Journal of Organizational Computing & Electronic Commerce
CALL FOR PAPERS ON CYBERSECURITY
Dear Prospective Authors, and Colleagues:
I am excited to remind you of a Call for Papers to bring the best actionable insights on cybersecurity and related issues to readers. A team of accomplished and award-winning business leaders and outstanding scholars has been assembled to review and provide feedback on submissions. The submission and review process has been suitably modified to bring to market quality insights in a timely manner. Accepted manuscripts will be published in the Journal of Organizational Computing and Electronic Commerce's Cybersecurity Matters Ongoing Research Series.
Key Value Propositions
Publicity within the Practitioner Community
enterprise cybersecurity training and awareness programs: recommendations for success
He, W. and Zhang, Z. “Enterprise Cybersecurity and Awareness Programs: Recommendations for Success,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019
- Relate cybersecurity awareness training to employees' personal life
- Run security assessments and micro-trainings at regular intervals
- Hang cybersecurity signs and posters in the workplace for employees to see
- Gamify cybersecurity awareness training programs to engage employees
- Train employees on how to set up a password manager
Systems theoretic process analysis of information security: the case of aadhaar
Tarafdar, P. and Bose, I. “Systems Theoretic Process Analysis of Information Security: The Case of Aadhaar,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019
- Each stakeholder of a platform like Aadhaar must take equal responsibility to protect its security. The government, users, and all authenticating agencies should collaboratively develop and implement their respective information security measures.
- Take a holistic and integrative approach to understand the systemic interactions between the various players of a large-scale public platform and their associated hazards.
- Create a matrix of possible hazards and their associated losses in a public system. Identify the causal factors leading to each hazard.
- For each of the identified hazards propose security controls that consider the socio-technical aspects of communication between key players and focuses on proactive protection rather than reactive detection.
Spear phishing in a barrel
Burns, A.J., Johnson, E.M., and Caputo, D.D. “Spear Phishing in a Barrel: Insights from a Targeted Phishing Campaign,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019
- Train employees to identify phishing emails.
- Frame training to enhance its personal relevance (e.g., frame in terms of personal loss).
- Teach employees about adversarial reconnaissance risks.
- Build herd immunity through enhanced organizational training and communication.
- Make organizational resources (e.g., training materials, IT help desk attendants) readily available to employees.
- Create policies and procedures that encourage employees to report phishing attacks.
Violators versus Non-Violators of Information Security Measures
Khan, H.U. and Alshare, K.A. “Violators versus non-violators of information security measures in organizations – A study of distinguishing factors,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019
- Management needs to communicate and educate employees regarding the organization's IT capability in dealing with information security violations. Non-violators had the impression that their company does have the IT capability to detect violations of information security measures.
- Organizations should promote an information security culture that emphasizes knowledge sharing and clarity of the information security policy.
- Make information security rules and measures very clear and simple so they can be easily followed and implemented.
- Organizations should revisit corrective actions by increasing penalty.
- Management needs to educate their employees regarding privacy issues such as respecting others privacy and protecting one’s personal information. This could be accomplished by offering training sessions and workshops provided by the experts in the field.
Zimba, A., Wang, Z., and Mulenga, M. “Cryptojacking Injection: A Paradigm Shift to Cryptocurrency-based Web-centric Internet Attacks,” Journal of Organizational Computing and Electronic Commerce Forthcoming 2019
- Incorporate cryptojacking in the risk and threat analysis of the overall cybersecurity assessments of the organization.
- In network-based mitigation strategies, network forensics artifacts should be used as IOCs, while unusual computer behavior patterns and observable characteristics should be used as IOCs in host-based mitigation strategies.
- For personal computers such as laptops and mobile tablets, add-blockers and anti-crypto mining extensions or plugins can be used to prevent browser-based crypto-mining.
- The CISO can take a proactive role to find crypto mining C2 servers IPs and domains and confirm them with reputed security sources and blacklist them from the production network.
Exploring SME cybersecurity practices in developing countries
Kabanda, S., Tanner, M. and Kent, C. “Exploring SME cybersecurity practices in developing countries,” Journal of Organizational Computing and Electronic Commerce, Vol 28, Issue 3, 2018