Search results

The purpose of this paper is to position the preservation and protection of intellectual capital as a cyber security concern. The paper outlines the security requirements of intellectual capital to help boards of directors (BoDs) and executive management teams to understand their responsibilities and accountabilities in this respect.

The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital and to outline actions to be taken by BoDs to do so.

Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance and merits attention from BoDs.

This paper clarifies BoDs intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.

The authors hope that BoDs will benefit from the clarifications, and especially from the positioning of intellectual capital in cyber space.

If BoDs know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.

This paper extends a previous paper published by Von Solms and Von Solms, which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from security researchers.

For many innovative organisations, Industry 4.0 paves the way for significant operational efficiencies, quality of goods and services and cost reductions. One of the ways to realise these benefits is to embark on digital transformation initiatives that may be summed up as the intelligent interconnectivity of people, processes, data and cyber-connected things. Sadly, this interconnectivity between the enterprise information technology (IT) and industrial control systems (ICS) environment introduces new attack surfaces for critical infrastructure (CI) operators. As a result of the ICS cybersecurity risk introduced by the interconnectivity between the enterprise IT and ICS networks, the purpose of this study is to identify the cybersecurity capabilities that CI operators must have to attain good cybersecurity resilience.

A scoping literature review of best practice international CI protection frameworks, standards and guidelines were conducted. Similar cybersecurity practices from these frameworks, standards and guidelines were grouped together under a corresponding National Institute of Standards and Technology (NIST) cybersecurity framework (CF) practice. Practices that could not be categorised under any of the existing NIST CF practices were considered new insights, and therefore, additions.

A CI cybersecurity capability framework comprising 29 capability domains (cybersecurity focus areas) was developed as an adaptation of the NIST CF with an added dimension. This added dimension emphasises cloud computing and internet of things (IoT) security. Each of the 29 cybersecurity capability domains is executed through various capabilities (cybersecurity processes and procedures). The study found that each cybersecurity capability can further be operationalised by a set of cybersecurity controls derived from various frameworks, standards and guidelines, such as COBIT®, CIS®, ISA/IEC 62443, ISO/IEC 27002 and NIST Special Publication 800-53.

CI sectors are immediately able to adopt the CI cybersecurity capability framework to evaluate their levels of resilience against cyber-attacks, given new attack surfaces introduced by the interconnectivity of cyber-connected things between the enterprise and ICS levels.

The authors present an added dimension to the NIST framework for CI cyber protection. In addition to emphasising cryptography, IoT and cloud computing security aspects, this added dimension highlights the need for an integrated approach to CI cybersecurity resilience instead of a piecemeal approach.

Intellectual capital (IC) cyber security is a priority in all organizations. Because of the dearth in IC cyber security (ICCS) research theories and the constant call to theory building, this study proposes a theory of ICCS drawing upon tested empirical data of information systems security (ISS) theory in Lebanon.

After a pilot test, the authors tested the newly developed ISS theory using a field study consisting of 187 respondents, representing many industries, thus contributing to generalizability. ISS theory is used as a proxy for the development of ICCS theory.

Based on a review of the literature from the past three decades in the information systems (IS) discipline and a discovery of the partial yet significant relevance of ISS literature to ICCS, this study succinctly summarized the antecedents and independent variables impacting security compliance behavior, putting the variables into one comprehensive yet parsimonious theoretical model. This study shows the theoretical and practical relevancy of ISS theory to ICCS theory building.

This paper highlights the importance of ISS compliance in the context of ICCS, especially in the area of spoken knowledge in environments containing Internet-based security devices.

This research article is original, as it presents the theory of ICCS, which was developed by drawing upon a comprehensive literature review of the IS discipline and finding the bridges between the security of both IS and IC.

This study is an exploration of areas pertaining to the use of production data in non-production environments. During the software development life cycle, non-production environments are used to serve various purposes to include unit, component, integration, system, user acceptance, performance and configuration testing. Organisations and third parties have been and are continuing to use copies of production data in non-production environments. This can lead to personal and sensitive data being accidentally leaked if appropriate and rigorous security guidelines are not implemented. This paper aims to propose a comprehensive framework for minimising data leakage from non-production environments. The framework was evaluated using guided interviews and was proven effective in helping organisation manage sensitive data in non-production environments.

Authors conducted a thorough literature review on areas related to data leakage from non-production systems. By doing an analysis of advice, guidelines and frameworks that aims at finding a practical solution for selecting and implementing a de-identification solution of sensitive data, the authors managed to highlight the importance of all areas related to sensitive data protection. Based on these areas, a framework was proposed which was evaluated by conducting set of guided interviews.

This paper has researched the background information and produced a framework for an organisation to manage sensitive data in its non-production environments. This paper presents a proposed framework that describes a process flow from the legal and regulatory requirements to data treatment and protection, gained through understanding the organisation’s business, the production system, the purpose and the requirements of the non-production environment. The paper shows that there is some conflict between security and perceived usability, which may be addressed by challenging the perceptions of usability or identifying the compromise required. Non-production environments need not be the sole responsibility of the IT section, they should be of interest to the business area that is responsible for the data held.

This paper proposes a simplified business model and framework. The proposed model diagrammatically describes the interactions of elements affecting the organisation. It highlights how non-production environments may be perceived as separate from the business systems, but despite the perceptions, these are still subject to the same legal requirements and constraints. It shows the interdependency of data, software, technical infrastructure and human interaction and how the change of one element may affect the others. The proposed framework describes the process flow and forms a practical solution in assisting the decision-making process and providing documentary evidence for assurance and audit purposes. It looks at the requirements of the non-production system in relation to the legal and regulatory constraints, as well as the organisational requirements and business systems. The impact of human factors on the data is also considered to bring a holistic approach to the protection of non-production environments.

The Journal of Intellectual Capital (JIC) is one of the leading academic journals in the field of business and management, with an impact factor of 3.744, according to Journal Citation Reports from Clarivate Analytics, 2019. This study reports the results of a content analysis of the JIC articles that have been published since the journal was founded in 2000, in order to highlight its significant contribution and identify potential future research avenues within the business and management field.

Scopus database, complemented by the Web of Science (WOS) Core Collection, was used. Furthermore, this study graphically maps over 20 years' worth of bibliographic material, using the visualization of similarities (VOS) to present an overview of the journal and identify future research avenues.

The paper provides an overview of a total of 700 articles and editorial notes, authored by leading authors from various universities, as well as collating the research themes explored during the 20 year period between 2000 and 2019. The prestigious positioning of this journal is evidenced both through the increasing number of citations received from other highly regarded journals and through its impact upon the establishment of new streams of research.

By applying a bibliometric analysis, this paper offers an overview of past and current themes on intellectual capital (IC).

This article delivers an in-depth and rigorous analysis of the fields and research streams interrogated by the JIC over the last 20 years and offers potential topics for future research, which could stimulate authors and inspire advancements in research for years to come.

The threat of future biological attacks within the United States forces the additional responsibility of preparedness and response onto health care managers. An endless amount of information on this topic can be readily obtained from a variety of sources. The purpose of this resource guide is to provide health care managers with a well-organized, up-to-date listing of credible sources that can be accessed electronically. This resource guide is designed to facilitate the retrieval of relevant information that is crucial in the process of health care managers designing a bioterrorism preparedness and response plan.

The implications of a bioterrorist attack within the United States were well observed in the 2001 anthrax attacks. The effects of these attacks were not only felt by the primary victims but also reached into communities and health care organizations that treated patients. The concerns for future attacks have spurred an enormous amount of interest and forced health care administrators to implement safety measures and develop plans encompassing preparedness and response. With respect to this topic, a major problem facing health care managers is the ability to obtain relevant, up-to-date, reliable information.

Many health care managers are aware of the endless amount of resources that are available pertaining to preparedness and response planning. It should also be noted that the information concerning bioterrorism rapidly changes and the available information can be overwhelming. To that end, the authors have compiled an array of selected websites that provide excellent, up-to-date, and unique resources in attempts to facilitate the gathering of knowledge and make that experience more efficient.

The objective of the following resource guide is to provide a comprehensive list of topics in a “user-friendly” format that can be obtained electronically. To facilitate information retrieval, electronic resources have been categorized according to topic. For example, up-to-date information concerning the multitude of biological agents can be obtained by using the links contained within the biological agents category. Under this topic heading you will find a listing of important resources. Each listing contains a heading that identifies the sponsoring organization, a short explanation of information and materials that can be expected, and a web address identifying its location.

The authors’ compilation was not intended to be exhaustive nor do the authors necessarily endorse or warrant the reliability of the information/products. Websites may change regularly; please visit www.bioterrorism@ba.ttu.edu to obtain an electronic version of this resource guide and for updates to web addresses.

As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting human-factor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment.

A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques.

Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce.

The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies.

This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.

The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure.

This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems.

The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements.

This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.

To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.

The authors gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. They conducted interviews with key stakeholders in Australian universities in order to validate these links.

The authors’ investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.

There is a need to acknowledge the different roles played by actors within the university and the relevance of information security to IC-related preservation.

Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.

This is one of the first studies to explore the connections between data and information security and the three core components of IC's knowledge security in the university context.