Abubakar Bello scite author profile

Purpose This paper’s purpose is to provide a current best practice approach that can be used to identify and manage bring your own device (BYOD) security and privacy risks faced by organisations that use mobile devices as part of their business strategy. While BYOD deployment can provide work flexibility, boost employees’ productivity and be cost cutting for organisations, there are also many information security and privacy issues, with some widely recognised, and others less understood. This paper focuses on BYOD adoption, and its associated risks and mitigation strategies, investigating how both information security and privacy can be effectively achieved in BYOD environments. Design/methodology/approach This research paper used a qualitative research methodology, applying the case study approach to understand both organisational and employee views, thoughts, opinions and actions in BYOD environments. Findings This paper identifies and understands BYOD risks, threats and influences, and determines effective controls and procedures for managing organisational and personal information resources in BYOD. Research limitations/implications The scope of this paper is limited to the inquiry and findings from organisations operating in Australia. This paper also suggests key implications that lie within the ability of organisations to adequately develop and deploy successful BYOD management and practices. Originality/value This paper expands previous research investigating BYOD practices, and also provides a current best practice approach that can be used by organisations to systematically investigate and understand how to manage security and privacy risks in BYOD environments.

show abstract

The Role of User Behaviour in Improving Cyber Security Management

Moustafa

Bello

Maurushat

2021

Front. Psychol.

View full text Add to dashboard Cite

Information security has for long time been a field of study in computer science, software engineering, and information communications technology. The term ‘information security’ has recently been replaced with the more generic term cybersecurity. The goal of this paper is to show that, in addition to computer science studies, behavioural sciences focused on user behaviour can provide key techniques to help increase cyber security and mitigate the impact of attackers’ social engineering and cognitive hacking methods (i.e., spreading false information). Accordingly, in this paper, we identify current research on psychological traits and individual differences among computer system users that explain vulnerabilities to cyber security attacks and crimes. Our review shows that computer system users possess different cognitive capabilities which determine their ability to counter information security threats. We identify gaps in the existing research and provide possible psychological methods to help computer system users comply with security policies and thus increase network and information security.

show abstract

Synthesis of Evidence on Existing and Emerging Social Engineering Ransomware Attack Vectors

Bello

Maurushat

2022

View full text Add to dashboard Cite

As the threat landscape continues to evolve, users are becoming less aware, ignorant, or negligent, putting their confidential data at risk. Users easily fall prey to socially engineered ransomware attacks that encrypt and lock a computer or mobile device, holding it hostage unless a ransom is paid. The cryptoware encrypts data securely, making it almost impossible for anyone except the hacker to unlock the device. This research conducts a systematic review to identify methods for executing socially engineered ransomware attacks. Using a CRI framework, 122 studies were synthesized from 3209 research articles highlighting gaps in identifying and analyzing attack vectors, as well as the need for a holistic approach to ransomware with behavioural control as part of the solution. Human vulnerability was found to be a critical point of entry for miscreants seeking to spread ransomware. This review will be useful in developing control models that will educate organisations and security professionals to focus on adopting human-centered solutions to effectively counter ransomware attacks.

show abstract

Incorporating Psychology into Cyber Security Education: A Pedagogical Approach

Taylor-Jackson

McAlaney

Foster

et al. 2020

View full text Add to dashboard Cite

The role of the human in cyber security is well acknowledged. Many cyber security incidents rely upon targets performing specific behavioural actions, such as opening a link within a phishing email. Cyber adversaries themselves are driven by psychological processes such as motivation, group dynamics and social identity. Furthermore, both intentional and unintentional insider threats are associated with a range of psychological factors, including cognitive load, mental wellbeing, trust and interpersonal relations. By incorporating psychology into cyber security education, practitioners will be better equipped with the skills they need to address cyber security issues. However, there are challenges in doing so. Psychology is a broad discipline, and many theories, approaches and methods may have little practical significance to cyber security. There is a need to sift through the literature to identify what can be applied to cyber security. There are also pedagogical differences in how psychology and cyber security are taught and also psychological differences in the types of student that may typically study psychology and cyber security. To engage with cyber security students, it is important that these differences are identified and positively addressed. Essential to this endeavor is the need to discuss and collaborate across the two disciplines. In this paper, we explore these issues and discuss our experiences as psychology and cyber security academics who work across disciplines to deliver psychology education to cyber security students, practitioners and commercial clients.

show abstract

A Systemic Review of the Cybersecurity Challenges in Australian Water Infrastructure Management

Bello

Jahan

Farid

et al. 2022

Water

View full text Add to dashboard Cite

Cybersecurity risks have become obstinate problems for critical water infrastructure management in Australia and worldwide. Water management in Australia involves a vast complex of smart technical control systems interconnected with several networks, making the infrastructure susceptible to cyber-attacks. Therefore, ensuring the use of security mechanisms in the control system modules and communication networks for sensors and actuators is vital. The statistics show that Australia is facing frequent cyber-attacks, most of which are either undetected or overlooked or require immediate response. To address these cyber risks, Australia has changed from a country with negligible recognition of attacks on critical infrastructure to a country with improved capability to manage cyber warfare. However, little attention is paid to reducing the risk of attacks to the critical water infrastructure. This study aims to evaluate Australia’s current cybersecurity attack landscape and the implemented controls for water infrastructure using a systematic literature review (SLR). This study also compares Australia in the context of global developments and proposes future research directions. The synthesis of the evidence from 271 studies in this review indicates the importance of managing security vulnerabilities and threats in SCADA water control systems, including the need to upgrade the contemporary water security architecture to mitigate emerging risks. Moreover, human resource development with a specific focus on security awareness and training for SCADA employees is found to be lacking, which will be essential for alleviating cyber threats to the water infrastructure in Australia.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Abubakar Bello

A systematic approach to investigating how information security and privacy can be achieved in BYOD environments

The Role of User Behaviour in Improving Cyber Security Management

Synthesis of Evidence on Existing and Emerging Social Engineering Ransomware Attack Vectors

Incorporating Psychology into Cyber Security Education: A Pedagogical Approach

A Systemic Review of the Cybersecurity Challenges in Australian Water Infrastructure Management

Contact Info

Product

Resources

About