Stephen Flowerday

• Professor at University of Tulsa

The video game market is forecasted to be valued at $321.6 billion by 2027. Today, younger generations increasingly prefer spending their leisurely time playing online video games. Beyond providing a leisurely – and often competitive – activity to the bulk of its user base, online video games provide cybercriminals with an environment that is free...

In this study, we investigated the expanding problem of suspicious activity when using online in-game asset trading platforms. The decentralized structures and anonymity offered by these platforms provide a basis for suspicious actions, creating a threat to the virtual economy. By evaluating 18,157 rows of anonymized transaction data from 38 unique...

Security Operation Centers (SOCs) comprise people, processes, and technology and are responsible for protecting their respective organizations against any form of cyber incident. These teams consist of SOC analysts, ranging from Tier 1 to Tier 3. In defending against cyber-attacks, SOCs monitor and respond to alert traffic from numerous sources. Ho...

To date, research on incident response has predominantly focused on system resilience in terms of recovery mechanisms, falling short of discussing how systems improve post-disruption. This work offers a novel conceptual investigation into systems that improve because of disruption experienced within the cybersecurity context – antifragile systems....

The volume and complexity of alerts that security operation center (SOC) analysts must manage necessitate automation. Increased automation in SOCs amplifies the risk of automation bias and complacency whereby security analysts become over-reliant on automation, failing to seek confirmatory or contradictory information. To identify automation charac...

The continuous integration of automated tools into security operation centers (SOCs) increases the volume of alerts for security analysts. This amplifies the risk of automation bias and complacency to the point that security analysts have reported missing, ignoring, and not acting upon critical alerts. Enhancing the SOC environment has predominantl...

While prevailing scholarly opinion often emphasizes the suitability of virtual worlds to small-scale laundering operations, this paper challenges this perspective. Previous literature has overlooked the substantial monetary value associated with online gaming accounts and virtual assets, particularly given the rapid growth of the microtransaction b...

Purpose Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this paper is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, to ensure s...

In spite of increasing attacks against crypto-currency platforms, involving staggeringly large amounts of money, there has been surprisingly little research into how the blockchain infrastructure at the core of these platforms could be enhanced to improve security. This study examines security weaknesses in public blockchains in an attempt to gain...

The online video game market is forecasted to be valued at $321.6 billion by 2027. Today, younger generations increasingly prefer spending their leisurely time playing online video games. Beyond providing a leisurely - and often competitive - activity to the bulk of its user base, online video games provide cybercriminals with an environment that i...

Purpose — This paper aims to investigate how best to classify money laundering through online video games (i.e. virtual laundering). Currently, there is no taxonomy available for scholars and practitioners to refer to when discussing money laundering through online video games. Without a well-defined taxonomy it becomes difficult to reason through,...

Frequent and habitual engagement with social media can reinforce certain activities such as sharing, clicking hyperlinks, and liking, which may be performed with insufficient cognition. In this study, we aimed to examine the associations between personality traits, habits, and information processing to identify social media users who are susceptibl...

Online users are responsible for protecting their online privacy themselves: the mantra is custodiat te (protect yourself). Even so, there is a great deal of evidence pointing to the fact that online users generally do not act to preserve the privacy of their personal information, consequently disclosing more than they ought to and unwisely divulgi...

Self-disclosure as influenced by perceived risks and benefits plays an important role within the context of social media use and the associated privacy risk. Some social media platforms, like Facebook (now part of Meta Platforms Inc.), provide users with elaborate means to control privacy risk. Conversely, Instagram (also part of Meta) provides use...

Increased urbanization against the backdrop of limited resources complicates city planning and the management of functions, including public safety. The smart city concept can help, but most previous smart city systems have focused on utilizing automated sensors and analyzing quantitative data. In developing nations, limited resources make using th...

Background: Socially desirable responding within the context of self-reported surveys is a well-known and persistent problem that plagues quantitative studies. Such forms of responding are particularly problematic within the context of personality-based studies that investigate privacy-related decision-making. In such instances, certain respondents...

Only a few studies have been conducted to understand the motives behind password-sharing. Password-sharing is difficult to resolve, given that best practices for promoting "good" password management behavior have been found wanting when extended to password-sharing. This is a huge concern given the global inclination towards information systems sec...

Purpose The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting or mistyping the password (usually because of character switching). The source of this issue is that while a password containing combinations of lowercase characte...

IT governance adoption and use in the South African public sector is deemed critical to good public administration and is regulated by government through the Corporate Governance of ICT Policy Framework (CGICTPF). The CGICTPF was published in 2012 and is based on COBIT5, ISO38500 and the King IV Report. However, compliance with the CGICTPF has been...

The sociologist Norbert Elias argued that the ability to take responsibility is part of a ‘civilizing process’. Neoliberal governments appear to agree with this, because they have ‘responsibilised’ their citizens in many domains. Pellandini- Simányi and Conte explain that the concept of responsibilisation refers to the assigning of responsibility t...

Countries such as South Africa have attempted to leverage eHealth by digitising patients' medical records with the aim of improving the delivery of healthcare. This involves the use of an electronic health record (EHR) which is a longitudinal electronic record of a patient's information. The EHR includes all the patient's encounters that have been...

Purpose Social media has created a new level of interconnected communication. However, the use of online platforms brings about various ways in which a user’s personal data can be put at risk. This study aims to investigate what drives the disclosure of personal information online and whether an increase in awareness of the value of personal inform...

Facebook users are often affected by privacy violations, many of which could be avoided by making adequate use of and periodically reviewing their privacy settings. However, despite frequent reports of privacy-related news and events, many users fail to periodically review these settings. In doing so, they remain vulnerable to privacy violations an...

Social media platforms have become essential to organisations in developing countries as they can offer a business advantage. This comes with security risks and privacy concerns as numerous scientific literatures have testified. Although the majority of employees are using social media privately and at the workplace (using the same device such as a...

Despite the great advances in the field of electronic health records (EHRs) over the past 25 years, implementation and adoption challenges persist, and the benefits realized remain below expectations. This scoping review aimed to present current knowledge about the effects of EHR implementation and the barriers to EHR adoption and use. A literature...

The unauthorized use of personal information belonging to users of apps integrated with the Facebook platform affects millions of users. Crucially, although privacy concerns and awareness have increased, the use of these apps, and related privacy behaviors, remain largely unchanged. Given that such privacy behaviors are likely influenced by individ...

Despite recent privacy scandals, the intensity with which individuals use Facebook has not declined. This indicates that individuals still place significant value on the psychosocial development afforded by using Facebook. As such, the objective of this study was to develop a research model to evaluate the influence of specific individual differenc...

Background: The migration of phishing scams to social media platforms poses a serious information security threat to social media users. Users often remain unaware of the various phishing threats on social media and consequently they thoughtlessly engage on these platforms. Objectives: The objective of this article was to identify the factors that...

Purpose An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of healthcare. However, this can create security and privacy risks to patient information. This paper aims to present a model for securing the EHR based on role-based access control...

It was found that employees spend a total of 2.25 days within 60 days on password-related activities. The time consumed by this is unproductive and has a negative impact on usability. The problem is caused by current text-based user authentication policies in use. This study aims to address this research problem by assessing the effectiveness of a...

The surveillance and subsequent privacy risks (i.e., misuse of personal information) of Facebook App data constitute a persistent problem that affects millions of users. However, despite Facebook App research on specifics such as privacy concerns, value of information, and demographics, none of them has conducted vulnerability assessments on the us...

Today, the traditional approach used to conduct phishing attacks through email and spoofed websites has evolved to include social network sites (SNSs). This is because phishers are able to use similar methods to entice social network users to click on malicious links masquerading as fake news, controversial videos and other opportunities thought to...

The surveillance of social media-based data is extensive and is showing little signs of abating. Alarmingly, social media corporates are seemingly irreproachable in this matter with many data surveillance practices persisting—even post Cambridge Analytica. In this article, we argue, and demonstrate, that although data surveillance is not a new conc...

A number of studies have advocated for the use of long passwords (passphrases) with the aim of attaining a balance between security and usability. This study investigated the security gains of using a multilingual passphrase policy in user generated passphrases that are based on African and Indo-European languages. The research on passwords has bee...

The electronic health record (EHR) has revolutionised the manner in which healthcare is delivered by providing clinicians with electronic access to patients' complete medical history. Countries such as South Africa aim to take advantage of the EHR by implementing a national EHR system. While this has a number of benefits that are in the best intere...

Background: The use of third-party Facebook apps have become a common occurrence. However, this leads to problems such as information misuse, because many Facebook apps are able to build accurate behavioural and usage profiles which users are unaware of. Objectives: The aim of this article was to develop a research model that could be used to evalu...

As the bring your own device (BYOD) becomes the norm in the modern-day computing trends, the issue of data privacy has gained center stage. There is need for organizations to have a strategy for embracing the BYOD without exposing themselves to information privacy breaches by employees and confidentiality breaches for the organizations. Before the...

As bring your own device (BYOD) becomes part of workplace tools for employees in Zimbabwe, the responsibility to implement information security management methods, which was traditionally confined to the information technology (IT) employees, has extended to all the employees, who now become unintended administrators because of the usage of their d...

Organizations worldwide are revisiting the design of their password policies. This is partly motivated by the security and usability limitations of user-generated passwords. While research on password policies has been ongoing, this has taken place in the Global North. Accordingly, little is known about the strengths and weaknesses of password poli...

Background: Organisations have found themselves in a race to embrace bringing your own device (BYOD) in their day-to-day business operations, while at the same time needing to maintain their information security management standards. BYOD is convenient for employees as it allows them to conduct business anywhere and at any time. However, this has r...

Cyber criminals appear to be plying their trade without much hindrance. Home computer users are particularly vulnerable to attack by an increasingly sophisticated and globally-dispersed hacker group. The smartphone era has exacerbated the situation, offering hackers even more attack surfaces to exploit. It might not be entirely coincidental that cy...

This paper highlights the way in which Chief Information Officers (CIOs) can mitigate the challenges that are posed by the Bring Your Own Device (BYOD) phenomenon. In terms of this phenomenon, employees inadvertently become unintended administrators as they have control of the devices they use. Previously, information security management was the pr...

This study investigates the influence of native languages on password composition and security. The socioculture theory’s psychological development principles were used to argue the influence of language on passwords. 107 Namibian and South African university students were asked to generate a new password for the study using a web based experiment....

In this concept paper the researchers propose a set of constructs in order to evaluate the behaviour of South African social media users towards the extent that their personal information is used through social media dataveillance. Previous research has not adequately addressed Social Media Dataveillance (SMD) within an emerging economy, such as So...

‘Smart Cities’ is a new and inventive approach that allows city management to use current infrastructure and resources more effectively. Participatory crowdsourcing is an effective method to collect data from the citizens, as it does not require costly new infrastructure and can be used by all citizens, regardless of their literacy level. To date,...

The purpose of the research was to investigate the relationship between information technology (IT) operations risk management (ORM) and small to medium enterprises' (SMEs) performance. Following a review of the literature, a questionnaire was developed with the aim of addressing the research purpose. A simple random sampling technique was used to...

This position paper is a reflective look at the state of Human-Centred Security & Privacy (HCSP) research and the paradigms that have informed and driven the research. It is important to reflect and examine, because, as Harrison et al. [1] argue, with respect to HCI, “the lack of clarity about the epistemological distinctions between paradigms is a...

Information security in the banking sector is heavily controlled as banks store and manage their clients' private information. Information security has always been the responsibility of the information technology (IT) department in organisations. The Bring Your Own Device (BYOD) phenomenon has enabled employees to connect to the organisational netw...

Background: Urbanisation has put enormous strain on the limited resources and services provided by city management. This means that the city must find new ways to manage their resources more effectively. One option is to collect data in a smart city from the citizens in order to make better decisions about resource management. Objectives: The aim...

Purpose The purpose of this study was to identify to identify reasons for the lack of protest against dragnet surveillance in the UK. As part of this investigation, a study was carried out to gauge the understanding of “privacy” and “confidentiality” by the well-informed. Design/methodology/approach To perform a best-case study, the authors identi...

With the rise in number of reported phishing cases in statistical reports and online news, it is apparent that the threat of phishing is not retreating. Phishers continuously seek new methods to deceive individuals into sharing their confidential information. As a result, today the traditional form of conducting phishing solely through email and sp...

The development of an information security policy involves more than mere policy formulation and implementation. Unless organisations explicitly recognise the various steps required in the development of a security policy, they run the risk of developing a policy that is poorly thought out, incomplete, redundant and irrelevant, and which will not b...

This special issue of the SAIEE Africa Research Journal is devoted to selected papers from the Information Security South Africa (ISSA) 2015 Conference which was held in Johannesburg, South Africa from 12 to13 August 2015. The aim of the annual ISSA conference is to afford information security practitioners and researchers, from all over the globe,...

With the growing number of people living in cities, the challenges faced by government to maintain service delivery to an acceptable standard are immense. ‘Smart cities’ is a new and innovative approach that allows the city to use current infrastructure and resources more efficiently. Not many smart city projects have been implemented in developing...

An increasing number of people move to cities in search of better opportunities for themselves and their families. This movement makes it difficult for the local government to understand citizens’ needs fully, particularly pertaining to public safety matters. Thus, in the city of East London where this issue is prevalent, a smart city project was i...

Small and medium-sized enterprises (SMEs) are the bedrock of most economies of the world. Due to global competition, SMEs are making significant investments in information technology (IT) to improve their business processes. However, a study of extant literature on the subject of IT governance in SMEs has highlighted the fact that the implementatio...

The Public Safety Smart City Project explores the use of an interactive voice response (IVR) system by citizens of a city in a developing country to ease urban challenges arising as a result of growing urbanisation. Given that usability problems can prevent users from adopting and using any system, the IVR system was designed with the user in mind...

Technical solutions fail if people experience difficulties using them. Sometimes these difficulties force people to work around the security solutions in order to achieve legitimate goals. Improving usability undoubtedly helps, but this has not improved the situation as much as anticipated. In this paper we consider a variety of other reasons for n...

Purpose – The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely, awareness and behavioural intent. This pa...

Technologies that are widely perceived to bring value to users in the context of developed countries are not always readily adopted in the developed world. This study uses theories from trust literature to propose that, for users to adopt technology to enhance their effectiveness in terms of their livelihoods, they must be convinced that the techno...

With the growing number of people living in cities, the challenges faced by governments in providing an acceptable standard of service delivery are immense. 'Smart cities' is a new and innovative approach that has been formulated over the past few years in order to use current infrastructure and resources more effectively and efficiently. For a sma...

Smart Cities have received a significant amount of attention in recent years. The East London Smart City Public Safety Project aims to use citizens as an information source in order to report qualitative data in a natural language format. In order for this approach to be successful, an appropriate means of motivating citizens to contribute their ob...

The mobile phone has become a necessity for many students; however it also exposes them to security threats that may result in a loss of information. In developing countries, large numbers of students are at a disadvantage because they have limited access to information relating to information security threats, unlike their counterparts in more dev...

Smart Cities' are an innovative approach that allows for current city infrastructure and resources to be used more efficiently. Large amounts of data must be collected for a smart city to be effective, but there are information security concerns that prevent citizens from participating in these projects. This paper investigates what factors need to...

Critical information infrastructure has enabled organisations to store large amounts of information on their systems and deliver it via networks such as the internet. Users who are connected to the internet are able to access various internet services provided by critical information infrastructure. However, some organisations have not effectively...

The South African automotive industry is recognised as important for the economy and has thus been prioritised by the government. The success of the manufacturers depends on the efficiency and effectiveness of their supply chain. Due to the large number of suppliers involved in these supply chains, enhancing trust in the inter-organisational relati...

'Smart Cities' are a new and innovative approach that has been formulated during the past few years in order to use current infrastructure and resources more efficiently. Crowdsourcing is often used to collect data in a smart city, and citizens must consider the information security controls that are in such a system before participating. This pape...

The ubiquitous usage of mobile phones has transformed how people communicate, interact with businesses and access information. While new mobile phone developments may be positive and predominantly beneficial to mobile phone users, securing these mobile systems and services remains a challenge. An increased amount of personal information is stored o...

Many small and medium enterprises (SMEs) in developing countries continue to be challenged by their information technology (IT) adoption process, which is often characterized by a number of deficiencies. The purpose of this study was to examine the role of absorptive capacity (AC) in SMEs’ performance, as well as establish the correlation between S...

The automotive industry is recognised as an important sector and has thus been prioritised by the South African government. The success of automotive manufacturers depends on the efficiency and effectiveness of their supply chains. As these supply chains can consist of a large number of suppliers, trust is a necessary component of the inter-organis...

Building on prior research related to the impact of Information Technology (IT) and Operational Risk Management (ORM) in the context of Small and Medium Enterprises (SMEs), the object of this research was to answer the following questions: (1) How well do the measures of IT evaluation models predict ORM operations in SMEs? (2) Which measure is the...

The Eastern Cape province of South Africa is one of the poorest provinces in the country with vast rural areas. A telemedicine system was implemented in the province in order to improve health care services. Despite large investments from the National Department of Health, only a third of telemedicine sites in the province are operational. Technolo...

This study analysed existing theories from the social sciences in order to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely: awareness and behavioural intent. Researchers have identified t...

Smartphone information security awareness describes the knowledge, attitude and behaviour that employees apply to the security of the organisational information that they access, process and store on their smartphone devices. The surge in the number of smartphone devices connecting to organisational systems and used to process organisational data h...

Smart Cities have received a significant amount of attention in recent years. The East London Smart City Public Safety Project aims to use citizens as an information source in order to report qualitative data in a natural language format. In order for this approach to be successful, an appropriate means of motivating citizens to contribute their ob...

Public higher education (HE) in South Africa is governed by the Higher Education Act (Act No. 101 of 1997) (DoE 1997a). This article refers to four different, but related, levels of governance that span the landscape of public HE: firstly, within the global context; secondly, in the context of the country with all of its government ministries; thir...

The value of crowdsourcing in a public safety context is realised when a large group of people within a geographical area report on matters which they have experienced or witnessed. This provides the relevant authorities with useful information in order to respond to the incident and assists in planning future interventions – thus allowing local go...

With the growing number of people living in cities, the challenges faced by government to maintain service delivery to an acceptable standard are immense. ‘Smart Cities’ are a new and innovative approach that has been formulated during the past few years in order to use current infrastructure and resources more efficiently. One of the methods used...

The ubiquitous usage of mobile phones has transformed how people communicate, interact with businesses and access information.While new mobile phone developments may be positive and predominantly beneficial to mobile phone users, securing these mobile systems and services remains a challenge. An increased amount of personal information is stored on...

The increase in urbanisation is making the management of city resources a difficult task. Data collected through observations (utilising humans as sensors) of the city surroundings can be used to improve decision making in terms of managing these resources. However, the data collected must be of a certain quality in order to ensure that effective a...