Knowledge and Skills Needed to Craft Successful Cybersecurity Strategies

Daily advancing technologies and next-generation networks are creating entirely dierent digital environments for people, organizations, and governments within the next several years. Because cybersecurity provision in such environments involves many actors and must overcome many evolving threats and challenges, strategies must be responsive and multi-pronged. Development and execution of suficiently savvy strategies to face the complex problems in this context necessitate identification of all the actors and operations that aect, directly or indirectly, on the cybersecurity of the digital ecosystems. In this study, we seek to provoke thinking about how actors and stakeholders could get better at crafting successful cybersecurity strategies, and identify and integrate specic types of skills required to formulation these strategies taking into account where decisions are actually made. This work provides an insight into cybersecurity education, calibrating and differentiating knowledge and skills to make the right demands on the right actors who have the authority and responsiveness to introduce change from multiple entry points. This enables practitioners to adopt more hands-on approaches that can be helpful to improve transparency, accountability and collaboration across levels of a socio-technical system

A literacia digital e a cibersegurança: contributos para o estudo dos comportamentos ciberseguros

Os utilizadores do Mundo Digital podem ter diferentes comportamentos no uso da internet como, também, no próprio dispositivo que o liga a esse Mundo. Esses comportamentos podem não ser os mais corretos e seguros, tendo, por consequência, repercussões na experiência do utilizador, como por exemplo, ver o seu sistema de informação pessoal ou o seu dispositivo eletrónico alvo de um cibercrime. Este tema tem vindo a ser explorado em diversas áreas científicas como a Ciência da Informação, a Gestão de Sistemas de Informação e, até mesmo, a Gestão e Curadoria de Informação. Esta dissertação nasce pelo interesse em dar um contributo para o estudo dos comportamentos ciberseguros na Região Autónoma dos Açores, visto que o nível de literacia digital das pessoas desta região encontra-se abaixo do nível nacional. A questão de investigação deste estudo visa perceber qual o impacto da literacia digital e da cibersegurança na Região Autónoma dos Açores. Pretende-se assim, estudar as competências, habilidades e atitudes dos açorianos, tanto no meio digital como na sua segurança em concreto. A metodologia aplicada neste estudo tem por base uma abordagem metodológica mista, aplicando um método quantitativo e um método qualitativo. O primeiro, é um estudo empírico através de um inquérito online a indivíduos residentes nos Açores, sendo que, posteriormente, é aplicada a metodologia de grupo focal, reunindo 5 pessoas de perfis semelhantes com o fim de perceber, numa forma de debate, opiniões, ideias e experiências sobre várias questões relacionadas com a literacia digital e cibersegurança e possíveis soluções para as gerações futuras. As conclusões apontam para a inexistência de capacidade crítica sobre a informação que é retirada da internet, expondo assim um grande risco de transmissão da informação falsa, vírus ou fraudes e criação de conhecimento inválido, tornando necessário um reforço dos comportamentos ciberseguros por parte dos açorianos. A capacidade de proteção da identidade digital dos açorianos é ainda deficiente, pelo que se recomenda a criação de estratégias regionais através do Plano Nacional de Leitura e o Centro Nacional de Cibersegurança, a valorização dos clubes de informática públicos e a aplicação dos videojogos em contextos escolares ou em outros contextos pedagógicos. Espera-se ter contribuído para um maior entendimento sobre este tema, possibilitando o desenvolvimento de melhores políticas públicas a aplicar na região.Users of the Digital World may have different behaviors in the use of the Internet, as well as on the device that connects it to that World. Such behavior may not be the most correct and secure, resulting in repercussions on the user experience, such as seeing your personal information system or your electronic device that is the target of a cybercrime. This theme has been explored in several scientific areas such as Information Science, Information Systems Management and even Information Management and Curation. This dissertation is born out of interest in contributing to the study of cyber-insurance behaviors in the Autonomous Region of the Azores, since the level of digital literacy of people in this region is below the national level. The research question of this study aims to understand the impact of digital literacy and cybersecurity in the Autonomous Region of the Azores. Thus, it is intended to study the competences, skills, and attitudes of the Azoreans, both in the digital environment and in their specific security. The methodology applied in this study is based on a mixed methodological approach, applying a quantitative method and a qualitative method. The first is an empirical study through an online survey of individuals residing in the Azores, and subsequently, the focus group methodology is applied, bringing together 5 people from similar profiles to understand, in a form of debate, opinions, ideas and experiences on various issues related to digital literacy and cybersecurity and possible solutions for future generations. The conclusions of the study point to the lack of critical capacity on the information that is taken from the Internet, thus exposing a great risk of transmission of false information, viruses or fraud and creation of invalid knowledge, making it necessary to reinforce cyber-safe behaviors on the part of the Azoreans. The ability to protect the digital identity of Azoreans is still deficient, so it is recommended the creation of regional strategies through the National Reading Plan and the National Cybersecurity Center, the valorization of public computer clubs and the application of video games in school contexts or in other pedagogical contexts. It is expected to have contributed to a greater understanding on this topic, enabling the development of better public policies to be applied in the region

Social Preferences in Decision Making Under Cybersecurity Risks and Uncertainties

The most costly cybersecurity incidents for organizations result from the failures of their third parties. This means that organizations should not only invest in their own protection and cybersecurity measures, but also pay attention to that of their business and operational partners. While economic impact and real extent of third parties cybersecurity risks is hard to quantify, decision makers inevitably compare their decisions with other entities in their network. This paper presents a theoretically derived model to analyze the impact of social preferences and other factors on the willingness to cooperate in third party ecosystems. We hypothesize that willingness to cooperate among the organizations in the context of cybersecurity increases following the experience of cybersecurity attacks and increased perceived cybersecurity risks. The effects are mediated by perceived cybersecurity value and moderated by social preferences. These hypotheses are tested using a variance-based structural equation modeling analysis based on feedback from a sample of Norwegian organizations. Our empirical results confirm the strong positive impact of social preferences and cybersecurity attack experience on the willingness to cooperate, and support the reciprocal behavior of cybersecurity decision makers. We further show that more perception of cybersecurity risk and value deter the decision makers to cooperate with other organizations