Learning from cyber security incidents: A systematic review and future research agenda

Patterson, C. Mark; Nurse, Jason R. C.; Franqueira, Virginia N. L.

doi:10.1016/j.cose.2023.103309

Cited by 22 publications

(8 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They can lead to a variety of consequences, such as a loss of data confidentiality, reputational damage, financial losses, loss of customer confidence, legal or regulatory sanctions, and disruption of normal business operations. To minimize the risk of information security incidents, organizations implement various security measures, such as securing information systems, applying security policies, training personnel, monitoring network activity, encrypting data, and many others (Tøndel, 2014;Patterson et al, 2023).…”

Section: Literature Review and Theoretical Basismentioning

confidence: 99%

A Comparative Analysis of Information Security Incidents in Public Administration in Selected European Union Countries

Lisiak-Felicka

2024

znadministracja

View full text Add to dashboard Cite

The article presents the issue of information security incident management in public administration. The goal of security incident management is to minimize the negative impact of incidents and ensure the continuity of the organization's operations. It is critical to know what the threats are, including the number and types of incidents reported. The article outlines key incident management and legal issues related to the topic of security incidents and the work of computer incident response teams. Examples of incidents that took place recently in public administration units in Poland were also presented. This was followed by an analysis of statistical data on reported incidents in Poland in the years 2020-2022, and the results were compared with the number of incidents reported in selected European Union countries. The results of the study show that the dominant type of incidents is fraud (mainly phishing), and public administration is one of the main targets of cybercriminals' attacks. Difficulties in conducting such comparative analysis have also been demonstrated.

show abstract

Section: Literature Review and Theoretical Basismentioning

confidence: 99%

A Comparative Analysis of Information Security Incidents in Public Administration in Selected European Union Countries

Lisiak-Felicka

2024

znadministracja

View full text Add to dashboard Cite

show abstract

“…Apart from the abovementioned literature, few studies have used OL loops to report various cybersecurity incidents. For instance, a recent research study [17] used the double learning approach from the OL theory proposed by Argyris and Schon [20,21]. The study has reported various cybersecurity incidents based on the OL theoretical lens.…”

Section: Cybersecurity and Organisational Learningmentioning

confidence: 99%

“…The research paper aims to examine counterstrategies adopted and implemented in HERS exclusively in Australia to mitigate cybersecurity challenges amidst major crises using the Organizational Learning (OL) theory. Prior studies have used the Organisational Learning (OL) theory to explore cybersecurity incidents [8,[17][18][19]. For instance, a recent research study [17] has used the double-loop learning approach from OL theory proposed by Argyris and Schon [20,21].…”

Section: Introductionmentioning

confidence: 99%

“…Prior studies have used the Organisational Learning (OL) theory to explore cybersecurity incidents [8,[17][18][19]. For instance, a recent research study [17] has used the double-loop learning approach from OL theory proposed by Argyris and Schon [20,21]. However, the study is a systematic literature review and has recommended that more research is needed to understand the right learning practices required because of reported cybersecurity incidents.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Countermeasure Strategies to Address Cybersecurity Challenges Amidst Major Crises in the Higher Education and Research Sector: An Organisational Learning Perspective

Mahmood,

Chadhar,

Firmin

2024

Information

View full text Add to dashboard Cite

Purpose: The purpose of this research paper was to analyse the counterstrategies to mitigate cybersecurity challenges using organisational learning loops amidst major crises in the Higher Education and Research Sector (HERS). The authors proposed the learning loop framework revealing several counterstrategies to mitigate cybersecurity issues in HERS. The counterstrategies are explored, and their implications for research and practice are discussed. Methodology: The qualitative methodology was adopted, and semi-structured interviews with cybersecurity experts and top managers were conducted. Results: This exploratory paper proposed the learning loop framework revealing introducing new policies and procedures, changing existing systems, partnership with other companies, integrating new software, improving employee learning, enhancing security, and monitoring and evaluating security measures as significant counterstrategies to ensure the cyber-safe working environment in HERS. These counterstrategies will help to tackle cybersecurity in HERS, not only during the current major crisis but also in the future. Implications: The outcomes provide insightful implications for both theory and practice. This study proposes a learning framework that prioritises counterstrategies to mitigate cybersecurity challenges in HERS amidst a major crisis. The proposed model can help HERS be more efficient in mitigating cybersecurity issues in future crises. The counterstrategies can also be tested, adopted, and implemented by practitioners working in other sectors to mitigate cybersecurity issues during and after major crises. Future research can focus on addressing the shortcomings and limitations of the proposed learning framework adopted by HERS.

show abstract

“…Cyberattacks and slow internet speeds can delay incident response times, allowing security breaches to persist for extended periods and leading to more significant damage to an organization’s reputation, finances, and intellectual property. Therefore, the problems of cyberattacks and slow internet speeds are of the utmost importance to businesses and organizations, and effective solutions must be found to address them [ 17 ]. Various solutions are available to address the issue of cyberattacks and slow internet speeds, including upgrading hardware and software, optimizing network configurations, and deploying SDN and VNFs [ 18 ].…”

Section: Introductionmentioning

confidence: 99%

Efficient Internet-of-Things Cyberattack Depletion Using Blockchain-Enabled Software-Defined Networking and 6G Network Technology

Razaque,

Yoo,

Bektemyssova

et al. 2023

Sensors

View full text Add to dashboard Cite

Low-speed internet can negatively impact incident response by causing delayed detection, ineffective response, poor collaboration, inaccurate analysis, and increased risk. Slow internet speeds can delay the receipt and analysis of data, making it difficult for security teams to access the relevant information and take action, leading to a fragmented and inadequate response. All of these factors can increase the risk of data breaches and other security incidents and their impact on IoT-enabled communication. This study combines virtual network function (VNF) technology with software -defined networking (SDN) called virtual network function software-defined networking (VNFSDN). The adoption of the VNFSDN approach has the potential to enhance network security and efficiency while reducing the risk of cyberattacks. This approach supports IoT devices that can analyze large volumes of data in real time. The proposed VNFSDN can dynamically adapt to changing security requirements and network conditions for IoT devices. VNFSDN uses threat filtration and threat-capturing and decision-driven algorithms to minimize cyber risks for IoT devices and enhance network performance. Additionally, the integrity of IoT devices is safeguarded by addressing the three risk categories of data manipulation, insertion, and deletion. Furthermore, the prioritized delegated proof of stake (PDPoS) consensus variant is integrated with VNFSDN to combat attacks. This variant addresses the scalability issue of blockchain technology by providing a safe and adaptable environment for IoT devices that can quickly be scaled up and down to pull together the changing demands of the organization, allowing IoT devices to efficiently utilize resources. The PDPoS variant provides flexibility to IoT devices to proactively respond to potential security threats, preventing or mitigating the impact of cyberattacks. The proposed VNFSDN dynamically adapts to the changing security requirements and network conditions, improving network resiliency and enabling proactive threat detection. Finally, we compare the proposed VNFSDN to existing state-of-the-art approaches. According to the results, the proposed VNFSDN has a 0.08 ms minimum response time, a 2% packet loss rate, 99.5% network availability, a 99.36% threat detection rate, and a 99.77% detection accuracy with 1% malicious nodes.

show abstract

Learning from cyber security incidents: A systematic review and future research agenda

Cited by 22 publications

References 60 publications

A Comparative Analysis of Information Security Incidents in Public Administration in Selected European Union Countries

A Comparative Analysis of Information Security Incidents in Public Administration in Selected European Union Countries

Countermeasure Strategies to Address Cybersecurity Challenges Amidst Major Crises in the Higher Education and Research Sector: An Organisational Learning Perspective

Efficient Internet-of-Things Cyberattack Depletion Using Blockchain-Enabled Software-Defined Networking and 6G Network Technology

Contact Info

Product

Resources

About