The emerging role of the CISO

Hooper, Val; McKissack, Jeremy

doi:10.1016/j.bushor.2016.07.004

Cited by 35 publications

(23 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This method was trialled on data arising from my doctoral research into the purpose of cyber-security functions within commercial businesses. The management of risk is fundamental to businesses and cyber-security risk, in particular, has become a board-level concern in recent years (Hooper and McKissack, 2016), even being considered existential by many businesses (Bevan et al, 2018). Cyber-security incidents affecting businesses achieve significant coverage in mass media, for example, Voreacos et al (2019), Kuchler (2017) and Thomas (2016) and as well as managing threats to their own operations, businesses are also seen as performing a role in securing nations from cyber-security threats (UK Government, 2016: 34).…”

Section: Background To My Researchmentioning

confidence: 99%

Producing ‘good enough’ automated transcripts securely: Extending Bokhove and Downey (2018) to address security concerns

Silva

2021

Methodological Innovations

View full text Add to dashboard Cite

Interviews are an established research method across multiple disciplines. Such interviews are typically transcribed orthographically in order to facilitate analysis. Many novice qualitative researchers’ experiences of manual transcription are that it is tedious and time-consuming, although it is generally accepted within much of the literature that quality of analysis is improved through researchers performing this task themselves. This is despite the potential for the exhausting nature of bulk transcription to conversely have a negative impact upon quality. Other researchers have explored the use of automated methods to ease the task of transcription, more recently using cloud-computing services, but such services present challenges to ensuring confidentiality and privacy of data. In the field of cyber-security, these are particularly concerning; however, any researcher dealing with confidential participant speech should also be uneasy with third-party access to such data. As a result, researchers, particularly early-career researchers and students, may find themselves with no option other than manual transcription. This article presents a secure and effective alternative, building on prior work published in this journal, to present a method that significantly reduced, by more than half, interview transcription time for the researcher yet maintained security of audio data. It presents a comparison between this method and a fully manual method, drawing on data from 10 interviews conducted as part of my doctoral research. The method presented requires an investment in specific equipment which currently only supports the English language.

show abstract

Section: Background To My Researchmentioning

confidence: 99%

Producing ‘good enough’ automated transcripts securely: Extending Bokhove and Downey (2018) to address security concerns

Silva

2021

Methodological Innovations

View full text Add to dashboard Cite

show abstract

“…Wieringa distinguished many methods for examining numerous types of problems, e.g. design problems and knowledge problems [34]. In this Zero Trust project we used Hevner's work as a frame of reference for the entire DSR project and potential later validation by practitioners and we use Wieringa's approach to address the challenges and technical requirements we encounter during the current and future journey of portal development (Figure 4).…”

Section: What Is Zero Trust?mentioning

confidence: 99%

Zero Trust Validation: From Practical Approaches to Theory

Bobbert¹

2020

SJRR

View full text Add to dashboard Cite

How can high-level directives concerning risk, cybersecurity and compliance be operationalized in the central nervous system of any organization above a certain complexity? How can the effectiveness of technological solutions for security be proven and measured, and how can this technology be aligned with the governance and financial goals at the board level? These are the essential questions for any CEO, CIO or CISO that is concerned with the wellbeing of the firm. The concept of Zero Trust (ZT) approaches information and cybersecurity from the perspective of the asset to be protected, and from the value that asset represents. Zero Trust has been around for quite some time. Most professionals associate Zero Trust with a particular architectural approach to cybersecurity, involving concepts such as segments, resources that are accessed in a secure manner and the maxim "always verify never trust". This paper describes the current state of the art in Zero Trust usage. We investigate the limitations of current approaches and how these are addressed in the form of Critical Success Factors in the Zero Trust Framework developed by ON2IT 'Zero Trust Innovators' (1). Furthermore, this paper describes the design and engineering of a Zero Trust artifact that addresses the problems at hand (2), according to Design Science Research (DSR). The last part of this paper outlines the setup of an empirical validation trough practitioner oriented research, in order to gain a broader acceptance and implementation of Zero Trust strategies (3). The final result is a proposed framework and associated technology which, via Zero Trust principles, addresses multiple layers of the organization to grasp and align cybersecurity risks and understand the readiness and fitness of the organization and its measures to counter cybersecurity risks.

show abstract

“…Monitoring such residual cyber risk often falls to the Chief Information Security Officer (CISO). However, the actual ownership of cyber risk within an organization is generally uncleareven if the organization has a CISO or Chief Information Officer (CIO) who is supposed to manage information security (14). Because cyber risk is a key part of an organization's overall business risk, all departments of an organization have a vested interest in how the organization manages residual cyber risk.…”

Section: Monitor and Manage Residual Riskmentioning

confidence: 99%

Cyber risk research impeded by disciplinary barriers

Falco

Eling

Jablanski

et al. 2019

Science

View full text Add to dashboard Cite

Cyber risk encompasses a broad spectrum of risks to digital systems, such as data breaches or full-fledged cyber attacks on the electric grid. Efforts to systematically advance the science of cyber risk must draw upon not only computer science, but also fields such as behavioral science, economics, law, management science, and political science. Yet many scholars believe that they have sufficient understanding of other fields to comprehensively address the inherently cross-disciplinary nature of cyber risk. For example, a statistician might apply Bayesian modeling to predict future cyber events, even though it is not entire clear what bearing historical cyber events have on future ones. Computer scientists might write on data protection laws, yet with little knowledge of legal jurisdiction issues. Such questions of disciplinary ownership, the inability to coordinate across disciplines, and the undefined scope of the problem domain have thus plagued inherently cross-disciplinary cyber risk research. Drawing upon global expertise and challenges from industry, academia, non-profit organizations, and governments, we adapt the classical risk management process to identify core research questions for cyber risk, gaps in knowledge that need to be addressed for advances in security, and opportunities for cross-disciplinary collaboration for each area. While we mention specific disciplines, reflective of our backgrounds, these are not the only ones that should be conducting cyber risk research.

show abstract

The emerging role of the CISO

Cited by 35 publications

References 0 publications

Producing ‘good enough’ automated transcripts securely: Extending Bokhove and Downey (2018) to address security concerns

Producing ‘good enough’ automated transcripts securely: Extending Bokhove and Downey (2018) to address security concerns

Zero Trust Validation: From Practical Approaches to Theory

Cyber risk research impeded by disciplinary barriers

Contact Info

Product

Resources

About