Privatization and the Public Interest: The Need for Transparency and Accountability in Chicago's Public Asset Lease Deals

Examines the appeal and risks of infrastructure privatization and Chicago's history with privatization deals. Recommends public interest principles for future deals, rules and processes for vetting proposals, and a commitment to government transparency

Abstracts : policy research working paper series - numbers 2262-2299

This paper contains abstracts of Policy Research Working Paper series Numbers2262-2299.Health Monitoring&Evaluation,Health Economics&Finance,Environmental Economics&Policies,Governance Indicators,Achieving Shared Growth

Assessing SMEs’ cybersecurity organizational readiness: Findings from an Italian survey

The Small and Medium-sized Enterprises’ (SMEs) level of organizational cybersecurity readiness has been poorly investigated to date. Currently, all SMEs need to maintain an adequate level of cybersecurity to run their businesses, not only those wishing to fully exploit digitalization’s benefits. Unfortunately, due to their lack of resources, skills, and their low level of cyber awareness, SMEs often seem unprepared. It is essential that they address the digital threats that they face by using technology and complementary (and not alternative) factors, such as guidelines, formal policies, and training. All these elements trigger development processes regarding skills, awareness, the organizational cybersecurity culture, and the organizational resilience. This paper describes Italy’s first multidisciplinary attempt to assess its SMEs’ overall cybersecurity readiness level. We used a survey as its initial quantitative assessment approach, although SMEs can also use it as a cyber self-assessment tool, which prepares them better to navigate the digital ecosystem. Thereafter, we held semi-structured interviews to explore the critical points that had emerged from the study’s first phase. The overall results show that SMEs have not yet achieved high levels of organizational readiness. SMEs are currently starting to set the stage for their organizational cyber readiness and will, therefore, have to take many more proactive steps to address their cyber challenges

Computer Network Security- The Challenges of Securing a Computer Network

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies

The risk reporting : evidence from Portuguese Companies

Financial Reporting and disclosure are potentially important measures for managers to disclose firm performance and governance to external investors. Nowadays, markets are globalized and that drives to an easier growth expansion by companies. However, this globalization meant an increase of competition and the creation of new laws by governments. On the other hand, external investors demand more information about firms. Due to the corporate failures that have occurred in the past, the confidence was broken between insiders and outsiders. Consequently, there is a need by companies to disclose more information in order to improve their image and to become more transparent. Moreover, the impacts may arise on the financial side by decreasing the cost of capital and monitoring costs. Therefore, the topic of Risk reporting and control has been receiving much attention and it is probably one of the main Risk topics that will be potentially discussed in the future. This study, examines the association between several independent variables and a single dependent variable. It was concluded that some of our independent variables namely the capital structure, the profitability and market capitalization are not associated with risks’ disclosure among the PSI-20 companies’ Index. Contrary to the previous results, we verified the Total Assets, Coverage ratio (measures the extension of risk communication), and a specific industry or event may have positive and significant relationship with the dependent variable of this study. On the second part of this study it was provided evidence about the managers’ perspectives regarding this Risk Reporting topic. Evidence is shown that managers want to allocate more resources in the future in the areas of Risk Reporting. However, it was concluded that the gap of information existent between external investors and managers will persist because those managers want to keep their level of voluntary risk disclosure. Although they have not attributed much importance to this important topic of information asymmetry (they could reduce the gap by sending information to markets), they want to help investors on their processes of investments’ decision making with the lowest possible information disclosed.O Relato Financeiro e a sua divulgação são temas realmente importantes que os gestores devem ter em consideração na divulgação de informação para investidores externos. Hoje em dia, a globalização dos mercados levou a uma expansão mais acentuada do crescimento por parte das empresas. No entanto, esta globalização significou um aumento da competição nos mercados, a criação de novas leis por parte dos governos. Por outro lado, os investidores externos exigem mais informações sobre as empresas. Devido a falências de importantes empresas que ocorreu no passado, a confiança foi quebrada entre os investidores e gestores. Consequentemente, há uma necessidade por parte das empresas em divulgar mais informação a fim de melhorar a sua imagem e tornarem-se mais transparentes. Esses impactos podem verificar-se no lado financeiro da empresa pois com esse aumento de informação estas poderão reduzir os seus custo de capitais e custos de monitorização. Assim sendo, o tema da comunicação de riscos e seu controlo tem recebido muita atenção e será provavelmente, um dos principais temas de risco que serão potencialmente discutidos no futuro. Este estudo, que analisa a associação entre as diversas variáveis independentes e uma única variável dependente. Através deste estudo concluiu-se que a estrutura de capital, a rentabilidade e capitalização de mercado não estão associados à divulgação de riscos por parte das empresas do PSI-20. Contrariamente ao resultado anterior, verificou-se que o Total do Ativo, o Índice de cobertura (mede a extensão da comunicação do risco), e uma determinada indústria específica ou evento podem ter uma relação positiva e significativa com a variável dependente deste estudo. A segunda parte desta dissertação fornece evidências sobre as perspectivas dos gestores em relação ao tema da comunicação do risco. Foi possível verificar que os gestores querem alocar mais recursos no futuro nas áreas de Relato de risco. No entanto, conclui-se que a lacuna de informação existente entre estes e investidores irá manter-se dado que os gestores querem manter o seu nível de divulgação de risco voluntário no futuro. Embora os managers não terem atribuído grande importância ao tema da assimetria de informação (gestores poderiam reduzir esta lacuna enviando informação para os mercados), estes querem ajudar os investidores nos seus processos de tomada de decisão em relação aos seus investimentos divulgando o mínimo de informação possível

Prudential regulation and banking supervision : building an institutional framework for Banks

Economic deregulation and financial liberalization are important for a country to develop a viable and robust financial system. But deregulation will remove the protections previously afforded the banking system. Increased competition, a changing price structure, new market entrants and other factors will increase the risks banks assume and the instability of the financial system. So, the government's goal to ensure the stability of the financial system is of paramount importance. Prudential regulation and supervision are designed to remove or lessen the threat of systemic instability. In addition, the safety and soundness of the banking system must be supported by an adequate legal framework governing a bank's contractual relationship with its customers. Satisfactory accounting and auditing standards are also crucial to ensure that financial statements reflect each financial institution's condition. Different countries have adopted different models of bank regulation and supervision. Organizational approaches also vary from country to country. However, no model will be effective if significant political interference is permitted. The primary line of defense against banking insolvency and financial system distress is the quality of management within the banks themselves. Therefore, efforts to strengthen the financial system must also focus on strengthening management through a process of institutional development.Banks&Banking Reform,Financial Intermediation,Financial Crisis Management&Restructuring,Banking Law,Environmental Economics&Policies

Defense for Advanced Persistent Threat with Inadvertent or Malicious Insider Threats

In this paper, we propose a game-theoretical framework to investigate advanced persistent threat problems with two types of insider threats: malicious and inadvertent. Within this framework, a unified three-player game is established and Nash equilibria are obtained in response to different insiders. By analyzing Nash equilibria, we provide quantitative solutions to the advanced persistent threat problems with insider threats. Furthermore, optimal defense strategy and defender's cost comparisons between two insider threats have been performed. The findings suggest that the defender should employ more active defense strategies against inadvertent insider threats than against malicious insider threats, despite the fact that malicious insider threats cost the defender more. Our theoretical analysis is validated by numerical results, including an additional examination of the conditions of the risky strategies adopted by different insiders. This may help the defender in determining monitoring intensities and defensive strategies

Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems

This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees\u27 behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization