مقاله انگلیسی رایگان در مورد قالب فرهنگ امنیت سایبری برای آمادگی سازمان – تیلور و فرانسیس 2022

 

مشخصات مقاله
ترجمه عنوان مقاله چارچوب فرهنگ امنیت سایبری برای ارزیابی آمادگی سازمان
عنوان انگلیسی مقاله A Cyber-Security Culture Framework for Assessing Organization Readiness
انتشار  مقاله سال 2022
تعداد صفحات مقاله انگلیسی  11 صفحه
هزینه  دانلود مقاله انگلیسی رایگان میباشد.
پایگاه داده  نشریه تیلور و فرانسیس – Taylor & Francis
نوع نگارش مقاله مقاله پژوهشی (Research article)
مقاله بیس این مقاله بیس میباشد
نمایه (index) JCR – Master Journal List – Scopus
نوع مقاله
ISI
فرمت مقاله انگلیسی  PDF
ایمپکت فاکتور(IF)
3.906 در سال 2020
شاخص H_index 66 در سال 2022
شاخص SJR 0.820 در سال 2020
شناسه ISSN 0887-4417
شاخص Quartile (چارک) Q1 در سال 2020
فرضیه دارد ندارد
مدل مفهومی
پرسشنامه
متغیر
رفرنس
رشته های مرتبط مهندسی فناوری اطلاعات – مدیریت
گرایش های مرتبط اینترنت و شبکه های گسترده – شبکه های کامپیوتری – مدیریت تکنولوژی – نوآوری تکنولوژی
نوع ارائه مقاله
ژورنال
مجله / کنفرانس مجله سیستم های اطلاعات کامپیوتری – Journal of Computer Information Systems
دانشگاه National Technical University of Athens, Greece
کلمات کلیدی فرهنگ امنیت سایبری – ارزیابی – آگاهی – رفتار امنیتی
کلمات کلیدی انگلیسی  Cybersecurity culture – assessment – awareness – security behavior
شناسه دیجیتال – doi https://doi.org/10.1080/08874417.2020.1845583
کد محصول e16797
وضعیت ترجمه مقاله  ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید.
دانلود رایگان مقاله دانلود رایگان مقاله انگلیسی
سفارش ترجمه این مقاله سفارش ترجمه این مقاله

 

فهرست مطالب مقاله:
Abstract
Introduction
Background
Security culture framework
Application
Considerations and limitations
Conclusion and future work
Acknowledgments
Funding
References

 

بخشی از متن مقاله:

Abstract

     This paper presents a cyber-security culture framework for assessing and evaluating the current security readiness of an organization’s workforce. Having conducted a thorough review of the most commonly used security frameworks, we identify core security human-related elements and classify them by constructing a domain agnostic security model. We then proceed by presenting in detail each component of our model and attempt to quantify them in order to achieve a feasible assessment methodology. The paper thereafter presents the application of this methodology for the design and development of a security culture evaluation tool, that offers recommendations and alternative approaches to workforce training programs and techniques. The model has been designed to easily adapt on various application domains while focusing on their unique characteristics. The paper concludes on applications of our instrument on security-critical domains, and its contribution to current research by providing deeper insights regarding the human factor in cybersecurity.

Introduction

     Information Security is a multidisciplinary area of study and professional activity focusing on safeguarding and protecting Information Technology against a variety of dangers and threats.1,2 Initially, information security was characterized by a rather technical approach best left to the technical experts. 3 Even at this early stage, people responsible for implementing information security, identified the need for top management becoming involved. This led to a second phase where information security was incorporated into organizational structures and Information Security Managers were appointed.4 Security policies and procedures were drafted creating the need to understand their effectiveness and assess their results. But most importantly, revealing that there were other elements of information security that had been disregarded up until then. Information security standardization, certification and assessment were introduced along with an effort to understand and address the human element as an important security factor.5

     An organization’s biggest threat to privacy and security, even if not acknowledged, are considered to be their own staff. 6 Employee security awareness is a key link to an organization’s security chain since even the most well-guarded corporation is defenseless with no security culture. 7,8 This term, “security culture,” soon dominated in the era and was attributed various definitions.9 The vast majority of them agree that it “exists when every participant in the information society, appropriately to their role, is aware of the relevant security risks and preventative measures, assumes responsibility and takes steps to improve the security of their information systems and networks

Conclusion and future work 

     Research trend appears to be moving from a technical approach of information security to a socio-cultural approach.53,96,97 Technical simulations and real-time testing of information systems, mathematical models, analytics, and risk assessments make room to behavioral, organizational, and criminological theories as to the basis of the cybersecurity evaluation.

     The security culture framework presented in this paper manages to combine the pros and mitigate the cons of both scientific approaches while underlining the importance of human factor in the security chain.9 Its iterative nature allows closely monitoring and constantly evaluating an organization’s cyber-security culture which, as a living mechanism, adapts and evolves to the continuously demanding technological environment of this century

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

دکمه بازگشت به بالا