关键服务运营商综合和管理报告中的网络安全和网络风险

Aleksandra Ferens
{"title":"关键服务运营商综合和管理报告中的网络安全和网络风险","authors":"Aleksandra Ferens","doi":"10.5604/01.3001.0014.9558","DOIUrl":null,"url":null,"abstract":"Purpose: The scope of interactive information processed and exchanged through cyberspace has grown exponentially. Therefore, there is a need to develop cybersecurity that protects this space against both internal and external threats, as well as to work out an appropriate reporting system on the cybersecurity model operating in the company. The aim of the paper is to identify and assess the disclosures on cybersecurity and cyber risk in the integrated and management reports of selected companies listed on the Warsaw Stock Exchange. Methodology: The study focused on the integrated and management reports of 17 selected companies identified as operators of so-called key services. The representative sample was chosen through purposive sampling. This process was preceded by a preliminary analysis of companies listed in the WIG 30 Index, drawing on the number of integrated reports prepared by the operators of key services. The research involved an analysis of the literature and legal regulations, as well as the structure and scope of information on cybersecurity reported by the surveyed companies, along with the deductive method. The results of the analysis showed that only some companies present information on existing cyber risks and cybersecurity, while information is scattered in different parts of the business reports and non-comparable due to the lack of a unified data structure. It was noted that the reports do not contain detailed information on the activities in the field of cybersecurity, which makes it impossible to perform a multifaceted and multisectoral assessment of the results reported by the entities. Originality: The paper builds on and thus complements the scientific achievements in the field of non-financial reporting, including the business model, by identifying the shortcomings related to reporting on how to protect companies against the risk related to cyber threats in the reports to date. The study also confirms the need to improve the content of business reports with quantitative and qualitative information in this regard\n\n","PeriodicalId":53342,"journal":{"name":"Zeszyty Teoretyczne Rachunkowosci","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Cybersecurity and cyber risk in integrated and management reports of key service operators\",\"authors\":\"Aleksandra Ferens\",\"doi\":\"10.5604/01.3001.0014.9558\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Purpose: The scope of interactive information processed and exchanged through cyberspace has grown exponentially. Therefore, there is a need to develop cybersecurity that protects this space against both internal and external threats, as well as to work out an appropriate reporting system on the cybersecurity model operating in the company. The aim of the paper is to identify and assess the disclosures on cybersecurity and cyber risk in the integrated and management reports of selected companies listed on the Warsaw Stock Exchange. Methodology: The study focused on the integrated and management reports of 17 selected companies identified as operators of so-called key services. The representative sample was chosen through purposive sampling. This process was preceded by a preliminary analysis of companies listed in the WIG 30 Index, drawing on the number of integrated reports prepared by the operators of key services. The research involved an analysis of the literature and legal regulations, as well as the structure and scope of information on cybersecurity reported by the surveyed companies, along with the deductive method. The results of the analysis showed that only some companies present information on existing cyber risks and cybersecurity, while information is scattered in different parts of the business reports and non-comparable due to the lack of a unified data structure. It was noted that the reports do not contain detailed information on the activities in the field of cybersecurity, which makes it impossible to perform a multifaceted and multisectoral assessment of the results reported by the entities. Originality: The paper builds on and thus complements the scientific achievements in the field of non-financial reporting, including the business model, by identifying the shortcomings related to reporting on how to protect companies against the risk related to cyber threats in the reports to date. The study also confirms the need to improve the content of business reports with quantitative and qualitative information in this regard\\n\\n\",\"PeriodicalId\":53342,\"journal\":{\"name\":\"Zeszyty Teoretyczne Rachunkowosci\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-07-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Zeszyty Teoretyczne Rachunkowosci\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5604/01.3001.0014.9558\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Zeszyty Teoretyczne Rachunkowosci","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5604/01.3001.0014.9558","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

摘要

目的:通过网络空间处理和交换的互动信息的范围呈指数级增长。因此,有必要开发网络安全,保护这一空间免受内部和外部威胁,并制定一个关于公司网络安全模式的适当报告系统。本文的目的是识别和评估在华沙证券交易所上市的选定公司的综合和管理报告中关于网络安全和网络风险的披露。方法:该研究侧重于17家选定的所谓关键服务运营商的综合和管理报告。代表性样本是通过有目的的抽样选出的。在此过程之前,根据关键服务运营商编制的综合报告数量,对WIG 30指数中列出的公司进行了初步分析。这项研究包括对文献和法律法规的分析,以及被调查公司报告的网络安全信息的结构和范围,以及演绎方法。分析结果显示,只有一些公司提供了有关现有网络风险和网络安全的信息,而由于缺乏统一的数据结构,这些信息分散在商业报告的不同部分,不具有可比性。有人指出,报告中没有关于网络安全领域活动的详细信息,因此无法对各实体报告的结果进行多方面和多部门的评估。独创性:该论文建立在非财务报告领域的科学成就的基础上,从而补充了包括商业模式在内的非财务报告的科学成就,在迄今为止的报告中发现了与如何保护公司免受网络威胁相关风险的报告相关的缺陷。这项研究还证实,有必要改进业务报告的内容,提供这方面的定量和定性信息
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Cybersecurity and cyber risk in integrated and management reports of key service operators
Purpose: The scope of interactive information processed and exchanged through cyberspace has grown exponentially. Therefore, there is a need to develop cybersecurity that protects this space against both internal and external threats, as well as to work out an appropriate reporting system on the cybersecurity model operating in the company. The aim of the paper is to identify and assess the disclosures on cybersecurity and cyber risk in the integrated and management reports of selected companies listed on the Warsaw Stock Exchange. Methodology: The study focused on the integrated and management reports of 17 selected companies identified as operators of so-called key services. The representative sample was chosen through purposive sampling. This process was preceded by a preliminary analysis of companies listed in the WIG 30 Index, drawing on the number of integrated reports prepared by the operators of key services. The research involved an analysis of the literature and legal regulations, as well as the structure and scope of information on cybersecurity reported by the surveyed companies, along with the deductive method. The results of the analysis showed that only some companies present information on existing cyber risks and cybersecurity, while information is scattered in different parts of the business reports and non-comparable due to the lack of a unified data structure. It was noted that the reports do not contain detailed information on the activities in the field of cybersecurity, which makes it impossible to perform a multifaceted and multisectoral assessment of the results reported by the entities. Originality: The paper builds on and thus complements the scientific achievements in the field of non-financial reporting, including the business model, by identifying the shortcomings related to reporting on how to protect companies against the risk related to cyber threats in the reports to date. The study also confirms the need to improve the content of business reports with quantitative and qualitative information in this regard
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
0.40
自引率
0.00%
发文量
8
审稿时长
14 weeks
期刊最新文献
Redefining accounting as a technical, social and moral practice to better the world The (in)correctness of financial reports in the ESEF format of selected Polish listed companies The financial results of Polish State Forests and profit distribution – in the opinions of stakeholders Measuring the implementation of the Sustainable Development Goals by companies listed on the Warsaw Stock Exchange in the light of the UNCTAD-ISAR guidance The sense of legal professional responsibility among accountants in Poland. A pilot qualitative study
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1