Regulatory Facilitators and Impediments Impacting Cybersecurity Maturity

Due to society’s increasing reliance on technology (e.g., financial transactions, critical infrastructure, globally-integrated supply chains, etc.), technological disruptions from cyberattacks can have profound implications for virtually all organizations and their stakeholders. In an effort to minimize cyber threats, governments and regulators have been deploying an increasingly comprehensive and complex landscape of regulations; however, the extent to which regulations actually facilitate, or harm, cybersecurity maturity remains nebulous. This research reports the findings of a qualitative study designed to help illuminate this problem space. We interviewed 12 high-ranking experts, associated with a variety of organizations and industries, and analyzed their responses to identify key factors emerging from the data. These factors were found to operate as either facilitators or impediments of cybersecurity maturity. In addition to identifying these factors, we discuss the implications of our findings, limitations, and avenues for future research

Themes in Information Security Research in the Information Systems Discipline: A Topic Modeling Approach

Information security continues to grow in importance in all aspects of society, and therefore evolves as a prevalent research area. The Information Systems (IS) discipline offers a unique perspective from which to move this stream of literature forward. Using a semi-automated thematic analysis approach based on the topic modeling technique, we review a broad range of information security literature to investigate how we might theorize about information security on a grander scale. Five themes resulted from our analysis: Software Security Decisions, Firm Security Strategy, Susceptibility, Information Security Policy Compliance, and Other Developing Themes. Implications of our findings and future research directions are discussed

Seven C’s of Information Security

The 1991 United States Federal Sentencing Guidelines for Organizations (updated in 2004) describes legal requirements for organizations’ ethical business procedures. We adapt this framework for the purpose of developing a high-level “Seven C’s” framework for ethically-responsible information security (InfoSec) procedures. Informed by the Resource Based View (RBV) of strategic management, we analyze case studies of two organizations to demonstrate the adapted guidelines’ applicability. Each organization has a well-established InfoSec program, yet each requires further development according to guidelines in our Seven C’s model. We discuss implications for InfoSec policies and standards

Bibliometric analysis of the regulatory compliance function within the banking sector

[EN] In today's global marketplace, banking organizations have greatly expanded the scope and complexity of their activities and face an ever changing and increasingly complex regulatory environment. Furthermore, due to the consumer credit crisis, several high profile compliance breakdowns, and increased emphasis on consumer protection, the federal and state regulatory agencies, investors, legislators, and the general public are focused on institutions' customer practices and regulatory compliance performance like never before. Moreover, a compliance failure can result in litigation, financial penalties, regulatory constraints, and reputational damage that can strategically affect an organization. Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business. This discipline has become more prominent in a variety of organizations and the trend has even led to the creation of corporate, chief and regulatory compliance officer positions to hire employees whose sole focus is to make sure the organization conforms to stringent, complex legal mandates. In this context, the aim of the present work is to provide with key notions regarding Regulatory Compliance applied to the banking industry, and the key guidelines in order to design and implement a compliance structure and methodology in a financial entity. A subsequent bibliometric analysis will be performed in order to obtain the main aggregated attributes of the existing literature related to banking regulatory compliance. This analysis will be based on the publications obtained from the bibliographic database Web of Science and will include the use of bibliometric tools such as BibExcel, designed to analyse bibliographic data, and Pajek, designed for visualization of large networks. The analysis will contain the most commonly used indicators to analyse the features of the set of documents studied, such as collaboration networks, keywords and co-wording, authorship and geolocation. Finally, an in-depth analysis of the literature that populates the bibliometric analysis will be the basis to detail the ifferent perspectives maintained by the authors publishing in this area. This analysis aims to gather significant conclusions about the treatment adopted towards Regulatory Compliance depending on the geographical area, existing regulation and other social factors.Ibáñez Zapata, A. (2017). BIBLIOMETRIC ANALYSIS OF THE REGULATORY COMPLIANCE FUNCTION WITHIN THE BANKING SECTOR. http://hdl.handle.net/10251/85952.Archivo delegad

The Double-Edged Sword of Health Data Breaches: A Comparison of Customer and Stock Price Perspectives on the Impact of Data Breaches of Response Strategies

Unauthorized access to personal health data, known as data breaches, causes multi-faceted adverse effects and damage. Companies are trying to counteract the impact on customer relationships through recovery strategies such as compensation. On the other hand, there is also a negative effect on the company's stock price. Here, the literature suggests an opposite effect of response strategies, but this has not been explored further until recently. Our study takes both perspectives into account and examines the impact of data breaches on the market valuation in the health sector through an event study. Our results show a controversial relationship: If companies offered compensation to their customers in response to a data breach, this had a negative effect on the company's stock price. Our paper discusses this finding and derives practical implications and lessons learned for response strategies in the case of recent data breaches in the health sector

Opportunities and Challenges in Healthcare Information Systems Research: Caring for Patients with Chronic Conditions

To prepare for the 2030 “baby-boomer challenge”, some governments have begun to implement healthcare reforms over the past two decades. These reforms have led healthcare information systems (HIS) to evolve into a major research area in our discipline. This research area has an increasing individual, organizational, and economic impact. Due to the 2030 “baby-boomer challenge”, the number of elderly individuals continues to increase, and they may have chronic illnesses, such as eye problems and Alzheimer’s disease. Given the practical need for HIS that support chronic care, we decided to conduct a literature synthesis and identify opportunities for HIS research. Specifically, we present the chronic care model and analyze how IS researchers have discussed HIS to address the needs of patients with chronic illness. Further, we identify research gaps and discuss the research topics on HIS that future work can extend and customize to support these patients. Our results stimulate and guide future research in the HIS area. This paper has the potential to strengthen the body of knowledge on HIS

The Professionalization of Hackers: A Content Analysis of 30 Years of Hacker Communication

Underground hacking has evolved from its early countercultural roots to become a complex and varied phenomenon. By combining a historical review of the literature with a content analysis of 30 years of underground hacker communication, we show that hacking has evolved in three waves to embrace learning and creativity, intrusion and crime, as well as politics and cyberwarfare. We uncover a paradoxical relationship between hackers and society at large where underground hacking is considered a digital crime while at the same time inspiring and driving corporate innovation, cybersecurity, and even cyberwarfare. The outcome of our research provides a nuanced picture of the hacker underground by highlighting differences between competing discursive themes across time. Moreover, by translating these themes into a set of six contrasting personas of IS professionals, we discuss how knowledge, technologies, and creative practices of underground hackers are being professionalized. We use this discussion to provide implications and a research agenda for IS studies in cybersecurity, innovation, and cyberwarfare

Legal regulation in empirical research in the Information Systems Basket of 8 Journals:a systematic literature review

Abstract. The core content of the paper lies in exploring how studies in information systems research address the topic of legal regulation. This study intends to fill the main gap in knowledge by aiming at the empirical studies within the basket of 8 journals that studies legal regulation. The results of this study provide perspectives on specific legal regulations, the research methodologies employed in empirical studies, and the theoretical foundations of the policy cycle stages to which these studies belong. This research identifies and presents a general overview of the trends in the information systems domain. This thesis utilizes a systematic literature review to discover, examine, and extract empirical studies relevant to legal regulation from a basket of eight journals. The data were obtained from the SCOPUS database, resulting in 351 studies. Through the inclusion/exclusion criteria, 33 primary studies were identified that were relevant to the focus of the study. These primary studies focused on various legal regulations and were subsequently classified into four themes: impact, implementation, compliance, and policies. These themes allow for the identification of trends and the scope of the primary studies that investigate legal regulations. Furthermore, these themes are further analyzed and classified into sub-categories to provide a more detailed analysis of the primary studies. The results of the study indicate that many primary studies within the empirical research follow qualitative research methodology. Among these primary studies, the legal regulations most frequently examined are from the United States. Several studies focus on regulations such as the Sarbanes-Oxley Act, High-Frequency Trading Act, and the Health Insurance Portability and Accountability Act. Following the United States, the study finds that primary studies also explore legal regulations in Europe, with a notable emphasis on the General Data Protection Regulation and the Markets in Financial Instruments Directive. However, the results also highlight that many primary studies belong to the implementation phase of the policy cycle stage, while none specifically focus on the problem identification stage. The findings of the study broaden the opportunity to investigate how legal regulation has been addressed in journals beyond the selected basket of eight. Additionally, since this paper focuses solely on empirical evidence, most primary studies relied on qualitative research methodologies. This suggests the potential for exploring other studies that utilize methodologies such as design science or theoretical analysis

Developing Strategies of Organizational Sustainability for Solo and Small Business Medical Practices

Recent trends point toward a decline in solo and small business medical practices, yet, the need and demand still exists for this model of health care. The purpose of this case study was to explore effective approaches to help physicians in solo practice and small medical group primary care practitioners (PCPs) retain their small business medical practices. The study included purposive sampling and face-to-face interviews: 11 physicians, predominately primary care practitioners, in the Baltimore-Washington metropolitan region, were interviewed until data saturation was reached. A component of systems theory (strategic thinking) and the dynamic capabilities concept were used to frame the study. Audio recordings were transcribed and analyzed to identify themes regarding effective competitive approaches to help small medical group physicians retain their practices. Four major themes emerged: need for flexibility and adaptability, need for higher levels of business acumen, need to fully embrace automation, and a focus on pursuing financial stability before pursuing growth and expansion of the medical practice. Results may benefit society by preserving and strengthening a source of patient-centered, effective, affordable health care for communities served by small business medical practices. Implications for social change include presenting methods to enhance stability and organizational sustainability of small business medical practices

A CASE STUDY OF INFORMATION SYSTEM SECURITY COMPLIANCE OF SMALL MEDICAL AND DENTAL PRACTICES

Small medical and dental practices must comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and Title XIII Health Information Technology for Economic and Clinical Health (HITECH) of the American Recovery and Reinvestment Act (ARRA) of 2009. The case study, utilizing interviews, observations, and existing documentation of two medical and the two dental practices, not only analyzed the compliance solution choices made involving procedures and technologies, but also analyzed the emotion aspects of fear of non-compliance, perceived confidence in compliance, and the primary and secondary appraisals of the compelled compliance. Although compliance is not an easy process, small medical and dental practices can discover a number of possible options and identify the best fit solution for their practice in the effort to affect compliance