Factors influencing the adoption of cloud incident handling strategy: A preliminary study in Malaysia

2015 Americas Conference on Information Systems, AMCIS 2015

Volumn , Issue , 2015, Pages

  Ab Rahman, Nurul Hidayah ^a   Choo, Kim Kwang Raymond ^a  

^a UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

Author keywords

Cloud computing; Incident handling; Protection Motivation Theory; Situation Awareness

Indexed keywords

CLOUD COMPUTING; DISTRIBUTED DATABASE SYSTEMS; INFORMATION SYSTEMS; MOTIVATION;

CLOUD SERVICES; CONCEPTUAL MODEL; FACE-TO-FACE INTERVIEW; INCIDENT HANDLING; ORGANISATIONAL; PROTECTION MOTIVATION THEORY; SELF EFFICACY; SITUATION AWARENESS;

COMPUTATION THEORY;

EID: 84963615203     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (46)

1. Ab Rahman, N. H., and Choo, K.-K. R. 2015a. "A Survey of Information Security Incident Handling in the Cloud", Computers & Security (49), pp. 45-69.
2. Ab Rahman, N. H., and Choo, K.-K. R. 2015b. "Integrating digital forensic practices in cloud incident handling: A conceptual cloud incident handling model", in Cloud Security EcosystemR. Ko and K.-K. R. Choo (eds.), Waltham, MA: Syngress, an Imprint of Elsevier [In press].
3. ACCA. 2014. "Cloud Readiness Index 2014 - Executive Summary", Asia Cloud Computing Association (available at http://asiacloudcomputing.org/research/cri2014; retrieved February 16, 2014).
4. Bandura, A. 1977. "Self-efficacy: Toward a Unifying Theory of Behavioral Change", Psychological Review (84:2), pp. 191-215.
5. Bing, S., Hai-Feng, W., and Ling, C. 2012. "Study of Network Security Situation in Honeynet", in Proceedings of 2012 International Conference on Modelling, Identification and Control, Shanghai, pp. 519-523.
6. Bojanc, R. 2013. "A Quantitative Model for Information-Security Risk Management", Engineering Management Journal (25:2), pp. 25-37.
7. Choo, K.-K. R. 2010. "Cloud computing: Challenges and future directions", Trends & Issues in Crime and Criminal Justice (400), pp. 1-6.
8. Choo, K.-K. R. 2011. "The Cyber Threat Landscape: Challenges and Future Research Directions", Computer & Security (30:8), pp. 719-731.
9. Choo, K.-K. R. 2014. "Legal issues in the cloud", IEEE Cloud Computing Magazine (1:1), pp. 94-96.
10. Cichonski, P., and Scarfone, K. 2012. "Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology (NIST)", NIST, Gaithersburg.
11. Claar, C. L., and Johnson, J. 2012. "Analyzing Home PC Security Adoption Behavior", Journal of Computer Information Systems (52:4), pp. 20-29.
12. Cloud Security Alliance. 2011. "Security Guidance for Critical Areas of Focus in Cloud Computing", CSA (available at https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf; retrieved August 1, 2014).
13. Cloud Security Alliance. 2013. "The Notorious Nine Cloud Computing Top Threats in 2013", CSA (available at http://www.cloudsecurityalliance.org/topthreats/; retrieved July 12, 2013).
14. Endsley, M. R. 1995. "Toward a Theory of Situation Awareness in Dynamic Systems", Human Factors (37:1), pp. 32-64.
15. European Parliament. 2014. "Report on the US NSA Surveillance Programme, Surveillance Bodies in Various Member States and Their Impact on EU Citizens' Fundamental Rights and on Transatlantic Cooperation in Justice and Home Affairs", (available at http://www.europarl.europa.eu/document/activities/cont/201403/20140306ATT80632/20140306ATT80632EN.pdf; retrieved February 23, 2015).
16. European Union Agency for Network and Information Security. 2013. "Good Practice Guide for Securely Deploying Governmental Clouds", Heraklion, Greece (available at http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/good-practice-guidefor-securely-deploying-governmental-clouds).
17. Federal Bureau of Investigation. 2014. "Arizona Systems Administrator Sentenced for Sabotaging Ex-Employer's Cloud-Computing Server", (available at http://www.fbi.gov/washingtondc/pressreleases/2014/arizona-systems-administrator-sentenced-for-sabotaging-ex-employers-cloudcomputing-server; retrieved February 23, 2015).
18. Grobauer, B., and Schreck, T. 2010. "Towards Incident Handling in the Cloud", in Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW'10), New York, pp. 77-85.
19. Herath, T., and Rao, H. R. 2009. "Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations", European Journal of Information Systems (18:2), pp. 106-125.
20. Hooper, C., Martini, B., and Choo, K.-K. R. 2013. "Cloud computing and its implications for cybercrime investigations in Australia", Computer Law & Security Review (29:2), pp. 152-163.
21. Humaidi, N., and Balakrishnan, V. 2013. "Exploratory Factor Analysis of User's Compliance Behaviour towards Health Information System's Security", Journal of Health & Medical Informatics (4:2), pp. 2-9.
22. Ifinedo, P. 2012. "Understanding Information Systems Security Policy Compliance: An integration of the Theory of Planned Behavior and The Protection Motivation Theory", Computers & Security (31:1), pp. 83-95.
23. Johnston, B. A. C., and Warkentin, M. 2010. "Fear Appeals and Information Security Behaviors: An Empirical Study", Management Information System (MIS) Quarterly (34:3), pp. 549-566.
24. Killcrece, G. 2003. "State of the Practice of Computer Security Incident Response Teams (CSIRTs)", CMU/SEI, Pittsburgh.
25. Killcrece, G., Kossakowski, K.-P., Ruefle, R., and Zajicek, M. 2003. "Organizational Models for Computer Security Incident Response Teams (CSIRTs)", CMU/SEI, Pittsburgh.
26. Lenkala, S. R., Shetty, S., and Xiong, K. 2013. "Security Risk Assessment of Cloud Carrier", in Proceedings of 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing (CCGrid 2013), Delft, May, pp. 442-449.
27. Liang, H., and Xue, Y. 2010. "Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective", Journal of the Association for Information System (11:7), pp. 394-413.
28. Loske, A., Widjaja, T., Benlian, A., and Buxmann, P. 2014. "Perceived IT Security Risks in Cloud Adoption: The Role of Perceptual Incongruence between Users and Providers", in Proceedings of 22nd European Conference on Information Systems (ECIS 2014), Tel Aviv, pp. 1-16.
29. Maddux, J. E., and Rogers, R. W. 1983. "Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change", Journal of Experimental Social Psychology (19:5), pp. 469-479.
30. Meso, P., Ding, Y., and Xu, S. 2013. "Applying Protection Motivation Theory to Information Security Training for College Student", Journal of Information Privacy and Security (9:1), pp. 47-67.
31. Mitropoulos, S., Patsos, D., and Douligeris, C. 2006. "On Incident Handling and Response: A State-ofthe-Art Approach", Computers & Security (25:5), pp. 351-370.
32. Multimedia Development Corporation. 2012. "MSC Malaysia Cloud Initiatives", (available at http://www.mscmalaysia.my/cloud-computing; retrieved February 16, 2015).
33. Murray, R., and Ruefle, M. 2014. "CSIRT Requirements for Situational Awareness", CMU/SEI, Pittsburgh.
34. Ng, B.-Y., Kankanhalli, A., and Xu, Y. 2009. "Studying Users' Computer Security Behavior: A Health Belief Perspective", Decision Support Systems (46:4), pp. 815-825.
35. Nunally, J. 1978. Psychometric Theory, New York: McGraw-Hill.
36. Quick, D., Martini, B., and Choo, K.-K. R. 2014. Cloud Storage Forensics, Waltham, MA: Syngress, an Imprint of Elsevier.
37. Rogers, R. W. 1975. "A Protection Motivation Theory of Fear Appeals and Attitude Change", The Journal of Psychology: Interdisciplinary and Applied (91:1), pp. 93-114.
38. Shedden, P., Ahmad, A., and Ruighaver, A. B. 2010. "Organisational Learning and Incident Response?: Promoting Effective Learning Through The Incident Response Process", in Australian Information Security Management Conference, Perth, pp. 131-142.
39. Siponen, M., Adam Mahmood, M., and Pahnila, S. 2014. "Employees' Adherence to Information Security Policies: An Exploratory Field Study", Information and Management (51:2), pp. 217-224.
40. Skopik, F., Ma, Z., Smith, P., and Bleier, T. 2012. "Designing a Cyber Attack Information System for National Situational Awareness", in Future Security (Vol. 318), Springer Berlin Heidelberg, pp. 277-288.
41. Taylor, R. M. 1990. "Situational Awareness Rating Technique (SART): The Development of a Tool for Aircrew Systems Design", Situational Awareness in Aerospace Operations (37:1), pp. 65-84.
42. Vance, A., Siponen, M., and Pahnila, S. 2012. "Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory", Information & Management (49:3), pp. 190-198.
43. Wang, J., Xiao, N., and Rao, H. R. 2012. "An Exploration of Risk Information Search via a Search Engine: Queries and Clicks in Healthcare and Information Security", Decision Support Systems (52:2), pp. 395-405.
44. West-brown, M. J., Stikvoort, D., Kossakowski, K.-P., Killcrere, G., Ruefle, R., and Zajicek, M. 2003. Handbook for Computer Security Incident Response Teams (CSIRTs) (2nd ed.), Pittsburgh: Carnegie Mellon/SEI.
45. Yegneswaran, V., Barford, P., and Paxson, V. 2005. "Using Honeynets for Internet Situational Awareness", in Proceeding of ACM Hotnet IV, Maryland, pp. 1-6.
46. Zeng, J., Feng, X., Wang, D., and Fang, L. 2014. "Implemention of Cyber Security Situation Awareness", in Web Technologies and Applications W. Han, Z. Huang, C. Hu, H. Zhang, and L. Guo (eds.) (Vol. 2), Springer International Publishing, pp. 225-234.