Noor Suhani Sulaiman,Muhammad Ashraf Fauzi,Walton Wider,Jegatheesan Rajadurai,Suhaidah Hussain,Siti Aminah Harun

DOI: https://doi.org/10.3390/socsci11090386

2022-08-30

Social Sciences

Abstract:Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation.

English Else

Nenad Jevtić,Ibrahim Alhudaidi

DOI: https://doi.org/10.5937/sjem2302048j

2023-01-01

Serbian Journal of Engineering Management

Abstract:Information security is a key aspect of organizations' operations in today's digital age. This paper aims to analyze the importance of information security for organizations, investigating its impact on preserving the integrity, confidentiality and availability of data. Organizations are increasingly faced with complex challenges in explaining cyber threats, which emphasizes the necessity of implementing effective information security strategies. Effective data protection is the key to maintaining the trust of clients and partners, reducing financial losses and preserving the organization's reputation. In addition, information security has a significant impact on maintaining a competitive advantage, allowing organizations to innovate without fear of data loss or privacy breaches. A secure infrastructure also provides a foundation for compliance with regulatory requirements, thereby reducing the risk of legal consequences. Considering the rapid development of technology and increasingly sophisticated cyber threats, organizations face the constant challenge of adapting their security strategies. Employee education is becoming a key component of the overall information security system, and organizations that invest resources in training and security awareness have a better ability to respond to potential threats. Information security is becoming a necessary pillar of modern business, protecting organizations from cyber risk, enhancing their reputation and providing the foundation for long-term success.

Harrison Stewart,Jan Jürjens

DOI: https://doi.org/10.1108/ics-07-2016-0054

2017-11-13

Information and Computer Security

Abstract:Purpose The aim of this study is to encourage management boards to recognize that employees play a major role in the management of information security. Thus, these issues need to be addressed efficiently, especially in organizations in which data are a valuable asset. Design/methodology/approach Before developing the instrument for the survey, first, effective measurement built upon existing literature review was identified and developed and the survey questionnaires were set according to past studies and the findings based on qualitative analyses. Data were collected by using cross-sectional questionnaire and a Likert scale, whereby each question was related to an item as in the work of Witherspoon et al. (2013). Data analysis was done using the SPSS.3B. Findings Based on the results from three surveys and findings, a principle of information security compliance practices was proposed based on the authors’ proposed nine-five-circle (NFC) principle that enhances information security management by identifying human conduct and IT security-related issues regarding the aspect of information security management. Furthermore, the authors’ principle has enabled closing the gap between technology and humans in this study by proving that the factors in the present study’s finding are interrelated and work together, rather than on their own. Research limitations/implications The main objective of this study was to address the lack of research evidence on what mobilizes and influences information security management development and implementation. This objective has been fulfilled by surveying, collecting and analyzing data and by giving an account of the attributes that hinder information security management. Accordingly, a major practical contribution of the present research is the empirical data it provides that enable obtaining a bigger picture and precise information about the real issues that cause information security management shortcomings. Practical implications In this sense, despite the fact that this study has limitations concerning the development of a diagnostic tool, it is obviously the main procedure for the measurements of a framework to assess information security compliance policies in the organizations surveyed. Social implications The present study’s discoveries recommend in actuality that using flexible tools that can be scoped to meet individual organizational needs have positive effects on the implementation of information security management policies within an organization. Accordingly, the research proposes that organizations should forsake the oversimplified generalized guidelines that neglect the verification of the difference in information security requirements in various organizations. Instead, they should focus on the issue of how to sustain and enhance their organization’s compliance through a dynamic compliance process that involves awareness of the compliance regulation, controlling integration and closing gaps. Originality/value The rapid growth of information technology (IT) has created numerous business opportunities. At the same time, this growth has increased information security risk. IT security risk is an important issue in industrial sectors, and in organizations that are innovating owing to globalization or changes in organizational culture. Previously, technology-associated risk assessments focused on various technology factors, but as of the early twenty-first century, the most important issue identified in technology risk studies is the human factor.

Sarah Sharifi

2023-01-23

Abstract:The Internet and cyberspace are inseparable aspects of everyone's life. Cyberspace is a concept that describes widespread, interconnected, and online digital technology. Cyberspace refers to the online world that is separate from everyday reality. Since the internet is a recent advance in human lives, there are many unknown and unpredictable aspects to it that sometimes can be catastrophic to users in financial aspects, high-tech industry, and healthcare. Cybersecurity failures are usually caused by human errors or their lack of knowledge. According to the International Business Machines Corporation (IBM) X-Force Threat Intelligence Index in 2020, around 8.5 billion records were compromised in 2019 due to failures of insiders, which is an increase of more than 200 percent compared to the compromised records in 2018. In another survey performed by the Ernst and Young Global Information Security during 2018-2019, it is reported that 34% of the organizations stated that employees who are inattentive or do not have the necessary knowledge are the principal vulnerabilities of cybersecurity, and 22% of the organizations indicated that phishing is the main threat to them. Inattentive users are one of the reasons for data breaches and cyberattacks. The National Cyber Security Centre (NCSC) in the United Kingdom observed that 23.2 million users who were victims of cybersecurity attacks used a carelessly selected password, which is 123456, as their account password. The Annual Cybersecurity Report published by Cisco in 2018 announced that phishing and spear phishing emails are the root causes of many cybersecurity attacks in recent years. Hence, enhancing the cybersecurity behaviors of both personal users and organizations can protect vulnerable users from cyber threats. Both human factors and technological aspects of cybersecurity should be addressed in organizations for a safer environment.

Human-Computer Interaction,Cryptography and Security

Mark Evans,Leandros A. Maglaras,Ying He,Helge Janicke

DOI: https://doi.org/10.48550/arXiv.1601.03921

2016-01-15

Cryptography and Security

Abstract:There continue to be numerous breaches publicised pertaining to cyber security despite security practices being applied within industry for many years. This article is intended to be the first in a number of articles as research into cyber security assurance processes. This article is compiled based on current research related to cyber security assurance and the impact of the human element on it. The objective of this work is to identify elements of cyber security that would benefit from further research and development based on the literature review findings. The results outlined in this article present a need for the cyber security field to look in to established industry areas to benefit from effective practices such as human reliability assessment, along with improved methods of validation such as statistical quality control in order to obtain true assurance. The article proposes the development of a framework that will be based upon defined and repeatable quantification, specifically relating to the range of human aspect tasks that provide, or are intended not to negatively affect cyber security posture.

Cenk Aksoy Bilen

DOI: https://doi.org/10.17261/pressacademia.2023.1735

2023-06-30

Pressacademia

Abstract:Purpose- With the rapid advancement of information and communication technologies, businesses are facing growing security risks. The prevalence, intensity, and complexity of cyber attacks worsen these vulnerabilities, leading to a rising focus on cybersecurity. Enterprises exposed to such cyberattacks might not only face considerable financial losses but also experience data breaches, operational interruptions, harm to their reputation, regulatory penalties, legal expenses, reduced competitive standing, and increased insurance premiums. In this concept study discusses the importance of human factors in cybersecurity management. While organizations spend billions on information technology systems and software to detect and prevent cyber threats, individuals play a critical role in managing these risks. Methodology- Through a review of literature and statistical data, study examines the factors contributing to cybersecurity breaches, the allocation of resources to address them, and proposes potential solutions. Findings- In the workplace, most research on cybersecurity focuses on employees as the most important source of vulnerability. In the literature review, it is understood that an employee’s carelessness and lack of awareness pose the greatest risk to cybersecurity. However, businesses often fail to show sufficient attention to human behavior in their efforts to keep organizational data secure and to plan security strategies. It is important to note that effective cybersecurity management requires not only technical controls but also the management of human factors. Meanwhile, security expenditures in enterprises are often disproportionately allocated to technology investments, with 97% being spent on technology investments, despite the fact that over 85% of breaches are attributable to human factors. Conclusion- In the literature review, it is understood that cybersecurity management is not only related to technical controls, but also the management of human factors is of critical importance. The management of individuals is also an essential cybersecurity responsibility. It is important to adopt a holistic approach to cybersecurity management includes both technical and human perspectives. Cybersecurity awareness has significant benefits for businesses to effectively manage cybersecurity which can be achieved by developing appropriate training programs and foster a cybersecurity culture. Keywords: Cybersecurity, cybersecurity management, cybersecurity awareness, technology investments, human factor JEL Codes: M12, M15, L86

Florence Sèdes

2024-06-17

Abstract:Major transformations related to information technologies affect InformationSystems (IS) that support the business processes of organizations and their actors. Deployment in a complex environment involving sensitive, massive and heterogeneous data generates risks with legal, social and financial impacts. This context of transition and openness makes the security of these IS central to the concerns of organizations. The digitization of all processes and the opening to IoT devices (Internet of Things) has fostered the emergence of a new formof crime, i.e. cybercrime.This generic term covers a number of malicious acts, the majority of which are now perpetrated using social engineering strategies, a phenomenon enabling a combined exploitation of ``human'' vulnerabilities and digital tools. The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the ``weak link'' of <a class="link-external link-http" href="http://cybersecurity.As" rel="external noopener nofollow">this http URL</a> deployment policies prove insufficient, it is necessary to think about upstream steps: knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation <a class="link-external link-http" href="http://approach.In" rel="external noopener nofollow">this http URL</a> this overview, we propose a synthesis of literature and professional practices on this subject.

Cryptography and Security,Databases

Kitsios,Chatzidimitriou,Kamariotou

DOI: https://doi.org/10.3390/su15075828

IF: 3.9

2023-03-28

Sustainability

Abstract:In order to handle their regulatory and legal responsibilities and to retain trustworthy strategic partnerships, enterprises need to be dedicated to guaranteeing the privacy, accessibility, and authenticity of the data at their disposal. Companies can become more resilient in the face of information security threats and cyberattacks by effectively integrating security strategies. The goal of this article is to describe a plan that a corporation has implemented in the information technology industry in order to ensure compliance with International Organization for Standardization (ISO) 27001. This research demonstrates an examination of the reasons that force enterprises to make a investment in ISO 27001 in addition to the incentives that might be acquired from having undergone this process. In addition, the research examines the reasons that push firms to make an investment in ISO 27001. More particularly, the research investigates an international IT consulting services institution that is responsible for the implementation of large-scale business assistance insertion and projects. It demonstrates the risk management framework and the administrative structure of the appropriate situations so that its procedures are adequate and also in line with the guidelines founded by ISO 27001. In conclusion, it discusses the problems and difficulties that were experienced.

environmental sciences,environmental studies,green & sustainable science & technology

Anđelija Đukić,Dejan Vuletić

DOI: https://doi.org/10.5937/bezbednost2203140d

2022-01-01

Abstract:The mass application of information and communication technologies (ICT) has facilitated the functioning of organizations, but has also increased their vulnerability and conditioned the development of the information security function. Attacks on ICT systems involve people as potential targets of vulnerability, highlighting the importance of paying close attention to an employee's behavior in interactions with elements of the ICT system and its environment, as well as developing an information security culture (ISC) as an integrative component of organizational culture and an important factor in the organization's information security. The paper attempts to set a comprehensive concept of ISC based on the unity of knowledge, perceptions, beliefs and attitudes of employees and their coordinated actions in the application of security measures, which emphasize the role of the organization and its management in creating, building and maintaining ISC. The focus of determining ISC is on understanding and applying information security policy measures, but it also includes the behavior of employees in situations that are not or could not be predicted, when employees are expected to protect the information assets of the organization. The paper identifies the most important external factors that are mostly objective, determined by the situation in the country in which the organization operates and contained in the elements of general social (national) culture and country's economic and technological development. As a specific impact on ISC, the activities of malicious individuals, groups and organizations in cyberspace - stand out, manifested through threats and endangerment to the integrity of the ICT system. Internal factors are mostly subjective and dependent on general organization; the knowledge, vision and actions of management in the field of information security; individual characteristics of people, their values, needs, knowledge, understanding and application of information security policy measures. Among the factors, the highest level of management stands out for its role and importance due to the greatest responsibility for organization's information security, but also as the creator of its strategy and policy, the holder of resource engagement policy, shaper of professional security teams, decisionmaker on hardware and software protection, and supporter, creator and implementer of programs for ISC level raising.

Hussain Aldawood,Geoffrey Skinner

DOI: https://doi.org/10.3390/fi11030073

2019-03-18

Future Internet

Abstract:The idea and perception of good cyber security protection remains at the forefront of many organizations’ information and communication technology strategy and investment. However, delving deeper into the details of its implementation reveals that organizations’ human capital cyber security knowledge bases are very low. In particular, the lack of social engineering awareness is a concern in the context of human cyber security risks. This study highlights pitfalls and ongoing issues that organizations encounter in the process of developing the human knowledge to protect from social engineering attacks. A detailed literature review is provided to support these arguments with analysis of contemporary approaches. The findings show that despite state-of-the-art cyber security preparations and trained personnel, hackers are still successful in their malicious acts of stealing sensitive information that is crucial to organizations. The factors influencing users’ proficiency in threat detection and mitigation have been identified as business environmental, social, political, constitutional, organizational, economical, and personal. Challenges with respect to both traditional and modern tools have been analyzed to suggest the need for profiling at-risk employees (including new hires) and developing training programs at each level of the hierarchy to ensure that the hackers do not succeed.

Fotis Kitsios,Elpiniki Chatzidimitriou,Maria Kamariotou

DOI: https://doi.org/10.3390/su14031269

IF: 3.9

2022-01-24

Sustainability

Abstract:Organizations must be committed to ensuring the confidentiality, availability, and integrity of the information in their possession to manage legal and regulatory obligations and to maintain trusted business relationships. Information security management systems (ISMSs) support companies to better deal with information security risks and cyber-attacks. Although there are many different approaches to successfully implementing an ISMS in a company, the most important and time-consuming part of establishing an ISMS is a risk assessment. The purpose of this paper was to develop a risk assessment framework that a company followed in the information technology sector to conduct the risk assessment process to comply with International Organization for Standardization (ISO) 27001. The findings analyze the conditions that force organizations to invest in protecting information and the benefits they can derive from this process. In particular, the paper delves into a multinational IT consulting services company that undertakes and implements large business support installation and customization projects. It explains the risk assessment process and the management of the necessary configurations so that its functions are acceptable and in line with information security standards. Finally, it presents the difficulties and challenges encountered.

environmental sciences,environmental studies,green & sustainable science & technology

Aristotle Onumo,Irfan Ullah-Awan,Andrea Cullen

DOI: https://doi.org/10.1145/3424282

2021-06-01

ACM Transactions on Management Information Systems

Abstract:The increase in cybersecurity threats and the challenges for organisations to protect their information technology assets has made adherence to organisational security control processes and procedures a critical issue that needs to be adequately addressed. Drawing insight from organisational theory literature, we develop a multi-theory model, combining the elements of the theory of planned behaviour, competing value framework, and technology—organisational and environmental theory to examine how the organisational mechanisms interact with espoused cultural values and employee cognitive belief to influence cybersecurity control procedures. Using a structured questionnaire, we deployed structural equation modelling (SEM) to analyse the survey data obtained from public sector information technology organisations in Nigeria to test the hypothesis on the relationship of socio-organisational mechanisms and techno-cultural factors with other key determinants of employee security behaviour. The results showed that knowledge of cybersecurity and employee cognitive belief significantly influence the employees’ intentions to comply with organisational cybersecurity control mechanisms. The research further noted that the influence of organisational elements such as leadership on employee security behaviour is mediated by espoused cultural values while the impact of employee cognitive belief is moderated by security technologies. For effective cybersecurity compliance, leaders and policymakers are therefore to promote organisational security initiatives that ensure incorporation of cybersecurity principles and practices into job descriptions, routines, and processes. This study contributes to behavioural security research by highlighting the critical role of leadership and cultural values in fostering organisational adherence to prescribed security control mechanisms.

Abdullah Al Hayajneh,Hasnain Nizam Thakur,Kutub Thakur

DOI: https://doi.org/10.5539/cis.v16n4p1

2023-11-20

Computer and Information Science

Abstract:In the contemporary era marked by the extensive utilization of data, information systems have been extensively embraced by global organizations and also hold a pivotal position in national defense and various other domains. The growing interconnectedness between individuals and diverse information systems has resulted in an intensified emphasis on the evaluation of potential risks. The mitigation of these dangers extends beyond simple technological solutions and includes established standards, legal structures, and policies, adopting a complete approach based on safety engineering concepts. This study aims to develop a robust framework for the harmonization of Information Technology Security Standards. It will explore prevalent techniques for conducting risk assessments and differentiate between quantitative and qualitative approaches to evaluation. Moreover, this study illustrates the combination of quantitative and qualitative evaluation methodologies, providing a comprehensive framework for the analysis and design of risk assessment. In addition, this study advances our understanding of INFOSEC risk assessment and contributes to the advancement of more efficient information security strategies by sharing global perspectives, addressing challenges in classification, clarifying the incorporation of Information Security Management Systems (ISMS), and highlighting the significance of Artificial Intelligence in the domain of Information Security (INFOSEC).

DOI: https://doi.org/10.33140/aurdp.01.01.02

2024-02-27

Abstract:Background: Cyber Security is to protect online data and software from cyber threats. These cyberattacks are typically intended to gain access to, change, or delete sensitive information; extort money from users; or disrupt regular corporate activities. It is difficult to keep up a regular follow up with new technologies, so it is necessary to keep the important data safe from cyber threats. There are many types of cyber threats, malware, ransomware, social engineering, phishing etc. To prevent cyber-attacks one can, use password manager tools like LastPass and others. People also use two factor authentication for double security on their accounts. Methods: Boards such as the National Institute of Standards and Technology (NIST) are developing frameworks to assist firms in understanding their security risks, improving cybersecurity procedures, and preventing cyber assaults. The fight against cybercrimes and attack, organizations needed a strong base there are 5 types of cyber securities: Critical Infrastructure Security, application security, network security, cloud security and (IoT) Security. In the modern time the US is highly based on computers and on different software, so it is really important for the US to be more conscious about the security as they get many threats almost every day for hacking their data and accounts. Results and Conclusion: Nowadays, even small businesses rarely recover their loss from the cyber-attacks and many back-off from continuing their businesses after being target of hackers. The first cybercrime attack was recorded in 1988 by a graduate student. Now that large companies and even small businesses are aware of cyber-attacks, they try their best to take every precaution to prevent hacking with double security and password manager tools.

O.I. Peliukh,M.V. Yesina,D.Yu. Holubnychyi

DOI: https://doi.org/10.30837/rt.2024.1.216.03

2024-03-20

Radiotekhnika

Abstract:In the modern world, information and communication systems (ICS) have become an integral part of our lives, processing, storing and transmitting information. However, this dependence makes them extremely vulnerable to various threats. The article examines the current threats that call into question the normal functioning of ICS. The authors emphasise the constant evolution of these threats, which makes them more complex and dangerous. This necessitates constant research and development of new methods and means of information protection, as well as raising awareness of ICS users about cyber threats. The purpose of the article is to study modern ICS threats and develop recommendations for improving the level of information security (IS). The article provides a classification of ICS IS threats by various criteria: by the basic principles of the cybersecurity triad (confidentiality, integrity and availability), by sources of threats (internal and external), by the amount of damage caused (from general to private), by the degree of impact (passive and active) and by the nature of occurrence (natural and artificial). The article reveals the sources of threats to ICS security: unintentional (related to user errors, software failures or hardware failures) and intentional (cyber-attacks aimed at causing damage to ICS). Particular attention is paid to cyberattacks that are becoming more widespread. The authors describe different types of cyberattacks, as well as methods and means of their implementation. An important aspect of the article is the development of recommendations for improving the level of security. Along with the technical aspects of protection, the article considers the importance of implementing organisational measures such as security policy, access control and privilege management. The article also draws attention to the importance of complying with international and national standards for the protection of information in ICS. These measures help to avoid leakage or prevent unauthorised access to valuable information.

Ahmed I. Al-Darwish,Pilsung Choe

DOI: https://doi.org/10.1007/978-3-030-25629-6_114

2019-01-01

Abstract:Information systems support organizations to achieve strategic competitiveness and to improve the decision-making process. In addition, they help timely implementation of projects and effective risk management. A reliable and coherent information system requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing a business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. To date, studies have shown that non-technical risks are as important as technical risks in safeguarding. However, little attention has been paid to the role of human factors or organizational factors. This study validates the importance of non-technical factors based on a case study of an incident analysis using the information security framework with a focus of non-technical factors.

Samuel Cris Ayo,Bonaventure Ngala,Olasunkanmi Amzat,Robin Lal Khoshi,Samarappulige Isuru Madusanka

DOI: https://doi.org/10.48550/arXiv.1812.04659

2018-12-12

Abstract:Owing to recorded incidents of Information technology inclined organisations failing to respond effectively to threat incidents, this project outlines the benefits of conducting a comprehensive risk assessment which would aid proficiency in responding to potential threats. The ultimate goal is primarily to identify, quantify and control the key threats that are detrimental to achieving business objectives. This project carries out a detailed risk assessment for a case study organisation. It includes a comprehensive literature review analysing several professional views on pressing issues in Information security. In the risk register, five prominent assets were identified in respect to their owners. The work is followed by a qualitative analysis methodology to determine the magnitude of the potential threats and vulnerabilities. Collating these parameters enabled the valuation of individual risk per asset, per threat and vulnerability. Evaluating a risk appetite aided in prioritising and determining acceptable risks. From the analysis, it was deduced that human being posed the greatest Information security risk through intentional/ unintentional human error. In conclusion, effective control techniques based on defence in-depth were devised to mitigate the impact of the identified risks from risk register.

Computers and Society,Cryptography and Security

Ashraf Mady,Saurabh Gupta,Merrill Warkentin

DOI: https://doi.org/10.1111/isj.12424

IF: 7.767

2023-01-11

Information Systems Journal

Abstract:Organisations implement a variety of knowledge mechanisms such as information security education, training and awareness (SETA) programs and information security policies, to influence employees' secure behaviour. Despite increased efforts to provide information systems (IS) security knowledge to employees, data breaches and other security incidents resulting from insider behaviour continue. Recent IS security research, primarily grounded on assumptions of employees' rational assessment of numerous factors, has yielded inconsistent results. Challenging this paradigm, we model secure behaviour on security knowledge mechanisms, which focuses on the multidimensional nature of security knowledge breadth, depth and finesse to represent the full array of managerial levers. We further draw on construal level theory to conceptualise users' perceptual judgements of security messages. Two studies support our model, with the second building on the first. Study 1, an experiment with 312 participants, focused on validating the treatments. Study 2, a survey with 219 participants, validated the entire model. Results showed that our model has significantly more explanatory and predictive power than the orthodox paradigm. Our results have practical implications for optimising the organisation of knowledge mechanisms by emphasising the personal relevance of threats and defining the factors that lead to secure behaviour. We also contribute to the discourse on information security research and provide a template for integrating theories, thus opening new avenues for future research.

information science & library science

Temitayo Oluwaseun Abrahams,Sarah Kuzankah Ewuga,Samuel Onimisi Dawodu,Abimbola Oluwatoyin Adegbite,Azeez Olanipekun Hassan

DOI: https://doi.org/10.51594/csitrj.v5i1.699

2024-01-09

Computer Science & IT Research Journal

Abstract:In an era where digital threats are increasingly pervasive, understanding the evolution and efficacy of cybersecurity strategies in modern organizations is paramount. This study provides a comprehensive analysis of the dynamic landscape of cybersecurity, exploring its progression from traditional methods to innovative, technology-driven approaches. The digital age has ushered in complex cyber threats, necessitating robust cybersecurity measures. This study examines cybersecurity strategies' historical development, current trends, and future directions across different organizational contexts and industries. The primary aim is to assess the evolution and effectiveness of cybersecurity measures, identify existing gaps, and understand the interplay between human behavior, technology, and policy in cybersecurity. The paper encompasses a comprehensive methodological framework for cybersecurity analysis, exploring the effectiveness of traditional versus modern approaches, the role of AI and ML, and the impact of international policies. It also presents case studies to illustrate successes and failures in cybersecurity implementation. Key findings reveal a significant shift towards advanced technologies like AI and ML in cybersecurity, the critical role of human factors in shaping cybersecurity outcomes, and the influence of international policies in standardizing cybersecurity practices. The study concludes that effective cybersecurity strategies require a balanced approach, combining technological advancements with understanding human factors and adherence to international standards. Recommendations include continuous education and training, adopting holistic cybersecurity strategies, and aligning with international policies. Keywords: Cybersecurity, Artificial Intelligence, Machine Learning, International Policies, Human Factors, Cyber Threats.

Ellena Ike

DOI: https://doi.org/10.47941/ejikm.2063

2024-07-12

Abstract:Purpose: The general objective of the study was to analyze information security and knowledge management. Methodology: The study adopted a desktop research methodology. Desk research refers to secondary data or that which can be collected without fieldwork. Desk research is basically involved in collecting data from existing resources hence it is often considered a low cost technique as compared to field research, as the main cost is involved in executive’s time, telephone charges and directories. Thus, the study relied on already published studies, reports and statistics. This secondary data was easily accessed through the online journals and library. Findings: The findings reveal that there exists a contextual and methodological gap relating to information security and knowledge management. Preliminary empirical review revealed that integrating IS and KM was crucial for enhancing organizational performance, protecting intellectual assets, and fostering innovation. It emphasized the need for a holistic approach combining technological solutions, robust policies, and a culture of security awareness. The research found that this integration led to significant improvements in operational efficiency and innovation, with continuous evaluation and adaptation being essential. The study highlighted the importance of advanced security technologies, regular updates, and employee training to maintain effective IS and KM practices, ultimately ensuring the secure and effective utilization of knowledge assets for sustainable growth. Unique Contribution to Theory, Practice and Policy: The Socio-Technical Systems Theory, Knowledge-Based View of the Firm and Information Systems Success Model may be used to anchor future studies on information security and knowledge management. The study provided significant contributions to theory, practice, and policy by integrating various theoretical frameworks and emphasizing the need for a multi-layered approach to IS that includes advanced technology, strong policies, and employee training. It recommended the development of regulatory standards to enforce robust IS practices, the alignment of IS and KM with organizational strategies, and the implementation of continuous improvement programs. Additionally, it highlighted the importance of comprehensive training for employees and fostering a collaborative environment that balances security with innovation.