Search results

This paper aims to investigate the relationship of female participation in labor force with the cybersecurity maturity of nations and the enabling role of e-government development in moderating the same.

The authors have conducted fixed-effects regression using archival data for 149 countries taken from secondary sources. Furthermore, the authors have grouped the sample countries into four levels of cybersecurity maturity (unprepared, reactive, anticipatory and innovative) using clustering techniques, and studied the influence of their interest variables for individual groups.

Results show that female participation in labor force positively influences national cybersecurity maturity, and e-government development positively moderates the said relationship, thereby enabling the empowerment of women.

Encouraging broader participation of women in the labor force and prioritizing investments in e-government development are essential steps that organizations and governments may take to enhance a country’s cybersecurity maturity level.

This study empirically demonstrates the impact of the nuanced interplay between female participation in labor force and the e-government development of a nation on its cybersecurity maturity.

This study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can impact the cybersecurity of government entities in the Kingdom of Bahrain.

The authors used a quantitative and qualitative approach. The data were collected by conducting semi-structured interviews with the information technology experts in the Bahrain Government entities participating in the CTP. Also, quantitative data was obtained through a questionnaire distributed to relevant people in the information technology field.

The findings of this study suggest that the CTP had a significant impact on the cybersecurity assurance of the government entities that participated in the CTP; it increased the employees’ awareness, reduced the number of cyberattacks and optimized the available resources. The findings also highlighted the role of top management in the success of the implementation of the CTP. The results also ensure that the CTP’s maturity model affected the cybersecurity compliance of an organization and the implementation of cybersecurity policies and controls.

This study enhances cybersecurity researchers’ and practitioners’ understanding of the impact of the CTP and its components and evaluates its influence on Bahrain’s cybersecurity assurance.

This study implies that to achieve better cybersecurity, managers should focus on implementing the policies and controls provided by cybersecurity frameworks to enhance cybersecurity assurance.

The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.

Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.

Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.

This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.

The purpose of this paper is to propose a novel maturity model for health-care cloud security (M²HCS), which focuses on assessing cyber security in cloud-based health-care environments by incorporating the sub-domains of health-care cyber security practices and introducing health-care-specific cyber security metrics. This study aims to expand the domain of health-care cyber security maturity model by including cloud-specific aspects than is usually seen in the literature.

The intended use of the proposed model was demonstrated using the evaluation method – “construct validity test” as the paper’s aim was to assess the final model and the output of the valuation. The study involved a literature-based case study of a national health-care foundation trust with an overall view because the model is assessed for the entire organisation. The data were complemented by examination of hospitals’ cyber security internal processes through web-accessible documents, and identified relevant literature.

The paper provides awareness about how organisational-related challenges have been identified as a main inhibiting factor for the adoption of cloud computing in health care. Regardless of the remunerations of cloud computing, its security maturity and levels of adoption varies, especially in health care. Maturity models provide a structure towards improving an organisation’s capabilities. It suggests that although several cyber security maturity models and standards resolving specific threats exist, there is a lack of maturity models for cloud-based health-care security.

Due to the selected research method, the research results may lack generalizability. Therefore, future research studies can investigate the propositions further. Another is that the current thresholds were determined empirically, although it worked for the case study assessment. However, to establish more realistic threshold levels, there is a need for more validation of the model using more case studies.

The paper includes maturity model for the assessment management and improvement of the security posture of a health-care organisation actively using cloud. For executives, it provides a detailed security assessment of the eHealth cloud to aid in decision making. For security experts, its quantitative metrics support proactive and reactive processes.

The paper fulfils a recognised requirement for security maturity model focussed on health-care cloud. It could be extended to resolve evolving cyber settings.

The starting point for the considerations the authors make in this paper are the special features of family businesses in the area of management discussed in the literature. It has been established here that family businesses sometimes choose different organizational setups than nonfamily businesses. This has not yet been investigated for cybersecurity. In the context of cybersecurity, there has been little theoretical or empirical work addressing the question of whether the qualitative characteristics of family businesses have an impact on the understanding of cybersecurity and the organization of cyber risk defense in the companies. Based on theoretically founded hypotheses, a quantitative empirical study was conducted in German companies.

The article is based on a quantitative-empirical survey of 184 companies, the results of which were analyzed using statistical-empirical methods.

The article asked – based on the subjective perception of cybersecurity and cyber risks – to what extent family businesses are sensitized to the topic and what conclusions they draw from it. An interesting tension emerges: family businesses see their employees more as a security risk, but do less than nonfamily businesses in terms of both training and organizational establishment. Whether this is due to a lack of technical or managerial expertise, or whether family businesses simply think they can prevent cybersecurity with less formal methods such as trust, is open to conjecture, but cannot be demonstrated with the research approach taken here. Qualitative follow-up studies are needed here.

This paper represents the first quantitative survey on cybersecurity with a specific focus on family businesses. It shows tension between awareness, especially of risks emanating from employees, and organizational routines that have not been implemented or established.

The digital transformation under Industry 4.0 is complex and resource-intensive, making a strategic digitalization guideline vital to small and medium-sized enterprises' success in the Industry 4.0 transition. The present study aims to provide manufacturing small and medium-sized enterprises (SMEs) with a guideline for digital transformation success under Industry 4.0.

The study first performed a content-centric literature review to identify digital transformation success determinants. The study further implemented interpretive structural modeling to extract the order at which the success determinants should be present to facilitate the SMEs’ digital transformation success optimally. The interpretive model and interpretive logic knowledge base matrix were also used for developing the digital transformation guideline.

Eleven success determinants are vital to SMEs’ digital transformation efforts. For example, results revealed that external support for digitalization is the first step in ensuring digital transformation success among SMEs, while operations technology readiness is the most inaccessible success determinant.

The study highlights the degree of importance of the 11 success determinants identified, which magnifies each determinant's strategic priority based on its driving power and dependence power. Theorizing the dependent variable of “digital transformation success” and quantitatively measuring the extent to which each success determinant contributes to explaining “digital transformation success” offers an exciting opportunity for future research.

Digital transformation success phenomenon within the Industry 4.0 context is significantly different from the digitalization success concept within the traditional literature. The digital transformation under Industry 4.0 is immensely resource-intensive and complex. Smaller manufacturers must have specific capabilities such as change management and digitalization strategic planning capability to reach a certain degree of information, digital, operations and cyber maturity.

The digital transformation success guide developed in the study describes each success determinants' functionality in relation to other determinants and explains how they might contribute to the digital transformation success within the manufacturing sector. This guide enables smaller manufacturers to better understand the concept of manufacturing digital transformation under Industry 4.0 and devise robust strategies to steer their digital transformation process effectively.

This study aims to develop a framework for cybersecurity risk assessment in an organization. Existing cybersecurity frameworks are complex and implementation oriented. The framework can be systematically used to assess the strategic orientation of a firm with respect to its cybersecurity posture. The goal is to assist top-management-team with tailoring their decision-making about security investments while managing cyber risk at their organization.

A thematic analysis of existing publications using content analysis techniques generates the initial set of keywords of significance. Additional factor analysis using the keywords provides us with a framework comprising of five pillars comprising prioritize, resource, implement, standardize and monitor (PRISM) for assessing a firm’s strategic cybersecurity orientation.

The primary contribution is the development of a novel PRISM framework, which enables cyber decision-makers to identify and operationalize a tailored approach to address risk management and cybersecurity problems. PRISM framework evaluation will help organizations identify and implement the most tailored risk management and cybersecurity approach applicable to their problem(s).

The new norm is for companies to realize that data stratification in cyberspace extends throughout their organizations, intertwining their need for cybersecurity within business operations. This paper fulfills an identified need improve the ability of company leaders, as CIOs and others, to address the growing problem of how organizations can better handle cyber threats by using an approach that is a methodology for cross-organization cybersecurity risk management.

This study aims to examine whether the cyber supply chain risk management (CSCRM) practices adopted by manufacturing firms contribute to achieving cyber supply chain (CSC) visibility. Studies have highlighted the necessity of having visibility across interconnected supply chains. Thus, this study examines the extent of CSCRM practices enabling CSC visibility to act as a mediator in achieving CSC performance.

A survey method was used to obtain data from the electrical and electronics manufacturing firms registered with the Federations of Malaysian Manufacturers directory. Data from 130 respondents were analysed using IBM SPSS and PLS-SEM.

This study empirically proves a dedicated governance team's integral role in setting the security tone within its CSC. The result also confirms the significant role that CSC visibility plays in achieving CSC performance. As theorised in the literature, there is also a strong direct relationship between CSC visibility and CSC performance, assuring manufacturing firms that investments and policies devised to improve CSC visibility are fruitful.

The significance of supply chain visibility in an integrated supply chain is recognised and studied using analytical models, behavioural techniques and case studies. Substantial empirical evidence on the CSCRM practices which contributes towards achieving supply chain visibility is still elusive. This study's major contribution lies in identifying CSCRM practices that can contribute towards achieving CSC visibility, and the mediating role CSC visibility plays in achieving CSC performance.

This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices.

The socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced.

The results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment.

This research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation.

The application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.

The purpose of this research paper is to evaluate and estimate the cybersecurity maturity and awareness risk for workforce management in railway transportation by using Railway-Cybersecurity Capability Maturity Model (R-C2M2) and Information Security Awareness Capability Model (ISACM), respectively.

This research uses a case study strategy, so primary data comprise the majority of data collected. These data were collected through interviews and questionnaires. The secondary data were collected from the literature, technical reports and standards.

The results show that there is a gap in cybersecurity awareness within the workforce and there is a need to improve this gap. This paper provides some of the recommendations and literature to enhance cybersecurity workforce culture within railway organizations.

In this paper, the authors have demonstrated that cybersecurity awareness has positive impact on the overall dependability of the railway system.

This paper describes the importance of cybersecurity awareness and training in building more cyber resiliency across the operation and maintenance of railway.