Search results

1 – 10 of 658
To view the access options for this content please click here
Article

Adenekan Dedeke and Katherine Masterson

This paper aims to explore the evolution of a trend in which countries are developing or adopting cybersecurity implementation frameworks that are intended to be used…

Abstract

Purpose

This paper aims to explore the evolution of a trend in which countries are developing or adopting cybersecurity implementation frameworks that are intended to be used nationally. This paper contrasts the cybersecurity frameworks that have been developed in three countries, namely, Australia, UK and USA.

Design/methodology/approach

The paper uses literature review and qualitative document analysis for the study. The paper developed and used an assessment matrix as its coding protocol. The contents of the three cybersecurity frameworks were then scored to capture the degree to which they covered the themes/items of the cybersecurity assessment matrix.

Findings

The analysis found that the three cybersecurity frameworks are oriented toward the risk management approach. However, the frameworks also had notable differences with regard to the security domains that they cover. For example, one of the frameworks did not offer guidelines with regard to what to do to respond to attacks or to plan for recovery.

Originality/value

The results of this study are beneficial to policymakers in the three countries targeted, as they are able to gain insights about how their cybersecurity frameworks compares to those of the other two countries. Such knowledge would be useful as decision-makers take steps to improve their existing frameworks. The results of this study are also beneficial to executives who have branches in all three countries. In such cases, security professionals could deploy the most comprehensive framework across all three countries and then extend the deployment in each location to meet country-specific requirements.

To view the access options for this content please click here
Article

Randy Borum, John Felker, Sean Kern, Kristen Dennesen and Tonya Feyes

This paper aims to highlight the importance and role of strategic cyber intelligence to support risk-informed decision-making, ultimately leading to improved objectives…

Abstract

Purpose

This paper aims to highlight the importance and role of strategic cyber intelligence to support risk-informed decision-making, ultimately leading to improved objectives, policies, architectures and investments to advance a nation or organization’s interests in the cyber domain.

Design/methodology/approach

Integration of professional research literature from the fields of intelligence studies, strategy and information/computer security.

Findings

Investing in technology, firewalls and intrusion detection systems is appropriate but, by itself, insufficient. Intelligence is a key component. Cyber intelligence emphasizes prevention and anticipation, to focus cybersecurity efforts before an attack occurs (“left of the hack”). Strategic cyber intelligence can substantially reduce risk to the organization’s mission and valued assets and support its due diligence.

Originality/value

This paper describes how strategic cyber intelligence can be implemented and used within an enterprise to enhance its cyber defense, and create a more proactive and adaptive security posture. It not only describes strategic cyber intelligence as a distinct discipline, but also demonstrates how the key intelligence functions articulate with existing cybersecurity risk management standards.

Details

Information & Computer Security, vol. 23 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article

Kazuaki Ikeda, Anthony Marshall and Dave Zaharchuk

To better understand the current state of world economic competitiveness as well as the challenges and opportunities both present and emerging for national economies, the…

Abstract

Purpose

To better understand the current state of world economic competitiveness as well as the challenges and opportunities both present and emerging for national economies, the IBM Institute for Business Value (IBV) 10;surveyed top executives on a range of topics related to their organizations’ and their nations’ successes.

Design/methodology/approach

More than 2,700 C-level executives across the 12 largest national economies were surveyed in collaboration with Oxford Economics.

Findings

•9;90 percent of executives cite skilled labor availability and quality as a critical factor for their organization when considering expansion into new markets. 10;•9;54 percent of executives say cyber threats are among the biggest strategic risks for their nation’s economy in the next five years. 10;•9;120 million workers in the world’s 12 largest economies may need to be retrained/reskilled in the next three years as a result of intelligent/AI-enabled automation. 10;

Practical implications

By a wide margin, regulatory risk and cyber threats dominate the attention of business and other leaders as primary risks to their respective economies.

Social implications

The future success of national economies is heavily dependent upon ecosystem partners working together to develop and maintain a skilled workforce across regional labor markets.

Originality/value

Based on the responses, the researches recommend a focus on developing and maintaining the workforce skills required to realize value from intelligent automation and other emerging technologies.As intelligent automation and other disruptions continue to redefine industries, the types of skills these industries require are also evolving. 10;

Details

Strategy & Leadership, vol. 47 no. 3
Type: Research Article
ISSN: 1087-8572

Keywords

To view the access options for this content please click here
Article

Filip Caron

The purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence.

Abstract

Purpose

The purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence.

Design/methodology/approach

The paper starts with an identification of the applicable cyber-testing techniques and evaluates their applicability to generally accepted assurance schemes and cyber-security guidelines.

Findings

Cyber-testing techniques are providing insight in the effectiveness of the actual implementation of cyber-security controls, which may significantly deviate from the conceptual designs of these controls. Furthermore, cyber-testing techniques could provide concise input for cyber-risk management and improvement recommendations.

Originality/value

The presented cyber-testing techniques could complement traditional process-oriented assurance techniques with specialized technical analyses of real-world implementations that focus on the adversaries’ viewpoint.

Details

Managerial Auditing Journal, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 0268-6902

Keywords

To view the access options for this content please click here
Article

Noluxolo Gcaza, Rossouw von Solms, Marthie M. Grobler and Joey Jansen van Vuuren

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security…

Abstract

Purpose

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined.

Design/methodology/approach

General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture.

Findings

This paper identifies the most important variables in cultivating a cyber security culture.

Research implications

The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions.

Practical implications

Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors.

Originality/value

Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.

Details

Information & Computer Security, vol. 25 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article

Abdul Wahid Mir and Ramkumar Ketti Ramachandran

Supervisory control and data acquisition (SCADA) systems security is of paramount importance, and there should be a holistic approach to it, as any gap in the security…

Abstract

Purpose

Supervisory control and data acquisition (SCADA) systems security is of paramount importance, and there should be a holistic approach to it, as any gap in the security will lead to critical national-level disaster. The purpose of this paper is to present the case study of security gaps assessment of SCADA systems of electricity utility company in the Sultanate of Oman against the regulatory standard and security baseline requirements published by the Authority for Electricity Regulation (AER), Government of Sultanate of Oman.

Design/methodology/approach

The security gaps assessment presented in this paper are based on the security baseline requirements that include core areas, controls for each core area and requirements for each control.

Findings

The paper provides the security gaps assessment summary of SCADA systems of electricity utility company.

Practical implications

The summary of threats and vulnerabilities presented will help stakeholders to be proactive rather than reactive in the event of any attack.

Originality/value

This case study discusses the various security challenges in smart grid based on SCADA systems and provides the summary of challenges and recommendations to overcome the same.

Details

Information & Computer Security, vol. 27 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article

Christine Sund

The purpose of this paper is to show that the full potential of the internet has not yet been realised. One of the key reasons for this is users' declining trust in the…

Abstract

Purpose

The purpose of this paper is to show that the full potential of the internet has not yet been realised. One of the key reasons for this is users' declining trust in the internet. Over the past two decades, the internet has transformed many aspects of modern life. With an estimated four million users worldwide at the end of 2006, the use of the internet continues to grow. Building trust and confidence is one of the main enablers for the future growth and use of the internet. The paper aims to review some of the reasons behind the declining trust, the changing nature of cyber‐threats, and aims to look at cybersecurity in the context of developing countries and the specific problems these countries are facing when dealing with growing number of cyber‐threats.

Design/methodology/approach

This contribution gives an overview of some of the evolving cyber‐threats and their potential impact in order to determine whether the growth of the information society is really at risk. It further considers what the different stakeholders can do to build a safer and more secure information society. The paper poses questions, outlines possible options for a way forward and based on this gives the readers a better understanding of the issues and challenges involved in building confidence and security in the use of ICTs. The paper proposes a framework with increased co‐operation, collaboration, and information sharing, to connect the individual cybersecurity communities and single initiatives, in order to allow stakeholders to build together a roadmap for cybersecurity.

Findings

During the discussions leading up to and during the two phases of the World Summit on the information society, country representative participants re‐affirmed their commitment to deal effectively with the significant and growing problems posed by spam and other cyber‐threats. As no single country or entity can alone create trust, confidence and security in the use of ICTs, it is clear that increased international action is needed to address the issues involved.

Practical implications

This paper tries to provide readers with a simple overview of the state of cybersecurity, and with a framework for further considering how new technologies and the growing use of the internet will impact upon stakeholders' trust in the use of ICTs.

Originality/value

Along with increasing dependency on ICTs, new threats to network and information security have emerged. These include growing misuse of electronic networks for criminal purposes or for objectives that can furthermore adversely affect the integrity of critical infrastructures within states. This paper puts forward some concrete suggestions on how countries could look at the issues related to cybersecurity.

Details

Online Information Review, vol. 31 no. 5
Type: Research Article
ISSN: 1468-4527

Keywords

To view the access options for this content please click here
Article

Rajni Goel, Anupam Kumar and James Haddow

This study aims to develop a framework for cybersecurity risk assessment in an organization. Existing cybersecurity frameworks are complex and implementation oriented. The…

Abstract

Purpose

This study aims to develop a framework for cybersecurity risk assessment in an organization. Existing cybersecurity frameworks are complex and implementation oriented. The framework can be systematically used to assess the strategic orientation of a firm with respect to its cybersecurity posture. The goal is to assist top-management-team with tailoring their decision-making about security investments while managing cyber risk at their organization.

Design/methodology/approach

A thematic analysis of existing publications using content analysis techniques generates the initial set of keywords of significance. Additional factor analysis using the keywords provides us with a framework comprising of five pillars comprising prioritize, resource, implement, standardize and monitor (PRISM) for assessing a firm’s strategic cybersecurity orientation.

Findings

The primary contribution is the development of a novel PRISM framework, which enables cyber decision-makers to identify and operationalize a tailored approach to address risk management and cybersecurity problems. PRISM framework evaluation will help organizations identify and implement the most tailored risk management and cybersecurity approach applicable to their problem(s).

Originality/value

The new norm is for companies to realize that data stratification in cyberspace extends throughout their organizations, intertwining their need for cybersecurity within business operations. This paper fulfills an identified need improve the ability of company leaders, as CIOs and others, to address the growing problem of how organizations can better handle cyber threats by using an approach that is a methodology for cross-organization cybersecurity risk management.

Details

Information & Computer Security, vol. 28 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article

Masike Malatji, Sune Von Solms and Annlizé Marnewick

This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the…

Abstract

Purpose

This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices.

Design/methodology/approach

The socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced.

Findings

The results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment.

Practical implications

This research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation.

Originality/value

The application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.

Details

Information & Computer Security, vol. 27 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Book part

Saeed J. Roohani and Xiaochuan Zheng

With recent increases in cybersecurity incidents, it is imperative to supplement current accounting curriculum, equip accounting graduates with sufficient knowledge and…

Abstract

With recent increases in cybersecurity incidents, it is imperative to supplement current accounting curriculum, equip accounting graduates with sufficient knowledge and skills to assess cybersecurity risk, and learn about controls to mitigate such risks. In this chapter, the authors describe 10 teaching modules, supported by 10 professionally produced video series. The authors developed these videos for educating students on cybersecurity and the videos are available free to instructors from other institutions who wish to use them. The videos are filled with insights and advice from our two experts – one a former hacker and the other an experienced cybersecurity professional. This dialogue between two different sides provides a rich discussion that leads to answering many questions that people often have about cybersecurity. Further, in Exhibit 1, this chapter offers a framework for characterizing and analyzing some recent publicized data-breach cases, which can supplement discussion on cybersecurity modules. Instructors can add more cases to this source overtime. Finally, the authors share the analysis of feedback from students who went through the series. The results suggest that the students show interest in the topic, and videos helped them better understand the complexity of cybersecurity risk and controls.

Details

Advances in Accounting Education: Teaching and Curriculum Innovations
Type: Book
ISBN: 978-1-78973-394-5

Keywords

1 – 10 of 658