Cost-Effectiveness of Security Measures

Recently, cyber security has become an important topic on the agenda of many organisations. It is already widely acknowledged that attacks do happen, and decision makers face the problem of how to respond. As it is almost impossible to secure a complex system completely, it is important to have an adequate estimate of the effectiveness of security measures when making investment decisions. Risk concepts are known in principle, but estimating the effectiveness of countermeasure proves to be difficult and cannot be achieved by qualitative approaches only. In this chapter, the authors consider the question of how to guarantee cost-effectiveness of security measures. They investigate the possibility of using existing frameworks and tools, the challenges in a security context as opposed to a safety context, and directions for future research.

Download Full-text

The phenomenon of data loss and cyber security issues in Ghana

foresight ◽

10.1108/fs-08-2017-0043 ◽

2018 ◽

Vol 20 (2) ◽

pp. 150-161 ◽

Cited By ~ 1

Author(s):

Kofi Koranteng Adu ◽

Emmanuel Adjei

Keyword(s):

Cyber Security ◽

Service Providers ◽

Legal Aspects ◽

Sub Saharan Africa ◽

Future Research ◽

Security Awareness ◽

It Infrastructure ◽

Content Type ◽

Qualitative Approaches ◽

Security Awareness Training

Purpose This study aims to investigate the cyber security awareness and policies within corporate organisations in Ghana. Design/methodology/approach Using both quantitative and qualitative approaches underpinned by questionnaire and document analysis, data were collected from 100 participants centred on cyber security awareness and information policies. Findings The study underscored that, although corporate organisations had a good knowledge of IT, their awareness of cyber security remains limited. It observed that most organisations in Ghana are not integrating legal aspects into their information security policies. It proposed the need to increase the security awareness of corporate organisation, particularly because of the vulnerabilities they are exposed to. Research limitations/implications The implication of the paper with respect to theory, practice and future research lies in the recommendations the authors have proffered, such as the implementation of security awareness training programme, need assessment and the outsourcing of qualified service providers. Practical implications The study is useful for policy makers in the management of Ghana’s IT infrastructure. Originality/value This study is being undertaken at a period when Ghana has made progressive development and giant steps in the IT industry compared to its counterparts in sub-Saharan Africa. The developed nature of Ghana’s IT infrastructure requires the development of policies for cyber security to prevent data loses and protect the national infrastructure from threats. Undertaking a study on cyber security in an environment where cyber issues are hardly discussed is worthwhile.

Download Full-text

Security of Cyber-Physical Systems: A Generalized Algorithm for Intrusion Detection and Determining Security Robustness of Cyber Physical Systems using Logical Truth Tables

Vanderbilt Undergraduate Research Journal ◽

10.15695/vurj.v9i0.3765 ◽

2013 ◽

Vol 9 ◽

Cited By ~ 4

Author(s):

Curtis G. Northcutt

Keyword(s):

Intrusion Detection ◽

Cyber Security ◽

Logical Truth ◽

Cyber Physical Systems ◽

Security Model ◽

Security Measures ◽

Physical Systems ◽

Multiple Signal ◽

Security Attack ◽

Truth Tables

The recent proliferation of embedded cyber components in modern physical systems [1] has generated a variety of new security risks which threaten not only cyberspace, but our physical environment as well. Whereas earlier security threats resided primarily in cyberspace, the increasing marriage of digital technology with mechanical systems in cyber-physical systems (CPS), suggests the need for more advanced generalized CPS security measures. To address this problem, in this paper we consider the first step toward an improved security model: detecting the security attack. Using logical truth tables, we have developed a generalized algorithm for intrusion detection in CPS for systems which can be defined over discrete set of valued states. Additionally, a robustness algorithm is given which determines the level of security of a discrete-valued CPS against varying combinations of multiple signal alterations. These algorithms, when coupled with encryption keys which disallow multiple signal alteration, provide for a generalized security methodology for both cyber-security and cyber-physical systems.

Download Full-text

Complex System Governance as a Framework for Asset Management

Sustainability ◽

10.3390/su13158502 ◽

2021 ◽

Vol 13 (15) ◽

pp. 8502

Author(s):

Polinpapilinho F. Katina ◽

James C. Pyne ◽

Charles B. Keating ◽

Dragan Komljenovic

Keyword(s):

Complex System ◽

Performance Improvement ◽

Asset Management ◽

System Performance ◽

Future Research ◽

Complex Organizations ◽

Potential Relationship ◽

Structured Approach

Complex system governance (CSG) is an emerging field encompassing a framework for system performance improvement through the purposeful design, execution, and evolution of essential metasystem functions. The goal of this study was to understand how the domain of asset management (AsM) can leverage the capabilities of CSG. AsM emerged from engineering as a structured approach to organizing complex organizations to realize the value of assets while balancing performance, risks, costs, and other opportunities. However, there remains a scarcity of literature discussing the potential relationship between AsM and CSG. To initiate the closure of this gap, this research reviews the basics of AsM and the methods associated with realizing the value of assets. Then, the basics of CSG are provided along with how CSG might be leveraged to support AsM. We conclude the research with the implications for AsM and suggested future research.

Download Full-text

A Survey on Security and Privacy Issues in Modern Healthcare Systems

ACM Transactions on Computing for Healthcare ◽

10.1145/3453176 ◽

2021 ◽

Vol 2 (3) ◽

pp. 1-44

Author(s):

Akm Iqtidar Newaz ◽

Amit Kumar Sikder ◽

Mohammad Ashiqur Rahman ◽

A. Selcuk Uluagac

Keyword(s):

Healthcare Systems ◽

Security And Privacy ◽

Health Conditions ◽

Future Research ◽

Security Measures ◽

Implantable Medical Devices ◽

Manual Intervention ◽

Security Challenges ◽

Future Research Directions ◽

Privacy Violation

Recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices, body area networks, and Internet of Things technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems because any security or privacy violation can lead to severe effects on patients’ treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this article, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the article with future research directions toward securing healthcare systems against common vulnerabilities.

Download Full-text

Designing an Emergency Management Simulation Testbed to Investigate Incident Management Team Performance

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/1071181320641453 ◽

2020 ◽

Vol 64 (1) ◽

pp. 1881-1885

Author(s):

Changwon Son ◽

Farzan Sasangohar ◽

S. Camille Peres ◽

Jukrin Moon

Keyword(s):

Emergency Management ◽

Team Performance ◽

Real Life ◽

Management Team ◽

Future Research ◽

Incident Management ◽

Emergency Operations ◽

Management Domain ◽

Qualitative Approaches ◽

Complex Phenomena

Investigating real-life disasters and crises has been challenging due to accompanying difficulties and risks posed by these complex phenomena. Previous research in the emergency management domain has largely relied on qualitative approaches to describe the event after it occurred. To facilitate investigations for more generalizable findings, this paper documents ongoing efforts to design an emergency management simulation testbed called Team Emergency Operations Simulation (TEOS) in which an incident management team (IMT) is situated. First, we describe the design process based on our previous work. Next, we present the overall description of TEOS including representative roles, tasks, and team environments. We also propose measures of team performance of the IMT and propose future research that can be realized through TEOS.

Download Full-text

E-Commerce Calls for Cyber-Security and Sustainability: How European Citizens Look for a Trusted Online Environment

Sustainability ◽

10.3390/su13126752 ◽

2021 ◽

Vol 13 (12) ◽

pp. 6752

Author(s):

Idiano D’Adamo ◽

Rocío González-Sánchez ◽

Maria Sonia Medina-Salgado ◽

Davide Settembre-Blundo

Keyword(s):

Cyber Security ◽

Theoretical Perspective ◽

Point Of View ◽

Decision Makers ◽

European Countries ◽

Business Strategies ◽

Public Authorities ◽

Regulatory Policies ◽

Critical Issues ◽

Different Levels

The pandemic has changed the citizens’ behavior, inducing them to avoid any real contact. This has given an incredible impulse to e-commerce; however, the complexity of the topic has not yet been adequately explored in the literature. To fill this gap, this study has a twofold purpose: (1) to investigate how European countries comparatively perform in e-commerce, and (2) to describe what are the most important challenges for the further expansion of e-commerce. To this end, we adopted a hybrid methodology based on multi-criteria decision analysis (MCDA) and a Likert scale survey. The first method allows to us rank the e-commerce performance of different European countries, while the second one looks at the problems and barriers that characterize online shopping. The results of the study show that European countries have different sensitivities to the issue of cyber-security, and among them it is possible to identify three groups with different levels of attention to the critical issues of e-commerce. The Netherlands, Sweden and Denmark belong to the group of countries most responsive to e-commerce. This request is part of a broader framework of transition toward sustainable development, i.e., a reliable digital environment where citizens and businesses can exercise their rights and freedoms in complete security. Finally, from a theoretical perspective, this paper adds a new baseline to the literature on the state of the art of e-commerce in Europe that addresses the effects of the pandemic. From a managerial point of view, decision makers can find in the results of this analysis a support for the setting of business strategies for the expansion of firms in certain markets and guidance for public authorities when defining regulatory policies for e-commerce.

Download Full-text

Stochastic league tables: communicating cost-effectiveness results to decision-makers

Health Economics ◽

10.1002/hec.614 ◽

2001 ◽

Vol 10 (5) ◽

pp. 473-477 ◽

Cited By ~ 19

Author(s):

Raymond C.W. Hutubessy ◽

Rob M.P.M. Baltussen ◽

David B. Evans ◽

Jan J. Barendregt ◽

Christopher J.L. Murray

Keyword(s):

Cost Effectiveness ◽

Decision Makers ◽

League Tables

Download Full-text

How “The Three Rules” guide strategy and investment decisions at Deloitte Consulting LLP

Strategy and Leadership ◽

10.1108/sl-03-2015-0019 ◽

2015 ◽

Vol 43 (3) ◽

pp. 7-14 ◽

Cited By ~ 1

Author(s):

Jim Moffatt

Keyword(s):

Design Methodology ◽

Large Scale ◽

Investment Decisions ◽

Decision Makers ◽

Research Project ◽

Content Type ◽

First Case ◽

Practical Implications ◽

Thought Leadership

Purpose – This case example looks at how Deloitte Consulting applies the Three Rules synthesized by Michael Raynor and Mumtaz Ahmed based on their large-scale research project that identified patterns in the way exceptional companies think. Design/methodology/approach – The Three Rules concept is a key piece of Deloitte Consulting’s thought leadership program. So how are the three rules helping the organization perform? Now that research has shown how exceptional companies think, CEO Jim Moffatt could address the question, “Does Deloitte think like an exceptional company?” Findings – Deloitte has had success with an approach that promotes a bias towards non-price value over price and revenue over costs. Practical implications – It’s critical that all decision makers in an organization understand how decisions that are consistent with the three rules have contributed to past success as well as how they can apply the rules to difficult challenges they face today. Originality/value – This is the first case study written from a CEO’s perspective that looks at how the Three Rules approach of Michael Raynor and Mumtaz Ahmed can foster a firm’s growth and exceptional performance.

Download Full-text

Cost Needed to Treat (CNT) and Number Needed to Treat (NNT) analysis of drugs for treatment of heart failure in India

European Heart Journal ◽

10.1093/ehjci/ehaa946.3539 ◽

2020 ◽

Vol 41 (Supplement_2) ◽

Author(s):

K Mullavelil ◽

V George ◽

A Thannikkal ◽

R Aravindakshan ◽

D John ◽

...

Keyword(s):

Heart Failure ◽

Cost Effectiveness ◽

Treatment Strategies ◽

Future Research ◽

Number Needed To Treat ◽

Neprilysin Inhibitor ◽

Long Term Treatment ◽

The Cost ◽

Cost Effectiveness Threshold ◽

Effectiveness Threshold

Abstract Background Only little attention has been paid to treatment strategies of chronic disease conditions that require long term treatment and repeated hospitalizations Purpose Our aim was to review cost-effectiveness of guideline directed medical therapy of heart failure in India and identify drugs that can be made available free of cost or at subsidized rates to the patient population. Methods Data extracted from ten landmark trials in heart failure was used to compute Number Needed to Treat (NNT) and Cost Needed to Treat (CNT) of drugs used in heart failure, to prevent cardiovascular mortality and heart failure re-hospitalization using HDS Plotter- Incremental Cost Effectiveness Calculator. Since various brands (i.e. trade names) with wide cost range are available in Indian market, the average retail price in Indian Rupees for year 2019 was considered and converted to US dollars and used for the analysis.NNT and CNT of each drug was computed and the cost-effectiveness was analyzed. WHO recommendation of three times per capita GDP was used as the cost effectiveness threshold. Results Medications that were labeled as class I for the treatment of heart failure, were included in our analysis. Ivabradine, Valsartan and Angiotensin Receptor Neprilysin inhibitor (ARNi) did not meet the cost effectiveness criteria for preventing cardio-vascular mortality. For prevention of heart failure re-hospitalization, all drugs except ARNi, met the cost effectiveness threshold. Conclusion Any future research would need to consider compliance factor along with Willingness to Pay (WTP) to understand the real acceptance of these drugs on the ground in India. Log prices (in US$) of various HF drugs Funding Acknowledgement Type of funding source: None

Download Full-text

Insider Trading Laws and Corporate Governance Impact on Investment Decision

iRASD Journal of Management ◽

10.52131/jom.2021.0302.0032 ◽

2021 ◽

Vol 3 (2) ◽

pp. 126-137

Author(s):

Sadaf Khan ◽

Ubaid Ur Rehman

Keyword(s):

Corporate Governance ◽

Insider Trading ◽

Positive Impact ◽

Investment Decision ◽

Investment Decisions ◽

Future Research ◽

Good Corporate Governance ◽

Governance Practices ◽

The Government ◽

The Impact

This research aims to analyze the impact of insider trading laws and corporate governance on investment decisions. For this purpose, the data of 400 potential and actual investors employed who provided their feedback on a structured questionnaire. When the data is collected, it was cleaned. The normality of data and reliability of items were also checked and within limits. Simple Regression was applied to test hypotheses. It was concluded that the perception of insider trading laws and corporate governance have a positive impact on investment decisions. The study has wide implications and the government and corporation both can be beneficial from its insight and findings, and exercise good corporate governance practices and follow stringent insider trading laws. The study also paves the way for future research.

Download Full-text