Information Security Assurance and the Role of Security Configuration Management: Substantive and Symbolic Perspectives

Sun, Chia-Ming; Wang, Yen-Yao; Yang, Chen-Bin

doi:10.2308/isys-2020-065

Cited by 3 publications

(1 citation statement)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, it would be possible to expand the proposed methodology to integrate other data sources. A common misperception is that NVD is only one piece of the puzzle and the ERP Manager limits their review only to NVD vulnerabilities (Sun et al , 2022).…”

Section: Discussionmentioning

confidence: 99%

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

Mathieu,

Turovlin

2023

ICS

View full text Add to dashboard Cite

Purpose Cyber risk has significantly increased over the past twenty years. In many organizations, data and operations are managed through a complex technology stack underpinned by an Enterprise Resource Planning (ERP) system such as systemanalyse programmentwicklung (SAP). The ERP environment by itself can be overwhelming for a typical ERP Manager, coupled with increasing cybersecurity issues that arise creating periods of intense time pressure, stress and workload, increasing risk to the organization. This paper aims to identify a pragmatic approach to prioritize vulnerabilities for the ERP Manager. Design/methodology/approach Applying attention-based theory, a pragmatic approach is developed to prioritize an organization’s response to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) vulnerabilities using a Classification and Regression Tree (CART). Findings The application of classification and regression tree (CART) to the National Institute of Standards and Technology’s National Vulnerability Database identifies prioritization unavailable within the NIST’s categorization. Practical implications The ERP Manager is a role between technology, functionality, centralized control and organization data. Without CART, vulnerabilities are left to a reactive approach, subject to overwhelming situations due to intense time pressure, stress and workload. Originality/value To the best of the authors’ knowledge, this work is original and has not been published elsewhere, nor is it currently under consideration for publication elsewhere. CART has previously not been applied to the prioritizing cybersecurity vulnerabilities.

show abstract

Section: Discussionmentioning

confidence: 99%

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

Mathieu,

Turovlin

2023

ICS

View full text Add to dashboard Cite

show abstract

Blockchain-enabled police management framework for securing police data

Liao

2023

Soft Comput

View full text Add to dashboard Cite

For-profit versus non-profit cybersecurity posture: breach types and locations in healthcare organisations

Ignatovski

2023

HIM J

View full text Add to dashboard Cite

Background The implementation of emerging technologies has resulted in an increase of data breaches in healthcare organisations, especially during the COVID-19 pandemic. Health information and cybersecurity managers need to understand if, and to what extent, breach types and locations are associated with their organisation’s business type. Objective To investigate if breach type and breach location are associated with business type, and if so, investigate how these factors affect information systems and protected health information in for-profit versus non-profit organisations. Method The quantitative study was performed using chi-square tests for association and post-hoc comparison of column proportions analysis on an archival data set of reported healthcare data breaches from 2020 to 2022. Data from the Department of Health and Human Services website was retrieved and each organisation classified as for-profit or non-profit. Results For-profit organisations experienced a significantly higher number of breaches due to theft, and non-profit organisations experienced a significantly higher number of breaches due to unauthorised access. Furthermore, the number of breaches that occurred on laptops and paper/films was significantly higher in for-profit organisations. Conclusion While the threat level of hacking techniques is the same in for-profit and non-profit organisations, certain breach types are more likely to occur within specific breach locations based on the organisation’s business type. To protect the privacy and security of medical information, health information and cybersecurity managers need to align with industry-leading frameworks and controls to prevent specific breach types that occur in specific locations within their environments.

show abstract

Information Security Assurance and the Role of Security Configuration Management: Substantive and Symbolic Perspectives

Cited by 3 publications

References 26 publications

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

Blockchain-enabled police management framework for securing police data

For-profit versus non-profit cybersecurity posture: breach types and locations in healthcare organisations

Contact Info

Product

Resources

About