Research Proposal

Analysis of Quantitative Data: Cybersecurity Knowledge and Skills

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

The evaluation of human factor cybersecurity knowledge and skill across the dynamic systems integrating functional departments support understanding the contextual environment and inherent risks. Ani et al. (2019) use statistical Analysis to quantify human factor cybersecurity knowledge and skills, termed capabilities. Although the research study focuses on industrial control systems, it provides a reliable and valid measure across other environments (Adams & Lawrence, 2019). The capability placement chart and table provide comparative analysis, and more in-depth insights obtain from applying statistical concepts. The significance of the results ensures a correlation between gaps in workforce capabilities and the organization's existing security landscape (Ani et al., 2019).

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... As per the study by Fraser [7], the analyst apart from domain knowledge also requires situated knowledge. It is organization based, difficult to articulate and is implicit in nature. ...
... This knowledge pool is dynamic in nature and is acquired by experts by constantly interacting with a particular operating environment. With respect to network and information security, adjusting and tuning of the IDS is important for learning a network's nuances so that the threats can be detected and the security needs of an organization can be met successfully [7]. Thus, it is important for the analyst to have complete idea about operating IDS to detect the network threats effectively. ...
Article
Our economy, infrastructure and societies rely to a large extent on information technology and computer networks solutions. Increasing dependency on information technologies has also multiplied the potential hazards of cyber-attacks. The prime goal of this study is to critically examine how the sufficient knowledge of cyber security threats plays a vital role in detection of any intrusion in simple networks and preventing the attacks. The study has evaluated various literatures and peer reviewed articles to examine the findings obtained by consolidating the outcomes of different studies and present the final findings into a simplified solution.
Article
Full-text available
Purpose: As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting human-factor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment. Design/methodology/approach: A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques. Findings: Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce. Practical implications: The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies. Originality/value: This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.
Article
Full-text available
This case study explored the critical role a human resources department plays in developing and communicating an effective succession plan, specifically the criteria chosen to fill future vacancies in the organization. Businesses promote two parts of a succession plan: A plan to select the right people and a process to retain, promote, and train the appropriate people to fill a new position (Galagan, 2010). The emergent five themes were established from the data gathered from participant interviews and the assessment of internal documents from the human resources department. The findings strongly indicate discrepancies within succession planning criteria and a lack of a formal succession plan. Human resources directors are responsible for the success of the development, implementation, and communication of the organization's succession plan to support employee retention, engagement, and long-Term growth for the organization.
Article
Full-text available
In this paper we argue for a human-in-the-loop approach to the study of situation awareness in computer defence analysis (CDA). The cognitive phenomenon of situation awareness (SA) has received significant attention in cybersecurity/CDA research. Yet little of this work has attended to the cognitive aspects of situation awareness in the CDA context; instead, the human operator has been treated as an abstraction within the larger human-technology system. A more human-centric approach that seeks to understand the socio-cognitive work of human operators as they perform CDA will yield greater insights into the design of tools and interfaces for CDA. As support for this argument, we present our own work employing the Living Lab Framework through which we ground our experimental findings in contextual knowledge of real-world practice.
Article
Purpose This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices. Design/methodology/approach The socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced. Findings The results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment. Practical implications This research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation. Originality/value The application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.
Book
This textbook is for courses in cyber security education that follow National Initiative for Cybersecurity Education (NICE) KSAs work roles and framework, that adopt the Competency-Based Education (CBE) method. The book follows the CBT (KSA) general framework, meaning each chapter contains three sections, knowledge and questions, and skills/labs for Skills and Abilities. The author makes an explicit balance between knowledge and skills material in information security, giving readers immediate applicable skills. The book is divided into seven parts: Securely Provision; Operate and Maintain; Oversee and Govern; Protect and Defend; Analysis; Operate and Collect; Investigate. All classroom materials (in the book an ancillary) adhere to the NICE framework. • Mirrors classes set up by the National Initiative for Cybersecurity Education (NICE) • Adopts the Competency-Based Education (CBE) method of teaching, used by universities, corporations, and in government training • Includes content and ancillaries that provide skill-based instruction on compliance laws, information security standards, risk response and recovery, and more
Book
The authors do not have rights to distribute the full-text online so only the table of contents and front matter are provided here. If you are an instructor seeking a review copy or teaching supplements, please use this link to locate your Cengage representative: http://www.cengage.com/repfinder/ Brief Contents PART ONE INTRODUCTION TO STRATEGIC MANAGEMENT 1 Strategic Leadership: Managing the Strategy-Making Process for Competitive Advantage 1 2 External Analysis: The Identification of Opportunities and Threats 43 PART TWO THE NATURE OF COMPETITIVE ADVANTAGE 3 Internal Analysis: Distinctive Competencies, Competitive Advantage, and Profitability 80 4 Building Competitive Advantage through Functional-Level Strategies 116 PART THREE STRATEGIES 5 Business-Level Strategy 153 6 Business-Level Strategy and the Industry Environment 178 7 Strategy and Technology 210 8 Strategy in the Global Environment 246 9 Corporate-Level Strategy: Horizontal Integration, Vertical Integration, and Strategic Outsourcing 286 10 Corporate-Level Strategy: Related and Unrelated Diversification 318 PART FOUR IMPLEMENTING STRATEGY 11 Corporate Performance, Governance, and Business Ethics 359 12 Implementing Strategy through Organization 395 CASES
Business ethics: Best practices for designing and managing ethical organization
  • D Collins
Collins, D. (2018). Business ethics: Best practices for designing and managing ethical organization. Los Angeles: Sage Publications.
A Unified Framework for Knowledge-Lean and Knowledge-Rich Planning
  • P Langley
  • S Court
  • D Choi
Langley, P., Court, S., & Choi, D. (2015). A Unified Framework for Knowledge-Lean and Knowledge-Rich Planning. Proceedings of the Third Annual Conference on Advances in Cognitive Systems. Retrieved from http://www.cogsys.org/papers/ACS2015/article20.pdf
Succession planning and job commitment: Moderating role of employees' satisfaction in selected beverages companies in lagos metropolis
  • F Olatunji
  • O J Kehinde
  • C Nwachukwu
Olatunji, F., Kehinde, O. J., & Nwachukwu, C. (2017). Succession planning and job commitment: Moderating role of employees' satisfaction in selected beverages companies in lagos metropolis. Trendy Ekonomiky a Management, 11(30), 21-36. doi:http://franklin.captechu.edu:2123/10.13164/trends.2017.30.21