Dec 14
Next seminar will be arranged in Oulu 14th of December 2011. Topic of the seminar is “The role of user, behavior and training in the context of Information Security.” Seminar place is University of Oulu, lecture hall L5.
Seminar programme is available on the web, download here.
Dec 10
Väitöstilaisuus: 10.12.2011 klo 12.00
Paikka: Linnanmaa, luentosali: IT116
Väittelijä: Heli Tervo
Aihe: Information technology incidents in the present information society : Viewpoints of service providers, users, and the mass media
Vastaväittäjä:
Kustos: professori Mikko Siponen
Abstract:
Our society relies increasingly on information technology (IT). In such a society, it is important that we, as citizens, trust and are satisfied with services utilizing IT. Unfortunately, IT problems in the use of services are part of our daily lives and, as such, are frequently reported by the mass media. While the information systems (IS) field has studied system and service acceptance, use, threats, and failures, we have found no studies that examine how these IT failures affect the system usage after a failure.
This dissertation addresses this gap in research by studying users’ intentions after service degradation related to IT problems and providing a larger view of IT-based incidents in an information society from the viewpoints of the mass media and service providers. In order to do this, a newspaper survey was first conducted to ascertain a concept of the public perception of IT-based problems. Second, qualitative interviews were conducted to reach an understanding of service providers’ viewpoints of IT problems. Third, users’ attitudes and reactions to service degradation were studied through interviews.
The main results reveal that most of the IT problems visible to society are the same ones that system and service providers perceive to be the most problematic. Our results suggest that, after service degradation, users are eager to use the service again if they receive relevant information. Compensation alone will not satisfy users when the incident creates unpredictability and uncertainty for them. If the system provider does not inform users directly after the incident, they readily rely on the mass media. Information and knowledge thus play a significant role in incidents. However, there are two service types where we found a different type of user reaction. First, telecommunications and computers seemed to be special cases, with more tolerance of problems in general. Second, the tolerance was low with regard to vital services, i.e., services related to children, health, and safety, for example. Nevertheless, in interviews it was seen that in both types of services the effect of real time and accurate information was influential, often more than any other activities in the failure recovery. The results of this study provide new views of IT-based incidents in an information society, as well as insights for service providers to better recover from service degradation.
Nov 12
Väitöstilaisuus: 12.11.2011 klo 12.00
Paikka: Linnanmaa, OP-sali (L10)
Väittelijä: Kari Nykänen
Aihe: Tietoturvakoulutuksen vaikuttavuuden arviointi yksilön ja organisaation tietoturvakäyttäytymiseen
Vastaväittäjä: professori Jaana Porra
Kustos: professori Mikko Siponen
Abstract:
Information security is a key factor supporting companies’ security and business requirements, and it is significantly affected by the information security behavior of the employees. Previous research has studied empirically as to which factors explains employees’ compliance with information security policies and instructions. However, there are only a few empirical studied on the effectiveness of information security training on the information security behavior of employees. Especially, studies examining the effect on training on employees’ cyberloafing (non-work related Internet use) behavior are far and few between. To address this gap in research, this thesis carries out an action research study aimed at improving employees’ cyberloafing behavior at an organizational context. The results suggest that cyberloafing can be reduced by a proper training.
Oct 28
Väitöstilaisuus: 28.10.2011 klo 12.00
Paikka: Linnanmaa, OP-sali (L10)
Väittelijä: Mari Karjalainen
Vastaväittäjät:
Distinguished Professor France Bélanger and Professor Michael Newman
Kustos: professori Mikko Siponen
Abstract:
Employee non-compliance with information systems (IS) security procedures is a key concern for organizations. However, even though the importance of having effective IS security training is widely acknowledged by scholars and practitioners, the existing literature does not offer an understanding of the elementary characteristics of IS security training, nor does it explain how these elementary characteristics shape IS security training principles in practice. To this end, this thesis develops a theory that suggests that IS security training has certain elementary characteristics that separate it from other forms of training, and sets a fundamental direction for IS security training practices. Second, the theory defines four pedagogical requirements for designing IS security training approaches. Then it points out that no existing IS security training approaches meet all these requirements. To address these shortcomings, the way in which to design an IS security training approach that meets all these requirements is demonstrated.
In this thesis it is also argued that, along with an effective IS security training approach, reasons for employees’ IS security behavior need to be understood. The existing empirical research in the field of employees’ IS security behavior is dominated by theory-verification studies that test well-known theories developed in other fields in the context of IS security. Instead, it is argued that there is a need to focus the investigation on the phenomenon of employees’ compliance itself through an inductive and qualitative approach to complement the existing body of knowledge of this topic. As a result, a framework identifying reasons associated with compliance/non-compliance with security procedures is developed. A particularly interesting finding is that individuals’ violation of IS security procedures depends on the type of violation.
Besides advancing a meta-theory for IS security training and developing the theoretical framework that points out reasons for employees’ IS security behavior, the thesis provides a future research agenda for IS security training and behavior. For practitioners, this thesis points out the limitations of the previous IS security training approaches and reasons for IS security behavior and, based on these observations, offers principles for designing effective IS security training approaches in practice.
Oct 21
Aika: 21.10.2011 klo 12.00
Paikka: Linnanmaa, OP-sali (L10)
Väittelijä: Gregory Moody
Aihe: A multi-theoretical perspective on IS security behaviors
Vastaväittäjä: Distinguished Professor Detmar W. Straub
Kustos: professori Mikko Siponen
Abstract:
Increasingly, organizations and individuals rely upon technologies and networks more and more. Likewise, these environments are infested with more dangers, which could be avoided if computer users were to follow general security guidelines or procedures. Despite the ever-increasing threat, little research has addressed or explained why individuals purposefully engage in behaviors that make them more vulnerable to these threats, rather than avoiding or protecting themselves from such threats. Despite the advantage that could be afforded by understanding the motivations behind such behaviors, research addressing these behaviors is lacking or focused on very specific theoretical bases.
This dissertation addresses this research gap by focusing on security-related behaviors that have yet to be addressed in this research stream, and by using novel theoretical perspectives that increase our insight into these types of behaviors. Four studies (n = 1,430) are tested and reported here that support the four behaviors and theoretical perspectives that are of focus in this dissertation.
By considering additional theories, constructs, and theoretical perspectives, this dissertation provides several important contributions to security-related behaviors. The results of this study provide new insights into the motivations behind the purposeful enactment of behaviors that increase one’s vulnerability to technological threats and risks.
Jun 7
Tietoturvan tutkimuskeskus (ISSRC) järjestää tietoturvan kesäseminaarin 7.-8.6.2011 Mikkelissä.
Osoite: Hotelli Cumulus, Mikonkatu 9
Jan 31
Oulun yliopiston tietojenkäsittelytieteiden laitoksen professori Mikko Siponen huomioitiin parhaana eurooppalaisena alan järjestön AIS:n (Association for Information Systems) julkaisuja mittaavalla ranking-listalla. Siposen sijoitus maailmanlaajuisella listalla oli kahdeskymmenes.
Lista perustuu julkaisuihin tietojärjestelmätieteen kahdessa merkittävimmässä lehdessä. Pelkästään alan parhaana pidetyn lehden, MIS Quarterlyn, julkaisut huomioivassa listassa Siponen sijoittui jaetulle toiselle sijalle.
Tietojenkäsittelytieteiden laitoksella professorina toimiva Siponen on kansainvälisesti arvostettu tietoturvatutkija ja ISSRC-tutkimuskeskuksen johtaja.
Tietojenkäsittelytieteen lehtien ranking-lista
Tietojenkäsittelytieteen tutkijoiden top-100 -lista
Nov 25
Tietoturvan tutkimuskeskus (ISSRC) järjestää tietoturvallisuuden talviseminaarin 2.12.2010
Osoite: Oulun yliopisto Rakentajantie 3
Luentosali: IT115
Feb 1
Puolihuolimattomasti työpaikalla avattu internetlinkki sähköpostiviestissä saattaa päästää työnantajan tietojärjestelmään viruksen, jonka poistaminen vaatii paljon työtunteja ja tuottaa huomattavat lisäkustannukset. Lentoterminaalin tuolille taskusta tipahtanut muistitikku sisältää yrityksen suunnitelmat pitkään kehitetystä tuotteesta. Vääriin käsiin joutuessaan sen hukkaamisesta seuraa työnantajayritykselle merkittävät tulonmenetykset. Read more »
Sep 25
Tekes has listed examples of top research groups in Finland (Computer and Information Sciences& Engineering). These Finnish research groups can host NSF Graduate Research Fellows. The groups are:
1. Information Systems Security Research Center (ISSRC, University of Oulu, Department of Information Processing Science)
2. Centre for Wireless Communications, University of Oulu
3. Helsinki Institute for Information Technology HIIT
More information on Tekes website:
