Atif Ahmad

University of Melbourne | MSD · Department of Computing and Information Systems

The use of mobile devices in knowledge-intensive organizations while effective and cost-efficient also pose a challenging management problem. Often employees whether deliberately or inadvertently are the cause of knowledge leakage in organizations and the use of mobile devices further exacerbates it. This problem is the result of overly focusing on...

Information and knowledge leakage has become a significant security risk to Australian organizations. Each security incident in Australian business cost an average US$\$$2.8 million. Furthermore, Australian organisations spend the second most worldwide (US$\$$1.2 million each on average) on investigating and assessing information breaches. The leak...

This is a list of references relevant to cyber-threat intelligence

The increasing militarization of the cyber-threat environment has driven considerable interest in understanding the role of cyber-threat intelligence (CTI) in supporting the enterprise. Despite CTI’s value proposition to organizations, the rate of industry adoption has been low and localized within IT Operations. Our review of the research and prac...

In the digital age, the protection of information resources is critical to the viability of organizations. Information Security Management (ISM) is a protective function that preserves the confidentiality, integrity and availability of information resources in organizations operating in a complex and evolving security threat landscape. This paper a...

IT security outsourcing is the process of contracting a third-party security service provider to perform, the full or partial IT security functions of an organization. Little is known about the factors influencing organizational decisions in outsourcing such a critical function. Our review of the research and practice literature identified several...

Effective information security management (ISM) is contingent on intra-organisational liaison (IOL) between security personnel and stakeholders in ISM processes. IOL is a set of activities undertaken by information security personnel to communicate with internal stakeholders to increase their participation and involvement in the ISM process. Unfort...

Case-based learning (CBL) approaches are critical to the education of tomorrow’s executives and managers. CBL instigates critical discussion, draws out relevant experiences from students, encourages questioning of accepted practices, and creates dialogue between theory and practice. There is unfortunately a lack of quality teaching resources to sup...

Cybersecurity incident response teams mitigate the impact of adverse cyber-related events in organisations. Field studies of IR teams suggest that at present the process of IR is under-developed with a focus on the technological dimension with little consideration of practice capability. To address this gap, we develop a scenario-based training app...

Emerging paradigms of attack challenge enterprise cybersecurity with sophisticated custom-built tools, unpredictable patterns of exploitation, and an increasing ability to adapt to cyber defenses. As a result, organizations continue to experience incidents and suffer losses. The responsibility to respond to cybersecurity incidents lies with the inc...

Sensemaking is a critical activity in organizations. It is a process through which individuals ascribe meanings to events which forms the basis to facilitate collective action. However, the role of organizations, technology and individuals and their interaction in the process of sensemaking has not been sufficiently explored. This novel study seeks...

The internet can be broadly divided into three parts: surface, deep and dark. The dark web has become notorious in the media for being a hidden part of the web where all manner of illegal activities take place. This review investigates how the dark web is being utilised with an emphasis on cybercrime, and how law enforcement plays the role of its a...

Knowledge leakage poses a critical risk to the competitive advantage of knowledge-intensive organisations. Although knowledge leakage is a human-centric security issue, little is known about leakage resulting from individual behaviour and the protective strategies and controls that could be effective in mitigating leakage risk. Therefore, this rese...

The increasing frequency, impact, consequence and sophistication of cybersecurity attacks is becoming a strategic concern for boards and executive management of organisations. Consequently, in addition to focusing on productivity and performance, organisations are prioritizing Information Security Management (ISM). However, research has revealed li...

In this short paper we argue that to combat APTs, organizations need a strategic level shift away from a traditional prevention centered approach to that of a response centered one. Drawing on the information warfare (IW) paradigm in military studies, and using Dynamic Capability Theory (DCT), this research examines the applicability of IW capabili...

Teaching cases based on stories about real organizations are a powerful means of storytelling. These cases closely parallel real-world situations and can deliver on pedagogical objectives as writers can use their creative license to craft a storyline that better focuses on the specific principles, concepts, and challenges they want to address in th...

Case-based learning is a powerful pedagogical method of creating dialogue between theory and practice. CBL is particularly suited to executive learning as it instigates critical discussion and draws out relevant experiences. In this paper we used a real-world case to teach Information Security Management to students in Management Information System...

Advanced persistent threat (APT) is widely acknowledged to be the most sophisticated and potent class of security threat. APT refers to knowledgeable human attackers that are organized, highly sophisticated and motivated to achieve their objectives against a targeted organization(s) over a prolonged period. Strategically-motivated APTs or S-APTs ar...

Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past resea...

The effectiveness of cybersecurity management programs is contingent on improving employee security behaviour. Security education, training, and awareness (SETA) programs aim to drive positive behaviour change in support of cybersecurity objectives. In this paper, we argue that existing SETA programs are suboptimal as they aim to improve employee k...

Effective information security education, training, and awareness (SETA) is essential for protecting organisational information resources. Although many organisations invest significantly in SETA, incidents resulting from employee noncompliance are still increasing. We argue that this may indicate that current SETA programs are sub-optimal in impro...

The increasing frequency, impact, consequence and sophistication of cybersecurity attacks is becoming a strategic concern for boards and executive management of organisations. Consequently, in addition to focusing on productivity and performance, organisations are prioritising Information Security Management (ISM). However, research has revealed li...

This paper extends a proposed theory on information security using pilot data to further refine and elaborate. We argue that the goal of information security is imperfectly understood and aim to bring about an altered understanding of why efforts are made to engage in information security. The goal of information security is widely recognized as th...

Advanced persistent threat (APT) is widely acknowledged to be the most sophisticated and potent class of security threat. APT refers to knowledgeable human attackers that are organized, highly sophisticated and motivated to achieve their objectives against a targeted organization(s) over a prolonged period. Strategically-motivated APTs or S-APTs ar...

Effective information security education, training and awareness (SETA) is essential for protecting organisational information resources. Whilst most organisations invest significantly in implementing SETA programs, the number of incidents resulting from employee noncompliance with security policy are increasing. This trend may indicate that many c...

Knowledge leakage poses a critical risk to the competitiveness advantages of knowledge-intensive organisations. Although knowledge leakage is a human-centric security issue, little is known in relation to the key factors of individual-level leaking behaviour. Therefore, the aim of this thesis was to explore security practitioners' perspectives on t...

Knowledge leakage poses a critical risk to the competitiveness advantages of knowledge-intensive organisations. Although knowledge leakage is a human-centric security issue, little is known in relation to the key factors of individual-level leaking behaviour. Therefore, the aim of this thesis was to explore security practitioners' perspectives on t...

The inadvertent leakage of sensitive information through Online Social Networking (OSN) represents a significant source of security risk to organisations. Leakage of sensitive information such as trade secrets, intellectual property and personal details of employees can result in a loss of competitive advantage, loss of reputation, and erosion of c...

Effective information security training and awareness (ISTA) is essential to protect organizational information resources. Our review of industry best-practice guidelines on ISTA exposed two key deficiencies. First, they are presented at a conceptual-level without any empirical evidence of their validity. Second, the guidelines are generic (one siz...

The modern organisation operates within a sophisticated and evolving security threat landscape that exposes its information infrastructure to a range of security risks. Unsurprisingly, despite the existence of industry ‘best-practice’ security standards and unprecedented levels of investment in security technology, the rate of incidents continues t...

Dependence on information, including for some of the world’s largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences indicate that attacks are escalating on organisations conducting these information-based activi...

The Internet of Things (IoT) is considered to be one of the most significant disruptive technologies of modern times, and promises to impact our lives in many positive ways. At the same time, its interactivity and interconnectivity poses significant challenges to privacy and data protection. Following an exploratory interpretive qualitative case st...

This paper proposes a theory on information security. We argue that information security is imperfectly understood and aim to bring about an altered understanding of why efforts are made to engage in information security. The goal of information security is widely recognised as the confidentiality, integrity and availability of information however...

Organizations apply information security risk assessment (ISRA) methodologies to systematically and comprehensively identify information assets and related security risks. We review the ISRA literature and identify three key deficiencies in current methodologies that stem from their traditional accountancy-based perspective and a limited view of or...

Knowledge sharing drives innovation and the opportunity to develop a sustainable competitive advantage. However, in the extant knowledge management and information security literature, leakage from sharing activities is neglected. The risk of knowledge leakage is exacerbated with the pervasive use of mobile devices and the adoption of BYOD (Bring Y...

Research articles can support teaching by introducing the latest expert thinking on relevant topics and trends and describing practical real-world case studies to encourage discussion and analysis. However, from the point of view of the instructor, a common challenge is identifying the most suitable papers for classroom teaching amongst a very larg...

Considerable research effort has been devoted to the study of Policy in the domain of Information Security Management (ISM). However, our review of ISM literature identified four key deficiencies that reduce the utility of the guidance to organisations implementing policy management practices. This paper provides a comprehensive overview of the man...

Organizations apply information security risk assessment (ISRA) methodologies to systematically and comprehensively identify information assets and related security risks. We review the ISRA literature and identify three key deficiencies in current methodologies that stem from their traditional accountancy-based perspective and a limited view of or...

A critical objective of knowledge-intensive organizations is to prevent erosion of their competitive knowledge base through leakage. Our review of the literature highlights the need for a more refined conceptualization of perceived leakage risk. We propose a Knowledge Leakage Mitigation (KLM) model to explain the incongruity between perceived high-...

Dependence on information, including for some of the world's largest organisations such as governments and multinational corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences continue to indicate that attacks are still escalating on organisations when conducting these in...

Considerable research effort has been devoted to the study of Policy in the domain of Information Security Management (ISM). However, our review of ISM literature identified four key deficiencies that reduce the utility of the guidance to organisations implementing policy management practices. This paper provides a comprehensive overview of the man...

Research articles can support teaching by introducing the latest expert thinking on relevant topics and trends and describing practical real-world case studies to encourage discussion and analysis. However, from the point of view of the instructor, a common challenge is identifying the most suitable papers for classroom teaching amongst a very larg...

Knowledge sharing drives innovation and the opportunity to develop a sustainable competitive advantage. However, in the extant knowledge management and information security literature, leakage from sharing activities is neglected. The risk of knowledge leakage is exacerbated with the pervasive use of mobile devices and the adoption of BYOD (Bring Y...

The Internet of Things (IoT) heralds a new era of computing whereby every imaginable object is equipped with, or connected to a smart device allowing data collection and communication through the Internet. The IoT challenges individual privacy in terms of the collection and use of individuals' personal data. This study assesses the extent to which...

There is considerable literature in the area of information security management (ISM). However, from an organizational viewpoint, the collective body of literature does not present a coherent, unified view of recommended security management practices. In particular, despite the existence of ‘best-practice’ standards on information security manageme...

Our case analysis presents and identifies significant and systemic shortcomings of the incident response practices of an Australian financial organization. Organizational Incident Response Teams accumulate considerable experience in addressing information security failures and attacks. Their first-hand experiences provide organizations with a uniqu...

Modern organizations need to develop ‘digital forensic readiness’ to comply with their legal, contractual, regulatory, security and operational obligations. A review of academic and practitioner literature revealed a lack of comprehensive and coherent guidance on how forensic readiness can be achieved. This is compounded by the lack of maturity in...

Human knowledge-sharing networks generate Intellectual Property and Trade Secrets that provide private enterprise with competitive advantages. Although considerable research has focused on increasing the knowledge-sharing outcomes of such networks, there has been comparatively less emphasis on examining the possibility of competitive erosion throug...

Human knowledge-sharing networks generate Intellectual Property and Trade Secrets that provide private enterprise with competitive advantages. Although considerable research has focused on increasing the knowledge-sharing outcomes of such networks, there has been comparatively less emphasis on examining the possibility of competitive erosion throug...

Traditionally, digital forensic investigations are conducted by law enforcement agencies to collect evidence ‘after-the-fact’. Given the volatility of digital environments and the time expired between incident and investigation, law enforcement typically finds a limited amount of usable evidence available for collection and subsequent analysis. In...

Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation aware...

Purpose This paper describes the development, design, delivery and evaluation of a post-graduate information security subject that focuses on a managerial, rather than the more frequently reported technical perspective. The authors aimed to create an atmosphere of intellectual excitement and discovery so that students felt empowered by new ideas, t...

Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inapprop...

The strategic management literature emphasizes the importance of protecting organizational knowledge and information, especially in terms of maintaining competitive advantage. We synthesized several mechanisms from the literature that organizations could deploy to protect their knowledge and information. An Australian field study investigated how a...

There considerable advice in both research and practice oriented literature on the topic of information security. Most of the discussion in literature focuses on how to prevent security attacks using technical countermeasures even though there are a number of other viable strategies such as deterrence, deception, detection and response. This paper...

Although digital forensics has traditionally been associated with law enforcement, the impact of new regulations, industry standards and cyber-attacks, combined with a heavy reliance on digital assets, has resulted in a more prominent role for digital forensics in organizations. Modern organizations, therefore, need to be forensically ready in orde...

Three deficiencies exist in information security under prevailing practices: organisations tend to focus on compliance over protection; to estimate risk without investigating it; and to assess risk on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of dec...

***BEST PAPER AWARD*** Information Security (InfoSec) education varies in its content, focus and level of technicality across the world. In this paper we investigate the differences between graduate InfoSec programs in top universities in China and in the United States of America (USA). In China, curriculum emphasises Telecommunication, Computer Sc...

In the modern information economy, the security of information is critically important to organizations. Information-security risk assessments (ISRAs) allow organizations to identify key information assets and security risks so security expenditure can be directed cost-effectively. Unfortunately conducting ISRAs requires special expertise and tends...

System activity logs create an ongoing history of chronologically ordered records that describe events taking place in a computing system. Although system activity logs were originally designed for performance monitoring and troubleshooting, they can be used to collect forensic evidence. This paper develops a generic ‘technology-independent’ model...

Despite the benefits of social media to organizations, the pervasive online social networking (OSN) among employees has been reported to be detrimental to organizations. The ubiquity of social technologies makes employees' professional and personal boundaries unclear, allowing inadvertent leakage of organizational information through the public dom...

The enforcement of information security policy is an important issue in organisations. Previous studies approach policy enforcement using deterrence theory to deal with information security violations and focus on end-users’ awareness. This study investigates deterrence strategy within organisations from the perspective of information security mana...

Incident response is a critical security function in organisations that aims to manage incidents in a timely and cost-effective manner. This research was motivated by previous case studies that suggested that the practice of incident response frequently did not result in the improvement of strategic security processes such as policy development and...

The explosion of online social networking (OSN) in recent years has caused damages to organisations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realise their social engineering techniques and un...

Information security risk assessments (ISRAs) are of great importance for organisations. Current ISRA methods identify an organisation’s security risks and provide a measured, analysed security risk profile of critical information assets in order to build plans to treat risk. However, despite prevalent use in organisations today, current methods ad...

Effective response to information security incidents is a critical function of modern organisations. However, recent studies have indicated that organisations have adopted a narrow and technical view of incident response (IR), focusing on the immediate concern of detection and subsequent corrective actions. Although some reflection on the IR proces...

In organizations, employee behaviour has a considerable impact on information security. The organizational culture (OC) that shapes acceptable employee behaviours is therefore significant. A large body of literature exists that calls for the cultivation of security culture to positively influence information security related behaviour of employees....

***BEST PAPER AWARD*** The enforcement of information security policy is an important issue in organisations. Previous studies approach policy enforcement using deterrence theory to deal with information security violations and focus on end-users’ awareness. This study investigates deterrence strategy within organisations from the perspective of in...

The professionalization of computer crime has resulted in a shift in motivation away from bragging rights towards financial gain. As a result, the operational tactics of cyber criminals is beginning to incorporate reconnaissance and intelligence gathering to inform attack planning. This paper discusses why information leakage in general, and Online...

The Information Security Policy (ISP) of an organisation is expected to specify for employees their behaviour towards security, and the security ethos of the organisation. However, there are a wide range of opinions and expertise that should be considered by organisations when developing an ISP. This paper aims to identify the stakeholders that sho...

Purpose – Many methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information used by organisations. This paper argues that these methodologies have a traditional orientation towards the identification and assessment of technical information assets. This obscures key risks associa...