10,901 research outputs found
Securing intellectual capital:an exploratory study in Australian universities
Purpose – To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.Design/methodology/approach – We gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. We conducted interviews with key stakeholders in Australian universities in order to validate these links.Findings – Our investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.Research implications – There is a need to acknowledge the different roles played by actors within the university, and the relevance of information security to IC-related preservation.Practical implications – Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.Originality/value – This is one of the first studies to explore the connections between data and information security and the three core components of IC’s knowledge security in the university context
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
Cloud Forensics Investigations Relationship: A Model And Instrument
Cloud computing is one of the most important advances in computing in recent history. cybercrime has developed side by side and rapidly in recent years. Previous studies had confirmed the existing gap between cloud service providers (CSPs) and law enforcement agencies (LEAs), and LEAs cannot work without the cooperation of CSPs. Their relationship is influenced by legal, organisational and technical dimensions, which affect the investigations. Therefore, it is essential to enhance the cloud forensics relationship between LEAs and CSPs. This research addresses the need for a unified collaborative model to facilitate proper investigations and explore and evaluate existing different models involved in the relationship between Omani LEAs and local CSPs as a participant in investigations. Further, it proposes a validated research instrument that can be cloud forensics survey. It can also be used as an evaluation tool to identify, measure, and manage cloud forensic investigations
Strategic Management of the Organizations Cybersecurity : Conceptual Model of the Structure, Principles, and the Best Practices for Organizational Cybersecurity Excellence
Top management sees cybersecurity threats as one of the biggest concerns to their organisations and they have a good reason. Cyberattacks are increasing all over the world in scale and in sophistication. Regulators are demanding that organisations protect their user data with severe penalties if organization fails to comply. This study aims to address that concern by studying what has been done lately and based on that understanding by developing a new conceptual model that organisations can use to improve their strategic cybersecurity management. Research starts with two research questions: What is the current situation of the organisations in the field of strategic cybersecurity management? and what kind of models, frameworks, principles, and the practices we need to develop to achieve organizational cybersecurity excellence?
This study is conducted by using mixed methods research approach. Starting from extensive literature review and theoretical framework from the latest scientific research by using qualitative research method and continuing with mainly secondary but also primary data collection by using quantitative research method. Both research methods are used to answer same research questions. Comparative and descriptive analysis is used to understand different quantities and perspectives, and to understand current situation in the field strategic cybersecurity management.
Based on the literature review, theoretical framework, presented cybersecurity standards and frameworks, in-depth analysis, researcher’s observations, other findings, researcher's empirical experience, and surfaced improvement ideas during this study, a new conceptual strategic cybersecurity management model is developed to improve organisations strategic cybersecurity management. Conceptual model is a framework and contains three strategic choices that can act as guiding principles or practices to improve organisations cybersecurity.
Originality of this study is that it proposes three strategic choices that organisations should use to improve their strategic cybersecurity management and to move towards cybersecurity excellence. These three proposed strategic choices are complete ownership which is controversial to current trend, secure by design which is not normally used and border control which can be compared to nations border control but in cyberspace. Model is represented in this study with simple execution examples and does not exclude any other strategic cybersecurity management practices.Organisaatioiden ylin johto näkee kyberturvallisuusuhat yhtenä suurimmista huolenaiheista, ja heillä on siihen hyvä syy. Kyberhyökkäykset ovat lisääntyneet kaikkialla maailmassa niin mittakaavaltaan kuin kehittyneisyydeltäänkin. Sääntelyviranomaiset vaativat organisaatioita suojaamaan käyttäjätietojaan ankarilla rangaistuksilla, mikäli organisaatiot eivät noudata viranomaisten vaatimuksia. Tämä tutkimus pyrkii vastaamaan tähän huolenaiheeseen selvittämällä, että mitä organisaatioissa on viime aikoina tehty? Ja tämän ymmärryksen pohjalta kehittämään uuden konseptuaalisen mallin, jonka avulla organisaatiot voivat parantaa strategista kyberturvallisuuden johtamista. Tutkimus alkaa kahdella tutkimuskysymyksellä: Mikä on organisaatioiden nykytilanne strategisen kyberturvallisuuden johtamisen alalla? ja millaisia malleja, rakenteita, periaatteita ja käytäntöjä meidän on kehitettävä saavuttaaksemme organisaation kyberturvallisuuden huippuosaamisen?
Tämä tutkimus on toteutettu kvalitatiivisten ja kvantitatiivisten tutkimusmenetelmien yhdistelmällä. Alkaen laajasta kirjallisuuskatsauksesta ja teoreettisesta viitekehyksestä viimeisimmästä tieteellisestä tutkimuksesta käyttäen kvalitatiivista tutkimusmenetelmää. Ja jatkaen pääosin toissijaisella, mutta myös primäärisellä tiedonkeruulla käyttäen kvantitatiivista tutkimusmenetelmää. Molempia tutkimusmenetelmiä käytetään vastaamaan samoihin tutkimuskysymyksiin. Vertailevaa ja kuvailevaa analyysiä käytetään erilaisten suureiden ja näkökulmien ymmärtämiseen sekä alan strategisen kyberturvallisuuden johtamisen nykytilanteen ymmärtämiseen.
Kirjallisuuskatsauksen, teoreettisen viitekehyksen, esitettyjen kyberturvallisuusstandardien ja -kehysten, syvällisen analyysin, tutkijan havaintojen, muiden havaintojen, tutkijan empiirisen kokemuksen perusteella ja tämän tutkimuksen aikana esiin tulleiden parannusideoiden pohjalta kehitetään uusi konseptuaalinen strategisen kyberturvallisuuden johtamismalli organisaatioiden tueksi. Konseptuaalinen malli on viitekehys ja sisältää kolme strategista valintaa, jotka voivat toimia ohjaavina periaatteina tai käytäntöinä parantamaan organisaation kyberturvallisuutta.
Tämän tutkimuksen kontribuutio on se, että siinä ehdotetaan kolmea strategista valintaa, joita organisaatioiden tulisi käyttää parantaakseen strategista kyberturvallisuuden johtamista ja siirtyäkseen kohti kyberturvallisuuden huippuosaamista. Nämä kolme ehdotettua strategista valintaa ovat täydellinen omistajuus, joka on kiistanalainen nykytrendille, turvallinen suunnittelu, jota ei tavallisesti käytetä, ja rajavalvonta, jota voidaan verrata maiden rajavalvontaan, mutta kyberavaruudessa. Malli on esitetty tässä tutkimuksessa yksinkertaisilla suoritusesimerkeillä, eikä se sulje pois muita strategisia kyberturvallisuuden johtamiskäytäntöjä
- …