Search results

To summarize and comment on FINRA’s report on cybersecurity practices, published on February 4, 2015, which arose from its 2014 targeted examination of firms’ cybersecurity preparedness.

Explains the implications of the FINRA report and general guidance FINRA provides and expects all firms to consider in connection with developing their respective cybersecurity programs in eight areas: governance and risk management for cybersecurity; cybersecurity risk assessment; technical controls; incident response planning; vendor management; staff training; cyber intelligence and information sharing; and cyber insurance.

There is no doubt that cybersecurity is a key risk facing the financial services industry now. Accordingly, FINRA expects that firms will review the report and assess how the principles and effective practices provided therein could help build or improve cybersecurity readiness. The report reflects FINRA’s risk-management-based approach to cybersecurity issues, identifying principles and “effective practices” for member firms to consider, as opposed to decreeing specific requirements, policies or procedures.

Expert guidance from experienced securities lawyers.

To discuss the new guidance on public companies’ disclosure obligations regarding cybersecurity risks and incidents, which was recently unanimously approved by the Securities and Exchange Commission (SEC).

Outlines the general disclose requirements and the materiality standard set forth by the SEC, explains specific guidance on public company cybersecurity disclosure, and discusses cybersecurity risk management and insider trading policies.

In addition to clarifying the disclosure requirements with respect to cybersecurity issues, the article discusses two additional areas of concern identified by the New Guidance that public companies should consider in the context of cybersecurity and related disclosure. First, public companies must design and maintain policies and procedures to help manage cybersecurity risks and respond to incidents as they occur. Second, public companies should consider adopting insider trading policies that specifically prohibit management and other corporate insiders from trading on the basis of material non-public information regarding a cybersecurity risk or incident.

Practical analysis of the guidance on disclosure obligations regarding cybersecurity risks and incidents, including discussion surrounding two aspects of cybersecurity not previously addressed in prior SEC staff guidance on the topic.

The purpose of this paper is to define cybersecurity and cybersecurity governance in simplified terms – to explain to the boards of directors and executive management their responsibilities and accountabilities in this regard.

The primary research methodology utilized in this paper is desk research. A literature study is followed by some discussion in terms of the contribution made.

Clearly define the relationship between cybersecurity and information security, especially from a governance perspective.

The paper is based predominantly on an ISO standard.

The simplification of terminology to be used in the governance of cybersecurity, together with assistance to the guiding of boards of directors regarding their duties and responsibilities as far as cybersecurity is concerned.

The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the banking industry.

Systematic literature review guidelines were used to conduct a quantitative synthesis of empirical evidence regarding the impact of cybersecurity threats and risks on the adoption of digital banking.

A total of 84 studies were initially examined, and after applying the selection and eligibility criteria for this systematic review, 58 studies were included. These selected articles consistently identified identity theft, malware attacks, phishing and vishing as significant cybersecurity threats that hinder the adoption of digital banking.

With the country’s banking sector being new in this area, this study contributes to the scant literature on cyber security, which is mostly in need due to the myriad breaches that the industry has already suffered thus far.

Cybersecurity competitions can effectively develop skills, but engaging a wide learner spectrum is challenging. This study aims to investigate the perceptions of cybersecurity competitions among Reddit users. These users constitute a substantial demographic of young individuals, often participating in communities oriented towards college students or cybersecurity enthusiasts. The authors specifically focus on novice learners who showed an interest in cybersecurity but have not participated in competitions. By understanding their views and concerns, the authors aim to devise strategies to encourage their continuous involvement in cybersecurity learning. The Reddit platform provides unique access to this significant demographic, contributing to enhancing and diversifying the cybersecurity workforce.

The authors propose to mine Reddit posts for information about learners’ attitudes, interests and experiences with cybersecurity competitions. To mine Reddit posts, the authors developed a text mining approach that integrates computational text mining and qualitative content analysis techniques, and the authors discussed the advantages of the integrated approach.

The authors' text mining approach was successful in extracting the major themes from the collected posts. The authors found that motivated learners would want to form a strategic way to facilitate their learning. In addition, hope and fear collide, which exposes the learners’ interests and challenges.

The authors discussed the findings to provide education and training experts with a thorough understanding of novice learners, allowing them to engage them in the cybersecurity industry.

This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity practices within organizations for cybersecurity risk management through a systematic literature review (SLR) approach.

This SLR adhered to RepOrting Standards for Systematics Evidence Syntheses (ROSES) publication standards and used various research approaches. The study’s article selection process involved using Scopus, one of the most important scientific databases, to review articles published between 2014 and 2023.

This review identified the four main themes: individual factors, organizational factors, technological factors and governmental role. In addition, nine subthemes that relate to these primary topics were established.

This research sheds light on the multifaceted nature of cybersecurity by exploring factors influencing implementation and developing an improvement framework, offering valuable insights for researchers to advance theoretical developments, assisting industry practitioners in tailoring cybersecurity strategies to their needs and providing policymakers with a basis for creating more effective cybersecurity regulations and standards.

The Kingdom of Saudi Arabia (KSA) is embracing digital transformation and e-government services, aiming to improve efficiency, accessibility and citizen-centricity. Nonetheless, the country faces challenges such as evolving cyber threats. The purpose of this study is to investigate the factors influencing cybersecurity practices to ensure the reliability and security of e-government services.

This paper investigates the multifaceted dynamics of cybersecurity practices and their impact on the quality and effectiveness of e-government services. Five key factors explored include organizational culture, technology infrastructure, adherence to standards and regulations, employee training and awareness and financial investment in cybersecurity. This study used a quantitative method to gather data from 320 participants. The researcher collected 285 completed questionnaires, excluding unusable or incomplete responses, and analyzed the final data set using partial least squares structural equation modeling.

The findings show that financial investment in cybersecurity, employee training and awareness and adherence to cybersecurity regulations significantly influence the adoption of robust cybersecurity practices. However, the relationship between organizational culture and cybersecurity practices is less straightforward. The research establishes a strong positive correlation between cybersecurity practices and e-government service quality, highlighting the role of security in fostering public trust and user satisfaction and meeting the evolving needs of citizens and businesses.

This research contributes valuable empirical evidence to the fields of e-government and cybersecurity, offering insights that can inform evidence-based policy decisions and resource allocation. By understanding the nuanced dynamics at play, Saudi Arabia is better poised to fortify its digital governance infrastructure and provide secure, high-quality e-government services to its constituents.

In response to the growing interest in Internet of Things (IoT) technology and its profound implications for businesses and individuals, this bibliometric study focuses on a critical yet understudied aspect, i.e. cybersecurity. As IoT adoption grows, so do concerns regarding user privacy and data security. This study aims to provide a comprehensive understanding of the current research in this vital area, shedding light on research trends, gaps and emerging themes.

The study conducted a bibliometric analysis and systematic review of literature spanning over two decades (2013–2023). Bibliometric analysis is conducted using Biblioshiny which is R-software-based advanced analytical tool. Further, VOSviewer is used to conduct network analysis. The study highlights the evolving landscape of IoT cybersecurity, emphasizing interdisciplinary intersections and the ethical dimensions of IoT technologies.

The study uncovers crucial concerns related to IoT adoption, emphasizing the urgent need for comprehensive cybersecurity protocols. It identifies emerging themes such as artificial intelligence and blockchain integration, indicating a shift toward interdisciplinary solutions. Furthermore, the research highlights ethical gaps in current IoT discussions, emphasizing the importance of responsible innovation.

Businesses can bolster their cybersecurity strategies, policymakers can craft informed regulations and researchers are encouraged to explore IoT’s ethical dimensions.

This study pioneers a nuanced analysis of IoT cybersecurity, filling a crucial gap in the existing business and management literature. By synthesizing a decade of scholarly work, it provides foundational insights for researchers, businesses and policymakers. The research not only informs academic discourse but also offers practical guidance for enhancing IoT security measures and fostering ethical innovation.

With recent increases in cybersecurity incidents, it is imperative to supplement current accounting curriculum, equip accounting graduates with sufficient knowledge and skills to assess cybersecurity risk, and learn about controls to mitigate such risks. In this chapter, the authors describe 10 teaching modules, supported by 10 professionally produced video series. The authors developed these videos for educating students on cybersecurity and the videos are available free to instructors from other institutions who wish to use them. The videos are filled with insights and advice from our two experts – one a former hacker and the other an experienced cybersecurity professional. This dialogue between two different sides provides a rich discussion that leads to answering many questions that people often have about cybersecurity. Further, in Exhibit 1, this chapter offers a framework for characterizing and analyzing some recent publicized data-breach cases, which can supplement discussion on cybersecurity modules. Instructors can add more cases to this source overtime. Finally, the authors share the analysis of feedback from students who went through the series. The results suggest that the students show interest in the topic, and videos helped them better understand the complexity of cybersecurity risk and controls.

Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a constant stream of cyberattacks through varied methods by actors with myriad motivations. These threats are not expected to diminish in the near future. As a result, homeland security and national security professionals at all levels of government must understand the unique motivations and capabilities of malicious cyber actors in order to better protect against and respond to cyberattacks. This chapter outlines the most common cyberattacks; explains the motivations behind these attacks; and describes the federal, state, and local efforts to address these threats.