Fig 1 - uploaded by Csaba Virág
Content may be subject to copyright.
Cybersecurity versus information security [10]
Context in source publication
Context 1
... term cyber security is often used interchangeably with the term information security, but these two concepts are not totally analogous, as Fig. 1 shows. In information security, reference to the human factor usually relates to the role(s) of humans in the security process, but in cybersecurity this factor has an additional dimension, namely, the humans as potential targets of cyber-attacks [10]. Cybersecurity is everyday security that protects the assets that organization owns ...
Similar publications
This research paper addresses the escalating issue of APTs in the realm of cybersecurity. The paper explores the potential of Distributed Ledger Technology (DLT) as a novel solution to enhance intrusion resilience and mitigate the risks associated with APTs. The methodology adopted in this study involves a detailed analysis and practical implementa...
The purpose of this paper is to analyze, discuss, and develop a study of world universal digitalization processes as well as challenges and threats, and develop an approach to defining the shadow digital economy. Along with huge innovative achievements, digitalization processes are accompanied by the formation of a digital economy and the growth of...
Effective and efficient cybersecurity operations require establishing a symbiotic function across tools, processes, and people. Cybersecurity automation intersects the above pillars and, via orchestration, enables the (as per the need) automatic execution of cybersecurity processes. In this regard, the underlying challenge is the complexity of arch...
Insider threats pose a significant challenge in cybersecurity, demanding advanced detection methods for effective risk mitigation. This paper presents a comparative evaluation of data imbalance addressing techniques for CNN-based insider threat detection. Specifically, we integrate Convolutional Neural Networks (CNN) with three popular data imbalan...
Citations
... This supports the hypothesis that organizational cybersecurity training and policies shape Saudi Arabian SMEs' cybersecurity resilience strategy and orientation. Rajamäki et al. [56] and Tagarev and Polimirova [26] showed that well-structured training, effective information security policies, and organizational cybersecurity postures are strongly linked. Rajamäki et al. [56] emphasized the importance of cybersecurity education in hospitals, which can be applied to Saudi Arabian SME contexts. ...
... Rajamäki et al. [56] and Tagarev and Polimirova [26] showed that well-structured training, effective information security policies, and organizational cybersecurity postures are strongly linked. Rajamäki et al. [56] emphasized the importance of cybersecurity education in hospitals, which can be applied to Saudi Arabian SME contexts. Together, these studies offer strong justifications for the beneficial effects of organizational cybersecurity policies and training on resilience strategies, especially in contexts such as that of Saudi Arabian SMEs. ...
... Ferdinand's [25] knowledge-based view of cybersecurity management and Hossain et al.'s [57] sustainable performance research provided insights into organizational resilience, emphasizing the importance of regulatory frameworks in improving cybersecurity resilience strategies in Saudi Arabian SMEs. The nuances of organizational information security policies and cybersecurity education were further explored by Tagarev and Polimirova [26] and Rajamäki et al. [56], emphasizing the value of structured guidance, which frequently results from effective regulatory frameworks. In the meantime, research on the cybersecurity environment in the European Union, such as that by Wessel [58] and Fuster and Jasmontaite [59], has offered comparative insights and emphasized the significance of regulation in fostering cybersecurity resilience. ...
Cybersecurity challenges in Saudi Arabia’s service and manufacturing sectors are escalating due to increased digital adoption, highlighting the need for robust security measures and awareness in SMEs. Therefore, this research is significant due to the increasing reliance on digital technologies and the unique cybersecurity challenges faced by SMEs in these vital economic sectors. With rapid technological advancements, IT capabilities and cybersecurity have become paramount, particularly in the post-COVID-19 era. The service and manufacturing sectors in Saudi Arabia have seen significant shifts towards digital operations. This study aimed to explore the impact of organizational cybersecurity systems on organizational resilience and sustainable business performance in Saudi Arabia’s service and manufacturing sectors, examining the mediating and moderating effects of organizational resilience and culture. A quantitative research method was employed, combining a thorough literature review with empirical data from a sample of 394 respondents in Saudi Arabia, split evenly between the service and manufacturing sectors. Smart PLS 3.3.3 was used to test the proposed hypotheses. The findings suggested a positive effect of the factors of organizational cybersecurity systems on organizational resilience. Organizational cybersecurity systems also significantly influenced sustainable business performance; however, organizational resilience and culture did not play mediating and moderating roles. This study is one of the first to offer a nuanced analysis of IT capabilities and cybersecurity within Saudi Arabia’s service and manufacturing sectors, especially in a post-COVID-19 context. The insights gleaned contribute to the academic discourse and have pivotal managerial implications for organizations navigating the digital era in Saudi Arabia.
... If the IoT system becomes non-operational during such events, it not only interrupts data flow to healthcare providers but also poses a potential threat to patients' lives. Several studies [89], [90] identified key vulnerabilities in IoT devices, networks, and services, such as software, hardware, cloud services, and communication device failures, that could impede the resilience and availability of IoT systems. To address these challenges, different recovery strategies were proposed, including postevent automatic recovery mechanisms like MTD [60] and blockchain-based solutions [61], which are geared towards reinforcing the resilience of these crucial IoT components. ...
The Internet of Things (IoT) emerged as a pervasive technology, facilitating the seamless interaction of devices, individuals, and services, enabling data exchange and task execution across various domains. While the impact of IoT is undeniably transformative, its extensive proliferation raised significant concerns surrounding security, privacy, and trust, which stand as critical barriers to the widespread adoption and advancement of IoT technology. This review article explores IoT security, privacy, and trust research using a 3-layer IoT architecture. After introducing the fundamental tenets of IoT security, privacy, and trust, it proceeds to examine the prevalent security requirements within IoT architectures and their associated challenges. Then, the survey investigates the recent trends in research dedicated to addressing security, privacy, and trust issues within IoT systems. Furthermore, this article reviews the latest advancements and methodologies designed to secure IoT systems against security breaches and protect the privacy of sensitive data. Finally, the survey outlines unresolved challenges within the IoT security landscape and potential solutions. By offering this consolidated insight, this article offers a bridge between foundational and advanced IoT security topics, providing researchers with an in-depth understanding of current IoT security, privacy, and trust challenges, as well as cutting-edge solutions tailored to address the security and trust-related obstacles faced by IoT applications. This comprehensive overview equips the IoT community with the knowledge necessary to navigate the complex terrain of security, privacy, and trust in IoT systems.
... Pirta-Dreiman et al. [17] adopted the Intervention Mapping paradigm to propose a cyber security educational framework incorporating validated theoretical and evidence-based approaches. Rajamäki et al. [18] proposed a framework for the education and training of healthcare workers based on the principle of interactivity, guidance, and relevancy to users' operational environment. ...
The impact of Cyber Security is global, requiring immediate attention for protecting, conserving, and maintaining the integrity of any data. The need for cyber security is of utmost importance in Industry or Academics. To address this, all stakeholders should have substantial knowledge about cyber security and how to implement it. The use of published generic standards and guidelines does not describe the technologies or solutions that can be used. Currently, machine learning-based applications, serious games, or remote training can be used to bridge this gap. This paper proposes a vision model based on Quantum Artificial Intelligence (QAI) that generates secure software development (SSD) rules to educate and train developers and testers during different phases of the Software Development Life Cycle (SDLC). The proposed model trains QAI algorithms on data from industry standards, vulnerability information, and proprietary and historical data to create security rules that developers and testers can quickly adapt. Consequently, a case study about the automotive industry SSD discusses the application of the vision model.
... The advice provided above will assist cybersecurity workers in healthcare organisations to keep their systems secure. Hospitals, physician offices, clinics, and other healthcare providers must offer high-quality treatment while keeping patients and staff as safe as possible [78][79][80] . amongst the data sets targeted are those containing protected health information (PHI) about patients, financial data (such as credit card and bank account numbers), personally identifiable information (PII) (such as Social Security numbers), and intellectual property related to medical research and innovation. ...
... The author proposed a comprehensive system to identify the threat before it even starts, which means a preventative measure should be sort and systems designed to address such. As Rajamäki et al. (2018) aptly puts it, training must thus be construed as a form of proactive defense mechanism through which organizations can insulate themselves against evolving cyber threats as it increases the element of resilience needed for effective defense among organizations. Afenyo and L.D. Caesar Ocean and Coastal Management xxx (xxxx) 106493 Fig. 2. Methodology adopted for the paper. ...
The maritime industry has become vulnerable to attacks lately. These attacks often come in different forms, including cyber and piracy. Future increase in cyberattacks and cyber vulnerability for maritime supply chains is already an established consensus among practitioners and academics. It is therefore important to enact policies and build resilient systems to effectively address the threats posed by these attacks. However, there is little information in the literature regarding the research gaps and future needs of the maritime industry in terms of cyber
security. In this conceptual paper, a review study is undertaken to identify the research gaps in maritime cybersecurity, proposal of how these gaps could be addressed and future research priorities are discussed. In addition, it
identifies policies that needs to be updated and enacted. The results show that there is currently a huge gap as: 1) the literature does not have real time data on maritime cyber-attacks, making it difficult for modelling and future
prediction of such attacks to be carried out, 2) the economic impact of maritime cyber-attack has only been addressed rather slightly, 3) the curriculum and educational system for training maritime professionals is limited in
building their capacity to address current and future cyber threats. In addition, current national and international laws are structurally inadequate to regulate the maritime cyber space.
... A prevention-centric approach tries to stop insider attacks before they happen. As many cybersecurity threats result from human error or a lack of awareness, Rajamäki et al. proposed a proactive and resilient education framework to develop corresponding cybersecurity education and training programs for different categories of employees [22]. Chowdhury et al. [23] proposed a framework for enterprise network security training based on learning theory and the Delphi method. ...
Insider threats, as one of the pressing challenges that threaten an organization’s information assets, usually result in considerable losses to the business. It is necessary to explore the key human factors that enterprise information security management should focus on preventing to reduce the probability of insider threats effectively. This paper first puts forward the improved Human Factors Analysis and Classification System (IHFACS) based on actual enterprise management. Then, the enterprise internal threat risk assessment model is constructed using the Bayesian network, expert evaluation, and fuzzy set theory. Forty-three classic insider threat cases from China, the United States, and Israel during 2009–2021 are selected as samples. Then, reasoning and sensitivity analysis recognizes the top 10 most critical human factors of the accident and the most likely causal chain of unsafe acts. The result shows that the most unsafe behavior was not assessing employees’ familiarity with the company’s internal security policies. In addition, improving the organizational impact of information security can effectively reduce internal threats and promote the sustainable development of enterprises.
... Their model was validated through a case study in Canada. Similarly, Rajamäki et al. [6] recommended a "Proactive Resilience Educational Framework (Proresilience EF)" to facilitate cybersecurity education and training in the healthcare field. Similarly, Alshaikh et al. [7] constructed "Information Security Education Training and Awareness (SETA)" To provide sustainable behavioral change regarding cybersecurity by adopting the behavior change wheel (BCW) framework. ...
Currently, cybersecurity plays an essential role in computing and information technology due to its direct effect on organizations’ critical assets and information. Cybersecurity is applied using integrity, availability, and confidentiality to protect organizational assets and information from various malicious attacks and vulnerabilities. The COVID-19 pandemic has generated different cybersecurity issues and challenges for businesses as employees have become accustomed to working from home. Firms are speeding up their digital transformation, making cybersecurity the current main concern. For software and hardware systems protection, organizations tend to spend an excessive amount of money procuring intrusion detection systems, antivirus software, antispyware software, and encryption mechanisms. However, these solutions are not enough, and organizations continue to suffer security risks due to the escalating list of security vulnerabilities during the COVID-19 pandemic. There is a thriving need to provide a cybersecurity awareness and training framework for remote working employees. The main objective of this research is to propose a CAT framework for cybersecurity awareness and training that will help organizations to evaluate and measure their employees’ capability in the cybersecurity domain. The proposed CAT framework will assist different organizations in effectively and efficiently managing security-related issues and challenges to protect their assets and critical information. The developed CAT framework consists of three key levels and twenty-five core practices. Case studies are conducted to evaluate the usefulness of the CAT framework in cybersecurity-based organizational settings in a real-world environment. The case studies’ results showed that the proposed CAT framework can identify employees’ capability levels and help train them to effectively overcome the cybersecurity issues and challenges faced by the organizations.
... Data leakage, hacking, tampering, may occur towards public health services [2]. These attacks have significant effects to public health services because the operation often requires a real-time access to services such as to patient health records or to the electronic prescriptions [3]. The loss of such confidential information is damaging the healthcare organization, while it can put it into a huge risk. ...
... Any disruption of the services due to intentional or accidental incidents may also threaten patients' lives. To establish resilience, various efforts [15], [16] have recognized potentially vulnerable functions (e.g., failure of software, hardware, cloud services, and communication devices) that may hinder the resilience of healthcare attributes and proposed different ways to recover from them (e.g., post-event automatic recovery of the vulnerabilities like Moving Target Defense (MTD) [17], and blockchainbased solutions [18]). • Personalization: Personalized healthcare services typically operate in the most strict mode by supporting customization of a specific health condition under specific conditions [19], [20]. ...
Recent technological (e.g., IoT, 5G) and economic (e.g., UN 2030 Sustainable Development Goals) developments have transformed the healthcare sector towards more personalized and IoT-based healthcare services. These services are realized through control and monitoring applications that are typically developed using artificial intelligence (AI)/machine learning (ML) based algorithms that play a significant role to highlight the efficiency of traditional healthcare systems. Current personalized healthcare services are dedicated in a specific environment and support technological personalization (e.g., personalized gadgets/devices) and are unable to consider different inter-related health conditions that lead to inappropriate diagnosis and affect sustainability and the long-term health/life of patients. Towards this problem, the state-of-the-art Healthcare 5.0 technology has evolved that supersede the previous healthcare technologies. The goal of healthcare 5.0 is to achieve a fully autonomous healthcare service, that takes into account the interdependent effect of different health conditions of a patient. This paper conducts a comprehensive survey on personalized healthcare services. In particular, we first present an overview of key requirements of comprehensive personalized healthcare services (CPHS) in modern healthcare Internet of Things (HIoT), including the definition of personalization and an example use case scenario as a representative for modern HIoT. Second, we explored a fundamental three-layer architecture for IoT-based healthcare systems using both AI/ML-based and non-AI-based approaches, considering key requirements for CPHS followed by their strengths and weaknesses in the frame of personalized healthcare services. Third, we highlighted different security threats against each layer of IoT architecture along with the possible AI-based and non-AI-based solutions. Finally, we proposed a methodology to provide reliable, resilient, and personalized healthcare services that address the identified weaknesses of existing approaches.
... Nevertheless, the technical understanding is still the predominant view on building resilience in this field. Recent research on hospitals and health infrastructure resilience, e.g., deals with structural and internal safety in general [8]; resilience in the context of COVID-19 [9,10]; cyberattacks [11,12]; various natural hazards, including earthquakes [13,14], hurricanes [15], and wildfires [16]; or specific settings such as urban areas [17]. It is striking that comparably little research focuses on a broader, more holistic understanding of health infrastructure systems, hospital resilience, or the contribution of health infrastructure resilience to overall societal resilience. ...
The current understanding of critical health infrastructure resilience is still dominated by a technical perspective. Reality however is different, as past events including the COVID-19 pandemic have revealed: emergency situations are only rarely exclusively technical in nature. Instead they are a product of prior circumstances, often linked to natural hazards, technical mishaps, and insufficient social and organizational preparedness structures. However, experiences and lessons learned from past events are still largely overlooked and have not sufficiently found their way into conceptual understandings of critical health infrastructure resilience. This paper addresses this gap by challenging the one-sided and technically oriented understanding of resilience in the context of critical health infrastructure. Based on a systematic literature review, it assesses real-world cases of water supply failures in healthcare facilities, a serious threat largely overlooked in research and policy. The results underscore the need for targeted organizational strategies to deal with cascading impacts. The overall findings show that addressing technical aspects alone is not sufficient to increase the overall resilience of healthcare facilities. Broadening the dominant resilience understanding is hence an important foundation for healthcare infrastructures to improve risk management and emergency preparedness strategies to increase their resilience towards future disruptions.