Search results

The purpose of this paper is to try to reach the main factors that could put national security at risk as a result of government cloud computing programs.

The paper adopts the analytical approach to first lay foundations of the relation between national security, cybersecurity and cloud computing, then it moves to analyze the main vulnerabilities that could affect national security in cases of government cloud computing usage.

The paper reached several findings such as the relation between cybersecurity and national security as well as a group of factors that may affect national security when governments shift to cloud computing mainly pertaining to storing data over the internet, the involvement of a third party, the lack of clear regulatory frameworks inside and between countries.

Governments are continuously working on developing their digital capacities to meet citizens’ demands. One of the most trending technologies adopted by governments is “cloud computing”, because of the tremendous advantages that the technology provides; such as huge cost-cutting, huge storage and computing capabilities. However, shifting to cloud computing raises a lot of security concerns.

The value of the paper resides in the novelty of the topic, which is a new contribution to the theoretical literature on relations between new technologies and national security. It is empirically important as well to help governments stay safe while enjoying the advantages of cloud computing.

Safety and security (S&S) are critical concerns in South Africa, especially in Cape Town, one of the country’s most crime-ridden cities. The University of Cape Town (UCT), situated on a large, open campus, has experienced increased malefaction. Facilities management (FM) services at universities bear the primary responsibility for providing S&S to their communities. To comprehensively understand and address the community’s demands regarding S&S, the current study was conducted to investigate the challenges specific to open universities. This study aims to determine whether implementing community-based FM (CbFM) principles and using technological innovations could offer a more effective and sustainable solution.

The study adopted interpretivist overarching case study methodology, which is ontologically based. A mixed-method approach was used to incorporate the strengths and limitations of the weaknesses of both methods. The data collection took the form of an online survey of the university community and semi-structured interviews with university executive management to obtain data from the single case study of UCT. Descriptive statistics were used to analyze the quantitative data, and thematic analysis was used to identify emergent themes from the qualitative data.

The study presents an overall view of the provision of S&S at UCT, the unique challenges faced by management and the main S&S issues affecting the community. Moreover, the study reveals that UCT has implemented community participation processes in the past with limited success. This is because the strategies implemented constitute a narrow perspective of community participation. Therefore, a much smarter and more inclusive perspective using technological innovation is required for successful community participation to occur and to be successfully used in providing S&S toward achieving future-proofing facilities.

This research has demonstrated the influence of CbFM and innovative technologies on the S&S of the open campus. Hence, future-proof facilities can be achieved when FM actively engages university communities in managing campuses through technological innovation.

The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises.

This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence?

In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel.

This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn.

Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations.

Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats.

Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to other structures, it is incumbent to discover if there are measurable benefits. This research hopes to define the concept of security collaboration optimization more fully. The eventual goal is to develop and promote a tool useful for organizations to measure where they are on such a continuum.

This paper aims to propose a new method to derive custom dynamic cyber risk metrics based on the well-known Goal, Question, Metric (GQM) approach. A framework that complements it and makes it much easier to use has been proposed too. Both, the method and the framework, have been validated within two challenging application domains: continuous risk assessment within a smart farm and risk-based adaptive security to reconfigure a Web application firewall.

The authors have identified a problem and provided motivation. They have developed their theory and engineered a new method and a framework to complement it. They have demonstrated the proposed method and framework work, validating them in two real use cases.

The GQM method, often applied within the software quality field, is a good basis for proposing a method to define new tailored cyber risk metrics that meet the requirements of current application domains. A comprehensive framework that formalises possible goals and questions translated to potential measurements can greatly facilitate the use of this method.

The proposed method enables the application of the GQM approach to cyber risk measurement. The proposed framework allows new cyber risk metrics to be inferred by choosing between suggested goals and questions and measuring the relevant elements of probability and impact. The authors’ approach demonstrates to be generic and flexible enough to allow very different organisations with heterogeneous requirements to derive tailored metrics useful for their particular risk management processes.

This paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance cybersecurity (CS).

The questionnaire was used to collect data for 97 internal auditors (IAu) from the Gulf Cooperation Council countries. The authors used partial least squares (PLS) to test the hypotheses.

The results show a positive effect of the ADRIA on each of the organisational proactive measures, human proactive measures and technical proactive measures to enhance CS. The study also found a positive effect of the confirmatory role of IA on both human proactive measures and technical proactive measures to enhance CS. No effect of the confirmatory role of IA on the organisational proactive measures is found.

This study focused on only three proactive measures to enhance CS, and this study was limited to the opinions of IAu. In addition, the study was limited to using regression analysis according to the PLS method.

The results of this study show that managers need to consider the influential role of IA as a value-adding activity in reducing CS risks and activating proactive measures. Also, IAu must expand its capabilities, skills and knowledge in CS auditing to provide a bold view of cyber threats. At the same time, the institutions responsible for preparing IA standards should develop standards and guidelines that help IAu to play assurance and advisory roles.

To the best of the authors’ knowledge, this is the first study of its kind that deals with the impact of the assurance and ADRIA on proactive measures to enhance CS. In addition, the study determines the nature of the advisory role and the assurance role of IA to strengthen CS.

This study aims to examine the relationship between blockchain technology (BCT) adoption and firm performance (FIP) mediated by cyber-security risk management (CSRM) in the context of Vietnam, a developing country. Besides, the mediating effect of risk-taking tendency (RTT) has been considered in the BCT–CSRM nexus.

Data is collected using a survey questionnaire of Vietnamese financial firms through strict screening steps to ensure the representativeness of the population. The ending pattern of 449 responses has been used for analysis.

The findings of partial least squares structural equation modeling demonstrated that CSRM has a positive effect on FIP and acts as a mediator in the BCT–FIP nexus. Furthermore, RTT moderates the relationship between BCT and CSRM significantly.

This study introduces the attractive attributes of applying BCT to CSRM. Accordingly, managers should rely on BCT and take advantage of it to improve investment resources, business activities and functional areas to enhance their firm's CSRM. Especially, managers should pay attention to enhancing their RTT, which improves FIP.

This study supplements the previous literature in the context of CSRM by indicating favorable effects of BCT and RTT. Additionally, this study identifies the effectiveness of RTT as well as its moderating role. Ultimately, this paper has been managed as a pioneering empirical study that integrates BCT, RTT and CSRM in the same model in a developing country, specifically Vietnam.

Multinational business deliver value via multiple sites with similar operational capacities. The age of the Fourth Industrial Revolution (4IR) delivers significant opportunities for the deployment of digital tools for business optimization. Therefore, this study aims to study the Industry 4.0 implementation for multinationals.

The key objective of this research is multi-site systems integration using a reproducible, modular and standardized “Cyber Physical System (CPS) as-a-Service”.

A best practice reference architecture is adopted to guide the design and delivery of a pioneering CPS multi-site deployment. The CPS deployed is a cloud-based platform adopted to enable all manufacturing areas within a multinational energy and petrochemical company. A methodology is developed to quantify the system environmental and sustainability benefits focusing on reduced carbon dioxide (CO₂) emissions and energy consumption. These results demonstrate the benefits of standardization, replication and digital enablement for multinational businesses.

The research illustrates the ability to design a single system, reproducible for multiple sites. This research also illustrates the beneficial impact of system reuse due to reduced environmental impact from lower CO₂ emissions and energy consumption. The paper assists organizations in deploying complex systems while addressing multinational systems implementation constraints and standardization.

This paper aims to overcome the inability of both comparing loss costs and accounting for production resource losses of Overall Equipment Effectiveness (OEE)-related approaches.

The authors conducted a literature review about the studies focusing on approaches combining OEE with monetary units and/or resource issues. The authors developed an approach based on Overall Equipment Cost Loss (OECL), introducing a component for the production resource consumption of a machine. A real case study about a smart multicenter three-spindle machine is used to test the applicability of the approach.

The paper proposes Resource Overall Equipment Cost Loss (ROECL), i.e. a new KPI expressed in monetary units that represents the total cost of losses (including production resource ones) caused by inefficiencies and deviations of the machine or equipment from its optimal operating status occurring over a specific time period. ROECL enables to quantify the variation of the product cost occurring when a machine or equipment changes its health status and to determine the actual product cost for a given production order. In the analysed case study, the most critical production orders showed an actual production cost about 60% higher than the minimal cost possible under the most efficient operating conditions.

The proposed approach may support both production and cost accounting managers during the identification of areas requiring attention and representing opportunities for improvement in terms of availability, performance, quality, and resource losses.

This study aims to develop a modular and prescriptive digital transformation maturity model whose constituent elements have conceptual integrity as well as reveal the priority weights of maturity model components.

A literature review with a concept-centric analysis enlightens the characteristics of constituent parts and reveals the gaps for each component. Therefore, the interdependency network among model dimensions and priority weights are identified using decision-making trial and evaluation laboratory (DEMATEL)-based analytic network process (ANP) method, including 19 industrial experts, and the results are robustly validated with three different analyses. Finally, the applicability of the developed maturity model and the constituent elements are validated in the context of the manufacturing industry with two case applications through a strict protocol.

Results obtained from DEMATEL-based ANP suggest that smart processes with a priority weight of 17.91% are the most important subdimension for reaching higher digital maturity. Customer integration and value, with a priority weight of 17.30%, is the second most important subdimension and talented employee, with 16.24%, is the third most important subdimension.

The developed maturity model enables companies to make factual assessments with specially designed measurement instrument including incrementally evolved questions, prioritize action fields and investment strategies according to maturity index calculations and adapt to the dynamic change in the environment with spiral maturity level identification.

A novel spiral maturity level identification is proposed with conceptual consistency for evolutionary progress to adapt to dynamic change. A measurement instrument that is incrementally structured with 234 statements and a measurement method that is based on the priority weights and leads to calculating the maturity index are designed to assess digital maturity, create an improvement roadmap to reach higher maturity levels and prioritize actions and investments without any external support and assistance.