To see the other types of publications on this topic, follow the link: Cybersecurity risk management.

Journal articles on the topic 'Cybersecurity risk management'

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Cybersecurity risk management.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Eaton, Tim V., Jonathan H. Grenier, and David Layman. "Accounting and Cybersecurity Risk Management." Current Issues in Auditing 13, no. 2 (March 1, 2019): C1—C9. http://dx.doi.org/10.2308/ciia-52419.

Full text
Abstract:
SUMMARY As the number of cybersecurity incidents continue to rise and stakeholders are becoming increasingly concerned, companies are devoting considerable resources to their cybersecurity risk management efforts and related cybersecurity disclosures. This paper describes how accountants are uniquely positioned to assist companies with these efforts in advisory and assurance capacities. We present a model of effective cybersecurity risk management and discuss how accountants' core competencies can add significant value in each of the model's five stages. In addition, we use several recent high-profile cybersecurity incidents as illustrative examples in each of the five stages. We conclude by discussing implications for accountants.
APA, Harvard, Vancouver, ISO, and other styles
2

Burrell, Darrell Norman. "Understanding Healthcare Cybersecurity Risk Management Complexity." Land Forces Academy Review 29, no. 1 (February 28, 2024): 38–49. http://dx.doi.org/10.2478/raft-2024-0004.

Full text
Abstract:
Abstract It is important to fully comprehend the critical role of the healthcare and public health sector in safeguarding the economy from various threats, including terrorism, infectious diseases, and natural disasters. The private ownership of many healthcare assets underscores the need for enhanced collaboration and information sharing between the public and private sectors. The COVID-19 pandemic has accelerated the digitalization of this sector, leading to a heightened risk of cyber threats. The increasing reliance on emerging technologies such as blockchain, the metaverse, and virtual reality is further exacerbating the cybersecurity landscape, with the projected cost of cybercrime exceeding $10 trillion in 2023 and an anticipated surge to nearly $24 trillion in the next four years. Human error remains the primary cause of cybersecurity incidents, accounting for 95% of reported cases, with insider threats contributing significantly. Despite increased cyber training and risk mitigation efforts, vulnerabilities continue to be rapidly exploited. This paper provides an in-depth analysis of cybersecurity risks in the healthcare sector, drawing on existing literature and theoretical frameworks to highlight the complex challenges in this evolving landscape.
APA, Harvard, Vancouver, ISO, and other styles
3

Briscoe, Christopher, and Carl Young. "Scale, Complexity, and Cybersecurity Risk Management." Journal of Information Security 15, no. 04 (2024): 524–44. http://dx.doi.org/10.4236/jis.2024.154029.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Olawoyin, Olayinka Michael. "Blockchain Technology in Risk Management: Strengthening Cybersecurity and Financial Integrity." International Journal of Research Publication and Reviews 5, no. 10 (October 2024): 2336–48. http://dx.doi.org/10.55248/gengpi.5.1024.2829.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Adebayo Omowunmi Temitope, LawalYusufAdedayo, and Braimoh Kareem. "Cybersecurity risk management in agile development: protecting data and system." International Journal of Science and Research Archive 8, no. 1 (February 28, 2023): 988–94. http://dx.doi.org/10.30574/ijsra.2023.8.1.0188.

Full text
Abstract:
The rapid evolution of technology and the increasing complexity of systems have made cybersecurity a critical concern for organizations, particularly in the context of Agile development. Agile methodologies prioritize flexibility, collaboration, and iterative progress, which can inadvertently introduce unique cybersecurity risks. This paper explores the integration of cybersecurity risk management practices within Agile development frameworks, emphasizing the need for organizations to proactively address vulnerabilities while maintaining the agility of their development processes. By examining common threats, risk assessment techniques, and mitigation strategies, this research outlines best practices for incorporating cybersecurity into Agile development cycles. The paper further discusses the importance of fostering a security-aware culture among Agile teams and leveraging DevSecOps principles to ensure that security considerations are embedded throughout the development lifecycle. Real-world case studies illustrate successful implementations of cybersecurity risk management in Agile projects, providing valuable insights for organizations seeking to protect their data and systems while remaining agile. Ultimately, this research aims to provide a comprehensive framework for integrating cybersecurity risk management into Agile development practices, thereby enhancing the overall security posture of organizations. The accelerating pace of digital transformation and the increasing sophistication of cyber threats have made cybersecurity a paramount concern for organizations operating within Agile development frameworks. Agile methodologies, characterized by their emphasis on iterative progress, collaboration, and rapid delivery, present unique challenges to traditional cybersecurity practices. This paper investigates the critical intersection of cybersecurity risk management and Agile development, highlighting the need for organizations to proactively identify and mitigate security risks while maintaining the inherent flexibility and responsiveness that Agile offers. Through a comprehensive examination of common cybersecurity threats faced by Agile teams—such as data breaches, insider threats, and third-party vulnerabilities—this research underscores the importance of integrating security into the Agile lifecycle. The paper details effective risk assessment methodologies tailored to Agile environments, including continuous risk assessment, threat modeling, and user story analysis. Furthermore, it presents a framework for risk mitigation that emphasizes the adoption of DevSecOps principles, automated security testing, and the cultivation of a security-aware culture among Agile practitioners. By fostering open communication and recognizing security champions within teams, organizations can enhance their cybersecurity posture without compromising their Agile values. Real-world case studies illustrate successful implementations of cybersecurity practices in Agile projects, providing actionable insights for organizations aiming to protect their data and systems. Ultimately, this research aims to equip stakeholders with a holistic understanding of how to integrate cybersecurity risk management into Agile development processes, thereby enhancing organizational resilience against cyber threats while supporting the goals of agility and innovation.
APA, Harvard, Vancouver, ISO, and other styles
6

Keskin, Omer F., Kevin Matthe Caramancion, Irem Tatar, Owais Raza, and Unal Tatar. "Cyber Third-Party Risk Management: A Comparison of Non-Intrusive Risk Scoring Reports." Electronics 10, no. 10 (May 13, 2021): 1168. http://dx.doi.org/10.3390/electronics10101168.

Full text
Abstract:
Cybersecurity is a concern for organizations in this era. However, strengthening the security of an organization’s internal network may not be sufficient since modern organizations depend on third parties, and these dependencies may open new attack paths to cybercriminals. Cyber Third-Party Risk Management (C-TPRM) is a relatively new concept in the business world. All vendors or partners possess a potential security vulnerability and threat. Even if an organization has the best cybersecurity practice, its data, customers, and reputation may be at risk because of a third party. Organizations seek effective and efficient methods to assess their partners’ cybersecurity risks. In addition to intrusive methods to assess an organization’s cybersecurity risks, such as penetration testing, non-intrusive methods are emerging to conduct C-TPRM more easily by synthesizing the publicly available information without requiring any involvement of the subject organization. In this study, the existing methods for C-TPRM built by different companies are presented and compared to discover the commonly used indicators and criteria for the assessments. Additionally, the results of different methods assessing the cybersecurity risks of a specific organization were compared to examine reliability and consistency. The results showed that even if there is a similarity among the results, the provided security scores do not entirely converge.
APA, Harvard, Vancouver, ISO, and other styles
7

Li, He, Won Gyun No, and Tawei Wang. "SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors." International Journal of Accounting Information Systems 30 (September 2018): 40–55. http://dx.doi.org/10.1016/j.accinf.2018.06.003.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Chebib, Tom. "Digital Identity: A Human-Centered Risk Awareness Study." Muma Business Review 5 (2021): 031–33. http://dx.doi.org/10.28945/4826.

Full text
Abstract:
Cybersecurity breaches have been at the forefront of most news outlets, recently. People’s Digital Identity has been at the epicenter of cybersecurity breaches. Defining the composition of digital identity is the first step at risk identification and the first step towards risk mitigation. Cybersecurity risk management tools are lacking in user-centricity. Organizations like the National Institute of Standards and Technology have to craft user-centric personal cybersecurity risk management frameworks.
APA, Harvard, Vancouver, ISO, and other styles
9

Kure, Halima Ibrahim, and Shareeful Islam. "Assets focus risk management framework for critical infrastructure cybersecurity risk management." IET Cyber-Physical Systems: Theory & Applications 4, no. 4 (December 1, 2019): 332–40. http://dx.doi.org/10.1049/iet-cps.2018.5079.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Lee, In. "Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management." Future Internet 12, no. 9 (September 18, 2020): 157. http://dx.doi.org/10.3390/fi12090157.

Full text
Abstract:
Along with the growing threat of cyberattacks, cybersecurity has become one of the most important areas of the Internet of Things (IoT). The purpose of IoT cybersecurity is to reduce cybersecurity risk for organizations and users through the protection of IoT assets and privacy. New cybersecurity technologies and tools provide potential for better IoT security management. However, there is a lack of effective IoT cyber risk management frameworks for managers. This paper reviews IoT cybersecurity technologies and cyber risk management frameworks. Then, this paper presents a four-layer IoT cyber risk management framework. This paper also applies a linear programming method for the allocation of financial resources to multiple IoT cybersecurity projects. An illustration is provided as a proof of concept.
APA, Harvard, Vancouver, ISO, and other styles
11

Folorunsho, O. S., A. Q. Ayinde, M. A. Olagoke, and O. E. Fatoye. "Implementation of Cybersecurity Risk Theory and Model in Healthcare." Advances in Multidisciplinary and scientific Research Journal Publication 13, no. 4 (December 30, 2022): 65–72. http://dx.doi.org/10.22624/aims/cisdi/v13n4p4.

Full text
Abstract:
This review paper examines the implementation of cybersecurity risk theory and models in Healthcare, including their benefits and challenges. The paper begins with an overview of cybersecurity risk theory and models, including the STAMP theory and various types of models. It then compares different cybersecurity risk models and discusses their strengths and weaknesses. The paper also explores case studies of the successful implementation of cybersecurity risk models in Healthcare and the challenges these organizations face. The importance of risk assessment and management in healthcare cybersecurity and strategies for mitigating cybersecurity risks are highlighted. The paper concludes with future research and practice recommendations, including the need for more sophisticated risk models, addressing the cybersecurity workforce shortage, understanding the impact of emerging technologies, increasing collaboration between healthcare organizations, and conducting more empirical studies. Keywords: Cybersecurity, Risk assessment, Risk management, Healthcare, Implementation, Risk models
APA, Harvard, Vancouver, ISO, and other styles
12

Wright, Jorja. "Healthcare cybersecurity and cybercrime supply chain risk management." Health Economics and Management Review 4, no. 4 (December 31, 2023): 17–27. http://dx.doi.org/10.61093/hem.2023.4-02.

Full text
Abstract:
Cybersecurity is paramount in today’s rapidly evolving healthcare industry, particularly as supply chain management and logistics undergo digital transformation. This study examines the substantial threat posed by cybercrime to patient safety, data security, and operational efficiency within healthcare logistics and supply chain management. These risks can significantly impact an organization’s reputation and financial stability, necessitating vigilant detection and mitigation efforts by healthcare companies. As the primary defence against online threats, cybersecurity plays a pivotal role in preventing data breaches, cyberattacks, and other malicious activities that could have devastating consequences for the healthcare sector. Its core objective is to ensure the availability, confidentiality, and integrity of data, systems, and resources within the realm of healthcare supply chain management and logistics. Patient data protection stands out as a critical aspect of cybersecurity in this context. Healthcare logistics and supply chain management systems frequently handle sensitive patient data, encompassing billing details and medical histories. The compromise of such data places patient trust and the organization’s regulatory compliance at risk, potentially leading to identity theft, fraudulent claims, and privacy breaches. Furthermore, safeguarding the security of medical equipment is of paramount importance. With the increasing connectivity of these devices through the Internet of Things (IoT), they become more vulnerable to cyberattacks. Apart from jeopardizing patient safety, a breach in medical device security raises questions about the authenticity and reliability of healthcare products and services. Another pressing issue that healthcare institutions must address is unauthorised access to their systems. Cybercriminals persistently seek entry points into these systems to exploit vulnerabilities for illicit or profitable purposes. Robust cybersecurity measures are essential to thwarting unauthorised access and ensuring that only authorised individuals can access and modify sensitive medical data. Maintaining the accuracy of patient records is crucial for efficient supply chain management and healthcare logistics. Cyberattacks that manipulate or corrupt patient records can lead to medical errors, endangering patient safety. Consequently, cybersecurity measures must include safeguards to preserve the integrity and accuracy of these records. Beyond these immediate concerns, cybersecurity is instrumental in preventing disruptions to healthcare operations and services. Downtime resulting from cyberattacks can be catastrophic, impeding patient care and undermining the overall effectiveness of supply chain management and healthcare logistics. Cybersecurity safeguards continuous healthcare services by guaranteeing the security and accessibility of data and systems. Furthermore, cybersecurity plays a pivotal role in protecting the integrity, trust, and reputation of healthcare organizations. A cyberattack or data breach can tarnish an organization’s reputation and erode patient confidence. Such damage can have enduring repercussions, affecting an organization’s ability to attract clients, partners, and investors.
APA, Harvard, Vancouver, ISO, and other styles
13

Mąkosa, Grzegorz. "Risk management as a determinant of cybersecurity." Nowoczesne Systemy Zarządzania 14, no. 3 (January 22, 2021): 67–80. http://dx.doi.org/10.37055/nsz/132731.

Full text
Abstract:
Celem artykułu jest wykazanie zależności bezpieczeństwa i cyberbezpieczeństwa od ryzyka i zarządzania ryzykiem. Praca przedstawia definicje oraz proces zarządzania ryzykiem zdefiniowany w normie PN EN ISO 27005:2014 Technika informatyczna – Techniki bezpieczeństwa – Zarządzanie ryzykiem w bezpieczeństwie informacji, składający się z procesów ustanowienia kontekstu, szacowania ryzyka, czyli identyfikacji, analizy oraz oceny ryzyka, postępowania z ryzykiem, informowania i konsultowania oraz monitorowania i przeglądu. W dalszej części artykułu autor przechodzi od definicji bezpieczeństwa, cyberbezpieczeństwa, zarządzania kryzysowego do dokumentów strategicznych, operacyjnych i regulacji prawnych, przedstawiając powiązania i zależności między ryzykiem oraz zarządzaniem ryzykiem a bezpieczeństwem i cyberbezpieczeństwem oraz zarządzaniem kryzysowym jako systemem zarządzania bezpieczeństwem narodowym, ochroną infrastruktury krytycznej, w tym systemów teleinformatycznych cyberprzestrzeni. Przedstawione relacje bezsprzecznie wskazują zarządzanie ryzykiem jako determinantę bezpieczeństwa i cyberbezpieczeństwa.
APA, Harvard, Vancouver, ISO, and other styles
14

Abdulrahim, Nabihah R., Daniel O. Orwa, and Christopher A. Moturi. "Towards adequate cybersecurity risk management in SMEs." International Journal of Business Continuity and Risk Management 11, no. 4 (2021): 343. http://dx.doi.org/10.1504/ijbcrm.2021.10043709.

Full text
APA, Harvard, Vancouver, ISO, and other styles
15

Khan, Ashraf, and Majid Malaika. "Central Bank Risk Management, Fintech, and Cybersecurity." IMF Working Papers 2021, no. 105 (April 2021): 1. http://dx.doi.org/10.5089/9781513582344.001.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Brandao, Pedro, and Paulo Branco. "Cybersecurity risk management in the industry 4.0." International Journal of Scientific Research and Management 10, no. 03 (March 2, 2022): 747–54. http://dx.doi.org/10.18535/ijsrm/v10i3.ec01.

Full text
Abstract:
A referential and abstract model will be presented to be applied in risk management on cloud computing and industry ICS platforms in general. we are looking at the types of assessments that are out there, we explore the different approaches and techniques behind information technology systems risk assessments and complexity of conducting industrial control system safely at-risk control level.
APA, Harvard, Vancouver, ISO, and other styles
17

Moturi, Christopher A., Nabihah R. Abdulrahim, and Daniel O. Orwa. "Towards adequate cybersecurity risk management in SMEs." International Journal of Business Continuity and Risk Management 11, no. 4 (2021): 343. http://dx.doi.org/10.1504/ijbcrm.2021.119943.

Full text
APA, Harvard, Vancouver, ISO, and other styles
18

Suryaprakash Nalluri, Murali Mohan Malyala, SukanyaKonatam, and Kiran Kumar Kandagiri. "Cybersecurity risk management in cloud computing environment." International Journal of Science and Research Archive 10, no. 1 (October 30, 2023): 1062–68. http://dx.doi.org/10.30574/ijsra.2023.10.1.1127.

Full text
Abstract:
It starts with a case review of the special characteristics of the cloud computing threat and vulnerability, such as data leakage, inside threats, shared resources vulnerabilities. A review of the literature on current models and tools for managing these risks, including the most relevant studies as well as Good Practice Guidelines. The book addresses how traditional security models need to be adapted for the cloud and outlines the efficacy of various security technologies - including encryption, IAM (identity and access management), and IDS, the work presented a reliable risk management framework for cloud-based environments, centering on multi-level security. This includes advanced encryption schemes, live monitoring &automated remediation, response mechanisms. The framework also includes best practices for compliance with regulatory standards and data privacy and protection strategies. Early results of use when implemented in a trial project proved it effective in reducing the security incidents as well as in strengthening the overall system resilience. This paper ends with what these findings imply for future cloud security practices and a look at how organizations can better secure their cloud environment.
APA, Harvard, Vancouver, ISO, and other styles
19

Shikhaliyev, Ramiz H. "CYBERSECURITY RISKS MANAGEMENT OF INDUSTRIAL CONTROL SYSTEMS: A REVIEW." Problems of Information Technology 15, no. 1 (January 26, 2024): 37–43. http://dx.doi.org/10.25045/jpit.v15.i1.05.

Full text
Abstract:
Industrial control systems (ICS) form the basis of critical infrastructures, managing complex processes in various sectors of industry, energy, etc. With the increasing frequency and complexity of cyber threats, effective management of ICS cybersecurity risks is critical. This paper is devoted to the analysis of approaches used in the field of cybersecurity risk management of automated process control systems. The study examines the cybersecurity risks of ICS and the role of international standards in managing cybersecurity risks. The results of the analysis carried out in this paper can serve as information for the development of new reliable cybersecurity risk management systems for ICS.
APA, Harvard, Vancouver, ISO, and other styles
20

Melaku, Henock Mulugeta. "Context-Based and Adaptive Cybersecurity Risk Management Framework." Risks 11, no. 6 (May 31, 2023): 101. http://dx.doi.org/10.3390/risks11060101.

Full text
Abstract:
Currently, organizations are faced with a variety of cyber-threats and are possibly challenged by a wide range of cyber-attacks of varying frequency, complexity, and impact. However, they can do something to prevent, or at least mitigate, these cyber-attacks by first understanding and addressing their common problems regarding cybersecurity culture, developing a cyber-risk management plan, and devising a more proactive and collaborative approach that is suitable according to their organization context. To this end, firstly various enterprise, Information Technology (IT), and cybersecurity risk management frameworks are thoroughly reviewed along with their advantages and limitations. Then, we propose a proactive cybersecurity risk management framework that is simple and dynamic, and that adapts according to the current threat and technology landscapes and organizational context. Finally, performance metrics to evaluate the framework are proposed.
APA, Harvard, Vancouver, ISO, and other styles
21

Ganin, Alexander A., Phuoc Quach, Mahesh Panwar, Zachary A. Collier, Jeffrey M. Keisler, Dayton Marchese, and Igor Linkov. "Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management." Risk Analysis 40, no. 1 (September 5, 2017): 183–99. http://dx.doi.org/10.1111/risa.12891.

Full text
APA, Harvard, Vancouver, ISO, and other styles
22

Ohrt, Andrew, Kevin M. Morley, Dan Groves, and Joel Cox. "Tackle Cybersecurity and AWIA Compliance With AWWA's New Cybersecurity Risk Management Tool." Journal - American Water Works Association 112, no. 3 (March 2020): 70–73. http://dx.doi.org/10.1002/awwa.1466.

Full text
APA, Harvard, Vancouver, ISO, and other styles
23

Song, Ju Myung, Tawei Wang, Ju-Chun Yen, and Yu-Hung Chen. "Does cybersecurity maturity level assurance improve cybersecurity risk management in supply chains?" International Journal of Accounting Information Systems 54 (September 2024): 100695. http://dx.doi.org/10.1016/j.accinf.2024.100695.

Full text
APA, Harvard, Vancouver, ISO, and other styles
24

Nkambule, Mafika, and Joey Jansen van Vuuren. "Integrating Enterprise Architecture into Cybersecurity Risk Management in Higher Education." International Conference on Cyber Warfare and Security 19, no. 1 (March 21, 2024): 501–10. http://dx.doi.org/10.34190/iccws.19.1.2189.

Full text
Abstract:
Cybercriminals constantly seek new methods to infiltrate a company's defences, making cybersecurity investments essential. Enterprise architecture (EA) provides a systematic risk detection and mitigation process by emphasising the interdependencies between systems, data, processes, people, and other factors. This paper provides a comprehensive approach, also referred to as a process, based on EA to assist African universities in developing a comprehensive cybersecurity plan. The EA process comprises four pillars: business architecture, data architecture, application architecture, and technology architecture. African universities can develop a comprehensive cybersecurity strategy using an EA approach in cybersecurity to achieve institutional goals and objectives. The potential attack surface comprises isolated EA components and their interconnections.This article comprehensively examines various EA processes such as business, information, application, and technology architecture. These processes are carefully analysed to evaluate the organisational structures and uncover opportunities to enhance security protocols. Additionally, we delve deep into abstract security patterns, seeking to cultivate an environment of trustworthiness within complex systems. Our research findings underscore the significant potential within African higher education institutions. By embracing a model-based approach to risk analysis and mitigation, these institutions can fortify their cybersecurity defences to ensure uninterrupted business operations and enhance overall resilience in the face of evolving security challenges.When we combine EA and information security (ICS), we uncover many vulnerabilities malicious actors might exploit. By embracing a holistic EA-based methodology, institutions can craft and implement robust security protocols to safeguard their components and connections. Leveraging EA, our proposed integrated approach aims to forge a comprehensive cybersecurity risk management strategy tailored to the African higher education sector. This strategy seeks to facilitate the identification of critical elements and their intricate interrelationships, thus formulating an effective defence strategy against potential cyber threats. The synergy promises to elevate cybersecurity practices, ensure uninterrupted business operations, and fortify the continent's resilience.
APA, Harvard, Vancouver, ISO, and other styles
25

Goel, Rajni, Anupam Kumar, and James Haddow. "PRISM: a strategic decision framework for cybersecurity risk assessment." Information & Computer Security 28, no. 4 (June 19, 2020): 591–625. http://dx.doi.org/10.1108/ics-11-2018-0131.

Full text
Abstract:
Purpose This study aims to develop a framework for cybersecurity risk assessment in an organization. Existing cybersecurity frameworks are complex and implementation oriented. The framework can be systematically used to assess the strategic orientation of a firm with respect to its cybersecurity posture. The goal is to assist top-management-team with tailoring their decision-making about security investments while managing cyber risk at their organization. Design/methodology/approach A thematic analysis of existing publications using content analysis techniques generates the initial set of keywords of significance. Additional factor analysis using the keywords provides us with a framework comprising of five pillars comprising prioritize, resource, implement, standardize and monitor (PRISM) for assessing a firm’s strategic cybersecurity orientation. Findings The primary contribution is the development of a novel PRISM framework, which enables cyber decision-makers to identify and operationalize a tailored approach to address risk management and cybersecurity problems. PRISM framework evaluation will help organizations identify and implement the most tailored risk management and cybersecurity approach applicable to their problem(s). Originality/value The new norm is for companies to realize that data stratification in cyberspace extends throughout their organizations, intertwining their need for cybersecurity within business operations. This paper fulfills an identified need improve the ability of company leaders, as CIOs and others, to address the growing problem of how organizations can better handle cyber threats by using an approach that is a methodology for cross-organization cybersecurity risk management.
APA, Harvard, Vancouver, ISO, and other styles
26

Shires, James. "Enacting Expertise: Ritual and Risk in Cybersecurity." Politics and Governance 6, no. 2 (June 11, 2018): 31–40. http://dx.doi.org/10.17645/pag.v6i2.1329.

Full text
Abstract:
This article applies the concept of ritual to cybersecurity expertise, beginning with the cybersecurity “skills gap”: the perceived lack of suitably qualified professionals necessary to tackle contemporary cybersecurity challenges. It proposes that cybersecurity expertise is best understood as a skilled performance which satisfies decision-makers’ demands for risk management. This alternative understanding of cybersecurity expertise enables investigation of the types of performance involved in key events which congregate experts together: cybersecurity conferences. The article makes two key claims, which are empirically based on participant observation of cybersecurity conferences in the Middle East. First, that cybersecurity conferences are ritualized activities which create an expert community across international boundaries despite significant political and social differences. Second, that the ritualized physical separation between disinterested knowledge-sharing and commercial advertisement at these conferences enacts an ideal of “pure” cybersecurity expertise rarely encountered elsewhere, without which the claims to knowledge made by cybersecurity experts would be greatly undermined. The approach taken in this article is thus a new direction for cybersecurity research, with significant implications for other areas of international politics.
APA, Harvard, Vancouver, ISO, and other styles
27

Gao, Lei, Thomas G. Calderon, and Fengchun Tang. "Public companies' cybersecurity risk disclosures." International Journal of Accounting Information Systems 38 (September 2020): 100468. http://dx.doi.org/10.1016/j.accinf.2020.100468.

Full text
APA, Harvard, Vancouver, ISO, and other styles
28

Kuhlman, Richard, and Jason Kempf. "FINRA publishes its 2015 “Report on Cybersecurity Practices”." Journal of Investment Compliance 16, no. 2 (July 6, 2015): 47–51. http://dx.doi.org/10.1108/joic-04-2015-0025.

Full text
Abstract:
Purpose – To summarize and comment on FINRA’s report on cybersecurity practices, published on February 4, 2015, which arose from its 2014 targeted examination of firms’ cybersecurity preparedness. Design/methodology/approach – Explains the implications of the FINRA report and general guidance FINRA provides and expects all firms to consider in connection with developing their respective cybersecurity programs in eight areas: governance and risk management for cybersecurity; cybersecurity risk assessment; technical controls; incident response planning; vendor management; staff training; cyber intelligence and information sharing; and cyber insurance. Findings – There is no doubt that cybersecurity is a key risk facing the financial services industry now. Accordingly, FINRA expects that firms will review the report and assess how the principles and effective practices provided therein could help build or improve cybersecurity readiness. The report reflects FINRA’s risk-management-based approach to cybersecurity issues, identifying principles and “effective practices” for member firms to consider, as opposed to decreeing specific requirements, policies or procedures. Originality/value – Expert guidance from experienced securities lawyers.
APA, Harvard, Vancouver, ISO, and other styles
29

Abel Uzoka, Emmanuel Cadet, and Pascal Ugochukwu Ojukwu. "Applying artificial intelligence in Cybersecurity to enhance threat detection, response, and risk management." Computer Science & IT Research Journal 5, no. 10 (October 24, 2024): 2511–38. http://dx.doi.org/10.51594/csitrj.v5i10.1677.

Full text
Abstract:
This paper explores the application of Artificial Intelligence (AI) in cybersecurity, emphasizing its potential to enhance threat detection, response, and risk management. The study's primary objective is to analyze how AI-driven tools and techniques can improve the efficiency and effectiveness of cybersecurity measures in organizations. Employing a comprehensive literature review and case study analysis, the research investigates current AI applications in threat detection, including machine learning algorithms, anomaly detection systems, and predictive analytics. The findings reveal that AI significantly reduces response times to cyber threats, increases accuracy in identifying vulnerabilities, and enables more proactive risk management strategies. The paper also examines the strategic implications of integrating AI into cybersecurity frameworks, highlighting the challenges related to data privacy, ethical considerations, and the need for skilled personnel to manage AI systems. Furthermore, it discusses the future prospects for AI in cybersecurity, suggesting that as AI technologies evolve, they will likely play an even more critical role in defending against sophisticated cyber-attacks. The paper concludes by providing recommendations for organizations to effectively integrate AI into their cybersecurity strategies, ensuring they remain resilient in the face of evolving cyber threats. This study contributes to the ongoing discourse on AI in cybersecurity by offering insights into its strategic applications and laying the groundwork for future research in this rapidly developing field. Keywords: Artificial Intelligence (AI), Cybersecurity, Threat Detection, AI Governance, Model Training, Data Privacy, Bias in AI, AI Research, Continuous Learning, Cybersecurity Strategy, AI Ethics, Machine Learning, Anomaly Detection, AI Scalability, AI in Cybersecurity.
APA, Harvard, Vancouver, ISO, and other styles
30

Gunawan, Budi, Barito Mulyo Ratmono, Denok Kurniasih, and Paulus Israwan Setyoko. "Cybersecurity effectiveness: The role of internal auditor certification, risk assessment and senior management." International Journal of Data and Network Science 7, no. 4 (2023): 1805–14. http://dx.doi.org/10.5267/j.ijdns.2023.7.011.

Full text
Abstract:
This study aims to analyze and examine the influence of internal auditor certification, risk assessment, and the role of senior management on the effectiveness of cybersecurity for internal auditors who have experience in cybersecurity and information technology. This research method is a quantitative method, data analysis uses structural equation modeling (SEM) with SmartPLS 3.0 software tools. The population of this study is internal auditors who have experience in cybersecurity and information technology. The sample for this study was 480 respondents who were determined by the snowball sampling method. The research data was obtained from an online questionnaire which was distributed via social media. The questionnaire was designed using a Likert scale of 1 to 5. The stages of data analysis were validity test, reliability test and significance test. The results of this study indicate that internal auditor certification has a positive effect on cybersecurity effectiveness, risk assessment has a positive effect on cybersecurity effectiveness, and the role of senior management has a positive effect on cybersecurity effectiveness.
APA, Harvard, Vancouver, ISO, and other styles
31

Saveliev, D. V. "Risk Management and Assessment in Software Development Projects." Èlektronnoe modelirovanie 43, no. 4 (August 2, 2021): 113–24. http://dx.doi.org/10.15407/emodel.43.04.113.

Full text
Abstract:
The article defines the concept of threat model. Described a list of current security guidelines for the development and administration of web systems. Formed the list of cybersecurity threats, the consequences of their implementation are determined. Described the process of forming a model of cybersecurity threats of web systems. Defined the list of threats based on the recommendations and experience of authoritative organizations in the world and Ukraine. Defined the concepts of risk, risk index and risk status for the security of web systems. Defined the main principles of risk management in software development projects.
APA, Harvard, Vancouver, ISO, and other styles
32

Veiga, Bruna. "Evolution of Compliance and Cybersecurity: A Risk Management Perspective in Financial Markets." International Journal of Science and Research (IJSR) 13, no. 10 (October 5, 2024): 1205–7. http://dx.doi.org/10.21275/sr241011004135.

Full text
APA, Harvard, Vancouver, ISO, and other styles
33

Singgalen, Yerik Afrianto, Hindriyanto Dwi Purnomo, and Irwan Sembiring. "Exploring MSMEs Cybersecurity Awareness and Risk Management : Information Security Awareness." IJCCS (Indonesian Journal of Computing and Cybernetics Systems) 15, no. 3 (July 31, 2021): 233. http://dx.doi.org/10.22146/ijccs.67010.

Full text
Abstract:
The use of information technology in the management of Micro, Small, and Medium Enterprises (MSMEs) is not limited to business performance and productivity but also aspects of data security and transactions using various mobile, website, and desktop-based applications. This article offers an idea to explore cybersecurity awareness and risk management of MSME actors who adopt information technology. The research method used is qualitative with a case study approach in the Coffeeshop X business and the Y Souvenir business in Salatiga City, Central Java, Indonesia. The data collection technique used in-depth interviews, observation, and document studies. These findings indicate that Cybersecurity Awareness, especially information security awareness, can be reviewed based on knowledge, attitudes, and behavior. Risk management can be review based on supply risk, operational risk, and customer risk. Cybersecurity Awareness and Risk Management in MSMEs is holistic and cannot be generalized, so it needs to be discussed contextually based on case studies. In the context of Coffeeshop X and Souvenir Y, the level of Cybersecurity Awareness (knowledge, attitude, behavior) is not always linear. In addition, risk management is more dominant in the customer risk dimension, compared to supply risk and operational risk.
APA, Harvard, Vancouver, ISO, and other styles
34

Okolo, Francess, and Arume Ighoroje. "Security Awareness Programs and Behavioral Patterns in Nigeria Deposit Money Banks: Adopting a Robust Cybersecurity Culture." International Journal of Research and Innovation in Social Science VIII, no. VI (2024): 239–56. http://dx.doi.org/10.47772/ijriss.2024.806019.

Full text
Abstract:
In an era marked by evolving cybersecurity threats, understanding the interplay between Security Awareness Programs, Behavioral Patterns, and Cybersecurity Culture is essential for safeguarding organizational assets and maintaining trust in financial institutions. This study investigated this relationship within Nigeria’s Deposit Money Banks, employing a comprehensive analysis of key variables such as Compliance Adherence, Security Policy Acknowledgements, Training Completion Rate, Risk Awareness and Management, Behavioral Analytics, Employee Feedback and Engagement, and Incident Response Time.Utilizing data gathered from a field survey, the study employed multiple regression analysis and tested for hypotheses. Specifically, the study revealed that Compliance Adherence, Training Completion Rate, and Risk Awareness and Management significantly influenced Employee Feedback and Engagement. Compliance Adherence increased Employee Feedback and Engagement by 0.065 (t-stat: 0.750, p = 0.014), Training Completion Rate by 0.397 (t-stat: 3.846, p < 0.001), and Risk Awareness and Management by 0.237 (t-stat: 2.031, p = 0.028). Similarly, Compliance Adherence, Security Policy Acknowledgements, Training Completion Rate, and Risk Awareness and Management significantly impacted Incident Response Time. Compliance Adherence increased Incident Response Time by 0.067 (t-stat: 0.721, p = 0.041), Security Policy Acknowledgements by 0.087 (t-stat: 0.911, p = 0.033), and Training Completion Rate by 0.188 (t-stat: 1.118, p < 0.001). However, Risk Awareness and Management didn’t show significant impact on Incident Response Time. Moreover, Compliance Adherence, Security Policy Acknowledgements, Training Completion Rate, and Risk Awareness and Management significantly contributed to Cybersecurity Culture. Compliance Adherence increased Cybersecurity Culture by 0.523 (t-stat: 0.101, p < 0.001), Security Policy Acknowledgements by 0.041 (t-stat: 0.279, p = 0.011), Training Completion Rate by 0.188 (t-stat: 1.139, p < 0.001), and Risk Awareness and Management by 0.239 (t-stat: 1.453, p = 0.041). These findings offered valuable insights for policymakers, bank management, cybersecurity professionals, and employees, informing the development of effective cybersecurity strategies and risk management policies. By understanding the intricate relationship between Security Awareness Programs, Behavioral Patterns, and Cybersecurity Culture, stakeholders could better navigate the complexities of the cybersecurity landscape and safeguard organizational interests.
APA, Harvard, Vancouver, ISO, and other styles
35

Lee, In. "Cybersecurity: Risk management framework and investment cost analysis." Business Horizons 64, no. 5 (September 2021): 659–71. http://dx.doi.org/10.1016/j.bushor.2021.02.022.

Full text
APA, Harvard, Vancouver, ISO, and other styles
36

Roldán Álvarez, Miguel Ángel, and Héctor Fernando Vargas Montoya. "Cybersecurity in Mobile Telecommunication Networks and Management Risk." Ingeniería y Desarrollo 38, no. 2 (March 2, 2021): 279–97. http://dx.doi.org/10.14482/inde.38.2.006.31.

Full text
APA, Harvard, Vancouver, ISO, and other styles
37

Cam, Hasan, and Pierre Mouallem. "Mission assurance policy and risk management in cybersecurity." Environment Systems and Decisions 33, no. 4 (August 30, 2013): 500–507. http://dx.doi.org/10.1007/s10669-013-9468-z.

Full text
APA, Harvard, Vancouver, ISO, and other styles
38

Kim, Dong-Won, Jin-Young Choi, and Keun-Hee Han. "Medical Device Safety Management Using Cybersecurity Risk Analysis." IEEE Access 8 (2020): 115370–82. http://dx.doi.org/10.1109/access.2020.3003032.

Full text
APA, Harvard, Vancouver, ISO, and other styles
39

Yang, Ling, Linda Lau, and Huiqi Gan. "Investors’ perceptions of the cybersecurity risk management reporting framework." International Journal of Accounting & Information Management 28, no. 1 (January 13, 2020): 167–83. http://dx.doi.org/10.1108/ijaim-02-2019-0022.

Full text
Abstract:
Purpose The purpose of this paper is to propose a research model to examine the perception of non-professional investors toward the cybersecurity reporting framework developed by the American Institute of Certified Public Accountants (AICPA). Design/methodology/approach The proposed hypotheses were tested using structural equation modeling with data collected from Amazon's Mechanical Turk platform. Findings The findings conclude that investors' perceived benefits of the cybersecurity risk framework are positively related to investment intention. Information quality and cybersecurity awareness also positively influence perceived benefits of the risk framework and investment intention. Practical implications Findings of this study are relevant to both regulatory bodies and firms because non-professional investors’ perceptions of the benefits of the AICPA’s reporting framework are unveiled. Originality/value Findings from this research help to provide a more in-depth understanding of the impact of various factors on investor’s decision-making process and also significant insights into the non-professional investor’s attitude toward the AICPA’s framework.
APA, Harvard, Vancouver, ISO, and other styles
40

Ungureanu, Mirela-Alexandra, Eugen Gavan, and Carmen Gasparotti. "Securing innovation at sea: Cyber risk management for SMEs in ship design." Analele Universităţii "Dunărea de Jos" din Galaţi. Fascicula XI, Construcţii navale/ Annals of "Dunărea de Jos" of Galati, Fascicle XI, Shipbuilding 47 (December 4, 2024): 89–100. https://doi.org/10.35219/annugalshipbuilding/2024.47.11.

Full text
Abstract:
This paper examines the critical cybersecurity landscape faced by maritime SMEs engaged in Ship Design, analysing their vulnerability to various cyber threats including ransomware, phishing attacks, and supply chain compromises. Through a comprehensive review of recent industry reports, regulatory frameworks, and cybersecurity incidents, we identify key risk factors and assess their potential impact on SMEs' operations, reputation, and competitive advantage. Our analysis reveals that maritime SMEs face disproportionate challenges in cybersecurity due to resource constraints, complex supply chain relationships, and the increasing sophistication of cyber threats targeting intellectual property. The paper presents a structured approach to cyber risk management based on established frameworks, emphasizing the protection of valuable intellectual property while maintaining operational efficiency. We propose practical recommendations for implementing robust cybersecurity measures within the resource constraints typical of SMEs, including strategies for threat detection, incident response, and recovery planning.
APA, Harvard, Vancouver, ISO, and other styles
41

Ulven, Joachim Bjørge, and Gaute Wangen. "A Systematic Review of Cybersecurity Risks in Higher Education." Future Internet 13, no. 2 (February 2, 2021): 39. http://dx.doi.org/10.3390/fi13020039.

Full text
Abstract:
The demands for information security in higher education will continue to increase. Serious data breaches have occurred already and are likely to happen again without proper risk management. This paper applies the Comprehensive Literature Review (CLR) Model to synthesize research within cybersecurity risk by reviewing existing literature of known assets, threat events, threat actors, and vulnerabilities in higher education. The review included published studies from the last twelve years and aims to expand our understanding of cybersecurity’s critical risk areas. The primary finding was that empirical research on cybersecurity risks in higher education is scarce, and there are large gaps in the literature. Despite this issue, our analysis found a high level of agreement regarding cybersecurity issues among the reviewed sources. This paper synthesizes an overview of mission-critical assets, everyday threat events, proposes a generic threat model, and summarizes common cybersecurity vulnerabilities. This report concludes nine strategic cyber risks with descriptions of frequencies from the compiled dataset and consequence descriptions. The results will serve as input for security practitioners in higher education, and the research contains multiple paths for future work. It will serve as a starting point for security researchers in the sector.
APA, Harvard, Vancouver, ISO, and other styles
42

de Peralta, Fleurdeliza A., Mark D. Watson, Ryan M. Bays, Joshua R. Boles, and Ford E. Powers. "Cybersecurity Resiliency of Marine Renewable Energy Systems Part 2: Cybersecurity Best Practices and Risk Management." Marine Technology Society Journal 55, no. 2 (March 1, 2021): 104–16. http://dx.doi.org/10.4031/mtsj.55.2.4.

Full text
Abstract:
Abstract Marine renewable energy (MRE) is an emerging source of power for marine applications, marine devices, and coastal communities. This energy source relies on industrial control systems and IT to support operations and maintenance activities, which create a pathway for an adversary to gain unauthorized access to systems and data and disrupt operations. Incorporating cybersecurity risk prevention measures and mitigation capabilities from inception, development, operation, to decommissioning of the MRE system and components is paramount to the protection of energy generation and the security of network architecture and infrastructure. To improve the resilience of MRE systems as a predictable, affordable, and reliable source of energy, cybersecurity guidance was developed to enable operators to assess cybersecurity risks and implement security measures commensurate with the risk. This publication is the second of a two-part series, with Part 1 addressing a framework to determine cybersecurity risk by assessing the vulnerability of an MRE system to potential cyber threats and the consequences a cyberattack would have on the end user. This Part 2 publication describes an approach to select appropriate cybersecurity best practices commensurate with the MRE system's cybersecurity risk. The guidance includes 86 cybersecurity best practices, which are associated with 36 cybersecurity domains and grouped into nine categories. The best practices follow the core functions of the National Institute of Science and Technology Cybersecurity Framework (e.g., identify, detect, protect, respond, and and recover) and insights from both maritime and energy industry guidance documents to identify security measures effective in protecting information and operational technology assets prevalent in MRE systems.
APA, Harvard, Vancouver, ISO, and other styles
43

Lam, Maria Lai-Ling, and Kei-Wing Wong. "Shared Cybersecurity Risk Management in the Industry of Medical Devices." International Journal of Cyber-Physical Systems 3, no. 1 (January 1, 2021): 37–56. http://dx.doi.org/10.4018/ijcps.2021010103.

Full text
Abstract:
The cybersecurity capabilities of Class 1 medical devices must be seriously addressed when the industry moves toward Industry 4.0. Many U.S. manufacturers are not committed to cybersecurity risk management because they pursue lower cost and shorter product life cycles, do not have sufficient knowledge of operating environments of hospitals, have defensive attitudes toward vulnerability disclosure, and reap quick benefits from the low-trust level among stakeholders and the unequal power between manufacturers and distributors. Only a few large U.S. manufacturers of medical devices have set up robust secure platforms and interoperable optimal standards that can elevate the security practices of entire global supply chain of Class 1 devices. Many small and medium-sized enterprises inside and outside the U.S. need to be equipped to co-foster cybersecurity values with large manufacturers through the coordination between government and industry regulations and the support of international organizations and local government policies.
APA, Harvard, Vancouver, ISO, and other styles
44

Temitayo Oluwaseun Abrahams, Oluwatoyin Ajoke Farayola, Simon Kaggwa, Prisca Ugomma Uwaoma, Azeez Olanipekun Hassan, and Samuel Onimisi Dawodu. "REVIEWING THIRD-PARTY RISK MANAGEMENT: BEST PRACTICES IN ACCOUNTING AND CYBERSECURITY FOR SUPERANNUATION ORGANIZATIONS." Finance & Accounting Research Journal 6, no. 1 (January 10, 2024): 21–39. http://dx.doi.org/10.51594/farj.v6i1.706.

Full text
Abstract:
This paper conducts a comprehensive review of third-party risk management practices tailored to the unique context of superannuation organizations, with a specific focus on accounting and cybersecurity domains. Recognizing the critical role of third-party relationships in the operational landscape of superannuation entities, the review explores best practices aimed at mitigating risks associated with outsourcing accounting functions and fortifying cybersecurity defenses. In the accounting realm, the paper delves into the challenges and opportunities posed by third-party engagements, emphasizing the importance of thorough due diligence, contractual clarity, and continuous monitoring. Drawing insights from industry cases and proven methodologies, the review outlines strategies to enhance transparency, accountability, and compliance when outsourcing accounting services. Simultaneously, the paper addresses the burgeoning cybersecurity risks faced by superannuation organizations in an increasingly digital landscape. It investigates the role of third-party vendors in introducing potential vulnerabilities and advocates for a proactive approach to cybersecurity risk management. The review scrutinizes best practices in vetting, monitoring, and collaborating with third-party vendors to fortify cybersecurity protocols, emphasizing the need for alignment with regulatory standards. Ultimately, the paper provides superannuation organizations with a comprehensive guide to navigating the intricate terrain of third-party risk management. By synthesizing insights from accounting and cybersecurity perspectives, the review equips organizations with actionable strategies to cultivate resilience, safeguard member interests, and contribute to the long-term stability of the financial sector. Keywords: Third-Party, Risk Management, Superannuation, Cybersecurity, Accounting
APA, Harvard, Vancouver, ISO, and other styles
45

Straub, PhD, Jeremy. "Cyber-mitigation: Cybersecurity emergency management." Journal of Emergency Management 18, no. 6 (November 1, 2020): 463–73. http://dx.doi.org/10.5055/jem.2020.0517.

Full text
Abstract:
Cybersecurity is within the realm of emergency management, as cyber-attacks can generate both virtual and real world issues that emergency responders may be called upon to deal with. However, it has a skillset and other characteristics that are distinct from the types of emergency management that most practitioners commonly—and are prepared—to deal with. This paper compares the two disciplines, discusses areas where cybersecurity professionals and researchers can learn from the emergency management discipline and proposes new research directions within the emergency management domain.
APA, Harvard, Vancouver, ISO, and other styles
46

Hamdan, Basil. "Simulating Cybersecurity Risk Using Advanced Quantitative Risk Assessment Techniques." Journal of The Colloquium for Information Systems Security Education 10, no. 1 (March 8, 2023): 5. http://dx.doi.org/10.53735/cisse.v10i1.169.

Full text
Abstract:
This paper; a scenario-based teaching case study, aims to introduce students in a Cybersecurity Risk Management course to advanced quantitative risk assessment techniques. The case study utilizes a fictitious company for which a risk assessment is underway. Assuming the role of the Cybersecurity Risk Team of the company, students are tasked with determining the risk exposure the company faces from a threat scenario against one of its mission-critical information resources. Specifically, the students are required to (1) quantify the monetary losses that could result from a threat scenario, (2) compute the inherited risk exposure from the threat scenario, (3) compute the residual risk given the implantation of certain security controls, and (4) compute the rate of return on the security controls. The case study holds the promise of enhancing the overall learning of the students and boosting their marketability as future cybersecurity professionals.
APA, Harvard, Vancouver, ISO, and other styles
47

Panchamia, Virti, Archita Harchwani, and Tirath Momaya. "Cybersecurity Renaissance: Navigating Threats, Ethical Hacking, and Risk Mitigation in the Digital Era." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 01 (January 15, 2024): 1–10. http://dx.doi.org/10.55041/ijsrem28181.

Full text
Abstract:
Cybercrime has evolved into a $1.5 trillion industry, mirroring legitimate organizations. Despite its recent surge, cybercrime is not a novel threat, dating back centuries. The inaugural cyber attack occurred in 1834 in France, exposing the French telegraph system. The mid-20th century marked cybercrime's emergence, notably with Allen Scherr's 1962 attack on MIT. The '90s ushered in communication technology but also increased cyber threats. The 2000s witnessed more sophisticated attacks, with APTs sponsored by nation- states. The 2010s saw a surge in cybercrime, spawning a parallel growth in cybersecurity jobs and ethical hacking. Notable attacks include Stuxnet in 2010 and the SamSam ransomware in 2015. The 2020s witnessed substantial losses, such as the SolarWinds breach in 2020 and the Colonial Pipeline attack in 2021. The abstract underscores the importance of cybersecurity in safeguarding data from theft and damage. With rising cyber threats, reliance on out-of-the-box solutions is insufficient. A comprehensive approach, including cybersecurity awareness training, is crucial. The global shift towards digital dependence emphasizes the need for robust cybersecurity measures, encompassing all fields to protect against potential data breaches. Cybersecurity's significance is escalating as technology reliance grows, demanding a comprehensive defense strategy. Cyber risk mitigation involves policies, technologies, and procedures to reduce the likelihood and impact of cyber attacks. Challenges include inadequate visibility, manual processes, and resource limitations. The benefits encompass timely risk identification, fewer vulnerabilities, improved security compliance, enhanced brand reputation, and increased revenue. Cyber risk mitigation is pivotal for organizations aiming to navigate the evolving threat landscape successfully. International Journal of Scientific Research in Engineering and Management (IJSREM) Volume: 08 Issue: 01 | January - 2024 SJIF Rating: 8.176 ISSN: 2582-3930 © 2024, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM28181 | Page 2 Keywords: Cybercrime,Evolution,Inaugural attack,APTs,Cybersecurity jobs,Cybersecurity awareness,Risk mitigation
APA, Harvard, Vancouver, ISO, and other styles
48

Ferreira, Daniel Jorge, and Henrique São Mamede. "Predicting Cybersecurity Risk - A Methodology for Assessments." ARIS2 - Advanced Research on Information Systems Security 2, no. 2 (December 30, 2022): 50–63. http://dx.doi.org/10.56394/aris2.v2i2.23.

Full text
Abstract:
Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.
APA, Harvard, Vancouver, ISO, and other styles
49

Thapaliya, Suman. "Examining the Influence of AI-Driven Cybersecurity in Financial Sector Management." Batuk 10, no. 2 (July 30, 2024): 129–44. http://dx.doi.org/10.3126/batuk.v10i2.68147.

Full text
Abstract:
As financial institutions increasingly rely on AI for cybersecurity, they face complex regulatory landscapes requiring robust security measures to ensure transparency, accountability, and fairness. This research aims to develop a comprehensive AI-based cybersecurity model for the financial sector, enhancing the capacity to recognize, stop, and react to cyberattacks while ensuring data integrity and customer trust. The proposed CS-FSM model utilizes AI techniques, including KNN for predicting and identifying unauthorized access and EES for encrypting and decrypting financial data. The model's performance was evaluated using attack avoidance, risk reduction, scalability, and data privacy parameters. Experimental data were collected and analyzed on a system with a 2.84 GHz Intel Core i7 processor, utilizing Python 3.8.10 and Matlab 2018a for data processing and visualization. The CS-FSM model demonstrated significant improvements in key cybersecurity metrics compared to traditional methods. There was a rise of 18.3% in data privacy, 17.2% in scalability, 13.2% in risk reduction, 16.2% in data protection, and 11.2% in attack avoidance. These results indicate that the proposed model effectively enhances cybersecurity measures in the financial sector. The study confirms that integrating AI algorithms such as KNN and EES into financial sector cybersecurity frameworks can provide robust protection against cyber threats. In addition, the CS-FSM model ensures the secure handling of sensitive financial data, thereby maintaining customer trust and compliance with regulatory standards.
APA, Harvard, Vancouver, ISO, and other styles
50

Salin, Hannes, and Martin Lundgren. "Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams." Journal of Cybersecurity and Privacy 2, no. 2 (April 13, 2022): 276–91. http://dx.doi.org/10.3390/jcp2020015.

Full text
Abstract:
In this study, a framework was developed, based on a literature review, to help managers incorporate cybersecurity risk management in agile development projects. The literature review used predefined codes that were developed by extending previously defined challenges in the literature—for developing secure software in agile projects—to include aspects of agile cybersecurity risk management. Five steps were identified based on the insights gained from how the reviewed literature has addressed each of the challenges: (1) risk collection; (2) risk refinement; (3) risk mitigation; (4) knowledge transfer; and (5) escalation. To assess the appropriateness of the identified steps, and to determine their inclusion or exclusion in the framework, a survey was submitted to 145 software developers using a four-point Likert scale to measure the attitudes towards each step. The resulting framework presented herein serves as a starting point to help managers and developers structure their agile projects in terms of cybersecurity risk management, supporting less overloaded agile processes, stakeholder insights on relevant risks, and increased security assurance.
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography