Gerald V. Post

Bio: Gerald V. Post is an academic researcher from University of the Pacific (United States). The author has contributed to research in topics: Security information and event management & Security through obscurity. The author has an hindex of 8, co-authored 20 publications receiving 213 citations.

OO-CASE tools: an evaluation of Rose

Abstract: Object-oriented software development utilizes new design methodologies. These methodologies can be supported by computer-aided software engineering tools, such as Rational Rose. A survey of software developers identifies the demand for various features, and reveals strengths and need for improvements in Rational Rose. Overall, respondents indicated that Rational Rose provides strong support for OO design, but could additional support for teamwork, prototyping, and improvements in ease of use.

Using re-voting to reduce the threat of coercion in elections

Abstract: Voter coercion, such as vote buying, has been minimised for decades with the private voting booth. Cellphone videos, absentee ballots, voter receipts and internet voting re-introduce the possibility of coercion because they are methods to prove a vote. This article presents a mathematical model of the voting process to show that giving voters the option to re-vote removes this proof because an observed vote is not necessarily final. Re-voting can also be used to spot threats such as viruses and Trojan horses that subvert voting machines. Re-voting mechanisms require cryptography techniques to separate user identifiers from votes cast, enabling the system to track votes by time without providing the specific identity of the user or the details of the vote cast. Mix-nets and homomorphic encryption provide the necessary tools.

Computer security and operating system updates

Abstract: Application and operating system errors are a continuing source of problems in computer security. As businesses increase the number of servers through distributed computing and server farms, it becomes more difficult to keep the systems up to date. A survey of security professionals reveals that most find it difficult to keep up to date with security patches. Consequently, developing more automated management tools is an important step in improving enterprise security.

Protection motivation and deterrence: a framework for security policy compliance in organisations

Abstract: Enterprises establish computer security policies to ensure the security of information resources; however, if employees and end-users of organisational information systems (IS) are not keen or are ...

Privacy in the digital age: a review of information privacy research in information systems

Abstract: Information privacy refers to the desire of individuals to control or have some influence over data about themselves. Advances in information technology have raised concerns about information privacy and its impacts, and have motivated Information Systems researchers to explore information privacy issues, including technical solutions to address these concerns. In this paper, we inform researchers about the current state of information privacy research in IS through a critical analysis of the IS literature that considers information privacy as a key construct. The review of the literature reveals that information privacy is a multilevel concept, but rarely studied as such. We also find that information privacy research has been heavily reliant on studentbased and USA-centric samples, which results in findings of limited generalizability. Information privacy research focuses on explaining and predicting theoretical contributions, with few studies in journal articles focusing on design and action contributions. We recommend that future research should consider different levels of analysis as well as multilevel effects of information privacy. We illustrate this with a multilevel framework for information privacy concerns. We call for research on information privacy to use a broader diversity of sampling populations, and for more design and action information privacy research to be published in journal articles that can result in IT artifacts for protection or control of information privacy.

Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness

Abstract: Secure management of information systems is crucially important in information intensive organizations. Although most organizations have long been using security technologies, it is well known that technology tools alone are not sufficient. Thus, the area of end-user security behaviors in organizations has gained an increased attention. In information security observing end-user security behaviors is challenging. Moreover, recent studies have shown that the end users have divergent security views. The inability to monitor employee IT security behaviors and divergent views regarding security policies, in our view, provide a setting where the principal agent paradigm applies. In this paper, we develop and test a theoretical model of the incentive effects of penalties, pressures and perceived effectiveness of employee actions that enhances our understanding of employee compliance to information security policies. Based on 312 employee responses from 77 organizations, we empirically validate and test the model. Our findings suggest that security behaviors can be influenced by both intrinsic and extrinsic motivators. Pressures exerted by subjective norms and peer behaviors influence employee information security behaviors. Intrinsic motivation of employee perceived effectiveness of their actions was also found to play an important role in security policy compliance intentions. In analyzing the penalties, certainty of detection was found to be significant while surprisingly, severity of punishment was found to have a negative effect on security behavior intentions. We discuss the implications of our findings for theory and practice.