Understanding the plural landscape of cybersecurity governance in Spain: a matter of capital exchange

Del-Real, Cristina; Fernández, Antonio Manuel Díaz

doi:10.1365/s43439-022-00069-4

Cited by 6 publications

(5 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…One of the reasons why estimates of cyber victimization in companies may differ is that the definitions of cybercrime, cyber-attack, or cyber security incident are neither clear nor consistent across studies and may include different crime measures. Such differences may also be masked by a large dark figure among SMEs (Statistics Canada, 2020;van de Weijer et al, 2021;Veenstra et al, 2015).A Delphi study involving 129 cyber security experts in Spain suggests that government, large enterprises, and public cybersecurity institutions are aware that SMEs are not prepared to defend against cybersecurity threats (Del-Real & Díaz-Fernández, 2022). These findings align with survey data from other countries.Although most SMEs in the UK, Canada, and the Netherlands adopt basic cyber security measures such as having up-to-date antivirus software and firewalls, it appears that they are still unprepared to respond adequately to many cyber security incidents.…”

mentioning

confidence: 78%

See 1 more Smart Citation

Insider threats among Dutch SMEs: Nature and extent of incidents, and cyber security measures

Moneva

Leukfeldt

2023

Journal of Criminology

View full text Add to dashboard Cite

Insider threats represent a latent risk to all organizations, whether they are large companies or SMEs. Insiders, the individuals with privileged access to the assets of organizations, can compromise their proper functioning and cause serious consequences that can be direct—such as financial—or indirect—such as reputational. Insider incidents can have a negative impact on SMEs, as their resources are often limited, making it paramount to implement adequate cyber security measures. Despite its indisputable relevance, the empirical study of insider incidents from a criminological point of view has received little attention. This paper presents the results of an exploratory study that aims to understand the nature and extent of three type of insider incidents—malicious, negligent, and well-meaning—and how they are related to the adoption of cyber security measures. To that end, we administered a questionnaire among a panel of 496 Dutch SME entrepreneurs and managers and analyzed the results quantitatively and qualitatively. The results show that although the prevalence of insider incidents is relatively low among Dutch SMEs, few organizations report a disproportionate number of incidents that often entail serious consequences. A regression model shows that there are cyber security measures related to both higher and lower incident likelihood. The implications of these findings for the cyber security policies of SMEs are discussed.

show abstract

mentioning

confidence: 78%

“…A Delphi study involving 129 cyber security experts in Spain suggests that government, large enterprises, and public cyber security institutions are aware that SMEs are not prepared to defend against cyber security threats (Del-Real & Díaz-Fernández, 2022). These findings align with survey data from other countries.…”

Section: Introductionmentioning

confidence: 99%

Insider threats among Dutch SMEs: Nature and extent of incidents, and cyber security measures

Moneva

Leukfeldt

2023

Journal of Criminology

View full text Add to dashboard Cite

show abstract

“…Holistic cybersecurity foundations and cybersecurity context in public sector [2,3,13,[15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34] Tactical-operational cybersecurity workforce management [1,[35][36][37][38][39][40][41][42][43][44][45][46][47] Cybersecurity talent development and retention [4][5][6][7][8][9][10][48][49][50][51][52][53][54]…”

Section: Topic Analyzed Sourcementioning

confidence: 99%

“…The threats and risks that emerge from this environment require unity of action and a broader holistic approach as studied in Ahmed et al [17], and while some research has been conducted in this area as described by Atoum et al in [18], much more work remains to achieve an acceptable level of holism, something that is covered by Kranemburg and Le Gars [19], and to cover those specific threats emanating from cyberspace for which an information security approach does not fit well. Recent studies also suggest the need to extend this holism not only within the organization itself, but also to its network of collaborators, civil organizations, government entities, and citizens, in order to provide the necessary unity of action to effectively respond to threats and risks, as investigated in [20] by Del-Real and Díaz-Fernández.…”

Section: The Importance Of a Holistic Approach To Cybersecuritymentioning

confidence: 99%

Boosting Holistic Cybersecurity Awareness with Outsourced Wide-Scope CyberSOC: A Generalization from a Spanish Public Organization Study

Domínguez-Dorado,

Rodríguez-Pérez,

Carmona-Murillo

et al. 2023

Information

View full text Add to dashboard Cite

Public sector organizations are facing an escalating challenge with the increasing volume and complexity of cyberattacks, which disrupt essential public services and jeopardize citizen data and privacy. Effective cybersecurity management has become an urgent necessity. To combat these threats comprehensively, the active involvement of all functional areas is crucial, necessitating a heightened holistic cybersecurity awareness among tactical and operational teams responsible for implementing security measures. Public entities face various challenges in maintaining this awareness, including difficulties in building a skilled cybersecurity workforce, coordinating mixed internal and external teams, and adapting to the outsourcing trend, which includes cybersecurity operations centers (CyberSOCs). Our research began with an extensive literature analysis to expand our insights derived from previous works, followed by a Spanish case study in collaboration with a digitization-focused public organization. The study revealed common features shared by public organizations globally. Collaborating with this public entity, we developed strategies tailored to its characteristics and transferrable to other public organizations. As a result, we propose the “Wide-Scope CyberSOC” as an innovative outsourced solution to enhance holistic awareness among the cross-functional cybersecurity team and facilitate comprehensive cybersecurity adoption within public organizations. We have also documented essential requirements for public entities when contracting Wide-Scope CyberSOC services to ensure alignment with their specific needs, accompanied by a management framework for seamless operation.

show abstract

“…La fragmentación institucional, consecuencia parcial del modelo multi-stakeholders adoptado por la UE, se observa en el número de diferentes instituciones involucradas en cada una de las prácticas de ciberseguridad descritas en este artículo. Estudios recientes ya han resaltado que el modelo de gobernanza se ha estructurado en torno a dos actores principales, el CCN y el INCIBE, a los que rodean una enorme variedad de otros actores públicos y privados 93 . La fragmentación política y narrativa de la gobernanza de la ciberseguridad ha sido descrita por otros estudios 94 , consecuencia de complejidad tecnológica, la carencia de modelos de gobernanza del ciberespacio consolidados.…”

Section: Conclusionesunclassified

Panorama institucional de la gobernanza de la ciberseguridad en España

Del-Real

2022

REJUCRIM

View full text Add to dashboard Cite

Resumen: Mantener seguro el ciberespacio es una tarea compleja que supone un reto constante para las instituciones públicas. A la primera oleada de desinterés político por la ciberseguridad le ha seguido una renovada preocupación por la soberanía digital, la defensa de la ciberseguridad nacional y, más recientemente, la protección de la ciudadanía en el ciberespacio. Para cumplir estos objetivos, los Estados han desarrollado normativas, instituciones y prácticas basadas en diferentes narrativas. Este estudio analiza las instituciones involucradas en la gobernanza de la ciberseguridad en España a través de cuatro prácticas: cultura de ciberseguridad, respuesta a ciber incidentes y ciber crisis, protección de infrastructuras críticas e investigación criminal. El artículo aporta evidencias coincidentes con la conclusión de que España ha adoptado la narrativa de la gobernanza multi-stakeholder a través de competencias distribuidas entre diferentes actores. Este enfoque se ha materializado en fragmentación institucional y a la falta de claridad sobre el sistema de ciberseguridad en España. El artículo finaliza con propuestas de políticas públicas que podrían contribuir a una mayor unidad, coordinación y claridad del sistema de gobernanza de la ciberseguridad.

show abstract

Understanding the plural landscape of cybersecurity governance in Spain: a matter of capital exchange

Cited by 6 publications

References 30 publications

Insider threats among Dutch SMEs: Nature and extent of incidents, and cyber security measures

Insider threats among Dutch SMEs: Nature and extent of incidents, and cyber security measures

Boosting Holistic Cybersecurity Awareness with Outsourced Wide-Scope CyberSOC: A Generalization from a Spanish Public Organization Study

Panorama institucional de la gobernanza de la ciberseguridad en España

Contact Info

Product

Resources

About