Chasing Cyber Security Unicorns: A Taxonomy-based Analysis of Cyber Security Start-ups’ Business Models

As the number of security incidents increases, a market is emerging for established and new providers of security measures. However, we lack an idea of the business models of cyber security start-ups, which are seen as innovation and security drivers, to protect the economy from existence-threatening incidents. Due to the intangible nature of the cyber threats that security solutions aim to address, previous research on business models cannot be fully transferred. We address this research gap by developing a taxonomy following Nickerson et al. (2013) based on 90 cyber security start-ups and performing a cluster analysis to understand the business activities of cyber security start-ups concerning the protection of critical infrastructures. Our taxonomy will benefit interested decision-makers such as CISOs who want to identify custom-fit cyber security solutions for their organizations. Furthermore, investors and cyber security providers understand the market holistically and can identify innovative product approaches to adopt themselves

Triad or Error? Introducing Three Basic Dimensions of Competence as a Driving Force for Information Security Performance

As security incidents such as data breaches have dramatically increased in recent years, companies have acknowledged the utmost importance of implementing SETA (Security, Education, Training, and Awareness) programs. Although there has been much effort in designing these programs as effectively as possible, many security incidents are caused by employee misconduct. In this study, we shed light on the basic dimensions of information security competence (ISC) that employees need to efficiently improve their performance in dealing with security threats. Using a competence model from the field of vocational education, we conceptualize information security competence as a multidimensional construct. We then empirically test the impact of information security competence on information security performance in a study with 234 participants. Our results suggest that a differentiated view of competence is necessary, first, to improve employee performance in dealing with security threats and, second, to develop SETA programs that address employee vulnerabilities

Show Me Your Claims and I'll Tell You Your Offenses: Machine Learning-Based Decision Support for Fraud Detection on Medical Claim Data

Health insurance claim fraud is a serious issue for the healthcare industry as it drives up costs and inefficiency. Therefore, claim fraud must be effectively detected to provide economical and high-quality healthcare. In practice, however, fraud detection is mainly performed by domain experts resulting in significant cost and resource consumption. This paper presents a novel Convolutional Neural Network-based fraud detection approach that was developed, implemented, and evaluated on Medicare Part B records. The model aids manual fraud detection by classifying potential types of fraud, which can then be specifically analyzed. Our model is the first of its kind for Medicare data, yields an AUC of 0.7 for selected fraud types and provides an applicable method for medical claim fraud detection

Show Me Your Claims and I\u27ll Tell You Your Offenses: Machine Learning-Based Decision Support for Fraud Detection on Medical Claim Data

Health insurance claim fraud is a serious issue for the healthcare industry as it drives up costs and inefficiency. Therefore, claim fraud must be effectively detected to provide economical and high-quality healthcare. In practice, however, fraud detection is mainly performed by domain experts resulting in significant cost and resource consumption. This paper presents a novel Convolutional Neural Network-based fraud detection approach that was developed, implemented, and evaluated on Medicare Part B records. The model aids manual fraud detection by classifying potential types of fraud, which can then be specifically analyzed. Our model is the first of its kind for Medicare data, yields an AUC of 0.7 for selected fraud types and provides an applicable method for medical claim fraud detection

ARE YOU AWARE OF YOUR COMPETENCIES? – THE POTENTIALS OF COMPETENCE RESEARCH TO DESIGN EFFECTIVE SETA PROGRAMS

Since the late 1990s, security education training and awareness (SETA) programs have become commonplace. Despite extensive research into the effective design of such programs and factors influencing compliance behavior, SETA programs tend not to be as effective as they should be. In order to tailor learning content as closely as possible to individual needs, vocational education relies on the modeling and measurement of competencies. We argue that this existing knowledge can be transferred to the information security domain. Therefore, we introduce a competence model from vocational education and consider it in the context of the information security domain. Subsequently, we conduct a structured literature review on conceptualization and effective SETA design and investigate to what extent the competence dimensions from vocational education are already considered in the SETA literature. Our results indicate that competence research can make an important contribution to adapting SETA programs to individual situational actions

Bridging the Gap between Security Competencies and Security Threats: Toward a Cyber Security Domain Model

Security incidents are increasing in a wide range of organizational types and sizes worldwide. Although various threat models already exist to classify security threats, they seem to take insufficient account of which organizational assets the threat events are targeting. Therefore, we argue that conducting more job-specific IT security training is necessary to ensure organizational IT security. This requires considering which assets employees use in their daily work and for which threat events employees need to build up IT security competencies. Subsequently, we build a framework-based Cyber Security Domain Model (CSDM) for IT-secure behavior. We follow the Evidence Centered Assessment Design (ECD) to provide a deep- dive analysis of the domain for IT-secure behavior. As the leading result relevant for research and practice, we present our CSDM consisting of 1,087 cyber threat vectors and apply it to five job specifications

Bridging the Gap between Security Competencies and Security Threats: Toward a Cyber Security Domain Model

Security incidents are increasing in a wide range of organizational types and sizes worldwide. Although various threat models already exist to classify security threats, they seem to take insufficient account of which organizational assets the threat events are targeting. Therefore, we argue that conducting more job-specific IT security training is necessary to ensure organizational IT security. This requires considering which assets employees use in their daily work and for which threat events employees need to build up IT security competencies. Subsequently, we build a framework-based Cyber Security Domain Model (CSDM) for IT-secure behavior. We follow the Evidence Centered Assessment Design (ECD) to provide a deep- dive analysis of the domain for IT-secure behavior. As the leading result relevant for research and practice, we present our CSDM consisting of 1,087 cyber threat vectors and apply it to five job specifications

Custom Solutions for Diverse Needs: Laying the Foundation for Tailored SETA Programs in the Healthcare Domain

In recent years, the number of data breaches in the healthcare sector has steadily increased. As a result, security, education, training, and awareness programs are recognized as an integral part of educating employees about security threats. Although these programs are considered commonplace in many organizations, they often follow one-size-fits-all approaches that could hinder the success of security training. In this study, we address this issue by conducting a domain analysis for IT-secure behavior in healthcare using the evidence centered assessment design. We define the representative target group as caregivers and physicians in hospitals. Subsequently, we observe the work tasks and assets of both job profiles in three hospitals in Germany to determine the most relevant security threats in the domain. In this way, we extend the cyber security domain model of Schuetz et al. (2023) and pave the way for developing tailored SETA programs in the healthcare domain