A quantification mechanism for assessing adherence to information security governance guidelines

Bongiovanni, Ivano; Renaud, Karen; Brydon, Humphrey; Blignaut, Rénette; Cavallo, Angelo

doi:10.1108/ics-08-2021-0112

Cited by 8 publications

(6 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is also consistent with IT decision making and communication within overall governance responsibilities (Shaikh and Siponen, 2023; Bongiovanni et al , 2022) and decision-making under time pressure and workload requirements (Chen et al , 2022; Gyllensten et al , 2021; Chowdhury et al , 2019; Chowdhury et al , 2022; Giger and Pochwatko, 2008).…”

Section: Theory and Calculationsupporting

confidence: 74%

“…The ERP Manager faces a conundrum as they manage the upper layers of the technology stack focusing on business processes and applications and the vulnerabilities are typically identified at the lower layers of the technology stack. The outcome of our approach allows the ERP Manager to set priorities for vulnerability remediation by establishing the significance of the threat or vulnerability along with identifying the specific systems that are vulnerable or exposed, adding a pragmatic approach to enhancing the governance process (Bongiovanni et al , 2022).…”

Section: Methodsmentioning

confidence: 99%

“…The results presented in this paper will help ERP managers anticipate high-risk enterprise system vulnerabilities and develop actionable plans to manage those vulnerabilities, reducing the concerns of time pressure and workload (Giger and Pochwatko, 2008; Chowdhury et al , 2019; Chowdhury et al , 2022; Bongiovanni et al , 2022).…”

Section: Methodsmentioning

confidence: 99%

“…Specifically, vulnerabilities classified by the NVD for Severity based on multiple variables such as Integrity, Confidentiality and Availability will be used to predict the risk of ERP vulnerabilities based on their impact. Allowing the ERP Manager to identify the relationships between vulnerability factors that need to be monitored closely if the enterprise wishes to identify critical, high-risk vulnerabilities and prioritize those vulnerabilities for remediation, developing a governance approach (Bongiovanni et al , 2022).…”

Section: Theory and Calculationmentioning

confidence: 99%

See 3 more Smart Citations

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

Mathieu,

Turovlin

2023

ICS

View full text Add to dashboard Cite

Purpose Cyber risk has significantly increased over the past twenty years. In many organizations, data and operations are managed through a complex technology stack underpinned by an Enterprise Resource Planning (ERP) system such as systemanalyse programmentwicklung (SAP). The ERP environment by itself can be overwhelming for a typical ERP Manager, coupled with increasing cybersecurity issues that arise creating periods of intense time pressure, stress and workload, increasing risk to the organization. This paper aims to identify a pragmatic approach to prioritize vulnerabilities for the ERP Manager. Design/methodology/approach Applying attention-based theory, a pragmatic approach is developed to prioritize an organization’s response to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) vulnerabilities using a Classification and Regression Tree (CART). Findings The application of classification and regression tree (CART) to the National Institute of Standards and Technology’s National Vulnerability Database identifies prioritization unavailable within the NIST’s categorization. Practical implications The ERP Manager is a role between technology, functionality, centralized control and organization data. Without CART, vulnerabilities are left to a reactive approach, subject to overwhelming situations due to intense time pressure, stress and workload. Originality/value To the best of the authors’ knowledge, this work is original and has not been published elsewhere, nor is it currently under consideration for publication elsewhere. CART has previously not been applied to the prioritizing cybersecurity vulnerabilities.

show abstract

Section: Theory and Calculationsupporting

confidence: 74%

Section: Methodsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Theory and Calculationmentioning

confidence: 99%

See 2 more Smart Citations

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

Mathieu,

Turovlin

2023

ICS

View full text Add to dashboard Cite

show abstract

“…Last, the current ISG literature lacks thorough explanations regarding its effectiveness in digital environments. Studies on ISG effectiveness in general are scarce and lack empirical grounding (Bongiovanni et al 2022). The limited studies that do address ISG effectiveness tend to view it as an isolated, one-sided security perspective, focusing solely on in what manner the governance of security reduces security risks, breaches, and incidents (Liu et al 2020).…”

Section: Theoretical Background: Digital Security Governance 1backgro...mentioning

confidence: 99%

Digital Security Governance

Schinagl

View full text Add to dashboard Cite

This dissertation focuses on the phenomenon of Digital Security Governance (DSG), highlighting how “digital security” has emerged as an ongoing strategic concern for contemporary organizations. The objective of this dissertation is to provide theoretical and empirical understanding of the currently under-researched aspects of the DSG phenomenon, i.e., what goes on in the implementation of DSG, how DSG can learn from related fields, and how DSG can be governed to become effective in countering the increasing occurrence of cyber failures. The research aggregated in this dissertation advances knowledge and understanding regarding DSG in multiple ways. The literature review in Chapter 2 reveals a fundamental call for a need for change "from the basement to the boardroom." In an ever-increasing digital and technology-driven world, DSG is a strategic concern that affects the long-term success of organizations at the organizational-wide level. Chapters 3 and 4 provide a thorough understanding of "why" organizations fail to establish successful security governance. Chapters 3-5 together provide direction for answering the research question on "how" organizations can effectively implement and govern security governance approaches in today's ever-changing digital landscapes.

show abstract

Protecting the Play: An Integrative Review of Cybersecurity in and for Sports Events

Bongiovanni,

Herold,

Wilde

2024

Computers & Security

View full text Add to dashboard Cite

A quantification mechanism for assessing adherence to information security governance guidelines

Cited by 8 publications

References 53 publications

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

Digital Security Governance

Protecting the Play: An Integrative Review of Cybersecurity in and for Sports Events

Contact Info

Product

Resources

About