Search results

1 – 10 of over 1000
Content available
Article
Publication date: 16 July 2021

Karen Renaud and Jacques Ophoff

There is widespread concern about the fact that small- and medium-sized enterprises (SMEs) seem to be particularly vulnerable to cyberattacks. This is perhaps because…

Downloads
1001

Abstract

Purpose

There is widespread concern about the fact that small- and medium-sized enterprises (SMEs) seem to be particularly vulnerable to cyberattacks. This is perhaps because smaller businesses lack sufficient situational awareness to make informed decisions in this space, or because they lack the resources to implement security controls and precautions.

Design/methodology/approach

In this paper, Endsley’s theory of situation awareness was extended to propose a model of SMEs’ cyber situational awareness, and the extent to which this awareness triggers the implementation of cyber security measures. Empirical data were collected through an online survey of 361 UK-based SMEs; subsequently, the authors used partial least squares modeling to validate the model.

Findings

The results show that heightened situational awareness, as well as resource availability, significantly affects SMEs’ implementation of cyber precautions and controls.

Research limitations/implications

While resource limitations are undoubtedly a problem for SMEs, their lack of cyber situational awareness seems to be the area requiring most attention.

Practical implications

The findings of this study are reported and recommendations were made that can help to improve situational awareness, which will have the effect of encouraging the implementation of cyber security measures.

Originality/value

This is the first study to apply the situational awareness theory to understand why SMEs do not implement cyber security best practice measures.

Details

Organizational Cybersecurity Journal: Practice, Process and People, vol. 1 no. 1
Type: Research Article
ISSN: 2635-0270

Keywords

To view the access options for this content please click here
Article
Publication date: 14 October 2020

Saurabh Kumar, Baidyanath Biswas, Manjot Singh Bhatia and Manoj Dora

The present study aims to identify and investigate the antecedents of enhanced level of cyber-security at the organisational level from both the technical and the human…

Abstract

Purpose

The present study aims to identify and investigate the antecedents of enhanced level of cyber-security at the organisational level from both the technical and the human resource perspective using human–organisation–technology (HOT) theory.

Design/methodology/approach

The study has been conducted on 151 professionals who have expertise in dealing with cyber-security in organisations in sectors such as retail, education, healthcare, etc. in India. The analysis of the data is carried out using partial least squares based structural equation modelling technique (PLS-SEM).

Findings

The results from the study suggest that “legal consequences” and “technical measures” adopted for securing cyber-security in organisations are the most important antecedents for enhanced cyber-security levels in the organisations. The other significant antecedents for enhanced cyber-security in organisations include “role of senior management” and “proactive information security”.

Research limitations/implications

This empirical study has significant implications for organisations as they can take pre-emptive measures by focussing on important antecedents and work towards enhancing the level of cyber-security.

Originality/value

The originality of this research is combining both technical and human resource perspective in identifying the determinants of enhanced level of cyber-security in the organisations.

Details

Journal of Enterprise Information Management, vol. 34 no. 6
Type: Research Article
ISSN: 1741-0398

Keywords

To view the access options for this content please click here
Article
Publication date: 10 July 2017

Noluxolo Gcaza, Rossouw von Solms, Marthie M. Grobler and Joey Jansen van Vuuren

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security

Downloads
1234

Abstract

Purpose

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined.

Design/methodology/approach

General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture.

Findings

This paper identifies the most important variables in cultivating a cyber security culture.

Research implications

The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions.

Practical implications

Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors.

Originality/value

Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.

Details

Information & Computer Security, vol. 25 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 17 January 2020

Shipra Pandey, Rajesh Kumar Singh, Angappa Gunasekaran and Anjali Kaushik

The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The…

Downloads
1454

Abstract

Purpose

The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The information and communication technology of a firm, which enhances the efficiency and effectiveness in the SC, could simultaneously be the cause of vulnerabilities and exposure to security threats. Researchers have primarily focussed on the cyber-physical system (CPS) vulnerabilities impacting SC. This paper tries to categorize the cyber security risks occurring because of the SCs operating in CPS.

Design/methodology/approach

Based on the flow of information along the upstream and downstream SC, this paper tries to identify cyber security risks in the global SCs. It has further tried to categorize these cyber security risks from a strategic point of view.

Findings

This paper tries to identify the various cyber security risk and cyber-attacks in globalized SC for improving the performance. The 16 cyber security risks have been categorized into three categories, namely, supply risk, operational risk and demand risk. The paper proposes a framework consisting of different cyber-attacks across the information that flows in global SCs along-with suitable mitigation strategies.

Research limitations/implications

The paper presents the conceptual model of cyber security risks and cyber-attacks in globalized SCs based on literature review and industry experts. Further validation and scale development of these risks can be done through empirical study.

Practical implications

This paper provides significant managerial insights by developing a framework for understanding the cyber security risks in terms of the drivers of these risks and how to deal with them. From a managerial perspective, this framework can be used as a decision-making process while considering different cyber security risks across the stages of globalized SCs.

Originality/value

The major contribution of this study is the identification and categorization of cyber security risks across the global SCs in the digital age. Thus, this paper introduces a new phenomenon to the field of management that has the potential to investigate new areas of future research. Based on the categorization, the paper provides insights on how cyber security risks impact the continuity of SC operations.

Details

Journal of Global Operations and Strategic Sourcing, vol. 13 no. 1
Type: Research Article
ISSN: 2398-5364

Keywords

To view the access options for this content please click here
Article
Publication date: 24 September 2019

Karen Renaud, Basie Von Solms and Rossouw Von Solms

The purpose of this paper is to position the preservation and protection of intellectual capital as a cyber security concern. The paper outlines the security requirements…

Downloads
1133

Abstract

Purpose

The purpose of this paper is to position the preservation and protection of intellectual capital as a cyber security concern. The paper outlines the security requirements of intellectual capital to help boards of directors (BoDs) and executive management teams to understand their responsibilities and accountabilities in this respect.

Design/methodology/approach

The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital and to outline actions to be taken by BoDs to do so.

Findings

Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance and merits attention from BoDs.

Research limitations/implications

This paper clarifies BoDs intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.

Practical implications

The authors hope that BoDs will benefit from the clarifications, and especially from the positioning of intellectual capital in cyber space.

Social implications

If BoDs know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.

Originality/value

This paper extends a previous paper published by Von Solms and Von Solms, which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from security researchers.

Details

Journal of Intellectual Capital, vol. 20 no. 5
Type: Research Article
ISSN: 1469-1930

Keywords

To view the access options for this content please click here
Article
Publication date: 29 April 2020

Abhilash Panda and Andrew Bower

The purpose of this paper is to concentrate on the place of cyber security risk in the framework of global commitments adopted in 2015 to reduce disaster risks in an…

Abstract

Purpose

The purpose of this paper is to concentrate on the place of cyber security risk in the framework of global commitments adopted in 2015 to reduce disaster risks in an all-hazards approach. It explores the correlations between traditional risks associated with critical infrastructures – as understood by the Sendai framework – cyber security risks and the cascading effects characteristic of today’s complex and interrelated shocks and stresses. It takes a step further, expanding the focus of traditionally understood technological risks to explore cyber security risks, at the heart of our societies’ digital transformations,and showcase opportunities from the European context.

Design/methodology/approach

By reviewing existing literature on cyber security, disaster resilience and cascading disasters, this paper highlights current challenges and good practices undertaken by various governments.

Findings

Understanding disaster risks is a precondition to improving the mitigation of impacts of existing risks and preventing new risks. Effective risk reduction relies on a solid understanding of losses resulting from events to inform future actions, and on the assessment of risks relying on a robust evidence base and state-of-the-art scientific capacity to model and simulate potential hazards. In this context, embedding cyber security risks, and the complexity of cascading impacts in improving the understanding of disaster risks, calls for appropriate methods and tools allowing for a multi-risk and holistic focus to the assessment of risks and the planning of risk management capacities that follow.

Research limitations/implications

Globally and in Europe, focus on interconnected risk and their impacts is steadily increasing. Risk assessments are still conservative; incorporation of cyber resilience into national and local level DRR plans is yet not visible.

Originality/value

Existing research is restricted to cyber security and disaster resilience, as separated subjects. This paper, for the first time, brings together the interconnection between the two topic options to address them.

Details

International Journal of Disaster Resilience in the Built Environment, vol. 11 no. 4
Type: Research Article
ISSN: 1759-5908

Keywords

To view the access options for this content please click here
Article
Publication date: 13 November 2019

Malcolm Pattinson, Marcus Butavicius, Meredith Lillie, Beau Ciccarello, Kathryn Parsons, Dragana Calic and Agata McCormac

This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees…

Abstract

Purpose

This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness.

Design/methodology/approach

In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training.

Findings

The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels.

Research limitations/implications

Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA.

Practical implications

If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer.

Originality/value

A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.

To view the access options for this content please click here
Article
Publication date: 12 August 2014

Manmohan Chaturvedi, Abhishek Narain Singh, Manmohan Prasad Gupta and Jaijit Bhattacharya

The purpose of this paper is to attempt to fill the need to identify critical information security issues at national level, both technical and social in the Indian…

Abstract

Purpose

The purpose of this paper is to attempt to fill the need to identify critical information security issues at national level, both technical and social in the Indian context, and create a framework of these issues to provide interesting managerial insights about their hierarchy. Current literature advocates relevance of both technical and social issues in a potential framework to address national and organizational information security concerns. Such a framework can guide users in developing insight for strategy in the maize of important information security issues and their intricate interdependency.

Design/methodology/approach

Delphi methodology is used to identify a set of topical issues with help from members of a cyber security group. These issues are further analyzed using Interpretive Structural Modeling (ISM) to impose order and direction to the complex relationships among them.

Findings

The analysis using ISM creates a framework of these issues and provides interesting managerial insights about their hierarchy. These insights are used to recommend prioritized action for information security at national and organizational levels.

Research limitations/implications

The highlight of this research is ingenious deployment of two idea engineering methods in developing interpretable structural model of 25 information security issues. This model provides valuable insights and can guide the policy formulation. This is the key contribution of this paper. It needs hardly any emphasis on the need for continuous search of all technical and social issues and formulating policies and programs using experts” judgment in a rigorous manner. Subsequent research may scale up to the global level for extension and validation by empanelling Delphi experts from nations belonging to different regions. Time-variant analysis can be attempted with the help of System Dynamics Modeling using causal-loop diagrams to account for the supportive and inhibiting influences of various issues. This approach has the potential to generate more realistic insights that can inform policy formulation.

Practical implications

It brings about key information security issues connected with its various facets, viz. national/organizational level initiatives, supportive processes, capabilities and objectives. These issues, identified by Indian experts in the Indian context, offer a method that one could apply in other national contexts and see whether substantial differences occur, and how other experts prioritize these issues. The analysis of social issues along with technical issues using the ISM tool provides us insights that are considered applicable to a larger context than India. The policy and program formulations in other nations can benefit from the insights generated by this research. The fast-paced proliferation of technology and its resultant vulnerabilities have given birth to an underground economy of malware trading by criminals, terrorists and hostile nation states. Secure cyber space for legitimate use by the globalized world can only be achieved by international cooperation.

Social implications

A “digital divide” in cyber defense cannot be afforded. As explained earlier, cyber security is a challenge for both developed and developing nations. Prioritization of resources in a sequence suggested by ISM analysis would help face the challenge of cyber security better. The methodology suggested in this paper would ensure adequate response to cyber threats and eliminate knee-jerk reaction.

Originality/value

This research emphasizes identification of hierarchical relationship among the identified topical issues of information security rather than using them as a flat checklist. It helps us segregate the end objectives from root issues and highlights the necessity of addressing these root issues to achieve those objectives.

Details

Transforming Government: People, Process and Policy, vol. 8 no. 3
Type: Research Article
ISSN: 1750-6166

Keywords

To view the access options for this content please click here
Article
Publication date: 8 July 2014

Issa Atoum, Ahmed Otoom and Amer Abu Ali

The purpose of this paper is to propose a holistic cyber security implementation framework (HCS-IF) that lays out the ground for a conceptual, coherent, systematic…

Downloads
3601

Abstract

Purpose

The purpose of this paper is to propose a holistic cyber security implementation framework (HCS-IF) that lays out the ground for a conceptual, coherent, systematic, overarching and consolidated approach to implement cyber security strategies (CSSs).

Design/methodology/approach

The HCS-IF is conceptually proposed to address the actual needs that are extracted from literature review. The HCS-IF uses and integrates a set of high-level conceptual security controls, solutions, processes, entities, tools, techniques or mechanisms that are already known in the domains of information security management, software engineering and project management to address the identified needs.

Findings

The HCS-IF components and controls collectively interact and cooperate to implement CSSs. The proposed framework is compared with other related frameworks, and the results show that the HCS-IF outperforms other frameworks on most of the suggested comparison criteria.

Originality/value

From a practical standpoint, governments and practitioners alike stand to gain from the findings of this research. Governments who want to implement CSSs on a national level will find the proposed framework useful in overseeing cyber security implementation. Practitioners will be prepared to address the anticipated cyber security implementation challenges and the required controls needed to facilitate cyber-security implementation in a holistic overarching manner.

Details

Information Management & Computer Security, vol. 22 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article
Publication date: 7 January 2019

Filip Caron

The purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence.

Abstract

Purpose

The purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence.

Design/methodology/approach

The paper starts with an identification of the applicable cyber-testing techniques and evaluates their applicability to generally accepted assurance schemes and cyber-security guidelines.

Findings

Cyber-testing techniques are providing insight in the effectiveness of the actual implementation of cyber-security controls, which may significantly deviate from the conceptual designs of these controls. Furthermore, cyber-testing techniques could provide concise input for cyber-risk management and improvement recommendations.

Originality/value

The presented cyber-testing techniques could complement traditional process-oriented assurance techniques with specialized technical analyses of real-world implementations that focus on the adversaries’ viewpoint.

Details

Managerial Auditing Journal, vol. 36 no. 2
Type: Research Article
ISSN: 0268-6902

Keywords

1 – 10 of over 1000