Search results

1 – 10 of over 1000
Article
Publication date: 16 January 2024

Călin Mihail Rangu, Leonardo Badea, Mircea Constantin Scheau, Larisa Găbudeanu, Iulian Panait and Valentin Radu

In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented…

Abstract

Purpose

In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.

Design/methodology/approach

The authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.

Findings

The study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.

Research limitations/implications

This research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.

Practical implications

Proposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.

Originality/value

The study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.

Details

The Journal of Risk Finance, vol. 25 no. 2
Type: Research Article
ISSN: 1526-5943

Keywords

Article
Publication date: 7 September 2023

Zainab Batool Rizvi, Chaudry Bilal Ahmad Khan and Michael O’Sullivan

This paper aims to explore key management actions for implementing security on the cloud, which is a critical issue as many organizations are moving business processes and data on…

Abstract

Purpose

This paper aims to explore key management actions for implementing security on the cloud, which is a critical issue as many organizations are moving business processes and data on it. The cloud is a flexible, low cost and highly available technology, but it comes with increased complexity in maintaining the cloud consumer’s security. In this research, a model was built to assist strategic decision-makers in choosing from a diverse range of actions that can be taken to manage cloud security.

Design/methodology/approach

Published research from 2010 to 2022 was reviewed to identify alternatives to management actions pertaining to cloud security. Analytical hierarchical process (AHP) was applied to rate the most important action(s). For this, the alternatives, along with selection criteria, were summarized through thematic analysis. To gauge the relative importance of the alternatives, a questionnaire was distributed among cloud security practitioners to poll their opinion. AHP was then applied to the aggregated survey responses.

Findings

It was found that the respondents gave the highest importance to aligning information security with business needs. Building a cloud-specific risk management framework was rated second, while the actions: enforce and monitor contractual obligations, and update organizational structure, were rated third and fourth, respectively.

Research limitations/implications

The research takes a general view without catering to specialized industry-based scenarios.

Originality/value

This paper highlights the role of management actions when implementing cloud security. It presents an AHP-based multi-criteria decision-making model that can be used by strategic decision-makers in selecting the optimum mode of action. Finally, the criteria used in the AHP model highlight how each alternative contributes to cloud security.

Article
Publication date: 1 March 2024

Mohan Thite and Ramanathan Iyer

Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information…

Abstract

Purpose

Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information technology (IT)-centric solutions to secure and strengthen their information security ecosystem. Unfortunately, they pay little attention to human resource management (HRM) solutions. This paper aims to address this gap and proposes an actionable human resource (HR)-centric and artificial intelligence (AI)-driven framework.

Design/methodology/approach

The paper highlights the dangers posed by insider threats and presents key findings from a Leximancer-based analysis of a rapid literature review on the role, nature and contribution of HRM for information security, especially in addressing insider threats. The study also discusses the limitations of these solutions and proposes an HR-in-the-loop model, driven by AI and machine learning to mitigate these limitations.

Findings

The paper argues that AI promises to offer many HRM-centric opportunities to fortify the information security architecture if used strategically and intelligently. The HR-in-the-loop model can ensure that the human factors are considered when designing information security solutions. By combining AI and machine learning with human expertise, this model can provide an effective and comprehensive approach to addressing insider threats.

Originality/value

The paper fills the research gap on the critical role of HR in securing and strengthening information security. It makes further contribution in identifying the limitations of HRM solutions in info security and how AI and machine learning can be leveraged to address these limitations to some extent.

Details

Personnel Review, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 0048-3486

Keywords

Article
Publication date: 7 July 2022

Anuj Gupta, Arjun Chakravorty, Neha Garg and Pankaj Singh

Though the concept of work engagement has been extensively explored in the academic literature, however, with engagement levels declining globally – causing hike in undesired…

Abstract

Purpose

Though the concept of work engagement has been extensively explored in the academic literature, however, with engagement levels declining globally – causing hike in undesired employee attitudes and behaviours – there is a need to revisit its antecedents and consequences that bear higher current relevance. Within the context of the Indian information technology (IT) sector, this study aims to explore the role of job security and value congruence as two critical antecedents which not only lead to increased engagement levels but also consequently yield the enhanced perception of change, amplified general life satisfaction and reduced intent to leave among employees.

Design/methodology/approach

Data were collected from 363 software developers (SDs) in India using the survey questionnaire method and structured equation modelling was used to test the proposed measurement and structural model. The results supported the proposed hypotheses and confirmed the role of work engagement as a mediator between the studied antecedents and consequences.

Findings

Results from a study of 363 SDs across India support the proposed hypotheses and confirm the role of work engagement as a mediator between the studied antecedents and consequences.

Research limitations/implications

This study was cross-sectional; therefore, caution is necessary while making any causal inferences. Further work based on longitudinal data would strengthen these findings.

Practical implications

The findings of the study will provide the decision-makers of IT companies with tools to increase engagement among SDs thereby increasing favorable outcomes for organizations and individual employees in the current times.

Originality/value

The study establishes job security and value congruence, as two critical yet cost-effective measures that today’s organization need to integrate into its human resources functions not just to boost employee engagement levels but also to control spiraling costs due to unintended turnover, employee’s resistance of organizational changes and employee ill-being. Future research avenues and practical implications have been discussed.

Details

Global Knowledge, Memory and Communication, vol. 73 no. 3
Type: Research Article
ISSN: 2514-9342

Keywords

Article
Publication date: 19 July 2023

Hamid Reza Nikkhah, Varun Grover and Rajiv Sabherwal

This study aims to argue that user’s continued use behavior is contingent upon two perceptions (i.e. the app and the provider). This study examines the moderating effects of…

Abstract

Purpose

This study aims to argue that user’s continued use behavior is contingent upon two perceptions (i.e. the app and the provider). This study examines the moderating effects of user’s perceptions of apps and providers on the effects of security and privacy concerns and investigate whether assurance mechanisms decrease such concerns.

Design/methodology/approach

This study conducts a scenario-based survey with 694 mobile cloud computing (MCC) app users to understand their perceptions and behaviors.

Findings

This study finds that while perceived value of data transfer to the cloud moderates the effects of security and privacy concerns on continued use behavior, trust only moderates the effect of privacy concerns. This study also finds that perceived effectiveness of security and privacy intervention impacts privacy concerns but does not decrease security concerns.

Originality/value

Prior mobile app studies mainly focused on mobile apps and did not investigate the perceptions of app providers along with app features in the same study. Furthermore, International Organization for Standardization 27018 certification and privacy policy notification are the interventions that exhibit data assurance mechanisms. However, it is unknown whether these interventions are able to decrease users’ security and privacy concerns after using MCC apps.

Details

Information & Computer Security, vol. 32 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Open Access
Article
Publication date: 1 June 2023

Edward Ayebeng Botchway, Kofi Agyekum, Hayford Pittri and Anthony Lamina

This study explores the importance of and vulnerabilities in deploying physical access control (PAC) devices in a typical university setting.

Abstract

Purpose

This study explores the importance of and vulnerabilities in deploying physical access control (PAC) devices in a typical university setting.

Design/methodology/approach

The study adopts face-to-face and telephone interviews. This study uses a semi-structured interview guide to solicit the views of 25 interviewees on the subject under consideration. Qualitative responses to the interview are thematically analyzed using NVivo 11 Pro analysis application software.

Findings

The findings reveal five importance and seven vulnerabilities in the deployment of PAC devices in the institution. Key among the importance of deploying the devices are “prevent unwanted premise access or intrusions,” “prevent disruptions to university/staff operations on campus” and “protect students and staff from outside intruders.” Key among the identified vulnerabilities are “tailgating”, “delay in emergent cases” and “power outage may affect its usage.”

Originality/value

This study offers insight into a rare area of study, especially in the Sub-Saharan Africa region. Furthermore, the study contributes to the state-of-the-art importance and vulnerabilities in deploying PAC devices in daily human activities. The study is valuable in that it has the potential to establish a foundation for future studies that may delve into investigating issues associated with the deployment of PAC devices.

Details

Frontiers in Engineering and Built Environment, vol. 4 no. 1
Type: Research Article
ISSN: 2634-2499

Keywords

Article
Publication date: 13 September 2023

Prasetyo Adi Wibowo Putro, Dana Indra Sensuse and Wahyu Setiawan Setiawan Wibowo

This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks…

Abstract

Purpose

This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology.

Design/methodology/approach

To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM).

Findings

The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables.

Practical implications

This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services.

Originality/value

The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.

Details

Information & Computer Security, vol. 32 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Open Access
Article
Publication date: 20 July 2023

Martina Neri, Federico Niccolini and Luigi Martino

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known…

1864

Abstract

Purpose

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.

Design/methodology/approach

This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.

Findings

Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.

Originality/value

Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.

Article
Publication date: 26 March 2024

Bernardo Nicoletti and Andrea Appolloni,

The logistics industry has undergone a tremendous transformation. This transformation is necessary to cope with the fundamental changes in customer expectations and the need for…

Abstract

Purpose

The logistics industry has undergone a tremendous transformation. This transformation is necessary to cope with the fundamental changes in customer expectations and the need for digitalization imposed by the pandemic, changes in the socioeconomic world, and innovative technology solutions. This paper aims to present digital transformation as an integrated framework for transforming the operating model and applying advanced solutions to the ecosystem of a quintile logistics (5PL) company. 5PL operators are typically an ecosystem. Loosely coupled or self-organized entities that collaborate in a symbiotic relationship represent this ecosystem. They aim to jointly develop capabilities, create innovative services or solutions, share knowledge, facilitate transactions, and leverage network synergies in a logistics environment to provide optimized or novel customer- or partner-centric solutions (Lamberjohann and Otto, 2020).

Design/methodology/approach

Currently, there is no single definition of an integrated logistics operations model in 5PL practice, so the qualitative method used in this paper allows for investigation from an exploratory perspective. The paper follows a qualitative research methodology, collecting and analyzing data/facts through interviews and visits to subject matter experts, industry practitioners, and academic researchers, combined with an extensive review of academic publications, industry reports, and written and media content from established organizations in the marketplace. This paper follows a qualitative research methodology, as it is an inquiry rather than a statistical study. The qualitative method allows the study of the concepts of phenomena and definitions, their characteristics, and the defining features that serve as the basis (Berg, 2007). It emphasizes generalized interpretation and deeper understanding of concepts, which would be more difficult in quantitative, statistically based research. Fact-finding was conducted in two ways: in-depth interviews with experts from academia, information and communication technology organizations, and key players in the logistics industry; and academic publications, industry reports, and written and media content from established national and international organizations in the market.

Findings

The operations model introduced considers six aspects: persons, processes, platforms, partners, protection and preservation. A virtual team approach can support the personal side of the 5PL ecosystem’s digital transformation. Managing a 5PL ecosystem should be based on collaborative planning, forecasting, and replenishment methods (Parsa et al., 2020). A digital platform can support trust among the stakeholders in the ecosystem. A blockchain solution can powerfully support the 5PL ecosystem from partner relationships’ points of view. The implementation of a cybersecurity reference model is important for protection (Bandari, 2023). Reverse logistics and an integrated approach support the preservation of the ecosystem.

Research limitations/implications

While the author has experience applying the different components of the operations model presented, it would be interesting to find a 5PL that would use all the components presented in an integrated way. The operations model presented applies to any similar ecosystem with minor adaptations.

Practical implications

This paper addresses operations models and digital transformation challenges for optimizing 5PL operators. It provides several opportunities and considerations for 5PL operators interested in improving their management and operations to cope with the growing challenges of today’s world.

Social implications

The competitiveness and long-term performance of 5PL operators depend on selecting and carefully implementing their operations models. This paper emphasizes the importance of using advanced operations models.

Originality/value

The operations model derives from the author’s personal experiences in research and the innovative application of these models to logistics operators (DHL, UPS, Poste Italiane and others). This paper brings together academic and industry perspectives and operations models in an integrated business digital transformation. This paper defines an original optimal operations model for a 5PL operator and can add sustainable value to organizations and society. In doing so, it outlines different solution requirements, the critical success factors and the challenges for solutions and brings logistical performance objectives when implementing a digital business transformation.

Details

Journal of Global Operations and Strategic Sourcing, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2398-5364

Keywords

Book part
Publication date: 19 March 2024

Noah McClain

In the mid-2000s, the operator of New York City’s mass transit network committed more than a half-billion dollars to military contractor Lockheed Martin for a security technology…

Abstract

In the mid-2000s, the operator of New York City’s mass transit network committed more than a half-billion dollars to military contractor Lockheed Martin for a security technology capable, in part, of inferring threats based on analysis of data streams, of developing response strategies, and taking automated action toward alerts and calamities in light of evolving circumstances. The project was a failure. This chapter explores the conceptualization and development of this technology – rooted in cybernetics – and compares its conceptual underpinnings with some situated problems of awareness, communication, coordination, and action in emergencies as they unfold in one of the busiest transport systems in the world, the New York subway. The author shows how the technology, with all the theatrical trappings of a “legitimate” security solution, was apparently conceived without a grounded understanding of actual use-cases, and the degree to which the complex interactions which give rise to subway emergency can be anticipated in – and therefore managed through – a technological system. As a case-study, the chapter illustrates the pitfalls of deploying technology against problems which are not well-defined in the first place, to the neglect of investments against much more fundamental problems – such as inadequate communication systems, and unstable relationships with emergency response agencies – which might offer guaranteed benefits, and indeed lay a firm groundwork for future deployment of more ambitious technology.

Details

Technology vs. Government: The Irresistible Force Meets the Immovable Object
Type: Book
ISBN: 978-1-83867-951-4

Keywords

1 – 10 of over 1000