Physical Sciences and Mathematics Commons^™

Cybersecurity Using Risk Management Strategies Of U.S. Government Health Organizations, Ian Cornelius Wilkinson

Walden Dissertations and Doctoral Studies

Seismic data loss attributed to cybersecurity attacks has been an epidemic-level threat currently plaguing the U.S. healthcare system. Addressing cyber attacks is important to information technology (IT) security managers to minimize organizational risks and effectively safeguard data from associated security breaches. Grounded in the protection motivation theory, the purpose of this qualitative multiple case study was to explore risk-based strategies used by IT security managers to safeguard data effectively. Data were derived from interviews of eight IT security managers of four U.S. government health institutions and a review of relevant organizational documentation. The research data were coded and organized to …

Recommended Corrective Security Measures To Address The Weaknesses Identified Within The Shapash Nuclear Research Institute, Khadija Moussaid, Oum Keltoum Hakam

International Journal of Nuclear Security

The Shapash Nuclear Research Institute (SNRI) data book was issued by the International Atomic Energy Agency (IAEA) in 2013. The hypothetical facility data book describes the hypothetical site, which is divided into two areas: the low-security area, known as the administrative area, and the very high-security area, known as the protected area. The book contains detailed descriptions of each area’s safety and security measures, along with figures of multiple buildings in both areas, and also includes information about the site’s computer networks.

This paper aims to identify security weaknesses related to the institute’s location, the Administrative Area (AA), the Protected …

The Dark Side Of Banning Hacking Technique Discussion, Qiu-Hong Wang, Ting Zhang Le

Research Collection School Of Computing and Information Systems

Prior studies have evidenced the effectiveness of more severe and broader enforcement in deterringcybercrimes. This study addresses the other side of the story. Our data analysis shows that theenforcement against the production / distribution / possession of computer misuse tools tends toincrease the contribution on detection and protection related posts in online hacker forums. Butthis enforcement may discourage those contributors who had originally actively contributed to theprotection discussions. Thus government regulations have to be cautiously justify the incentives ofmultiple parties in the cybersecurity context.

Relationship Between Corporate Governance And Information Security Governance Effectiveness In United States Corporations, Robert Elliot Davis

Walden Dissertations and Doctoral Studies

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data from 95 strategic and tactical leaders of the 500 …

A Study Of Information Security Awareness Program Effectiveness In Predicting End-User Security Behavior, James Michael Banfield

Master's Theses and Doctoral Dissertations

As accessibility to data increases, so does the need to increase security. For organizations of all sizes, information security (IS) has become paramount due to the increased use of the Internet. Corporate data are transmitted ubiquitously over wireless networks and have increased exponentially with cloud computing and growing end-user demand. Both technological and human strategies must be employed in the development of an information security awareness (ISA) program. By creating a positive culture that promotes desired security behavior through appropriate technology, security policies, and an understanding of human motivations, ISA programs have been the norm for organizational end-user risk mitigation …

Exploring The Cybersecurity Hiring Gap, Adam O. Pierce

Walden Dissertations and Doctoral Studies

Cybersecurity is one of the fastest growing segments of information technology. The Commonwealth of Virginia has 30,000 cyber-related jobs open because of the lack of skilled candidates. The study is necessary because some business managers lack strategies for hiring cybersecurity professionals for U.S. Department of Defense (DoD) contracts. The purpose of this case study was to explore strategies business managers in DoD contracting companies used to fill cybersecurity positions. The conceptual framework used for this study was the organizational learning theory. A purposeful sample of 8 successful business managers with cybersecurity responsibilities working for U.S. DoD contracting companies that successfully …

Secure Portable Execution And Storage Environments: A Capability To Improve Security For Remote Working, Peter James

Theses: Doctorates and Masters

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing …

Book Review: Handbook On Securing Cyber-Physical Critical Infrastructure: Foundations And Challenges (Written By Sajal K. Das, Krishna Kant, Nan Zhang), Katina Michael

Professor Katina Michael

This 800+ page handbook is divided into eight parts and contains thirty chapters, ideal for either an advanced undergraduate or graduate course in security. At the heart of this handbook is how we might go about managing both physical and cyber infrastructures, as they continue to become embedded and enmeshed, through advanced control systems, and new computing and communications paradigms.

Book Review: The Basics Of Information Security: Understanding The Fundamentals Of Infosec In Theory And Practice, Katina Michael

Professor Katina Michael

Dr Jason Andress (ISSAP, CISSP, GPEN, CEH) has written a timely book on Information Security. Andress who is a seasoned security professional with experience in both the academic and business worlds, categorically demonstrates through his book that underlying the operation of any successful business today is how to protect your most valuable asset- “information”. Andress completed his doctorate in computer science in the area of data protection, and presently works for a major software company, providing global information security oversight and performing penetration testing and risks assessment.

Book Review: Security Risk Management: Building An Information Security Risk Management Program From The Ground Up, Katina Michael

Associate Professor Katina Michael

In an age of outsourcing tasks that are not considered to be a core competency of the business, organisations have often relied on external consultants for matters pertaining to security. In actual fact, most companies could have utilized existing skill-sets in-house to produce a security risk management program, if only they knew what steps to take, and how to go about it all. Evan Wheeler in his book on information security risk management does just that- he equips professionals tasked with security, with the thinking required to create a program that is more preoccupied with the complex strategic-level questions than …

Strategic Assessment Of Information Security Maturity, Arcot Desai Narasimhalu, Dayasindhu Nagarajan, Raghavan Subramanian

Arcot Desai NARASIMHALU

CXOs are becoming increasingly interested in the information security maturity of their enterprises. This paper presents a CXO dashboard that will allow better management of the information security resources in an enterprise.

Infosemm: Infosys It Security Maturity Model: A Report, Arcot Desai Narasimhalu, N. Dayasindhu, Raghavan Subramanian

Arcot Desai NARASIMHALU

Businesses are faced with a continuing battle related to cyber security related issues ranging from cyber attacks all the way to cyber (information) war. These issues affect result in information, system, reputation, and revenue related risks. These risks arise because of vulnerabilities introduced in three major parts of the enterprise – infrastructure, intelligence and practices. This report provides a rating system for representing the security health of enterprises.

Economics Of Information Security Investment In The Case Of Simultaneous Attacks, C. Derrick Huang, Qing Hu, Ravi S. Behara

Qing Hu

With billions of dollars being spent on information security related products and services each year, the economics of information security investment has become an important area of research, with significant implications for management practices. Drawing on recent studies that examine optimal security investment levels under various attack scenarios, we propose an economic model that considers simultaneous attacks from multiple external agents with distinct characteristics, and derive optimal investments based on the principle of benefit maximization. The relationships among the major variables, such as systems vulnerability, security breach probability, potential loss of security breach, and security investment levels, are investigated via …

The Centrality Of Awareness In The Formation Of User Behavioral Intention Toward Preventive Technologies In The Context Of Voluntary Use, Tamara Dinev, Qing Hu

Qing Hu

Little is known about user behavior toward what we call preventive computer technologies that have become increasingly important in the networked economy and society to secure data and systems from viruses, unauthorized access, disruptions, spyware, and similar harmful technologies. We present the results of a study of user behavior toward preventive technologies based on the frameworks of theory of planned behavior in the context of anti-spyware technologies. We find that the user awareness of the issues and threats from harmful technologies is a strong predictor of user behavioral intention toward the use of preventive technologies. In the presence of awareness, …

Strategic Assessment Of Information Security Maturity, Arcot Desai Narasimhalu, Dayasindhu Nagarajan, Raghavan Subramanian

Research Collection School Of Computing and Information Systems

CXOs are becoming increasingly interested in the information security maturity of their enterprises. This paper presents a CXO dashboard that will allow better management of the information security resources in an enterprise.

Infosemm: Infosys It Security Maturity Model: A Report, Arcot Desai Narasimhalu, N. Dayasindhu, Raghavan Subramanian

Research Collection School Of Computing and Information Systems

Businesses are faced with a continuing battle related to cyber security related issues ranging from cyber attacks all the way to cyber (information) war. These issues affect result in information, system, reputation, and revenue related risks. These risks arise because of vulnerabilities introduced in three major parts of the enterprise – infrastructure, intelligence and practices. This report provides a rating system for representing the security health of enterprises.