Managing Security Objectives for Effective Organizational Performance Information Security Management

Information is a significant asset to organizations, and a data breach from a cyberattack harms reputations and may result in a massive financial loss. Many senior managers lack the competencies to implement an enterprise risk management system and align organizational resources such as people, processes, and technology to prevent cyberattacks on enterprise assets. The purpose of this Delphi study was to explore how the managerial competencies for information security and risk management senior managers help in managing security objectives and practices to mitigate security risks. The National Institute of Standards and Technology framework served as the foundation for this study. The sample was made up of 12 information security practitioners, information security experts, and managers responsible for the enterprise information security management. Participants were from Fortune 500 companies in the United States. Selection was based on their level of experience and knowledge of the topic being studied. Data were collected using a 3 round Delphi study of 12 experts in information security and risk management. Statistical analysis was performed on the collected data during a 3 round Delphi study. The mean, standard deviation, majority agreement, and ranges were used to determine the final concensus for this research study. Findings of this study included the need for managerial support, risk management strategies, and developling the managerial and technical talent to mitigate and respond to cyberattacks. Findings may result in a positive social change by providing information that helps managers to reduce the number of data breaches from cyberattacks, which benefits companies, employees, and customers

Cross-formalism resource discovery in smart environments

Nowadays, the Internet of Things (IoT) is becoming progressively colloquial to media. However, when there are trillions of resources out there, how can we spontaneously specify the resource we need? Therefore, one of the main research questions is the device and service discovery. Many standard web services descriptions are used to describe not only web services but also physical devices. These devices are encapsulated under the web service communication layer to make them available on the Internet. This technique enables automatic discovery, configuration, and execution of resources in dynamic environments. Thus, we focus on the resource description language that allows semantic annotation. Nevertheless, there is no single standard formalism to describe resources. It is more tactful to handle multiple description formalisms simultaneously. This thesis presents a cross-formalism resource discovery technique which utilizes the user context and resources context to improve the recommendation of resources. The discovery process should not be restricted to single resource description formalism. Moreover, the matching algorithm should be user-aware and environmentally adaptive, i.e. depending on the users current situation, rather than limit to keyword-based search. This thesis explains the implementation detail and shows the evaluation of each implemented module. We aimed to prove that the quality of the result is improved significantly compared to conventional discovery techniques. To demonstrate the usability of the proposed method, we deploy it in MERCURY. MERCURY is a platform that allows both businesses to engage with their customers and end users to create custom-made applications. Within the context of MERCURY, registration, assembling, and execution of resources need the automatic resource discovery. Since the implementation of this work is designed to be a standalone service, there is no restriction to use it under the domain of MERCURY