Board Level Balanced Scorecard for Cyber Resilience

Boards of Directors (BODs) have a unique role in managing cybersecurity: they provide oversight to operational and strategic decisions while executing a fiduciary responsibility to manage cyber-risk. Since organizations cannot count on 100% protection, BODs must ensure their organizations are cyber-resilient, and can recover quickly from cyber incidents. But BOD reporting mechanisms are inadequate for this role. Most of the reporting to BODs are on operational metrics around protection, not cyber-resilience and the business at risk from a cyber incident. This paper suggests a balanced scorecard for cyber resilience (BSCR) for BODs. This theory-building research was informed by surveys and focus groups of cybersecurity leaders and board members. The BSCR gives business context-based insights and metrics on the biggest risks to cybersecurity resilience faced by their organization, and the investments their operational managers have made to mitigate the impact of these risks. Armed with the BSCR, BODs have the information they need for meaningful discussions and evaluation of their organization’s cyber-resiliency

Panel 7 Paradoxes in Alternative Work Arrangements

This panel will present and debate various paradoxes surrounding the implementation of Alternative Work Arrangements (AWA). AWA includes such topics as telecommuting, remote work, telecenters, and other conceptions of the virtual office. This is an especially relevant topic to the ICIS theme, Networking and Electronic Communities, because the nature of alternative work arrangements requires organizations to rethink the fundamental ways individuals in their communities work, both alone and in groups. The AWA perspective assumes that technologies will not eliminate jobs, but will facilitate the transformation of traditional work arrangements by allowing flexibility in “when” and “where” work is done. The impact on the nature of work, workers, work groups, businesses and home life are all relevant to a debate about AWA

What Technical and Professional Skills are Needed for Cybersecurity Roles?

The Cybersecurity Skills Survey was designed to respond to the high-demand for cybersecurity professionals, noted by the findings of SIM (Society for Information Management) IT Trends and Issues Study (2017, 2018, 2019, 2020, 2021). The findings of the IT Trends and Issues Study are based upon input from over 1,000 IT leaders representing 37 SIM Chapters. The goals of the cybersecurity skills survey were to identify: (1) What technical skills are needed for entry-level professionals in cybersecurity jobs? (2) What professional skills are needed for entry level professionals in cybersecurity jobs? (3) What technical skills are needed for early-career professionals in cybersecurity jobs? and (4) What professional skills are needed for early-career professionals in cybersecurity jobs? The survey findings provide key insights into in-demand skills and “difficult-to-find” competencies. This paper reports on 99 responses captured from IT leaders representing the SIM Chapters in St. Louis, Austin, Milwaukee, and Phoenix

A virtuális iroda és sikerességének feltételei

Ahhoz, hogy a virtuális iroda sikeres legyen, egészen újfajta megközelítést kell alkalmazni a dolgozók kiértékelésében, oktatásában, szervezésében és tájékoztatásában

For What Technology Can’t Fix: Building a Model of Organizational Cybersecurity Culture

Organizational cybersecurity requires more than just the latest technology. To secure an organization, all members of the organization must act to reduce risk. Leaders have a special responsibility to understand, shape and align the beliefs, values, and attitudes of the entire organization with overall security goals. Managers need practical solutions for dealing with the human side of cybersecurity. The model presented in this paper describes organizational cybersecurity culture, the factors that contribute to its creation, and how it can be measured. A case study of a “culture of data protection” created by leaders at financial services firm Liberty Mutual illustrates these factors to help managers understand and apply recommendations to create a more mature cyber security culture in their organization

A Culture of Cybersecurity at Banca Popolare di Sondrio

Today, cybersecurity is no longer just a technical issue to be solved by the IT department. Organizations of all sizes are constantly breached or attacked, and the best defense is both technical and organizational. Business leaders, working alongside technology leaders, need tools and frameworks for building cyber resilience using multiple layers of security. Financial institutions are at particular risk and the consequences of a cyber incident can be far-reaching and devastating. This paper describes how one bank built a culture of cybersecurity to create values, attitudes and believes that drive cybersecure behaviors. The case study illustrates how cybersecurity leaders at Italian bank, Banca Popolare di Sondrio (BPS) motivated, built and measured success of efforts to create a culture of cybersecurity

Zero TimeTM: A Conceptual Architecture for 21st Century Enterprises

Discusses Zero Time, or manipulating time as an independent variable, as critical to any enterprise’s success in the 21st Century. Discusses five disciplines of a Zero Time organization (customer value driven, knowledgization, holonic management, zero resistance and inclusion) and how the disciplines result in instant customerization, meaning the needs of the customer are met as soon as the needs are expressed. Provides examples of near-Zero Time organizations. Applies a methodology, consisting of strategic visioning and operational excellence, for any organization to follow to evolve holistically into a Zero Time organization, allowing it to quickly and effectively adapt to rapid, continuous change.IC2 Institut