和框架都在两个具有挑战性的应用程序领域中得到了验证:智能农场内的持续风险评估和重新配置Web应用程序防火墙的基于风险的自适应安全性。设计/方法/方法作者发现了一个问题并提供了动机。他们发展了自己的理论,并设计了一种新的方法和框架来补充它。他们已经演示了所建议的方法和框架工作,并在两个实际用例中对它们进行了验证。GQM方法通常应用于软件质量领域,是提出一种方法来定义新的定制的网络风险度量,以满足当前应用领域的需求的良好基础。将可能的目标和问题形式化并转化为潜在测量的综合框架可以极大地促进该方法的使用。提出的方法使GQM方法能够应用于网络风险度量。拟议的框架允许通过在建议的目标和问题之间进行选择,并测量概率和影响的相关元素来推断新的网络风险指标。作者的方法证明是通用的和足够灵活的,允许具有异质需求的非常不同的组织派生出对其特定风险管理过程有用的定制度量。
{"title":"Applying the Goal, Question, Metric method to derive tailored dynamic cyber risk metrics","authors":"Miguel Calvo, Marta Beltrán","doi":"10.1108/ics-03-2023-0043","DOIUrl":"https://doi.org/10.1108/ics-03-2023-0043","url":null,"abstract":"Purpose This paper aims to propose a new method to derive custom dynamic cyber risk metrics based on the well-known Goal, Question, Metric (GQM) approach. A framework that complements it and makes it much easier to use has been proposed too. Both, the method and the framework, have been validated within two challenging application domains: continuous risk assessment within a smart farm and risk-based adaptive security to reconfigure a Web application firewall. Design/methodology/approach The authors have identified a problem and provided motivation. They have developed their theory and engineered a new method and a framework to complement it. They have demonstrated the proposed method and framework work, validating them in two real use cases. Findings The GQM method, often applied within the software quality field, is a good basis for proposing a method to define new tailored cyber risk metrics that meet the requirements of current application domains. A comprehensive framework that formalises possible goals and questions translated to potential measurements can greatly facilitate the use of this method. Originality/value The proposed method enables the application of the GQM approach to cyber risk measurement. The proposed framework allows new cyber risk metrics to be inferred by choosing between suggested goals and questions and measuring the relevant elements of probability and impact. The authors’ approach demonstrates to be generic and flexible enough to allow very different organisations with heterogeneous requirements to derive tailored metrics useful for their particular risk management processes.","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136078240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Determining cybersecurity culture maturity and deriving verifiable improvement measures 确定网络安全文化成熟度并提出可验证的改进措施
Q2 Business, Management and Accounting Pub Date : 2023-10-05 DOI: 10.1108/ics-07-2023-0116
Peter Dornheim, Ruediger Zarnekow
Purpose The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company. Design/methodology/approach Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in. Findings Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved. Originality/value This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.
人为因素是抵御网络攻击最重要的防御资产。为了确保人为因素保持强大,必须在公司中建立和培养网络安全文化,以指导员工的态度和行为。存在许多网络安全文化框架;然而,它们的实际应用是困难的。本文旨在展示如何应用已建立的框架来确定和改善公司的网络安全文化。设计/方法/方法在八个月内,在一家全球性软件公司的内部IT部门进行了两次调查,以分析网络安全文化和应用的改进措施。这两项调查都包含相同的23个问题,根据六个维度来衡量网络安全文化:网络安全问责制、网络安全承诺、网络安全必要性和重要性、网络安全政策有效性、信息使用感知和管理支持。结果表明,如果从调查结果中得出准确的衡量标准,则可以确定和提高网络安全文化成熟度。第一次调查显示,网络安全问责、网络安全承诺和网络安全政策有效性方面存在改善的潜力,而第二次调查证明,这些方面已经得到改善。原创性/价值本文证明,网络安全文化框架的实际应用是可能的,如果他们适当地针对一个给定的组织。在这方面,科学研究和实际应用相结合,为研究人员和网络安全主管提供了真正的价值。
{"title":"Determining cybersecurity culture maturity and deriving verifiable improvement measures","authors":"Peter Dornheim, Ruediger Zarnekow","doi":"10.1108/ics-07-2023-0116","DOIUrl":"https://doi.org/10.1108/ics-07-2023-0116","url":null,"abstract":"Purpose The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company. Design/methodology/approach Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in. Findings Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved. Originality/value This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134947920","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Exploring the role of assurance context in system security assurance evaluation: a conceptual model 探讨保障上下文在系统安全保障评估中的作用:一个概念模型
Q2 Business, Management and Accounting Pub Date : 2023-10-03 DOI: 10.1108/ics-06-2023-0101
Shao-Fang Wen, Basel Katt
Purpose Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process. Design/methodology/approach The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance. Findings By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes. Originality/value By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.
目的安全保证评估(SAE)是一种公认的评估系统安全措施有效性的方法。然而,在这些评估中经常被忽略的一个方面是执行评估的保证上下文。本文旨在探讨保证上下文在系统sae中的作用,并提出了一个将保证上下文集成到评估过程中的概念模型。设计/方法/方法概念模型强调保证上下文的各种元素之间的相互关系,包括系统边界、涉众、安全问题、法规遵从性和保证假设以及法规遵从性。通过引入所提出的概念模型,本研究提供了一个将保证上下文纳入sae的框架,并提供了如何影响评估结果的见解。独创性/价值通过深入研究保证上下文的概念,本研究试图阐明它如何影响保证评估的范围、方法和结果,最终使组织能够加强其系统安全状态并有效地减轻风险。
{"title":"Exploring the role of assurance context in system security assurance evaluation: a conceptual model","authors":"Shao-Fang Wen, Basel Katt","doi":"10.1108/ics-06-2023-0101","DOIUrl":"https://doi.org/10.1108/ics-06-2023-0101","url":null,"abstract":"Purpose Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process. Design/methodology/approach The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance. Findings By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes. Originality/value By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135738795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART) 迷失在中间——ERP管理人员通过应用分类和回归树(CART)来确定已知漏洞的优先级的实用方法
Q2 Business, Management and Accounting Pub Date : 2023-09-15 DOI: 10.1108/ics-02-2023-0027
Richard G. Mathieu, Alan E. Turovlin
Purpose Cyber risk has significantly increased over the past twenty years. In many organizations, data and operations are managed through a complex technology stack underpinned by an Enterprise Resource Planning (ERP) system such as systemanalyse programmentwicklung (SAP). The ERP environment by itself can be overwhelming for a typical ERP Manager, coupled with increasing cybersecurity issues that arise creating periods of intense time pressure, stress and workload, increasing risk to the organization. This paper aims to identify a pragmatic approach to prioritize vulnerabilities for the ERP Manager. Design/methodology/approach Applying attention-based theory, a pragmatic approach is developed to prioritize an organization’s response to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) vulnerabilities using a Classification and Regression Tree (CART). Findings The application of classification and regression tree (CART) to the National Institute of Standards and Technology’s National Vulnerability Database identifies prioritization unavailable within the NIST’s categorization. Practical implications The ERP Manager is a role between technology, functionality, centralized control and organization data. Without CART, vulnerabilities are left to a reactive approach, subject to overwhelming situations due to intense time pressure, stress and workload. Originality/value To the best of the authors’ knowledge, this work is original and has not been published elsewhere, nor is it currently under consideration for publication elsewhere. CART has previously not been applied to the prioritizing cybersecurity vulnerabilities.
在过去的二十年中,网络风险显著增加。在许多组织中,数据和操作是通过企业资源规划(ERP)系统(如系统分析程序管理系统(SAP))支持的复杂技术堆栈来管理的。对于一个典型的ERP经理来说,ERP环境本身可能是压倒性的,再加上日益增加的网络安全问题,产生了巨大的时间压力、压力和工作量,增加了组织的风险。本文旨在确定一种实用的方法来优先考虑ERP管理器的漏洞。设计/方法/方法应用基于注意力的理论,开发了一种实用的方法,使用分类和回归树(CART)来优先考虑组织对国家标准与技术研究所(NIST)国家漏洞数据库(NVD)漏洞的响应。将分类和回归树(CART)应用于美国国家标准与技术研究所的国家漏洞数据库,确定了NIST分类中不可用的优先级。ERP经理是一个介于技术、功能、集中控制和组织数据之间的角色。如果没有CART,漏洞就会留给被动的方法,由于时间压力、压力和工作量大,漏洞会受到压倒性的影响。原创性/价值据作者所知,本作品是原创的,没有在其他地方发表过,目前也没有考虑在其他地方发表。CART以前没有应用于优先级网络安全漏洞。
{"title":"Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)","authors":"Richard G. Mathieu, Alan E. Turovlin","doi":"10.1108/ics-02-2023-0027","DOIUrl":"https://doi.org/10.1108/ics-02-2023-0027","url":null,"abstract":"Purpose Cyber risk has significantly increased over the past twenty years. In many organizations, data and operations are managed through a complex technology stack underpinned by an Enterprise Resource Planning (ERP) system such as systemanalyse programmentwicklung (SAP). The ERP environment by itself can be overwhelming for a typical ERP Manager, coupled with increasing cybersecurity issues that arise creating periods of intense time pressure, stress and workload, increasing risk to the organization. This paper aims to identify a pragmatic approach to prioritize vulnerabilities for the ERP Manager. Design/methodology/approach Applying attention-based theory, a pragmatic approach is developed to prioritize an organization’s response to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) vulnerabilities using a Classification and Regression Tree (CART). Findings The application of classification and regression tree (CART) to the National Institute of Standards and Technology’s National Vulnerability Database identifies prioritization unavailable within the NIST’s categorization. Practical implications The ERP Manager is a role between technology, functionality, centralized control and organization data. Without CART, vulnerabilities are left to a reactive approach, subject to overwhelming situations due to intense time pressure, stress and workload. Originality/value To the best of the authors’ knowledge, this work is original and has not been published elsewhere, nor is it currently under consideration for publication elsewhere. CART has previously not been applied to the prioritizing cybersecurity vulnerabilities.","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135352956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Framework for critical information infrastructure protection in smart government: a case study in Indonesia 智能政府中关键信息基础设施保护框架:以印度尼西亚为例
Q2 Business, Management and Accounting Pub Date : 2023-09-13 DOI: 10.1108/ics-03-2023-0031
Prasetyo Adi Wibowo Putro, Dana Indra Sensuse, Wahyu Setiawan Setiawan Wibowo
Purpose This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology. Design/methodology/approach To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM). Findings The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables. Practical implications This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services. Originality/value The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.
本文旨在开发智能政府中关键信息基础设施(CII)保护框架,这是NIST网络安全框架和ISO 27001等常见网络安全框架的替代措施。智能政府是CII的政府管理部门,因为它与智能技术的核心相似。设计/方法/方法为了确保数据的有效性,本文使用的研究方法遵循预测社会技术系统故障(PreMiSTS)方法,这是社会技术系统(STS)方法的一种变体,专门用于预测社会技术系统中的潜在问题。在本研究中,以观察和系统文献综述为主要数据收集方法,运用模糊德尔菲法(FDM)进行专题分析和专家验证。建议的CII保护框架包括几个方面:目标、相互依赖、功能、风险管理、资源和治理。对于所有这些维度,有20个元素和41个变量。该框架可以作为智能政府(特别是政府管理服务)中CII保护的替代指南。作者使用prests,一种结合主题分析和FDM的社会技术方法,设计了一个CII保护的安全框架。这种组合被设计为一种混合方法,以提高IT项目成功的可能性。
{"title":"Framework for critical information infrastructure protection in smart government: a case study in Indonesia","authors":"Prasetyo Adi Wibowo Putro, Dana Indra Sensuse, Wahyu Setiawan Setiawan Wibowo","doi":"10.1108/ics-03-2023-0031","DOIUrl":"https://doi.org/10.1108/ics-03-2023-0031","url":null,"abstract":"Purpose This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology. Design/methodology/approach To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM). Findings The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables. Practical implications This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services. Originality/value The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134990428","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The impacts of the cyber-trust program on the cybersecurity maturity of government entities in the Kingdom of Bahrain 网络信任计划对巴林王国政府实体网络安全成熟度的影响
Q2 Business, Management and Accounting Pub Date : 2023-06-01 DOI: 10.1108/ics-06-2022-0108
Khalid Shaheen, Ali Hussein Zolait
Purpose This study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can impact the cybersecurity of government entities in the Kingdom of Bahrain. Design/methodology/approach The authors used a quantitative and qualitative approach. The data were collected by conducting semi-structured interviews with the information technology experts in the Bahrain Government entities participating in the CTP. Also, quantitative data was obtained through a questionnaire distributed to relevant people in the information technology field. Findings The findings of this study suggest that the CTP had a significant impact on the cybersecurity assurance of the government entities that participated in the CTP; it increased the employees’ awareness, reduced the number of cyberattacks and optimized the available resources. The findings also highlighted the role of top management in the success of the implementation of the CTP. The results also ensure that the CTP’s maturity model affected the cybersecurity compliance of an organization and the implementation of cybersecurity policies and controls. Practical implications This study enhances cybersecurity researchers’ and practitioners’ understanding of the impact of the CTP and its components and evaluates its influence on Bahrain’s cybersecurity assurance. Originality/value This study implies that to achieve better cybersecurity, managers should focus on implementing the policies and controls provided by cybersecurity frameworks to enhance cybersecurity assurance.
本研究旨在确定巴林政府框架[网络信任计划(CTP)]对政府实体网络安全成熟度的影响,以及CTP如何影响巴林王国政府实体的网络安全。作者采用了定量和定性的方法。数据是通过与参与CTP的巴林政府实体的信息技术专家进行半结构化访谈收集的。同时,通过向信息技术领域相关人士发放问卷,获得定量数据。研究结果表明:CTP对参与CTP的政府实体的网络安全保障有显著影响;它提高了员工的意识,减少了网络攻击的数量,优化了可用资源。调查结果还强调了高层管理人员在CTP成功实施中的作用。结果还确保了CTP的成熟度模型影响了组织的网络安全遵从性以及网络安全策略和控制的实施。本研究增强了网络安全研究人员和从业者对CTP及其组成部分影响的理解,并评估了其对巴林网络安全保障的影响。本研究表明,为了实现更好的网络安全,管理者应该专注于实施网络安全框架提供的政策和控制,以增强网络安全保障。
{"title":"The impacts of the cyber-trust program on the cybersecurity maturity of government entities in the Kingdom of Bahrain","authors":"Khalid Shaheen, Ali Hussein Zolait","doi":"10.1108/ics-06-2022-0108","DOIUrl":"https://doi.org/10.1108/ics-06-2022-0108","url":null,"abstract":"Purpose This study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can impact the cybersecurity of government entities in the Kingdom of Bahrain. Design/methodology/approach The authors used a quantitative and qualitative approach. The data were collected by conducting semi-structured interviews with the information technology experts in the Bahrain Government entities participating in the CTP. Also, quantitative data was obtained through a questionnaire distributed to relevant people in the information technology field. Findings The findings of this study suggest that the CTP had a significant impact on the cybersecurity assurance of the government entities that participated in the CTP; it increased the employees’ awareness, reduced the number of cyberattacks and optimized the available resources. The findings also highlighted the role of top management in the success of the implementation of the CTP. The results also ensure that the CTP’s maturity model affected the cybersecurity compliance of an organization and the implementation of cybersecurity policies and controls. Practical implications This study enhances cybersecurity researchers’ and practitioners’ understanding of the impact of the CTP and its components and evaluates its influence on Bahrain’s cybersecurity assurance. Originality/value This study implies that to achieve better cybersecurity, managers should focus on implementing the policies and controls provided by cybersecurity frameworks to enhance cybersecurity assurance.","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135220291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Risk homeostasis and security fatigue: a case study of data specialists 风险稳态和安全疲劳:数据专家的案例研究
Q2 Business, Management and Accounting Pub Date : 2023-02-09 DOI: 10.1108/ics-11-2022-0172
Anusha Bhana, Jacques Ophoff
Purpose Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees to manage security-related risks. The purpose of this research is to explore the homeostatic mechanism proposed by risk homeostasis theory (RHT), as well as security fatigue, in an organisational context. Design/methodology/approach A case study approach was used to investigate the topic, focusing on data specialists who regularly work with sensitive information assets. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. Findings A thematic analysis of the data revealed risk perceptions, behavioural adjustments and indicators of security fatigue. The findings provide examples of how these concepts manifest in practice and confirm the relevance of RHT in the security domain. Originality/value This research illuminates homeostatic mechanisms in an organisational security context. It also illustrates links with security fatigue and how this could further impact risk. Examples and indicators of security fatigue can assist organisations with risk management, creating “employee-friendly” policies and procedures, choosing appropriate technical security solutions and tailoring security education, training and awareness activities.
组织使用各种技术、正式和非正式的安全控制,但也依靠员工来保护信息资产。这在很大程度上依赖于合规性,并不断挑战员工管理与安全相关的风险。本研究的目的是探讨由风险稳态理论(RHT)提出的稳态机制,以及安全疲劳,在组织背景下。设计/方法/方法采用案例研究方法调查该主题,重点关注经常处理敏感信息资产的数据专家。主要数据是通过对一家大型金融服务公司的12位数据专家的半结构化访谈收集的。对数据的专题分析揭示了风险认知、行为调整和安全疲劳指标。这些发现提供了这些概念如何在实践中体现的示例,并确认了RHT在安全领域中的相关性。原创性/价值本研究阐明了组织安全背景下的稳态机制。它还说明了与安全疲劳的联系,以及这可能如何进一步影响风险。安全疲劳的例子和指标可以帮助组织进行风险管理,制定“员工友好”的政策和程序,选择适当的技术安全解决方案,以及定制安全教育、培训和意识活动。
{"title":"Risk homeostasis and security fatigue: a case study of data specialists","authors":"Anusha Bhana, Jacques Ophoff","doi":"10.1108/ics-11-2022-0172","DOIUrl":"https://doi.org/10.1108/ics-11-2022-0172","url":null,"abstract":"Purpose Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees to manage security-related risks. The purpose of this research is to explore the homeostatic mechanism proposed by risk homeostasis theory (RHT), as well as security fatigue, in an organisational context. Design/methodology/approach A case study approach was used to investigate the topic, focusing on data specialists who regularly work with sensitive information assets. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. Findings A thematic analysis of the data revealed risk perceptions, behavioural adjustments and indicators of security fatigue. The findings provide examples of how these concepts manifest in practice and confirm the relevance of RHT in the security domain. Originality/value This research illuminates homeostatic mechanisms in an organisational security context. It also illustrates links with security fatigue and how this could further impact risk. Examples and indicators of security fatigue can assist organisations with risk management, creating “employee-friendly” policies and procedures, choosing appropriate technical security solutions and tailoring security education, training and awareness activities.","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-02-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136155913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
How privacy concerns impact Swedish citizens’ willingness to report crimes: a quantitative mobile phone survey 隐私问题如何影响瑞典公民举报犯罪的意愿:一项定量手机调查
Q2 Business, Management and Accounting Pub Date : 2023-02-09 DOI: 10.1108/ics-10-2022-0167
Gunnar Lindqvist, Joakim Kävrestad
Purpose The purpose of this paper is to identify whether there is a lower willingness to report a crime if a victim must hand in their mobile phone as evidence. If that is the case, the research seeks to examine whether privacy concerns and lower willingness correlate with one another and thereby investigate whether privacy concerns could lead to fewer crimes being reported and resolved. Design/methodology/approach A mobile phone survey was distributed to 400 Swedish adults to identify their hypothetical willingness to report certain crimes with and without handing in their mobile phones as evidence. The results were then analysed using inferential statistics. Findings The result suggests that there is no meaningful correlation between privacy attitudes and willingness to report crime when the handover of a mobile phone is necessary. The results of this study however show a significant lower willingness to report crimes when the mobile phone must be handed in. Research limitations/implications Because the chosen target group were Swedish adults, the research results may lack generalisability for other demographics. Therefore, researchers are encouraged to test other demographics. Originality/value This paper’s contribution is the novel exploration of attitudes and behaviours regarding the combination of privacy, digital forensics, mobile phones and crime reportage. This research effort examined the problematic situation that can arise for victims of crime, the invasion of privacy when providing evidence by handing in a mobile phone to the police’s forensic unit for examination.
本文的目的是确定是否有较低的意愿报告犯罪,如果受害者必须交出他们的手机作为证据。如果是这样的话,这项研究试图检验对隐私的关注和较低的犯罪意愿是否相互关联,从而调查对隐私的关注是否会导致更少的犯罪被举报和解决。设计/方法/方法对400名瑞典成年人进行了一项手机调查,以确定他们是否愿意在有和没有交出手机作为证据的情况下举报某些犯罪。然后使用推理统计分析结果。结果表明,当需要移交手机时,隐私态度与犯罪举报意愿之间没有显著的相关关系。然而,这项研究的结果表明,当手机必须上交时,报案的意愿明显降低。由于选择的目标群体是瑞典成年人,研究结果可能缺乏其他人口统计学的普遍性。因此,鼓励研究人员测试其他人口统计数据。原创性/价值本文的贡献在于对隐私、数字取证、移动电话和犯罪报道相结合的态度和行为进行了新颖的探索。这项研究工作审查了犯罪受害者可能出现的问题情况,即在将移动电话交给警方法医单位进行检查时提供证据时侵犯隐私的情况。
{"title":"How privacy concerns impact Swedish citizens’ willingness to report crimes: a quantitative mobile phone survey","authors":"Gunnar Lindqvist, Joakim Kävrestad","doi":"10.1108/ics-10-2022-0167","DOIUrl":"https://doi.org/10.1108/ics-10-2022-0167","url":null,"abstract":"Purpose The purpose of this paper is to identify whether there is a lower willingness to report a crime if a victim must hand in their mobile phone as evidence. If that is the case, the research seeks to examine whether privacy concerns and lower willingness correlate with one another and thereby investigate whether privacy concerns could lead to fewer crimes being reported and resolved. Design/methodology/approach A mobile phone survey was distributed to 400 Swedish adults to identify their hypothetical willingness to report certain crimes with and without handing in their mobile phones as evidence. The results were then analysed using inferential statistics. Findings The result suggests that there is no meaningful correlation between privacy attitudes and willingness to report crime when the handover of a mobile phone is necessary. The results of this study however show a significant lower willingness to report crimes when the mobile phone must be handed in. Research limitations/implications Because the chosen target group were Swedish adults, the research results may lack generalisability for other demographics. Therefore, researchers are encouraged to test other demographics. Originality/value This paper’s contribution is the novel exploration of attitudes and behaviours regarding the combination of privacy, digital forensics, mobile phones and crime reportage. This research effort examined the problematic situation that can arise for victims of crime, the invasion of privacy when providing evidence by handing in a mobile phone to the police’s forensic unit for examination.","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-02-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136155914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Information and Computer Security
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1