Segui questo link per vedere altri tipi di pubblicazioni sul tema: Strategic cybersecurity.
Articoli di riviste sul tema "Strategic cybersecurity"
Cita una fonte nei formati APA, MLA, Chicago, Harvard e in molti altri stili
Vedi i top-50 articoli di riviste per l'attività di ricerca sul tema "Strategic cybersecurity".
Accanto a ogni fonte nell'elenco di riferimenti c'è un pulsante "Aggiungi alla bibliografia". Premilo e genereremo automaticamente la citazione bibliografica dell'opera scelta nello stile citazionale di cui hai bisogno: APA, MLA, Harvard, Chicago, Vancouver ecc.
Puoi anche scaricare il testo completo della pubblicazione scientifica nel formato .pdf e leggere online l'abstract (il sommario) dell'opera se è presente nei metadati.
Vedi gli articoli di riviste di molte aree scientifiche e compila una bibliografia corretta.
1
Burrell, Darrell Norman. "Assessing the Value of Executive Leadership Coaches for Cybersecurity Project Managers". International Journal of Human Capital and Information Technology Professionals 10, n. 2 (aprile 2019): 20–32. http://dx.doi.org/10.4018/ijhcitp.2019040102.
Testo completoAbstract (sommario):
With the complex nature of impacts of cybersecurity breaches, it is critical that organizational have cybersecurity project managers that can make sound managerial and leadership decisions. Often cybersecurity project managers act quickly with managerial decisions at work. When time is of the essence, strategic thinking, strategic communication, and strategic decision making are critical to organizational effectiveness and productivity. Decision making and strategic communications are just a few skills that executive leadership coaches can teach. This article explores the values and potential benefits of executive coaching as a leadership development tool for information technology and cybersecurity project managers.
2
Goel, Rajni, Anupam Kumar e James Haddow. "PRISM: a strategic decision framework for cybersecurity risk assessment". Information & Computer Security 28, n. 4 (19 giugno 2020): 591–625. http://dx.doi.org/10.1108/ics-11-2018-0131.
Testo completoAbstract (sommario):
Purpose This study aims to develop a framework for cybersecurity risk assessment in an organization. Existing cybersecurity frameworks are complex and implementation oriented. The framework can be systematically used to assess the strategic orientation of a firm with respect to its cybersecurity posture. The goal is to assist top-management-team with tailoring their decision-making about security investments while managing cyber risk at their organization. Design/methodology/approach A thematic analysis of existing publications using content analysis techniques generates the initial set of keywords of significance. Additional factor analysis using the keywords provides us with a framework comprising of five pillars comprising prioritize, resource, implement, standardize and monitor (PRISM) for assessing a firm’s strategic cybersecurity orientation. Findings The primary contribution is the development of a novel PRISM framework, which enables cyber decision-makers to identify and operationalize a tailored approach to address risk management and cybersecurity problems. PRISM framework evaluation will help organizations identify and implement the most tailored risk management and cybersecurity approach applicable to their problem(s). Originality/value The new norm is for companies to realize that data stratification in cyberspace extends throughout their organizations, intertwining their need for cybersecurity within business operations. This paper fulfills an identified need improve the ability of company leaders, as CIOs and others, to address the growing problem of how organizations can better handle cyber threats by using an approach that is a methodology for cross-organization cybersecurity risk management.
3
Gajewski, Tomasz. "TOWARDS RESILIENCE. EUROPEAN CYBERSECURITY STRATEGIC FRAMEWORK". Ante Portas - Studia nad bezpieczeństwem 1(14)/2020, n. 1(14)/2020 (2020): 103–22. http://dx.doi.org/10.33674/3201911.
Testo completoAbstract (sommario):
Cyberspace has become critical domain of contemporary societies and states. Growing presence and dense network of various activities have resulted in transformation of strictly technical dimension into nervous system of the world. Naturally, with humans’ immersion in cyberspace, the catalogue of threats is growing exponentially - from risks to individuals’ security through hazards to corporate, government entities to threats to complex social systems. Resilience of the latter depends on cyberspace. The aim of the paper is to analyse EU’s approach to growing dangers, with European Cybersecurity Strategy as main research field. Document will be employed to conduct the study.
4
Kudzin-Borkowska, Małgorzata. "Cyberbezpieczeństwo w Grupie Wyszehradzkiej – koncepcje i strategie". Przegląd Bezpieczeństwa Wewnętrznego 13, n. 24 (2021): 46–62. http://dx.doi.org/10.4467/20801335pbw.21.009.13566.
Testo completoAbstract (sommario):
W artykule podjęto problematykę cyberbezpieczeństwa w Grupie Wyszehradzkiej. Mimo że w nauce pojawia się wiele terminów dotyczących bezpieczeństwa informacyjnego, jednak w ostatnich latach w dokumentach strategicznych dominuje kategoria pojęciowa „cyberbezpieczeństwo”. W Strategii Bezpieczeństwa Cybernetycznego Unii Europejskiej z 7 marca 2013 r. stwierdza się, że bezpieczeństwo cybernetyczne odnosi się do zabezpieczeń i działań, które mogą być wykorzystywane do ochrony domeny cybernetycznej, zarówno cywilnej, jak i wojskowej, przed tymi zagrożeniami, które dotyczą jej współzależnych sieci i infrastruktury informatycznej oraz które mogą te sieci oraz tę infrastrukturę uszkodzić. Państwa Grupy Wyszehradzkiej wypracowały swoje własne strategie cyberbezpieczeństwa na podstawie światowych wzorców w tej dziedzinie. W tych dokumentach deklarują wprawdzie gotowość współpracy międzynarodowej, także środkowoeuropejskiej, jednak widać, że każde z nich ma ambicje odgrywania roli środkowoeuropejskiego lidera. Cybersecurity in the Visegrad Group – concepts and strategies The article discusses the issues of cybersecurity in the Visegrad Group. There is a wide spectrum of information security terminology, but the conceptual category of cybersecurity has dominated strategic documents in recent years. The European Union Cyber Security Strategy of 7, March 2013, claims that cybersecurity commonly refers to the safeguards and actions that can be used to protect the cyber domain, both in the civilian and military fields, from those threats that are associated with or that may harm its interdependent networks and information infrastructure. The Visegrad Group countries have developed their own cybersecurity strategies based on global models in this field. However, in these strategic documents they declare readiness for broad international cooperation, including Central European, it can be seen that each of them strives to play the role of a leader in Central Europe.
5
Borum, Randy, John Felker, Sean Kern, Kristen Dennesen e Tonya Feyes. "Strategic cyber intelligence". Information & Computer Security 23, n. 3 (13 luglio 2015): 317–32. http://dx.doi.org/10.1108/ics-09-2014-0064.
Testo completoAbstract (sommario):
Purpose – This paper aims to highlight the importance and role of strategic cyber intelligence to support risk-informed decision-making, ultimately leading to improved objectives, policies, architectures and investments to advance a nation or organization’s interests in the cyber domain. Design/methodology/approach – Integration of professional research literature from the fields of intelligence studies, strategy and information/computer security. Findings – Investing in technology, firewalls and intrusion detection systems is appropriate but, by itself, insufficient. Intelligence is a key component. Cyber intelligence emphasizes prevention and anticipation, to focus cybersecurity efforts before an attack occurs (“left of the hack”). Strategic cyber intelligence can substantially reduce risk to the organization’s mission and valued assets and support its due diligence. Originality/value – This paper describes how strategic cyber intelligence can be implemented and used within an enterprise to enhance its cyber defense, and create a more proactive and adaptive security posture. It not only describes strategic cyber intelligence as a distinct discipline, but also demonstrates how the key intelligence functions articulate with existing cybersecurity risk management standards.
6
Ulven, Joachim Bjørge, e Gaute Wangen. "A Systematic Review of Cybersecurity Risks in Higher Education". Future Internet 13, n. 2 (2 febbraio 2021): 39. http://dx.doi.org/10.3390/fi13020039.
Testo completoAbstract (sommario):
The demands for information security in higher education will continue to increase. Serious data breaches have occurred already and are likely to happen again without proper risk management. This paper applies the Comprehensive Literature Review (CLR) Model to synthesize research within cybersecurity risk by reviewing existing literature of known assets, threat events, threat actors, and vulnerabilities in higher education. The review included published studies from the last twelve years and aims to expand our understanding of cybersecurity’s critical risk areas. The primary finding was that empirical research on cybersecurity risks in higher education is scarce, and there are large gaps in the literature. Despite this issue, our analysis found a high level of agreement regarding cybersecurity issues among the reviewed sources. This paper synthesizes an overview of mission-critical assets, everyday threat events, proposes a generic threat model, and summarizes common cybersecurity vulnerabilities. This report concludes nine strategic cyber risks with descriptions of frequencies from the compiled dataset and consequence descriptions. The results will serve as input for security practitioners in higher education, and the research contains multiple paths for future work. It will serve as a starting point for security researchers in the sector.
7
Timmers, Paul. "Ethics of AI and Cybersecurity When Sovereignty is at Stake". Minds and Machines 29, n. 4 (11 ottobre 2019): 635–45. http://dx.doi.org/10.1007/s11023-019-09508-4.
Testo completoAbstract (sommario):
Abstract Sovereignty and strategic autonomy are felt to be at risk today, being threatened by the forces of rising international tensions, disruptive digital transformations and explosive growth of cybersecurity incidents. The combination of AI and cybersecurity is at the sharp edge of this development and raises many ethical questions and dilemmas. In this commentary, I analyse how we can understand the ethics of AI and cybersecurity in relation to sovereignty and strategic autonomy. The analysis is followed by policy recommendations, some of which may appear to be controversial, such as the strategic use of ethics. I conclude with a reflection on underlying concepts as an invitation for further research. The goal is to inspire policy-makers, academics and business strategists in their work, and to be an input for public debate.
8
Kissoon, Tara. "Optimum spending on cybersecurity measures". Transforming Government: People, Process and Policy 14, n. 3 (7 maggio 2020): 417–31. http://dx.doi.org/10.1108/tg-11-2019-0112.
Testo completoAbstract (sommario):
Purpose This purpose of this paper is to provide insight through analysis of the data collected from a pilot study, into the decision-making process used by organizations in cybersecurity investments. Leveraging the review of literature, this paper aims to explore the strategic decisions made by organizations when implementing cybersecurity controls, and identifies economic models and theories from the economics of information security, and information security investment decision-making process. Using a survey study method, this paper explores the feasibility for development of a strategic decision-making framework that may be used when evaluating and implementing cybersecurity measures. Design/methodology/approach A pilot study was conducted to evaluate the ways in which decisions are made as it relates to cybersecurity spending. The purpose of the pilot study was to determine the feasibility for developing a strategic framework to minimize cybersecurity risks. Phase 1 – Interview Study: The qualitative approach focused on seven participants who provided input to refine the survey study questionnaire. Phase 2 – Survey Study: The qualitative approach focused on information gathered through an online descriptive survey study using a five-point Likert scale. Findings The literature review identified that there is limited research in the area of information security decision making. One paper was identified within this area, focusing on the research completed by Dor and Elovici [22]. This exploratory research demonstrates that although organizations have actively implemented cybersecurity frameworks, there is a need to enhance the decision-making process to reduce the number and type of breaches, along with strengthening the cybersecurity framework to facilitate a preventative approach. Research limitations/implications The partnership research design could be expanded to facilitate quantitative and qualitative techniques in parallel with equal weight, leveraging qualitative techniques, an interview study, case study and grounded theory. In-depth data collection and analysis can be completed to facilitate a broader data collection which will provide a representative sample and achieve saturation to ensure that adequate and quality data are collected to support the study. Quantitative analysis through statistical techniques (i.e. regression analysis) taking into account, the effectiveness of cybersecurity frameworks, and the effectiveness of decisions made by stakeholders on implementing cybersecurity measures. Practical implications This exploratory research demonstrates that organizations have actively implemented cybersecurity measure; however, there is a need to reduce the number and type of breaches, along with strengthening the cybersecurity framework to facilitate a preventative approach. In addition, factors that are used by an organization when investing in cybersecurity controls are heavily focused on compliance with government and industry regulations along with opportunity cost. Lastly, the decision-making process used when evaluating, implementing and investing in cybersecurity controls is weighted towards the technology organization and, therefore, may be biased based on competing priorities. Social implications The outcome of this study provides greater insight into how an organization makes decisions when implementing cybersecurity controls. This exploratory research shows that most organizations are diligently implementing security measures to effectively monitor and detect cyber security attacks. The pilot study revealed that the importance given to the decisions made by the CIO and Head of the Business Line have similar priorities with regard to funding the investment cost, implementing information security measures and reviewing the risk appetite statement. This parallel decision-making process may potentially have an adverse impact on the decision to fund cybersecurity measures, especially in circumstances where the viewpoints are vastly different . Originality/value Cybersecurity spend is discussed across the literature, and various approaches, methodologies and models are used. The aim of this paper is to explore the strategic decision-making approach that is used by organizations when evaluating and implementing cybersecurity measures. Using a survey study method, this paper explores the feasibility for development of a strategic decision-making framework that may be used when evaluating and implementing cybersecurity measures.
9
Cai, Cuihong. "Cybersecurity in the Chinese Context: Changing Concepts, Vital Interests, and Prospects for Cooperation". China Quarterly of International Strategic Studies 01, n. 03 (ottobre 2015): 471–96. http://dx.doi.org/10.1142/s2377740015500189.
Testo completoAbstract (sommario):
"Cybersecurity" has become a topic of great strategic importance concerning both national and international security, especially after Edward Snowden's disclosure of the secret surveillance programs of the U.S. government. With the largest number of netizens in the world, China holds its own views, beliefs, and assumptions on this topic. To understand the current disputes over international cybersecurity and to identify challenges and opportunities presented to international cybersecurity cooperation, it is of great significance to examine "cybersecurity" in the Chinese context. This article deals with the following issues from a Chinese perspective: cyberspace and cybersecurity in general, China's vital cybersecurity interests and threatening challenges, and barriers to further progress in international cybersecurity cooperation. It is concluded that China's understanding of cybersecurity, which derives from its unique national conditions, does not limit its willingness to participate in international cybersecurity cooperation.
10
Galinec, Darko, Darko Možnik e Boris Guberina. "Cybersecurity and cyber defence: national level strategic approach". Automatika 58, n. 3 (3 luglio 2017): 273–86. http://dx.doi.org/10.1080/00051144.2017.1407022.
Testo completo
11
Benzel, Terry. "A Strategic Plan for Cybersecurity Research and Development". IEEE Security & Privacy 13, n. 4 (luglio 2015): 3–5. http://dx.doi.org/10.1109/msp.2015.84.
Testo completo
12
Sallos, Mark Paul, Alexeis Garcia-Perez, Denise Bedford e Beatrice Orlando. "Strategy and organisational cybersecurity: a knowledge-problem perspective". Journal of Intellectual Capital 20, n. 4 (11 ottobre 2019): 581–97. http://dx.doi.org/10.1108/jic-03-2019-0041.
Testo completoAbstract (sommario):
Purpose The purpose of this paper is to frame organisational cybersecurity through a strategic lens, as a function of an interplay of pragmatism, inference, holism and adaptation. The authors address the hostile epistemic climate for intellectual capital management presented by the dynamics of cybersecurity as a phenomenon. The drivers of this hostility are identified and their implications for research and practice are discussed. Design/methodology/approach The philosophical foundations of cybersecurity in its relation with strategy, knowledge and intellectual capital are explored through a review of the literature as a mechanism to contribute to the emerging theoretical underpinnings of the cybersecurity domain. Findings This conceptual paper argues that a knowledge-based perspective can serve as the necessary platform for a phenomenon-based view of organisational cybersecurity, given its multi-disciplinary nature. Research limitations/implications By recognising the knowledge-related vectors, mechanisms and tendencies at play, a novel perspective on the topic can be developed: cybersecurity as a “knowledge problem”. In order to facilitate such a perspective, the paper proposes an emergent epistemology, rooted in systems thinking and pragmatism. Practical implications In practice, the knowledge-problem narrative can underpin the development of new organisational support constructs and systems. These can address the distinctiveness of the strategic challenges that cybersecurity poses for the growing operational reliance on intellectual capital. Originality/value The research narrative presents a novel knowledge-based analysis of organisational cybersecurity, with significant implications for both interdisciplinary research in the field, and practice.
13
Kasper, Agnes, e Vlad Vernygora. "The EU’s cybersecurity: a strategic narrative of a cyber power or a confusing policy for a local common market?" Cuadernos Europeos de Deusto, n. 65 (23 settembre 2021): 29–71. http://dx.doi.org/10.18543/ced-65-2021pp29-71.
Testo completoAbstract (sommario):
In the last decade, cybersecurity has swiftly turned into a strategic issue and became an important horizontal policy area in the EU, which is treated in this article as one of the four contemporary political empires. These days, the policy arguably encompasses both internal and external aspects, often making it difficult to assess the level of its actual effectiveness as well as outreach. Initially, the EU’s introverted vision on the issue drove the policy to focus on cyber resilience and strategic autonomy. Evidently, the EU’s strategic narrative that could assist it in leading the process of creating an open, free, stable and secure cyberspace in the digital decade, in the context of international security, is emerging. Thus, this contribution is to test the argument that the EU, utilizing an imperial paradigm (consciously or not), is gradually becoming a global steering power in cybersecurity. In this article, firstly, we identify and examine the process of formation of the EU’s narratives about (its) cyber power. Secondly, we establish a discussion framework to highlight the methodological relevance of the imperial paradigm, cyber power Europe and Strategic Narrative Theory for a multidisciplinary debate on global geo-strategic redesign, in which the EU takes part. Thirdly, we look into bilateral and multilateral forums and processes that deal with cybersecurity and in which the EU participates, in order to understand more specifically how the EU is projecting its cyber-power narratives internationally and how cybersecurity-associated challenges impact current dynamics in other policy domains in the field of international relations.
Recibido: 20 noviembre 2020Aceptado: 18 mayo 2021
14
ITAI, YAYA, e Emmanuel Onwubiko. "Impact of Ransomware on Cybersecurity". INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 17, n. 1 (16 gennaio 2018): 7077–80. http://dx.doi.org/10.24297/ijct.v17i1.6750.
Testo completoAbstract (sommario):
This paper attempts to discover ransomware exposing the lack of cyber-security. It intends to elicit attention with regards to ransomware, a newly emerged cyber threat and to help organizations; IT practitioners understand the need for cyber security knowledge and awareness plus types of tools used. The paper also discusses methodologies trends and research recommendation on cyber-security threats and provides probative strategic strategy.
15
GRIBOIEDOV, S. "Some issues of improving state planning in the sphere of cyber security in conditions of hybrid threats". INFORMATION AND LAW, n. 1(36) (11 marzo 2021): 114–22. http://dx.doi.org/10.37750/2616-6798.2021.1(36).238191.
Testo completoAbstract (sommario):
The main principles of state strategic planning in the sphere of cybersecurity are considered. The directions of improvement of public administration in the field of cyber protection of a critical information infrastructure and state information resources are identified. The shortcomings of the Cyber Security Strategy of Ukraine in 2016 are analyzed and summarized. The draft of Cyber Security Strategy of Ukraine for 2021 – 2025 is considered and directions for its improvement are proposed. The prospects of strategic state planning in the sphere of cybersecurity in the context of the spread of hybrid threats are outlined.
16
Chen Liao, Chee-Wooi Ten e Shiyan Hu. "Strategic FRTU Deployment Considering Cybersecurity in Secondary Distribution Network". IEEE Transactions on Smart Grid 4, n. 3 (settembre 2013): 1264–74. http://dx.doi.org/10.1109/tsg.2013.2256939.
Testo completo
17
POLIAKOV, O. "Activation of international cooperation in the field of cybersecurity: the ways of improvement in today’s realities". INFORMATION AND LAW, n. 2(37) (23 giugno 2021): 129–38. http://dx.doi.org/10.37750/2616-6798.2021.2(37).238348.
Testo completoAbstract (sommario):
The strategic bases of Ukraine's international cooperation in the field of cybersecurity have been identified. The tasks of international cooperation in the field of cybersecurity are generalized. The international initiatives implemented to strengthen the protection of cyberspace are analyzed. The directions of information security policy modernization at the UN level are detailed. The key priorities of international cooperation in the field of cybersecurity between Ukraine and NATO are outlined. Prospective activities of the NATO Cyber Security Trust Fund in Ukraine are considered. Modern world trends that affect NATO's security policy and require appropriate response measures are substantiated. On the basis of generalization, the directions to improve international cooperation in the field of cybersecurity have been identified.
18
Juurvee, Ivo, e Uku Arold. "Psychological Defence and Cyber Security". Revista ICONO14 Revista científica de Comunicación y Tecnologías emergentes 19, n. 1 (1 gennaio 2021): 70–94. http://dx.doi.org/10.7195/ri14.v19i1.1628.
Testo completoAbstract (sommario):
Disruptive developments in the field of information and communication technology have enabled malicious actors to turn elements of the digital ecosystem into information weapons in hybrid conflict. Estonia has tackled the new security realm with comprehensive national defence that is built upon understanding that the society itself is object of security and should provide appropriate safeguards and responses. Estonian conceptualisations of national cybersecurity, cyber psychological defence, strategic communications are elaborated in the light of actual seminal threat situations. Analysis of evolvement of the strategic documents guides the recommendations for even deeper blend of the technical cybersecurity culture with value-centric psychological defence and internationalisation of information security situational awareness and planning.
19
Bederna, Zsolt, Zoltan Rajnai e Tamas Szadeczky. "Business Strategy analysis of Cybersecurity Incidents". Land Forces Academy Review 26, n. 2 (1 giugno 2021): 139–48. http://dx.doi.org/10.2478/raft-2021-0020.
Testo completoAbstract (sommario):
Abstract In the current social and economic processes, information and communication services play a decisive role, changing several entities’ operations. The growing dependence that has developed over the last two decades made the security needs introduced political will, which has resulted in an iterative evolution of the regulatory environment. Hence, the legal framework requires that several entities develop protection that includes controls enhancing both preventive and reactive in a risk-proportionate manner under the business value to be protected. Nevertheless, due to the nature of cybersecurity, the development of such capabilities is not the task of a single organisation but all entities involved in cyberspace, including, e.g., individuals, non-profit and for-profit organisations, public sector actors. Therefore, each involved entity should design protection capabilities in a risk-proportionate manner, which requires strategic approaches and tools and requires organisations to learn from security incidents. This paper reviews the essential formal security strategy formulation tools, applying in the Facebook’s case based on publicly available information. The analysis aims to confirm the importance of management’s attitude and support for tackling cybersecurity’s challenges.
20
Lopatova, Natalia. "Cybersecurity as a driver of business growth". Science and Innovations 3, n. 217 (marzo 2021): 38–41. http://dx.doi.org/10.29235/1818-9857-2021-3-38-41.
Testo completoAbstract (sommario):
The article considers cybersecurity as an opportunity for further business growth and a source of competitive advantage. The main cyber risks that can lead to serious and destructive consequences for companies are identified. The article substantiates the need for strategic management of risks arising in the information space against the background of expanding the cyber threat landscape, as well as an integrated approach to making investment decisions in the field of cybersecurity. The key aspects of forming effective information security programs are identified.
21
Alashi, Shahad A., e Dhuha H. Badi. "The Role of Governance in Achieving Sustainable Cybersecurity for Business Corporations". Journal of Information Security and Cybercrimes Research 3, n. 1 (15 dicembre 2020): 97–112. http://dx.doi.org/10.26735/eint7997.
Testo completoAbstract (sommario):
The study discusses the role of governance in the sustainability of cybersecurity for business corporations. Its objectives focus on tracking technology developments and their impact on industrial espionage attacks and theft of industrial intellectual property. It also identifies the indicators and effects of such espionage and theft on business corporations. The study is based on the content analysis methodology for analyzing intellectual production pertinent to cybersecurity governance and industrial cyber espionage. The study concludes that relying on information and communication technology without adopting a cybersecurity integrated approach including technical, organizational, and social measures leads to the disclosure of a corporation’s trade secrets by unauthorized persons. Moreover, loss of competitive advantage and damage to the corporate’s financial affairs and reputation may occur. The most important indicators of the study predicting dangers affecting business corporations are the absence of a strategic plan for cybersecurity, inefficient programs for training and cybersecurity awareness, and a lack of secure infrastructure. The vulnerability of business corporations to breaches has many implications. The study shows that cybersecurity governance in turn prepares the corporation to encounter risks targeting its trade secrets. The study finds that there are three integrated elements processes, technology, and persons, for establishing an effective cybersecurity governance program. Accordingly, the main aspects of cybersecurity governance can be employed. The study highlights a range of challenges that business corporations may face when implementing the cybersecurity governance program. These challenges are related to cybersecurity strategy, unified processes, implementation and accountability, senior leadership control, and resources.
22
Górka, Marek. "The Cybersecurity Strategy of the Visegrad Group Countries". Politics in Central Europe 14, n. 2 (1 settembre 2018): 75–98. http://dx.doi.org/10.2478/pce-2018-0010.
Testo completoAbstract (sommario):
Abstract The Visegrad Group is the most dynamic transnational group in the Central and Eastern European region, connecting the Czech Republic, Poland, Slovakia and Hungary. Together these countries have established a useful framework for engaging with and coordinating policy at a regional level. At the same time, they are implementing EU programmes by creating cooperating networks with neighbouring countries based on their common security needs and strategic culture. This article focuses on the cybersecurity policies of the Visegrad Group countries. My analysis aims to reveal similarities and differences among these states that may be crucial for their future cooperation on a joint Central and Eastern European cybersecurity strategy. A cybersecurity strategy is a basic document created in a governmental context that reflects the interests and security rules at work in cyberspace. This document establishes the framework for future legislation, policies/standards, guidelines and other security- and cybersecurity‑related recommendations. This study is also an attempt to assess the development of cybersecurity policies; as such, it provides an opportunity to hypothesise about the future of cybertechnology in the Visegrad Group region.
23
Ng, Artie W., e Benny K. B. Kwok. "Emergence of Fintech and cybersecurity in a global financial centre". Journal of Financial Regulation and Compliance 25, n. 4 (13 novembre 2017): 422–34. http://dx.doi.org/10.1108/jfrc-01-2017-0013.
Testo completoAbstract (sommario):
Purpose This paper aims to explore how the regulator of a global financial centre (GFC) under an international trend of adopting emerging technologies for financial services (Fintech) articulates such opportunities and risks strategically. Design/methodology/approach With a literature review on the global regulatory environment and the underlying risks related to Fintech, it looks into the formulation and implementation of complementary regulatory policies in the case of Hong Kong as a GFC. Relevant policy documents disclosed by the financial regulator on cybersecurity and pertinent issues are examined. Findings Adopting a strategic approach that seizes opportunities associated with Fintech, the financial regulator harnesses comprehensive risk-based mechanisms to embrace exposures to cyber risks while promoting institutionalization of cybersecurity among the regulated firms with strategic controls. This study suggests a pathway for the evolution of a profession with both technical and ethical competence for mitigating the emerging risks arising from Fintech. However, such an approach is yet to be tested with respect to efficacy for the unexplored territories of fraud exposures, resulting from swift Fintech developments across borders. Research limitations/implications As Fintech has only emerged rapidly in the recent years, it is not conclusive in this review of performance and effectiveness of the financial regulator in its strategic approach. Further studies may utilize a longitudinal method to analyze and examine the regulatory measures undertaken by financial regulators in various GFCs. Originality/value This study reveals a strategic approach adopted by an emerged GFC in embracing Fintech innovation that however brings about unidentified risks and potential frauds to its financial services sector. Pertinent anti-fraud and cybersecurity measures are highlighted.
24
Simon, Jay, e Ayman Omar. "Cybersecurity investments in the supply chain: Coordination and a strategic attacker". European Journal of Operational Research 282, n. 1 (aprile 2020): 161–71. http://dx.doi.org/10.1016/j.ejor.2019.09.017.
Testo completo
25
Sebekin, S. "Choosing between Persistent Engagement and Deterrence in the American Cyber security Strategy". International Trends / Mezhdunarodnye protsessy 18, n. 3 (2020): 96–125. http://dx.doi.org/10.17994/it.2020.18.3.62.3.
Testo completoAbstract (sommario):
The article examines the adoption by the United States of a new policy for ensuring cybersecurity, a strategy of peristent engagement in cyberspace, and how it is related to the strategy of cyber deterrence that remained dominant for a long time. The strategy of persistent engagement implies the constant conduct of cyber operations that do not reach the level of an armed conflict and combining purely defensive activities with offense. Such strategy is designed to prevent US rivals from carrying out malicious actions in cyberspace and to preserve strategic advantages of the United States by imposing additional costs on opponents and creating tactical friction for them. According to experts, persistent engagement perfectly suits the unique characteristics of cyberspace (interconnectedness and the condition of constant contact), unlike a strategy of deterrence that is suitable for traditional areas of military operations. Nevertheless, the US leadership is not ready to abandon the cyber deterrence strategy, and it is looking for ways to conceptually combine the two strategies. The paper presents the key characteristics of persistent engagement, some of which are: 1) cyber operations do not reach the level of an armed conflict; 2) persistent engagement is not an armed conflict; 3) creating "tactical friction" and imposing costs on US opponents; 4) preventive defense. Expert opinions on the prospects of persistent engagement are presented and analyzed. The paper demonstrates the analysis potential advantages and drawbacks of this approach. American specialists expect that persistent engagement will lead to an automatic formation of criteria for acceptable behavior in the process of strategic competition. Among the obvious drawbacks of the analyzed approach, one can single out a possible international escalation due to its application. The author analyzes the transformation of the “conceptual” status of cyberspace and the institutional changes, caused by this new strategic approach. The conclusions regarding the prospects for this strategy are ambiguous. Its effectiveness, safety and risks will become known only with time during the actual application of this strategy and the accumulation of empirical experience. The relevance of the work is due to the current strategic situation between the United States and Russia. Understanding the United States' approaches to cybersecurity and the key strategic changes in them is crucial not only to formulate Russia`s cybersecurity policy, but also to build a constructive dialogue with the United States on cybersecurity issues.
26
Diorditsa, I. V. "ADMINISTRATIVE AND LEGAL CONTENT OF THE NATIONAL CYBERSECURITY SYSTEM AS A COMPONENT OF THE NATIONAL SECURITY SYSTEM OF UKRAINE". Actual problems of native jurisprudence 1, n. 1 (4 marzo 2021): 79–83. http://dx.doi.org/10.15421/392117.
Testo completoAbstract (sommario):
The article offers for consideration the author's results of determining the conceptual provisions of the administrative and legal content of the national cybersecurity system as a component of the national security system of Ukraine. The content of the current state of state policy in the field of formation of the cybersecurity system is considered. Theoretical and practical aspects of organizational support of the cybersecurity system are analyzed. General and special subjects of cybersecurity are identified. The own vision of the following main elements in the system of cyber security of Ukraine (according to the main types of threats to cybersecurity) is proposed: 1) national system of combating cybercrime; 2) national system for combating cyberterrorism; 3) a nationwide system for combating cyber espionage; 4) national system of counteraction to information wars and new complex types of threats, including hybrid wars; 5) national system of cyber protection of national critical infrastructure. The administrative and legal understanding of the concept of national cybersecurity system is established – a set of special subjects of the national cybersecurity system, means and methods used by them, as well as a set of relevant interconnected information, cybernetic, legal, organizational, technical and strategic communications measures carried out by them. It is concluded that since the national security system is multicomponent, there is a need for a special subsystem, the purpose of which would be to ensure the functioning and development of this system, ie to ensure the viability of its system-forming elements, including national interests, society, state. Such a system is the national security system, as well as the national cybersecurity system. These factors confirm the conclusion that the national cybersecurity system is considered not only as a subsystem of the state information policy, but also primarily as a component of the national security system of Ukraine.
27
Jaquire, Victor, e Basie von Solms. "A Strategic Framework for a Secure Cyberspace in Developing Countries with Special Emphasis on the Risk of Cyber Warfare". International Journal of Cyber Warfare and Terrorism 5, n. 1 (gennaio 2015): 1–18. http://dx.doi.org/10.4018/ijcwt.2015010101.
Testo completoAbstract (sommario):
The objective of this paper is to provide a strategic framework for a secure cyberspace in developing countries, taking cognisance of the realities and constraints within a developing milieu; and to discuss if the risk of cyber warfare and related techniques against developing countries should be addressed within ‘The Framework'. Cybersecurity policies and related strategies are required for developing countries in order to effectively safeguard against cyber related threats (the same as for developed countries). These policies and strategies for developing countries will differ from those of developed countries due to the unique realities within a developing world. Africa in specific is presently seen as a hotbed for cybercrime, and one of the reasons is that many African countries do not have a proper framework, policies and procedures to properly protect cyberspace. Experience has also shown that a pure adoption by developing countries of the cyber frameworks of developed nations will not always be effective, especially due to the unique requirements and realities within developing worlds, such as limited resources, infrastructure, technologies, skills and experience. It is also necessary when talking about a strategic framework to secure cyberspace, to discuss cyber warfare, its general application and its possible utilisation as part of the strategy to protect national critical information infrastructure. This, as part of a developing country's national security strategy in addition to traditional cybersecurity defence measures. The approach taken for the research program, and discussed in this paper, is based on a comprehensive literature study on several existing cybersecurity policies and strategies from both developed and developing countries. From this the drivers / elements for national cybersecurity policies and strategies were identified. These drivers were than adapted to specifically relate to the requirements of developing countries, and then, utilising the identified and adapted drivers, our strategic framework for developing countries to secure their cyberspace was developed. This document will be very useful for those African countries venturing into defining relevant policies and procedures.
28
Diffee, Erica, e Pratim Datta. "Cybersecurity: The Three-headed Janus". Journal of Information Technology Teaching Cases 8, n. 2 (novembre 2018): 161–71. http://dx.doi.org/10.1057/s41266-018-0037-7.
Testo completoAbstract (sommario):
Multiple entities define the stage: Ayn, an accomplished CIO; James, an idealistic CEO; Kira, an unscrupulous hacker; Randcom, a rail company; and Zuidia, a country reinventing itself. These entities intersect in a tense cybersecurity gameplay. A cyber-attack rages across multiple fronts, targeting Randcom's technology, processes, and people, suddenly delivering a staggering blow to the company. Ayn stands in the eye of the storm, figuring a path forward. This cybersecurity case study offers an active learning and role-playing experience for students. Immersing the student in the anatomy of a cybersecurity attack, this case converges various perspectives: the hacker, the company, and the macro environment (e.g., country culture). In the process, this case highlights conflicting strategic choices and opportunity costs of decisions in an environment that requires a company to be both competitive and yet secure across three cybersecurity facets: technology, processes, and people. This case could be used as a class discussion and exercise as well as a role play with multiple protagonists. Specific roles include the CEO, the CIO, the hacker, and the CFO. This case brings together multiple viewpoints, often conflicting, representative of real-life decisional and ethical dilemmas in the context of a company. This case, further contextualized using a developing country as the backdrop, adds an additional layer of decisional trade-offs. Nonetheless, this case is representative of IS and cybersecurity decision making in a company, regardless of the type of country.
29
Szádeczky, Tamás. "Governmental Regulation of Cybersecurity in the EU and Hungary after 2000". Academic and Applied Research in Military and Public 19, n. 1 (2020): 83–93. http://dx.doi.org/10.32565/aarms.2020.1.7.
Testo completoAbstract (sommario):
The term information security evolved to cybersecurity nowadays, which emphasises the interdependence of information assets and the importance of cyber-physical systems. Parallel to this, the need for appropriate management of the EU and government strategies and new public administration tasks also appeared. In the European Union, the first measure concerning this issue was the establishment of the European Union Agency for Network and Information Security (ENISA) in 2004, mostly with consultative tasks. The first official cybersecurity strategy in the EU, called the Open, Safe and Secure Cyberspace, was accepted in 2013. Afterwards, ENISA’s role has been strengthened as well as its range of tasks were broadened. Beside the critical infrastructure protection efforts, the Network Information Security (NIS) directive and related legislation were a giant leap towards a common level of cybersecurity in the community. The formation of an EU Cybersecurity Act and filling NIS with more practical guidance is an ongoing process nowadays. Despite being a post-socialist country, Hungary is in the first line of legislation on cybersecurity in the community. Since 2005 there were several government decrees, from 2009 the first act-level rules on the information security of some governmental services. Based on the National Security Strategy, the National Cybersecurity Strategy was formed in 2013. The same year the first information security act applicable to all government, local government, governmental data processing and critical infrastructure service providers has come into force. The alignment of the National Cybersecurity Strategy to NIS directive happens these days. Thus, the regulation of cybersecurity in the EU and in Hungary are heading in the right direction, but the practical implementation today is far away from the strategic objectives. The community is lagging far behind the United States of America and China, just to mention the most important players in the field.
30
Jiang, Tianjiao. "From Offense Dominance to Deterrence: China’s Evolving Strategic Thinking on Cyberwar". Chinese Journal of International Review 01, n. 02 (2 agosto 2019): 1950002. http://dx.doi.org/10.1142/s2630531319500021.
Testo completoAbstract (sommario):
This paper examines China’s strategic thinking on cyberwar. It has been widely argued that the People’s Liberation Army (PLA) has shown strong interest in launching large-scale cyberattacks against the US during warfare or peacetime. However, such views ignore the fact that the PLA must restrain itself due to the uncertainties of cyberattack, such as collateral damage, blowback, and escalation. In fact, Chinese experts follow US perceptions and cyberwar practices very closely, which has contributed to Beijing’s evolving strategic thinking over the past decades. From the 1990s to early 2000s, the “ideology of offense” was the PLA’s primary approach to the “informationization leaping forward”. Due to the shock of the Gulf War, most of the military strategists advocated cyber offense in order to catch up with the new round of revolution in military affairs. However, after 2008, both military and civilian experts started to increasingly question the effectiveness of cyberattack after studying their peers’ criticism against cyber deterrence in the US. There was no consensus on national cybersecurity strategy until 2015 when there was a call for China to develop a cyber deterrence strategy as a reaction to the further development of cyber deterrence by the US. The latest Chinese official documents on cybersecurity have reflected the shift of its strategic thinking.
31
Burrell, Darrell Norman. "Teaching Graduate Technology Management Students With Innovative Learning Approaches Around Cybersecurity". International Journal of ICT Research in Africa and the Middle East 9, n. 1 (gennaio 2020): 82–90. http://dx.doi.org/10.4018/ijictrame.2020010105.
Testo completoAbstract (sommario):
Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cybersecurity related roles. Colleges and universities have created certificates, undergraduate, and graduate programs to train professionals in these job roles. This issue becomes more complicated when you explore the that competent workers in this field need more than just book knowledge to be effective. Engaged and experiential learning approaches encourages experimentation and expanding teaching cybersecurity beyond the use of just classroom lectures, textbooks, and PowerPoint slides. The use of experiential and scenario-based learning approaches helps students to develop real-world problem solving and critical thinking skills that demonstrate expertise beyond course grades and degrees. Developing the ability to strategic and adaptive is vital to be effective. This case study research intends not to reconstitute theory but to influence the practice of cybersecurity education through the use of innovative applied and engaged learning approaches.
32
Danуk, Y., e S. Vdovenko. "PROBLEMS AND PROSPECTS OF ENSURING A STATE CYBER DEFENSE". Collection of scientific works of the Military Institute of Kyiv National Taras Shevchenko University, n. 66 (2019): 75–90. http://dx.doi.org/10.17721/2519-481x/2020/66-08.
Testo completoAbstract (sommario):
The growing role and importance of solving the problems of cybersecurity and cyber defense is due to the innovative development of information, electronic and cyber technologies, which are the driving force behind a number of trends in military affairs. Due to the formation and recognition of the artificial fifth space - cyberspace, as a separate area of struggle between states, including armed confrontation, issues of cybersecurity and cyber defense have become urgent in ensuring national security and defense of developed states, which pay special attention to the formation and development of cybersecurity and cyber defense systems as the main factor achievements of military-strategic superiority in ensuring national security and defense in modern variables and future conditions. The article analyzes the general principles of building cybersecurity and cyber defense systems of the advanced states of the world in the context of the possibility and expediency of introducing their experience in Ukraine; analysis of the conditions, current status and problematic issues of the formation of cybersecurity and cyber defense systems in Ukraine. In particular: the lack of basic theoretical and applied provisions for the formation of a cyber defense system; lack of a national military command and control agency in the field of cyber defense; the dispersed efforts of various military organizational structures in solving cybersecurity problems and the lack of formulated cyber defense tasks. The most rational option of creating systems and structures of cybersecurity and cyber defense of Ukraine with subsystems of education and science is proposed, which, in accordance with modern development trends, taking into account the military-political situation, national interests and legislation, will provide informational, cybernetic and cognitive superiority over the enemy and will contribute to the practical implementation of the concept of “smart defense” adopted in NATO countries.
33
Zvozdetska, Oksana. "EU Cybersecurity in the Context of Increasing Cyberthreats in the Modern Globalized World". Mediaforum : Analytics, Forecasts, Information Management, n. 7 (23 dicembre 2019): 27–46. http://dx.doi.org/10.31861/mediaforum.2019.7.27-46.
Testo completoAbstract (sommario):
The article is an attempt to analyze the EU’s ever-increasing cybersecurity challenges in today’s globally digitalized world. The researcher remarks that since 2013 the European Union has been pursuing the policy of developing awareness of cyber-attacks targeting and beefing-up restrictive measures. The author underlines that the European Council has adopted the regulation known as the Cybersecurity Act to become more cyber-proof. This is evidenced by a number of studies carried out within the EU as well as that this legal regulation facilitated imposing targeted restrictive measures to deter and respond to cyber-attacks in EU and abroad. Furthermore, the EU cybersecurity market is one of the fastest growing in the ICT sector, providing huge economic opportunities. Underpinning the cybersecurity industry will enable European companies to take advantage of these opportunities and increase citizens and businesses’ confidence in the digital world, while significantly contributing to the goals of the EU Digital Single Market Strategy. Broadly speaking, the problem can be addressed by such strategic priorities for enhancing EU cybersecurity as followed: achieving cyber resilience; dramatically reducing cybercrime; elaborating the common cybersecurity and defence policy; developing industrial and technological resources to ensure cybersecurity; establishing coordination mechanisms to prevent, detect, mitigate and respond to cyber bullying and information security as well as improving engagement with the private sector to enhance cybersecurity. The ultimate goal of the above-mentioned EU strategy appeared to be a Public Private Partnership (cPPP) that was concluded on 5 July, 2016 between the European Commission and the European Cyber Security Organization (ECSO). The objective of such partnership is to ensure awareness and resilience in an increasingly multifaceted cyber threat environment and to foster collaboration between public and private actors in the early stages of the research and innovation process to enable the EU Internet users to access secured innovative and credible European solutions (ICT products, services and software).
34
Ross, Lester, e Kenneth Zhou. "China issues new cybersecurity review measures". Journal of Investment Compliance 22, n. 1 (1 aprile 2021): 47–52. http://dx.doi.org/10.1108/joic-10-2020-0039.
Testo completoAbstract (sommario):
Purpose To describe and analyze the implications of the new Measures (the “Measures”) for Cybersecurity Review jointly promulgated on April 27, 2020 by twelve Chinese government departments led by the Cyberspace Administration of China (CAC). Design/methodology/approach Defines the scope of the Measures, explains the functions and obligations of critical information infrastructure operators (each, a CIIO), outlines the self-assessment and cybersecurity review process and discusses the implications of the Measures for foreign companies doing business in China. Findings The Measures impose an obligation on CII operators to apply for a cybersecurity review when they intend to procure network products and services that present or may present a national security concern. Such review will focus not only on national security and data leakage concerns, but also on supply-chain security concerns. The cybersecurity review will likely further the decoupling between China and the US. Practical implications While the Measures are not formally intended to discriminate against foreign products and services, the promulgation of the Measures will have a significant impact on foreign companies that supply network products or services to CII operators in China. Originality/value Practical guidance from lawyers with extensive experience in advising Chinese, US, European and other companies on laws and regulations related to competition, cross-border investments, joint ventures, strategic alliances and international trade matters.
35
Smith, Kane J., e Gurpreet Dhillon. "Assessing blockchain potential for improving the cybersecurity of financial transactions". Managerial Finance 46, n. 6 (2 ottobre 2019): 833–48. http://dx.doi.org/10.1108/mf-06-2019-0314.
Testo completoAbstract (sommario):
Purpose Blockchain holds promise as a potential solution to the problem of cybersecurity in financial transactions. However, difficulty exists for both the industry and organizations in assessing this potential solution. Hence, it is important to understand how organizations in the financial sector can address these concerns by exploring blockchain implementation for financial transactions in the context of cybersecurity. To do this, the problem question is threefold: first, what objectives are important based on the strategic values of an organization for evaluating cybersecurity to improve the security of financial transactions? Second, how can they be used to ensure the cybersecurity of financial transactions in a financial organization? Third, how can these objectives be used to evaluate blockchain as a potential solution for enhancing the cybersecurity of organizations in the financial sector relative to existing cybersecurity methods? The paper aims to discuss this issue. Design/methodology/approach To accomplish this goal we utilize Keeney’s (1992) multi-objective decision analytics technique, termed value-focused thinking (VFT), to demonstrate how organizations can assess a blockchain solution’s value to maximize value-add within financial organization. Findings The presented model clearly demonstrates the viability of using Keeney’s (1992) VFT technique as a multi-criteria decision analysis tool for assessing blockchain technology. Further, a clear explanation of how this model can be extended and adapted for individual organizational use is provided. Originality/value This paper engages both the academic literature as well as an expert panel to develop an assessment model for blockchain technology related to financial transactions by providing a useful method for structuring the decision-making process of organizations around blockchain technology.
36
Ogbanufe, Obi, Dan J. Kim e Mary C. Jones. "Informing cybersecurity strategic commitment through top management perceptions: The role of institutional pressures". Information & Management 58, n. 7 (novembre 2021): 103507. http://dx.doi.org/10.1016/j.im.2021.103507.
Testo completo
37
Fedotova, G. V., e D. D. Tkachenko. "Reinforcing the cyber resilience of a credit institution in Industry 4.0". National Interests: Priorities and Security 16, n. 6 (16 giugno 2020): 998–1012. http://dx.doi.org/10.24891/ni.16.6.998.
Testo completoAbstract (sommario):
Subject. The article discusses the modeling of preventive protection of IT systems and evaluates their cyber resilience. Objectives. The study evaluates the existing threats and determines how informatization processes may unfold in the credit segment. Methods. Research is based on methods of regulatory and legislative analysis. We evaluate today’s public administration of cybersecurity in the financial and credit sector. To give a view of the existing situation and sum up the sector’s performance for the recent years, we performed the content analysis of statistics on data hacking and leakages. Results. The article highlights new trends in the financial and credit sector and the growing complexity of data security systems. As proposed by the Bank of Russia, the integration of smart technologies is showed to reinforce the cybersecurity of banking systems. Conclusions and Relevance. The informatization of all banking operation systems, growing complexity of procedures and work logs require new robust resources to be integrated into financial technologies. Stronger cybersecurity should lay a trend in the financial and credit sector in the nearest future. The findings can be used to flag strategic milestones of the banking development in the information-driven society.
38
Kosiński, Jerzy, Tomasz Gontarz e Robert Kośla. "Cybersecurity and the Handling of Cyber Incidents". Internal Security 10, n. 2 (16 settembre 2019): 107–28. http://dx.doi.org/10.5604/01.3001.0013.4219.
Testo completoAbstract (sommario):
The article presents interpretations of the concepts of cybersecurity and cybercrime as well as the abuse of the term cybernetic. The author refers to information as a new “centre of gravity” of the nation’s power and special attention is paid to activities aimed at ensuring a high level of information security in Poland. The assumptions of the draft Act on the national cybersecurity system are described and particular emphasis is placed on the issues of technical and organisational reporting and the handling of ICT security incidents. The author points out that handling incidents violating cyber security at a strategic level for a country ought to be considered as an intentional action of a definite and repeatable character. Here the reference to the ISO/IEC standards and recommendations can be found. Moreover, behaviours related to securing digital evidence after an incident, including the so-called good practice in relation to the reaction in the event of an incident, are presented. A simplified procedure for securing computer hardware, as a recommended method of action in case of the triage and live data forensics, are suggested in the article. The recommendations of the FORZA methodology and frameworks are also discussed. When summarising, the author underlines that it is essential to prepare appropriate procedures and personnel for the broadly understood handling of incidents violating cybersecurity. This includes protection of digital evidence according to the procedures, good practice and suggestions contained in normative documents, as well as implementing cybersecurity policy, bringing legislation into line with international standards and educating users and the judiciary.
39
Montagnani, Maria Lillà, e Mirta Antonella Cavallo. "Cybersecurity and Liability in a Big Data World". Market and Competition Law Review 2, n. 2 (1 ottobre 2018): 71–98. http://dx.doi.org/10.7559/mclawreview.2018.325.
Testo completoAbstract (sommario):
The interplay between big data and cloud computing is at the same time undoubtedly promising, challenging and puzzling. The current technological landscape is not without paradoxes and risks, which under certain circumstances may raise liability issues for market operators. In this article we illustrate the several challenges in terms of security and resilience that market operators face as their overcoming is of strategic importance for businesses wishing to be deemed privacy-respectful and reliable market actors. After a brief overview of the potentialities and drawbacks deriving from the combination of big data and cloud computing, this article illustrates the challenges and the obligations imposed by the European institutions on providers processing personal data – pursuant to the General Data Protection Regulation – and on providers of digital services and essential services – according to the NIS Directive. We also survey the European institutions’ push towards the development and adoption of codes of conduct, standards and certificates, as well as their last proposal for a new Cybersecurity Act. We conclude by showing that, despite this articulate framework, big data and cloud service providers still leverage on their strong market power to use “contractual shields” and escape liability.
40
Hennecken, Dennis G. "Beyza Unal: Cybersecurity of NATO’s Space-based Strategic Assets. London: Chatham House, Juli 2019". SIRIUS – Zeitschrift für Strategische Analysen 4, n. 2 (26 maggio 2020): 227–28. http://dx.doi.org/10.1515/sirius-2020-2027.
Testo completo
41
Rajan, Rishabh, Nripendra P. Rana, Nakul Parameswar, Sanjay Dhir, Sushil e Yogesh K. Dwivedi. "Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management". Technological Forecasting and Social Change 170 (settembre 2021): 120872. http://dx.doi.org/10.1016/j.techfore.2021.120872.
Testo completo
42
Amadi Chukwuemeka Augustine, Juliet Nnenna Odii e Stanley A Okolie. "From keyboard to cloud-base network revamped data lifecycle cybersecurity". World Journal of Advanced Research and Reviews 11, n. 3 (30 settembre 2021): 226–33. http://dx.doi.org/10.30574/wjarr.2021.11.3.0442.
Testo completoAbstract (sommario):
This paper review seeks to identify the need for a revamped data life cycle security in the era of pervasive threat from skill cyber criminals at this time of internet of things. The motivation is to fill the knowledge gap by presenting some of the ways of data leakages and the likely protection in the organization. The aim is to present a good practice that encourages data confidentiality, acceptable use policy, knowledge of personnel and physical security policy. The building blocks of information security infrastructure across the entire organization is implemented by Enterprise Security Architecture. Rather than focus on individual functional and non-functional components in an individual application, it focuses on a strategic design for a set of security services that can be leveraged by multiple applications, systems, or business processes.
43
He, Chris Zhijian, Tracie Frost e Robert E. Pinsker. "The Impact of Reported Cybersecurity Breaches on Firm Innovation". Journal of Information Systems 34, n. 2 (31 ottobre 2019): 187–209. http://dx.doi.org/10.2308/isys-18-053.
Testo completoAbstract (sommario):
ABSTRACT Many firms cite cyber risk as a primary risk factor due to the increase in cybersecurity breach (CSB) incidents. Existing research focuses on the negative, short-term impacts from CSBs, but the longer-term impact is still unknown. Our study investigates firms' levels of innovation following a CSB as an important determinant of firm growth and profitability. Examining reported breaches from 2005–2014, we find a 10 percent decline in research and development spending in the year following a CSB. Further investigation indicates that firms for which R&D is not the primary business model drive the results. We also provide evidence of a decrease in patents two years after a breach, an increase in cash holdings in the year after the breach, and a decrease in investment efficiency four years following the breach. Our aggregate results suggest that CSBs are associated with future strategic decisions involving firm-level innovation and investment decisions. Data Availability: Data are available from the public sources cited in the text.
44
Fitzgerald, Brian K., Steve Barkanic, Isabel Cardenas-Navia, Karen Elzey, Debbie Hughes, Erica Kashiri e Danielle Troyan. "The BHEF National Higher Education and Workforce Initiative". Industry and Higher Education 28, n. 5 (ottobre 2014): 371–78. http://dx.doi.org/10.5367/ihe.2014.0224.
Testo completoAbstract (sommario):
Partnerships between higher education and business have long been an important part of the academic landscape, but often they are based on shorter-term transactional objectives rather than on longer-term strategic goals. BHEF's National Higher Education and Workforce Initiative brings together business and academia at the institutional, regional and national levels to create sustainable new opportunities for undergraduates to learn about emerging fields such as data science and analytics, cybersecurity, energy, risk management, and social and mobile technologies through direct engagement with the companies working in these areas. These partnerships are built on a base of evidence, strategic business engagement and design principles that aim to align needs with existing and enhanced capacity.
45
Proshchyn, Ihor, e Volodymyr Shypovskyi. "Cyber security in the national security & defence sector of Ukraine: todayʼs challenges and ways to avoid possible threats". Journal of Scientific Papers "Social development and Security" 10, n. 1 (29 febbraio 2020): 3–8. http://dx.doi.org/10.33445/sds.2020.10.1.1.
Testo completoAbstract (sommario):
Development of strategic communications is necessary for the effective preparation and use of the Armed Forces, for the coordination of actions of state bodies in defence matters, as well as for the purpose of forming and strengthening the confidence of Ukrainian society in the stateʼs military policy. The basic elements of strategic communications of the Ministry of Defence and the Armed Forces are public relations, public relations in the military sphere, public diplomacy, information and psychological operations.
In turn, one of the components of the information operations system is cyberspace actions. The strategic importance of actions in cyberspace is due to the fact that cyber threats today, with devastating consequences, pose no less danger than direct military intervention. In 2016, during the Summit of Heads of State and Government of the North Atlantic Treaty Organization, the first ever EU-NATO security cooperation agreement was signed, in particular on hybrid wars and cyberattacks. Cyberspace, along with land, air, sea, and space, has been recognized as a new operational space, and cyber-operations (cyberattacks) are an integral part of the hybrid war. Also, cyber weapons in terms of scale of successors are compared with weapons of mass destruction. In this regard, cyber security is one of the top priorities for the state.
The article is devoted to the research of actual problems of providing the cyber security of the Armed Forces units of Ukraine in the current conditions of development of the information society and during hybrid threats from the Russian Federation side. The authors explain the basic concepts and definitions of the scientific field and explain conceptual approaches to cybersecurity and propose some ways to improve the existing cybersecurity mechanism or how to enhance it.
46
Veselova, Liliya. "IMPROVING UKRAINE'S ADMINISTRATIVE-LEGAL SUPPORT FOR CYBER SECURITY: EU AND NATO EXPERIENCE IN COUNTERING HYBRID CYBER THREATS". PUBLIC ADMINISTRATION AND LAW REVIEW, n. 3 (1 ottobre 2020): 67–73. http://dx.doi.org/10.36690/2674-5216-2020-3-67.
Testo completoAbstract (sommario):
The article focuses on the activities of NATO and the European Union, that consider combating hybrid threats a priority for international cooperation. A number of EU documents have been analyzed, which form a clear idea of cyber threats’ hybridity and main directions of administrative, legal and organizational support of cybersecurity, in particular, on combating hybrid cyber threats in the European Union. Based on the analysis, that at the present stage of development of society the bases were formed on the establishment of a sustainable perception of the risk problem as one of the forming factors of the modern and especially the future society, which is also becoming increasingly socially important. The aim of the article: to identify areas for improving the administrative and legal support of cybersecurity in Ukraine by borrowing the experience of the EU and NATO to combat hybrid cyber threats. The research methodology: the system of general scientific and special methods of cognition, namely the formal-legal method, comparative legal method and method of scientific abstraction. It is emphasized that the domestic regulatory framework has significant shortcomings and requires the introduction of appropriate rules for the introduction of risk-based approach in cybersecurity activities in Ukraine, as well as the definition of basic terms («risk-based approach to cybersecurity», «risk-oriented approach to critical infrastructure protection», «risks», «risk management»). The essence and meaning of the term «sustainability», which has gained practical application in strategic documents in the field of security and in essence is the latest concept of modern theory of national security, which has practical significance for state policy in security environment and is important for security practice in cyberspace, because it is the presence of hybrid threats in cyberspace that cannot be prevented, necessitates the formation of a new approach, in particular, the formation of «sustainability», which in turn should be implemented in public cyberspace policy.
47
Romashkina, Nataliya, e Dmitry Stefanovich. "Strategic Risks and Problems of Cyber Security". Voprosy kiberbezopasnosti, n. 5(39) (2020): 77–86. http://dx.doi.org/10.21681/2311-3456-2020-05-77-86.
Testo completoAbstract (sommario):
Purpose: To identify the current strategic stability problems associated with the destructive impact of information and communication technologies (ICT) on the basis of analysis and systematization according to various parameters of cyber risks and threats to international security and global stability that can reduce the level of strategic stability and to develop relevant proposals that can lay the foundation for creation of a deterrence policy in the ICT domain. Research method: analysis, synthesis and scientific forecasting, expert assessment, comparative analysis of the cyber domain within the framework of a systematic approach. Result: the article presents analysis and systematization risks and threats to international security and global stability emanating from the cyber sphere according to various parameters. The article proves the impact of the accelerated development of information and communication technologies (ICT) on strategic stability, and that ensuring the cybersecurity of nuclear weapons requires special attention. The global problems of strategic stability at the current stage are posed and the conclusions are that the protection of strategic weapons, early warning systems, air and missile defense, communications, command and control over nuclear weapons from harmful ICTs are the pressing global problems of our time. Specific scenarios of cyber threats leading to a decrease in the level of strategic stability below the necessary and sufficient level have been elaborated, and proposals have been formulated to minimize the corresponding escalation threats. Proposed measures can become a basis for a deterrence policy in the ICT domain, as it was done during the period of bipolarity with regard to nuclear weapons, and become the foundation for broader international agreements on arms control in the so-called nuclear information space of the future.
48
Geada, Nuno. "Management of Change". International Journal of Enterprise Information Systems 17, n. 2 (aprile 2021): 92–104. http://dx.doi.org/10.4018/ijeis.2021040105.
Testo completoAbstract (sommario):
Change management research has been extensively discussed during the latest decades, and management of information systems constantly investigates the importance of IT as a competitive driving tool. With the appearance of this pandemic were triggered many and varied changes in organizations, like hospitals, and in their information system has to adapt to this new reality. In order to adapt to this reality, we can use tools and methodologies, such as ITIL, which can help us to control and trigger control devices in order to minimize the change management impacts in IT caused by the pandemic of COVID-19. One of the areas affected by change management was cybersecurity. The relationships between strategic management, competitive environment, and IT as competitive factors can be supported by a holistic framework for strategic control. Although there are critical factors that depend on related paradigms that cannot be ignored and must be controlled.
49
Roy, Yanina, Olena Riabchun e Valeriy Yermoshin. "MATURITY MODEL OF CYBER SECURITY SYSTEM OPPORTUNITIES AT CRITICAL INFRASTRUCTURE FACILITIES OF THE ES-C2M2 ENERGY SECTOR". Cybersecurity: Education, Science, Technique 2, n. 10 (2020): 67–74. http://dx.doi.org/10.28925/2663-4023.2020.10.6774.
Testo completoAbstract (sommario):
Currently, a large set of IS maturity assessment models based on similar principles is available for both commercial and government organizations and institutions. At the same time, the actual use of such models is quite limited, primarily due to the weak attachment to the characteristics of specific organizations. This problem is partially solved by adapting existing approaches in the form of industry models (for example, ES-C2M2 for companies in the energy sector, ONG-C2M2 for companies in the oil and gas sector). Moreover, the emergence of a new model is very likely, which includes not only qualitative analysis through a set of characteristics / domains, but also a quantitative assessment of cybersecurity, which will use the assessment for both strategic and operational planning, as well as create an advanced expert analytical system . The best solution today is to start implementing any of the existing evaluation models with further adaptation and expansion for your own needs. Similar principles of model building will allow in the future to migrate painlessly to a more appropriate, while the experience gained in the assessment, as well as statistics will judge the progress of IS processes in the enterprise, and, importantly, in a convenient and understandable for senior management. The ES-C2M2 Cyber Security Maturity Model can significantly help energy sector organizations to assess and improve their cybersecurity areas. The ES-C2M2 Capability Maturity Model is part of the DOE Cybersecurity Capability Maturity Program (C2M2) and was developed to address the unique characteristics of the energy subsector. The opportunity maturity model is a tool for self-assessment to measure and improve their cybersecurity areas. International standards and practices in the field of information security recommend that organizations when planning IS activities to assess the current state of IS and set a target for the near future, the achievement of which will allow the company to effectively address existing threats and respond to new challenges and threats of IS.
50
Tkach, Yuliia. "CONCEPTUAL MODEL OF CYBER SPACE SECURITY". Technical Sciences and Technologies, n. 4(22) (2020): 96–108. http://dx.doi.org/10.25140/2411-5363-2020-4(22)-96-108.
Testo completoAbstract (sommario):
Urgency of the research. Public information resources and means of electronic network transactions (servers, routers, remote access servers, communication channels, operating systems, databases and applications) must be protected reliably and efficiently: the price of each "break" of protection is growing rapidly and this growth will continue in the near future.Target setting. Ensuring information security of networks and processing systems is a priority for the state leadership, as the quality and efficiency of strategic decision-making and the effectiveness of their implementation largelydepend on main-taining the confidentiality, integrity and availability of state information resources.Actual scientific researches and issues analysis. Despite the ever-increasing number of publications on information se-curity, the problem of security in cyberspace, especially a state one, remains unresolved.Uninvestigated parts of general matters defining. Currently, in the works of domestic and foreign scientists, insufficient attention is paid to the development of systems and models of cybersecurity of the state.The research objective. The aim of the article is to build a conceptual model of security within cyberspace, which will describe the components of national cybersecurity and will establish the strength of the connection between its relevant com-ponents, as well as determine the level of cybersecurity.The statement of basic materials. Using Euler-Venn diagrams, the cyberspace of the state is graphically represented and a more rigorous description of the model is proposed on the basis of set theory. In general, the conceptual model of cyberse-curity is formed on the basis of three components: a person who processes information, owns it or protects it; regulations that provide legal protection of information; information resources, where the information in need of protection is concentrated, and within which means of information protection function.Conclusions. The article builds a conceptual model of state security, which describes the components of cybersecurity of the state and allows to establish the strength of the connection between its relevant components, as well as to determine the level of cybersecurity.