Search results

1 – 10 of over 4000
Content available
Article
Publication date: 16 July 2021

Karen Renaud and Jacques Ophoff

There is widespread concern about the fact that small- and medium-sized enterprises (SMEs) seem to be particularly vulnerable to cyberattacks. This is perhaps because…

Abstract

Purpose

There is widespread concern about the fact that small- and medium-sized enterprises (SMEs) seem to be particularly vulnerable to cyberattacks. This is perhaps because smaller businesses lack sufficient situational awareness to make informed decisions in this space, or because they lack the resources to implement security controls and precautions.

Design/methodology/approach

In this paper, Endsley’s theory of situation awareness was extended to propose a model of SMEs’ cyber situational awareness, and the extent to which this awareness triggers the implementation of cyber security measures. Empirical data were collected through an online survey of 361 UK-based SMEs; subsequently, the authors used partial least squares modeling to validate the model.

Findings

The results show that heightened situational awareness, as well as resource availability, significantly affects SMEs’ implementation of cyber precautions and controls.

Research limitations/implications

While resource limitations are undoubtedly a problem for SMEs, their lack of cyber situational awareness seems to be the area requiring most attention.

Practical implications

The findings of this study are reported and recommendations were made that can help to improve situational awareness, which will have the effect of encouraging the implementation of cyber security measures.

Originality/value

This is the first study to apply the situational awareness theory to understand why SMEs do not implement cyber security best practice measures.

Details

Organizational Cybersecurity Journal: Practice, Process and People, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2635-0270

Keywords

To view the access options for this content please click here
Book part
Publication date: 6 September 2021

Eileen M. Decker, Matthew Morin and Eric M. Rosner

Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also…

Abstract

Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a constant stream of cyberattacks through varied methods by actors with myriad motivations. These threats are not expected to diminish in the near future. As a result, homeland security and national security professionals at all levels of government must understand the unique motivations and capabilities of malicious cyber actors in order to better protect against and respond to cyberattacks. This chapter outlines the most common cyberattacks; explains the motivations behind these attacks; and describes the federal, state, and local efforts to address these threats.

Details

The Role of Law Enforcement in Emergency Management and Homeland Security
Type: Book
ISBN: 978-1-78769-336-4

Keywords

To view the access options for this content please click here
Article
Publication date: 11 March 2019

Uchenna Daniel Ani, Hongmei He and Ashutosh Tiwari

As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within…

Downloads
1200

Abstract

Purpose

As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting human-factor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment.

Design/methodology/approach

A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques.

Findings

Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce.

Practical implications

The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies.

Originality/value

This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.

Details

Journal of Systems and Information Technology, vol. 21 no. 1
Type: Research Article
ISSN: 1328-7265

Keywords

To view the access options for this content please click here
Article
Publication date: 12 August 2014

Manmohan Chaturvedi, Abhishek Narain Singh, Manmohan Prasad Gupta and Jaijit Bhattacharya

The purpose of this paper is to attempt to fill the need to identify critical information security issues at national level, both technical and social in the Indian…

Abstract

Purpose

The purpose of this paper is to attempt to fill the need to identify critical information security issues at national level, both technical and social in the Indian context, and create a framework of these issues to provide interesting managerial insights about their hierarchy. Current literature advocates relevance of both technical and social issues in a potential framework to address national and organizational information security concerns. Such a framework can guide users in developing insight for strategy in the maize of important information security issues and their intricate interdependency.

Design/methodology/approach

Delphi methodology is used to identify a set of topical issues with help from members of a cyber security group. These issues are further analyzed using Interpretive Structural Modeling (ISM) to impose order and direction to the complex relationships among them.

Findings

The analysis using ISM creates a framework of these issues and provides interesting managerial insights about their hierarchy. These insights are used to recommend prioritized action for information security at national and organizational levels.

Research limitations/implications

The highlight of this research is ingenious deployment of two idea engineering methods in developing interpretable structural model of 25 information security issues. This model provides valuable insights and can guide the policy formulation. This is the key contribution of this paper. It needs hardly any emphasis on the need for continuous search of all technical and social issues and formulating policies and programs using experts” judgment in a rigorous manner. Subsequent research may scale up to the global level for extension and validation by empanelling Delphi experts from nations belonging to different regions. Time-variant analysis can be attempted with the help of System Dynamics Modeling using causal-loop diagrams to account for the supportive and inhibiting influences of various issues. This approach has the potential to generate more realistic insights that can inform policy formulation.

Practical implications

It brings about key information security issues connected with its various facets, viz. national/organizational level initiatives, supportive processes, capabilities and objectives. These issues, identified by Indian experts in the Indian context, offer a method that one could apply in other national contexts and see whether substantial differences occur, and how other experts prioritize these issues. The analysis of social issues along with technical issues using the ISM tool provides us insights that are considered applicable to a larger context than India. The policy and program formulations in other nations can benefit from the insights generated by this research. The fast-paced proliferation of technology and its resultant vulnerabilities have given birth to an underground economy of malware trading by criminals, terrorists and hostile nation states. Secure cyber space for legitimate use by the globalized world can only be achieved by international cooperation.

Social implications

A “digital divide” in cyber defense cannot be afforded. As explained earlier, cyber security is a challenge for both developed and developing nations. Prioritization of resources in a sequence suggested by ISM analysis would help face the challenge of cyber security better. The methodology suggested in this paper would ensure adequate response to cyber threats and eliminate knee-jerk reaction.

Originality/value

This research emphasizes identification of hierarchical relationship among the identified topical issues of information security rather than using them as a flat checklist. It helps us segregate the end objectives from root issues and highlights the necessity of addressing these root issues to achieve those objectives.

Details

Transforming Government: People, Process and Policy, vol. 8 no. 3
Type: Research Article
ISSN: 1750-6166

Keywords

To view the access options for this content please click here
Article
Publication date: 10 July 2017

Noluxolo Gcaza, Rossouw von Solms, Marthie M. Grobler and Joey Jansen van Vuuren

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security

Downloads
1204

Abstract

Purpose

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined.

Design/methodology/approach

General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture.

Findings

This paper identifies the most important variables in cultivating a cyber security culture.

Research implications

The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions.

Practical implications

Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors.

Originality/value

Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.

Details

Information & Computer Security, vol. 25 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 9 April 2018

Kofi Koranteng Adu and Emmanuel Adjei

This study aims to investigate the cyber security awareness and policies within corporate organisations in Ghana.

Downloads
1438

Abstract

Purpose

This study aims to investigate the cyber security awareness and policies within corporate organisations in Ghana.

Design/methodology/approach

Using both quantitative and qualitative approaches underpinned by questionnaire and document analysis, data were collected from 100 participants centred on cyber security awareness and information policies.

Findings

The study underscored that, although corporate organisations had a good knowledge of IT, their awareness of cyber security remains limited. It observed that most organisations in Ghana are not integrating legal aspects into their information security policies. It proposed the need to increase the security awareness of corporate organisation, particularly because of the vulnerabilities they are exposed to.

Research limitations/implications

The implication of the paper with respect to theory, practice and future research lies in the recommendations the authors have proffered, such as the implementation of security awareness training programme, need assessment and the outsourcing of qualified service providers.

Practical implications

The study is useful for policy makers in the management of Ghana’s IT infrastructure.

Originality/value

This study is being undertaken at a period when Ghana has made progressive development and giant steps in the IT industry compared to its counterparts in sub-Saharan Africa. The developed nature of Ghana’s IT infrastructure requires the development of policies for cyber security to prevent data loses and protect the national infrastructure from threats. Undertaking a study on cyber security in an environment where cyber issues are hardly discussed is worthwhile.

Details

foresight, vol. 20 no. 2
Type: Research Article
ISSN: 1463-6689

Keywords

To view the access options for this content please click here
Article
Publication date: 24 September 2019

Karen Renaud, Basie Von Solms and Rossouw Von Solms

The purpose of this paper is to position the preservation and protection of intellectual capital as a cyber security concern. The paper outlines the security requirements…

Downloads
1091

Abstract

Purpose

The purpose of this paper is to position the preservation and protection of intellectual capital as a cyber security concern. The paper outlines the security requirements of intellectual capital to help boards of directors (BoDs) and executive management teams to understand their responsibilities and accountabilities in this respect.

Design/methodology/approach

The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital and to outline actions to be taken by BoDs to do so.

Findings

Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance and merits attention from BoDs.

Research limitations/implications

This paper clarifies BoDs intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.

Practical implications

The authors hope that BoDs will benefit from the clarifications, and especially from the positioning of intellectual capital in cyber space.

Social implications

If BoDs know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.

Originality/value

This paper extends a previous paper published by Von Solms and Von Solms, which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from security researchers.

Details

Journal of Intellectual Capital, vol. 20 no. 5
Type: Research Article
ISSN: 1469-1930

Keywords

To view the access options for this content please click here
Article
Publication date: 2 December 2019

Abhijeet Ghadge, Maximilian Weiß, Nigel D. Caldwell and Richard Wilding

In spite of growing research interest in cyber security, inter-firm based cyber risk studies are rare. Therefore, this study aims to investigate cyber risk management in…

Downloads
2476

Abstract

Purpose

In spite of growing research interest in cyber security, inter-firm based cyber risk studies are rare. Therefore, this study aims to investigate cyber risk management in supply chain contexts.

Design/methodology/approach

Adapting a systematic literature review process, papers from interdisciplinary areas published between 1990 and 2017 were selected. Different typologies, developed for conducting descriptive and thematic analysis, were established using data mining techniques to conduct a comprehensive, replicable and transparent review.

Findings

The review identifies multiple future research directions for cyber security/resilience in supply chains. A conceptual model is developed, which indicates a strong link between information technology, organisational and supply chain security systems. The human/behavioural elements within cyber security risk are found to be critical; however, behavioural risks have attracted less attention because of a perceived bias towards technical (data, application and network) risks. There is a need for raising risk awareness, standardised policies, collaborative strategies and empirical models for creating supply chain cyber-resilience.

Research limitations/implications

Different types of cyber risks and their points of penetration, propagation levels, consequences and mitigation measures are identified. The conceptual model developed in this study drives an agenda for future research on supply chain cyber security/resilience.

Practical implications

A multi-perspective, systematic study provides a holistic guide for practitioners in understanding cyber-physical systems. The cyber risk challenges and the mitigation strategies identified support supply chain managers in making informed decisions.

Originality/value

To the best of the authors’ knowledge, this is the first systematic literature review on managing cyber risks in supply chains. The review defines supply chain cyber risk and develops a conceptual model for supply chain cyber security systems and an agenda for future studies.

To view the access options for this content please click here
Article
Publication date: 17 January 2020

Shipra Pandey, Rajesh Kumar Singh, Angappa Gunasekaran and Anjali Kaushik

The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The…

Downloads
1325

Abstract

Purpose

The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The information and communication technology of a firm, which enhances the efficiency and effectiveness in the SC, could simultaneously be the cause of vulnerabilities and exposure to security threats. Researchers have primarily focussed on the cyber-physical system (CPS) vulnerabilities impacting SC. This paper tries to categorize the cyber security risks occurring because of the SCs operating in CPS.

Design/methodology/approach

Based on the flow of information along the upstream and downstream SC, this paper tries to identify cyber security risks in the global SCs. It has further tried to categorize these cyber security risks from a strategic point of view.

Findings

This paper tries to identify the various cyber security risk and cyber-attacks in globalized SC for improving the performance. The 16 cyber security risks have been categorized into three categories, namely, supply risk, operational risk and demand risk. The paper proposes a framework consisting of different cyber-attacks across the information that flows in global SCs along-with suitable mitigation strategies.

Research limitations/implications

The paper presents the conceptual model of cyber security risks and cyber-attacks in globalized SCs based on literature review and industry experts. Further validation and scale development of these risks can be done through empirical study.

Practical implications

This paper provides significant managerial insights by developing a framework for understanding the cyber security risks in terms of the drivers of these risks and how to deal with them. From a managerial perspective, this framework can be used as a decision-making process while considering different cyber security risks across the stages of globalized SCs.

Originality/value

The major contribution of this study is the identification and categorization of cyber security risks across the global SCs in the digital age. Thus, this paper introduces a new phenomenon to the field of management that has the potential to investigate new areas of future research. Based on the categorization, the paper provides insights on how cyber security risks impact the continuity of SC operations.

Details

Journal of Global Operations and Strategic Sourcing, vol. 13 no. 1
Type: Research Article
ISSN: 2398-5364

Keywords

To view the access options for this content please click here
Article
Publication date: 11 December 2018

Claudia Colicchia, Alessandro Creazza and David A. Menachof

The purpose of this paper is to explore how companies approach the management of cyber and information risks in their supply chain, what initiatives they adopt to this…

Downloads
3003

Abstract

Purpose

The purpose of this paper is to explore how companies approach the management of cyber and information risks in their supply chain, what initiatives they adopt to this aim, and to what extent along the supply chain. In fact, the increasing level of connectivity is transforming supply chains, and it creates new opportunities but also new risks in the cyber space. Hence, cyber supply chain risk management (CSCRM) is emerging as a new management construct. The ultimate aim is to help organizations in understanding and improving the CSCRM process and cyber resilience in their supply chains.

Design/methodology/approach

This research relied on a qualitative approach based on a comparative case study analysis involving five large multinational companies with headquarters, or branches, in the UK.

Findings

Results highlight the importance for CSCRM to shift the viewpoint from the traditional focus on companies’ internal information technology (IT) infrastructure, able to “firewall themselves” only, to the whole supply chain with a cross-functional approach; initiatives for CSCRM are mainly adopted to “respond” and “recover” without a well-rounded approach to supply chain resilience for a long-term capacity to adapt to changes according to an evolutionary approach. Initiatives are adopted at a firm/dyadic level, and a network perspective is missing.

Research limitations/implications

This paper extends the current theory on cyber and information risks in supply chains, as a combination of supply chain risk management and resilience, and information risk management. It provides an analysis and classification of cyber and information risks, sources of risks and initiatives to managing them according to a supply chain perspective, along with an investigation of their adoption across the supply chain. It also studies how the concept of resilience has been deployed in the CSCRM process by companies. By laying the first empirical foundations of the subject, this study stimulates further research on the challenges and drivers of initiatives and coordination mechanisms for CSCRM at a supply chain network level.

Practical implications

Results invite companies to break the “silos” of their activities in CSCRM, embracing the whole supply chain network for better resilience. The adoption of IT security initiatives should be combined with organisational ones and extended beyond the dyad. Where applicable, initiatives should be bi-directional to involve supply chain partners, remove the typical isolation in the CSCRM process and leverage the value of information. Decisions on investments in CSCRM should involve also supply chain managers according to a holistic approach.

Originality/value

A supply chain perspective in the existing scientific contributions is missing in the management of cyber and information risk. This is one of the first empirical studies dealing with this interdisciplinary subject, focusing on risks that are now very high in the companies’ agenda, but still overlooked. It contributes to theory on information risk because it addresses cyber and information risks in massively connected supply chains through a holistic approach that includes technology, people and processes at an extended level that goes beyond the dyad.

Details

Supply Chain Management: An International Journal, vol. 24 no. 2
Type: Research Article
ISSN: 1359-8546

Keywords

1 – 10 of over 4000