Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security Operations

Permanent URI for this collectionhttps://hdl.handle.net/10125/112546

Browse

Recent Submissions

Now showing 1 - 9 of 9
  • Thumbnail Image
    Item type: Item ,
    Encouraging Knowledge Workers’ Security Practices through Psychological Empowerment
    (2026-01-06) Deng, Xiaodong; Guo, Yi; Qu, Hongwei
    Literature and industrial surveys have suggested the critical role of knowledge workers in protecting organizations’ information assets. However, the programs designed to encourage knowledge workers to actively engage in securing behaviors are less effective than expected. In this study, we examine the impact of work environment factors on knowledge workers’ psychological empowerment and how psychological empowerment motivates individuals’ learning-oriented and performance-oriented security practices. The results from a sample of 75 survey participants suggest that perceived sanction and perceived value invoke knowledge workers’ psychological empowerment. Psychological empowerment motivates the individuals’ both types of security practices. The implications and future directions of the study are discussed.
  • Thumbnail Image
    Item type: Item ,
    Navigating identity threats in AI-enabled automated cyber defense: A dynamic model for modern SOC and vulnerability management teams
    (2026-01-06) Saadallah, Mehdi; Shahim, Abbas; Khapova, Svetlana
    Security operations centers (SOCs) and vulnerability management (VM) are being progressively reconfigured by the increasing Artificial Intelligence (AI) enabled automation integration. While these changes enhance detection and response capabilities, they also trigger disruptions to the professional identity and trust dynamics of cybersecurity practitioners. Drawing on the identity threat appraisal theory and data from 46 interviews across 3 organizations, this study reveals 2 interrelated tensions: (1) role redefinition and (2) transparency and trust in AI-enabled automation. We develop a conceptual model called the dynamic identity work cycle that theorizes how cyber defense professionals balance these tensions through a continuous loop of threat appraisal, identity protection, identity restructuring, and validation. This research contributes to the field of organizational cybersecurity by uncovering the human mechanisms that support successful cyber defense operations in AI-enabled automation contexts. Our findings offer both a theoretical extension to organizational identity theory in high-tech work environments and practical insights for designing resilient AI integrated SOC and VM operations.
  • Thumbnail Image
    Item type: Item ,
    Empowering Boards through Continuous, Empirically Generated Cybersecurity Patterns Using a Criminological-informed Analytical Tool
    (2026-01-06) Miao, Cheng; Tsen, Elinor; Ho, Heemeng; Whelan, Chad; Ko, Ryan Kl
    As boards face increasing regulatory pressure to strengthen organizational cybersecurity, there is a need for methods that support evidence-based, informed decision-making. By analyzing cyber risks from a criminology perspective, this study addresses the challenges boards face in managing cyber threats. Using Crime Script Analysis and Situational Crime Prevention, we systematically examined Singapore’s regulatory data breach reports to identify cybersecurity patterns, describe them in a business process context, and provide actionable guidance aligned with ISO/IEC 27002:2022 controls. We explored the automation of this approach using large language models and manually analyzed the result, identifying the top three patterns and visualizing them in a dashboard: Authentication deficiencies, Supplier management risks, and Access control failures. Despite frequent attention, these areas remain ineffectively addressed in practice. This study also offers research opportunities in the continuous generation of empirical cybersecurity insights, assisting boards to facilitate better cybersecurity management in line with regulatory and compliance responsibilities.
  • Thumbnail Image
    Item type: Item ,
    Driver of User’s Security Behaviors: Avoidance or Motivation
    (2026-01-06) Batra, Gunjan; Saeed, Khawaja; Xue, Botong
    As more companies move their services online, customers, not just employees, have become common targets for cyberattacks like viruses, worms, spoofing, phishing, and spyware attacks. Unlike employees, customers are not required to follow security rules, so it’s important to understand what motivates them to stay safe online. This study looks at two types of behavior: protection motivation (actively taking steps to stay safe) and threat avoidance (avoiding risky situations). We use ideas from Protection Motivation Theory, Threat Avoidance Theory, Social Cognitive Theory, and Habit Formation Theory to understand what influences these behaviors. The analysis of data collected through a survey shows that being familiar with cyberattacks increases a person’s confidence (self-efficacy), which helps them stay motivated to protect themselves and avoid threats. We also found that perceived effort or barriers make people less likely to take protective actions. This study helps improve both theory and training programs to support better cybersecurity habits.
  • Thumbnail Image
    Item type: Item ,
    Between Promise and Practice: Challenges and Misperceptions of Applying Privacy Enhancing Technologies in Business Contexts
    (2026-01-06) Lohmöller, Johannes; Jeon, Hajeong; Hentschel, Jael; Wehrle, Klaus; Pennekamp, Jan
    Applying privacy-enhancing technologies (PETs), such as homomorphic encryption or differential privacy, promises to improve organizational cybersecurity strategies. However, in business contexts, significant gaps manifest between their technical capabilities and organizational perceptions, indicating a mismatch between promise and practice. This paper presents the first comprehensive meta-analysis of organizational PET perceptions through a systematic review of 34 empirical studies. Our findings reveal that while regulatory pressures and reputational considerations drive adoption, organizations face substantial practical challenges, including complexity management and insufficient understanding of technological capabilities. Even experienced practitioners show misperceptions about PET functionality, leading to misconfigurations that undermine promised privacy benefits. Thus, misperceptions directly impact cybersecurity effectiveness, as organizations may overestimate deployed protections or underutilize available capabilities. Consequently, our analysis highlights the need for and recommends implementing improved education, regular reassessments of current beliefs regarding PETs, and transparency mechanisms to translate potential into successful enterprise cybersecurity.
  • Thumbnail Image
    Item type: Item ,
    Unmasking Disinformation: Enhancing Cyber Threat Intelligence through Crowdsourced Analysis and AI-Driven Training
    (2026-01-06) Huang, He; Sun, Nan; Tani, Massimiliano; Zhang , Yu; Jiang, Jiaojiao; Jha, Sanjay
    The intersection of Artificial Intelligence (AI) and Cybersecurity holds immense potential but also presents significant challenges, particularly in collaborative and inter-organizational domains. This study explores the critical issue of disinformation in Cyber Threat Intelligence (CTI), focusing on its detection and mitigation through crowdsourced efforts and AI-driven approaches. By generating synthetic CTI datasets and orchestrating a collaborative detection campaign, the study reveals the vulnerabilities of both experts and laypersons to disinformation and the psychological biases that influence decision-making. Key findings highlight the critical role of education and training in improving human proficiency in identifying fake CTI and the transformative potential of AI in enhancing collaborative cybersecurity defenses. This research provides actionable insights into the use of AI for detecting disinformation, protecting collaborative AI systems, and fostering resilient inter-organizational cybersecurity strategies. The study contributes to advancing the cybersecurity domain by introducing a hybrid approach that combines human expertise, AI innovation, and collaborative resilience.
  • Thumbnail Image
    Item type: Item ,
    A Meta-Analytic Review of Sanctions in Organizational Cybersecurity
    (2026-01-06) Prabhu, Sunitha; Kocsis, David; Suntwal, Sandeep
    Sanctions are central to regulatory strategies designed to deter violations of organizational cybersecurity policies. Yet, their effectiveness in shaping cybersecurity behaviour, particularly among non-malicious insiders, remains unclear, with empirical findings showing considerable inconsistency. This meta-analysis synthesizes evidence from 51 studies to examine the differential impact of sanctions on two key outcomes: compliance intentions and violation intentions. The results reveal that sanction certainty significantly increases compliance intentions but has no significant effect on violation intentions, challenging the assumption of symmetrical deterrence. Additionally, sanction celerity moderates the effects of both detection certainty and sanction severity on compliance, while sample size and geographic factors moderate the relationship between sanction severity and violation intentions. These findings offer important refinements to sanctions-based deterrence models and suggest directions for future research.
  • Thumbnail Image
    Item type: Item ,
    From Noise to Signal: An Extensible Framework for Measuring Threat Intelligence Quality
    (2026-01-06) Sauerwein, Clemens; Gschwandtner, Mathias; Breu, Ruth
    Threat intelligence (TI), information about emerging threats that target an organisation to mitigate risks, can be acquired from various information sources. Despite its critical role in protecting business-sensitive assets and enabling security operations, the quality of TI varies significantly. This inconsistency poses a major challenge for organisations relying on TI for informed decision-making. To address this, we collaborated with security experts to identify key quality criteria for TI and operationalize these criteria in practice. Based on these insights, we present an extensible and customizable framework for assessment of threat intelligence quality. Our framework assigns quality scores to individual TI items, enabling more reliable and informed utilisation in security workflows. This work focuses on practical implementation and evaluation, offering guidance for improving TI processes.
  • Thumbnail Image
    Item type: Item ,
    Introduction to the Minitrack on Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security Operations
    (2026-01-06) Conte De Leon, Daniel; Suntwal, Sandeep; Kocsis, David; Shepherd, Morgan