This special issue presents four papers focusing upon the interrelated issues of security, trust and privacy in online systems; which can collectively be regarded as essential underpinnings if we are to maximise the opportunities offered by networked information technologies. However, past experience demonstrates that their fundamental importance does not guarantee that they will be addressed correctly or given sufficient consideration by the participants in online systems. Specific attention is therefore required in order to ensure that security is approached in a methodical and informed manner, rather than selected, designed and implemented on an ad hoc basis. To do this often requires innovative approaches, and although security is an established domain the papers in this issue demonstrate that there is still significant scope for further advancing the understanding and associated practice.

In an ongoing effort to improve the educational experiences for their students and to open the door to research opportunities, many institutions are investigating innovative methodologies to provide hands-on learning and research environments. The application of virtualisation technologies to the study of computer security and other academic disciplines has had the most significant impact through the development of specialised laboratories utilising workstation or server based virtualisation. While these labs vary greatly in configuration and scope, they share a common purpose; to provide scalable infrastructure solutions to support cybersecurity research and education, training, and awareness. The innovation and variety associated with these labs are remarkable, with the additional challenges and opportunities of each deployment providing a rich foundation for future development and extension to a wider audience. The common component employed in each program is the extensive use of virtualisation. This paper investigates three unique example implementations of these environments which represent the continuum from local to remote access. Findings include the significant amount of resources required to initially create a virtual research environment, the administration requirements, and the advantages of leveraging the knowledge

The definition and deconstruction of culture is an intricate exercise which is multifaceted and multilayered and has at its core, values that drive behaviour and practice often instinctively. One aspect of such culture that is deeply embedded in the medical setting is trust. Researching the influence of culture on security practice is a complex task in this situation, yet information systems research must address such factors if effective information security is to be promoted. In the medical environment this is particularly important as electronic communication is becoming widely adopted and as E-health and shared electronic patient information develops into a focal point for many health services worldwide. Through a series of research projects using traditional methods of investigation, it was identified that trust is a powerful influence on how information security is implemented in primary care medical practices. An underestimation of potential threats coupled with a lack of understanding of security concepts further fosters reliance on trust within this environment. The challenge was to design methods that would investigate the influence of trust within an information systems framework. The methods chosen are a fusion of separate investigative techniques. The combination of methods provides a unique triangulation of interviews, observation and physical artefacts from which to investigate how trust is reported and how it influences practice. The importance of adopting alternative methods within the sphere of information systems research is that it is essential that techniques are used to inform development of effective and contextualised solutions for information security threats in the medical environment.

The purpose of this paper is to present a theoretical model that is based on the overall framework of the technology acceptance models and the concern for information privacy models, to better understand the linkages between the determinants of online transactions in information systems research. Emphasising on the methodological issues used in IS research, the proposed integrated model is focusing on the mediating variables, or the so-called ‘black box’, referring to the relationships between the primary independent and dependent variables, in online transactions. As such in this paper we attempt to fuse acknowledged technology acceptance models with information security and privacy models by proposing a general model which will enable the empirical validation and study of the factors that influence the users’ attitudes toward online transactions. The factors are represented in the model by variables (independent or mediating) and the analysis is proposed to be based on statistical techniques such as structural equation modelling. Since at this current stage the model is formed on a theoretical basis, we consider all mediating variables to be contained in a black box. Challenges such as the number of sub-boxes included in the linear causal process in a black box and what should be included in a sub-box are discussed.

The massive growth in social networks presents the research with many opportunities to study issues of social behaviour and attitudes toward privacy and security in a non-intrusive manner. Subjects happily post discourse and personal information for a public audience that provides invaluable insights into attitudes, social behaviour, group interactions and similar. However, such public exposure of personal information does raise concerns for those researching identity issues, particular those around fraud and theft. An experiment demonstrates the high availability of personal information that is of value for fraudsters, and well as demonstrating issues of cyberbullying and similar. However, it does also raise issues of ethics into the validity of the methodological approach – just because the information is in the public domain, should the subject not have similar ethic rights such as the withdrawal and debriefing as a fully informed subject. This exploration is extended with another experiment that attempts to demonstrate the ease in which fraudsters can obtain information through the naivety of social network users. Therefore, while such data is invaluable to the security researcher and policy makers, the conclusion must be how far the researcher should go before the ethical considerations outweigh the value of the data.