Search results

This purpose of this paper is to provide insight through analysis of the data collected from a pilot study, into the decision-making process used by organizations in cybersecurity investments. Leveraging the review of literature, this paper aims to explore the strategic decisions made by organizations when implementing cybersecurity controls, and identifies economic models and theories from the economics of information security, and information security investment decision-making process. Using a survey study method, this paper explores the feasibility for development of a strategic decision-making framework that may be used when evaluating and implementing cybersecurity measures.

A pilot study was conducted to evaluate the ways in which decisions are made as it relates to cybersecurity spending. The purpose of the pilot study was to determine the feasibility for developing a strategic framework to minimize cybersecurity risks. Phase 1 – Interview Study: The qualitative approach focused on seven participants who provided input to refine the survey study questionnaire. Phase 2 – Survey Study: The qualitative approach focused on information gathered through an online descriptive survey study using a five-point Likert scale.

The literature review identified that there is limited research in the area of information security decision making. One paper was identified within this area, focusing on the research completed by Dor and Elovici [22]. This exploratory research demonstrates that although organizations have actively implemented cybersecurity frameworks, there is a need to enhance the decision-making process to reduce the number and type of breaches, along with strengthening the cybersecurity framework to facilitate a preventative approach.

The partnership research design could be expanded to facilitate quantitative and qualitative techniques in parallel with equal weight, leveraging qualitative techniques, an interview study, case study and grounded theory. In-depth data collection and analysis can be completed to facilitate a broader data collection which will provide a representative sample and achieve saturation to ensure that adequate and quality data are collected to support the study. Quantitative analysis through statistical techniques (i.e. regression analysis) taking into account, the effectiveness of cybersecurity frameworks, and the effectiveness of decisions made by stakeholders on implementing cybersecurity measures.

This exploratory research demonstrates that organizations have actively implemented cybersecurity measure; however, there is a need to reduce the number and type of breaches, along with strengthening the cybersecurity framework to facilitate a preventative approach. In addition, factors that are used by an organization when investing in cybersecurity controls are heavily focused on compliance with government and industry regulations along with opportunity cost. Lastly, the decision-making process used when evaluating, implementing and investing in cybersecurity controls is weighted towards the technology organization and, therefore, may be biased based on competing priorities.

The outcome of this study provides greater insight into how an organization makes decisions when implementing cybersecurity controls. This exploratory research shows that most organizations are diligently implementing security measures to effectively monitor and detect cyber security attacks. The pilot study revealed that the importance given to the decisions made by the CIO and Head of the Business Line have similar priorities with regard to funding the investment cost, implementing information security measures and reviewing the risk appetite statement. This parallel decision-making process may potentially have an adverse impact on the decision to fund cybersecurity measures, especially in circumstances where the viewpoints are vastly different .

Cybersecurity spend is discussed across the literature, and various approaches, methodologies and models are used. The aim of this paper is to explore the strategic decision-making approach that is used by organizations when evaluating and implementing cybersecurity measures. Using a survey study method, this paper explores the feasibility for development of a strategic decision-making framework that may be used when evaluating and implementing cybersecurity measures.

Cybersecurity has received growing attention from academic researchers and industry practitioners as a strategy to accelerate performance gains and social sustainability. Meanwhile, firms are usually prone to cyber-risks that emanate from their supply chain partners especially third-party logistics providers (3PLs). Thus, it is crucial to implement cyber-risks management in 3PLs to achieve social sustainability in supply chains. However, these 3PLs are faced with critical difficulties which tend to hamper the consistent growth of cybersecurity. This paper aims to analyze these critical difficulties.

Data were sourced from 40 managers in Nigerian 3PLs with the aid of questionnaires. A novel quantitative methodology based on the synergetic combination of interval-valued neutrosophic analytic hierarchy process (IVN-AHP) and multi-objective optimization on the basis of a ratio analysis plus the full multiplicative form (MULTIMOORA) is applied. Sensitivity analysis and comparative analysis with other decision models were conducted.

Barriers were identified from published literature, finalized using experts’ inputs and classified under organizational, institutional and human (cultural values) dimensions. The results highlight the most critical dimension as human followed by organizational and institutional. Also, the results pinpointed indigenous beliefs (e.g. cyber-crime spiritualism), poor humane orientation, unavailable specific tools for managing cyber-risks and skilled workforce shortage as the most critical barriers that show the highest potential to elicit other barriers.

By illustrating the most significant barriers, this study will assist policy makers and industry practitioners in developing strategies in a coordinated and sequential manner to overcome these barriers and thus, achieve socially sustainable supply chains.

This research pioneers the use of IVN-AHP-MULTIMOORA to analyze cyber-risks management barriers in 3PLs for supply chain social sustainability in a developing nation.

Purpose: A cyber insurance policy’s purpose is to help in the recovering of a person or corporation following a cyber breach and to compensate for civil suit expenses stemming from first- and third-party responsibility claims.

Methodology: The usage of cybersecurity spending has forecast a variety of security categories using F&S projection methodology. Each of these is suited to the end-user organisations of in-scope security mechanisms, as well as the particular market circumstances. Critical national infrastructure (CNI), immigration control, big events, first responding, executive branch, infrastructure, and transportation security are among the worldwide forecast categories. This segmentation is further subdivided into 16 subsegments, each with its own security forecasting system. F&S protection marketplaces are anticipated using a bottom-up technique for each nation, which adds up to worldwide market penetration. This covers 177 nations spread throughout seven zones.

Findings: The cybersecurity insurer industry was valued at USD 7.36 billion in 2020 and is predicted to be worth USD 27.83 billion by 2026, growing at a compound annual growth rate (CAGR) of 24.30% during the forecast time frame (2021–2026). The expanding use of digitalisation innovations such as the cloud, big data, mobile computing, internet of things (IoT), and artificial intelligence (AI) across more lines of employment and society, as well as improved connectivity, have enhanced the burden of already overburdened information technology (IT) staff.

Practical implications: Accepted the innovative Insurance Data Security Model Law (#668), which necessitates insurance providers and other agencies registered by government insurance agencies to advance, integrate, and establish an information security management system; start investigating any cybersecurity events; and advise the private insurance superintendent of such happenings. Too far, the approach has been embraced by governorates.

It is difficult to argue against the fact that research has focussed on artificial intelligence (AI) and robotisation over the past few decades. Additionally, during the past several years, it has taken off and is now extensively used in numerous businesses across various industries. Most of the time, AI has been associated with some industrial sector process automation. Still, recently, the authors have noticed more positive technology uses, especially in the financial services industry. Due to several factors, the financial sector needs to adopt AI and recognise its potential. The industry has historically been concerned about unpredictability, legislation, stronger cybersecurity, technological limitations and disruption of established lucrative operations.

Never before has there been more discussion about AI due to the advantages it provides to businesses that are providing financial services. That may explain why this change is referred to as the fourth industrial revolution. Both positively and negatively, it is quite disruptive. The effectiveness, accuracy and cost-effectiveness of solutions greatly increase. However, immense power also entails great responsibility.

Precautions and security are more crucial than ever for businesses since the financial sector is changing significantly and quickly. The various benefits and drawbacks of this technology are yet unknown to humans. Although AI was first shown to us in the 1950s, it has recently gained new prominence as processing power, and the available quantity of data has increased dramatically.

The objective of this chapter is to identify the key characteristics of Global Services businesses that will thrive and achieve success in the future. These factors are integrated into three main pillars, which we refer to as the Triple-Win. The first and most obvious pillar is technology as a tool. The second pillar is the design and sustainability of the business model, without which the previous factor would be merely a cost and not an investment. And last but not the least, there is the purpose which gives meaning to the proposal, focusing on the human being and their environment. The DIDPAGA business model sits at the intersection of these three elements.

Internet has changed radically in the way people interact in the virtual world, in their careers or social relationships. IoT technology has added a new vision to this process by enabling connections between smart objects and humans, and also between smart objects themselves, which leads to anything, anytime, anywhere, and any media communications. IoT allows objects to physically see, hear, think, and perform tasks by making them talk to each other, share information and coordinate decisions. To enable the vision of IoT, it utilizes technologies such as ubiquitous computing, context awareness, RFID, WSN, embedded devices, CPS, communication technologies, and internet protocols. IoT is considered to be the future internet, which is significantly different from the Internet we use today. The purpose of this paper is to provide up-to-date literature on trends of IoT research which is driven by the need for convergence of several interdisciplinary technologies and new applications.

A comprehensive IoT literature review has been performed in this paper as a survey. The survey starts by providing an overview of IoT concepts, visions and evolutions. IoT architectures are also explored. Then, the most important components of IoT are discussed including a thorough discussion of IoT operating systems such as Tiny OS, Contiki OS, FreeRTOS, and RIOT. A review of IoT applications is also presented in this paper and finally, IoT challenges that can be recently encountered by researchers are introduced.

Studies of IoT literature and projects show the disproportionate importance of technology in IoT projects, which are often driven by technological interventions rather than innovation in the business model. There are a number of serious concerns about the dangers of IoT growth, particularly in the areas of privacy and security; hence, industry and government began addressing these concerns. At the end, what makes IoT exciting is that we do not yet know the exact use cases which would have the ability to significantly influence our lives.

This survey provides a comprehensive literature review on IoT techniques, operating systems and trends.

This study’s purpose is to analyze the international mobile marketing (IMK) in order to stage the importance of this tool in the internationalization of companies. Our understanding of mobile marketing is constantly evolving, due to its high business penetration in a world globalized by technologies.

A review of the relevant literature on IMK, companies and customers is undertaken to understand the link between them. The paper begins by explaining the coronavirus disease 2019 is accelerating the change of the rules of the game in traditional and online commerce around the world. Furthermore, this study uses secondary data from organisation for economic co-operation and development (OECD), Sensor Tower, mobile marketing association (MMA), App Annie, among others, to support research results.

The results have shown that IMK has opened a melting pot of opportunities for companies and consumers in this period of pandemic; the potential of this tool is being redefined, in order to identify, anticipate and satisfy customers requirement profitably and efficiently. This study aims to provide an assessment of new concept of IMK and how this tool has to be integrated into the firm’s digital marketing strategies.

The study contributes to make better future decisions in the international digital expansion of companies by company executives and marketing experts. This paper provides a comprehensive framework intended to guide research efforts focusing on digital marketing as well as to aid practitioners in their quest to achieve IMK success.

The purpose of this study is to propose to use the economic value added to measure firm performance against information security investments.

The authors develop a conceptual framework to capture non information technology (IT)-related and IT-related security investment factors and propose to study their holistic influences on firm performance.

The authors propose 14 propositions to understand the relationship between security investments and firm performance.

The authors propose a validation process to guide future research to further empirically capture all needed data and analyze the proposed relationships.

Managers can view security investment from a more comprehensive perspective and understand how to potentially contribute each of the non IT-related and IT-related factors to firm performance.

This is one of the early attempts studying information security investment vs firm performance from a comprehensive conceptual angel.

Introduction: Looking at the risks faced by enterprises in recent years, we see that the risks have shifted radically from traditional economic and financial risks to those posed by environmental and social factors. Developments in the field of activity of enterprises (climate change, the increasing relationship between the society and enterprises through shareholders and partners) have led to an increase in the number and diversity of risks faced by enterprises. It is only possible for enterprises to cope with these increasing risks by adopting a proactive and contemporary management approach. One of these contemporary management approaches that businesses should adopt is sustainability. Many researches have shown that the integration of sustainability into risk management has proved successful in risk management.

Purpose: Looking at previous literature, this study sets forth what financial (economic), environmental and social risks businesses may face today, explains with a few examples what measures companies can implement to eliminate these risks, and a future perspective is presented to companies. In addition, this study makes recommendations on how to successfully manage the risks that companies may face and emphasizes what the positive results of sustainable risk management can be (increasing the business value, ensuring sustainability and increasing the shareholder value). Mention was made about the fact that the ability of enterprises to successfully manage sustainability risks depends on their ability to prevent, identify, mitigate and manage risks, and it was emphasized that the environmental, social and governance risks must, to a large extent, be taken into account by many circles (regulators and customers), mainly investors. In addition, this study aims to identify and evaluate the current and possible future risks and to serve as a guide for actions to be taken to minimize risks or keep them at an optimum level.

Methodology: In this section, a compilation study on sustainability risk management (SRM) was done in the light of information obtained from various reports, scientific articles and books. In other words, in this section, information from various scientific sources on SRM was systematically collected, analyzed, interpreted and evaluated, and effort was made to present an up-to-date, extensive conceptual framework related to SRM. In addition, the scientific literature – especially in the historical development process of the last decade – on the debate of SRM was examined in this study, and the highest point reached in this debate today is revealed. Thus, the positioning of different views on the sustainability issue and the latest developments in the literature were also evaluated properly.

Findings: As a result of the examination of the scientific literature on SRM in the last decade, it has been determined that SRM has led to many other favorable outcomes, from the sustainability of the enterprise to gaining competitive advantage, increasing its goodwill, reputation and efficiency.

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting or mistyping the password (usually because of character switching). The source of this issue is that while a password containing combinations of lowercase characters, uppercase characters, digits and special characters (LUDS) offers a reasonable level of security, it is complex to type and/or memorise, which prolongs the user authentication process. This results in much time being spent for no benefit (as perceived by users), as the user authentication process is merely a prerequisite for whatever a user intends to accomplish. This study aims to address this issue, passphrases that exclude the LUDS guidelines are proposed.

To discover constructs that create security and to investigate usability concerns relating to the memory and typing issues concerning passphrases, this study was guided by three theories as follows: Shannon’s entropy theory was used to assess security, chunking theory to analyse memory issues and the keystroke level model to assess typing issues. These three constructs were then evaluated against passwords and passphrases to determine whether passphrases better address the security and usability issues related to text-based user authentication. A content analysis was performed to identify common password compositions currently used. A login assessment experiment was used to collect data on user authentication and user – system interaction with passwords and passphrases in line with the constructs that have an impact on user authentication issues related to security, memory and typing. User–system interaction data was collected from a purposeful sample size of 112 participants, logging in at least once a day for 10 days. An expert review, which comprised usability and security experts with specific years of industry and/or academic experience, was also used to validate results and conclusions. All the experts were given questions and content to ensure sufficient context was provided and relevant feedback was obtained. A pilot study involving 10 participants (experts in security and/or usability) was performed on the login assessment website and the content was given to the experts beforehand. Both the website and the expert review content was refined after feedback was received from the pilot study.

It was concluded that, overall, passphrases better support the user during the user authentication process in terms of security, memory issues and typing issues.

This research aims at promoting the use of a specific type of passphrase instead of complex passwords. Three core aspects need to be assessed in conjunction with each other (security, memorisation and typing) to determine whether user-friendly passphrases can support user authentication better than passwords.