Search results
21 – 30 of over 2000Uchenna Daniel Ani, Hongmei He and Ashutosh Tiwari
As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the…
Abstract
Purpose
As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting human-factor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment.
Design/methodology/approach
A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques.
Findings
Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce.
Practical implications
The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies.
Originality/value
This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.
Details
Keywords
Yoel Raban and Aharon Hauptman
The cyber security industry emerged rapidly in recent years due to mounting cyber threats and increasing cyber hacking activities. Research on emerging technologies emphasizes the…
Abstract
Purpose
The cyber security industry emerged rapidly in recent years due to mounting cyber threats and increasing cyber hacking activities. Research on emerging technologies emphasizes the risks and sometimes neglects to address the potential positive contribution to cyber security. The purpose of this study is to conduct a relatively balanced long-term foresight study to elicit major significant threat drivers and to identify emerging technologies that are likely to have a significant impact on defense and attack capabilities in cyber security.
Design/methodology/approach
The main instruments used in this study were horizon scanning and an online survey among subject-matter experts that assessed emerging threats and the potential impact of several emerging technologies on cyber defense capabilities and cyber attack capabilities.
Findings
An expert survey shows that cyber resilience, homomorphic encryption and blockchain may be considered as technologies contributing mainly to defense capabilities. On the other hand, Internet of Things, biohacking and human machine interface (HMI) and autonomous technologies add mainly to attack capabilities. In the middle, we find autonomous technologies, quantum computing and artificial intelligence that contribute to defense, as well as to attack capabilities, with roughly similar impact on both.
Originality/value
This study adds to the current research a balanced long-term view and experts’ assessment of negative and positive impacts of emerging technologies, including their time to maturity and consensus levels. Two new Likert scale measures were applied to measure the potential impact of emerging technologies on cyber security, thus enabling the classification of the results into four groups (net positive, net negative, positive-positive and negative-negative).
Kofi Koranteng Adu and Emmanuel Adjei
This study aims to investigate the cyber security awareness and policies within corporate organisations in Ghana.
Abstract
Purpose
This study aims to investigate the cyber security awareness and policies within corporate organisations in Ghana.
Design/methodology/approach
Using both quantitative and qualitative approaches underpinned by questionnaire and document analysis, data were collected from 100 participants centred on cyber security awareness and information policies.
Findings
The study underscored that, although corporate organisations had a good knowledge of IT, their awareness of cyber security remains limited. It observed that most organisations in Ghana are not integrating legal aspects into their information security policies. It proposed the need to increase the security awareness of corporate organisation, particularly because of the vulnerabilities they are exposed to.
Research limitations/implications
The implication of the paper with respect to theory, practice and future research lies in the recommendations the authors have proffered, such as the implementation of security awareness training programme, need assessment and the outsourcing of qualified service providers.
Practical implications
The study is useful for policy makers in the management of Ghana’s IT infrastructure.
Originality/value
This study is being undertaken at a period when Ghana has made progressive development and giant steps in the IT industry compared to its counterparts in sub-Saharan Africa. The developed nature of Ghana’s IT infrastructure requires the development of policies for cyber security to prevent data loses and protect the national infrastructure from threats. Undertaking a study on cyber security in an environment where cyber issues are hardly discussed is worthwhile.
Details
Keywords
Malik Muneer Abu Afifa, Tho Hoang Nguyen, Lien Thuy Le Nguyen, Thuy Hong Thi Tran and Nhan Thanh Dao
This study aims to examine the relationship between blockchain technology (BCT) adoption and firm performance (FIP) mediated by cyber-security risk management (CSRM) in the…
Abstract
Purpose
This study aims to examine the relationship between blockchain technology (BCT) adoption and firm performance (FIP) mediated by cyber-security risk management (CSRM) in the context of Vietnam, a developing country. Besides, the mediating effect of risk-taking tendency (RTT) has been considered in the BCT–CSRM nexus.
Design/methodology/approach
Data is collected using a survey questionnaire of Vietnamese financial firms through strict screening steps to ensure the representativeness of the population. The ending pattern of 449 responses has been used for analysis.
Findings
The findings of partial least squares structural equation modeling demonstrated that CSRM has a positive effect on FIP and acts as a mediator in the BCT–FIP nexus. Furthermore, RTT moderates the relationship between BCT and CSRM significantly.
Practical implications
This study introduces the attractive attributes of applying BCT to CSRM. Accordingly, managers should rely on BCT and take advantage of it to improve investment resources, business activities and functional areas to enhance their firm's CSRM. Especially, managers should pay attention to enhancing their RTT, which improves FIP.
Originality/value
This study supplements the previous literature in the context of CSRM by indicating favorable effects of BCT and RTT. Additionally, this study identifies the effectiveness of RTT as well as its moderating role. Ultimately, this paper has been managed as a pioneering empirical study that integrates BCT, RTT and CSRM in the same model in a developing country, specifically Vietnam.
Details
Keywords
Călin Mihail Rangu, Leonardo Badea, Mircea Constantin Scheau, Larisa Găbudeanu, Iulian Panait and Valentin Radu
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented…
Abstract
Purpose
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.
Design/methodology/approach
The authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.
Findings
The study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.
Research limitations/implications
This research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.
Practical implications
Proposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.
Originality/value
The study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.
Details
Keywords
Felicitas Hoppe, Nadine Gatzert and Petra Gruner
This article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.
Abstract
Purpose
This article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.
Design/methodology/approach
This is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.
Findings
The results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.
Originality/value
This paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.
Details
Keywords
This paper aims to describe the history of cyber security public international law since 1850 that is found in treaty instruments developed by the signatory nations of what is now…
Abstract
Purpose
This paper aims to describe the history of cyber security public international law since 1850 that is found in treaty instruments developed by the signatory nations of what is now known as the International Telecommunication Union (ITU). Because of the esoteric nature of the subject and, until recently, the very difficult access to reference materials, knowledge of these provisions was confined to a handful of scholars.
Design/methodology/approach
To prepare this article, it was necessary to download the entire new ITU History Portal collection of treaty instruments, adding the US archive collection scans of missing documents, conversion to plain text, identification and linking of key provisions across time, detecting the differences, and then pursuing related material to find out why the text arose.
Findings
What the material reveals is a 150‐year history of cybersecurity law that is not only relevant to significant developments today, but also controlling as a set of obligations that virtually every nation has accepted.
Research limitations/implications
It is hoped that this article will not only be helpful going forward in dealing with the difficult challenges of evolving these provisions, but will also serve as a kind of template for a new generation that not only questions authority, but also appreciates the value of source materials, accessing them, and doing the necessary analysis rather than just visiting a search engine.
Originality/value
The history of the cyber security public international law in the international telecommunication treaty instruments has never been compiled before.
Details
Keywords
Rayne Reid and Johan van Niekerk
– This paper aims to demonstrate that learners prefer brain-compatible cyber security educational material, over traditional presentation methods.
Abstract
Purpose
This paper aims to demonstrate that learners prefer brain-compatible cyber security educational material, over traditional presentation methods.
Design/methodology/approach
A prototype brain-compatible cyber security educational system was evaluated using a survey as a research instrument.
Findings
Presenting cyber security material in a brain-compatible manner is an effective way in which to stimulate the learners’ interest, engages them in the learning experience and motivates them to learn.
Originality/value
As far as could be determined, no previous studies showed the relevance of brain-compatible pedagogical techniques to cyber security education.
Details
Keywords
The impact of the new additions to the Wassenaar Arrangement.
Details
DOI: 10.1108/OXAN-DB199906
ISSN: 2633-304X
Keywords
Geographic
Topical
This article surveys why libraries are vulnerable to social engineering attacks and how to manage risks of human-caused cyber threats on organizational level; investigates…
Abstract
Purpose
This article surveys why libraries are vulnerable to social engineering attacks and how to manage risks of human-caused cyber threats on organizational level; investigates Estonian library staff awareness of information security and shares recommendations concerning focus areas that should be given more attention in the future.
Design/methodology/approach
The data used in this paper is based on an overview of relevant literature highlighting the theoretical points and giving the reasons why human factor is considered the weakest link in information security and cyber security and studying how to mitigate the related risks in the organisation. To perform the survey, a web questionnaire was designed which included 63 sentences and was developed based on the knowledge-attitude-behaviour (KAB) model supported by Kruger and Kearney and Human Aspects of Information Security Questionnaire (HAIS-Q) designed by Parsons et al.
Findings
The research results show that the information security awareness of library employees is at a good level; however, awareness in two focus areas needs special attention and should be improved. The output of this study is the mapping of seven focus areas of information security policy in libraries based on the HAIS-Q framework and the KAB model.
Originality/value
The cyber awareness of library employees has not been studied in the world using HAIS-Q and KAB model, and to the best of the authors’ knowledge, no research has been previously carried out in the Estonian library context into cyber security awareness.
Details