Search results

The transformation of the United Arab Emirates (UAE) into an important global economic player has been accompanied by digitalization that has also left it at a risk to cybercrime. Concurrent with the rise in technology use, the UAE fast became one of the most targeted countries in the world. The purpose of this paper is to discuss how the UAE has tried to cope with accelerating levels of cyber threat using legislative and regulatory efforts as well as public- and private-sector initiatives meant to raise cybersecurity awareness.

The paper surveys the UAE’s cybersecurity legislative, regulatory and educational initiatives from 2003 to 2019.

Because the human factor still remains the number one reason for security breaches, robust cyber laws alone are not enough to protect against cyber threats. Building public awareness and educating internet users about cyber risks and safety have become essential components of the UAE's efforts in building a more secure cyber environment for the country.

The paper relies on English-language translations of primary sources (laws) originally in Arabic, as well as English-language studies from local media. This should not be considered a problem, as English is established as the language of business and commerce in the UAE.

The paper provides a detailed overview of the country’s cybersecurity environment to guide and aide practitioners with risk assessment and legal and regulatory compliance.

The paper presents a comprehensive overview of the UAE’s cybersecurity legislative, regulatory and educational environment. It also surveys government and private sector initiatives directed in protecting the country’s cyberspace.

Cybersecurity advocates safeguard their organizations by promoting security best practices. This paper aims to describe the skills and characteristics of successful advocates.

This study involved 28 in-depth interviews of cybersecurity advocates.

Effective advocates possess not only technical acumen but also interpersonal skills, communication skills context awareness and a customer service orientation.

Non-technical skills are deemphasized in cybersecurity training, limiting career progression into the cybersecurity advocate role for existing security professionals and those from other disciplines. This paper suggests improvements for professional development that encourage greater security workforce diversity.

To the best of the authors’ knowledge, this study is the first to define and enumerate competencies for the role of cybersecurity advocate.

The impact of stress on personal and work-related outcomes has been studied in the information systems (IS) literature across several professions. However, the cybersecurity profession has received little attention despite numerous reports suggesting stress is a leading cause of various adverse professional outcomes. Cybersecurity professionals work in a constantly changing adversarial threat landscape, are focused on enforcement rather than compliance, and are required to adhere to ever-changing industry mandates – a work environment that is stressful and has been likened to a war zone. Hence, this literature review aims to reveal gaps and trends in the current extant general workplace and IS-specific stress literature and illuminate potentially fruitful paths for future research focused on stress among cybersecurity professionals.

Using the systematic literature review process (Okoli and Schabram, 2010), the authors examined the current IS research that studies stress in organizations. A disciplinary corpus was generated from IS journals and conferences encompassing 30 years. The authors analyzed 293 articles from 21 journals and six conferences to retain 77 articles and four conference proceedings for literature review.

The findings reveal four key research opportunities. First, the demands experienced by cybersecurity professionals are distinct from the demands experienced by regular information technology (IT) professionals. Second, it is crucial to identify the appraisal process that cybersecurity professionals follow in assessing security demands. Third, there are many stress responses from cybersecurity professionals, not just negative responses. Fourth, future research should focus on stress-related outcomes such as employee productivity, job satisfaction, job turnover, etc., and not only security compliance among cybersecurity professionals.

This study is the first to provide a systematic synthesis of the IS stress literature to reveal gaps, trends and opportunities for future research focused on stress among cybersecurity professionals. The study presents several novel trends and research opportunities. It contends that the demands experienced by cybersecurity professionals are distinct from those experienced by regular IT professionals and scholars should seek to identify the key characteristics of these demands that influence their appraisal process. Also, there are many stress responses, not just negative responses, deserving increased attention and future research should focus on unexplored stress-related outcomes for cybersecurity professionals.

The purpose of this study is to investigate whether having accessible cybersecurity programs (CPs) for high-school students affected girls’ long-term engagement with the industry, given that they already had interests in technology. Although much research has been done to evaluate how high-school science, technology, engineering, and mathematics programs retain girls in computing fields, it is necessary to see if this same long-term engagement exists in cybersecurity-specific programs.

In total, 55 members were surveyed from the aspirations in computing community regarding their experience in and accessibility to high-school CPs. A quantitative analysis of such responses was then undertaken using inferential statistical tools and chi-squared tests for independence.

The results showed that the existence of CPs alone are not influential factors in increasing long-term engagement with the field, showcasing that the high-knowledge barrier of CPs affects many students (even those with prior interests in technology). Instead, by having multiple occurrences of these programs and providing more cybersecurity resources to areas that lacked them, girls were more likely to report an increased interest in the field.

Such information can support future program leaders to develop effective, accessible and more targeted cybersecurity initiatives for students of various communities.

By analyzing the unique interactions of tech-aspiring women with cybersecurity, this exploration was able to demonstrate that women of different computing experiences face a shared barrier when entering the cybersecurity field. Likewise, in comparing these perspectives across different age groups, the investigation highlighted the development and subsequent growth of cybersecurity programming over the years and why such initiatives should be supported into the future.

This study aims to identify factors impacting female underrepresentation among cybersecurity professionals in Sri Lanka.

The study is based on survey data from 75 female professionals working in the cybersecurity sector of Sri Lanka. Partial least squares structural equation modelling was used to analyse the data.

Results showed that female self-efficacy on their capabilities, family, organisational culture, mentors and role model act as antecedents for women’s perceived motivation to select cybersecurity as a career option.

The study advances the literature on workforce gaps in the cybersecurity sector and claims that there is no single factor causing significant female underrepresentation in the cybersecurity industry. While clarifying the complexity of such factors, the study presents how such factors can systematise to attract females into the cybersecurity field.

The purpose of this study is to analyze the cybersecurity assurance approaches to determine the key issues and weaknesses within the internal audit and risk management perspective. Organizations increasingly rely on digital data to drive their growth and they are interconnected in a complex web to a multitude of stakeholders.

In this paper, cybersecurity is defined, and cybersecurity assurance model is explained based on the relevant literature. In addition, the role of internal auditing is introduced within this new business landscape. Finally, recommendations are made to provide best practices for stakeholders.

There are four major cyber-focused standards and frameworks in the current literature, namely, Control Objectives for Information and Related Technology, International Organization for Standardization, The American Institute of Certified Public Accountants and National Institute of Standards and Technology. In addition, there are many mechanisms in existence and operation currently which support cybersecurity assurance to prevent major threats. These include risk assessment, risk treatment, risk management, security assurance and auditing.

Cyber risk is not something that can be avoided; instead, it must be managed. Hence, it is very important to maintain formal documentation on related cyber controls. Internal audit should be an integral part of cybersecurity assurance process, as internal audit have a unique position to look across organizations. The contribution of internal audit also provides comfort to the Board and Audit Committee.

A model is introduced how the internal audit and information security functions could work together to support organizations accomplish a cost-effective level of information security. The key issues and approaches are explained for how to become a trusted cybersecurity advisor and a sample cybersecurity awareness program checklist is provided at Appendix 1.

Considering cybersecurity threats grow with speed, complexity, and impact, organizations are no longer satisfied with an answer to a question like “are we secure?” instead, they need the answer for such a question like “how to give a reasonable assurance that our business will be secure enough?”. In that respect, the role of internal audit is discussed based on the relevant literature and the current condition of the business environment.

A model is introduced how the internal audit and information security functions could work together to support organizations accomplish a cost-effective level of information security. The key issues and approaches are explained for how to become a trusted cybersecurity advisor and a sample cybersecurity awareness program checklist is provided at Appendix 1.

This paper aims to inform policymakers about key artificial intelligence (AI) technologies, risks and trends in national AI strategies. It suggests a framework of social governance to ensure emergence of safe and beneficial AI.

The paper is based on approximately 100 interviews with researchers, executives of traditional companies and startups and policymakers in seven countries. The interviews were carried out in January-August 2017.

Policymakers still need to develop an informed, scientifically grounded and forward-looking view on what societies and businesses might expect from AI. There is lack of transparency on what key AI risks are and what might be regulatory approaches to handle them. There is no collaborative framework in place involving all important actors to decide on AI technology design principles and governance. Today's technology decisions will have long-term consequences on lives of billions of people and competitiveness of millions of businesses.

The research did not include a lot of insights from the emerging markets.

Policymakers will understand the scope of most important AI concepts, risks and national strategies.

AI is progressing at a very fast rate, changing industries, businesses and approaches how companies learn, generate business insights, design products and communicate with their employees and customers. It has a big societal impact, as – if not designed with care – it can scale human bias, increase cybersecurity risk and lead to negative shifts in employment. Like no other invention, it can tighten control by the few over the many, spread false information and propaganda and therewith shape the perception of people, communities and enterprises.

This paper is a compendium on the most important concepts of AI, bringing clarity into discussions around AI risks and the ways to mitigate them. The breadth of topics is valuable to policymakers, students, practitioners, general executives and board directors alike.

With almost 95% of employers in the tech space experiencing a skills shortage, it is vital that IT consultants act now to futureproof their own skillsets to ensure they can provide business support services in the future. This paper aims to outline precisely how consulting businesses can overcome this industry challenge.

The author draws on his first-hand industry experience and third-party research to highlight how IT consultancy firms can futureproof operations and safeguard against major skills shortages.

During the course of research, three key industry challenges were uncovered and addressed. These provide the basis of the paper and focus on intelligent automation to transform operations, the reallocation of resources to support hybrid working and evergreen cloud automation supported by Managed Services Providers to mitigate against cybersecurity risk.

This paper aims to guide IT consulting businesses seeking to counteract industry challenges by ensuring a strong digital infrastructure. The desired outcome of this paper is to encourage businesses to take the necessary next steps to become digitally mature enough to bridge the skills divide.

This paper comes during a period when businesses are being negatively impacted by supply chain shortages and economic downturn, as well as skill shortages. It provides a digestible checklist of the support that comes from a strong digital backbone and how this will help IT consulting businesses address the future of work challenges today.

To better understand the current state of world economic competitiveness as well as the challenges and opportunities both present and emerging for national economies, the IBM Institute for Business Value (IBV) 10;surveyed top executives on a range of topics related to their organizations’ and their nations’ successes.

More than 2,700 C-level executives across the 12 largest national economies were surveyed in collaboration with Oxford Economics.

•9;90 percent of executives cite skilled labor availability and quality as a critical factor for their organization when considering expansion into new markets. 10;•9;54 percent of executives say cyber threats are among the biggest strategic risks for their nation’s economy in the next five years. 10;•9;120 million workers in the world’s 12 largest economies may need to be retrained/reskilled in the next three years as a result of intelligent/AI-enabled automation. 10;

By a wide margin, regulatory risk and cyber threats dominate the attention of business and other leaders as primary risks to their respective economies.

The future success of national economies is heavily dependent upon ecosystem partners working together to develop and maintain a skilled workforce across regional labor markets.

Based on the responses, the researches recommend a focus on developing and maintaining the workforce skills required to realize value from intelligent automation and other emerging technologies.As intelligent automation and other disruptions continue to redefine industries, the types of skills these industries require are also evolving. 10;

There is an increasing interest in the supply chain’s digitalization, yet the topic is still in the preliminary stages of academic research. The academic literature has no consensus and is still limited to research assessing the supply chain’s digitalization of organizations. This study aims to explore the supply chain digitalization drivers to understand the emerging phenomena. More specifically, the authors devised from the literature the most common factors in assessing the readiness in scaling supply chain digitalization.

This study followed a five-phased systematic literature review (SLR) methodology in this research: designing, analyzing, conducting, writing and assessing the quality of the review. The SLR is beneficial for justifying future research regardless of the complex process that requires dealing with high-level databases, information filtering and relevancies of the content. Through analysis of 347 titles and abstracts and 40 full papers, the authors showed and discussed the supply chain digitalization: transformation factors.

The results generated three main themes: technology, people and processes. The study also generated ten subthemes/primary drivers for assessing the readiness for supply chain digitalization in organizations: IT infrastructure, cybersecurity systems, digitalization reskilling and upskilling, digitalization culture, top management support, digitalization and innovation strategy, integrated supply chain, digital innovation management, big data management and data analytics and government regulations. The importance of each factor was discussed, and future research agenda was presented.

While the key drivers of the supply chain digitalization were identified, there is still a need to study the statistical correlation to confirm the interrelationships among factors. This study is also limited by the articles available in the databases and content extraction.

This study supports decision-makers in understanding the critical drivers in digitalizing the supply chain. Once these factors are studied and comprehended, managers and decision-makers could better anticipate and allocate the proper resources to embark on the digitalization journey and make informed decisions.

The digitalization of the supply chain is more critical nowadays due to the global disruptions caused by the Coronavirus (COVID-19) pandemic and the surge of organizations moving toward the digital economy. There is a gap between the digital transformation pilot studies and implementation. The themes and factors unearthed in this study will serve as a foundation and guidelines for further theoretical research and practical implications.