The Experts below are selected from a list of 271155 Experts worldwide ranked by ideXlab platform
Jonas Hallberg - One of the best experts on this subject based on the ideXlab platform.
-
the theory of planned behavior and information Security Policy compliance
Journal of Computer Information Systems, 2019Co-Authors: Teodor Sommestad, Henrik Karlzen, Jonas HallbergAbstract:ABSTRACTMuch of the research on Security Policy compliance has tested the relationships posited by the theory of planned behavior. This theory explains far from all of the measurable variance in Policy compliance intentions. However, it is associated with something called the sufficiency assumption, which essentially states that no variable is missing from the theory. This paper addresses this assumption in the context of information Security Policy compliance. A meta-analysis of published tests on information Security behavior and a review of the literature in related fields are used to identify variables that have the potential to improve the theory’s predictions. These results are tested using a random sample of 645 white-collar workers. The results suggest that the variables anticipated regret and habit improve the predictions. The variables increase the explained variance by 3.4 and 2.6 percentage points, respectively, when they are added individually, and by 5.4 percentage points when both are added.
-
a review of the theory of planned behaviour in the context of information Security Policy compliance
Information Security Conference, 2013Co-Authors: Teodor Sommestad, Jonas HallbergAbstract:The behaviour of employees influences information Security in virtually all organisations. To inform the employees regarding what constitutes desirable behaviour, an information Security Policy can be formulated and communicated. However, not all employees comply with the information Security Policy. This paper reviews and synthesises 16 studies related to the theory of planned behaviour. The objective is to investigate 1) to what extent the theory explains information Security Policy compliance and violation and 2) whether reasonable explanations can be found when the results of the studies diverge. It can be concluded that the theory explains information Security Policy compliance and violation approximately as well as it explains other behaviours. Some potential explanations can be found for why the results of the identified studies diverge. However, many of the differences in results are left unexplained.
Yi Yin - One of the best experts on this subject based on the ideXlab platform.
-
inconsistency analysis of time based Security Policy and firewall Policy
International Conference on Formal Engineering Methods, 2017Co-Authors: Yoshiaki Katayama, Yi Yin, Yuichiro Tateiwa, Yun Wang, Naohisa TakahashiAbstract:Packet filtering in firewall either accepts or denies packets based upon a set of predefined rules called firewall Policy. In recent years, time-based firewall policies are widely used in many firewalls such as CISCO ACLs. Firewall Policy is always designed under the instruction of Security Policy, which is a generic document that outlines the needs for network access permissions. It is difficult to maintain the consistency of normal firewall Policy and Security Policy, not to mention time-based firewall Policy and Security Policy. Even though there are many analysis methods for Security Policy and firewall Policy, they cannot deal with time constraint. To resolve this problem, we firstly represent time-based Security Policy and firewall Policy as logical formulas, and then use satisfiability modulo theories (SMT) solver Z3 to verify them and analyze inconsistency. We have implemented a prototype system to verify our proposed method, experimental results showed the effectiveness.
-
an inconsistency detection method for Security Policy and firewall Policy based on csp solver
International Conference on Cloud Computing, 2017Co-Authors: Yoshiaki Katayama, Yi Yin, Yuichiro Tateiwa, Yun Wang, Naohisa TakahashiAbstract:Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined rules called firewall Policy. Firewall Policy always designed under the instruction of Security Policy, which is a generic document that outlines the needs for network access permissions. The design of firewall Policy should be consistent with Security Policy.
-
verifying consistency between Security Policy and firewall Policy by using a constraint satisfaction problem server
2012Co-Authors: Yi Yin, Naohisa TakahashiAbstract:Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined filters called firewall Policy. Firewall Policy is designed under the instruction of Security Policy. A network Security Policy is a generic document that outlines the needs for network access permissions. And it determines how firewall filters are designed. If inconsistencies exist between Security Policy and firewall Policy, firewall Policy could not filter packets exactly, and the network protected by the firewall will be affected. To resolve this problem, we propose a method that represents Security Policy and firewall Policy as Constraint Satisfaction Problem and constructs a consistency verification model, then uses a CSP solver to verify their consistency. We did some experiments to verify our proposed method, experimental results showed the effectiveness.
Naohisa Takahashi - One of the best experts on this subject based on the ideXlab platform.
-
inconsistency analysis of time based Security Policy and firewall Policy
International Conference on Formal Engineering Methods, 2017Co-Authors: Yoshiaki Katayama, Yi Yin, Yuichiro Tateiwa, Yun Wang, Naohisa TakahashiAbstract:Packet filtering in firewall either accepts or denies packets based upon a set of predefined rules called firewall Policy. In recent years, time-based firewall policies are widely used in many firewalls such as CISCO ACLs. Firewall Policy is always designed under the instruction of Security Policy, which is a generic document that outlines the needs for network access permissions. It is difficult to maintain the consistency of normal firewall Policy and Security Policy, not to mention time-based firewall Policy and Security Policy. Even though there are many analysis methods for Security Policy and firewall Policy, they cannot deal with time constraint. To resolve this problem, we firstly represent time-based Security Policy and firewall Policy as logical formulas, and then use satisfiability modulo theories (SMT) solver Z3 to verify them and analyze inconsistency. We have implemented a prototype system to verify our proposed method, experimental results showed the effectiveness.
-
an inconsistency detection method for Security Policy and firewall Policy based on csp solver
International Conference on Cloud Computing, 2017Co-Authors: Yoshiaki Katayama, Yi Yin, Yuichiro Tateiwa, Yun Wang, Naohisa TakahashiAbstract:Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined rules called firewall Policy. Firewall Policy always designed under the instruction of Security Policy, which is a generic document that outlines the needs for network access permissions. The design of firewall Policy should be consistent with Security Policy.
-
verifying consistency between Security Policy and firewall Policy by using a constraint satisfaction problem server
2012Co-Authors: Yi Yin, Naohisa TakahashiAbstract:Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined filters called firewall Policy. Firewall Policy is designed under the instruction of Security Policy. A network Security Policy is a generic document that outlines the needs for network access permissions. And it determines how firewall filters are designed. If inconsistencies exist between Security Policy and firewall Policy, firewall Policy could not filter packets exactly, and the network protected by the firewall will be affected. To resolve this problem, we propose a method that represents Security Policy and firewall Policy as Constraint Satisfaction Problem and constructs a consistency verification model, then uses a CSP solver to verify their consistency. We did some experiments to verify our proposed method, experimental results showed the effectiveness.
-
Inconsistency Detection System for Security Policy and Firewall Policy
2010 First International Conference on Networking and Computing, 2010Co-Authors: Xiaodong Xu, Yoshiaki Katayama, Naohisa TakahashiAbstract:Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined filters called firewall Policy. Firewall Policy is designed under the instruction of Security Policy. A network Security Policy is a generic document that outlines the needs for computer network access permissions. And it determines how firewall filters are designed. If inconsistencies, such as redundant filters, insufficient filters or contradict filters, exist between Security Policy and firewall Policy, firewall Policy could not filter packets exactly, and the network protected by the firewall will be affected. To resolve this problem, we propose an inconsistency detection system to detect the inconsistencies between the Security Policy and firewall Policy. When the administrator could not get host IP addresses, port number and other specific values, according to the network configurations, our proposed system could transform the network Security Policy and firewall Policy to the same range value, represent and analyze their spatial relationships to detect their inconsistencies. The proposed system has been successfully implemented in a prototype system. We have been confirmed the effectiveness of the proposed system.
Teodor Sommestad - One of the best experts on this subject based on the ideXlab platform.
-
the theory of planned behavior and information Security Policy compliance
Journal of Computer Information Systems, 2019Co-Authors: Teodor Sommestad, Henrik Karlzen, Jonas HallbergAbstract:ABSTRACTMuch of the research on Security Policy compliance has tested the relationships posited by the theory of planned behavior. This theory explains far from all of the measurable variance in Policy compliance intentions. However, it is associated with something called the sufficiency assumption, which essentially states that no variable is missing from the theory. This paper addresses this assumption in the context of information Security Policy compliance. A meta-analysis of published tests on information Security behavior and a review of the literature in related fields are used to identify variables that have the potential to improve the theory’s predictions. These results are tested using a random sample of 645 white-collar workers. The results suggest that the variables anticipated regret and habit improve the predictions. The variables increase the explained variance by 3.4 and 2.6 percentage points, respectively, when they are added individually, and by 5.4 percentage points when both are added.
-
a review of the theory of planned behaviour in the context of information Security Policy compliance
Information Security Conference, 2013Co-Authors: Teodor Sommestad, Jonas HallbergAbstract:The behaviour of employees influences information Security in virtually all organisations. To inform the employees regarding what constitutes desirable behaviour, an information Security Policy can be formulated and communicated. However, not all employees comply with the information Security Policy. This paper reviews and synthesises 16 studies related to the theory of planned behaviour. The objective is to investigate 1) to what extent the theory explains information Security Policy compliance and violation and 2) whether reasonable explanations can be found when the results of the studies diverge. It can be concluded that the theory explains information Security Policy compliance and violation approximately as well as it explains other behaviours. Some potential explanations can be found for why the results of the identified studies diverge. However, many of the differences in results are left unexplained.
Steven Furnell - One of the best experts on this subject based on the ideXlab platform.
-
information Security Policy compliance model in organizations
Computers & Security, 2016Co-Authors: Nader Sohrabi Safa, Rossouw Von Solms, Steven FurnellAbstract:Information Security Policy compliance protects information assets in organizations.Involvement positively influences information Security Policy compliance.Attachment does not positively influence information Security Policy compliance.Commitment positively influences information Security Policy compliance.Personal norms positively influence information Security Policy compliance. The Internet and information technology have influenced human life significantly. However, information Security is still an important concern for both users and organizations. Technology cannot solely guarantee a secure environment for information; the human aspects of information Security should be taken into consideration, besides the technological aspects. The lack of information Security awareness, ignorance, negligence, apathy, mischief, and resistance are the root of users' mistakes. In this research, a novel model shows how complying with organizational information Security policies shapes and mitigates the risk of employees' behaviour. The significant aspect of this research is derived from the conceptualization of different aspects of involvement, such as information Security knowledge sharing, collaboration, intervention and experience, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory. The results of the data analysis revealed that information Security knowledge sharing, collaboration, intervention and experience all have a significant effect on employees' attitude towards compliance with organizational information Security policies. However, attachment does not have a significant effect on employees' attitude towards information Security Policy compliance. In addition, the findings have shown that commitment and personal norms affect employees' attitude. Attitude towards compliance with information Security organizational policies also has a significant effect on the behavioural intention regarding information Security compliance.
