scholarly journals Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses

Electronics ◽  
2020 ◽  
Vol 9 (9) ◽  
pp. 1460
Author(s):  
Neetesh Saxena ◽  
Emma Hayes ◽  
Elisa Bertino ◽  
Patrick Ojo ◽  
Kim-Kwang Raymond Choo ◽  
...  
Keyword(s):  
Cyber Security ◽  
Critical Infrastructure ◽  
Mitigation Strategies ◽  
Security Requirements ◽  
Future Research ◽  
Insider Threat ◽  
Open Problems ◽  
Insider Threats ◽  
Private Sector Organizations ◽  
Public And Private Sector

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed.

Cyber security risks in globalized supply chains: conceptual framework

2020 ◽  
Vol 13 (1) ◽  
pp. 103-128 ◽  
Author(s):  
Shipra Pandey ◽  
Rajesh Kumar Singh ◽  
Angappa Gunasekaran ◽  
Anjali Kaushik
Keyword(s):  
Supply Chains ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Point Of View ◽  
Mitigation Strategies ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Content Type ◽  
Efficiency And Effectiveness

Purpose The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The information and communication technology of a firm, which enhances the efficiency and effectiveness in the SC, could simultaneously be the cause of vulnerabilities and exposure to security threats. Researchers have primarily focussed on the cyber-physical system (CPS) vulnerabilities impacting SC. This paper tries to categorize the cyber security risks occurring because of the SCs operating in CPS. Design/methodology/approach Based on the flow of information along the upstream and downstream SC, this paper tries to identify cyber security risks in the global SCs. It has further tried to categorize these cyber security risks from a strategic point of view. Findings This paper tries to identify the various cyber security risk and cyber-attacks in globalized SC for improving the performance. The 16 cyber security risks have been categorized into three categories, namely, supply risk, operational risk and demand risk. The paper proposes a framework consisting of different cyber-attacks across the information that flows in global SCs along-with suitable mitigation strategies. Research limitations/implications The paper presents the conceptual model of cyber security risks and cyber-attacks in globalized SCs based on literature review and industry experts. Further validation and scale development of these risks can be done through empirical study. Practical implications This paper provides significant managerial insights by developing a framework for understanding the cyber security risks in terms of the drivers of these risks and how to deal with them. From a managerial perspective, this framework can be used as a decision-making process while considering different cyber security risks across the stages of globalized SCs. Originality/value The major contribution of this study is the identification and categorization of cyber security risks across the global SCs in the digital age. Thus, this paper introduces a new phenomenon to the field of management that has the potential to investigate new areas of future research. Based on the categorization, the paper provides insights on how cyber security risks impact the continuity of SC operations.

Insider Attack Analysis in Building Effective Cyber Security for an Organization

2019 ◽  
pp. 1408-1425
Author(s):  
Sunita Vikrant Dhavale
Keyword(s):  
Cyber Security ◽  
Cyber Attacks ◽  
Recent Survey ◽  
Insider Threat ◽  
Confidential Information ◽  
Insider Threats ◽  
Insider Attack ◽  
Organizational Information ◽  
Future Challenges ◽  
Information Assets

Recent studies have shown that, despite being equipped with highly secure technical controls, a broad range of cyber security attacks were carried out successfully on many organizations to reveal confidential information. This shows that the technical advancements of cyber defence controls do not always guarantee organizational security. According to a recent survey carried out by IBM, 55% of these cyber-attacks involved insider threat. Controlling an insider who already has access to the company's highly protected data is a very challenging task. Insider attacks have great potential to severely damage the organization's finances as well as their social credibility. Hence, there is a need for reliable security frameworks that ensure confidentiality, integrity, authenticity, and availability of organizational information assets by including the comprehensive study of employee behaviour. This chapter provides a detailed study of insider behaviours that may hinder organization security. The chapter also analyzes the existing physical, technical, and administrative controls, their objectives, their limitations, insider behaviour analysis, and future challenges in handling insider threats.

Communication and Collaboration in a Web 2.0 World

2014 ◽  
pp. 1-18
Author(s):  
F. Dianne Lux Wigand
Keyword(s):  
Social Media ◽  
Web 2.0 ◽  
Future Research ◽  
Government Information ◽  
Web 2.0 Technologies ◽  
Public And Private ◽  
Government Organizations ◽  
Private Sector Organizations ◽  
Use Of Social Media ◽  
Public And Private Sector

A recent paradigm shift, enabled by Web 2.0 technologies, represents a potential change from a static web presence for the delivery of government information and services to using collaborative web technologies to engage citizens and employees, enabling collaboration, fostering co-production, and encouraging transparency in government. Social media is creating new communication pathways among all stakeholders. The author examines two theoretical approaches to provide a perspective for understanding the adoption of social media and the changing relationships between government and citizens using Web 2.0 technologies. Research studies examining the adoption and use of social media by citizens and public and private sector organizations are presented. Examples of government initiatives adopting and using social media are explored. Challenges and barriers of using social media to achieve open government initiatives of participation and collaboration are examined. Recommendations for using social media to achieve government organizations' missions and to build relationships with citizens are offered. Future research directions are discussed.

Managing Employees’ Employability

2021 ◽  
pp. 278-296
Author(s):  
Jasmijn Van Harten ◽  
Brenda Vermeeren
Keyword(s):  
Public Sector ◽  
Future Research ◽  
Business Organizations ◽  
Public And Private ◽  
Research Attention ◽  
Research Findings ◽  
Private Sector Organizations ◽  
Policy Agendas ◽  
Public And Private Sector ◽  
Research And Policy

This chapter uses research findings and examples from practice to provide a state-of-the-art overview of public sector workers’ employability and its determinants and outcomes. Employability is attracting growing attention from both public and private sector organizations. However, scarce research attention has been paid to the importance and features of the employability of employees in public organizations. Scholars regard and study employability mostly as an issue for business organizations. This chapter demonstrates, among other things, that both in research and in practice, employability is predominantly treated in a generic, non-sector-specific way. This leads to a call for public sector-specific studies and comparative research across countries and sectors. The chapter ends with proposals for future research and policy agendas.

scholarly journals Key competencies for critical infrastructure cyber-security: a systematic literature review

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Nabin Chowdhury ◽  
Vasileios Gkioulos
Keyword(s):  
Literature Review ◽  
Systematic Literature Review ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Soft Skills ◽  
Future Research ◽  
Content Type ◽  
Scientific Papers ◽  
Questionnaire Surveys ◽  
In Cis

Purpose The purpose of this paper can be encapsulated in the following points: identify the research papers published on the topic: competencies and skills necessary for critical infrastructure (CI) cyber-security (CS) protection; determine main focus areas within the identified literature and evaluate the dependency or lack thereof between them: make recommendations for future research. Design/methodology/approach This study is based on a systematic literature review conducted to identify scientific papers discussing and evaluating competencies, skills and essential attributes needed by the CI workforce for CS and preparedness to attacks and incidents. Findings After a comparative analysis of the articles reviewed in this study, a variety of skills and competencies was found to be necessary for CS assurance in CIs. These skills have been grouped into four categories, namely, technical, managerial, implementation and soft skills. Nonetheless, there is still a lack of agreement on which skills are the most critical and further research should be conducted on the relation between specific soft skills and CS assurance. Research limitations/implications Investigation of which skills are required by industry for specific CS roles, by conducting interviews and sending questionnaire\surveys, would allow consolidating whether literature and industry requirements are equivalent. Practical implications Findings from this literature review suggest that more effort should be taken to conciliate current CS curricula in academia with the skills and competencies required for CS roles in the industry. Originality/value This study provides a previously lacking current mapping and review of literature discussing skills and competencies evidenced as critical for CS assurance for CI. The findings of this research are useful for the development of comprehensive solutions for CS awareness and training.

Communication and Collaboration in a Web 2.0 World

2012 ◽  
pp. 1-18 ◽  
Author(s):  
F. Dianne Lux Wigand
Keyword(s):  
Social Media ◽  
Web 2.0 ◽  
Future Research ◽  
Government Information ◽  
Web 2.0 Technologies ◽  
Public And Private ◽  
Government Organizations ◽  
Private Sector Organizations ◽  
Use Of Social Media ◽  
Public And Private Sector

A recent paradigm shift, enabled by Web 2.0 technologies, represents a potential change from a static web presence for the delivery of government information and services to using collaborative web technologies to engage citizens and employees, enabling collaboration, fostering co-production, and encouraging transparency in government. Social media is creating new communication pathways among all stakeholders. The author examines two theoretical approaches to provide a perspective for understanding the adoption of social media and the changing relationships between government and citizens using Web 2.0 technologies. Research studies examining the adoption and use of social media by citizens and public and private sector organizations are presented. Examples of government initiatives adopting and using social media are explored. Challenges and barriers of using social media to achieve open government initiatives of participation and collaboration are examined. Recommendations for using social media to achieve government organizations’ missions and to build relationships with citizens are offered. Future research directions are discussed.

Social Media Applications Promote Constituent Involvement in Government Management

2020 ◽  
pp. 2347-2365 ◽  
Author(s):  
Gerald A. Merwin Jr. ◽  
J. Scott McDonald ◽  
John R. Bennett Jr. ◽  
Keith A. Merwin
Keyword(s):  
Social Media ◽  
Local Government ◽  
Local Governments ◽  
Future Research ◽  
Public And Private ◽  
The Social ◽  
Private Sector Organizations ◽  
Use Of Social Media ◽  
Public And Private Sector ◽  
Media Applications

This chapter explores the use of social media applications by local governments to communicate with constituents and promote involvement in policy and project management activities. Although public and private sector organizations make different uses of social media (Halverson, Hauknes, Miles, & Røste, 2005), there are many ways for government and nonprofit entities to make use of Web 2.0 applications. The focus in this chapter is on local government and a variety of examples will be provided. Some local government agencies primarily provide information to constituents through the social media apps, while others solicit the input from citizens to expand involvement. Finally, suggestions for future research and uses will be discussed.

Social Media Applications Promote Constituent Involvement in Government Management

2016 ◽  
pp. 272-291
Author(s):  
Gerald A. Merwin Jr. ◽  
J. Scott McDonald ◽  
John R. Bennett Jr. ◽  
Keith A. Merwin
Keyword(s):  
Social Media ◽  
Local Government ◽  
Local Governments ◽  
Future Research ◽  
Public And Private ◽  
The Social ◽  
Private Sector Organizations ◽  
Use Of Social Media ◽  
Public And Private Sector ◽  
Media Applications

This chapter explores the use of social media applications by local governments to communicate with constituents and promote involvement in policy and project management activities. Although public and private sector organizations make different uses of social media (Halverson, Hauknes, Miles, & Røste, 2005), there are many ways for government and nonprofit entities to make use of Web 2.0 applications. The focus in this chapter is on local government and a variety of examples will be provided. Some local government agencies primarily provide information to constituents through the social media apps, while others solicit the input from citizens to expand involvement. Finally, suggestions for future research and uses will be discussed.

Managing and Repairing Supply Chains upon Disruptions

2020 ◽  
Author(s):  
Qiong Wang ◽  
Julie Juan Li
Keyword(s):  
Supply Chain ◽  
Supply Chains ◽  
Value Creation ◽  
Critical Infrastructure ◽  
Mitigation Strategies ◽  
Future Research ◽  
Conceptual Foundation ◽  
Supply Chain Disruptions ◽  
Negative Impacts ◽  
P Supply

Supply chain serves as a critical infrastructure that contributes to the value creation for firms. To help organizations mitigate the negative impacts of disruption, this chapter provides a conceptual foundation for supply chains upon disruptions, identifies the endogenous and exogeneous sources of supply chain disruptions, and explores key concepts essential to the repair of supply chain disruptions. Specifically, this chapter prescribes the mitigation strategies to repair damages of the disruptions from the perspectives of buyers and suppliers, respectively. While the knowledge of managing and repairing supply chains upon disruptions remains limited, this chapter highlights a few directions for future research.

Insider Attack Analysis in Building Effective Cyber Security for an Organization

2018 ◽  
pp. 222-238
Author(s):  
Sunita Vikrant Dhavale
Keyword(s):  
Cyber Security ◽  
Cyber Attacks ◽  
Recent Survey ◽  
Insider Threat ◽  
Confidential Information ◽  
Insider Threats ◽  
Insider Attack ◽  
Organizational Information ◽  
Future Challenges ◽  
Information Assets

Recent studies have shown that, despite being equipped with highly secure technical controls, a broad range of cyber security attacks were carried out successfully on many organizations to reveal confidential information. This shows that the technical advancements of cyber defence controls do not always guarantee organizational security. According to a recent survey carried out by IBM, 55% of these cyber-attacks involved insider threat. Controlling an insider who already has access to the company's highly protected data is a very challenging task. Insider attacks have great potential to severely damage the organization's finances as well as their social credibility. Hence, there is a need for reliable security frameworks that ensure confidentiality, integrity, authenticity, and availability of organizational information assets by including the comprehensive study of employee behaviour. This chapter provides a detailed study of insider behaviours that may hinder organization security. The chapter also analyzes the existing physical, technical, and administrative controls, their objectives, their limitations, insider behaviour analysis, and future challenges in handling insider threats.

Sign in / Sign up

Export Citation Format

Share Document