Managing cyber risk in supply chains:A review and research agenda

Purpose: Despite growing research interest in cyber security, inter-firm based cyber risk studies are rare. Therefore, this study investigates cyber risk management in supply chain contexts. Methodology: Adapting a systematic literature review process, papers from interdisciplinary areas published between 1990 and 2017 were selected. Different typologies, developed for conducting descriptive and thematic analysis were established using data mining techniques to conduct a comprehensive, replicable and transparent review. Findings: The review identifies multiple future research directions for cyber security/resilience in supply chains. A conceptual model is developed, which indicates a strong link between IT, organisational and supply chain security systems. The human/behavioural elements within cyber security risk are found to be critical; however, behavioural risks have attracted less attention due to a perceived bias towards technical (data, application and network) risks. There is a need for raising risk awareness, standardised policies, collaborative strategies and empirical models for creating supply chain cyber-resilience. Research implications: Different type of cyber risks and their points of penetration, propagation levels, consequences and mitigation measures are identified. The conceptual model developed in this study drives an agenda for future research on supply chain cyber security/resilience. Practical implications: A multi-perspective, systematic study provides a holistic guide for practitioners in understanding cyber-physical systems. The cyber risk challenges and the mitigation strategies identified support supply chain managers in making informed decisions. Originality: This is the first systematic literature review on managing cyber risks in supply chains. The review defines supply chain cyber risk and develops a conceptual model for supply chain cyber security systems and an agenda for future studies

The safety and sustainability of mining at diverse scales: Placing health and safety at the core of responsibility

Mining plays a major role in meeting global resource demands with Europe hosting extensive mineral potential. However, few of these prospects are feasible for conventional exploitation due to their small size & ore grade, proximity to dense populations and tenement constraints. Hence, a significant paradigm shift towards switch-on, switch off small-scale mining (SOSO SSM) is needed in order to increase the viability of small, complex, high-grade deposits. The IMP@CT project developed mobile, modularised solutions to facilitate rapid deployment and in-situ extraction & processing, which necessitates the translation and extension of best practice safety and sustainability from established national regulations and industry standards. Despite decades of accumulated safety regulation, knowledge and experience, workplace errors and violations still lead to fatal accidents, particularly if immature safety attitudes and behaviours pervade an organisation. The presence of a mature safety culture is vital for mitigating the occurrence of injuries and fatalities, through a collective commitment to safety improvement. This study has aimed to consolidate safety and sustainability best practice that is tailored to SSM by identifying the critical safety considerations and applying safety culture maturity principles to the specific challenges associated with a semi-automated SOSO SSM system. Criteria-driven maturity modelling, informed by existing responsible mining initiatives and safety and socio-environmental culture perspectives from site personnel at all hierarchical levels, is developed to assess the environmental and social factors associated with small- to medium-scale regulated mining. The role of agile management for rapid adaptation and continuous improvement of safety and sustainability performance in SOSO SSM is discussed. This research has demonstrated that for SOSO SSM to effectively integrate a mature safety and socio-environmental culture within a flexible, containerised mining paradigm, managerial and technical agility, and human initiative must be encouraged to continuously drive progress in occupational health and safety and generate wider societal benefit

Bring Your Own Device (BYOD) adoption in South African SMEs

The advancement in technological development is now altering the conventional order in the diffusion of IT innovation from a top-down approach (organisation to employees) to a bottom-up approach (employees to organisation). This change is more notable in developed economies and has led to the Bring Your Own Device (BYOD) phenomenon which promises increased productivity for employees and their organisations. There have been several studies on the corporate adoption of BYOD but few have investigated the phenomenon from a small and medium enterprise (SME) perspective and from developing countries specifically. This study investigated the BYOD phenomenon in South African SMEs. The goal was to identify contextual factors influencing BYOD adoption with the purpose of understanding how these factors shaped and reshaped by SME actions. The Perceived EReadiness Model (PERM) was adopted to unearth contextual BYOD adoption factors, while the Structuration Theory was adopted as the theoretical lens from which the social construction of the BYOD phenomenon was understood. The study adopted an interpretive stance and was qualitative in nature. Data was collected from SMEs using semi-structured interviews, and analysed using a thematic analysis approach. The findings show that for BYOD to be adopted and institutionalized in an SME there needs to be organisational readiness in terms of awareness, management support, business resources, human resources, employees' pressure, formal governance, and technological readiness. Specifically, business resources, management support and technological readiness were perceived to be of the outmost importance to the success of BYOD. Environmental factors of market forces, support from industry, government readiness and the sociocultural factor are identified. Findings from the structuration analysis reports the presence of rules and resources (structures) which SMEs draw upon in their BYOD actions and interactions. It provides understanding on the guiding structures such as "no training" and "no formal governance" within which BYOD meanings are formed, and actions such as allowing employees to use their devices to access organisational resources without the fear of security breaches and data theft, are enacted. While it is true that the successive adoption of ICTs in organisation depends on the availability of a conducive formal policy, findings in the study show that SMEs used their business resources and management support as guiding structures of domination which were legitimized by internal informal verbal rules, lack of an institutional BYOD specific policy, minimal industry support; and the presences of social pressure

The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia

Conference Foreword The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Information Security Risk Management (ISRM) Model for Saudi Arabian Organisations

This research aimed to investigate the factors influencing information security risk management (ISRM) and develop an ISRM model for large Saudi Arabian organisations. The study employed an exploratory research method following a top-down design approach. The research was conducted in two sequential phases: an interview and a focus group discussion. The research identified 14 factors grouped into the people, process, and technology that influence ISRM in large Saudi Arabian organisations. The proposed model can successfully guide large Saudi Arabian organisations to implement ISRM standards more effectively

Using communication to mitigate the challenges of outsourced projects

Abstract: The multi-organisational mode of outsourcing projects increases the significance and complexity of project communication. Communication is essential for any organisation, offering the necessary structures within which people may successfully work together, make decisions and act to accomplish organisational goals. If project necessities are not communicated accurately, negative outcomes are frequently the result, proving detrimental to the organisation and the outsourced project. Literature review revealed ten common challenges to the outsourcing of projects, with mitigation strategies identified to minimise the impacts of such challenges. This study makes use of the case study research method and semi-structured interviews as the primary means of data collection. The method of analysis chosen for the study was the qualitative approach of thematic analysis. A cross-case analysis was done, similarities and variations were grouped together, and themes were identified based on participants’ responses. These were compared to the literature findings. It was found that six of the ten challenges were experienced in all three case studies. Four were unique to particular projects. The findings indicate that challenges affected project teams’ ability to communicate effectively, and that the identified mitigation strategies all included the component of communication, whether synchronous or asynchronous. With the achievement of the research objective, this study will contribute to the existing body of knowledge within the project management fraternity and within academia. Knowledge gained may be used by project management professionals and will, it is hoped, enhance the way projects are outsourced and managed in the engineering sector.M.Phil. (Engineering Management

Transboundary supply chain risk management: A consolidation of transboundary and supply chain risk management

Supply chains are becoming increasingly vulnerable to disruptions and face greater exposure from the dynamics of global interconnectivity. The growing complexities of modern societies have prompted renewed focus towards supply chain risk management (SCRM) research over the last decade. However, research related to transboundary risk issues has yet to be given substantial attention in recent years. Contributing to the developments in the field of SCRM, this thesis proposes an approach for managing global supply chain risk which modifies current SCRM processes to account for the dynamic nature of transboundary risks. This work extends current literary contributions and aims to compensate for the lack of transboundary risk focus in SCRM. Introducing the taxonomy of transboundary supply chain risk management (TSCRM), the present paper conceptualises a holistic integrative framework that incorporates resilience principles to adaptively manage the transboundary risk environment of global supply chains. In line with this framework, additional templates, tables, and a TSCRM planning process are proposed to facilitate the navigation through the TSCRM process, in particular the risk identification, and risk response selection and implementation phases