Search results
1 – 10 of 312Ahmed Ali Otoom, Issa Atoum, Heba Al-Harahsheh, Mahmoud Aljawarneh, Mohammed N. Al Refai and Mahmoud Baklizi
The purpose of this paper is to present the educational computer emergency response team (EduCERT) framework, an integrated response mechanism to bolster national cybersecurity…
Abstract
Purpose
The purpose of this paper is to present the educational computer emergency response team (EduCERT) framework, an integrated response mechanism to bolster national cybersecurity through collaborative efforts in the higher education sector. The EduCERT framework addresses this gap by enhancing cyber security and mitigating cybercrime through collaborative incident management, knowledge sharing and university awareness campaigns.
Design/methodology/approach
The authors propose an EduCERT framework following the design science methodology. The framework is developed based on literature and input from focus group experts. Moreover, it is grounded in the principles of the technology-organization-environment framework, organizational learning and diffusion of innovations theory.
Findings
The EduCERT has eight components: infrastructure, governance, knowledge development, awareness, incident management, evaluation and continuous improvement. The framework reinforces national cybersecurity through cooperation between universities and the National Computer Emergency Response Team. The framework has been implemented in Jordan to generate a cybersecurity foundation for higher education. Evaluating the EduCERT framework’s influence on national cybersecurity highlights the importance of adopting comprehensive cyber-security policies and controls. The framework application shows its relevance, effectiveness, adaptability and alignment with best practices.
Research limitations/implications
Despite the impact of applying the framework in the Jordanian context, it is essential to acknowledge that the proposed EduCERT framework’s practical implementation may encounter challenges specific to diverse international educational environment sectors. However, framework customization for global applicability could address varied educational institutions in other countries.
Practical implications
Furthermore, the proposed EduCERT framework is designed with universal applicability that extends beyond the specific country’s context. The principles and components presented in the framework can serve as valuable design advice for establishing collaborative and resilient cybersecurity frameworks in educational settings worldwide. Therefore, the research enhances the proposed framework’s practical utility and positions it as an invaluable contribution to the broader discourse on global cybersecurity in academia.
Originality/value
This paper enhances national cybersecurity in the higher education sector, addressing the need for a more integrated response mechanism. The EduCERT framework demonstrates its effectiveness, adaptability and alignment with best practices, offering valuable guidance for global educational institutions.
Details
Keywords
Ifeyinwa Juliet Orji and Chukwuebuka Martinjoe U-Dominic
Cybersecurity has received growing attention from academic researchers and industry practitioners as a strategy to accelerate performance gains and social sustainability…
Abstract
Purpose
Cybersecurity has received growing attention from academic researchers and industry practitioners as a strategy to accelerate performance gains and social sustainability. Meanwhile, firms are usually prone to cyber-risks that emanate from their supply chain partners especially third-party logistics providers (3PLs). Thus, it is crucial to implement cyber-risks management in 3PLs to achieve social sustainability in supply chains. However, these 3PLs are faced with critical difficulties which tend to hamper the consistent growth of cybersecurity. This paper aims to analyze these critical difficulties.
Design/methodology/approach
Data were sourced from 40 managers in Nigerian 3PLs with the aid of questionnaires. A novel quantitative methodology based on the synergetic combination of interval-valued neutrosophic analytic hierarchy process (IVN-AHP) and multi-objective optimization on the basis of a ratio analysis plus the full multiplicative form (MULTIMOORA) is applied. Sensitivity analysis and comparative analysis with other decision models were conducted.
Findings
Barriers were identified from published literature, finalized using experts’ inputs and classified under organizational, institutional and human (cultural values) dimensions. The results highlight the most critical dimension as human followed by organizational and institutional. Also, the results pinpointed indigenous beliefs (e.g. cyber-crime spiritualism), poor humane orientation, unavailable specific tools for managing cyber-risks and skilled workforce shortage as the most critical barriers that show the highest potential to elicit other barriers.
Research limitations/implications
By illustrating the most significant barriers, this study will assist policy makers and industry practitioners in developing strategies in a coordinated and sequential manner to overcome these barriers and thus, achieve socially sustainable supply chains.
Originality/value
This research pioneers the use of IVN-AHP-MULTIMOORA to analyze cyber-risks management barriers in 3PLs for supply chain social sustainability in a developing nation.
Details
Keywords
Rodney Adriko and Jason R.C. Nurse
This study aims to offer insights into the state of research covering cybersecurity, cyber insurance and small- to medium-sized enterprises (SMEs). It examines benefits of…
Abstract
Purpose
This study aims to offer insights into the state of research covering cybersecurity, cyber insurance and small- to medium-sized enterprises (SMEs). It examines benefits of insurance to an SME’s security posture, challenges faced, and potential solutions and outstanding research questions.
Design/methodology/approach
Research objectives were formulated, and the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocol was used to perform a systematic literature review (SLR). A total of 19 papers were identified from an initial set of 451.
Findings
This research underscores the role of cybersecurity in the value proposition of cyber insurance for SMEs. The findings highlight the benefits that cyber insurance offers SMEs including protection against cyber threats, financial assistance and access to cybersecurity expertise. However, challenges hinder SME’s engagement with insurance, including difficulties in understanding cyber risk, lack of cybersecurity knowledge and complex insurance policies. Researchers recommend solutions, such as risk assessment frameworks and government intervention, to increase cyber insurance uptake/value to SMEs.
Research limitations/implications
There is a need for further research in the risk assessment and cybersecurity practices of SMEs, the influence of government intervention and the effectiveness of insurers in compensating for losses. The findings also encourage innovation to address the unique needs of SMEs. These insights can guide future research and contribute to enhancing cyber insurance adoption.
Originality/value
To the best of the authors’ knowledge, this is the first SLR to comprehensively examine the intersection of cybersecurity and cyber insurance specifically in the context of SMEs.
Details
Keywords
Ruti Gafni and Yair Levy
Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate…
Abstract
Purpose
Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate the role of AI in automating many of the routine tasks associated with cybersecurity. As such, AI enables cybersecurity personnel to reduce their workloads and focus on more strategic aspects of their work.
Design/methodology/approach
This study is an exploratory field study. The authors started by conducting a literature review to assess the possibility that AI tools can provide and how they can improve cybersecurity efficacy. Following this, the authors identified the specific core tasks for two cybersecurity work roles (technical and managerial) and searched for specific commercial tools that can perform each of the tasks. Then, the authors used the free ChatGPT 3.5 to list the current cybersecurity systems that use AI for the associated tasks, which the authors then reviewed with the tools’ documentation and websites to confirm these tasks were conducted or assisted by AI.
Findings
Results indicated that all 14 cybersecurity tasks of the technical work role are currently noted to be performed by commercial cybersecurity systems with AI-integrated capabilities, while only 11 of the 17 managerial work role tasks currently appear to be performed by AI.
Practical implications
The rapid integration of AI capabilities into commercial cybersecurity systems may suggest that the cybersecurity workforce must be currently trained on how to use AI tools in their daily operations, especially as it pertains to technical cybersecurity work roles.
Social implications
The cybersecurity workforce shortage is reported to exceed four million cybersecurity workers worldwide in 2023. Thus, further understanding of the role of AI in improving the efficiency of technical and managerial cybersecurity tasks is significant.
Originality/value
The value of this research lies in the initial assessment of the current AI capabilities of commercial cybersecurity systems, which will ultimately provide the “super-human” performances resulting from human-AI teaming.
Details
Keywords
Data breaches in the US healthcare sector have more than tripled in the last decade across all states. However, to this day, no established framework ranks all states from most to…
Abstract
Purpose
Data breaches in the US healthcare sector have more than tripled in the last decade across all states. However, to this day, no established framework ranks all states from most to least at risk for healthcare data breaches. This gap has led to a lack of proper risk identification and understanding of cyber environments at state levels.
Design/methodology/approach
Based on the security action cycle, the National Institute of Standards and Technology (NIST) cybersecurity framework, the risk-planning model, and the multicriteria decision-making (MCDM) literature, the paper offers an integrated multicriteria framework for prioritization in cybersecurity to address this lack and other prioritization issues in risk management in the field. The study used historical breach data between 2015 and 2021.
Findings
The findings showed that California, Texas, New York, Florida, Indiana, Pennsylvania, Massachusetts, Minnesota, Ohio, and Georgia are the states most at risk for healthcare data breaches.
Practical implications
The findings highlight each US state faces a different level of healthcare risk. The findings are informative for patients, crucial for privacy officers in understanding the nuances of their risk environment, and important for policy-makers who must grasp the grave disconnect between existing issues and legislative practices. Furthermore, the study suggests an association between positioning state risk and such factors as population and wealth, both avenues for future research.
Originality/value
Theoretically, the paper offers an integrated framework, whose basis in established security models in both academia and industry practice enables utilizing it in various prioritization scenarios in the field of cybersecurity. It further emphasizes the importance of risk identification and brings attention to different healthcare cybersecurity environments among the different US states.
Details
Keywords
This chapter reviews possible regulatory updates needed to address the four general challenges arising from digitalization of financial services, regardless of the business models…
Abstract
This chapter reviews possible regulatory updates needed to address the four general challenges arising from digitalization of financial services, regardless of the business models of the financial services providers. These challenges are customers' data rights, artificial intelligence (AI) ethics, cybersecurity and financial exclusion.
Details
Keywords
This chapter examines the world of risk management within fintech. It initiates by emphasizing the crucial role of technology and risk assessment in shaping the fintech landscape…
Abstract
This chapter examines the world of risk management within fintech. It initiates by emphasizing the crucial role of technology and risk assessment in shaping the fintech landscape. It discusses various risk categories prevalent in fintech operations, elucidating the nuances of technology, operational, compliance, strategic, and reputational risks. A comparative analysis across different fintech sub-sectors unveils their distinct risk profiles. The narrative extends to proactive risk management frameworks, contrasting prominent models like the COSO ERM, FAIR Risk Quantification, and NIST Cybersecurity Frameworks. Integral defense measures are scrutinized, encompassing data encryption, access controls, vulnerability assessments, and incident response plans. This chapter underscores the significance of building operational resilience through robust technology infrastructure, regular system updates, disaster recovery planning, and business continuity measures. Ultimately, this chapter culminates in a comprehensive summary, offering pragmatic recommendations to fortify technology risk management in fintech.
Details
Keywords
This paper aims to explore the cybersecurity challenges the electric power industry faces due to its increased reliance on digital supply chains (DSCs), focusing on the…
Abstract
Purpose
This paper aims to explore the cybersecurity challenges the electric power industry faces due to its increased reliance on digital supply chains (DSCs), focusing on the procurement phase.
Design/methodology/approach
This study uses qualitative methods, with 17 semi-structured interviews conducted among industry participants to delve deep into the challenges and potential solutions. The Gioia methodology was applied to analyse the interview data. The ecosystem and procurement theory is used to understand the interconnectedness and vulnerabilities within the electric power industry’s DSC.
Findings
Three aggregated dimensions were identified: cybersecurity, risk management and supplier tensions. Key findings suggest the importance of precise cybersecurity requirements, continuous monitoring, engagement with all supply chain actors and adaptability to emerging threats.
Practical implications
This paper presents a framework to systematically address and mitigate cybersecurity risks in the DSC. Combining theoretical foundations with reasonable measures can significantly enhance cybersecurity resilience. By implementing these guidelines, organisations can foster collaboration across the supply chain, maintain regulatory compliance and continually adapt to the evolving threat landscape.
Originality/value
The paper is based on unique interview data from actors in the electric power industry. It presents a new framework for managing cybersecurity in DSCs, underpinned by the theoretical lenses of ecosystems and procurement.
Details
Keywords
Jayashree Roul, Lalita Mohan Mohapatra, Ashok Kumar Pradhan and A.V.S. Kamesh
The objective of this study is to analyse the integration of technology in Human Resources Management (HRM) with a special focus on Artificial Intelligence (AI), Machine Learning…
Abstract
Purpose
The objective of this study is to analyse the integration of technology in Human Resources Management (HRM) with a special focus on Artificial Intelligence (AI), Machine Learning (ML), Internet of Things (IoT) and Big Data.
Design/methodology/approach
This study aims to contribute to the understanding of these trends by conducting a thorough bibliometric analysis using the Scopus database, encompassing research on HRM and Technology from 1991 to 2022. By employing citation analysis, co-citation analysis and co-word analysis, the study uncovers key patterns and trends in the field.
Findings
The findings indicate that AI, Big Data and ML are the focal points of research when exploring the intersection of Technology and HRM. These technologies offer promising prospects for enhancing Human Resource processes, such as Talent Acquisition, Performance Management and Employee Engagement.
Research limitations/implications
In our study, we showcase the practical implications that offer guidance for HR researchers and professionals, enabling them to make informed decisions regarding the adoption and implementation of Information Technology.
Practical implications
This research can provide valuable insights to HR managers on the use of cutting-edge technology in HRM. It aims to enhance the manager’s awareness of how technology-enabled HRM can improve HR performance.
Originality/value
This study adds to the existing body of knowledge on how Modern Technology empowers HRM. It also proposes a conceptual framework for the use of Modern Technology along with Strategic Management and Knowledge Management to improve Human Resource Performance.
Details