{"title":"网络安全措施的最佳支出:第二部分","authors":"Sherita Tara Kissoon","doi":"10.4236/JIS.2021.121007","DOIUrl":null,"url":null,"abstract":"The purpose of this research is to \ninvestigate the decision-making process for cybersecurity investments in \norganizations through development and utilization of a digital cybersecurity \nrisk management framework. The initial article, Optimum Spending on \nCybersecurity Measures is published on Emerald Insight at: https://www.emerald.com/insight/1750-6166.htm, contains the detailed literature review, and the data results from \nPhase I and Phase II of this research REF _Ref61862658 \\r \\h \\* MERGEFORMAT [1]. This article will \nhighlight the research completed in the area of organizational decision-making \non cybersecurity spend. In leveraging the review of additional studies, this \nresearch utilizes a regression framework and case study methodology to \ndemonstrate that effective risk-based decisions are necessary when implementing \ncybersecurity controls. Through regression analysis, the effectiveness of \ncurrent implemented cybersecurity measures in organizations is explored when connecting a dependent variable with several independent \nvariables. The focus of this article is on the strategic decisions made by \norganizations when implementing cybersecurity measures. This research belongs \nto the area of risk management, and various models within the field of 1) \ninformation security; 2) strategic management; and 3) organizational decision-making to determine optimum spending on \ncybersecurity measures for risk taking organizations. This research resulted in \nthe development of a cyber risk investment model and a digital cybersecurity risk management framework. Using a case study methodology, \nthis model and framework were leveraged to evaluate \nand implement cybersecurity measures. The case study methodology provides an \nin-depth view of a risk-taking organization’s risk mitigation strategy within \nthe bounds of the educational environment focusing on five areas identified \nwithin a digital cyber risk model: 1) technology landscape and application \nportfolio; 2) data centric focus; 3) risk management \npractices; 4) cost-benefit analysis for cybersecurity measures; and 5) strategic development. The outcome of this research provides \ngreater insight into how an organization makes decisions when implementing \ncybersecurity controls. This research shows that most organizations are \ndiligently implementing security measures to effectively monitor and detect \ncyber security attacks, specifically showing \nthat risk taking organizations implemented cybersecurity measures to meet \ncompliance and audit obligations with an annual spend of $3.18 million. It also \nindicated that 23.6% of risk-taking organizations incurred more than 6 \ncybersecurity breaches with an average dollar loss of $3.5 million. In \naddition, the impact of a cybersecurity breach on risk taking organizations is \nas follows: 1) data loss; 2) brand/reputational \nimpact; 3) financial loss fines; 4) increase oversight \nby regulators/internal audit; and 5) \ncustomer/client impact. The implication this research has on practice is \nextensive, as it focuses on a broad range of areas to include risk, funding and \ntype and impact of cyber security breaches encountered. The survey study \nclearly demonstrated the need to develop and utilize a digital cybersecurity \nrisk management framework to integrate current industry frameworks within the \nrisk management practice to include continuous compliance management. This type \nof framework would provide a balanced approach to managing the gap between a \nrisk-taking organization and a risk averse organization when implementing \ncybersecurity measures.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":"12 1","pages":"137-161"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Optimum Spending on Cybersecurity Measures: Part II\",\"authors\":\"Sherita Tara Kissoon\",\"doi\":\"10.4236/JIS.2021.121007\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The purpose of this research is to \\ninvestigate the decision-making process for cybersecurity investments in \\norganizations through development and utilization of a digital cybersecurity \\nrisk management framework. The initial article, Optimum Spending on \\nCybersecurity Measures is published on Emerald Insight at: https://www.emerald.com/insight/1750-6166.htm, contains the detailed literature review, and the data results from \\nPhase I and Phase II of this research REF _Ref61862658 \\\\r \\\\h \\\\* MERGEFORMAT [1]. This article will \\nhighlight the research completed in the area of organizational decision-making \\non cybersecurity spend. In leveraging the review of additional studies, this \\nresearch utilizes a regression framework and case study methodology to \\ndemonstrate that effective risk-based decisions are necessary when implementing \\ncybersecurity controls. Through regression analysis, the effectiveness of \\ncurrent implemented cybersecurity measures in organizations is explored when connecting a dependent variable with several independent \\nvariables. The focus of this article is on the strategic decisions made by \\norganizations when implementing cybersecurity measures. This research belongs \\nto the area of risk management, and various models within the field of 1) \\ninformation security; 2) strategic management; and 3) organizational decision-making to determine optimum spending on \\ncybersecurity measures for risk taking organizations. This research resulted in \\nthe development of a cyber risk investment model and a digital cybersecurity risk management framework. Using a case study methodology, \\nthis model and framework were leveraged to evaluate \\nand implement cybersecurity measures. The case study methodology provides an \\nin-depth view of a risk-taking organization’s risk mitigation strategy within \\nthe bounds of the educational environment focusing on five areas identified \\nwithin a digital cyber risk model: 1) technology landscape and application \\nportfolio; 2) data centric focus; 3) risk management \\npractices; 4) cost-benefit analysis for cybersecurity measures; and 5) strategic development. The outcome of this research provides \\ngreater insight into how an organization makes decisions when implementing \\ncybersecurity controls. This research shows that most organizations are \\ndiligently implementing security measures to effectively monitor and detect \\ncyber security attacks, specifically showing \\nthat risk taking organizations implemented cybersecurity measures to meet \\ncompliance and audit obligations with an annual spend of $3.18 million. It also \\nindicated that 23.6% of risk-taking organizations incurred more than 6 \\ncybersecurity breaches with an average dollar loss of $3.5 million. In \\naddition, the impact of a cybersecurity breach on risk taking organizations is \\nas follows: 1) data loss; 2) brand/reputational \\nimpact; 3) financial loss fines; 4) increase oversight \\nby regulators/internal audit; and 5) \\ncustomer/client impact. The implication this research has on practice is \\nextensive, as it focuses on a broad range of areas to include risk, funding and \\ntype and impact of cyber security breaches encountered. The survey study \\nclearly demonstrated the need to develop and utilize a digital cybersecurity \\nrisk management framework to integrate current industry frameworks within the \\nrisk management practice to include continuous compliance management. This type \\nof framework would provide a balanced approach to managing the gap between a \\nrisk-taking organization and a risk averse organization when implementing \\ncybersecurity measures.\",\"PeriodicalId\":57259,\"journal\":{\"name\":\"信息安全(英文)\",\"volume\":\"12 1\",\"pages\":\"137-161\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"信息安全(英文)\",\"FirstCategoryId\":\"1093\",\"ListUrlMain\":\"https://doi.org/10.4236/JIS.2021.121007\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"信息安全(英文)","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.4236/JIS.2021.121007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Optimum Spending on Cybersecurity Measures: Part II
The purpose of this research is to
investigate the decision-making process for cybersecurity investments in
organizations through development and utilization of a digital cybersecurity
risk management framework. The initial article, Optimum Spending on
Cybersecurity Measures is published on Emerald Insight at: https://www.emerald.com/insight/1750-6166.htm, contains the detailed literature review, and the data results from
Phase I and Phase II of this research REF _Ref61862658 \r \h \* MERGEFORMAT [1]. This article will
highlight the research completed in the area of organizational decision-making
on cybersecurity spend. In leveraging the review of additional studies, this
research utilizes a regression framework and case study methodology to
demonstrate that effective risk-based decisions are necessary when implementing
cybersecurity controls. Through regression analysis, the effectiveness of
current implemented cybersecurity measures in organizations is explored when connecting a dependent variable with several independent
variables. The focus of this article is on the strategic decisions made by
organizations when implementing cybersecurity measures. This research belongs
to the area of risk management, and various models within the field of 1)
information security; 2) strategic management; and 3) organizational decision-making to determine optimum spending on
cybersecurity measures for risk taking organizations. This research resulted in
the development of a cyber risk investment model and a digital cybersecurity risk management framework. Using a case study methodology,
this model and framework were leveraged to evaluate
and implement cybersecurity measures. The case study methodology provides an
in-depth view of a risk-taking organization’s risk mitigation strategy within
the bounds of the educational environment focusing on five areas identified
within a digital cyber risk model: 1) technology landscape and application
portfolio; 2) data centric focus; 3) risk management
practices; 4) cost-benefit analysis for cybersecurity measures; and 5) strategic development. The outcome of this research provides
greater insight into how an organization makes decisions when implementing
cybersecurity controls. This research shows that most organizations are
diligently implementing security measures to effectively monitor and detect
cyber security attacks, specifically showing
that risk taking organizations implemented cybersecurity measures to meet
compliance and audit obligations with an annual spend of $3.18 million. It also
indicated that 23.6% of risk-taking organizations incurred more than 6
cybersecurity breaches with an average dollar loss of $3.5 million. In
addition, the impact of a cybersecurity breach on risk taking organizations is
as follows: 1) data loss; 2) brand/reputational
impact; 3) financial loss fines; 4) increase oversight
by regulators/internal audit; and 5)
customer/client impact. The implication this research has on practice is
extensive, as it focuses on a broad range of areas to include risk, funding and
type and impact of cyber security breaches encountered. The survey study
clearly demonstrated the need to develop and utilize a digital cybersecurity
risk management framework to integrate current industry frameworks within the
risk management practice to include continuous compliance management. This type
of framework would provide a balanced approach to managing the gap between a
risk-taking organization and a risk averse organization when implementing
cybersecurity measures.