Senior Editorship

Journal of Organizational Computing & Electronic Commerce

CALL FOR PAPERS ON CYBERSECURITY

Dear Prospective Authors, and Colleagues:

I am excited to remind you of a Call for Papers to bring the best actionable insights on cybersecurity and related issues to readers. A team of accomplished and award-winning business leaders and outstanding scholars has been assembled to review and provide feedback on submissions. The submission and review process has been suitably modified to bring to market quality insights in a timely manner. Accepted manuscripts will be published in the Journal of Organizational Computing and Electronic Commerce's Cybersecurity Matters Ongoing Research Series.

Key Value Propositions

Practitioner Feedback

Opportunity to get feedback from practitioners

Possibly Enhance Research Grant Prospects

Could improve the probability of getting research grants

Efficient Review Process

Very efficient review process; papers will not be sitting and gathering dust at the journal end

Top Notch Quality

The published product will be top notch

Publicity within the Practitioner Community

There will be a proactive effort to promote the accepted papers and authors among the global practitioner community

Great Visibility

The readership will be global and include scholars and practitioners

Accepted Papers

enterprise cybersecurity training and awareness programs: recommendations for success

He, W. and Zhang, Z. “Enterprise Cybersecurity and Awareness Programs: Recommendations for Success,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019

Actionable Recommendations

  • Relate cybersecurity awareness training to employees' personal life

  • Run security assessments and micro-trainings at regular intervals

  • Hang cybersecurity signs and posters in the workplace for employees to see

  • Gamify cybersecurity awareness training programs to engage employees

  • Train employees on how to set up a password manager

Systems theoretic process analysis of information security: the case of aadhaar

Tarafdar, P. and Bose, I. “Systems Theoretic Process Analysis of Information Security: The Case of Aadhaar,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019

Actionable Recommendations

  • Each stakeholder of a platform like Aadhaar must take equal responsibility to protect its security. The government, users, and all authenticating agencies should collaboratively develop and implement their respective information security measures.

  • Take a holistic and integrative approach to understand the systemic interactions between the various players of a large-scale public platform and their associated hazards.

  • Create a matrix of possible hazards and their associated losses in a public system. Identify the causal factors leading to each hazard.

  • For each of the identified hazards propose security controls that consider the socio-technical aspects of communication between key players and focuses on proactive protection rather than reactive detection.

Spear phishing in a barrel

Burns, A.J., Johnson, E.M., and Caputo, D.D. “Spear Phishing in a Barrel: Insights from a Targeted Phishing Campaign,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019

Actionable Recommendations

  • Train employees to identify phishing emails.

  • Frame training to enhance its personal relevance (e.g., frame in terms of personal loss).

  • Teach employees about adversarial reconnaissance risks.

  • Build herd immunity through enhanced organizational training and communication.

  • Make organizational resources (e.g., training materials, IT help desk attendants) readily available to employees.

  • Create policies and procedures that encourage employees to report phishing attacks.

Violators versus Non-Violators of Information Security Measures

Khan, H.U. and Alshare, K.A. “Violators versus non-violators of information security measures in organizations – A study of distinguishing factors,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019

Actionable Recommendations

  • Management needs to communicate and educate employees regarding the organization's IT capability in dealing with information security violations. Non-violators had the impression that their company does have the IT capability to detect violations of information security measures.

  • Organizations should promote an information security culture that emphasizes knowledge sharing and clarity of the information security policy.

  • Make information security rules and measures very clear and simple so they can be easily followed and implemented.

  • Organizations should revisit corrective actions by increasing penalty.

  • Management needs to educate their employees regarding privacy issues such as respecting others privacy and protecting one’s personal information. This could be accomplished by offering training sessions and workshops provided by the experts in the field.

Cryptojacking Injection

Zimba, A., Wang, Z., and Mulenga, M. “Cryptojacking Injection: A Paradigm Shift to Cryptocurrency-based Web-centric Internet Attacks,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019

Actionable Recommendations

  • Incorporate cryptojacking in the risk and threat analysis of the overall cybersecurity assessments of the organization.

  • Incorporate cryptojacking security awareness in user training, focusing on looking for signs of crypto mining and phishing-type attempts that seek to load crypto mining JavaScript onto endpoint devices.

  • In network-based mitigation strategies, network forensics artifacts should be used as IOCs, while unusual computer behavior patterns and observable characteristics should be used as IOCs in host-based mitigation strategies.

  • For personal computers such as laptops and mobile tablets, add-blockers and anti-crypto mining extensions or plugins can be used to prevent browser-based crypto-mining.

  • The CISO can take a proactive role to find crypto mining C2 servers IPs and domains and confirm them with reputed security sources and blacklist them from the production network.

  • The CISO can take a proactive lead to enforce security policies that will filter URLs harboring crypto mining JavaScript code (and crypto mining associated files) from the production network.

    Exploring SME cybersecurity practices in developing countries

    Kabanda, S., Tanner, M. and Kent, C. “Exploring SME cybersecurity practices in developing countries,” Journal of Organizational Computing and Electronic Commerce, Vol 28, Issue 3, 2018