Search results
1 – 10 of 462Ahmed Ali Otoom, Issa Atoum, Heba Al-Harahsheh, Mahmoud Aljawarneh, Mohammed N. Al Refai and Mahmoud Baklizi
The purpose of this paper is to present the educational computer emergency response team (EduCERT) framework, an integrated response mechanism to bolster national cybersecurity…
Abstract
Purpose
The purpose of this paper is to present the educational computer emergency response team (EduCERT) framework, an integrated response mechanism to bolster national cybersecurity through collaborative efforts in the higher education sector. The EduCERT framework addresses this gap by enhancing cyber security and mitigating cybercrime through collaborative incident management, knowledge sharing and university awareness campaigns.
Design/methodology/approach
The authors propose an EduCERT framework following the design science methodology. The framework is developed based on literature and input from focus group experts. Moreover, it is grounded in the principles of the technology-organization-environment framework, organizational learning and diffusion of innovations theory.
Findings
The EduCERT has eight components: infrastructure, governance, knowledge development, awareness, incident management, evaluation and continuous improvement. The framework reinforces national cybersecurity through cooperation between universities and the National Computer Emergency Response Team. The framework has been implemented in Jordan to generate a cybersecurity foundation for higher education. Evaluating the EduCERT framework’s influence on national cybersecurity highlights the importance of adopting comprehensive cyber-security policies and controls. The framework application shows its relevance, effectiveness, adaptability and alignment with best practices.
Research limitations/implications
Despite the impact of applying the framework in the Jordanian context, it is essential to acknowledge that the proposed EduCERT framework’s practical implementation may encounter challenges specific to diverse international educational environment sectors. However, framework customization for global applicability could address varied educational institutions in other countries.
Practical implications
Furthermore, the proposed EduCERT framework is designed with universal applicability that extends beyond the specific country’s context. The principles and components presented in the framework can serve as valuable design advice for establishing collaborative and resilient cybersecurity frameworks in educational settings worldwide. Therefore, the research enhances the proposed framework’s practical utility and positions it as an invaluable contribution to the broader discourse on global cybersecurity in academia.
Originality/value
This paper enhances national cybersecurity in the higher education sector, addressing the need for a more integrated response mechanism. The EduCERT framework demonstrates its effectiveness, adaptability and alignment with best practices, offering valuable guidance for global educational institutions.
Details
Keywords
Data breaches in the US healthcare sector have more than tripled in the last decade across all states. However, to this day, no established framework ranks all states from most to…
Abstract
Purpose
Data breaches in the US healthcare sector have more than tripled in the last decade across all states. However, to this day, no established framework ranks all states from most to least at risk for healthcare data breaches. This gap has led to a lack of proper risk identification and understanding of cyber environments at state levels.
Design/methodology/approach
Based on the security action cycle, the National Institute of Standards and Technology (NIST) cybersecurity framework, the risk-planning model, and the multicriteria decision-making (MCDM) literature, the paper offers an integrated multicriteria framework for prioritization in cybersecurity to address this lack and other prioritization issues in risk management in the field. The study used historical breach data between 2015 and 2021.
Findings
The findings showed that California, Texas, New York, Florida, Indiana, Pennsylvania, Massachusetts, Minnesota, Ohio, and Georgia are the states most at risk for healthcare data breaches.
Practical implications
The findings highlight each US state faces a different level of healthcare risk. The findings are informative for patients, crucial for privacy officers in understanding the nuances of their risk environment, and important for policy-makers who must grasp the grave disconnect between existing issues and legislative practices. Furthermore, the study suggests an association between positioning state risk and such factors as population and wealth, both avenues for future research.
Originality/value
Theoretically, the paper offers an integrated framework, whose basis in established security models in both academia and industry practice enables utilizing it in various prioritization scenarios in the field of cybersecurity. It further emphasizes the importance of risk identification and brings attention to different healthcare cybersecurity environments among the different US states.
Details
Keywords
Eliana Stavrou and Andriani Piki
The accelerated digital transformation and the growing emphasis on privacy, safety and security present ongoing challenges for cybersecurity experts. Alongside these challenges…
Abstract
Purpose
The accelerated digital transformation and the growing emphasis on privacy, safety and security present ongoing challenges for cybersecurity experts. Alongside these challenges, the multidisciplinary, everchanging and complex nature of the cybersecurity domain has further challenged the acquisition and retention of cybersecurity talent. Empowering reskilling and upskilling in cybersecurity necessitates efficacious educational endeavours which promote self-confidence and foster a growth mindset. The purpose of this paper is to highlight that cultivating self-efficacy in cybersecurity education can help promote competency development and effectively address the prominent skills gaps. This notion applies equally to both aspiring individuals pursuing a career in cybersecurity and professionals in the field who may wish to better articulate the skills they already possess, the skills they lack and newly surfacing skills that need to be developed.
Design/methodology/approach
The study discusses the imminent need for adopting a “skills-first” approach in cybersecurity and explores innovative pedagogies and professional frameworks that can inform and frame such an approach. Subsequently, a critical analysis of the importance of self-efficacy towards motivating and supporting upskilling in cybersecurity is performed. A case study is presented, expanding the authors’ previous work on cybersecurity professional development, to demonstrate the mediating role that self-efficacy can play in developing core cybersecurity competencies. The case study presents the design of a new cybersecurity curriculum in the context of postgraduate, synchronous distance cybersecurity education, and it is utilised as a basis to discuss how the proposed curriculum cultivates self-efficacy attitudes.
Findings
A skills-first approach is becoming the new norm in contemporary workplaces. This work highlights the importance of actively nurturing self-efficacy attitudes through innovative cybersecurity curricula that can be tailored to the learners’ needs, instigating a drive for learning and, ultimately, helping learners effectively upskilling by portraying a self-directed learning path and a professional growth mindset in cybersecurity.
Originality/value
The authors present the importance of cultivating self-efficacy in higher and lifelong education to foster reskilling and upskilling in cybersecurity. An innovative cybersecurity curriculum was constructed and delivered with a group of learners demonstrating how self-efficacy can be leveraged through interactive, reflective and self-assessment educational activities that enhanced motivation and self-awareness, curiosity, attention to detail and resilience – key skills for a successful career in cybersecurity.
Details
Keywords
This paper reviews recent research on the expected economic effects of developing artificial intelligence (AI) through a survey of the latest publications, in particular papers…
Abstract
Purpose
This paper reviews recent research on the expected economic effects of developing artificial intelligence (AI) through a survey of the latest publications, in particular papers and reports issued by academics, consulting companies and think tanks.
Design/methodology/approach
Our paper represents a point of view on AI and its impact on the global economy. It represents a descriptive analysis of the AI phenomenon.
Findings
AI represents a driver of productivity and economic growth. It can increase efficiency and significantly improve the decision-making process by analyzing large amounts of data, yet at the same time it creates equally serious risks of job market polarization, rising inequality, structural unemployment and the emergence of new undesirable industrial structures.
Practical implications
This paper presents itself as a building block for further research by introducing the two main factors in the production function (Cobb-Douglas): labor and capital. Indeed, Zeira (1998) and Aghion, Jones and Jones (2017) suggested that AI can stimulate growth by replacing labor, which is a limited resource, with capital, an unlimited resource, both for the production of goods, services and ideas.
Originality/value
Our study contributes to the previous literature and presents a descriptive analysis of the impact of AI on technological development, economic growth and employment.
Details
Keywords
Tshepo Arnold Chauke and Mpho Ngoepe
The purpose of the study is to explore the integration of facets of information technology (IT) governance at a professional council in South Africa with the view to develop a…
Abstract
Purpose
The purpose of the study is to explore the integration of facets of information technology (IT) governance at a professional council in South Africa with the view to develop a framework.
Design/methodology/approach
This critical emancipatory study used the Information Governance Initiative pinwheel to explore the architecture facet of information governance at the professional council, with a view to developing a framework for entrenching a culture of good corporate governance. Qualitative data was collected through interviews and document analysis. The study was a participatory action research project that involved collaboration between the researcher and study participants in defining and solving the problem through a needs assessment exercise.
Findings
The key findings report on the processes taken by a professional council in identifying and implementing the facets of information governance, that is, records management, IT, content management, data governance, information security, data privacy, risk management, regulatory compliance, long-term digital preservation and, even, business intelligence.
Research limitations/implications
The study was a participatory action research project that involved collaboration between the researcher and study participants in defining and solving the problem through a needs assessment exercise.
Practical implications
The study’s findings suggest that, with the right information governance policy in place, adopting the facets of information governance can be used to address concerns related to information integrity in the short and medium terms. As a long-term option for retaining data and information, it would have various drawbacks and would not, however, ensure the initial dependability of the information.
Originality/value
A framework for information governance to ensure that the professional organisation and board members adopt a tailored governance system is suggested.
Details
Keywords
Ruti Gafni and Yair Levy
Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate…
Abstract
Purpose
Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate the role of AI in automating many of the routine tasks associated with cybersecurity. As such, AI enables cybersecurity personnel to reduce their workloads and focus on more strategic aspects of their work.
Design/methodology/approach
This study is an exploratory field study. The authors started by conducting a literature review to assess the possibility that AI tools can provide and how they can improve cybersecurity efficacy. Following this, the authors identified the specific core tasks for two cybersecurity work roles (technical and managerial) and searched for specific commercial tools that can perform each of the tasks. Then, the authors used the free ChatGPT 3.5 to list the current cybersecurity systems that use AI for the associated tasks, which the authors then reviewed with the tools’ documentation and websites to confirm these tasks were conducted or assisted by AI.
Findings
Results indicated that all 14 cybersecurity tasks of the technical work role are currently noted to be performed by commercial cybersecurity systems with AI-integrated capabilities, while only 11 of the 17 managerial work role tasks currently appear to be performed by AI.
Practical implications
The rapid integration of AI capabilities into commercial cybersecurity systems may suggest that the cybersecurity workforce must be currently trained on how to use AI tools in their daily operations, especially as it pertains to technical cybersecurity work roles.
Social implications
The cybersecurity workforce shortage is reported to exceed four million cybersecurity workers worldwide in 2023. Thus, further understanding of the role of AI in improving the efficiency of technical and managerial cybersecurity tasks is significant.
Originality/value
The value of this research lies in the initial assessment of the current AI capabilities of commercial cybersecurity systems, which will ultimately provide the “super-human” performances resulting from human-AI teaming.
Details
Keywords
This chapter reviews possible regulatory updates needed to address the four general challenges arising from digitalization of financial services, regardless of the business models…
Abstract
This chapter reviews possible regulatory updates needed to address the four general challenges arising from digitalization of financial services, regardless of the business models of the financial services providers. These challenges are customers' data rights, artificial intelligence (AI) ethics, cybersecurity and financial exclusion.
Details
Keywords
Ifeyinwa Juliet Orji and Chukwuebuka Martinjoe U-Dominic
Cybersecurity has received growing attention from academic researchers and industry practitioners as a strategy to accelerate performance gains and social sustainability…
Abstract
Purpose
Cybersecurity has received growing attention from academic researchers and industry practitioners as a strategy to accelerate performance gains and social sustainability. Meanwhile, firms are usually prone to cyber-risks that emanate from their supply chain partners especially third-party logistics providers (3PLs). Thus, it is crucial to implement cyber-risks management in 3PLs to achieve social sustainability in supply chains. However, these 3PLs are faced with critical difficulties which tend to hamper the consistent growth of cybersecurity. This paper aims to analyze these critical difficulties.
Design/methodology/approach
Data were sourced from 40 managers in Nigerian 3PLs with the aid of questionnaires. A novel quantitative methodology based on the synergetic combination of interval-valued neutrosophic analytic hierarchy process (IVN-AHP) and multi-objective optimization on the basis of a ratio analysis plus the full multiplicative form (MULTIMOORA) is applied. Sensitivity analysis and comparative analysis with other decision models were conducted.
Findings
Barriers were identified from published literature, finalized using experts’ inputs and classified under organizational, institutional and human (cultural values) dimensions. The results highlight the most critical dimension as human followed by organizational and institutional. Also, the results pinpointed indigenous beliefs (e.g. cyber-crime spiritualism), poor humane orientation, unavailable specific tools for managing cyber-risks and skilled workforce shortage as the most critical barriers that show the highest potential to elicit other barriers.
Research limitations/implications
By illustrating the most significant barriers, this study will assist policy makers and industry practitioners in developing strategies in a coordinated and sequential manner to overcome these barriers and thus, achieve socially sustainable supply chains.
Originality/value
This research pioneers the use of IVN-AHP-MULTIMOORA to analyze cyber-risks management barriers in 3PLs for supply chain social sustainability in a developing nation.
Details
Keywords
This paper aims to explore the cybersecurity challenges the electric power industry faces due to its increased reliance on digital supply chains (DSCs), focusing on the…
Abstract
Purpose
This paper aims to explore the cybersecurity challenges the electric power industry faces due to its increased reliance on digital supply chains (DSCs), focusing on the procurement phase.
Design/methodology/approach
This study uses qualitative methods, with 17 semi-structured interviews conducted among industry participants to delve deep into the challenges and potential solutions. The Gioia methodology was applied to analyse the interview data. The ecosystem and procurement theory is used to understand the interconnectedness and vulnerabilities within the electric power industry’s DSC.
Findings
Three aggregated dimensions were identified: cybersecurity, risk management and supplier tensions. Key findings suggest the importance of precise cybersecurity requirements, continuous monitoring, engagement with all supply chain actors and adaptability to emerging threats.
Practical implications
This paper presents a framework to systematically address and mitigate cybersecurity risks in the DSC. Combining theoretical foundations with reasonable measures can significantly enhance cybersecurity resilience. By implementing these guidelines, organisations can foster collaboration across the supply chain, maintain regulatory compliance and continually adapt to the evolving threat landscape.
Originality/value
The paper is based on unique interview data from actors in the electric power industry. It presents a new framework for managing cybersecurity in DSCs, underpinned by the theoretical lenses of ecosystems and procurement.
Details
Keywords
Derek Friday, Steven Alexander Melnyk, Morris Altman, Norma Harrison and Suzanne Ryan
The vulnerability of customers to malware attacks through weak supplier links has prompted a need for collaboration as a strategic alternative in improving supply chain…
Abstract
Purpose
The vulnerability of customers to malware attacks through weak supplier links has prompted a need for collaboration as a strategic alternative in improving supply chain cybersecurity (SCC). Current studies overlook the fact that the effectiveness of cybersecurity strategies is dependent on the form of interfirm relationship mechanisms within which supply chain digital assets are embedded. This paper analyses the association between interfirm collaborative cybersecurity management capabilities (ICCMC) and cybersecurity parameters across a supply chain and proposes an agenda for future research.
Design/methodology/approach
A systematic literature review (SLR) is conducted, employing text mining software to analyse content extracted from 137 scholarly articles on SCC from January 2013 to January 2022.
Findings
The co-occurrence analysis strongly confirms the potential of ICCMC to reinforce SCC. Furthermore, we establish that relational factors could have multiple roles: as antecedents for ICCMC, and as factors that directly affect SCC parameters. The analysis reveals knowledge gaps in SCC theory grounding, including a fragmented and sparse representation of SCC parameters and the potential presence of an omitted variable – SCC – that could improve subsequent testing of causal relationships for theory development.
Originality/value
The paper’s contribution is at the intersection of interfirm collaboration and mandating cybersecurity requirements across a supply chain. Our paper contributes to closing a social-technical gap by introducing social aspects such as the Relational View and the importance of developing ICCMC to reinforce SCC. We offer a method for testing co-occurrences in SLRs, a comprehensive definition of SCC, and a framework with propositions for future research on increasing the effectiveness of collaborative cybersecurity management. We position collaboration as a necessary condition for the transition from cybersecurity of a firm to cybersecurity across a supply chain, and its ecosystem.
Details