Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems

This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees\u27 behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization

Unstructured Data for Cybersecurity and Internal Control

This paper proposes a research framework for studying the connections--realized and potential--between unstructured data and cybersecurity and internal controls. In the framework, cybersecurity and internal control goals determine the tasks to be conducted. The task influences the types of unstructured data to be accessed and the types of analysis to be done, which in turn influences the outcomes that can be achieved. Patterns in unstructured data are relevant for cybersecurity and internal control, but unstructured data poses unique challenges for its analysis and management. This paper discusses some of these challenges including veracity, structuralizing, bias, and explainability

Challenge of mitigating bank frauds by judicious mix of technology: Experience of a developing country

Banks are the engines that drive the operations in the financial sector, money markets and growth of an economy. With the rapidly growing banking industry in India, frauds in banks are also increasing fast, and fraudsters have started using innovative methods. A questionnaire-based survey was conducted in 2013-14 among 345 bank employees to know their perception towards bank frauds, degree of their compliance level, and integration of technology to detect, control and prevent frauds. This study provides discussion of the attitudes, strategies, and the technology that bank specialists will need to combat frauds. Banks that can leverage advances in technology and analytics to improve fraud prevention will reduce their fraud losses. In 2015, the RBI introduced new mechanisms for banks to check loan frauds by taking pro-active steps by setting up a Central Fraud Registry, introduced the concept of Red Flagged Account, and Indian investigative agencies will soon start sharing their databases with banks

Towards Trusted Data Processing for Information and Intelligence Systems

Data is a valued asset and its security is essential for any enterprise and organization. This paper introduces Trusted Data Processing (TDP) and addresses three fundamental questions in TDP: 1) what are the essential requirements to achieve TDP? 2) what security mechanisms and safeguards are available to ensure TDP? 3) how to integrate TDP to practice? Based on the attacks targeting at data assets and their consequences, the requirements to achieve TDP, including data security, data privacy, accountability, transparency, distributed computing, and trusted elements, are identified. Available security mechanisms and safeguards to ensure TDP are discussed. This paper also summarizes the challenges to achieve TDP and provides a practical guidance to achieve TDP through the integration with NIST Cybersecurity Framework