Explore the vast range of titles available.

This study explores the relatively under-researched area of comparing data privacy regulations and best practices across different countries, with a focus on the gaming industry. It provides an overview of general data privacy principles and existing global regulations, analyzing how gaming operators leverage personal data for competitive advantage. Specifically, the research examines the data privacy approaches and regulatory requirements in Singapore, Macau, and Japan, highlighting the cultural and historical contexts influencing these regulations. Through a comparative analysis, the article discusses the compliance needs for gaming operators in these jurisdictions.

The Internet of Things (IoT) has gained popularity among home consumers due to its characteristics related to automation, information gathering, and purported physical security benefits. In an effort to capitalize on an expanding market, IoT developers have rushed products to market without proper due diligence regarding device cybersecurity. By being more focused on the utility and convenience of IoT devices without being concerned about their devices’ inherent security flaws, consumers may be unwittingly putting themselves at risk. Gain- and loss-framed messaging has been an extensively studied form of persuasive communication in other research fields but has not been previously examined in the context of information security research. Using an experimental design, we assess the efficacy of applying gain- and loss-framed principles to a security education training and awareness (SETA) program designed to bolster IoT users’ concerns related to pertinent IoT-based threats and provide information about their corresponding countermeasures. We found that for consumers with low initial IoT security concerns, loss-framed messaging is more effective in increasing security concerns. For consumers with higher initial concerns, messages focusing on desirable outcomes, regardless of an overall gain- or loss-framed message valence, are effective at increasing IoT security concerns.

Purpose The purpose of this study is to examine public perceptions and attitudes toward using artificial intelligence (AI) in the US criminal justice system. Design/methodology/approach The authors took a quantitative approach and administered an online survey using the Amazon Mechanical Turk platform. The instrument was developed by integrating prior literature to create multiple scales for measuring public perceptions and attitudes. Findings The findings suggest that despite the various attempts, there are still significant perceptions of sociodemographic bias in the criminal justice system and technology alone cannot alleviate them. However, AI can assist judges in making fairer and more objective decisions by using triangulation – offering additional data points to offset individual biases. Social implications Other scholars can build upon the findings and extend the work to shed more light on some problems of growing concern for society – bias and inequality in criminal sentencing. AI can be a valuable tool to assist judges in the decision-making process by offering diverse viewpoints. Furthermore, the authors bridge the gap between the fields of technology and criminal justice and demonstrate how the two can be successfully integrated for the benefit of society. Originality/value To the best of the authors’ knowledge, this is among the first studies to examine a complex societal problem like the introduction of technology in a high-stakes environment – the US criminal justice system. Understanding how AI is perceived by society is necessary to develop more transparent and unbiased algorithms for assisting judges in making fair and equitable sentencing decisions. In addition, the authors developed and validated a new scale that can be used to further examine this novel approach to criminal sentencing in the future.

Cybercrime against critical infrastructures such as nuclear reactors, power plants, and dams has been increasing in frequency and severity. Recent literature regarding these types of attacks has been extensive but due to the sensitive nature of this field, there is very little empirical data. We address these issues by integrating Routine Activity Theory and Rational Choice Theory, and we create a classification tool called TRACI (Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure). We take a Design Science Research approach to develop, evaluate, and refine the proposed artifact. We use mixed methods to demonstrate that our taxonomy can successfully capture the characteristics of various cyberattacks against critical infrastructure. TRACI consists of three dimensions, and each dimension contains its own subdimensions. The first dimension comprises hacker motivation, which can be financial, socio-cultural, thrill-seeking, and/or economic. The second dimension represents the assets such as cyber, physical, and/or cyber-physical components. The third dimension is related to threats, vulnerabilities, and controls that are fundamental to establishing and maintaining an information security posture and overall cyber resilience. Our work is among the first to utilize criminological theories and Design Science to create an empirically validated artifact for improving critical infrastructure risk management.

The main purpose of the Sentencing Reform Act of 1984 was to provide more uniformity in sentencing and reduce interjudge disparity. Subsequently, the act created the federal sentencing guidelines to offer judges a possible sentencing range for offenses. However, since these recommendations were based on historical data, the guidelines amplified existing biases and increased inequality and the disproportionate sentencing of minorities. To address this problem, we developed an artifact called “ShowCase”—a data-driven dashboard—that is grounded in penal theory, organizational context theory, social bonds theory, and triangulation notion in design theory. The artifact helps judges make fairer and more objective decisions by integrating a variety of data points. We used a design science research methodology and mixed methods to guide the development and evaluation of the proposed dashboard. Our research inquiry revealed the legal and extralegal factors that contribute to more equitable judicial decisions. We also found support for integrating data science and more diverse viewpoints in the sentencing process. Our study shows that a validated data-driven dashboard can be used to promote fairness, objectivity, and transparency in the criminal justice system.

Routine Activity Theory (RAT) is frequently employed to explain phishing incidents due to its unique emphasis on the victim's perspective. We conducted a systematic review of 135 studies examining RAT's application to phishing. Our findings indicate that although RAT is widely prevalent in the literature, it often neglects critical aspects such as detailed victim profiles and underlying factors influencing susceptibility to phishing attacks. To address this gap, we developed a new cybercriminological theory that specifically aims to explain phishing victimization. The proposed Experience-Consequence Theory of Phishing Susceptibility focuses on the understanding of the consequences of clicking on suspicious links and the victims’ prior experiences with phishing. These elements can help security professionals identify better strategies for reducing phishing victimization by tailoring security education, training, and awareness (SETA) programs to meet the specific needs of their employees. Furthermore, this theory has managerial implications because it offers organizations a more comprehensive and robust approach to reducing the risk of social engineering and improving the overall security posture.

This case study follows the security breach that affected Target at the end of 2013 and resulted in the loss of financial data for over 70 million customers. The case provides an overview of the company and describes the reasons that led to one of the biggest security breaches in history. It offers a discussion on Target's vendor management processes and the vulnerability at Fazio Mechanical Services that was among the main causes of the breach. Further, the case introduces the incident response plan implemented by Target and discusses the aftermath of the attack. The lessons learned describe some of the steps the company took to mitigate risks in the future and to strengthen its security posture. While the breach had a significant impact on Target, the organization was able to fully recover from it and develop best practices that are now widely implemented by other retailers. The case is suitable for both undergraduate and graduate students enrolled in information security or information systems courses that discuss vendor management, security incident response, or general security program administration topics.

This teaching tip offers valuable insights into establishing a GenCyber student camp in underserved communities. It provides teaching tips and best practices for designing a curriculum tailored to high school students. The study highlights effective strategies for recruiting a diverse group of participants, addressing the global shortage in the cybersecurity workforce. Over a six-month period, students participated in a variety of online and in-person activities. The study presents practical assignments used to boost student engagement and participation. Experiential Learning Theory was applied to develop and implement learning objectives, with adapted scales to measure outcomes specific to the program's needs. Overall, students demonstrated increased cybersecurity knowledge upon completing the camp. This teaching tip serves as proof of concept, encouraging others to seek NSA funding for GenCyber grants to benefit their local communities.

This teaching tip offers valuable insights into establishing a GenCyber student camp in underserved communities. It provides teaching tips and best practices for designing a curriculum tailored to high school students. The study highlights effective strategies for recruiting a diverse group of participants, addressing the global shortage in the cybersecurity workforce. Over a six-month period, students participated in a variety of online and in-person activities. The study presents practical assignments used to boost student engagement and participation. Experiential Learning Theory was applied to develop and implement learning objectives, with adapted scales to measure outcomes specific to the program's needs. Overall, students demonstrated increased cybersecurity knowledge upon completing the camp. This teaching tip serves as proof of concept, encouraging others to seek NSA funding for GenCyber grants to benefit their local communities.

Healthcare accessibility research has been of growing interest for scholars and practitioners. This manuscript classifies prior studies on the Floating Catchment Area methodologies, a prevalent class of methodologies that measure healthcare accessibility, and presents a framework that conceptualizes accessibility computation. We build the Floating Catchment Method General Framework as an IT artifact, following best practices in Design Science Research. We evaluate the utility of our framework by creating an instantiation, as an algorithm, and test it with large healthcare data sets from California. We showcase the practical application of the artifact and address the pressing issue of access to quality healthcare. This example also serves as a prototype for Big Data Analytics, as it presents opportunities to scale the analysis vertically and horizontally. In order for researchers to perform high impact studies and make the world a better place, an overarching framework utilizing Big Data Analytics should be seriously considered.