Search results

To explain the requirements of Regulation Systems Compliance and Integrity (“Regulation SCI”) and the new responsibilities of organizations defined as “SCI entities.”

Explains the purpose of Regulation SCI, the responsibilities of SCI entities, systems covered by the rules (“SCI systems”), and specific obligations of SCI entities, including the establishment and periodic review of policies and procedures, compliance with the Exchange Act, designation of “responsible SCI personnel,” appropriate corrective action in response to “SCI events,” notification of systems changes, annual “SCI reviews,” business continuity and disaster recovery testing, and recordkeeping and filing. Discusses future implications for SCI Entities and other market participants.

Regulation SCI launches a broad and extensive overlay of rules and guidance to address systems capacity and integrity issues that have increasingly affected the securities markets. The adoption of this regulation suggests that there will continue to be increased scrutiny by the SEC, FINRA and other regulators of the automated systems and related policies and procedures of all market participants.

SCI entities will need to devote considerable attention and resources not just to prevent incidents where possible, but also to establish systems for ensuring thorough compliance and well-documented and reasonable follow-up actions where necessary. All market professionals – including broker-dealers, investment advisers, pension funds and investment companies – should study the new regulation and consider adopting appropriate policies and procedures to address operating as well as cyber security issues with respect to their own critical operating technology.

Practical guidance from experienced financial services lawyers.

The current complex halal food supply chain (SC) has caused food scandals, which have illustrated the weakness of multiple food quality standards and certification and audits in ensuring food safety. Drawn on the resource-based view (RBV) theory, the purpose of this study is to explore the impacts of SC integration (SCI) on halal food SC integrity and, consequently, food quality.

Empirical data were collected from 275 halal-certified food companies in Malaysia and analysed using structural equation modelling – SmartPLS3.0.

The results confirmed that SCI, including internal, supplier and customer integrations, has significant effects on the dimensions of the halal food SC integrity which, in turn, lead to halal food safety and quality.

The importance of SCI in halal food SC is highlighted in this study. The impact of SCI is contexted in halal food SC integrity and food quality. Therefore, it provides a clear understanding to managers of SC applicability in the halal food industry.

Based on the RBV theory, this study contributes to the limited body of research of the relationships among SCI from the context of the halal industry with a specific focus on food supply chain integrity and food quality.

Aim of the present monograph is the economic analysis of the role of MNEs regarding globalisation and digital economy and in parallel there is a reference and examination of some legal aspects concerning MNEs, cyberspace and e‐commerce as the means of expression of the digital economy. The whole effort of the author is focused on the examination of various aspects of MNEs and their impact upon globalisation and vice versa and how and if we are moving towards a global digital economy.

This paper aims to examine how interfirm transactional and relational assets drive firm performance (FP) in digitally integrated supply chains.

The authors combine the Transaction Cost Economics (TCE) and Relational Exchange Theory (RET) frameworks to hypothesize that FP will be a function of Asset Specificity (AS), Digital Technology Usage (DTU) and Collaborative Information Sharing (CIS). In addition, the authors hypothesize that Supply Chain Integration (SCI) will partially mediate the effect of DTU and fully mediate the impact of AS and CIS on FP. A cross-sectional survey of supply chain managers is used to test the hypotheses.

Findings indicate that specific investments in digitally integrated supply chains would increase FP. In addition, SCI fully mediates the relationships between AS and FP and CIS and FP, while SCI partially mediates the influence of DTU on FP.

Managers could strategically engage in the technologies that effectively fit within the firm’s supply chain strategies and seek to develop a pragmatic expertise that enables the effective use of technology in a comprehensive setting.

The study enriches the extant literature by incorporating TCE and RET as contradictory viewpoints on AS and investigating how transactional and relational assets affect FP in digitally integrated supply chains.

Collaborative-based national cybersecurity incident management benefits from the huge size of incident information, large-scale information security devices and aggregation of security skills. However, no existing collaborative approach has been able to cater for multiple regulators, divergent incident views and incident reputation trust issues that national cybersecurity incident management presents. This paper aims to propose a collaborative approach to handle these issues cost-effectively.

A collaborative-based national cybersecurity incident management architecture based on ITU-T X.1056 security incident management framework is proposed. It is composed of the cooperative regulatory unit with cooperative and third-party management strategies and an execution unit, with incident handling and response strategies. Novel collaborative incident prioritization and mitigation planning models that are fit for incident handling in national cybersecurity incident management are proposed.

Use case depicting how the collaborative-based national cybersecurity incident management would function within a typical information and communication technology ecosystem is illustrated. The proposed collaborative approach is evaluated based on the performances of an experimental cyber-incident management system against two multistage attack scenarios. The results show that the proposed approach is more reliable compared to the existing ones based on descriptive statistics.

The approach produces better incident impact scores and rankings than standard tools. The approach reduces the total response costs by 8.33% and false positive rate by 97.20% for the first attack scenario, while it reduces the total response costs by 26.67% and false positive rate by 78.83% for the second attack scenario.

Nowadays, to operate securely and legally and to achieve business objectives, secure valuable assets and support uninterrupted business processes, all organizations need to match a lot of internal and external compliance regulations such as laws, standards, guidelines, policies, specifications and procedures. An integrated system able to manage information security (IS) for their intranets in the new cyberspace while processing tremendous amounts of IS-related data coming in various formats is required as never before. These data, after being collected and analyzed, should be evaluated in real-time from an IS incident viewpoint, to identify an incident’s source, consider its type, weigh its consequences, visualize its vector, associate all target systems, prioritize countermeasures and offer mitigation solutions with weighted impact relevance. Different security information and event management (SIEM) systems cope with this routine and usually complicated work by rapid detection of IS incidents and further appropriate response. Modern challenges dictate the need to build these systems using advanced technologies such as the blockchain (BC) technologies (BCTs). The purpose of this study is to design a new BC-based SIEM 3.0 system and propose a methodology for its evaluation.

Modern challenges dictate the need to build these systems using advanced technologies such as the BC technologies. Many internet resources argue that the BCT suits the intrusion detection objectives very well, but they do not mention how to implement it.

After a brief analysis of the BC concept and the evolution of SIEM systems, this paper presents the main ideas on designing the next-generation BC-based SIEM 3.0 systems, for the first time in open access publications, including a convolution method for solving the scalability issue for ever-growing BC size. This new approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future.

The most important area of the future work is to bring this proposed system to life. The implementation, deployment and testing onto a real-world network would also allow people to see its viability or show that a more sophisticated model should be worked out. After developing the design basics, we are ready to determine the directions of the most promising studies. What are the main criteria and principles, according to which the organization will select events from PEL for creating one BC block? What is the optimal number of nodes in the organization’s BC, depending on its network assets, services provided and the number of events that occur in its network? How to build and host the SIEM 3.0 BC infrastructure? How to arrange streaming analytics of block’s content containing events taking place in the network? How to design the BC middleware as software that enables staff to interact with BC blocks to provide services like IS events correlation? How to visualize the results obtained to find insights and patterns in historical BC data for better IS management? How to predict the emergence of IS events in the future? This list of questions can be continued indefinitely for a full-fledged design of SIEM 3.0.

This paper shows the full applicability of the BC concept to the creation of the next-generation SIEM 3.0 systems that are designed to detect IS incidents in a modern, fully interconnected organization’s network environment. The authors’ attempt to begin with a detailed description of the basics for a BC-based SIEM 3.0 system design is presented, as well as the evaluation methodology for the resulting product.

The authors believe that their new revolutionary approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future. They hope that this paper will evoke a lively response in this segment of the security controls market from both theorists and direct developers of living systems that will implement the above approach.

The chapter deliberates on research ethics and the unanticipated side effects that technological developments have brought in the past decades. It looks at data protection and privacy through the prism of ethics and focuses on the need for safeguarding the fundamental rights of the research participants in the new digital era. Acknowledging the benefits of data analytics for boosting scientific process, the chapter reflects on the main principles and specific research derogations, introduced by the EU General Data Protection Regulation. Further on, it discusses some of the most pressing ethics concerns, related to the use, reuse, and misuse of data; the distinction between publicly available and open data; ethics challenges in online recruitment of research participants; and the potential bias and representativeness problems of Big Data research. The chapter underscores that all challenges should be properly addressed at the outset of research design. Highlighting the power asymmetries between Big Data studies and individuals’ rights to data protection, human dignity, and respect for private and family life, the chapter argues that anonymization may be reasonable, yet not the ultimate ethics solution. It asserts that while anonymization techniques may protect individual data protection rights, the former may not be sufficient to prevent discrimination and stigmatization of entire groups of populations. Finally, the chapter suggests some approaches for ensuring ethics compliance in the digital era.

The general data protection regulation (GDPR) was designed to address privacy challenges posed by globalisation and rapid technological advancements; however, its implementation has also introduced new hurdles for companies. This study aims to analyse and synthesise the existing literature that focuses on challenges of GDPR implementation in business enterprises, while also outlining the directions for future research.

The methodology of this review follows the preferred reporting items for systematic reviews and meta-analysis guidelines. It uses an extensive search strategy across Scopus and Web of Science databases, rigorously applying inclusion and exclusion criteria, yielding a detailed analysis of 16 selected studies that concentrate on GDPR implementation challenges in business organisations.

The findings indicate a predominant use of conceptual study methodologies in prior research, often limited to specific countries and technology-driven sectors. There is also an inclination towards exploring GDPR challenges within small and medium enterprises, while larger enterprises remain comparatively unexplored. Additionally, further investigation is needed to understand the implications of emerging technologies on GDPR compliance.

This study’s limitations include reliance of the search strategy on two databases, potential exclusion of relevant research, limited existing literature on GDPR implementation challenges in business context and possible influence of diverse methodologies and contexts of previous studies on generalisability of the findings.

The originality of this review lies in its exclusive focus on analysing GDPR implementation challenges within the business context, coupled with a fresh categorisation of these challenges into technical, legal, organisational, and regulatory dimensions.