Perceptions and Knowledge of Information Security Policy Compliance in Organizational Personnel

All internet connected organizations are becoming increasingly vulnerable to cyberattacks due to information security policy noncompliance of personnel. The problem is important to information technology (IT) firms, organizations with IT integration, and any consumer who has shared personal information online, because noncompliance is the single greatest threat to cybersecurity, which leads to expensive breaches that put private information in danger. Grounded in the protection motivation theory, the purpose of this quantitative study was to use multiple regression analysis to examine the relationship between perceived importance, organizational compliance, management involvement, seeking guidance, and rate of cybersecurity attack. The research question for this study was focused on the relationship between perceived importance of cybersecurity, senior management involvement, use of organizational ISPC, seeking of information or guidance on cybersecurity, and organizational security breach incidence. Data was collected from the United Kingdom’s 2021 Cyber Security Breaches Survey. Multiple linear regression analysis yielded that the four independent variables were not predictive of instances of cybersecurity breach or attack. The implications for positive social change include the potential to actively promote and publicly address cybersecurity as personal privacy increasing becomes a matter of public safety. One key recommendation is for IT leaders to pursue methodologically rigorous and uniform operationalization throughout IT research and practice, including the pursuit of replicable data of detailed resolution. The results of this study may potentially be used to reduce the risks for cybersecurity breaches, which ultimately contributes to social change by furthering the right of privacy and the protection of personal information

Perceptions and Knowledge of Information Security Policy Compliance in Organizational Personnel

All internet connected organizations are becoming increasingly vulnerable to cyberattacks due to information security policy noncompliance of personnel. The problem is important to information technology (IT) firms, organizations with IT integration, and any consumer who has shared personal information online, because noncompliance is the single greatest threat to cybersecurity, which leads to expensive breaches that put private information in danger. Grounded in the protection motivation theory, the purpose of this quantitative study was to use multiple regression analysis to examine the relationship between perceived importance, organizational compliance, management involvement, seeking guidance, and rate of cybersecurity attack. The research question for this study was focused on the relationship between perceived importance of cybersecurity, senior management involvement, use of organizational ISPC, seeking of information or guidance on cybersecurity, and organizational security breach incidence. Data was collected from the United Kingdom’s 2021 Cyber Security Breaches Survey. Multiple linear regression analysis yielded that the four independent variables were not predictive of instances of cybersecurity breach or attack. The implications for positive social change include the potential to actively promote and publicly address cybersecurity as personal privacy increasing becomes a matter of public safety. One key recommendation is for IT leaders to pursue methodologically rigorous and uniform operationalization throughout IT research and practice, including the pursuit of replicable data of detailed resolution. The results of this study may potentially be used to reduce the risks for cybersecurity breaches, which ultimately contributes to social change by furthering the right of privacy and the protection of personal information

Have You Updated Your Toaster? Transatlantic Approaches to Governing the Internet of Everything

As Internet-connected devices become ubiquitous, it remains an open question whether security— or privacy—can or will scale, or whether a combination of perverse incentives, new problems, and new impacts of old problems like “technical debt” amassing from products being rushed to market before being fully vetted, will derail progress and exacerbate cyber insecurity. This Article investigates contemporary approaches to Internet of Things (IoT) governance through an in- depth comparative case study focusing on the European Union (EU) and the United States. Particular attention is paid to the impact on IoT security of the General Data Protection Regulation (GDPR) and the Network Information Security (NIS) Directive in the EU, and the influence of the U.S. National Institute for Standards and Technology Cybersecurity Framework (NIST CSF), with a focus on mitigating the risk of politically motivated attacks on civilians. We analyze reform proposals and apply lessons from major prior Internet governance debates to argue for a polycentric approach to improving IoT security and privacy in the transatlantic context

Cyber Peace

Cyberspace is increasingly vital to the future of humanity and managing it peacefully and sustainably is critical to both security and prosperity in the twenty-first century. These chapters and essays unpack the field of cyber peace by investigating historical and contemporary analogies, in a wide-ranging and accessible Open Access publication

Positioning diplomacy within a strategic response to the cyber conflict threat

Background. Nation states unleash cyber attacks targeting other nation states (e.g. WannaCry, SolarWinds), termed “offensive cyber operations”. When such aggressions are deemed, according to the UN Charter, to constitute a threat to the peace, breach of the peace, or act of aggression towards a nation state, governments might choose to respond. Responses can range from silence all the way to retaliation, at the other end of the scale. The emergence of cyber diplomacy suggests a less militant and potentially powerful response option. Barrinha and Renard [5] explain that the rise of cyber diplomacy has coincided with “a growing contestation of the values, institutions and power dynamics of the liberal-created cyberspace”. (p.3). The question is: how could cyber diplomacy fit into a strategic threat management plan?Aim. To position cyber diplomacy within a strategic response to nation state offensive cyber operations.Method. To help us to position cyber diplomacy’s role in this domain, we first examine historical cyber conflicts, and governments’ responses to these, as well as testing the factors that might explain response choice. We then review a number of proposed options for managing cyber conflicts.Results. We propose a comprehensive “Five D’s” strategic framework to manage the threat of offensive cyber operations. Cyber diplomacy is included, acknowledging its emerging and potentially powerful role in managing cyber conflicts in the future.Conclusions. Cyber diplomacy has recently emerged and it has not yet been widely deployed. We show how it can be positioned within a strategic framework for managing the threat of offensive cyber operations from other nation states

Operational guidance : the EU’s international cooperation on cyber capacity building

This is the second edition.In the era of digital interdependence, cybersecurity has evolved from a technical and technological issue to a societal need and a multifaceted discipline. The promotion of digital transition and digital society as a key element of the EU’s international cooperation and partnerships has steadily increased the funding for such initiatives. The sustainability of the digital development outcomes and the safe transition to digital societies rely on the cybersecurity and cyber resilience of these processes. Therefore, a concerted effort is necessary to consolidate lessons from the EU’s experience to date – particularly in bridging the development and technical communities – and articulate a systematic methodology that combines the various dimensions of cyber policy with development cooperation principles.This publication was funded by the European Union

Predictors of Email Response: Determinants of the Intention of not Following Security Recommendations

Organizations and government leaders are concerned about cyber incidents. For some time, researchers have studied what motivates people to act in ways that put the confidentiality, integrity, and availability of information in organizations at risk. Still, several areas remained unexplored, including the role of employees’ evaluation of the organizational systems and the role of value orientation at work as precursors of secure and insecure actions in relation to information technologies (information security [IS] action). The objective of this research project was to examine how the evaluations of formal and informal security norms are associated with the intention to follow them and to explore the role of work values, security systems, monitoring employees, and demographics in this association. It is essential to understand the determinants of IS action in the workplace so that interventions aim for organizational behavioral change focusing on a few determinants of IS action. In the execution of the project, several scenarios were formulated. In the scenarios, a character whose actions enact a particular value orientation at work fails to follow security recommendations. Several items were formulated to capture the variables of interest. After ensuring that the materials had good psychometric properties, a sample of 661 U.S. workers was collected and the data submitted to several analyses. The results revealed that the negative evaluation of the importance of security recommendations and the negative evaluation of others relative to following security recommendations were positively associated with the intention of not following those security recommendations. The evaluation of the completeness of security recommendations was negatively associated with the intention of not following them. The perception of others following security recommendations was not associated with the intention of not following them. It was also found that work values, security systems, monitoring, and demographics play a role in the association found. This research project does not support causality but provides evidence of the investigated association. The survey research did not investigate actual actions; however, several precautions were taken to ensure that the results provide preliminary evidence of the precursors of IS action at work

Responsibility for cyberterrorism under international law

https://www.ester.ee/record=b5448046*es