Εκπαίδευση - Σπουδές

Ερευνητικά Ενδιαφέροντα

Διδασκαλία

Δημοσιεύσεις σε Διεθνή Περιοδικά (Journals)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


I. Topa, M. Karyda, From Theory to Practice: Guidelines for Enhancing Information Security Management, Journal of Information and Computer Security, Vol. 27, No. 3, pp. 326-342, 2019, Emerald Publishing
 

Abstract
This study aims to identify the implications of security behaviour determinants for security management to propose respective guidelines which can be integrated with current security management practices, including those following the widely adopted information security standards ISO 27001, 27002, 27003 and 27005. Based on an exhaustive analysis of related literature, the authors identify critical factors influencing employee security behaviour and ISP compliance. The authors use these factors to perform a gap analysis of widely adopted information security standards ISO 27001, 27002, 27003 and 27005 and identify issues not covered or only partially addressed. Drawing on the implications of security behaviour determinants and the identified gaps, the authors provide guidelines which can enhance security management practices. The authors uncover the factors shaping security behaviour barely or partly considered in the ISO information security standards ISO 27001, 27002, 27003 and 27005, including top management participation, accommodating individual characteristics, embracing the cultural context, encouraging employees to comply out of habit and considering the cost of compliance. Furthermore, the authors provide guidelines to security managers on enhancing their security management practices when implementing the above ISO Standards. This study offers guidelines on how to create and design security management practices whilst implementing ISO standards (ISO 27001, ISO 27002, ISO 27003, ISO 27005) so as to enhance ISP compliance. This study analyses the role and implications of security behaviour determinants, discusses discrepancies and conflicting findings in related literature, provides a gap analysis of commonly used information security standards (ISO 27001, 27002, 27003 and 27005) and proposes guidelines on enhancing security management practices towards improving ISP compliance.

Επιστημονικά Συνέδρια (Conferences)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


I. Topa, M. Karyda, Usability Characteristics of Security and Privacy Tools: The User’s Perspective, 33rd IFIP TC 11 International Conference, SEC 2018 Held at the 24th IFIP World Computer Congress, WCC 2018, Lech Jan Janczewski, Mirosław Kutyłowski, (eds), pp. 231–244, Sep, 2018, Poznan, Poland, Springer Nature Switzerland AG 2018
 

Abstract
Abstract. Use of security and privacy tools is still limited for various reasons, including usability issues. This paper analyses usability characteristics of security and privacy tools by drawing on relevant literature and employing scenario-based questionnaires and interviews with 150 users to capture their views. Based on users’ feedback, we analyse the role of usability characteristics and identify critical issues such as transparency, control of personal data, design and accessibility and consistency. This paper provides insights into the multifaceted issue of usability of security tools from the users’ perspective and a comprehensive picture of users’ needs and expectations. Some of the findings of this study show that users regard as important that security and privacy tools incorporate usability characteristics relevant to installation, design and accessibility, control and automation, visible feedback, and locatable security settings. Furthermore, users encounter problems with understanding technical terms and report that the availability of tools among smartphones and operating systems is a usability issue.

I. Topa, M. Karyda, ANALYZING SECURITY BEHAVIOUR DETERMINATS FOR ENHANCING ISP COMPLIANCE AND SECURITY MANAGEMENT, 13th European, Mediterranean and Middle Eastern Conference on Information Systems(EMCIS) 2016, Dec, 2016, Krakow, Poland
 

Abstract
Extant literature has identified a wide range of factors that influence employees’ compliance to organisational ISPs and shape security behaviour. Security management, however, has not embodied this knowledge as many studies employ different terms to refer to similar concepts or focus only on a specific aspect (e.g. cognitive or environmental issues), depending on the theoretical approach used. Literature provides limited directions to security managers on the effect of security behaviour determinants on security management. This paper provides a comprehensive analyis of factors that have been identified, through an extensive literature review. It also provides an analysis and discussion of how these factors can enhance information security policy compliance. This work provides a conceptual framework that can facilitate security managers understand employee security behaviour and assist them to improve current security management. The paper also identifies controversial findings in relevant literature and suggests issues that need further investigation.

I. Topa, M. Karyda, Identifying Factors that Influence Employees’ Security Behavior for Enhancing ISP Compliance, 12th Trust, Privacy and Security in Digital Business International Conference, pp. 169-179, Dec, 2015, Valencia, Spain, Springer International Publishing,
 

Abstract
Organizations apply information security policies to foster secure use of information systems but very often employees fail to comply with them. Employees’ security behavior has been the unit of analysis of research from different theoretical approaches, in an effort to identify the factors that influence security policy compliance. Through a systematic analysis of extant literature this paper identifies and categorizes critical factors that shape employee security behavior and proposes security management practices that can enhance security compliance. Research findings inform theory by identifying research gaps and support security management.

T. Spyridopoulos, I. Topa, T. Tryfonas, M. Karyda, A holistic approach for Cyber Assurance of Critical Infrastructure with the Viable System Model, 29th IFIP TC 11 International Conference, SEC 2014, pp. 438-445, Jun, 2014, Marrakech, Morocco, Springer Berlin Heidelberg, http://link.springer.com/chapter/10...
 

Abstract
Industrial Control Systems (ICSs) are of the most important compo- nents of National Critical Infrastructure. They can provide control capabilities in complex systems of critical importance such as energy production and distribution, transportation, telecoms etc. Protection of such systems is the cornerstone of essential service provision with resilience and in timely manner. Effective risk management methods form the basis for the protection of an Industrial Control System. However, the nature of ICSs render traditional risk management methods insufficient. The proprietary character and the complex interrelationships of the various systems that form an ICS, the potential impacts outside its boundaries, along with emerging trends such as the exposure to the Internet, necessitate revisiting traditional risk management methods, in a way that treat an ICS as a system-of-systems rather than a single, one-off entity. Towards this direction, in this paper we present enhancements to the traditional risk management methods at the phase of risk assessment, by utilising the cybernetic construct of the Viable System Model (VSM) as a means towards a holistic view of the risks against Critical Infrastructure. For the purposes of our research, utilising VSM’s recur- sive nature, we model the Supervisory Control and Data Acquisition (SCADA) system, a most commonly used ICS, as a VSM and identify the various assets, in- teractions with the internal and external environment, threats and vulnerabilities.

Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Κεφάλαια σε Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Επιμέλεια Πρακτικών Διεθνών Συνεδρίων


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.