Search results

1 – 4 of 4
Open Access
Article
Publication date: 30 December 2022

Durga Prasad Dube and Rajendra Prasad Mohanty

As evident from the literature review, the research on cyber security performance is centered on security metrics, maturity models, etc. Essentially, all these are helpful for…

1527

Abstract

Purpose

As evident from the literature review, the research on cyber security performance is centered on security metrics, maturity models, etc. Essentially, all these are helpful for evaluating the efficiency of cyber security organization but what matters is how the factors of internal efficiency affect the business performance, i.e. the external effectiveness. The purpose of this research paper is to derive the factors of internal efficiency and external effectiveness of cyber security and develop impact model to identify the most and least preferred parameters of internal efficiency with respect to all the parameters of external effectiveness.

Design/methodology/approach

There are two objectives for this research: Deriving the factors of internal efficiency and external effectiveness of cyber security; Developing a model to identify the impact of internal efficiency factors on the external effectiveness of cyber security since there is not much evidence of research in defining the factors of internal efficiency and external effectiveness of cyber security, the authors have chosen grounded theory methodology (GTM) to derive the parameters. In this study emic approach of GTM is followed and an algorithm is developed for administering the grounded theory research process. For the second research objective survey methodology and rank order was used to formulate the impact model. Two different samples and questionnaires were designed for each of the objectives.

Findings

For the objective 1, 11 factors of efficiency and 10 factors of effectiveness were derived. These are used as independent and dependent variable respectively in the later part of the research for the second objective. For the objective 2 the impact models among independent and dependent variables were formulated to find out the following. Most and least preferred parameters lead to internal efficiency of cyber security organization to identify the most and least preferred parameters of internal efficiency with respect to all the parameters external effectiveness.

Research limitations/implications

The factors of internal efficiency and external effectiveness constructed by using grounded theory cannot remain constant in the long run, because of dynamism of the domain itself. Over and above this, there are inherent limitations of the tools like grounded theory, used in the research. Few important limitations of GTM are as below in grounded theory, it is comparatively difficult to maintain and demonstrate the rigors of research discipline. The sheer volume of data makes the analysis and interpretation complex, and lengthy time consuming. The researchers’ presence during data gathering, which is often unavoidable and desirable too in qualitative research, may affect the subjects’ responses. The subjectivity of the data leads to difficulties in establishing reliability and validity of approaches and information. It is difficult to detect or to prevent researcher-induced bias.

Practical implications

The internal efficiency and external effectiveness factors of cyber security can be further correlated by the future researchers to understand the correlations among all the factors and predict cyber security performance. The grounded theory algorithm developed by us can be further used for qualitative research for deriving theory through abstractions in the areas where there is no sufficient availability of data. Practitioners of cyber security can use this research to focus on relevant areas depending on their respective business objective/requirements. The models developed by us can be used by the future researchers to for various sectoral validations and correlations.

Social implications

Though the financial costs of a cyber-attack are steep, the social impact of cyber security failures is less readily apparent but can cause lasting damage to customers, employees and the company. Therefore, it is always important to be mindful of how the impact of cyber security affects society as well as the bottom line when they are calculating the potential impact of a breach. Underestimating either impact can destroy a brand. The factor of internal efficiency and external effectiveness derived by us will help stakeholder in focusing on relevant area depending on their business. The impact model developed in this research is very useful for focusing a particular business requirement and accordingly tune the efficiency factor.

Originality/value

During literature study the authors did not find any evidence of application of grounded theory approach in cyber security research. While the authors were exploring research literature to find out some insight into the factor of internal efficiency and external effectiveness of cyber security, the authors did not find concrete and objective research on this. This motivated us to use grounded theory to derive these factors. This, in the authors’ opinion is one of the pioneering and unique contribution to the research as to the authors’ knowledge no researchers have ever tried to use this methodology for the stated purpose and cyber security domain in general. In this process the authors have also developed an algorithm for administering GTM. Further developing impact models using factors of internal efficiency and external effectiveness has lots of managerial and practical implication.

Details

Organizational Cybersecurity Journal: Practice, Process and People, vol. 3 no. 1
Type: Research Article
ISSN: 2635-0270

Keywords

Open Access
Article
Publication date: 20 June 2019

Per Håkon Meland, Karin Bernsmed, Christian Frøystad, Jingyue Li and Guttorm Sindre

Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing…

4254

Abstract

Purpose

Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing digitalisation and coupling between the cyber and physical world, security has become an additional concern in these industries. The purpose of this paper is to evaluate how well bow-tie analysis performs in the context of security, and the study’s hypothesis is that the bow-tie notation has a suitable expressiveness for security and safety.

Design/methodology/approach

This study uses a formal, controlled quasi-experiment on two sample populations – security experts and security graduate students – working on the same case. As a basis for comparison, the authors used a similar experiment with misuse case analysis, a well-known technique for graphical security modelling.

Findings

The results show that the collective group of graduate students, inexperienced in security modelling, perform similarly as security experts in a well-defined scope and familiar target system/situation. The students showed great creativity, covering most of the same threats and consequences as the experts identified and discovering additional ones. One notable difference was that these naïve professionals tend to focus on preventive barriers, leading to requirements for risk mitigation or avoidance, while experienced professionals seem to balance this more with reactive barriers and requirements for incident management.

Originality/value

Our results are useful in areas where we need to evaluate safety and security concerns together, especially for domains that have experience in health, safety and environmental hazards, but now need to expand this with cybersecurity as well.

Details

Information & Computer Security, vol. 27 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Open Access
Article
Publication date: 15 July 2022

Burcu Taskan, Ana Junça-Silva and António Caetano

Over the past few decades, the environment for organisations has been frequently described using the acronym VUCA: a volatile, uncertain, complex and ambiguous environment. In…

10623

Abstract

Purpose

Over the past few decades, the environment for organisations has been frequently described using the acronym VUCA: a volatile, uncertain, complex and ambiguous environment. In spite of the popularity of this acronym, it is not unusual to find some overlap concerning the meaning of those terms, as well as poor definitions of each in the literature. Consequently, the main purpose of this paper was to conduct a systematic literature review to obtain a conceptual map of the components of VUCA and their relationships and to highlight some avenues for future research.

Design/methodology/approach

The authors conducted a systematic review of various databases between 1999 and 2021. A total of 833 papers were identified and 26 of them met the inclusion criteria for the current study.

Findings

The subsequent analysis revealed several overlaps and relationships between the four terms. Based on this analysis, the authors propose a conceptual map that could serve as a basis for future research and practice.

Research limitations/implications

Because of the exploratory nature of the study and the scarce number of empirical studies, the impact that the use of the VUCA framework has had on businesses could not be addressed.

Originality/value

By clarifying the different components of VUCA and specifying the relationships between them with a comprehensive conceptual map, this paper may contribute to more rigorous empirical research, as well as help managers and executives more effectively deal with turbulent environments.

Details

International Journal of Organizational Analysis, vol. 30 no. 7
Type: Research Article
ISSN: 1934-8835

Keywords

Open Access
Article
Publication date: 14 August 2021

Tomasz Kusio

According to the growing role of stakeholders in the implementation of public-private partnership (PPP) initiatives, the purpose of this study is to diagnose the maturity of PPPs…

1342

Abstract

Purpose

According to the growing role of stakeholders in the implementation of public-private partnership (PPP) initiatives, the purpose of this study is to diagnose the maturity of PPPs in Poland, taking into account the range of stakeholders’ participation in public-private initiatives.

Design/methodology/approach

The introductory study on the stakeholders of PPPs has been based on the report analysis of Polish initiatives and the case studies’ comparative analysis. The cases represent touristic projects realized within PPPs.

Findings

The results of the study indicate that the PPPs’ personal context, though recognized internationally, is to a very low extent present in the Polish case. As the PPP market is still in the process of development, the stakeholders’ issue should be taken into consideration in the processes of the PPP development in Poland.

Practical implications

As regional development is continuously a key issue, especially in rural areas context, the PPP initiatives are of great importance, and therefore the discussion of pros and cons in this context may contribute to the legislation at the regional level.

Originality/value

The study sheds some light and gives some interesting perspectives on the issue of the personal context of PPPs and social capital. Also, the text describes the path of developing PPPs in Poland and especially the touristic projects. The research part presents the original case study comparative analysis based on table-oriented form and as such enables the new way of contextual analysis.

Details

International Journal of Organizational Analysis, vol. 29 no. 6
Type: Research Article
ISSN: 1934-8835

Keywords

Access

Only Open Access

Year

Content type

1 – 4 of 4