Search results

1 – 10 of 37
Article
Publication date: 13 May 2020

Tara Kissoon

This purpose of this paper is to provide insight through analysis of the data collected from a pilot study, into the decision-making process used by organizations in…

Abstract

Purpose

This purpose of this paper is to provide insight through analysis of the data collected from a pilot study, into the decision-making process used by organizations in cybersecurity investments. Leveraging the review of literature, this paper aims to explore the strategic decisions made by organizations when implementing cybersecurity controls, and identifies economic models and theories from the economics of information security, and information security investment decision-making process. Using a survey study method, this paper explores the feasibility for development of a strategic decision-making framework that may be used when evaluating and implementing cybersecurity measures.

Design/methodology/approach

A pilot study was conducted to evaluate the ways in which decisions are made as it relates to cybersecurity spending. The purpose of the pilot study was to determine the feasibility for developing a strategic framework to minimize cybersecurity risks. Phase 1 – Interview Study: The qualitative approach focused on seven participants who provided input to refine the survey study questionnaire. Phase 2 – Survey Study: The qualitative approach focused on information gathered through an online descriptive survey study using a five-point Likert scale.

Findings

The literature review identified that there is limited research in the area of information security decision making. One paper was identified within this area, focusing on the research completed by Dor and Elovici [22]. This exploratory research demonstrates that although organizations have actively implemented cybersecurity frameworks, there is a need to enhance the decision-making process to reduce the number and type of breaches, along with strengthening the cybersecurity framework to facilitate a preventative approach.

Research limitations/implications

The partnership research design could be expanded to facilitate quantitative and qualitative techniques in parallel with equal weight, leveraging qualitative techniques, an interview study, case study and grounded theory. In-depth data collection and analysis can be completed to facilitate a broader data collection which will provide a representative sample and achieve saturation to ensure that adequate and quality data are collected to support the study. Quantitative analysis through statistical techniques (i.e. regression analysis) taking into account, the effectiveness of cybersecurity frameworks, and the effectiveness of decisions made by stakeholders on implementing cybersecurity measures.

Practical implications

This exploratory research demonstrates that organizations have actively implemented cybersecurity measure; however, there is a need to reduce the number and type of breaches, along with strengthening the cybersecurity framework to facilitate a preventative approach. In addition, factors that are used by an organization when investing in cybersecurity controls are heavily focused on compliance with government and industry regulations along with opportunity cost. Lastly, the decision-making process used when evaluating, implementing and investing in cybersecurity controls is weighted towards the technology organization and, therefore, may be biased based on competing priorities.

Social implications

The outcome of this study provides greater insight into how an organization makes decisions when implementing cybersecurity controls. This exploratory research shows that most organizations are diligently implementing security measures to effectively monitor and detect cyber security attacks. The pilot study revealed that the importance given to the decisions made by the CIO and Head of the Business Line have similar priorities with regard to funding the investment cost, implementing information security measures and reviewing the risk appetite statement. This parallel decision-making process may potentially have an adverse impact on the decision to fund cybersecurity measures, especially in circumstances where the viewpoints are vastly different .

Originality/value

Cybersecurity spend is discussed across the literature, and various approaches, methodologies and models are used. The aim of this paper is to explore the strategic decision-making approach that is used by organizations when evaluating and implementing cybersecurity measures. Using a survey study method, this paper explores the feasibility for development of a strategic decision-making framework that may be used when evaluating and implementing cybersecurity measures.

Details

Transforming Government: People, Process and Policy, vol. 14 no. 3
Type: Research Article
ISSN: 1750-6166

Keywords

Book part
Publication date: 19 July 2022

Kuldeep Singh Kaswan, Jagjit Singh Dhatterwal, Sanjay Kumar and Sandeep Lal

Purpose: A cyber insurance policy’s purpose is to help in the recovering of a person or corporation following a cyber breach and to compensate for civil suit expenses…

Abstract

Purpose: A cyber insurance policy’s purpose is to help in the recovering of a person or corporation following a cyber breach and to compensate for civil suit expenses stemming from first- and third-party responsibility claims.

Methodology: The usage of cybersecurity spending has forecast a variety of security categories using F&S projection methodology. Each of these is suited to the end-user organisations of in-scope security mechanisms, as well as the particular market circumstances. Critical national infrastructure (CNI), immigration control, big events, first responding, executive branch, infrastructure, and transportation security are among the worldwide forecast categories. This segmentation is further subdivided into 16 subsegments, each with its own security forecasting system. F&S protection marketplaces are anticipated using a bottom-up technique for each nation, which adds up to worldwide market penetration. This covers 177 nations spread throughout seven zones.

Findings: The cybersecurity insurer industry was valued at USD 7.36 billion in 2020 and is predicted to be worth USD 27.83 billion by 2026, growing at a compound annual growth rate (CAGR) of 24.30% during the forecast time frame (2021–2026). The expanding use of digitalisation innovations such as the cloud, big data, mobile computing, internet of things (IoT), and artificial intelligence (AI) across more lines of employment and society, as well as improved connectivity, have enhanced the burden of already overburdened information technology (IT) staff.

Practical implications: Accepted the innovative Insurance Data Security Model Law (#668), which necessitates insurance providers and other agencies registered by government insurance agencies to advance, integrate, and establish an information security management system; start investigating any cybersecurity events; and advise the private insurance superintendent of such happenings. Too far, the approach has been embraced by governorates.

Details

Big Data: A Game Changer for Insurance Industry
Type: Book
ISBN: 978-1-80262-606-3

Keywords

Article
Publication date: 9 October 2019

Elham Ali Shammar and Ammar Thabit Zahary

Internet has changed radically in the way people interact in the virtual world, in their careers or social relationships. IoT technology has added a new vision to this…

4735

Abstract

Purpose

Internet has changed radically in the way people interact in the virtual world, in their careers or social relationships. IoT technology has added a new vision to this process by enabling connections between smart objects and humans, and also between smart objects themselves, which leads to anything, anytime, anywhere, and any media communications. IoT allows objects to physically see, hear, think, and perform tasks by making them talk to each other, share information and coordinate decisions. To enable the vision of IoT, it utilizes technologies such as ubiquitous computing, context awareness, RFID, WSN, embedded devices, CPS, communication technologies, and internet protocols. IoT is considered to be the future internet, which is significantly different from the Internet we use today. The purpose of this paper is to provide up-to-date literature on trends of IoT research which is driven by the need for convergence of several interdisciplinary technologies and new applications.

Design/methodology/approach

A comprehensive IoT literature review has been performed in this paper as a survey. The survey starts by providing an overview of IoT concepts, visions and evolutions. IoT architectures are also explored. Then, the most important components of IoT are discussed including a thorough discussion of IoT operating systems such as Tiny OS, Contiki OS, FreeRTOS, and RIOT. A review of IoT applications is also presented in this paper and finally, IoT challenges that can be recently encountered by researchers are introduced.

Findings

Studies of IoT literature and projects show the disproportionate importance of technology in IoT projects, which are often driven by technological interventions rather than innovation in the business model. There are a number of serious concerns about the dangers of IoT growth, particularly in the areas of privacy and security; hence, industry and government began addressing these concerns. At the end, what makes IoT exciting is that we do not yet know the exact use cases which would have the ability to significantly influence our lives.

Originality/value

This survey provides a comprehensive literature review on IoT techniques, operating systems and trends.

Details

Library Hi Tech, vol. 38 no. 1
Type: Research Article
ISSN: 0737-8831

Keywords

Article
Publication date: 19 November 2021

Lázaro Florido-Benítez

This study’s purpose is to analyze the international mobile marketing (IMK) in order to stage the importance of this tool in the internationalization of companies. Our…

Abstract

Purpose

This study’s purpose is to analyze the international mobile marketing (IMK) in order to stage the importance of this tool in the internationalization of companies. Our understanding of mobile marketing is constantly evolving, due to its high business penetration in a world globalized by technologies.

Design/methodology/approach

A review of the relevant literature on IMK, companies and customers is undertaken to understand the link between them. The paper begins by explaining the coronavirus disease 2019 is accelerating the change of the rules of the game in traditional and online commerce around the world. Furthermore, this study uses secondary data from organisation for economic co-operation and development (OECD), Sensor Tower, mobile marketing association (MMA), App Annie, among others, to support research results.

Findings

The results have shown that IMK has opened a melting pot of opportunities for companies and consumers in this period of pandemic; the potential of this tool is being redefined, in order to identify, anticipate and satisfy customers requirement profitably and efficiently. This study aims to provide an assessment of new concept of IMK and how this tool has to be integrated into the firm’s digital marketing strategies.

Originality/value

The study contributes to make better future decisions in the international digital expansion of companies by company executives and marketing experts. This paper provides a comprehensive framework intended to guide research efforts focusing on digital marketing as well as to aid practitioners in their quest to achieve IMK success.

Details

Benchmarking: An International Journal, vol. 29 no. 6
Type: Research Article
ISSN: 1463-5771

Keywords

Article
Publication date: 29 July 2014

Ranjit Bose and Xin (Robert) Luo

– The purpose of this study is to propose to use the economic value added to measure firm performance against information security investments.

1488

Abstract

Purpose

The purpose of this study is to propose to use the economic value added to measure firm performance against information security investments.

Design/methodology/approach

The authors develop a conceptual framework to capture non information technology (IT)-related and IT-related security investment factors and propose to study their holistic influences on firm performance.

Findings

The authors propose 14 propositions to understand the relationship between security investments and firm performance.

Research limitations/implications

The authors propose a validation process to guide future research to further empirically capture all needed data and analyze the proposed relationships.

Practical implications

Managers can view security investment from a more comprehensive perspective and understand how to potentially contribute each of the non IT-related and IT-related factors to firm performance.

Originality/value

This is one of the early attempts studying information security investment vs firm performance from a comprehensive conceptual angel.

Details

International Journal of Accounting & Information Management, vol. 22 no. 3
Type: Research Article
ISSN: 1834-7649

Keywords

Book part
Publication date: 24 January 2022

Oya Korkmaz

Introduction: Looking at the risks faced by enterprises in recent years, we see that the risks have shifted radically from traditional economic and financial risks to…

Abstract

Introduction: Looking at the risks faced by enterprises in recent years, we see that the risks have shifted radically from traditional economic and financial risks to those posed by environmental and social factors. Developments in the field of activity of enterprises (climate change, the increasing relationship between the society and enterprises through shareholders and partners) have led to an increase in the number and diversity of risks faced by enterprises. It is only possible for enterprises to cope with these increasing risks by adopting a proactive and contemporary management approach. One of these contemporary management approaches that businesses should adopt is sustainability. Many researches have shown that the integration of sustainability into risk management has proved successful in risk management.

Purpose: Looking at previous literature, this study sets forth what financial (economic), environmental and social risks businesses may face today, explains with a few examples what measures companies can implement to eliminate these risks, and a future perspective is presented to companies. In addition, this study makes recommendations on how to successfully manage the risks that companies may face and emphasizes what the positive results of sustainable risk management can be (increasing the business value, ensuring sustainability and increasing the shareholder value). Mention was made about the fact that the ability of enterprises to successfully manage sustainability risks depends on their ability to prevent, identify, mitigate and manage risks, and it was emphasized that the environmental, social and governance risks must, to a large extent, be taken into account by many circles (regulators and customers), mainly investors. In addition, this study aims to identify and evaluate the current and possible future risks and to serve as a guide for actions to be taken to minimize risks or keep them at an optimum level.

Methodology: In this section, a compilation study on sustainability risk management (SRM) was done in the light of information obtained from various reports, scientific articles and books. In other words, in this section, information from various scientific sources on SRM was systematically collected, analyzed, interpreted and evaluated, and effort was made to present an up-to-date, extensive conceptual framework related to SRM. In addition, the scientific literature – especially in the historical development process of the last decade – on the debate of SRM was examined in this study, and the highest point reached in this debate today is revealed. Thus, the positioning of different views on the sustainability issue and the latest developments in the literature were also evaluated properly.

Findings: As a result of the examination of the scientific literature on SRM in the last decade, it has been determined that SRM has led to many other favorable outcomes, from the sustainability of the enterprise to gaining competitive advantage, increasing its goodwill, reputation and efficiency.

Details

Insurance and Risk Management for Disruptions in Social, Economic and Environmental Systems: Decision and Control Allocations within New Domains of Risk
Type: Book
ISBN: 978-1-80117-140-3

Keywords

Article
Publication date: 30 November 2021

Bhaveer Bhana and Stephen Vincent Flowerday

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user…

Abstract

Purpose

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting or mistyping the password (usually because of character switching). The source of this issue is that while a password containing combinations of lowercase characters, uppercase characters, digits and special characters (LUDS) offers a reasonable level of security, it is complex to type and/or memorise, which prolongs the user authentication process. This results in much time being spent for no benefit (as perceived by users), as the user authentication process is merely a prerequisite for whatever a user intends to accomplish. This study aims to address this issue, passphrases that exclude the LUDS guidelines are proposed.

Design/methodology/approach

To discover constructs that create security and to investigate usability concerns relating to the memory and typing issues concerning passphrases, this study was guided by three theories as follows: Shannon’s entropy theory was used to assess security, chunking theory to analyse memory issues and the keystroke level model to assess typing issues. These three constructs were then evaluated against passwords and passphrases to determine whether passphrases better address the security and usability issues related to text-based user authentication. A content analysis was performed to identify common password compositions currently used. A login assessment experiment was used to collect data on user authentication and user – system interaction with passwords and passphrases in line with the constructs that have an impact on user authentication issues related to security, memory and typing. User–system interaction data was collected from a purposeful sample size of 112 participants, logging in at least once a day for 10 days. An expert review, which comprised usability and security experts with specific years of industry and/or academic experience, was also used to validate results and conclusions. All the experts were given questions and content to ensure sufficient context was provided and relevant feedback was obtained. A pilot study involving 10 participants (experts in security and/or usability) was performed on the login assessment website and the content was given to the experts beforehand. Both the website and the expert review content was refined after feedback was received from the pilot study.

Findings

It was concluded that, overall, passphrases better support the user during the user authentication process in terms of security, memory issues and typing issues.

Originality/value

This research aims at promoting the use of a specific type of passphrase instead of complex passwords. Three core aspects need to be assessed in conjunction with each other (security, memorisation and typing) to determine whether user-friendly passphrases can support user authentication better than passwords.

Details

Information & Computer Security, vol. 30 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 10 March 2021

Manfred Vielberth, Ludwig Englbrecht and Günther Pernul

In the past, people were usually seen as the weakest link in the IT security chain. However, this view has changed in recent years and people are no longer seen only as a…

Abstract

Purpose

In the past, people were usually seen as the weakest link in the IT security chain. However, this view has changed in recent years and people are no longer seen only as a problem, but also as part of the solution. In research, this change is reflected in the fact that people are enabled to report security incidents that they have detected. During this reporting process, however, it is important to ensure that the reports are submitted with the highest possible data quality. This paper aims to provide a process-driven quality improvement approach for human-as-a-security-sensor information.

Design/methodology/approach

This work builds upon existing approaches for structured reporting of security incidents. In the first step, relevant data quality dimensions and influencing factors are defined. Based on this, an approach for quality improvement is proposed. To demonstrate the feasibility of the approach, it is prototypically implemented and evaluated using an exemplary use case.

Findings

In this paper, a process-driven approach is proposed, which allows improving the data quality by analyzing the similarity of incidents. It is shown that this approach is feasible and leads to better data quality with real-world data.

Originality/value

The originality of the approach lies in the fact that data quality is already improved during the reporting of an incident. In addition, approaches from other areas, such as recommender systems, are applied innovatively to the area of the human-as-a-security-sensor.

Details

Information & Computer Security, vol. 29 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 16 August 2021

Thanh-Thao Luong and Eunyoung Kim

As Vietnam needs to shift from physical to virtual classrooms owing to the coronavirus disease 2019 (COVID-19) pandemic, this study aims to propose and evaluate a…

Abstract

Purpose

As Vietnam needs to shift from physical to virtual classrooms owing to the coronavirus disease 2019 (COVID-19) pandemic, this study aims to propose and evaluate a constructivist training course designed to improve instructors’ self-confidence in conducting synchronous online teaching by helping them develop the skills required for such.

Design/methodology/approach

A total of 67 in-service instructors in various hospitality and tourism institutions in Vietnam participated in the proposed course. Constructivist approaches were adopted to design learning activities. Delivered via Blackboard Collaborate’s classroom version, the course aims at enhancing instructors’ self-confidence in the knowledge and skills required for synchronous online teaching: developing online presence, planning lessons, handling technology, adapting to learners’ preferences and classroom management. Using qualitative and quantitative analyses, this paper evaluated the proposed course by comparing participants’ levels of self-confidence in conducting synchronous online teaching before and after the training.

Findings

The results show that participants’ self-confidence was enhanced after the course. To improve the course, however, more time should be allotted for practice sessions where participants can pedagogically and technologically familiarize themselves with online teaching tools.

Originality/value

By translating constructivism into online pedagogy, this study provided empirical evidence of how a teachers’ training program was designed and implemented to meet the need to shift from real-life to real-time classrooms in Vietnam during the COVID-19 pandemic. It also contributes to the growing literature on methods of improving instructors’ readiness in synchronous online teaching.

Details

Interactive Technology and Smart Education, vol. 19 no. 3
Type: Research Article
ISSN: 1741-5659

Keywords

Article
Publication date: 25 June 2021

Christoph Wronka

This study aims to illustrate and determine how illegally obtained funds are laundered through online platforms and companies in different economic sectors in the digital age.

1156

Abstract

Purpose

This study aims to illustrate and determine how illegally obtained funds are laundered through online platforms and companies in different economic sectors in the digital age.

Design/methodology/approach

A qualitative analysis approach using purpose sampling methods, including 21 semi-structured interviews with prevention experts, compliance officers and convicted cybercriminals, resulted in the determination of concrete money-laundering methods involving the employment of online platforms provided by companies and institutions in different economic sectors.

Findings

The current study focuses on various companies in different economic segments that mitigate cyber laundering and the anti-money laundering measures that can be adopted. Therefore, this paper provides a detailed discussion and analysis on how money launderers avoid being detected. Both preventive and criminal perspectives are taken into consideration.

Originality/value

By identifying the gaps in the current anti-money-laundering mechanisms, it will provide compliance officers, legislators and law enforcement agencies with an in-depth insight into how cyber laundering operates in various economic sectors.

Details

Journal of Money Laundering Control, vol. 25 no. 2
Type: Research Article
ISSN: 1368-5201

Keywords

1 – 10 of 37