A survey of security risks of mobile social media through blog mining and an extensive literature search

Information Management and Computer Security

Volumn 21, Issue 5, 2013, Pages 381-400

  He, Wu ^a  

^a OLD DOMINION UNIVERSITY   (United States)

Author keywords

Blog mining; Bring your own device; Enterprise security; Mobile devices; Mobile social media; Risk mitigation; Security risks; Social media

Indexed keywords

BLOG MINING; BRING YOUR OWN DEVICES; ENTERPRISE SECURITY; MOBILE SOCIAL MEDIAS; RISK MITIGATION; SECURITY RISKS; SOCIAL MEDIA;

INDUSTRY; MOBILE DEVICES; SURVEYS; VIRUSES;

INTERNET;

EID: 84887480221     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/IMCS-12-2012-0068     Document Type: Article

References (101)

1. Adams, A. and Sasse, M.A. (1999), "Users are not the enemy: why users compromise computer security mechanisms and how to take remedial measures", Communications of the ACM, Vol. 42, pp. 41-46.
2. Ajami, R., Ramadan, N., Mohamed, N. and Al-Jaroodi, J. (2011), "Security challenges and approaches in online social networks: a survey", International Journal of Computer Science and Network Security, Vol. 11 No. 8, pp. 1-12.
3. Akhawe, D., Barth, A., Lam, P.E., Mitchell, J. and Song, D. (2010), "Towards a formal foundation of web security", Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF), pp. 290-304.
4. Almeida, F. (2012), "Web 2.0 technologies and social networking security fears in enterprises", International Journal of Advanced Computer Science and Applications, Vol. 3 No. 2, pp. 152-156.
5. Anderson, J., Bonneau, J. and Stajano, F. (2010), "Inglorious installers: security in the application marketplace", Proc. 9th Workshop Economics of Information Security, available at: http://weis2010.econinfosec. org/papers/session3/weis2010-anderson-j.pdf
6. Apvrille, A. and Strazzere, T. (2012), "Reducing the window of opportunity for Android malware Gotta catch'em all", Journal in Computer Virology, Vol. 8 Nos 1/2, pp. 61-71.
7. Arkin, J. (2012), "Social network apps criticized for downloading data", available at: http://nationalsecurityzone.org/site/social-network- apps-criticized-for-downloading-data/
8. Barrera, D. and Van Oorschot, P. (2011), "Secure software installation on smartphones", IEEE Security & Privacy, Vol. 9 No. 3, pp. 42-48.
9. Beach, A., Gartrell, M. and Han, R. (2009), "Solutions to security and privacy issues in mobile social networking", Proc. International Conference on Computational Science and Engineering, pp. 1036-1042.
10. Bhatti, B. (2012), "Cyber security and privacy in the age of social networks", in Zubairi, J. and Mahboob, A. (Eds), Cyber Security Standards, Practices and Industrial Applications: Systems and Methodologies, IGI Global, Hershey, PA, pp. 57-74.
11. Bose, A., Xin, H., Kang, G. and Taejoon, P. (2008), "Behavioral detection of malware on mobile handsets", Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, Breckenridge, CO, USA, pp. 225-238.
12. Buchholz, D., Dunlop, J. and Ross, A. (2012), "Improving security and mobility for personally owned devices", Intel White Paper, available at: http://communities.intel.com/docs/DOC- 19277
13. Buzzetto-More, N. (2012), "Social networking in undergraduate education", Interdisciplinary Journal of Information, Knowledge, and Management, Vol. 7, pp. 63-90.
14. Campbell, C., Pitt, L., Parent, M. and Berthon, P. (2011), "Understanding consumer conversations around ads in a Web 2.0 world", Journal of Advertising, Vol. 40 No. 1, pp. 87-102.
15. Chau, M. and Xu, J. (2007), "Mining communities and their relationships in blogs: a study of hate groups", International Journal of Human-Computer Studies, Vol. 65, pp. 57-70.
16. Chau, M. and Xu, J. (2012), "Business intelligence in blogs: understanding consumer interactions and communities", MIS Quarterly (MISQ), Vol. 36 No. 4, pp. 1189-1216.
17. Chi, M. (2011), "Security policy and social media use", available at: www.sans.org/reading-room/whitepapers/policyissues/reducing-risks- social-media-organization-33749 (accessed 9 November 2011).
18. Chiang, H.S. and Tsaur, W.J. (2010), "Mobile malware behavioral analysis and preventive strategy using ontology", Proceedings of the 2010 IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT 2010), pp. 1080-1085.
19. Chiang, H.S. and Tsaur, W.J. (2011), "Identifying smartphone malware using data mining technology", Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN), pp. 1-6.
20. Choo, K.R. (2011), "The cyber threat landscape: challenges and future research directions", Computers & Security, Vol. 30 No. 8, pp. 719-731.
21. comScore (2011), Social Networking On-The-Go: US Mobile Social Media Audience Grows 37 Percent in the Past Year, available at: www.comscore.com/ Press-Events/Press- Releases/2011/10/Social-Networking-On-The-Go-U.S.-Mobile- Social-Media-Audience- Grows-37-Percent-in-the-Past-Year
22. Coursen, S. (2007), "The future of mobile malware", Network Security, No. 8, pp. 7-11.
23. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R. (2013), "Future directions for behavioral information security research", Computers & Security, Vol. 32, pp. 90-101.
24. Dai, S., Liu, Y., Wang, T., Wei, T. and Zou, W. (2010), "Behavior-based malware detection on mobile phone", Proceedings of the 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM), pp. 1-4.
25. Daily Mail (2012), "IBM bans Siri over fears iPhone 'personal assistant' will send confidential data to Apple HQ", available at: www.dailymail.co.uk/sciencetech/article-2150579/IBM-bans- Siri-fears-iPhone- personal-assistant-send-confidential-data-Apple-HQ.html
26. Dann, S. (2010), "Redefining social marketing with contemporary commercial marketing definitions", Journal of Business Research, Vol. 63 No. 2, pp. 147-153.
27. Dojkovski, S., Lichtenstein, S. and Warren, M. (2010), "Enabling information security culture: influences and challenges for Australian SMEs", ACIS 2010 Proceedings, Paper 61.
28. Fang, S., Xu, L., Pei, H., Liu, Y., Liu, Z., Zhu, Y., Yan, J. and Zhang, H. (2013), "An integrated approach to snowmelt flood forecasting in water resource management", IEEE Transactions on Industrial Informatics (in press).
29. Federal CIO Council (2009), Guidelines for Secure Use of Social Media by Federal Departments and Agencies, available at: www.cio.gov/Documents/ Guidelines-for-Secure-Use-Social- Media-v01-0.pdf (accessed 20 November 2011).
30. Felt, A.P., Finifter, M., Chin, E., Hanna, S. and Wagner, D. (2011), "A survey of mobile malware in the wild", Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM).
31. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E. and Wagner, D. (2012), "Android permissions: user attention, comprehension, and behavior", Proceedings of the Symposium on Usable Privacy and Security (SOUPS).
32. Fledel, Y., Shabtai, A., Potashnik, D. and Elovici, Y. (2012), "Google Android: an updated security review", Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Vol. 9, Part 9, pp. 401-414.
33. Furnell, S. (2005), "Handheld hazards: the rise of malware on mobile devices", Computer Fraud & Security, No. 5, pp. 4-8.
34. Greenberg, A. (2012), Evolving Android Malware Shows How Evil Apps Will Evade Google's Scans, available at: www.forbes.com/sites/andygreenberg/2012/02/ 06/evolving-android-malware-shows-how-evil-apps-will-evade-googles-scans/
35. Guo, J., Xu, L., Xiao, G. and Gong, Z. (2012a), "Improving multilingual semantic interoperation in cross-organizational enterprise systems through concept disambiguation", IEEE Transactions on Industrial Informatics, Vol. 8 No. 3, pp. 647-658.
36. Guo, J., Xu, L., Gong, Z., Che, C. and Chaudhry, S. (2012b), "Semantic inference on heterogeneous e-marketplace activities", IEEE Transactions on SMC Part A, Vol. 42 No. 2, pp. 316-330.
37. He, W. (2012), "A review of social media security risks and mitigation techniques", Journal of Systems and Information Technology, Vol. 14 No. 2, pp. 171-180.
38. He, W. and Xu, L. (2013), "Integration of distributed enterprise applications: a survey", IEEE Transactions on Industrial Informatics (in press).
39. He, W., Wang, F., Means, T. and Xu, L. (2009a), "Insight into interface design of web-based case-based reasoning retrieval systems", Expert Systems with Applications, Vol. 36 No. 3, pp. 7280-7287.
40. He, W., Xu, L., Means, T. and Wang, P. (2009b), "Integrating Web 2.0 with the case-based reasoning cycle: a systems approach", Systems Research and Behavioral Science, Vol. 26 No. 6, pp. 717-728.
41. Heiderich, M., Niemietz, M., Schuster, F., Holz, T. and Schwenk, J. (2012), "Scriptless attacks: stealing the pie without touching the sill", Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS'12, New York, NY, USA, pp. 760-771.
42. Herath, T. and Rao, H.R. (2009), "Protection motivation and deterrence: a framework for security policy compliance in organizations", European Journal of Information Systems, Vol. 8 No. 2, pp. 106-125.
43. Hunter, B. (2007), Data Loss Prevention Best Practices: Managing Sensitive Data in the Enterprise, available at: www.ironport.com/pdf/ironport- dlp-booklet.pdf
44. Jackson, K. and Trochim, W.K.M. (2002), "Concept mapping as an alternative approach for the analysis of open-ended survey responses", Organizational Research Methods, Vol. 5 No. 4, pp. 307-336.
45. Javelin Strategy & Research (2012), "Identity fraud rose 13 percent in 2011", available at: www.javelinstrategy.com/news/1314/92/ Identity-Fraud-Rose-13-Percent-in-2011-According-to- New-Javelin-Strategy- Research-Report/d,pressRoomDetail
46. Jiang, X. (2012), Security Alert: New RootSmart Android Malware Utilizes the GingerBreak Root Exploit, available at: www.csc.ncsu.edu/faculty/jiang/ RootSmart
47. Kaplan, A. and Haenlein, M. (2010), "Users of the world, unite! The challenges and opportunities of social media", Business Horizons, Vol. 53, pp. 59-68.
48. Kaspersky Labs (2009), "Kaspersky security bulletin: malware evolution 2008", available at: www.securelist.com/en/analysis?pubid= 204792051 (accessed 16 November 2011).
49. Kelley, P., Consolvo, S., Cranor, L., Jung, J., Sadeh, N. and Wetherall, D. (2012), "A conundrum of permissions: installing applications on an Android smartphone", Proceedings of the Workshop on Usable Security (USEC), February, available at: http://infosecon.net/usec12/papers/kelley-usec12.pdf
50. Khayam, S. and Radha, H. (2005), "A topologically-aware worm propagation model for wireless sensor networks", Proceedings of 25th IEEE International Conference Distributed Computing Systems Workshops, pp. 210-216.
51. Kim, H., Smith, J. and Shin, K. (2008), "Detecting energy-greedy anomalies and mobile malware variants", Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, pp. 239-252.
52. Kumaraguru, P., Rhee, Y., Sheng, S., Hasan, S., Acquisti, A., Cranor, L.F. and Hong, J. (2007), "Getting users to pay attention to anti-phishing education: evaluation of retention and transfer", Proceedings of the 2nd Annual eCrime Researchers Summit, 4-5 October, Pittsburgh, PA, pp. 70-81.
53. Lai, F., Li, D. and Hsieh, C. (2012), "Fighting identity theft: the coping perspective", Decision Support Systems, Vol. 52, pp. 353-363.
54. Leavitt, N. (2011), "Mobile security: finally a serious problem?", IEEE Computer, Vol. 44 No. 6, pp. 11-14.
55. Leximancer (2010), Leximancer White Paper, Leximancer, Brisbane, available at:www.leximancer.com/lmedia/Leximancer-White-Paper-2010.pdf
56. Leximancer (2011), Leximancer Manual: Version 4, Leximancer, Brisbane, available at: www.leximancer.com/lp/4.00.20L1173952/m/doc/LeximancerManual.pdf
57. Lookout (2011), 2011 Mobile Threat Report, available at:www.mylookout. com/mobile-threat-report
58. Lumension and Ponemon Institute (2012), Growing Insecurity: 2012 State of the Endpoint Report, available at: www.lumension.com/2012-state-of-the- endpoint.aspx
59. McAfee (2012), 2012 Threats Predictions, available at: www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf
60. Malan, D.J. (2007), "Rapid detection of botnets through collaborative networks of peers", PhD dissertation, Harvard University, Cambridge, MA.
61. Manasrah, A.M., Abouabdalla, O.A., Mayeh, M. and Suppiah, N.N. (2012), "Botnets and cyber security: battling online threats", in Zubairi, J. and Mahboob, A. (Eds), Cyber Security Standards, Practices and Industrial Applications: Systems and Methodologies, IGI Global, Hershey, PA, pp. 75-89.
62. Markelj, B. and Bernik, I. (2012), "Mobile devices and corporate data security", International Journal of Education and Information Technologies, Vol. 1 No. 6, pp. 97-104.
63. Martin, N. and Rice, J. (2011), "Cybercrime: understanding and addressing the concerns of stakeholders", Computers & Security, Vol. 30 No. 8, pp. 803-814.
64. Miller, K.W., Voas, J. and Hurlburt, G.F. (2012), "BYOD: security and privacy considerations", IT Professional, Vol. 14 No. 5, pp. 53-55.
65. Patel, A., Qi, W. and Wills, C. (2010), "A review and future research directions of secure and trustworthy mobile agent-based e-marketplace systems", Information Management & Computer Security, Vol. 18 No. 3, pp. 144-161.
66. Peltier, T.R. (2006), "Social engineering: concepts and solutions", Information Systems Security, Vol. 15 No. 5, pp. 13-21.
67. Pfleeger, S.L. and Caputo, D. (2012), "Leveraging behavioral science to mitigate cyber security risk", Computers & Security, Vol. 31 No. 4, pp. 597-611.
68. Qian, Z., Mao, Z.M. and Xie, Y. (2012), "Collaborative TCP sequence number inference attack - how to crack sequence number under a second", Proceedings of ACM Computers and Communications Security Conference (ACM-CCS), pp. 593-604.
69. Rooney, D. (2005), "Knowledge, economy, technology and society: the politics of discourse", Telematics and Informatics, Vol. 22 No. 4, pp. 405-422.
70. Rubin, V.L., Burkel, J. and Quan-Haase, A. (2011), "Facets of serendipity in everyday chance encounters: a grounded theory approach to blog analysis", Information Research: An International Electronic Journal, Vol. 16 No. 3, available at: http://informationr.net/ir/16- 3/paper488.html
71. Ruighaver, A.B., Maynard, S.B. and Warren, M. (2010), "Ethical decision making: improving the quality of acceptable use policies", Computers & Security, Vol. 29 No. 7, pp. 731-736.
72. Scarfo, A. (2012), "New security perspectives around BYOD", Proceedings of the 2012 Seventh International Conference on Broadband, Wireless Computing, Communication and Applications, pp. 446-451.
73. Sesso, J. (2012), "The top 10 real estate smartphone apps to use now!", available at: http://connect.homes.com/2012/01/the-top-10-real- estate-smartphone-apps-to-use-now/
74. Shabtai, A., Fledel, Y. and Elovici, Y. (2010), "Automated static code analysis for classifying Android applications using machine learning", Proceedings of 2010 International Conference on Computational Intelligence and Security (CIS), pp. 329-333.
75. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C. and Weiss, Y. (2012), "'Andromaly': a behavioral malware detection framework for Android devices", Journal of Intelligent Information Systems, Vol. 38 No. 1, pp. 161-190.
76. Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J. and Nunge, E. (2007), "Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish", Proceedings of the Third Symposium on Usable Privacy and Security, Pittsburgh, PA, pp. 88-99.
77. Shih, D., Lin, B., Chiang, H. and Shih, M. (2008), "Security aspects of mobile phone virus: a critical survey", Industrial Management & Data Systems, Vol. 108 No. 4, pp. 478-494.
78. Shrimali, M. (2011), "Threats to mobile computing", International Journal of Computer Applications & Natural Sciences, Vol. 1 No. 1, pp. 44-52.
79. Smith, A.E. and Humphreys, M.S. (2006), "Evaluation of unsupervised semantic mapping of natural language with Leximancer concept mapping", Behavior Research Methods, Vol. 38 No. 2, pp. 262-279.
80. Son, J.Y. (2011), "Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies", Information & Management, Vol. 48 No. 7, pp. 296-302.
81. Sophos (2012), Security Threat Report 2012, available at: www.sophos.com/en-us/security-newstrends/reports/security-threat-report.aspx
82. Symantec (2009), "2009 global small and mid-sized business (SMB) security and storage survey", available at: www.symantec.com/en/au/about/ news/release/article.jsp?prid=20090512-01 (accessed 12 May 2012).
83. Sys-con (2008), Social Media Brings New Challenges to Government Security Administrators, available at: http://vincentschiavo.sys-con.com/node/2308264/ mobile
84. Tan, W., Shen, W., Xu, L., Zhou, B. and Li, L. (2008), "A business process intelligence system for enterprise process performance management", IEEE Transactions on SMC Part C, Vol. 38 No. 6, pp. 745-756.
85. Venugopal, D. and Hu, G. (2008), "Efficient signature based malware detection on mobile devices", Mobile Information Systems, Vol. 4 No. 1, pp. 33-49.
86. Vroom, C. and von Solms, R. (2004), "Towards information security behavioral compliance", Information Management & Computer Security, Vol. 6 No. 4, pp. 167-173.
87. Wang, L., Xu, L., Bi, Z. and Xu, Y. (2013), "Data filtering for RFID and WSN integration", IEEE Transactions on Industrial Informatics (in press).
88. Weirich, D. and Sasse, M.A. (2001), "Pretty good persuasion: a first step towards effective password security for the real world", Proceedings of the New Security Paradigms Workshop, ACM Press, New York, NY, pp. 137-143.
89. Whitman, M.E. and Mattord, H.J. (2012), Principles of Information Security, 4th ed., Course Technology, Boston, MA.
90. Xu, L. (2011), "Enterprise systems: state-of-the-art and future trends", IEEE Transactions on Industrial Informatics, Vol. 7 No. 4, pp. 630-640.
91. Xu, L., Liang, N. and Gao, Q. (2008), "An integrated approach for agricultural ecosystem management", IEEE Transactions on SMC Part C, Vol. 38 No. 4, pp. 590-599.
92. Yan, Q., Li, Y., Li, T. and Deng, R. (2009), "Insights into malware detection and prevention on mobile phones", Communications in Computer and Information Science, Vol. 58, pp. 242-249.
93. Yang, L., Ganapathy, V. and Iftode, L. (2011), "Enhancing mobile malware detection with social collaboration", Proceedings of 2011 IEEE International Conference on Privacy, Security, Risk, and Trust, and IEEE International Conference on Social Computing, pp. 572-576.
94. Yap, T. and Ewe, H. (2005), "A mobile phone malicious software detection model with behavior checker", Proceedings of Web and Communication Technologies and Internet-Related Social Issues, pp. 57-65.
95. Yeh, Q. and Chang, A. (2007), "Threats and countermeasures for information system security: a crossindustry study", Information & Management, Vol. 44 No. 5, pp. 480-491.
96. Yousuf, M. and Khan, K. (2011), "A novel cost effective authentication framework for wireless LANs in small medium enterprises (SMEs)", IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 158-162.
97. Yun, H., Kettinger, W. and Lee, C. (2012), "A new open door: the smartphone's impact on work-to-life conflict, stress, and resistance", International Journal of Electronic Commerce, Vol. 16 No. 4, pp. 121-152.
98. Zhang, H. (2011a), "Preventing mobile vulnerabilities: best practices for keeping mobile devices safe", available at: http://esj.com/Articles/2011/06/21/Preventing-Mobile- Vulnerabilities.aspx?Page= 1
99. Zhang, H. (2011b), "Social media: a hacker's secret weapon for accessing your network", available at: http://esj.com/Articles/2011/10/31/ Social-Media-Hackers-Secret-Weapon.asp x?Page=1 (accessed 23 November 2011).
100. Zhou, Y., Wang, Z., Zhou, W. and Jiang, X. (2012), "Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets", Proceedings of the 19th Annual Network and Distributed System Security Symposium, NDSS'12, February.
101. Albrechtsen, E. and Hovden, J. (2010), "Improving information security awareness and behaviour through dialogue, participation and collective reflection - an intervention study", Computers & Security, Vol. 29 No. 4, pp. 432-445.