Qualitative Factors in Organizational Cyber Resilience

Cyber resilience moves organizations away from efforts to guarantee security of all systems, towards an approach that acknowledges that systems are bound to fail with a focus instead on the impact of that failure on business objectives. While the work on cyber resilience is evolving, there is a lack of studies using qualitative data for investigating the concepts and themes pertaining to cyber resilience in organizations. The purpose of this study is to uncover the non-technical organizational factors that contribute to better cyber resilience. By adopting a qualitative approach of analyzing factors of organizational resilience, this paper uses primary data collected through 25 interviews at senior leadership or board-level to point out the extent to which these factors facilitate or impede cyber resilience. The study illustrates a Leximancer map of each factor that characterizes organizational cyber resilience, based on insights from cyber practitioner communities through narrative interviews. This research contributes to a better theoretical and practical understanding of how cyber resilience within organizations can be improved. The findings show that cyber strategy and skilled people playa key role in adoption of cyber culture at the management level, while communication between boards and security leadership as well as a clear reporting structure are signals for building cyber resilience

Is the responsibilization of the cyber security risk reasonable and judicious?

Cyber criminals appear to be plying their trade without much hindrance. Home computer users are particularly vulnerable to attack by an increasingly sophisticated and globally dispersed hacker group. The smartphone era has exacerbated the situation, offering hackers even more attack surfaces to exploit. It might not be entirely coincidental that cyber crime has mushroomed in parallel with governments pursuing a neoliberalist agenda. This agenda has a strong drive towards individualizing risk i.e. advising citizens how to take care of themselves, and then leaving them to face the consequences if they choose not to follow the advice. In effect, citizens are “responsibilized .” Whereas responsibilization is effective for some risks, the responsibilization of cyber security is, we believe, contributing to the global success of cyber attacks. There is, consequently, a case to be made for governments taking a more active role than the mere provision of advice, which is the case in many countries. We conclude with a concrete proposal for a risk regulation regime that would more effectively mitigate and ameliorate cyber risk

Governing in the Anthropocene: are there cyber-systemic antidotes to the malaise of modern governance?

The Anthropocene imposes new challenges for governments, demanding capabilities for dealing with complexity and uncertainty. In this paper we examine how effective governing of social-biophysical dynamics is constrained by current processes and systems of government. Framing choices and structural determinants combine to create governance deficits in multiple domains, particularly in relation to the governing of complex larger-scale social – biophysical systems. Attempts to build capability for governing ‘wicked problems’ are relevant to sustainability science and Anthropocene governance, but these have mostly failed to become institutionalised. Two cases studies are reported to elucidate how the systemic dynamics of governing operate and fail in relation to espoused purpose. In the UK attempts to enact ‘joined-up’ government’ during the years of New Labour government reveal systemic flaws and consistent praxis failures. From Australia we report on water governance reforms with implications for a wide range of complex policy issues. We conclude that innovations are needed to build capacity for governing the unfolding surprises and inherent uncertainties of the Anthropocene. These include institutionalising, or structural incorporation, of cyber-systemic thinking/practices that can also enhance empowerment and creativity that underpins sustainability science

Dynamic cyber-incident response

Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profi t or non-commercial purposes is granted providing that copies bear this notice and a full citation on the first page. Any other reproduction or transmission requires prior written permission by NATO CCD COE.Traditional cyber-incident response models have not changed significantly since the early days of the Computer Incident Response with even the most recent incident response life cycle model advocated by the US National Institute of Standards and Technology (Cichonski, Millar, Grance, & Scarfone, 2012) bearing a striking resemblance to the models proposed by early leaders in the field e.g. Carnegie-Mellon University (West-Brown, et al., 2003) and the SANS Institute (Northcutt, 2003). Whilst serving the purpose of producing coherent and effective response plans, these models appear to be created from the perspectives of Computer Security professionals with no referenced academic grounding. They attempt to defend against, halt and recover from a cyber-attack as quickly as possible. However, other actors inside an organisation may have priorities which conflict with these traditional approaches and may ultimately better serve the longer-term goals and objectives of an organisation

Solutions to Detect and Analyze Online Radicalization : A Survey

Online Radicalization (also called Cyber-Terrorism or Extremism or Cyber-Racism or Cyber- Hate) is widespread and has become a major and growing concern to the society, governments and law enforcement agencies around the world. Research shows that various platforms on the Internet (low barrier to publish content, allows anonymity, provides exposure to millions of users and a potential of a very quick and widespread diffusion of message) such as YouTube (a popular video sharing website), Twitter (an online micro-blogging service), Facebook (a popular social networking website), online discussion forums and blogosphere are being misused for malicious intent. Such platforms are being used to form hate groups, racist communities, spread extremist agenda, incite anger or violence, promote radicalization, recruit members and create virtual organi- zations and communities. Automatic detection of online radicalization is a technically challenging problem because of the vast amount of the data, unstructured and noisy user-generated content, dynamically changing content and adversary behavior. There are several solutions proposed in the literature aiming to combat and counter cyber-hate and cyber-extremism. In this survey, we review solutions to detect and analyze online radicalization. We review 40 papers published at 12 venues from June 2003 to November 2011. We present a novel classification scheme to classify these papers. We analyze these techniques, perform trend analysis, discuss limitations of existing techniques and find out research gaps

Addressing the cyber safety challenge: from risk to resilience

Addressing the cyber safety challenge: from risk to resilience describes the cyber safety issues emerging from a range of technology trends, how different populations are using technologies and the risks they face, and how we can effectively respond to each group’s unique cyber safety needs. Written by the University of Western Sydney for Telstra Corporation Ltd, the report advocates for continuing to move cyber safety from a ‘risk and protection’ framework to one that focuses on building digital resilience, as well as fostering trust and confidence in the online environment. To do this we need to: Address the needs of populations often neglected by current policies and programs – including adults, seniors, parents, and small to medium enterprises Continue to build the digital literacy skills of all populations, because digital literacy strongly influences users’ ability to engage safely online – this is best achieved by a hands-on learning approach Keep risk in perspective – the risks and benefits of digital participation go hand in hand Broaden the focus from awareness-raising to long-term behaviour change. As digital technologies become further integrated into the everyday lives of Australians, users are potentially exposed to greater risks. However, the risks and benefits of digital participation go hand in hand. The challenge, therefore, is to support users to minimise the risks without limiting their digital participation and their capacity to derive the full benefits of connectivity. If Australians are to benefit as either consumers or providers of online services and products in the e-commerce environment, consumer safety and trust need to be improved. Cyber safety needs to be considered against a transforming backdrop of technology trends, products and practices. While the rise of social media has tended to dominate recent debate and developments in cyber safety, particularly in relation to young people, a range of other trends is also shaping how users engage online, the risks they potentially face in the new media landscape, and the strategies used to address them. These trends include the rise of user generated content and content sharing platforms; the uptake of mobile technologies and, in particular, the adoption of smartphones; cloud computing; platform integration and single sign-on mechanisms; and the rise of GPS and location based services

Native advertising : attitudes, value and purchase intention

textNative-form advertising in the digital space can most easily be defined as promotional content constructed to mimic the form and structure of the website that it is embedded on. With the rise of user generated content and social media, digital native advertising is fast becoming a popular promotional tactic for brands looking to engage with an online audience. This study examines whether this form of advertising significantly impacts consumer attitudes towards the ad, value of the ad and purchase intention of the promoted product across three product categories. Although not significant, results suggest that native advertising positively impacts entertainment- and lifestyle-based products, while information-based service industries, including cyber security, saw a negative reaction from respondents. That said, product category did influence attitude toward the ad and ad value regardless of the ad type. Moreover, a strong positive correlation between product involvement and purchase intention was found, indicating the need to target specific audiences with online native advertising.Advertisin

IT affordances and reconciling alternative modes of evidence giving in cyberinfrastructure: the case of Climate Change Research

This qualitative study was conducted to examine how multi-disciplinary environmental science teams utilize cyber-infrastructure to generate and assess evidence as part of their boundary spanning research. We find that this interdisciplinary research is difficult due to the divergent institutional logics of the team members (represented by the tenets of their communities of practices, dominant epistemological frameworks and dispositions towards data) which force researchers to synthesize incommensurate forms of data and warrants into their scientific arguments. We examine how the affordances enacted in the cyber-infrastructure enabled one environmental science team to ameliorate these challenges. This study contributes to the nascent literature on the new forms of evidence giving within scientific fields by building a theoretical framework to account for how affordances enacted within cyber-infrastructure can assist researchers as they negotiate the conflicting institutional logics associated with diverse fields. We conclude by discussing how these issues impact the effectiveness of interdisciplinary inquir