Business Commons^™

Cybersecurity Using Risk Management Strategies Of U.S. Government Health Organizations, Ian Cornelius Wilkinson

Walden Dissertations and Doctoral Studies

Seismic data loss attributed to cybersecurity attacks has been an epidemic-level threat currently plaguing the U.S. healthcare system. Addressing cyber attacks is important to information technology (IT) security managers to minimize organizational risks and effectively safeguard data from associated security breaches. Grounded in the protection motivation theory, the purpose of this qualitative multiple case study was to explore risk-based strategies used by IT security managers to safeguard data effectively. Data were derived from interviews of eight IT security managers of four U.S. government health institutions and a review of relevant organizational documentation. The research data were coded and organized to …

Supply Chain Managers' Reverse Logistics Strategies To Control Cost Through Risk Mitigation, Lawrence A. Reeves

Walden Dissertations and Doctoral Studies

Supply chain managers in the food and beverage industry face significant challenges regarding the use of effective reverse logistics strategies to reduce supply chain disruptions, control risk, and reduce costs. Through the lens of resource dependence theory, the purpose of this multiple case study was to explore reverse logistics strategies used by supply chain managers in the United States to control cost through risk mitigation. Participants in this study included 5 supply chain managers in the food and beverage distribution industry in the state of Georgia who implemented successful reverse logistics strategies to control cost through risk mitigation. Data were …

Enterprise Risk Management Strategies For Organizational Sustainability, Kaleb Matthew Wyma

Walden Dissertations and Doctoral Studies

The purpose of this single case study was to explore enterprise risk management strategies that nonprofit business leaders used to maintain and improve organizational sustainability. The study population included 3 executive leaders from a rehabilitation and social services nonprofit agency located in the northeastern United States. The Committee of Sponsoring Organizations integrated enterprise risk management framework was the conceptual lens used in this study. Data were collected through semistructured interviews with the 3 executive leaders of the client organization and review of internal, external, and publicly available documents. Data and information from documents and interviews were manually coded. Findings were …

Statistical Methods On Risk Management Of Extreme Events, Zijing Zhang

Doctoral Dissertations

The goal of the dissertation is the investigation of financial risk analysis methodologies, using the schemes for extreme value modeling as well as techniques from copula modeling. Extreme value theory is concerned with probabilistic and statistical questions re- lated to unusual behavior or rare events. The subject has a rich mathematical theory and also a long tradition of applications in a variety of areas. We are interested in its application in risk management, with a focus on estimating and forcasting the Value-at-Risk of financial time series data. Extremal data are inherently scarce, thus making inference challenging. In order to obtain …

Relationship Between Corporate Governance And Information Security Governance Effectiveness In United States Corporations, Robert Elliot Davis

Walden Dissertations and Doctoral Studies

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data from 95 strategic and tactical leaders of the 500 …

Testimony Before The House Committee On National Security And The House Committee On Oversight And Government Reform, George H. Baker Iii

George H Baker

The Commission to Assess the threat to the United States from Electromagnetic Pulse, on which I served as principal staff, made a compelling case for protecting critical infrastructure against the nuclear electromagnetic pulse (EMP) and geomagnetic disturbances (GMD) caused by severe solar storms. Their 2008 Critical Infrastructure Report explains EMP effects, consequences, and protection means for critical infrastructure sectors. EMP and GMD are particularly challenging in that they interfere with electrical power and electronic data, control, transmission, and communication systems organic to nearly all critical infrastructures. The affected geography may be continental in scale. EMP and GMD events thus represent …

Applying The Analytic Hierarchy Process To Oil Sands Environmental Compliance Risk Management, Izak Johannes Roux

Walden Dissertations and Doctoral Studies

Oil companies in Alberta, Canada, invested $32 billion on new oil sands projects in 2013. Despite the size of this investment, there is a demonstrable deficiency in the uniformity and understanding of environmental legislation requirements that manifest into increased project compliance risks. This descriptive study developed 2 prioritized lists of environmental regulatory compliance risks and mitigation strategies and used multi-criteria decision theory for its theoretical framework. Information from compiled lists of environmental compliance risks and mitigation strategies was used to generate a specialized pairwise survey, which was piloted by 5 subject matter experts (SMEs). The survey was validated by a …

Valuation Of Benchmark Provisions On It Services Contracts, Robert J. Kauffman, Ryan Sougstad

Research Collection School Of Computing and Information Systems

Information technology (IT) services are often subject to downward price pressures due to improvements in technology and business processes in a competitive market. When clients enter into IT services contracts, they are faced with the future risk that their services will be overpriced relative to the broader IT services market. To mitigate this risk, clients often add benchmark provisions, whereby a neutral third party assesses the prevailing market price for services. It will support fair price adjustments if the market prices are lower than the current prices. We model the decision to benchmark in order to provide managerial information on …

Emp And Geomagnetic Storm Protection Of Critical Infrastructure, George H. Baker Iii

George H Baker

EMP and solar storm wide geographic coverage and ubiquitous system effects beg the question of “Where to begin?” with protection efforts. Thus, in addressing these “wide area electromagnetic (EM) effects,” we must be clever in deciding where to invest limited resources. Based on simple risk analysis, the electric power and communication infrastructures emerge as the highest priority for EM protection. Programs focused on these highest risk infrastructures will go a long way in lessoning societal impact. Given the national scope of the effects, such programs must be coordinated at the national level but implemented at local level. Because wide-area EM …

Risk-Based Critical Infrastructure Priorities For Emp And Solar Storms, George H. Baker Iii

George H Baker

Two electromagnetic phenomena have the potential to create continental-scale disasters. The first, nuclear electromagnetic pulse (EMP), results from a nuclear detonation high above the tropopause. The second, a major solar storm, or "solar tsunami" occurs naturally when an intense wave of charged particles from the sun perturbs the earth's magnetic field. Both phenomena can debilitate electrical and electronic systems necessary for the operation of infrastructure systems and services. One reason why a U.S. protection program has yet to be initiated is that policy makers continue to wrestle with the question of where to begin, given the Department of Homeland Security’s …

Risk-Based Critical Infrastructure Protection Priorities For Emp And Solar Storms, George H. Baker Iii

George H Baker

The Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack has provided a compelling case for protecting civilian infrastructure against the effects of EMP. As with protecting infrastructure against any hazard, it will be important to take a risk-based priority approach for EMP, recognizing that it is fiscally impracticable to protect everything. In this regard, EMP is particularly challenging in that it interferes with electrical and electronic data, control, transmission, and communication systems organic to nearly all infrastructures in a simultaneous and wide-scale manner. And, for nuclear burst altitudes of 100s of kilometers, the exposed geography …

Proceedings Of The 2009 Nrc Federal Facilities Council/James Madison University Symposium On Protecting Large Facility Complexes;, George H. Baker, Cheryl E. Wilkins

George H Baker

Large, complex facilities pose unique protection challenges involving multidisciplinary expertise and collaboration among government, academia, and the private sector. The symposium served as a forum for sharing experiences in dealing with large facility catastrophic events and risk management. The symposium was organized based on the value of interaction among different people representing diverse disciplines. In many instances, such interactions lead to solutions that would not have been developed within disciplinary stovepipes. The venue was divided into three panels addressing physical security, cyber security, and real facility case studies. We were also privileged to have three keynote speakers including Dr. Charles …

Homeland Security: Fostering Public-Private Partnerships, George H. Baker, Cheryl J. Elliott

George H Baker

Recent U.S. high consequence events have clarified the importance of government collaboration with industry. The benefit of such collaboration was one of the most important lessons learned from Hurricane Katrina. The resources owned and controlled by American industry dwarf those available to local, state and even the federal government departments. Better agreements and incentives to bring the full capabilities of industry squarely into the national response agenda will be indispensable in effectively responding to large-scale catastrophes. At our 2007 Symposium, General Russel Honoré, who led the National Guard response to Katrina stated, “We need the partnering between local, state, and …

Cascading Infrastructure Failures: Avoidance And Response, George H. Baker, Cheryl J. Elliott

George H Baker

No critical infrastructure is self-sufficient. The complexity inherent in the interdependent nature of infrastructure systems complicates planning and preparedness for system failures. Recent wide-scale disruption of infrastructure on the Gulf Coast due to weather, and in the Northeast due to electric power network failures, dramatically illustrate the problems associated with mitigating cascading effects and responding to cascading infrastructure failures once they have occurred.

The major challenge associated with preparedness for cascading failures is that they transcend system, corporate, and political boundaries and necessitate coordination among multiple, disparate experts and authorities. This symposium brought together concerned communities including government and industry …

Mil-Std-188-125-2, High-Altitude Emp Protection For Transportable Systems

George H Baker

This standard establishes minimum requirements and design objectives for high-altitude electromagnetic pulse (HEMP) hardening of transportable1 ground-based systems that perform critical, time-urgent command, control, communications, computer, and intelligence (C4I) missions. Systems required to fully comply with the provisions of the standard will be designated by the Joint Chiefs of Staff, a Military Department Headquarters, or a Major Command.

The standard prescribes minimum performance requirements for low-risk protection from mission-aborting damage or upset due to HEMP threat environments. The standard also addresses minimum testing requirements for demonstrating that prescribed performance has been achieved and for verifying that the installed protection measures …