Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security
Permanent URI for this collection
Browse
Recent Submissions
Item Towards Trusted Data Processing for Information and Intelligence Systems(2021-01-05) Wang, Yong; Muthusamy Ragothaman, Kaushik Nagarajan; Shakya, BijayData is a valued asset and its security is essential for any enterprise and organization. This paper introduces Trusted Data Processing (TDP) and addresses three fundamental questions in TDP: 1) what are the essential requirements to achieve TDP? 2) what security mechanisms and safeguards are available to ensure TDP? 3) how to integrate TDP to practice? Based on the attacks targeting at data assets and their consequences, the requirements to achieve TDP, including data security, data privacy, accountability, transparency, distributed computing, and trusted elements, are identified. Available security mechanisms and safeguards to ensure TDP are discussed. This paper also summarizes the challenges to achieve TDP and provides a practical guidance to achieve TDP through the integration with NIST Cybersecurity Framework.Item Too Busy to Monitor? Board Busyness and the Occurrence of Reported Information Security Incidents(2021-01-05) Hsu, Carol; Wang, TaweiThis paper investigates the association between board busyness (i.e., directors with multiple positions) and the occurrence of reported information security incidents. Building on prior studies of board busyness, this paper argues that directors holding multiple board seats may fail to commit the time and effort necessary to ensure the appropriate information security strategy or investment plans are in place. Our results demonstrate that board busyness is positively associated with reported information security incidents. This effect is larger when independent directors are busy, thus suggesting the importance of the governance role played by independent directors in managing information security risks. The board of directors’ role has been emphasized in anecdotal evidence and IT governance frameworks, but our study empirically demonstrates the board’s relevance in information security strategy and management.Item Perceptions of Information Systems Security Compliance: An Empirical Study in Higher Education Setting(2021-01-05) Li, Lei; Shen, Yide; Han, MengEnsuring information systems security policy compliance is an integral part of the security program of any organization. This paper investigated the perceptions of different stakeholder groups towards information security policy compliance constructs of Unified Model of Information Security Compliance (UMISPC) [1] in a higher education environment. The research findings showed that faculty/staff generally has higher tendency towards security policy compliance comparing to students in a higher education institution. In addition, students with security knowledge are more incline to have security policy compliance activities. Our finding not only added to the knowledge base of information systems security compliance research, but also offers practical implications.Item Organizational Aspects of Cyber Security in Family Firms – an Empirical Study of German Companies(2021-01-05) Ulrich, Patrick; Timmermann, AliceIn the context of increasing digitization and networking, the importance of cyber security is as well growing for family businesses and moving onto the management agenda as a cross-divisional, group-wide challenge. A study of 184 German companies shows that although family businesses identify cyber security as a relevant field of action, they do not sufficiently address the organizational framework and procedural implementation. This paper is dedicated to the examination of this phenomenon. Potential causes of this phenomenon will be discussed. Building on that recommendations for action are given.Item My Security: An interactive search engine for cybersecurity(2021-01-05) Sun, Nan; Zhang, Jun; Gao, Shang; Zhang, Leo Yu; Camtepe, Seyit; Xiang, YangLarge volumes of Cybersecurity-related data is generated every day from various sources at high speed to adapt to the fast-evolving landscape of cybersecurity. It drives the emergence of challenges such as the efficient gathering of in-demand information from unstructured and heterogeneous data sources. After collecting sufficient data, it is hard for users to understand the message hidden behind without adequate security domain knowledge. To help address this problem, in this paper, we present My Security, an innovative search engine for gathering, managing, and understanding cybersecurity-related data. My Security is based on a novel indexing approach that stores both the information of data sources (e.g., publication date, authorship) and the pragmatics messages, including security category (e.g., ransomware, data breach) and corresponding security components (e.g., time of the event, impacted systems). With the established index, users can retrieve cybersecurity information through comprehensive approaches. Fetched results are provided with interpretations leveraged from pragmatics indexing. Additional data mining and visualization techniques enhance the interactivity of My Security by presenting the retrieved results in a clear and comprehensible manner with cybersecurity expertise. It is demonstrated that My Security is efficient at satisfying users' requirements for searching security data and helping people gain better insights into cybersecurity.Item Introduction to the Minitrack on Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security(2021-01-05) Plachkinova, Miloslava; Steiner, Stuart; Conte De Leon, Daniel; Shepherd, Morgan