Toward an Improved Business Information Security Posture
Information security, Risk management, Business effectiveness, Technological Frames of Reference
Information-age businesses continue to experience data loss. While technical controls provide some security against the illicit activity, a more robust organizationally focused information security method should be understood and applied to losses from computer security incidents. This paper focuses on how information is defined organizationally to understand the information security gaps created by incongruent member perceptions related to information risk among different stakeholder communities. It is argued that member perception incongruity reduction will improve organizational information security effectiveness.
Derek J. Sedlack, Ph.D.
Americas Institute for Cybersecurity Leadership
October 28, 2019
Creative Commons Attribution-NoDerivatives 4.0 International License
Research Perspectives
Digital document (pdf format)
English
Position Paper
Global, USA
Employee Cyber Security Awareness Training Matters
Cybersecurity awareness, SETA, Security policy compliance
Ransomware attacks and data breaches are here to stay. Successful attacks stem from human errors within organizations. Chief Information Security Officers (CISOs) must garner the support of everyone, especially leadership to counter the attacks. Arsenal for organizations starts with cybersecurity awareness training and the existence of cybersecurity policies. Board of Director and Executive-level cybersecurity awareness are pivotal toward organization-wide awareness of the severity and impact of cyber-attacks. Organization resources are scarce, nevertheless, any organization investments in cybersecurity awareness training garner definite returns. Organization cybersecurity is a continuous activity. Everyone in the organization must share this critical function to mitigate information security attacks. Human capital in organizations can become effective tool to reduce vulnerabilities.
Frederick L. Hicks
Americas Institute for Cybersecurity Leadership
September 28, 2019
Creative Commons Attribution-NoDerivatives 4.0 International License
C-Suite Perspectives
Digital document (pdf format)
English
Position Paper
Global, USA
Trust and Mistrust: Are Regulations and Standards Addressing Both Elements for E-Commerce to Thrive?
Information Privacy, E-Commerce, Trust, Distrust
Although e-commerce has grown steadily over the last decade, the growth rate in terms of overall retail volume has fallen short of its potential. Much of the research on e-commerce adoption indicates that consumer information privacy concerns are the leading reason behind the low e-commerce adoption rate. In order for e-commerce to grow, stronger laws and industry standards need to be implemented that contain mechanisms to address information privacy and carry penalties for their infraction. We review current U.S. information privacy regulations and industry standards to discuss the need for addressing trust and distrust elements.
Johnny Guimaraes
Americas Institute for Cybersecurity Leadership
August 18, 2019
Creative Commons Attribution-NoDerivatives 4.0 International License
Research Perspectives
Digital document (pdf format)
English
Position Paper
Global, USA