628 research outputs found
The Common Body of Knowledge: A Framework to Promote Relevant Information Security Research
This study proposes using an established common body of knowledge (CBK) as one means of organizing information security literature. Consistent with calls for more relevant information systems (IS) research, this industrydeveloped framework can motivate future research towards topics that are important to the security practitioner. In this review, forty-eight articles from ten IS journals from 1995 to 2004 are selected and cross-referenced to the ten domains of the information security CBK. Further, we distinguish articles as empirical research, frameworks, or tutorials. Generally, this study identified a need for additional empirical research in every CBK domain including topics related to legal aspects of information security. Specifically, this study identified a need for additional IS security research relating to applications development, physical security, operations security, and business continuity. The CBK framework is inherently practitioner oriented and using it will promote relevancy by steering IS research towards topics important to practitioners. This is important considering the frequent calls by prominent information systems scholars for more relevant research. Few research frameworks have emerged from the literature that specifically classify the diversity of security threats and range of problems that businesses today face. With the recent surge of interest in security, the need for a comprehensive framework that also promotes relevant research can be of great value
Consumer protection in the Kenyan financial sector: A case for a Twin Peaks model of financial regulation
Magister Legum - LLMThe dynamic character of the financial services industry necessitates frequent appraisal of the
regulation of the sector. The main objectives for regulation of the financial sector include
financial stability, promotion of competition and protection of the consumers. In ensuring
consumer protection, there is need to balance this with all the other objectives to ensure optimal
protection in the entire financial sector. This can be difficult as it is mostly dependent on the
regulatory framework in the financial sector for the basic reason that most of the failures are
associated with regulation. Key to the challenges is that consumer protection is served by
measures that ensure proper conduct on the part of the service providers. Interests of the
providers of the financial services may thus not be sufficiently aligned with those of the
consumers of the products.
There are three common models of financial regulation. They are the sectoral model, unified or
integrated model and the Twin Peaks model. The financial sector in Kenya follows a sectoral model. It is a hodgepodge of institutional and functional regulation. There are five (5)
government agencies that regulate specific segments of the financial sector with each of the
regulators being established to operate independently within the permits of an Act of Parliament.
This is without mentioning the many other segments that have no specific regulators
Kenya Financial Sector Stability Report, 2013
The report presents trend analysis and in-depth assessment of the global and domestic macro-financial developments affecting and emanating from the macroeconomy and the financial system. It analyses the performance and interactions involving the real economy, financial markets, financial institutions, financial infrastructure, and review of the legal and policy frameworks in 2013
A Draft Model Curriculum for Programs of Study in Information Security and Assurance
With the dramatic increase in threats to information security, there is a clear need for a corresponding increase in the number of information security professional. With a lack of formal curriculum models, many academic institutions are unprepared to implement the courses and laboratories needed to prepare this special class of information technologist. This paper provides an overview of lessons learned in the implementation of both individual courses and a degree concentration in information security. It refers to a more comprehensive document, available on the Web, which includes the methodology used in developing the curriculum, individual course syllabi for recommended components, and laboratory development and implementation recommendations
Maintaining a Cybersecurity Curriculum: Professional Certifications as Valuable Guidance
Much has been published about developing a cybersecurity curriculum for institutes of higher learning (IHL). Now that a growing number of IHLs globally offer such programs, a need exists on how to guide, maintain, and improve the relevancy of existing curricula. Just as cybersecurity professionals must hone their skills continually to keep up with a constantly shifting threat landscape, cybersecurity programs need to evolve to ensure they continue to produce knowledgeable graduates. In this regard, professional certifications in the cybersecurity industry offer an opportunity for IHLs to maintain a current curriculum. Governing bodies that manage professional certifications are highly motivated to ensure their certifications maintain their currency in the competitive marketplace. Moreover, employers who hire security professionals look for certifications in assessing a candidate’s overall credentials. This paper attempts to fill a void in the literature by exploring the use of professional certifications as helpful input to shaping and maintaining a cybersecurity curriculum. To this end, we offer a literature analysis that shows how changes made to professional certifications are applicable and relevant to maintaining a cybersecurity curriculum. We then provide a case study involving an undergraduate cybersecurity program in a mid-sized university in the United States. Before concluding, we discuss topics such as experiential learning, cybersecurity capstone courses, and the limitations to our approach. Keywords
Exploring key elements for e-trasformation in commercial banks in Kenya
A research report submitted to the Faculty of Humanities,
University of the Witwatersrand, in partial fulfilment of the requirements for the degree of Master of Arts (in the field of ICT Policy and Regulation). 9th August 2016.Digital transformation on a national level is a framework that has been applied to a number of different contexts. Studies in both developed and developing countries have exhibited digital transformation in a manner that reflects its applicability across contexts and scenarios. However, this research explored what happens when the same is applied to organizational contexts in a developing country. The research did not divert too far from the national application of a digital transformation framework, but merely sought to incorporate the organizational perspective, and the different considerations that arise in commercial banks in Kenya; an area which was previously under-explored. A conceptual framework was developed to study only particular elements of digital transformation from qualitative analysis and different sources of data. The findings of this study illustrated that there is a huge uptake of technologies in these commercial banks, but also notes a significant number of limitations that currently exist. The report concludes with proposals as to how these limitations can be addressed through various recommendations, and also considers other avenues for improvement, and future research that can later be applied other contexts.GR201
The effect of cyberattacks on European financial institutions: an event study approach
openCyber risk has been a widely debated issue in recent years. The financial world could prove particularly vulnerable when it comes to cyberattacks, given the high level of interconnection between all of the sector’s players. This paper uses the event study methodology to assess the reaction of 15 European financial institutions’ share prices to direct cyberattacks. The same methodology is used for testing the reaction of a sample of 22 financial institutions, based in the Eurozone, to a series of systemic cyberattacks with potential worldwide repercussions. Our research represents an original contribution to the literature in two ways. Firstly, to the best of our knowledge, no authors have previously applied the event study methodology to a sample of shares pertaining exclusively to financial institutions. Even less so to financial institutions exclusively based in the Eurozone. Secondly, to the best of our knowledge, no existing research applied our subdivision between direct and systemic cybersecurity events in a single study. Overall, our study provides empirical evidence on the effect of 14 direct and 3 systemic cyberattacks. These attacks were announced by newspapers between October 2014 and August 2023. This represents an opportunity to update the results of the older event study cybersecurity literature, as well as an opportunity to test the results by more recent studies. The results can also be useful in the interpretation and anticipation of current and future European legislation on cybersecurity. In the case of direct cyberattacks, which explicitly target banks, insurance companies or electronic money institutions, we find that stock prices exhibit negative and significant cumulative abnormal returns. Furthermore, these negative effects become more relevant when considering larger event windows after the attack date. We also divide, in accordance with other studies, direct events between ones that compromise the confidentiality of information and ones that do not. We interestingly find that attacks that do not reveal confidential information have a significant negative effect on their targets. Conversely, cyberattacks that do reveal confidential information held by financial institutions do not have a significant effect on stock prices. Regarding the three systemic events, we find contrasting but interesting results. The breach of a major US bank has an overall negative and significant effect on European companies, in particular the ones based in Italy and Spain. On the other hand, when SolarWinds was discovered to be the vector of a cyberattack on the US Government, no such negative effect was observed. Lastly in the case of the WannaCry ransomware epidemic, we find empirical evidence of negative abnormal returns only for companies based in Germany and Spain.Cyber risk has been a widely debated issue in recent years. The financial world could prove particularly vulnerable when it comes to cyberattacks, given the high level of interconnection between all of the sector’s players. This paper uses the event study methodology to assess the reaction of 15 European financial institutions’ share prices to direct cyberattacks. The same methodology is used for testing the reaction of a sample of 22 financial institutions, based in the Eurozone, to a series of systemic cyberattacks with potential worldwide repercussions. Our research represents an original contribution to the literature in two ways. Firstly, to the best of our knowledge, no authors have previously applied the event study methodology to a sample of shares pertaining exclusively to financial institutions. Even less so to financial institutions exclusively based in the Eurozone. Secondly, to the best of our knowledge, no existing research applied our subdivision between direct and systemic cybersecurity events in a single study. Overall, our study provides empirical evidence on the effect of 14 direct and 3 systemic cyberattacks. These attacks were announced by newspapers between October 2014 and August 2023. This represents an opportunity to update the results of the older event study cybersecurity literature, as well as an opportunity to test the results by more recent studies. The results can also be useful in the interpretation and anticipation of current and future European legislation on cybersecurity. In the case of direct cyberattacks, which explicitly target banks, insurance companies or electronic money institutions, we find that stock prices exhibit negative and significant cumulative abnormal returns. Furthermore, these negative effects become more relevant when considering larger event windows after the attack date. We also divide, in accordance with other studies, direct events between ones that compromise the confidentiality of information and ones that do not. We interestingly find that attacks that do not reveal confidential information have a significant negative effect on their targets. Conversely, cyberattacks that do reveal confidential information held by financial institutions do not have a significant effect on stock prices. Regarding the three systemic events, we find contrasting but interesting results. The breach of a major US bank has an overall negative and significant effect on European companies, in particular the ones based in Italy and Spain. On the other hand, when SolarWinds was discovered to be the vector of a cyberattack on the US Government, no such negative effect was observed. Lastly in the case of the WannaCry ransomware epidemic, we find empirical evidence of negative abnormal returns only for companies based in Germany and Spain
Perceived Security of E-Learning Portal
Information technology has made e-learning possible and available on a large
scale. Learning management system (LMS) has been widely used and is accessible
through the Internet. However, LMS are exposed to various threats. Proper
understanding of the threats is required. Furthermore strategy and best
practices countermeasures will ensure a safe learning environment. Therefore,
this study looks into the information security aspect of LMS. Specifically,
there are two main purposes of this study. First, this study provides a review
of information security in e-learning environments and explains the importance
of information security. Second, this study looks at how student perceived the
security of their e-learning portal. A total of 497 students responded to a
survey questionnaires. Frequencies analysis was conducted to show the profile
of the respondent. Overall, respondent has strong positive perceptions towards
security of their LMS. This study serve as an introduction which help LMS
administrator to understand the issues and possibilities related to the safety
of LMS
Crafting an Undergraduate Information Security Emphasis Within Information Technology
Universities have only recently created an undergraduate course in information security (or related topics) but few have implemented an emphasis or comprehensive program at the undergraduate level. This article explores the creation of an undergraduate emphasis in information security at Weber State University (WSU) within the John B. Goddard School of Business and Economics (JGSBE) that is designed to train students in the skills necessary to implement and manage security. Specifically, the article discusses the skill sets for security management, the lab requirements for the courses in this emphasis and the incorporation of legal elements in the curriculum
- …