Temitayo Oluwaseun Abrahams,Sarah Kuzankah Ewuga,Samuel Onimisi Dawodu,Abimbola Oluwatoyin Adegbite,Azeez Olanipekun Hassan

DOI: https://doi.org/10.51594/csitrj.v5i1.699

2024-01-09

Computer Science & IT Research Journal

Abstract:In an era where digital threats are increasingly pervasive, understanding the evolution and efficacy of cybersecurity strategies in modern organizations is paramount. This study provides a comprehensive analysis of the dynamic landscape of cybersecurity, exploring its progression from traditional methods to innovative, technology-driven approaches. The digital age has ushered in complex cyber threats, necessitating robust cybersecurity measures. This study examines cybersecurity strategies' historical development, current trends, and future directions across different organizational contexts and industries. The primary aim is to assess the evolution and effectiveness of cybersecurity measures, identify existing gaps, and understand the interplay between human behavior, technology, and policy in cybersecurity. The paper encompasses a comprehensive methodological framework for cybersecurity analysis, exploring the effectiveness of traditional versus modern approaches, the role of AI and ML, and the impact of international policies. It also presents case studies to illustrate successes and failures in cybersecurity implementation. Key findings reveal a significant shift towards advanced technologies like AI and ML in cybersecurity, the critical role of human factors in shaping cybersecurity outcomes, and the influence of international policies in standardizing cybersecurity practices. The study concludes that effective cybersecurity strategies require a balanced approach, combining technological advancements with understanding human factors and adherence to international standards. Recommendations include continuous education and training, adopting holistic cybersecurity strategies, and aligning with international policies. Keywords: Cybersecurity, Artificial Intelligence, Machine Learning, International Policies, Human Factors, Cyber Threats.

Abimbola Oluwatoyin Adegbite,Deborah Idowu Akinwolemiwa,Prisca Ugomma Uwaoma,Simon Kaggwa,Odunayo Josephine Akindote,Samuel Onimisi Dawodu

DOI: https://doi.org/10.51594/csitrj.v4i3.658

2023-12-24

Computer Science & IT Research Journal

Abstract:This review analyses cybersecurity methods in the USA, focusing on protecting national infrastructure, with lessons and implications for global cybersecurity practices. In an era dominated by digital interconnectedness, the protection of national infrastructure from cyber threats is of paramount importance. This paper provides a comprehensive review of cybersecurity strategies employed by the United States to safeguard critical national infrastructure. As the nation's reliance on technology continues to grow, so does the complexity and sophistication of cyber threats. The paper examines key frameworks, policies, and initiatives implemented by the USA to fortify its critical infrastructure against cyber-attacks. It outlines the current threat landscape, the evolving nature of cyber threats and the potential consequences of successful attacks on critical sectors such as energy, transportation, and finance. It also analyzes the strategic approaches adopted by the USA, including the National Infrastructure Protection Plan (NIPP), the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and collaborative efforts between the public and private sectors. The paper explores the role of government agencies, regulatory bodies, and private enterprises in implementing and enforcing cybersecurity measures. It assesses the effectiveness of information sharing initiatives, public-private partnerships, and international collaborations in enhancing the resilience of national infrastructure against cyber threats. Furthermore, the review addresses emerging technologies such as Artificial Intelligence (AI) and the Internet of Things (IoT) in the context of cybersecurity. It evaluates how these technologies are leveraged to detect, prevent, and respond to cyber threats in real-time, considering both their benefits and potential risks. Ethical considerations, privacy concerns, and challenges associated with the implementation of robust cybersecurity strategies are also discussed. The paper concludes with insights into the evolving nature of cyber threats and recommendations for continuous improvement in national cybersecurity strategies, emphasizing the need for agility, adaptability, and collaboration to stay ahead of an ever-changing threat landscape. This study contributes to the broader understanding of cybersecurity practices, offering insights that are not only relevant to the USA but also applicable to other nations facing similar challenges in safeguarding their critical infrastructure in an increasingly interconnected and digital world. Keywords: Cybersecurity, Strategies, Protecting, National Infrastructure, USA, NIST, Artificial Intelligence.

Hewa Balisane,,Ehigiator Egho-Promise,Emmanuel Lyada,Folayo Aina,Abimbola Sangodoyin,Halima Kure,,,,,

DOI: https://doi.org/10.26562/irjcs.2024.v1106.03

2024-06-30

International Research Journal of Computer Science

Abstract:The rapidly evolving landscape of cyber threats necessitates robust and adaptable strategies to safeguard networking. This study explores the development and evaluation of a comprehensive framework for threat mitigation, integrating advanced methodologies from cybersecurity, risk management, and threat intelligence. Leveraging a mixed-methods approach, including surveys and secondary data analysis, the research assesses current practices and identifies critical gaps in existing frameworks. The proposed multi-layered defense mechanism incorporates proactive and reactive measures, aligning real-time threat intelligence with sophisticated incident response strategies. Key components such as anomaly detection systems, employee training, and continuous security audits are highlighted as essential elements of the framework. Through extensive validation, including empirical tests and case studies, the framework demonstrates its efficacy in enhancing organizational resilience against complex cyber threats. The findings provide valuable insights into the practical application of integrated cybersecurity measures, offering a scalable and flexible solution tailored to the dynamic nature of digital security challenges. This study addresses the critical need for an adaptable and holistic approach to threat mitigation, contributing to the field of cybersecurity with actionable strategies for managing and mitigating digital threats

DOI: https://doi.org/10.33140/aurdp.01.01.02

2024-02-27

Abstract:Background: Cyber Security is to protect online data and software from cyber threats. These cyberattacks are typically intended to gain access to, change, or delete sensitive information; extort money from users; or disrupt regular corporate activities. It is difficult to keep up a regular follow up with new technologies, so it is necessary to keep the important data safe from cyber threats. There are many types of cyber threats, malware, ransomware, social engineering, phishing etc. To prevent cyber-attacks one can, use password manager tools like LastPass and others. People also use two factor authentication for double security on their accounts. Methods: Boards such as the National Institute of Standards and Technology (NIST) are developing frameworks to assist firms in understanding their security risks, improving cybersecurity procedures, and preventing cyber assaults. The fight against cybercrimes and attack, organizations needed a strong base there are 5 types of cyber securities: Critical Infrastructure Security, application security, network security, cloud security and (IoT) Security. In the modern time the US is highly based on computers and on different software, so it is really important for the US to be more conscious about the security as they get many threats almost every day for hacking their data and accounts. Results and Conclusion: Nowadays, even small businesses rarely recover their loss from the cyber-attacks and many back-off from continuing their businesses after being target of hackers. The first cybercrime attack was recorded in 1988 by a graduate student. Now that large companies and even small businesses are aware of cyber-attacks, they try their best to take every precaution to prevent hacking with double security and password manager tools.

Benjamin Idoko,Jennifer Amaka Alakwe,Ogochukwu Judith Ugwu,Joy Ene Idoko,Fedora Ochanya Idoko,Victoria Bukky Ayoola,Ejembi Victor Ejembi,Tomilola Adeyinka

DOI: https://doi.org/10.30574/msarr.2024.11.2.0110

2024-07-30

Magna Scientia Advanced Research and Reviews

Abstract:The imperative for robust healthcare data privacy and security is escalating as healthcare systems worldwide are increasingly digitized. This review paper presents a comprehensive comparative analysis of the regulatory frameworks, challenges, and best practices related to healthcare data privacy and security in the United States and Nigeria. By examining the Health Insurance Portability and Accountability Act (HIPAA) in the US and the Nigeria Data Protection Regulation (NDPR) alongside other local regulations, this study highlights the nuances of each country's approach to safeguarding patient data. The analysis extends to the effectiveness of technological solutions like encryption and blockchain, and assesses the role of governance in policy implementation. Case studies from both nations offer insights into successful strategies and underscore the gaps and opportunities for cross-country learning and improvement. The paper concludes with targeted recommendations for policymakers and healthcare providers, aiming to strengthen the security measures and propose areas for further research and development in healthcare data management. This comparative study not only sheds light on current practices but also charts a course for future collaborative efforts to enhance data privacy and security in healthcare on a global scale.

Oloyede Adekunle,Ajibade Idris,Obunadike Callistus,Phillips Adeniyi,Shittu Olayemi,Taiwo Esther,KizorAkaraiwe Somto

DOI: https://doi.org/10.5121/ijci.2023.120504

2023-08-12

International Journal on Cybernetics & Informatics

Abstract:The study is focused on identity theft and cybersecurity in United States. Hence, the study is aimed at examining the impact of cybersecurity on identity theft in United States using a time series data which covers the period between 2001 and 2021. Trend analysis of complaints of identity theft and cybersecurity over the years was conducted; also, the nature of relationship between the two variables was established. Chi-Square analysis was used to examine the impact of cybersecurity on identity theft in United States. Line graphs were used to analyze the trend in the variable. Time series data was used in the study and the data was obtained from secondary sources; Statista.com, US Federal Trade Commission, Insurance Information Institute and Identitytheft.org. Result from the study revealed that consumers’ complaints on identity theft were on the increase every year. Total spending of the economy (both private and public sector) on cybersecurity was on continuous increase over the years. More than 100% of spending in 2010 was incurred in 2018. The Chi-Square analysis revealed that cybersecurity does not have significant impact on identity theft. The study recommended that the government increase the level of public awareness to ensure that members of the public protect their personal and other information to ensure that they are not compromised for fraud or identity theft. Organizations also need to invest more in the security system and develop policies that will support the security system. At the country level, international treaties and collaboration should be encouraged to prosecute the fraudsters hiding behind national borders.

Stephanie Ness,Tushar Khinvasara

DOI: https://doi.org/10.9734/jerr/2024/v26i21075

2024-01-29

Journal of Engineering Research and Reports

Abstract:Currently, the majority of economic, commercial, cultural, social, and governmental activity and contacts between countries, encompassing individuals, non-governmental organizations, and government institutions, occur in the virtual realm known as cyberspace. In recent times, numerous private enterprises and governmental institutions worldwide have encountered the issue of cyber- attacks and the peril associated with wireless communication technology. The modern society heavily relies on electronic technology, and safeguarding this data from cyber-attacks poses a formidable challenge. Cyber-attacks are intended to inflict financial harm onto companies. Cyber- attacks may serve military or political objectives in certain instances. Some examples of these damages include PC infections, knowledge breaches, data distribution service (DDS), and other attack routes. For this purpose, different companies employ diverse strategies to mitigate the harm caused by cyber-attacks. Cybersecurity monitors up-to-date information on the most recent IT data. Researchers worldwide have proposed several techniques to prevent cyber-attacks or mitigate their impact. Several approaches are currently in the operational phase, while others are still in the study phase. The objective of this study is to conduct a thorough examination and evaluation of the latest advancements in the field of cyber security, with the purpose of identifying and analyzing the problems, vulnerabilities, and strengths of the proposed methodologies. A comprehensive analysis is conducted on several forms of novel descendant attacks. The discussion revolves around conventional security frameworks, encompassing their historical context and early-generation approaches to cyber-security. Furthermore, this report presents the latest advancements and developing patterns in the field of cyber security, as well as the current problems and risks to security. The comprehensive review study offered for IT and cyber security researchers is anticipated to be beneficial.

Noor Suhani Sulaiman,Muhammad Ashraf Fauzi,Walton Wider,Jegatheesan Rajadurai,Suhaidah Hussain,Siti Aminah Harun

DOI: https://doi.org/10.3390/socsci11090386

2022-08-30

Social Sciences

Abstract:Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation.

English Else

Aristotle Onumo,Irfan Ullah-Awan,Andrea Cullen

DOI: https://doi.org/10.1145/3424282

2021-06-01

ACM Transactions on Management Information Systems

Abstract:The increase in cybersecurity threats and the challenges for organisations to protect their information technology assets has made adherence to organisational security control processes and procedures a critical issue that needs to be adequately addressed. Drawing insight from organisational theory literature, we develop a multi-theory model, combining the elements of the theory of planned behaviour, competing value framework, and technology—organisational and environmental theory to examine how the organisational mechanisms interact with espoused cultural values and employee cognitive belief to influence cybersecurity control procedures. Using a structured questionnaire, we deployed structural equation modelling (SEM) to analyse the survey data obtained from public sector information technology organisations in Nigeria to test the hypothesis on the relationship of socio-organisational mechanisms and techno-cultural factors with other key determinants of employee security behaviour. The results showed that knowledge of cybersecurity and employee cognitive belief significantly influence the employees’ intentions to comply with organisational cybersecurity control mechanisms. The research further noted that the influence of organisational elements such as leadership on employee security behaviour is mediated by espoused cultural values while the impact of employee cognitive belief is moderated by security technologies. For effective cybersecurity compliance, leaders and policymakers are therefore to promote organisational security initiatives that ensure incorporation of cybersecurity principles and practices into job descriptions, routines, and processes. This study contributes to behavioural security research by highlighting the critical role of leadership and cultural values in fostering organisational adherence to prescribed security control mechanisms.

Lubna Ambreen,Manjula Jain,Rakesh Kumar Yadav,Shweta Loonkar

DOI: https://doi.org/10.31893/multirev.2023ss080

2024-05-12

Multidisciplinary Reviews

Abstract:Small-to-medium-sized enterprises (SMEs) make up a significant portion of the economies of many nations. However, research shows that many companies fall short when establishing cyber security, making them vulnerable to assaults. In addition, while accounting for a sizable share of firms, studies on cyber security focus on SMEs. This study reviews the latest evaluation on the cyber security of SMEs, emphasizing how well this experiment aligns with the well-known National Institute of Standards and Technology (NIST) and Cyber Security Framework (CSF). The report begins by underlining the crucial necessity of cybersecurity in the digital era and the particular issues that SMEs confront. It emphasizes the financial and reputational dangers associated with cyber events, emphasizing the importance of solid cybersecurity procedures. The review investigates several cybersecurity risk management approaches, strategies and frameworks, providing insights into their relevance and efficacy in the context of SMEs. We discovered that study in SME cyber security is sophisticated and specialized attention on the NIST and CSF recognize as well as defend tasks, with minimal effort spent on the other current activities. SMEs should be equipped to detect, react to, and recover from cybercrime. SMEs might not have appropriate information on responding to such occurrences if research in these areas is pathetic. In future studies in SMEs, there needs to be an excellent equilibrium in cyber security. Scholars ought to use firm, proven mathematical methods to improve and test their work, yet governments and academia are urged to invest in providing researchers with incentives to broaden their research horizons.

DOI: https://doi.org/10.54060/a2zjournals.jase.42

2024-01-01

Abstract:Due to the quick development of technology, the digital age has brought with it ad-vantages never before seen, but it has also opened the door to a flood of new cyber security concerns. This study offers detailed analysis of the cyber threat environment in the digital era along with suggestions for doable protective measures. The report outlines a number of cyber threats, including malware, phishing scams, ransomware, and insider threats. It looks at the continually evolving tactics employed by cyber-criminals, such as social engineering, zero-day flaws, and sophisticated persistent threats. The growing hazards associated with cutting-edge technology, such as the Internet of Things (IoT), cloud computing, and artificial intelligence, are also exam-ined. The importance of a multi-layered security strategy to counter these attacks is emphasized in the article. Among the important preventative measures that are presented are robust network security, secure coding methodologies, user awareness training, encryption, access controls, and incident response planning. It also high-lights how crucial it is for people, businesses, and governments to collaborate in or-der to confront cyber risks. By using the recommended solutions and promoting a culture of cyber security awareness, people and organizations may navigate the dig-ital age with confidence and protect themselves from the continuously evolving environment of cyber risks.

Oluwafemi Olukoya

DOI: https://doi.org/10.1016/j.cose.2022.102697

2022-06-01

Abstract:The processing of personal data has become a prominent concern for stakeholders when selecting software or service providers to serve their needs. Different laws and legislation have been introduced to standardize and strengthen data protection policies across different countries to protect such data. Therefore, businesses and organizations responsible for managing personal data are obligated to implement the privacy and security requirements established by these laws and legislation. Different methods and tools have been provided for eliciting requirements for legally compliant software based on the relevant data protection laws and legislation. However, little has been done in assessing these methodologies on regulations outside the EU and the US. This paper aims to assess these methodologies on other information security laws and regulations beyond the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA) by eliciting security requirements explicitly focusing on the Nigerian data protection regulation. To investigate the applicability of these methodologies, we use the extracted privacy and security requirements with information communication protocols in verifying compliance in procedural practices of products and services in the financial technology sector. The analysis reports on the completeness, consistency, and utility of the frameworks. Finally, foundational research directions for interoperable standards for eliciting software requirements from legal texts are proposed.

computer science, information systems

Chukwuka Elendu,Eunice K. Omeludike,Praise O. Oloyede,Babajide T. Obidigbo,Janet C. Omeludike

DOI: https://doi.org/10.1097/md.0000000000039887

IF: 1.6

2024-09-29

Medicine

Abstract:In recent years, integrating digital technologies in healthcare has revolutionized medical practice, enhancing patient care, data management, and operational efficiency. However, this digital transformation has also exposed healthcare systems to significant cybersecurity threats, leading to legal and ethical challenges for clinicians. [ 1–3 ] The increasing frequency and sophistication of cyber-attacks, such as ransomware, data breaches, and hacking incidents, pose substantial risks to patient privacy, data integrity, and overall healthcare delivery. [ 1–3 ] These incidents jeopardize patient safety and implicate healthcare professionals in potential legal liabilities. Emerging technologies, including artificial intelligence (AI) and quantum computing, are at the forefront of cybersecurity innovations and challenges. AI, for instance, offers promising applications in detecting and mitigating cyber threats through advanced algorithms and machine learning (ML) techniques. However, deploying AI systems in healthcare raises concerns regarding data security, privacy, and ethical implications. If not properly managed, AI systems can introduce biases that may result in discriminatory practices or inaccurate decision-making. [ 4 , 5 ] Moreover, quantum computing, potentially breaking traditional encryption methods, further complicates the cybersecurity landscape, necessitating new cryptographic approaches and legal frameworks to safeguard sensitive health information. [ 6 ] The global nature of cybersecurity threats underscores the importance of international cooperation and regulatory harmonization. Countries have adopted varying approaches to managing cybersecurity incidents in healthcare, influenced by their legal systems, cultural values, and technological infrastructures. For example, the European Union's General Data Protection Regulation (GDPR) imposes stringent data protection requirements, including reporting data breaches within 72 hours. [ 7 ] In contrast, the United States has a more fragmented regulatory landscape, with laws such as the Health Insurance Portability and Accountability Act (HIPAA) providing a framework for protecting patient information. Still, varying state laws complicate compliance. [ 8 ] A comparative analysis of these international regulations reveals best practices and highlights areas where further harmonization is needed to protect healthcare data globally. The legal implications of cybersecurity incidents extend beyond compliance with data protection regulations. As custodians of patient data, clinicians may face legal consequences in data breaches or unauthorized access to sensitive information. These legal responsibilities necessitate a thorough understanding of cybersecurity best practices and implementing robust security measures. For instance, clinicians must ensure secure communication channels, regular updates to software systems, and adherence to data encryption standards. [ 9 ] Furthermore, clinicians should be aware of their obligations to report cybersecurity incidents and cooperate with investigations, as failure can result in legal penalties and damage to professional reputations. [ 10 ] Ethical considerations are also paramount in the context of cybersecurity in healthcare. The principle of patient autonomy, which underpins informed consent and confidentiality, is challenged when cybersecurity incidents compromise patient data. Healthcare professionals must navigate these ethical dilemmas, balancing the need to protect patient information with the necessity of using digital tools for medical care. [ 11 ] Moreover, deploying AI in healthcare introduces questions about the transparency and accountability of decision-making processes. Ensuring that AI systems are transparent, explainable, and free from biases is crucial to maintaining public trust and ensuring equitable healthcare outcomes. [ 12 ] Case studies of cybersecurity incidents in healthcare provide valuable insights into the practical challenges and consequences clinicians face. For example, the WannaCry ransomware attack in 2017 severely disrupted the UK's National Health Service (NHS), affecting numerous hospitals and clinics and leading to the cancelation of thousands of appointments. [ 13 ] This incident highlighted the vulnerability of healthcare systems to cyber threats and underscored the importance of proactive cybersecurity measures. Similarly, the breach of patient data at Ant -Abstract Truncated-

medicine, general & internal

Regner Sabillon,Juan Ramon Bermejo Higuera,Jeimy Cano,Javier Bermejo Higuera,Juan Antonio Sicilia Montalvo

DOI: https://doi.org/10.3390/electronics13163257

IF: 2.9

2024-08-18

Electronics

Abstract:This study validates a comprehensive cybersecurity audit model through empirical analysis in three higher education institutions in Canada. The research aims to enhance cybersecurity resilience by assessing the effectiveness of cybersecurity controls across diverse educational environments. Given the increasing frequency and sophistication of cyberattacks targeting educational institutions, this research is essential to ensure the protection of sensitive academic and personal data. Data were collected through detailed audits involving system vulnerabilities, compliance with security policies, and incident response management at each institution. The findings underscore the importance of tailored cybersecurity strategies and continuous auditing to mitigate cyber risks in the Canadian higher education sector. This study contributes to the field by validating a versatile audit tool that can be adapted to various institutional contexts, promoting enhanced cybersecurity practices and evaluating the effectiveness of cybersecurity safeguards across the higher education sector in Canada. The results of the audit model validations provide the cybersecurity maturity rating of each institution. Further research is recommended to refine the model and explore its application in other industries and sectors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Luther Kington Nwobodo,Chioma Susan Nwaimo,Ayodeji Enoch Adegbola

DOI: https://doi.org/10.30574/gscarr.2024.19.3.0211

2024-06-30

GSC Advanced Research and Reviews

Abstract:In the modern digital landscape, the exponential growth of big data and the proliferation of advanced analytics present both unprecedented opportunities and significant challenges for cybersecurity. This review explores the imperative of enhancing cybersecurity protocols to safeguard sensitive information and ensure the integrity of digital infrastructures in an era characterized by vast data generation and sophisticated analytical techniques. As organizations across various sectors leverage big data to drive innovation and gain competitive advantages, they simultaneously face heightened risks from cyber threats. Advanced analytics, including machine learning and artificial intelligence, offer potent tools for detecting and mitigating these threats. However, the integration of such technologies into cybersecurity frameworks demands a comprehensive and forward-thinking approach. Key to this enhancement is the development of robust data governance policies that ensure data integrity, confidentiality, and availability. These policies must address the complexities introduced by diverse data sources, varied data formats, and the velocity at which data is generated and processed. Additionally, the implementation of machine learning algorithms can significantly improve threat detection capabilities by identifying patterns and anomalies indicative of cyber threats, thus enabling proactive defense mechanisms. Moreover, enhancing cybersecurity protocols involves the adoption of encryption techniques and secure communication channels to protect data both at rest and in transit. Continuous monitoring and real-time analytics are crucial for maintaining situational awareness and promptly responding to potential breaches. The utilization of big data analytics also facilitates the identification of vulnerabilities and the assessment of risk profiles, allowing for the prioritization of security measures based on threat severity and impact. Despite the technological advancements, challenges such as data privacy concerns, algorithmic biases, and the need for skilled cybersecurity professionals persist. Addressing these challenges requires a multi-faceted strategy encompassing regulatory compliance, ethical considerations, and ongoing education and training. In conclusion, enhancing cybersecurity protocols in the era of big data and advanced analytics is essential for protecting critical digital assets and maintaining trust in digital ecosystems. By integrating cutting-edge analytical tools and establishing comprehensive data governance frameworks, organizations can effectively mitigate cyber risks and leverage the full potential of big data for sustainable growth and innovation.

Temitayo Oluwaseun Abrahams,Oluwatoyin Ajoke Farayola,Simon Kaggwa,Prisca Ugomma Uwaoma,Azeez Olanipekun Hassan,Samuel Onimisi Dawodu

DOI: https://doi.org/10.51594/csitrj.v5i1.708

2024-01-11

Computer Science & IT Research Journal

Abstract:As organizations continue to grapple with the escalating threat landscape of cyber-attacks, the imperative to fortify their cybersecurity defenses becomes increasingly paramount. This review delves into the critical realm of cybersecurity awareness and education programs, focusing on the pivotal factors of employee engagement and accountability. The effectiveness of these programs in cultivating a cyber-resilient workforce is scrutinized through an extensive examination of existing literature, empirical studies, and industry practices. The review begins by exploring the foundational elements of cybersecurity awareness programs, elucidating the significance of imparting knowledge and instilling a culture of vigilance among employees. It examines the diverse methodologies employed in these programs, ranging from interactive workshops and simulated phishing exercises to online modules and gamified learning platforms. A comparative analysis of these approaches sheds light on their respective strengths and limitations. A central theme of this review revolves around the nexus between employee engagement and cybersecurity resilience. It delves into the psychological and behavioral aspects of engagement, assessing how motivational factors and tailored learning experiences contribute to heightened cybersecurity awareness. The impact of organizational culture and leadership support on fostering a sense of responsibility among employees is also explored, emphasizing the need for a holistic approach that transcends mere compliance. Furthermore, the review investigates the role of accountability in sustaining the efficacy of cybersecurity initiatives. It examines the mechanisms employed by organizations to enforce adherence to security policies and protocols, emphasizing the role of robust monitoring systems, clear communication channels, and consequence management. Case studies and real-world examples are integrated to illustrate instances of successful accountability frameworks and their influence on overall cybersecurity posture. This review synthesizes key findings and identifies emerging trends in cybersecurity awareness and education programs, with a particular focus on optimizing employee engagement and fostering a culture of accountability. The insights gleaned from this analysis provide a roadmap for organizations seeking to fortify their defenses against evolving cyber threats by cultivating a vigilant and proactive workforce. Keywords: Cybersecurity, Education, Cyber threat, Employee engagement, Accountability.

Adejoke T. Odebade,Elhadj Benkhelifa

2023-03-24

Abstract:Cyber security initiatives provide immense opportunities for governments to educate, train, create awareness, and promote cyber hygiene among businesses and the general public. Creating and promoting these initiatives are necessary steps governments take to ensure the cyber health of a nation. To ensure users are safe and confident, especially online, the UK government has created initiatives designed to meet the needs of various users such as small charity guide for charity organisations, small business guide for small businesses, get safe online for the general public, and cyber essentials for organisations, among many others. However, ensuring that these initiatives deliver on their objectives can be daunting, especially when reaching out to the whole population. It is, therefore, vital for the government to intensify practical ways of reaching out to users to make sure that they are aware of their obligation to cyber security. This study evaluates sixteen of the UK government's cyber security initiatives and discovers four notable reasons why these initiatives are failing. These reasons are insufficient awareness and training, non-evaluation of initiatives to measure impact, insufficient behavioural change, and limited coverage to reach intended targets. The recommendation based on these findings is to promote these initiatives both nationally and at community levels.

Computers and Society

Olamide Raimat Amosu,Praveen Kumar,Yewande Mariam Ogunsuji,Adesola Adelaja,Oladapo Faworaja,Kikelomo Adetula

DOI: https://doi.org/10.30574/wjarr.2024.23.2.2408

2024-08-30

World Journal of Advanced Research and Reviews

Abstract:This study explores developing and implementing advanced cybersecurity protocols to protect customer data and ensure secure transactions within the retail industry. By setting a high standard for data protection, these measures contribute significantly to national cybersecurity efforts. The research analyzes current threats, evaluates existing cybersecurity frameworks, and proposes robust protocols to mitigate potential risks. The findings demonstrate that enhanced cybersecurity measures safeguard sensitive information, reinforce consumer trust, and comply with regulatory requirements. For instance, adopting end-to-end encryption and multi-factor authentication significantly improves data security. Additionally, integrating AI-driven real-time threat detection systems and regular security audits are highlighted as critical components in a comprehensive cybersecurity strategy. This paper provides a comprehensive guide for retail organizations to enhance their cybersecurity posture effectively, contributing to the broader goal of national cybersecurity and setting a high standard for the industry.

Alladean Chidukwani,Sebastian Zander,Polychronis Koutsakis

DOI: https://doi.org/10.1109/access.2022.3197899

IF: 3.9

2022-09-04

IEEE Access

Abstract:Small-to-medium sized businesses (SMBs) constitute a large fraction of many countries' economies but according to the literature SMBs are not adequately implementing cyber security which leaves them susceptible to cyber-attacks. Furthermore, research in cyber security is rarely focused on SMBs, despite them representing a large proportion of businesses. In this paper we review recent research on the cyber security of SMBs, with a focus on the alignment of this research to the popular NIST Cyber Security Framework (CSF). From the literature we also summarise the key challenges SMBs face in implementing good cyber security and conclude with key recommendations on how to implement good cyber security. We find that research in SMB cyber security is mainly qualitative analysis and narrowly focused on the Identify and Protect functions of the NIST CSF with very little work on the other existing functions. SMBs should have the ability to detect, respond and recover from cyber-attacks, and if research lacks in those areas, then SMBs may have little guidance on how to act. Future research in SMB cyber security should be more balanced and researchers should adopt well-established powerful quantitative research approaches to refine and test research whilst governments and academia are urged to invest in incentivising researchers to expand their research focus.

Gregory Falco,Eric Rosenbach

DOI: https://doi.org/10.1093/oso/9780197526545.003.0004

2021-11-18

Abstract:The question “What do I need to know about cyber frameworks, standards, and laws?” distills the complex landscape of cyber risk laws, requirements, and standards. The chapter begins with a case study on Nielsen Holdings’ legal and business trouble with the European General Data Protection Regulation (GDPR). It distinguishes compliance from security—explaining how readers can achieve both—and clarifies the dynamic, complex legal landscape in a world of ever-evolving cyber risk. It reviews legislation relating to cyber risk including the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GBLA), the Federal Information Security Management Act (FISMA), and GDPR. The chapter describes the importance of adopting the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, creating a cyber policy/act/law/regulation “watch list” and purchasing cyber insurance. At the chapter’s end Falco shares Embedded Endurance strategy insight from his experience leading a team developing a cyber standard of care.