Navigating within the Digitalization Journey: Results and Implications of the First Maturity Assessment of German Public Health Agencies

The Covid 19 pandemic revealed the need for Public Health Agencies to mature digitally. To help those agencies with their digitalization endeavor, a public health agency maturity model (PHAMM) has been developed, evaluated, and employed by 366 institutions to determine their digital maturity and to prior-itize actions within digitalization projects. This paper discusses the digital ma-turity of German public health institutions and derives first insights into compo-nents spanning the PHAMM dimensions. Public health agencies can use these components to leverage their digital maturity in future digitalization projects. Im-plications are discussed for how digitalization projects with an enhanced impact can be defined and for future maturity modeling research

Cybersecurity Issues and Practices in Cloud Context: A comparison amongst Micro, Small and Medium Enterprises

The advancement and the proliferation of information systems among enterprises have given rise to cybersecurity. Cybersecurity practices provide a set of techniques and procedures to protect the systems, networks, programs and data from attack, damage, or unauthorised access (ACSC 2020). Such cybersecurity practices vary and are applied differently to different types of enterprises. The purpose of this research is to compare the critical cybersecurity threats and practices in the cloud context among micro, small, and medium enterprises. By conducting a survey among 289 micro, small and medium-sized enterprises in Australia, this study highlights the significant differences in their cloud security practices. It also concludes that future studies that focus on cybersecurity issues and practices in the context of cloud computing should pay attention to these differences

An Evaluation of Security Governance Model in Organizational Information Technology or Information Systems Security Implementation

The study was aimed to investigate the security governance model in organizational IT security implementation. A triangulate design has been applied to data collection from three sources websites, interviews, and survey. Automatic security measures controls have been adopted to minimize and control the human actions and the correspondence with the system. Important elements depicted from the findings include directing and monitoring actions within the IS/IT security. The IS/IT security governance model of the inter relationship among the three components of the Formal, Technical and the Informal are important to achieve the good practices of IS/IT security. The educational concept may also increase the organisational and the employee values. The study has affirmed positive prevalence of the trend that most of the companies are now considering to implement IT/IS security models for protected data

Cybersecurity Issues and Practices in a Cloud Context: A Comparison Amongst Micro, Small and Medium Enterprises

The advancement and the proliferation of information systems among enterprises have given rise to understanding cybersecurity. Cybersecurity practices provide a set of techniques and procedures to protect the systems, networks, programs and data from attack, damage, or unauthorised access. Such cybersecurity practices vary and are applied differently to different types of enterprises. The purpose of this research is to compare the critical cybersecurity threats and practices in the cloud context among micro, small, and medium enterprises. By conducting a survey among 289 micro, small and medium sized enterprises in Australia, this study highlights the significant differences in their cloud security practices. It also concludes that future studies that focus on cybersecurity issues and practices in the context of cloud computing should pay attention to these differences

Information Security Assessment of the Norwegian SMB-Sector: A Study of Culture, Leadership and Cost

The aim of this study was to contribute to the understanding of information security practices and challenges in small and medium-sized businesses in Norway. The research focuses on organizational culture and leadership practices related to information security. Additionally, the study has been interested in mapping the number of security incidents, as well as their associated costs. The study collected a fresh set of data by conducting a survey of 236 small and medium-sized businesses across various industries and between the 11 Norwegian counties. The findings reveal that a significant number of Norwegian SMBs have experienced information security incidents over the past four years. While some incidents were severe and resulted in substantial costs, the median cost of incidents was found to be moderate and manageable for most businesses. However, it is emphasized that businesses should constantly raise their security levels to prepare for worst- case scenarios. Furthermore, the study highlights the role of cyber insurance in protecting businesses against data breaches. Approximately one out of every six participants reported that their organization had purchased cyber insurance and the findings show an increased likelihood to invest in such coverage for organizations that had experienced data breaches. This may indicate that the organizations recognize the importance of increasing security measures following a security incident. Interestingly, the research does not find a statistically significant relationship between the “Culture Security Level” and the probability or cost of incidents. The study acknowledges limitations in the methodology used to assess the “Culture Security Level” and highlights the need for further research. Based on the findings, it is concluded that the Norwegian SMB sector on average does not possess sufficient security measures to mitigate information security risk adequately. Overall, this thesis provides valuable insight into the information security landscape of Norwegian SMBs, highlights the challenges and offers recommendations for improving security practices

Design of a Security Toolbox: A Framework To Mitigate The Risks of Cyberspace

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementThis research aims to create a framework that helps SMEs mitigate the various risks of cyberspace. In this digital era, the dangers of cyberspace are increasing, which leads to the need for organizations to adopt adequate security measures capable of preventing cyberattacks. However, a large number of employees in SMEs do not know how to act to mitigate the risks already mentioned. Thus, the development of a security toolbox could be a solution to help SMEs be less exposed to the dangers of cyberspace. For this research, a theoretical overview associated with cybersecurity to understand the current state of security solutions and the different control options in the organizational environment was essential. Last but not least, a clear understanding of the SMEs needs, in the area of security, was also crucial in the development and construction of the proposed artifact. To evaluate and validate the security toolbox, focus group meetings will be scheduled. The implementation of a security toolbox that helps SMEs to identify, protect, respond and recover from potential cyberattacks, may be relevant and can provide great results for different organizational environments to mitigate the risks of cyberspace. The suggested framework would play an important role, to the users of the security Toolbox to get more know-how to protect the business environment. Also, may be seen as a vantage to the science since will help to develop the research related to improving the techniques and tools disposal to mitigate the high risks of cyberspace

Respite for SMEs: a systematic review of socio-technical cybersecurity metrics

Featured Application The results of this work will be incorporated in an application for SMEs in Europe, which aims to improve cybersecurity awareness and resilience, as part of the EU Horizon 2020 GEIGER project. Cybersecurity threats are on the rise, and small- and medium-sized enterprises (SMEs) struggle to cope with these developments. To combat threats, SMEs must first be willing and able to assess their cybersecurity posture. Cybersecurity risk assessment, generally performed with the help of metrics, provides the basis for an adequate defense. Significant challenges remain, however, especially in the complex socio-technical setting of SMEs. Seemingly basic questions, such as how to aggregate metrics and ensure solution adaptability, are still open to debate. Aggregation and adaptability are vital topics to SMEs, as they require the assimilation of metrics into an actionable advice adapted to their situation and needs. To address these issues, we systematically review socio-technical cybersecurity metric research in this paper. We analyse aggregation and adaptability considerations and investigate how current findings apply to the SME situation. To ensure that we provide valuable insights to researchers and practitioners, we integrate our results in a novel socio-technical cybersecurity framework geared towards the needs of SMEs. Our framework allowed us to determine a glaring need for intuitive, threat-based cybersecurity risk assessment approaches for the least digitally mature SMEs. In the future, we hope our framework will help to offer SMEs some deserved respite by guiding the design of suitable cybersecurity assessment solutions.Prevention, Population and Disease management (PrePoD)Public Health and primary car

Designing a Thrifty Approach for SME Business Continuity: Practices for Transparency of the Design Process

Business continuity (BC) management is an organizational approach to preparing information systems (IS) for incidents, but such approaches are uncommon among small and medium-sized enterprises (SMEs). Past research has indicated a gap in approaches that are designed for SMEs since BC management approaches tend to originate from larger organizations and SMEs lack the resources to implement them. To fill this gap, and to respond to a practical need by an IT consultancy company, we employed design science research (DSR) to develop a BC approach for SMEs coined as the thrifty BC management approach. Jointly with the company’s practitioners, we developed a set of meta-requirements for BC approaches for SMEs anchored in prior BC literature, practitioners’ practical expertise, and the theories of collective mindfulness and sociotechnical systems. We evaluated our thrifty BC management approach with multiple SMEs. These evaluations suggest that the designed approach mostly meets the defined meta-requirements. Moreover, the evaluations offered ample opportunities for learning. The design process, unfolding in a real-world setting, was precarious, rife with contingencies and ad hoc decisions. To render the design process transparent, we adapted four writing conventions from the confessional research genre familiar to ethnographic research but novel to DSR. We offer a threefold contribution. First, we contribute to SMEs’ BC with meta-requirements and their instantiation in a new BC approach (artifact); second, we contribute with four practices of confessional writing for transparency of DSR research; and third, we contribute with reflections on our theoretical learning from throughout the design process

Designing a Thrifty Approach for SME Business Continuity: Practices for Transparency of the Design Process

Business continuity (BC) management is an organizational approach to preparing information systems (IS) for incidents, but such approaches are uncommon among small and medium-sized enterprises (SMEs). Past research has indicated a gap in approaches that are designed for SMEs since BC management approaches tend to originate from larger organizations and SMEs lack the resources to implement them. To fill this gap, and to respond to a practical need by an IT consultancy company, we employed design science research (DSR) to develop a BC approach for SMEs coined as the thrifty BC management approach. Jointly with the company’s practitioners, we developed a set of meta-requirements for BC approaches for SMEs anchored in prior BC literature, practitioners’ practical expertise, and the theories of collective mindfulness and sociotechnical systems. We evaluated our thrifty BC management approach with multiple SMEs. These evaluations suggest that the designed approach mostly meets the defined meta-requirements. Moreover, the evaluations offered ample opportunities for learning. The design process, unfolding in a real-world setting, was precarious, rife with contingencies and ad hoc decisions. To render the design process transparent, we adapted four writing conventions from the confessional research genre familiar to ethnographic research but novel to DSR. We offer a threefold contribution. First, we contribute to SMEs’ BC with meta-requirements and their instantiation in a new BC approach (artifact); second, we contribute with four practices of confessional writing for transparency of DSR research; and third, we contribute with reflections on our theoretical learning from throughout the design process.</p