Strategic Management of the Organizations Cybersecurity : Conceptual Model of the Structure, Principles, and the Best Practices for Organizational Cybersecurity Excellence

Top management sees cybersecurity threats as one of the biggest concerns to their organisations and they have a good reason. Cyberattacks are increasing all over the world in scale and in sophistication. Regulators are demanding that organisations protect their user data with severe penalties if organization fails to comply. This study aims to address that concern by studying what has been done lately and based on that understanding by developing a new conceptual model that organisations can use to improve their strategic cybersecurity management. Research starts with two research questions: What is the current situation of the organisations in the field of strategic cybersecurity management? and what kind of models, frameworks, principles, and the practices we need to develop to achieve organizational cybersecurity excellence? This study is conducted by using mixed methods research approach. Starting from extensive literature review and theoretical framework from the latest scientific research by using qualitative research method and continuing with mainly secondary but also primary data collection by using quantitative research method. Both research methods are used to answer same research questions. Comparative and descriptive analysis is used to understand different quantities and perspectives, and to understand current situation in the field strategic cybersecurity management. Based on the literature review, theoretical framework, presented cybersecurity standards and frameworks, in-depth analysis, researcher’s observations, other findings, researcher's empirical experience, and surfaced improvement ideas during this study, a new conceptual strategic cybersecurity management model is developed to improve organisations strategic cybersecurity management. Conceptual model is a framework and contains three strategic choices that can act as guiding principles or practices to improve organisations cybersecurity. Originality of this study is that it proposes three strategic choices that organisations should use to improve their strategic cybersecurity management and to move towards cybersecurity excellence. These three proposed strategic choices are complete ownership which is controversial to current trend, secure by design which is not normally used and border control which can be compared to nations border control but in cyberspace. Model is represented in this study with simple execution examples and does not exclude any other strategic cybersecurity management practices.Organisaatioiden ylin johto näkee kyberturvallisuusuhat yhtenä suurimmista huolenaiheista, ja heillä on siihen hyvä syy. Kyberhyökkäykset ovat lisääntyneet kaikkialla maailmassa niin mittakaavaltaan kuin kehittyneisyydeltäänkin. Sääntelyviranomaiset vaativat organisaatioita suojaamaan käyttäjätietojaan ankarilla rangaistuksilla, mikäli organisaatiot eivät noudata viranomaisten vaatimuksia. Tämä tutkimus pyrkii vastaamaan tähän huolenaiheeseen selvittämällä, että mitä organisaatioissa on viime aikoina tehty? Ja tämän ymmärryksen pohjalta kehittämään uuden konseptuaalisen mallin, jonka avulla organisaatiot voivat parantaa strategista kyberturvallisuuden johtamista. Tutkimus alkaa kahdella tutkimuskysymyksellä: Mikä on organisaatioiden nykytilanne strategisen kyberturvallisuuden johtamisen alalla? ja millaisia malleja, rakenteita, periaatteita ja käytäntöjä meidän on kehitettävä saavuttaaksemme organisaation kyberturvallisuuden huippuosaamisen? Tämä tutkimus on toteutettu kvalitatiivisten ja kvantitatiivisten tutkimusmenetelmien yhdistelmällä. Alkaen laajasta kirjallisuuskatsauksesta ja teoreettisesta viitekehyksestä viimeisimmästä tieteellisestä tutkimuksesta käyttäen kvalitatiivista tutkimusmenetelmää. Ja jatkaen pääosin toissijaisella, mutta myös primäärisellä tiedonkeruulla käyttäen kvantitatiivista tutkimusmenetelmää. Molempia tutkimusmenetelmiä käytetään vastaamaan samoihin tutkimuskysymyksiin. Vertailevaa ja kuvailevaa analyysiä käytetään erilaisten suureiden ja näkökulmien ymmärtämiseen sekä alan strategisen kyberturvallisuuden johtamisen nykytilanteen ymmärtämiseen. Kirjallisuuskatsauksen, teoreettisen viitekehyksen, esitettyjen kyberturvallisuusstandardien ja -kehysten, syvällisen analyysin, tutkijan havaintojen, muiden havaintojen, tutkijan empiirisen kokemuksen perusteella ja tämän tutkimuksen aikana esiin tulleiden parannusideoiden pohjalta kehitetään uusi konseptuaalinen strategisen kyberturvallisuuden johtamismalli organisaatioiden tueksi. Konseptuaalinen malli on viitekehys ja sisältää kolme strategista valintaa, jotka voivat toimia ohjaavina periaatteina tai käytäntöinä parantamaan organisaation kyberturvallisuutta. Tämän tutkimuksen kontribuutio on se, että siinä ehdotetaan kolmea strategista valintaa, joita organisaatioiden tulisi käyttää parantaakseen strategista kyberturvallisuuden johtamista ja siirtyäkseen kohti kyberturvallisuuden huippuosaamista. Nämä kolme ehdotettua strategista valintaa ovat täydellinen omistajuus, joka on kiistanalainen nykytrendille, turvallinen suunnittelu, jota ei tavallisesti käytetä, ja rajavalvonta, jota voidaan verrata maiden rajavalvontaan, mutta kyberavaruudessa. Malli on esitetty tässä tutkimuksessa yksinkertaisilla suoritusesimerkeillä, eikä se sulje pois muita strategisia kyberturvallisuuden johtamiskäytäntöjä

Enterprise risk arising from legacy production systems: a probabilistic perspective

The model of estimation of effective minimization of strategic risks arising at modernization of the software of legacy production systems is presented. It is shown that incompatible hypotheses of strategic risks of the enterprise in the digital economy form a complete group of pairwise incompatible independent events, and their probabilities are found by mathematical methods of processing an inversely symmetric matrix, made by experts in pairwise comparison on a 5-point scale of relative importance errors of calculations of the constructed matrix (no more than 15 %). For these matrices, solutions of characteristic equations are found to determine the maximum values of the eigenvalues of matrices, which appear in the assessment of the adequacy of composite expert matrices together with the corresponding orders of matrices. To substantiate the statistical measurement under the condition of quantitative or qualitative assessment of the risk of occurrence of events, the a priori value of the probabilities of occurrence of risk in the occurrence of events is taken. The full probability formula is the formula for the probability of occurrence of an event of effective minimization of strategic risks. It is shown that to determine the a priori values of conditional probabilities of hypotheses of effective minimization of strategic risks of the enterprise it is necessary to make statistically significant sections of these hypotheses at selected enterprises for several periods, which may be subject to statistical distribution laws. Thus, the presented model for quantitative measurement, comprehensive analysis of the level of software modernization of legacy production systems of the enterprise is the initial theoretical basis for improving the system of strategic management of the enterprise in terms of digitalization

Empowering Communities for Environmental Decision-Making

In this chapter, we discuss the relation between public innovation and the empowerment of local communities. Specifically, we explore the significance of cooperative public innovation efforts for the capability of local communities to participate in environmental decision-making, focusing on the role of environmental information, and information and communication technologies (ICTs). Our case-study is the city of Cleveland (Ohio) in the United States of America where several citizen-government partnerships have emerged on environmental sustainability and in which the access to information is a major element

Understanding SOA Migration Using a Conceptual Framework

Migration of legacy assets to SOA embodies a key software engineering challenge. Over a decade there has been an increasing interest in the approaches addressing SOA migration. These approaches mainly differ in `what is migrated' and `how the migration is performed'. Such differences aggravate achieving a general understanding of `what SOA migration entails'. We describe what such migration process entails and what distinct conceptual elements systematically define the process. Based on the comprising conceptual elements the framework which is considered as a basis for understanding and assessment of different approaches is proposed. Further, the role of the migration framework in positioning and assessing the existing methods, is discussed. Finally, the procedure for positioning and mapping of migration approaches on the framework is explained using two example migration processes

Myths and realities: Defining re-engineering for a large organization

This paper describes the background and results of three studies concerning software reverse engineering, re-engineering, and reuse (R3) hosted by the Internal Revenue Service in 1991 and 1992. The situation at the Internal Revenue--aging, piecemeal computer systems and outdated technology maintained by a large staff--is familiar to many institutions, especially among management information systems. The IRS is distinctive for the sheer magnitude and diversity of its problems; the country's tax records are processed using assembly language and COBOL and spread across tape and network DBMS files. How do we proceed with replacing legacy systems? The three software re-engineering studies looked at methods, CASE tool support, and performed a prototype project using re-engineering methods and tools. During the course of these projects, we discovered critical issues broader than the mechanical definitions of methods and tool technology

Reframing Kurtz’s Painting: Colonial Legacies and Minority Rights in Ethnically Divided Societies

Minority rights constitute some of the most normatively and economically important human rights. Although the political science and legal literatures have proffered a number of constitutional and institutional design solutions to address the protection of minority rights, these solutions are characterized by a noticeable neglect of, and lack of sensitivity to, historical processes. This Article addresses that gap in the literature by developing a causal argument that explains diverging practices of minority rights protections as functions of colonial governments’ variegated institutional practices with respect to particular ethnic groups. Specifically, this Article argues that in instances where colonial governments politicize and institutionalize ethnic hegemony in the pre-independence period, an institutional legacy is created that leads to lower levels of minority rights protections. Conversely, a uniform treatment and depoliticization of ethnicity prior to independence ultimately minimizes ethnic cleavages post-independence and consequently causes higher levels of minority rights protections. Through a highly structured comparative historical analysis of Botswana and Ghana, this Article builds on a new and exciting research agenda that focuses on the role of long-term historio-structural and institutional influences on human rights performance and makes important empirical contributions by eschewing traditional methodologies that focus on single case studies that are largely descriptive in their analyses. Ultimately, this Article highlights both the strength of a historical approach to understanding current variations in minority rights protections and the varied institutional responses within a specific colonial government