Search results for: cybersecurity risk management plan

Authors: Hilalah Alturkistani, Alaa AlFaadhel, Nora AlJahani, Fatiha Djebbar

Abstract:

Cloud computing is one of the most widely used technology which provides opportunities and services to government entities, large companies, and standard users. However, cybersecurity risk management studies of cloud computing and resiliency approaches are lacking. This paper proposes resilient cloud cybersecurity risk assessment and management tailored specifically, to Dropbox with two approaches:1) technical-based solution motivated by a cybersecurity risk assessment of cloud services, and 2)a target personnel-based solution guided by cybersecurity-related survey among employees to identify their knowledge that qualifies them withstand to any cyberattack. The proposed work attempts to identify cloud vulnerabilities, assess threats and detect high risk components, to finally propose appropriate safeguards such as failure predicting and removing, redundancy or load balancing techniques for quick recovery and return to pre-attack state if failure happens.

Keywords: cybersecurity risk management plan, resilient cloud computing, cyberattacks, cybersecurity risk assessment

Procedia PDF Downloads 101

Authors: Pema Choejey, David Murray, Chun Che Fung

Abstract:

Bhutan is becoming increasingly dependent on Information and Communications Technologies (ICTs), especially the Internet for performing the daily activities of governments, businesses, and individuals. Consequently, information systems and networks are becoming more exposed and vulnerable to cybersecurity threats. This paper highlights the findings of the survey study carried out to understand the perceptions of cybersecurity implementation among government organizations in Bhutan. About 280 ICT personnel were surveyed about the effectiveness of cybersecurity implementation in their organizations. A questionnaire based on a 5 point Likert scale was used to assess the perceptions of respondents. The questions were asked on cybersecurity practices such as cybersecurity policies, awareness and training, and risk management. The survey results show that less than 50% of respondents believe that the cybersecurity implementation is effective: cybersecurity policy (40%), risk management (23%), training and awareness (28%), system development life cycle (34%); incident management (26%), and communications and operational management (40%). The findings suggest that many of the cybersecurity practices are inadequately implemented and therefore, there exist a gap in achieving a required cybersecurity posture. This study recommends government organizations to establish a comprehensive cybersecurity program with emphasis on cybersecurity policy, risk management, and awareness and training. In addition, the research study has practical implications to both government and private organizations for implementing and managing cybersecurity.

Keywords: awareness and training, cybersecurity policy, risk management, security risks

Procedia PDF Downloads 305

Authors: Anders Thorsén, Behrooz Sangchoolie, Peter Folkesson, Ted Strandberg

Abstract:

As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment in order to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., intelligent distributed grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified in order to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.

Keywords: intelligent distribution grids, threat analysis, risk assessment, safety, cybersecurity

Procedia PDF Downloads 120

Authors: Andrew John Zeller, Francis Pouatcha

Abstract:

Working according to the DevOps principle has gained in popularity over the past decade. While its extension DevSecOps started to include elements of cybersecurity, most real-life projects do not focus risk and security until the later phases of a project as teams are often more familiar with engineering and infrastructure services. To help bridge the gap between security and engineering, this paper will take six building blocks of cybersecurity and apply them to the DevOps approach. After giving a brief overview of the stages in the DevOps lifecycle, the main part discusses to what extent six cybersecurity blocks can be utilized in various stages of the lifecycle. The paper concludes with an outlook on how to stay up to date in the dynamic world of cybersecurity.

Keywords: information security, data security, cybersecurity, devOps, IT management

Procedia PDF Downloads 68

Authors: Gampel Alexander, Mazzuchi Thomas, Sarkani Shahram

Abstract:

The cybersecurity landscape is constantly evolving, and organizations must adapt to the changing threat environment to protect their assets. The implementation of the NIST Risk Management Framework (RMF) has become critical in ensuring the security and safety of industrial control and automation systems. However, cybersecurity professionals are facing challenges in implementing RMF, leading to systems operating without authorization and being non-compliant with regulations. The current approach to RMF implementation based on business practices is limited and insufficient, leaving organizations vulnerable to cyberattacks resulting in the loss of personal consumer data and critical infrastructure details. To address these challenges, this research proposes a Model-Based Systems Engineering (MBSE) approach to implementing cybersecurity controls and assessing risk through the RMF process. The study emphasizes the need to shift to a modeling approach, which can streamline the RMF process and eliminate bloated structures that make it difficult to receive an Authorization-To-Operate (ATO). The study focuses on the practical application of MBSE in industrial control and automation systems to improve the security and safety of operations. It is concluded that MBSE can be used to solve the implementation challenges of the NIST RMF process and improve the security of industrial control and automation systems. The research suggests that MBSE provides a more effective and efficient method for implementing cybersecurity controls and assessing risk through the RMF process. The future work for this research involves exploring the broader applicability of MBSE in different industries and domains. The study suggests that the MBSE approach can be applied to other domains beyond industrial control and automation systems.

Keywords: authorization-to-operate (ATO), industrial control systems (ICS), model-based system’s engineering (MBSE), risk management framework (RMF)

Procedia PDF Downloads 51

Authors: Sanja Bracun, Nikolina Kasunic

Abstract:

After graduation, the student population of applied sciences will become the population of employees on IT experts’ positions or "just" business users of certain IT technologies for which the level of awareness of existing cybersecurity risks is extremely important. This research results define the current cybersecurity awareness level of students at Zagreb University of Applied Sciences (TVZ), what can be useful not only for teaching staff to form a curriculum related to cybersecurity more accurately but also to employers to know what to expect from their future employees regarding cybersecurity awareness level.

Keywords: student population cybersecurity awareness, cybersecurity awareness, cybersecurity, applied sciences students

Procedia PDF Downloads 214

Authors: Shaila Rana, Wasim Alhamdani

Abstract:

Effective cybersecurity learning relies on an engaging, interactive, and entertaining activity that fosters positive learning outcomes. VR cybersecurity training may promote these aforementioned variables. However, a methodological approach and framework have not yet been created to allow trainers and educators to employ VR cybersecurity training methods to promote positive learning outcomes to the author’s best knowledge. Thus, this paper aims to create an approach that cybersecurity trainers can follow to create a VR cybersecurity training module. This methodology utilizes concepts from other cybersecurity training frameworks, such as NICE and CyTrONE. Other cybersecurity training frameworks do not incorporate the use of VR. VR training proposes unique challenges that cannot be addressed in current cybersecurity training frameworks. Subsequently, this ontology utilizes concepts unique to developing VR training to create a relevant methodology for creating VR cybersecurity training modules. The outcome of this research is to create a methodology that is relevant and useful for designing VR cybersecurity training modules.

Keywords: virtual reality cybersecurity training, VR cybersecurity training, traditional cybersecurity training, ontology

Procedia PDF Downloads 249

Authors: S. Pullteap, M. Pathomsuriyaporn

Abstract:

In this article, a study of employee’s opinion to the factors that affect to the flood preventive and the corrective action plan in an electronic industry at the Sharp Manufacturing (Thailand) Co., Ltd. has been investigated. The surveys data of 175 workers and supervisors have, however, been selected for data analysis. The results is shown that the employees emphasize about the needs in a subsidy at the time of disaster at high levels of 77.8%, as the plan focusing on flood prevention of the rehabilitation equipment is valued at the intermediate level, which is 79.8%. Demonstration of the hypothesis has found that the different education levels has thus been affected to the needs factor at the flood disaster time. Moreover, most respondents give priority to flood disaster risk management factor. Consequently, we found that the flood prevention plan is valued at high level, especially on information monitoring, which is 93.4% for the supervisor item. The respondents largely assume that the flood will have impacts on the industry, up to 80%, thus to focus on flood management plans is enormous.

Keywords: flood prevention plan, flood event, electronic industrial plant, disaster, risk management

Procedia PDF Downloads 275

Authors: Sadiq Nasir

Abstract:

The need for strong cybersecurity measures has been brought to light by society's growing reliance on technology. Cybersecurity breaches continue, with the human aspect playing a crucial role, despite the availability of technology remedies. By analyzing the most recent findings in this area of research on awareness, attitudes, and behaviour, this literature review seeks to comprehend the human element in cybersecurity. A thorough overview of the most recent studies and gaps in the body of knowledge will be determined through a systematic examination of the literature. The paper indicates that in order to address the human component in cybersecurity, a socio-technical strategy is required, and it advocates for additional study in order to fully comprehend the consequences of various interventions. The findings of this study will increase our understanding of cybersecurity and have useful ramifications for companies wanting to strengthen their cybersecurity posture.

Keywords: cybersecurity, cybersecurity awareness, human factor in security, human security

Procedia PDF Downloads 52

Authors: Siti Juryiah Mohd Khalid, Norazlina Dol

Abstract:

Academic libraries in Malaysia are still not prepared for disaster even though several occasions have been reported. The study sets out to assess the current status of preparedness in disaster management among Malaysian academic libraries in the State of Selangor and the Federal Territory of Kuala Lumpur. To obtain a base level of knowledge on disaster preparedness of current practices, a questionnaire was distributed to chief librarians or their assignees in charge of disaster or emergency preparedness at 40 academic libraries and 34 responses were received. The study revolved around the current status of preparedness, on various issues including existence of disaster preparedness plan among academic libraries in Malaysia, disaster experiences by the academic libraries, funding, risk assessment activities and involvement of library staff in disaster management. Frequency and percentage tables were used in the analysis of the data collected. Some of the academic libraries under study have experienced one form of disaster or the other. Most of the academic libraries do not have a written disaster preparedness plan. The risk assessments and staff involvement in disaster preparedness by these libraries were generally adequate.

Keywords: academic libraries, disaster preparedness plan, disaster management, emergency plan

Procedia PDF Downloads 333

Authors: Shaila Rana, Wasim Alhamdani

Abstract:

Effective cybersecurity training is of the utmost importance, given the plethora of attacks that continue to increase in complexity and ubiquity. VR cybersecurity training remains a starkly understudied discipline. Studies that evaluated the effectiveness of VR cybersecurity training over traditional methods are required. An engaging and interactive platform can support knowledge retention of the training material. Consequently, an effective form of cybersecurity training is required to support a culture of cybersecurity awareness. Measurements of effectiveness varied throughout the studies, with surveys and observations being the two most utilized forms of evaluating effectiveness. Further research is needed to evaluate the effectiveness of VR cybersecurity training and traditional training. Additionally, research for evaluating if VR cybersecurity training is more effective than traditional methods is vital. This paper proposes a methodology to compare the two cybersecurity training methods and their effectiveness. The proposed framework includes developing both VR and traditional cybersecurity training methods and delivering them to at least 100 users. A quiz along with a survey will be administered and statistically analyzed to determine if there is a difference in knowledge retention and user satisfaction. The aim of this paper is to bring attention to the need to study VR cybersecurity training and its effectiveness compared to traditional training methods. This paper hopes to contribute to the cybersecurity training field by providing an effective way to train users for security awareness. If VR training is deemed more effective, this could create a new direction for cybersecurity training practices.

Keywords: virtual reality cybersecurity training, VR cybersecurity training, traditional cybersecurity training

Procedia PDF Downloads 179

Authors: Serzhan Ashirov, Dana Nour, Rafat Rob, Khaled Alotaibi

Abstract:

There has been a fast growth in the introduction and use of communications, information, monitoring, and sensing technologies. The new technologies are making their way to the Industrial Control Systems as embedded in products, software applications, IT services, or commissioned to enable integration and automation of increasingly global supply chains. As a result, the lines that separated the physical, digital, and cyber world have diminished due to the vast implementation of the new, disruptive digital technologies. The variety and increased use of these technologies introduce many cybersecurity risks affecting cyber-resilience of the supply chain, both in terms of the product or service delivered to a customer and members of the supply chain operation. US department of energy considers supply chain in the IR4 space to be the weakest link in cybersecurity. The IR4 identified the digitization of the field devices, followed by digitalization that eventually moved through the digital transformation space with little care for the new introduced cybersecurity risks. This paper will examine the best methodologies for securing the electrical substations from cybersecurity attacks due to supply chain risks, and due to digitization effort. SCADA systems are the most vulnerable part of the power system infrastructure due to digitization and due to the weakness and vulnerabilities in the supply chain security. The paper will discuss in details how create a secure supply chain methodology, secure substations, and mitigate the risks due to digitization

Keywords: cybersecurity, supply chain methodology, secure substation, digitization

Procedia PDF Downloads 36

Authors: Marinko Maslaric, Maja Jokic

Abstract:

When searching for fast and long term responses, sustainable logistics and supply chain applications have developed irrefutable theories and hypotheses towards market requirements. Nevertheless, there are certain misunderstandings on how the implementation of sustainability principles (social, economical, and environmental) and concepts should work in practice, more specifically, within a humanitarian supply chain management context. This paper will focus on the review and analysis of risk management concepts in humanitarian supply chain in order to identify their compliance with sustainable principles. In this direction, the study will look for strategies that suggest: minimization of environmental impacts throughout the reduction of resources consumption, depreciation of logistics costs, including supply chain ones, minimization of transportation and service costs, elaboration of quality performance of supply chain and logistics, and reduction of supply chain delivery time. On the side of meeting all defense, trades and humanitarian logistics needs, the research will be aligned to UN Sustainable Development Goals, standards, and performances. It will start with relevant strategies for identification of risk indicators and it will end with suggestion of valuable strategic approaches for their minimization or total prevention. Finally, a content analysis will propose a suitable methodological structure for the creation of most sustainable strategy in risk management of humanitarian supply chain. Content analysis will accompany thorough, consistent and methodical approach of literature review for potential disaster risk management plan. Thereupon, the propositions of this research will look for contemporary literature gaps, with respect to operate the literature analysis and to suggest the appropriate sustained risk low master plan. The indicated is here to secure the high quality of logistics practices in hazardous events.

Keywords: humanitarian logistics, sustainability, supply chain risk, risk management plan

Procedia PDF Downloads 201

Authors: O. A. Ajigini, E. N. Mwim

Abstract:

Cybersecurity is the protection of computers, programs, networks, and data from attack, damage, unauthorised, unintended access, change, or destruction. Organisations collect, process and store their confidential and sensitive information on computers and transmit this data across networks to other computers. Moreover, the advent of internet technologies has led to various cyberattacks resulting in dangerous consequences for organisations. Therefore, with the increase in the volume and sophistication of cyberattacks, there is a need to develop models and make recommendations for the management of cybersecurity threats in organisations. This paper reports on various threats that cause malicious damage to organisations in cyberspace and provides measures on how these threats can be eliminated or reduced. The paper explores various aspects of protection measures against cybersecurity threats such as handling of sensitive data, network security, protection of information assets and cybersecurity awareness. The paper posits a model and recommendations on how to manage cybersecurity threats in organisations effectively. The model and the recommendations can then be utilised by organisations to manage the threats affecting their cyberspace. The paper provides valuable information to assist organisations in managing their cybersecurity threats and hence protect their computers, programs, networks and data in cyberspace. The paper aims to assist organisations to protect their information assets and data from cyberthreats as part of the contributions toward community engagement.

Keywords: confidential information, cyberattacks, cybersecurity, cyberspace, sensitive information

Procedia PDF Downloads 217

Authors: A. D. Abdellatif, A. N. Ahmed, M. E. Abdelaziz

Abstract:

The main purpose of this paper is to design a double acceptance sampling plan under the time truncated life test when the product lifetime follows an exponentiated transmuted Weibull distribution. Here, the motive is to meet both the consumer’s risk and producer’s risk simultaneously at the specified quality levels, while the termination time is specified. A comparison between the results of the double and single acceptance sampling plans is conducted. We demonstrate the applicability of our results to real data sets.

Keywords: double sampling plan, single sampling plan, producer’s risk, consumer’s risk, exponentiated transmuted weibull distribution, time truncated experiment, single, double, Marshal-Olkin

Procedia PDF Downloads 451

Authors: Gabriela-Andreea Despescu, Mădălina-Elena Mavrodin, Gheorghe Lăzăroiu, Florin Adrian Grădinaru

Abstract:

The purpose of this paper is to contribute to the enhancement of a hydroelectric plant protection by coordinating protection measures and existing security and introducing new measures under a risk management process. Also, the plan identifies key critical elements of a hydroelectric plant, from its level vulnerabilities and threats it is subjected to in order to achieve the necessary protection measures to reduce the level of risk.

Keywords: critical infrastructure, risk analysis, critical infrastructure protection, vulnerability, risk management, turbine, impact analysis

Procedia PDF Downloads 510

Authors: Davood Shishebori, Mohammad Saber Fallah Nezhad, Sina Seifi

Abstract:

In this paper, a variable multiple dependent state (MDS) sampling plan is developed based on the process capability index using Bayesian approach. The optimal parameters of the developed sampling plan with respect to constraints related to the risk of consumer and producer are presented. Two comparison studies have been done. First, the methods of double sampling model, sampling plan for resubmitted lots and repetitive group sampling (RGS) plan are elaborated and average sample numbers of the developed MDS plan and other classical methods are compared. A comparison study between the developed MDS plan based on Bayesian approach and the exact probability distribution is carried out.

Keywords: MDS sampling plan, RGS plan, sampling plan for resubmitted lots, process capability index (PCI), average sample number (ASN), Bayesian approach

Procedia PDF Downloads 268

Authors: Ruchi Agarwal, Jake Ansell

Abstract:

Austerity impacts on all aspects of society. Companies into the future will have to be more capable of dealing with the risks they face. Enterprise Risk Management (ERM) has widely been accepted in recent years as an approach to manage risks within businesses. ERM attempts to tackle risk holistically with gains from opportunities in a managing risk and reduction in the risk of failure. The paper reviews merits and demerits of approaches to risk management in regard to antifragility. A qualitative study has investigated current practices and the problems with ERM implementation by interviewing over 25 chief risk officers and senior management. The findings indicate the gap in ERM description, understanding, and implementation. The paper suggests risk learning and expertise knowledge supports development of effective enterprise risk management by designing systems with inherent resilience.

Keywords: risk management, interviews, antifragility, failure

Procedia PDF Downloads 520

Authors: Elham Rajabian

Abstract:

The ascent of cybersecurity incidents is a rising threat to most organisations in general, while the impact of the incidents is unique to each of the organizations. It is a need for behavioural sciences to concentrate on employees’ behaviour in order to prepare key security mitigation opinions versus cybersecurity incidents. There are noticeable differences among users of a computer system in terms of complying with security behaviours. We can discuss the people's differences under several subjects such as delaying tactics on something that must be done, the tendency to act without thinking, future thinking about unexpected implications of present-day issues, and risk-taking behaviours in security policies compliance. In this article, we introduce high-profile cyber-attacks and their impacts on weakening cyber resiliency in organizations. We also give attention to human errors that influence network security. Human errors are discussed as a part of psychological matters to enhance compliance with the security policies. The organizational challenges are studied in order to shape a sustainable cyber risks management approach in the related work section. Insiders’ behaviours are viewed as a cyber security gap to draw proper cyber resiliency in section 3. We carry out the best cybersecurity practices by discussing four CIS challenges in section 4. In this regard, we provide a guideline and metrics to measure cyber resilience in organizations in section 5. In the end, we give some recommendations in order to build a cybersecurity culture based on individual behaviours.

Keywords: cyber resilience, human factors, cybersecurity behavior, attitude, usability, security culture

Procedia PDF Downloads 66

Authors: Saif Hussein Abdallah Alghazo, Norshima Humaidi

Abstract:

Adopting cybersecurity protective behaviour among the employees is seriously considered in the organization, especially when the Internet of Things (IoT) is widely used in Industrial Revolution 4.0 (IR 4.0) era. Cybersecurity issues arise due to weaknesses of employees’ behaviour such as carelessness and failure to adopt good practices of information security behaviour. Therefore, this study aims to explore the dimensions that might influence employees’ behaviour to adopt good cybersecurity practices and to develop a new holistic model related to this concept. The study proposed this by reviewing the existing works of literature related to this field extensively, especially by focusing on the existing theory such as Protection Motivation Theory (PMT). Moreover, this study has also explored the role of cybersecurity competency among the security manager in the organization since this construct is essential to enhance the protective behaviour towards cybersecurity among the employees in the organization. The proposed research model is important to be quantitatively tested in the future as the findings will serve as the input to the act that will enhance employee’s cybersecurity protective behaviour in the IR 4.0 environment.

Keywords: cybersecurity protective behaviour, protection motivation theory, IR 4.0, cybersecurity competency

Procedia PDF Downloads 112

Authors: Olaniyi O. Omoyajowo

Abstract:

To be successful in today’s competitive global environment, manufacturing industry must be able to respond quickly to changes in technology. These changes in technology introduce new risks and hazards. The management of risk/hazard in a manufacturing process recommends method through which the success rate of an organization can be increased. Thus, there is a continual need for manufacturing industries to invest significant amount of resources in risk management, which in turn optimizes the production output and profitability of any manufacturing industry (if implemented properly). To help improve the existing risk prevention and mitigation practices in Small and Medium Enterprise (SME) in Nigeria Manufacturing Industries (NMI), the researcher embarks on this research to develop a systematic Risk Management process.

Keywords: manufacturing management, risk, risk management, SMEs

Procedia PDF Downloads 358

Authors: Rossouw De Bruin, Sebastiaan H. Von Solms

Abstract:

The state of national security is an evolving concern. Companies, organizations, governments, states and individuals are aware of the security of their information and their assets however, they may not always be aware of the risks present. These risks are not only limited to non-existence of security procedures. Existing security can be severely flawed, especially if there is non-conformance towards policies, practices and procedures. When looking at humanitarian actions, we can easily identify these flaws. Unfortunately, humanitarian aid has to compete with factors from within the states, countries and continents they are working in. Furthermore, as technology improves, so does our connectivity to the internet and the way in which we use the internet. However, there are times when security is overlooked and humanitarian agencies are some of the agencies that do not always take security into consideration. The purpose of this paper will be to introduce the importance of cybersecurity and cybersecurity governance with respect to humanitarian work. We will also introduce and briefly discuss a model that can be used by humanitarian agencies to assess, manage and maintain their cybersecurity efforts.

Keywords: humanities, cybersecurity, cybersecurity governance, maturity, cybersecurity maturity, maturity model

Procedia PDF Downloads 231

Authors: Alexander Kelíšek, Denisa Janasová, Veronika Mitašová

Abstract:

Weak signals using is often associated with early warning. It is possible to find a link between early warning, respectively early problems detection and risk management. The idea of early warning is very important in the context of crisis management because of the risk prevention possibility. Weak signals are likened to risk symptoms. Nowadays, their usefulness as a tool of proactive problems solving is emphasized. Based on it, it is possible to use weak signals not only in strategic planning, project management, or early warning system, but also as a subsidiary element in risk management. The main question is how to effectively integrate weak signals into risk management. The main aim of the paper is to point out the possibilities of weak signals using in small and medium enterprises risk management.

Keywords: early warning system, weak signals, risk management, small and medium enterprises (SMEs)

Procedia PDF Downloads 388

Authors: Nguyen Quang Kim, Nguyen Thu Hien, Nguyen Thien Dung

Abstract:

Flood disasters are increasing worldwide in both frequency and magnitude. Every year in Vietnam, flood causes great damage to people, property, and environmental degradation. The flood risk management policy in Vietnam is currently updated. The planning of flood mitigation strategies is reviewed to make a decision how to reach sustainable flood risk reduction. This paper discusses the basic approach where the measures of flood protection are chosen based on minimizing the present value of expected monetary expenses, total residual risk and costs of flood control measures. This approach will be proposed and demonstrated in a case study for flood risk management in Vinh Phuc province of Vietnam. Research also proposed the framework to find a solution of optimal protection level and optimal measures of the flood. It provides an explicit economic basis for flood risk management plans and interactive effects of options for flood damage reduction. The results of the case study are demonstrated and discussed which would provide the processing of actions helped decision makers to choose flood risk reduction investment options.

Keywords: drainage plan, flood planning, flood risk, residual risk, risk optimization

Procedia PDF Downloads 197

Authors: Heba Abdelmotaal, Magdy Abdel-Kader

Abstract:

Purpose: This study explores whether a firm’s effective political risk management is preventing real and accrual earnings management . Design/methodology/approach: Based on a sample of 130 firms operating in Egypt during the period 2008-2013, two hypotheses are tested using the panel data regression models. Findings: The empirical findings indicate a significant relation between real and accrual earnings management and political risk. Originality/value: This paper provides a statistically evidence on the effects of the political risk management failure on the mangers’ engagement in the real and accrual earnings management practices, and its impact on the firm’s performance.

Keywords: political risk, risk management failure, real activities manipulation, accrual earnings management

Procedia PDF Downloads 400

Authors: Babatunde Osabiya

Abstract:

Cybersecurity has emerged as a pressing policy problem in recent years, affecting individuals, businesses, and governments worldwide. This research paper aims to critically review the literature on cybersecurity policy and apply policy theory to propose a policy approach that balances the freedom to access and use technology with the human rights risks and threats posed by cyber. Drawing on various credible sources, the paper examines the scale and seriousness of cyber threats, highlighting the growing threat posed by cybercriminals, hackers, and nation-states. The paper also identifies the key challenges facing policymakers, including the need for more significant investment in cybersecurity research and development and the importance of balancing the benefits of technological innovation with the risks to privacy, security, and human rights. To address these challenges, the paper proposes a policy approach emphasizing investing in cybersecurity research and development to maintain a technological edge over potential adversaries. This approach also highlights the need for greater collaboration between government, industry, and civil society to develop effective cybersecurity policies and practices that protect the rights and freedoms of people while mitigating the risks posed by cyber threats. This paper will contribute to the growing body of literature on cybersecurity policy and offers a policy framework for addressing this critical policy challenge.

Keywords: security risk, legal framework, cyber security and policy, national security

Procedia PDF Downloads 59

Authors: Robert Gilliland

Abstract:

In any organization, a potential issue can arise and become a problem when management deviates from the standard norms set in the system development process of an IT system and the policies that pertain to it. In these instances, cybersecurity is a big challenge that organizations have to face in safeguarding the data that they generate and use. When a new idea, task, or process begins, specific standards must be followed, along with the policies and procedures that ensure the safeguard of data in the information system within the company. A good IT Strategy and Policy should have individuals who are in charge of overseeing the design, development, implementation, and auditing of these policies. Auditors are people who check to make sure that the issue conforms with the plan that is in place. Management has the ability through the role of the manager to potentially abuse power is given and to direct specific ideas, events, projects, and outcomes that are contrary to the vision or goals of the company.

Keywords: strategic policy, policy management, new policy, strategic planning

Procedia PDF Downloads 102

Authors: Lucy Tsado

Abstract:

As cybercrime and cyberattacks continue to increase, the need to respond will follow suit. When cybercrimes occur, the duty to respond sometimes falls on law enforcement. However, criminal justice students are not taught concepts in cybersecurity and digital forensics. There is, therefore, an urgent need for many more institutions to begin teaching cybersecurity and related courses to social science students especially criminal justice students. However, many faculty in universities, colleges, and high schools are not equipped to teach these courses or do not have the knowledge and resources to teach important concepts in cybersecurity or digital forensics to criminal justice students. This research intends to develop curricula and training programs to equip faculty with the skills to meet this need. There is a current call to involve non-technical fields to fill the cybersecurity skills gap, according to experts. There is a general belief among non-technical fields that cybersecurity education is only attainable within computer science and technologically oriented fields. As seen from current calls, this is not entirely the case. Transitioning into the field is possible through curriculum development, training, certifications, internships and apprenticeships, and competitions. There is a need to identify how a cybersecurity eco-system can be created at a university to encourage/start programs that will lead to an interest in cybersecurity education as well as attract potential students. A short-term strategy can address this problem through curricula development, while a long-term strategy will address developing training faculty to teach cybersecurity and digital forensics. Therefore this research project addresses this overall problem in two parts, through curricula development for the criminal justice discipline; and training of faculty in criminal justice to teaching the important concepts of cybersecurity and digital forensics.

Keywords: cybersecurity education, criminal justice, curricula development, nontechnical cybersecurity, cybersecurity, digital forensics

Procedia PDF Downloads 68

Authors: Elin Cahyaningsih, Dana Indra Sensuse, Wahyu Catur Wibowo, Sofiyanti Indriasari

Abstract:

Bureaucracy reform program drives Indonesian government to change their management and supporting unit in order to enhance their organization performance. Information technology as one of supporting unit became one of strategic plan that organization tried to improve, because IT can automate and speed up process, reduce business process life cycle become more effective and efficient. Knowledge management system is a technology application for supporting knowledge management implementation in government which is requirement based on problem and potential functionality of each knowledge management process. Define knowledge management that suitable for each organization it is difficult, that why we should make the knowledge management system strategy as an alignment of knowledge management process in the organization. Knowledge management system is one of information system development in people perspective, because this system has high dependency in human interaction and participation. Strategic plan for developing knowledge management system can be determine using some of information system strategic methods. This research conducted to define type of strategic method of information system, stage of activity each method, the strategic method strength and weakness. The author use literature review methods for identify and classify strategic methods of information system for differentiate method type, categorize common activities, strength and weakness. Result of this research are determine and compare six strategic information system methods, there are Balanced Scorecard, Five Force Porter, SWOT analysis, Value Chain Analysis, Risk Analysis and Gap Analysis. Balanced Scorecard and Risk Analysis believe as common strategic method that usually used and have the highest excellence strength.

Keywords: knowledge management system, balanced scorecard, five force, risk analysis, gap analysis, value chain analysis, SWOT analysis

Procedia PDF Downloads 429

Authors: Pırıl Tekin, Rızvan Erol

Abstract:

Risk management has become very important and popular in developing countries in recent years. Especially making patient and employee health and safety issues compulsory in the hospitals, raised the number of studies in Turkey. Also risk management become more important for hospital senior management from clinics to the laboratories. Because quality is really important to be chosen for both patients to consult and employees to prefer to work. And also risk management studies can lead to hospital management team about future works and methods. By this point of view, this study is the risk assessment carried out in the biggest dental hospital in the south part of Turkey. This study was conducted as a research case study, covering two different health care place; A Clinic and A Laboratory. It shows that the problems in this dental hospital and how it can solve all.

Keywords: risk management, healthcare, dental hospital, quality management

Procedia PDF Downloads 341