Cyber Ways Podcast

Discover the forces shaping your financial data's safety as we sit down with the eminent Jake Lee Jaeung, the Clifford Ray King Endowed Professor of Information Systems. In a landscape where cybercriminals lurk at every digital corner, we dissect how a blend of routine activity theory and practical cybersecurity can alter the terrain to our advantage. Together, we plunge into Jake's rigorous study with 461 financial institution employees and unravel the factors that skew risk perception and the likelihood of data breaches. With Jake's expertise, we peel back the layers of data security, challenging the conventional wisdom that greater transparency equals higher risk. This episode illuminates how the value of information, the effectiveness of guardians, and the strategic reduction of data availability can form a robust shield against unauthorized access. We also navigate the nuanced chess game of social engineering defenses, providing valuable insights and tangible actions that can be applied across industries to shield your organization's most precious assets from the prying eyes of the digital underworld. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Are you ready to shift your perspective on cybersecurity? We've got Dr. Karen Renaud, the general chair of Dewald Roode Workshop (DRW) this year and a renowned figure in information security research, to guide us on this fascinating journey. We'll be dissecting the paradigm-shifting presentations, lively debates and thought-provoking discussions from the workshop, with a special focus on Basie von Solms' revolutionary thoughts on the future of cybersecurity. Looking to understand why people often disregard security procedures? Or how personality traits can impact the security decisions we make? Our discussion reveals that cautiousness, morality, and self-consciousness can positively affect security decisions, but increasing security knowledge doesn't always correlate with safer decisions. As we navigate through the papers, we'll also investigate how AI-enhanced security systems could alleviate user stress and transform the way we approach security training. We also tackle an under-discussed issue in the cybersecurity sphere: the misuse of system access and the potential for computer abuse by managers. With their unique position of trust and autonomy, could managers be the new insider threat to watch out for? We'll also delve into the role of habits in cyber hygiene, the promises and perils of AI in the field, and how these insights can be applied in the workplace. Join us for this enlightening discussion -- it's an episode you won't want to miss! DRW Website: https://drw2023.github.io/ (All papers and the Key Note slides are available on the website.) Papers discussed:4 Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Ever thought about the digital footprints you leave while surfing the web? What about those convenient log-ins via multiple accounts - ever wondered about the risks involved? This week, we're thrilled to talk with Professors France Belanger and Donna Wertalik of Virginia Tech University's Pamplin College of Business to help us unravel these intriguing questions. They're here to discuss their groundbreaking initiative, Voices of Privacy (https://www.voicesofprivacy.com/), aimed at raising awareness about the significance of online privacy and empowering individuals to make informed decisions about their data. Navigating the digital world can be a complex affair, with pitfalls and challenges at every turn. In our conversation with Prof. Belanger and Prof. Wertalik, we dissect the crucial distinction between security and privacy, highlighting the understated importance of data protection. We also touch upon the increasingly blurred lines between convenience and privacy, scrutinizing the risks of logging into websites and apps with multiple accounts. Besides, we evaluate the role of big corporations in safeguarding consumer data and the dire need for raising awareness about this issue. As we dig deeper into this compelling conversation, we explore the Voices of Privacy initiative further. We discuss their treasure trove of resources, including engaging webisodes and insightful talks with privacy experts. We also evaluate the upcoming webisodes on children's privacy and privacy during vacation - essential, thought-provoking content that everyone should check out. So, brace yourself for an enlightening exploration of online privacy and how you can better protect your data. Voices of Privacy website: https://www.voicesofprivacy.com/ Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

ChatGPT burst into public awareness only a few months ago. The popularity of ChatGPT and similar generative AI tools offer great promise, but also represent significant threats to cybersecurity. In this episode of Cyber Ways, Tom and Craig have a fascinating discussion with Dr. Karen Renaud of the University of Strathclyde and Dr. Merrill Warkentin of Mississippi State University about their recent article in MIT Sloan Management Review, which they co-authored with George Westerman of MIT's Sloan School of Management. Drs. Renaud and Warkentin talk about the effects of generative AI on cybersecurity and how these tools represent a threat, but can also be part of the solution. We talk about the importance of going beyond policies and describe new ways of thinking about cybersecurity. Renaud, K., Warkentin, M., & Westerman, G. (2023). From ChatGPT to HackGPT: meeting the cybersecurity threat of generative AI. https://pureportal.strath.ac.uk/en/publications/from-chatgpt-to-hackgpt-meeting-the-cybersecurity-threat-of-gener Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Phishing attempts remain an important attack vector, despite efforts to mitigate their effectiveness. In this episode of Cyber Ways, Tom and Craig talk with Dr. Deanna House of the University of Nebraska - Omaha about her paper that examines the relationship between fear messaging and the success of phishing attempts. Dr. House gives some actionable advice to security professionals who want to help their users avoid falling victim to phishing attempts. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Security professionals often treat users as a major problem with securing information assets. But what if we could view humans as the SOLUTIONS? Users aren't the enemy of security professionals and they shouldn't be treated as such. Our guest, Dr. Karen Renaud of Strathclyde University in Glasgow, Scotland, joins us to talk about the importance of treating users as allies, not the enemy, building a culture of security that focuses on successes, encourages learning, and builds resilience. Many of her ideas are captured in her 2019 paper: Zimmermann, V., & Renaud, K. (2019). Moving from a ‘human-as-problem” to a ‘human-as-solution” cybersecurity mindset. International Journal of Human-Computer Studies, 131, 169-187. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Security is everyone's job. This is a common feeling among cyber security professionals, but users may feel differently. In this episode of Cyber Ways, Tom and Craig talk about why this may be so, and what security professionals can do about it. Citation: Van Slyke, C., & Belanger, F. (2020). Explaining the interactions of humans and artifacts in insider security behaviors: The mangle of practice perspective. Computers & Security, 99, 102064. For a copy of the paper, email vanslyke@latech.edu. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Sometimes, as cybersecurity professionals, it's easy to forget what an attack is like for a user. In this episode, Tom interviews his Mother about a recent attack. Mom tells an interesting cautionary tale of falling for a convincing phishing attack. Tom and I offer thoughts on how security professionals can help users avoid such exploits. Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

In this episode of Cyber Ways, Dr. Jeffrey Proudfoot of Bentley University joins Tom and Craig to discuss his research on how cybersecurity regulations affect cybersecurity maturity. Dr. Proudfoot is collaborating with Dr. Stuart Madnick of MIT's Sloan School of Business on this program of research. Dr. Proudfoot is an associate professor on information and process management in Bentley’s business school and is also a research affiliate at MIT’s "Cybersecurity at MIT Sloan" research group. He holds a Ph.D. in management information systems from the University of Arizona. Dr. Proudfoot’s research focuses on various aspects of cybersecurity. He has published over 40 scholarly works, including articles in some of our top journals, including MIS Quarterly, Journal of the Association for Information Systems, and Journal of Management Information Systems. He has also received over $1 million in research funding from agencies such as the National Science Foundation. Citation: Proudfoot, J. and Madnick, S. (2022). Regulatory facilitators and impediments impacting cybersecurity maturity, Proceedings of the Twenty-Eighth Americas Conference on Information Systems, Minneapolis. Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Human trafficking is a huge, growing global problem. Sex trafficking is the most pervasive form of human trafficking. In this episode, we discuss how the Deliver Fund uses information technology to help law enforcement track the traffickers through their P.A.T.H. system. Drs. Giddens and Petter also discuss their research into factors that affect law enforcement officers' use of P.A.T.H. Dr. Laurie Giddens is an assistant professor in the department of Technology and Decision Sciences at North Texas University. Dr. Stacie Petter is a professor in the School of Business at Wake Forest University. Giddens, L., Petter, S., & Fullilove, M. H. (2021). Information technology as a resource to counter domestic sex trafficking in the United States. Information Systems Journal. Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Protecting organizational information systems and information assets is a complex undertaking for both security professionals and end-users. In this episode of Cyber Ways, we discuss behavioral complexity as it relates to end-users' security behaviors with Dr. Clay Posey of Brigham Young University and Dr. Tom Roberts of the University of Texas at Tyler. We talk with Drs. Posey and Roberts about their 2017 paper, Insiders' Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral Control, which was published in Information Systems Frontiers. Security Roles: Burns, A. J., Posey, C., & Roberts, T. L. (2021). Insiders’ adaptations to security-based demands in the workplace: An examination of security behavioral complexity. Information Systems Frontiers, 23(2), 343- Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Organizational insiders represent the biggest threat to information security. Because of this, controlling insider computer abuse remains an important cyber security priority. In this episode of Cyber Ways, Dr, A.J Burns of Louisiana State University, and Dr. Bryan Fuller of Louisiana Tech University discuss their research into the tensions between insider's motivations to commit computer abuse, and organization's attempts to control such behavior. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Organizational insiders represent the biggest threat to information security. Because of this, controlling insider computer abuse remains an important cyber security priority. In this episode of Cyber Ways, Dr, A.J Burns of Louisiana State University, and Dr. Bryan Fuller of Louisiana Tech University discuss their research into the tensions between insider's motivations to commit computer abuse, and organization's attempts to control such behavior. Intro audio for the Cyber Ways...

The COVID-19 pandemic forced many people, and organizations, into telework, which led to the question of how to properly monitor teleworkers. In this episode of Cyber Ways, we talk with Grant Clary about his research into teleworker surveillance and how different modes of surveillance affect teleworker well-being. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

When it comes to security controls and communications, more may be less. More complex security requirements, increased security communication, and complex security policies may actually lead to less secure end-user behaviors. Why? Security fatigue -- users simply feel worn out by having to deal with information security. In this episode of Cyber Ways, Dr. John D’Arcy of the University of Delaware joins us to discuss his research (conducted with Alec Cram of the University of Waterloo, and Jeffrey Proudfoot of Bentley University) on the causes, symptoms, and consequences of security fatigue. Citation: Cram, W. A., Proudfoot, J. G., & D'Arcy, J. (2021). When enough is enough: Investigating the antecedents and consequences of information security fatigue. Information Systems Journal, 31(4), 521-549. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

In this episode of Cyber Ways, Tom and Craig discuss a classic behavioral security paper that explores how users rationalize their purposeful violations of security policy. Listen and learn the six common rationalizations and what security managers can do to reduce their effects. Citation: Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee information systems security policy violations, MIS Quarterly, 34(3), 487-502. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Every day we are bombarded with security warnings that all look more-or-less the same. Over time, we tend to tune out these warnings through a process called habituation. In this episode of Cyber Ways, we discuss this problem and how to address it with Dr. Anthony (Tony) Vance of Virginia Tech. Dr. Vance and his colleagues have conducted fascinating research using sophisticated technologies including functional magnetic resonance imaging (fMRI) and eye tracking to gain an understanding of the extent of the habituation to warnings problem. They also demonstrate how changing the look of warnings can reduce habituation. Their research shows strong results, and has clear implications for security professionals. Citation: Vance, A., Jenkins, J. L., Anderson, B. B., Bjornn, D. K., & Kirwan, C. B. (2018). Tuning out security warnings: A longitudinal examination of habituation through fMRI, eye tracking, and field experiments. MIS Quarterly, 42(2), 355-380. Cyber Ways is a production of the Louisiana Tech University's Center for Information Assurance, which is housed in of the College of Business, Department of Computer Information Systems. Cyber Ways is funded by the College's Just Business grant program. For more information contact Craig Van Slyke (vanslyke@latech.edu). Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Tom and I are taking a short break from releasing new episodes. But don't worry, we'll be back with a new episode the week of January 2, 2022. Have a great holiday season and stay secure! Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast

We humans, like all animals, are wired to respond to fear. When a wildebeest senses a lion's presence, they go on alert and flee. Humans react similarly -- fear brings reaction. In this episode of Cyber Ways, we talk with Dr. Dennis Galletta from the Katz School of Business at the University of Pittsburg about his research into how to leverage users' fear to bring about protective behaviors, such as using antimalware software or backing up data. Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837-864. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/

Many studies of cyber security behavior treat behaviors as the result of conscious thought. But, most behaviors are automatic and occur without any conscious deliberation of the benefits and risks of the behavior. Psychologists call this automatic thinking System 1 cognition as opposed to the more deliberative System 2 cognition. Unfortunately, System 1 thinking has rarely been studied in the context of security behaviors. In this episode of Cyber Ways, we talk with Dr. Alan Dennis about his groundbreaking research on the role of automatic thinking in cyber security. Dr. Dennis is Professor of Information Systems and John T. Chambers Chair of Internet Systems at Indiana University’s Kelley School of Business. Dr. Dennis has written over 150 journal articles, with many of those published in top journals. He is Past President of the Association for Information Systems and also served as Vice President for Conferences. His many contributions to the field of information systems were recognized in 2012 when he was named a Fellow of the Association for Information Systems. In addition to his research and teaching, Dr. Dennis has been involved in several technology startups, including his current venture, Wisdom Springboard, which develops educational video games to help students learn analytics and cybersecurity. Dennis, A. R., & Minas, R. K. (2018). Security on autopilot: Why current security theories hijack our thinking and lead us astray. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 49(SI), 15-38. Email vanslyke@latech.edu for a copy of the paper. Intro audio for the Cyber Ways Podcast Outro audio for Cyber Ways Podcast Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors. https://business.latech.edu/cyberways/