Mitigating risk for graduates and potential employers: The moral imperative for students in delivering superior value for employers

By applying the conceptual model outlined in this paper, those charged with or concerned about graduate employability will find the transformation of a series of "employability" steps into a relevant and easy to communicate philosophy of Graduate Employability. Furthermore, the model affords the potential to generate a viable "added value" metric for employers applicable to assessing the impact of their graduate employee cohorts over non-graduate permanent staff

Socio-technical gambits that destroy cyber security & organisational resilience

This chapter summarises how an organisation (and key individuals within it) could be subject to smart targeting by cyber and other attacks - underpinned by re-conceptualising the ways in which decision-making by individuals and bureaucracies can be influenced or even directed. Beginning with a short summary of the author’s practical experience, the chapter then presents the notion of the choice architecture, followed by a dissection of some of the ways in which malign influence can be generated by or over decision-makers – underpinned by the author’s observation of such phenomena in the real world. The chapter concludes by arguing that organisations can and should accrue competitive advantage by recognising that their decision-making competences are vulnerable to the imaginative and determined adversary. The use of fast, frequent and cheap exercises to enhance scanning for threats placed (or placeable) within an organisation and to supplement the situational awareness, alertness and robust response of individuals and structures is recommended

Why we need to rethink email #NHSMail

The recent NHS ‘reply to all’ debacle is a great example of how the vital systems every business and organization relies on can be brought to heel by very basic human error. We all worry — rightly — about the risks of serious cyber attack by criminals or hostile states, but replying to all in email exchanges can in itself be both a major or a minor threat. In Monday’s event, The Register reported that “actual work emails were delayed by at least three hours at the time of writing, thanks to the huge volumes of traffic snarling up NHS.net servers”

Building Cultural Immunity to Fake News and Other Information

Written Evidence to the Digital, Culture, Media and Sport Committee Inquiry into ‘Fake news

Beyond simple human threats to cybersecurity : The need for strong proactive measures and resilient responses to cyber risk

This paper sets out an argument that cyber-security needs to be thought of as an inherently socio-technical challenge where people are the source both of the strongest threat and counter-measure. I draw on experience researching cyber- and information warfare and consulting on board and operational tests of responses to such attacks. I am also fortunate in being part of an energetic and unconventional cluster of theorists (the CORTEX group) looking at cyber and related risks from the viewpoint of being both practitioners and academics. Our belief is that many thinking about and working in cybersecurity suffer as a result of minimising the consideration of the human factor. Organisations which embrace a broader view of what cybersecurity is could enjoy a competitive advantage in terms of situational awareness, risk mitigation and crisis response denied to those who cleave to a technologically-weighted definition. This chapter sets out some ideas to stimulate debate – how can organisations evolve efficient and effective counter-measures to the human dimension of cyber-security

Towards cyber-resilient & sustainable SMES: the case study of added value from a large IT reseller

This chapter reports on and discusses an extensive interview conducted by the authors with the head of pre-sales at a hardware and software re-seller. The Pre-Sales division of the reseller provides advice based on end-to-end solution for IT infrastructure and technology management. Within the team there is expertise spanning a plethora of specifically defined technology areas to support end customers in the decision making process on their capital expenditure in IT equipment. Areas include Software licensing, Server infrastructure development, data storage and management, systems security, and networking infrastructure (and more). The business of being a re-seller may not initially strike the reader as being relevant to cybersecurity in general, and socio-technical matters at all, but we discovered the rather vital role that such an intermediary performs through their added value and corporate ethics. Specifically, this reseller’s team of customer service agents provide advice and referral to colleagues and end customers for subject-matter expertise as well, naturally, for opportunities to up-sell – specifically with that important core of any economy: Small and Medium-Sized Enterprises (hereafter SMEs) - usually defined as companies with up to 250 employees. In other words, the business both responds to requests for solutions from existing customers (pull) and actively engages with customers to grow awareness about, for example, security risks in order to sell products and services (push). The authors – drawing on a background of research in corporate resilience and SMEs (with a commercial background in the IT sector) were interested to learn from an individual with his finger very firmly on the pulse of SME cyber-security awareness, just what his view was on the general level of cyber-security awareness amongst SMEs and what his company offered in the way of assistance