ABSTRACT
Given that cyber security underwrites public trust in digital services and technologies, the new cyber strategy sets out a vision for reducing the cyber security risk to health and social care organizations across the Department of Health and Social Care (DHSC), National Health Service (NHS) organizations, local authorities, independent social care providers, and suppliers-which includes pharmaceutical manufacturers. [...]attacks can cause a complete loss of access to clinical and administrative information technology (IT) systems, resulting in significant disruption in day-to-day operations. According to the NCSC, ransomware attacks are increasingly seen to include data theft and extortion with a threat of data leaks (3). According to the UK government's recently published policy paper outlining the new cyber security strategy, "all these threats pose risk not just to patient and staff safety, but also to public trust in a health and social care system that can and must safeguard people's data" (2).
ABSTRACT
The revised NIS-2 Directive has been assigned to the Committee on Industry, Research, and Energy (ITRE), within the European Parliament, and is intended to form one of the baselines for the European cybersecurity framework, as well as act as a central tool in advancing Europe's strategic autonomy and the Digital Europe Programme (3). The intention is that cyber resilience must be considered a priority at board and senior management level rather than be confined to the remit of technical teams. European Parliament Adopts New Draft Directive," Technology Law Dispatch, Reed Smith LLP, 20 Jan. 2022.
ABSTRACT
A közigazgatás a kibertér felől érkező fenyegetések egyik leggyakoribb célpontja, az állami és önkormányzati szervek elleni kibertámadások egyre célzottabbak, kifinomultabbak és egyre nagyobb kár okozására képesek. Az elektronikus információs rendszerek biztonsága érdekében hatékony fizikai, logikai és adminisztratív intézkedéseket szükséges alkalmazni, amelyek meghatározásához elengedhetetlen az aktuális információbiztonsági incidenstrendek ismerete. Jelen tanulmány célja a Nemzetbiztonsági Szakszolgálat Nemzeti Kibervédelmi Intézet által, 2019 és 2021 közötti időszakban detektált információbiztonsági események átfogó elemzése, a közigazgatást érintő hazai incidenstrendek azonosítása érdekében. Az írás kiemelten vizsgálja, hogy a kibertámadók hogyan reagáltak a Covid-19-világjárványra, és ez milyen módon jelenik meg a hazai incidenstrendekben. Az elemzés további célkitűzése annak megállapítása, hogy mely szektort érte a legtöbb incidens a vizsgált időszakban, és mely incidenstípusok jellemzők ebben az ágazatban. További kutatási kérdésként merült fel, hogy a pszichológiai manipuláció milyen százalékos arányban mutatható ki a detektált incidenstrendekben.Alternate :Public administration is one of the most common targets of cyber threats. Cyberattacks against public and local governments are becoming increasingly targeted, sophisticated, and are capable of causing ever greater damage. Information systems security requires effective physical, logical and administrative measures, which needs knowledge of current trends in information security incidents. The aim of this study is to provide a comprehensive analysis of information security incidents detected by the National Cyber-Security Centre of Hungary between 2019 and 2021 in order to identify national incident trends affecting public administrations. The paper focuses on how cyber attackers have responded to the Covid-19 pandemic and how this is reflected in national incident trends. A further objective of the analysis is to identify which sector was affected the most by incidents during the period under review and which incident types are typical for this sector. A further research question was the percentage of social engineering in the detected incident trends.
ABSTRACT
PurposeThis paper aims to find a suitable structure for a practitioner's handbook that addresses the structural elements of the business continuity (BC) practice.Design/methodology/approachThe case study using the mixed method, quantitative with a questionnaire and conceptual research approach was what has been chosen. The four steps to the research process are outlined: one, choosing the topic, two, collecting relevant literature, three, identifying specific variables and four, generating a structure. The design brought on by years of experience, should be put into an organised system and handbook that can be reused, without having to reinvent the wheel.FindingsA BC handbook should be as relevant to the executives and management as to their employees. By adopting a BC practice in a government department, state-owned entity, agency or municipality. Assurance will be ascertained for reliable, improved service delivery and reputation with much less interruption. Therefore a handbook with a "cradle to the grave” BC approach should outline, with examples of standards, awareness, policy, BC programme plan, BC structures, business impact and risk analysis, strategy, budgets, scorecards, monitoring and evaluation, recovery and BC plans, together with the audit and an International Standards Organization (ISO) 22301 certification process.Research limitations/implicationsThe research was limited to literature, questionnaires and identified variables pertaining to BC management (BCM) in the South African Government.Practical implicationsThe implications of the case study is that out of the variables identified and the relevant literature and standards, a structure for a relevant post-COVID-19 government practitioner's handbook could be made available.Social implicationsThe use of a BCM handbook for government would assist in the continuation of services through manmade and natural disasters. The service to the citizen, including but not limited to water, electricity, sanitation, medical and health services, and the food supply chain are just a few areas that can be positively impacted upon by good BCM. By implication the reliance of government structure are treated most in time of disasters as experienced through the two year period of the COVID-19 pandemic.Originality/valueThe government departments in South Africa do not have or have not implemented BCM due to the lack of clear guidelines. The COVID-19 pandemic however had accelerated the requirement for a top down BCM approach. To ensure that the scope of BCM is not limited, the possibility of having a set handbook for the government practitioner will ensure that service quality remains intact. Such a handbook related to government BCM practice is long outstanding.
ABSTRACT
Every delay, from equipment not arriving at a clinical site on time to patients unable to arrive for an onsite visit, creates an avalanche of effects, from decreased patient retention to increased time to market. [...]extending beyond logistical complexities, data compliance regulations, such as HI PA A or GDPR, expand further back in the supply chain as partners need to handle patient data that enables home delivery of equipment as well as labeling for sample collections. Delivering training in a decentralized clinical trial Logistics is more than the movement of people and products;it's also about the movement of information. [...]hybrid and virtual trials require partners to ship directly to or pick up directly from patients, requiring partners to have access to a range of personal information, from the patient's name and address to the study type to the serial number of the equipment used. Data that is not properly secured can create cybersecurity risks that potentially expose confidential patient information as well as violate regulatory standards.
ABSTRACT
PurposeThere is an increasing interest in the supply chain's digitalization, yet the topic is still in the preliminary stages of academic research. The academic literature has no consensus and is still limited to research assessing the supply chain's digitalization of organizations. This study aims to explore the supply chain digitalization drivers to understand the emerging phenomena. More specifically, the authors devised from the literature the most common factors in assessing the readiness in scaling supply chain digitalization.Design/methodology/approachThis study followed a five-phased systematic literature review (SLR) methodology in this research: designing, analyzing, conducting, writing and assessing the quality of the review. The SLR is beneficial for justifying future research regardless of the complex process that requires dealing with high-level databases, information filtering and relevancies of the content. Through analysis of 347 titles and s and 40 full papers, the authors showed and discussed the supply chain digitalization: transformation factors.FindingsThe results generated three main themes: technology, people and processes. The study also generated ten subthemes/primary drivers for assessing the readiness for supply chain digitalization in organizations: IT infrastructure, cybersecurity systems, digitalization reskilling and upskilling, digitalization culture, top management support, digitalization and innovation strategy, integrated supply chain, digital innovation management, big data management and data analytics and government regulations. The importance of each factor was discussed, and future research agenda was presented.Research limitations/implicationsWhile the key drivers of the supply chain digitalization were identified, there is still a need to study the statistical correlation to confirm the interrelationships among factors. This study is also limited by the articles available in the databases and content extraction.Practical implicationsThis study supports decision-makers in understanding the critical drivers in digitalizing the supply chain. Once these factors are studied and comprehended, managers and decision-makers could better anticipate and allocate the proper resources to embark on the digitalization journey and make informed decisions.Originality/valueThe digitalization of the supply chain is more critical nowadays due to the global disruptions caused by the Coronavirus (COVID-19) pandemic and the surge of organizations moving toward the digital economy. There is a gap between the digital transformation pilot studies and implementation. The themes and factors unearthed in this study will serve as a foundation and guidelines for further theoretical research and practical implications.
ABSTRACT
Introduction: The COVID-19 pandemic posed numerous challenges to patient care, including extensive PPE use, patient care in isolation rooms, inadequate numbers of intensivists particularly in rural communities, use of unfamiliar ventilators that would be partially remedied by the ability to remotely control lung ventilation. The goals of the project were to study the intended use, risk management, usability, cybersecurity for remote control of ventilators and demonstrate the use of a single interface for several different ventilators. Method(s): Clinical scenarios were developed including remote control of the ventilator from an antechamber of an isolation room, nursing station within the same ICU, and remote control from across the country. A risk analysis and was performed and a risk management plan established using the AAMI Consensus Report--Emergency Use Guidance for Remote Control of Medical Devices. A cybersecurity plan is in progress. Testing was done at the MDPNP laboratory. We worked with Nihon Kohden OrangeMed NKV-550, Santa Ana, CA, and Thornhill Medical MOVES SLC, Toronto, Canada. Both companies modified their devices to allow remote control by and application operating on DocBox's Apiary platform. Apiary is a commercially available ICE solution, DocBox Inc, Waltham, MA. An expert panel was created to provide guidance on the design of a single common, simple to use graphical user interface (GUI) for both ventilators. Manufacturers' ventilation modes were mapped to ISO 19223 vocabulary, data was logged using ISO/IEEE 11073-10101 terminology using AAMI 2700-2-1, Medical Devices and Medical Systems - Essential safety and performance requirements for equipment comprising the patient-centric integrated clinical environment (ICE): Part 2-1: Requirements for forensic data logging. Result(s): We demonstrated that both ventilators can be controlled and monitored using common user interface within an institution and across the country. Pressure and flow waveforms were available for the NKV-550 ventilator, and usual ventilator measurements were displayed in near-real time. The interface allowed changing FiO2, ventilation mode, respiratory rate, tidal volume, inspiratory pressure, and alarm settings. At times, increased network latency negatively affected the transmission of waveforms. Conclusion(s): We were able to demonstrate remote control of 2 ventilators with a common user interface. Further work needs to be done on cybersecurity, effects of network perturbations, safety of ventilator remote control, usability implications of having a common UI for different devices needs to be investigated.
ABSTRACT
COVID-19 pandemic has caused havoc worldwide. India is also facing challenging circumstances as the figure of infected/positive cases is rising day by day. This study deals with the development of education: Post COVID-19. This paper will help to understand "Digital Education: Opportunities and Threats". The Corona virus has exposed emerging vulnerabilities in learning systems all over the world. A lot of relevant literature was explored to confine the essence of continued learning during these exceptional times. Educational organizations all over the world are moving towards online/Digital learning. This paper also proposes digital education as an urgent need in this lock downs times and social distancing due to COVID-19 pandemic. It also provides a powerful stage for further research. The use of digital technology in education is experiencing a tremendous boom in education sector with cost effectiveness. Although it is unclear whether technology will plug all of the holes in the Indian Education system but it seems that technology is playing a major role in education interventions. Due to advancements in technology, accessibility of low-priced laptops/mobiles, wireless equipments, and related communications setups signs both opportunities and challenges for learning organizations and their faculty and students. Digital Education has potential that can produce knowledge workers. The government has analyzed that ICT sector has important role in education due to that many programmes such as NEOR, NMEICT, NKN, Eklavya, NPTEL, and NROER has been launched. Digital Education has bring success in the field of education but still there area number of challenges in most of Indian institutes like shortage of quality teachers, deprived quality of research, and deprived quality of training etc. Digital Education is overall very beneficial for the students of country like India.Copyright © 2020 Ubiquity Press. All rights reserved.
ABSTRACT
This study presents internet of things (IOT) and artificial intelligence technologies that are critical in reducing the harmful effects of this illness and assisting its recovery. It explores COVID-19's economic impacts before learning about new technologies and potential solutions. The research objective was to propose a solution for self-diagnosis, self-monitoring, and self-management of COVID-19 with personal mobiles and personal data using cloud solutions and mobile applications with the help of an intelligent IoT system, artificial intelligence, machine learning, and 5G technologies. The proposed solution based on self-diagnosis without any security risk for users' data with low cost of cloud-based data analytics by using handsets only is an innovative approach. Since the COVID-19 outbreak, the global social, economic, religious, and cultural frameworks and schedules have been affected adversely. The fear and panic associated with the new disease, which the world barely knew anything about, amplified the situation. Scientists and epidemiologists have traced the first outbreak of COVID-19 at Wuhan, China. A close examination of the genetic makeup of the virus showed that the virus is zoonotic, meaning that the virus changed hosts from animals to humans. The uncertainty associated with the above features and characteristics of the virus, as well as the high mortality rates witnessed in many parts of the globe, significantly contributed to the widespread global panic that brought the world to a standstill. Different authorities and agencies associated with securing the public have implemented different means and methods to try and mitigate the transmission of the infection as scientists and medical practitioners work on remedies to curb the spread of COVID-19. Owing to different demographics, different parts of the globe have attempted to effectively implement locally available resources to efficiently fight and mitigate the adverse effects of the COVID-19 pandemic. The general framework provided by the World Health Organization (WHO) has been implemented or enhanced in different parts of the globe by locally available resources and expertise to effectively mitigate the impact of COVID-19. There is currently no effective vaccine for COVID-19, but new technology can be available within weeks to reduce the spread of the disease;current approaches such as contact tracing and testing are not secure, and the cost of testing is high for end users. The proposed solution based on self-diagnosis without any security risk for users' data with low cost of cloud-based data analytics functions by using an intelligent internet of things (IOT) system for collecting sensors data and processing them with artificial intelligence to improve efficiency and reduce the spread of COVID-19.
ABSTRACT
This research paper focuses on mobile banking acceptance among Generation Z users by combining the technology acceptance model (TAM) and the unified theory of acceptance and use of technology (UTAUT) theory, as well as extending the theories with perceived trust and risk. During the COVID-19 pandemic, the online questionnaire survey was distributed using Google Forms, and the sample group was Thai Generation Z who were aged between 18 and 25 years old. The research objectives aim to (i) investigate the crucial effects that potentially affect user intention and actual usage of mobile banking, (ii) identify the most influential factor impacting users' intention and behavior, (iii) further study the trust and risk perception of Generation Z users on mobile-banking intention and actual usage, (iv) discuss the findings with the antecedent studies, and (v) contribute the research findings both theoretically and practically. The proposed constructs include perceived usefulness, perceived ease of use, social influence, facilitating conditions, perceived trust, perceived risk, behavioral intention, and actual usage. There are fourteen proposed hypotheses to be tested. Based on the outcomes and the standardized coefficient beta, perceived usefulness (β = 0.518) was the strongest factor determining Generation Z's behavioral intention, while perceived ease of use (β = 0.809) impacting perceived usefulness demonstrated the strongest relationship among all of the hypotheses.
ABSTRACT
In the post pandemic era, the telecommuting of business employees has widely become acceptable in organizations, which demands extensive dependence on digital technologies. In addition, this poses additional security threats for business employees as well as organizations. In order to better respond to security threats, business employees must have a higher level of awareness of the potential threats that are relevant to digital infrastructure used within the workplace. In this paper, we present a quantitative study conducted in line with the theory of planned behavior to gain insight into employee behavior toward information security within different business sectors in Saudi Arabia. The key factors chosen for our model were password management, infrastructure security management, email management, organizational security policy, organizational support and training, and the perception of the level of security. We have applied structured equation modelling to identify most of the relevant factors based on the respondents' feedback. The results based on the business employee behavior showed that they respondents did not perceive all of the constructs of our model as relevant security factors, which can potentially result in security lapses. This indicates that more security-related measures should be put in place and that business employees should be updated periodically about potential security threats. To this effect, we divided the studied security measures into those which should be implemented at organizational and individual levels. The results will potentially help business managers to design appropriate security trainings, guidelines, and policies for their employees to ensure more information security awareness and protect their technological infrastructure, especially within home office environments.
ABSTRACT
COVID-19 pandemic has changed the lifestyle of all aspects of life. These circumstances have created new patterns in lifestyle that people had to deal with. As such, full and direct dependence on the use of the unsafe Internet network in running all aspects of life. As example, many organizations started officially working through the Internet, students moved to e-education, online shopping increased, and more. These conditions have created a fertile environment for cybercriminals to grow their activity and exploit the pressures that affected human psychology to increase their attack success. The purpose of this paper is to analyze the data collected from global online fraud and cybersecurity service companies to demonstrate on how cybercrimes increased during the COVID-19 epidemic. The significance and value of this research is to highlight by evident on how criminals exploit crisis, and for the need to develop strategies and to enhance user awareness for better detection and prevention of future cybercrimes.
ABSTRACT
Privacy in Electronic Health Records (EHR) has become a significant concern in today's rapidly changing world, particularly for personal and sensitive user data. The sheer volume and sensitive nature of patient records require healthcare providers to exercise an intense quantity of caution during EHR implementation. In recent years, various healthcare providers have been hit by ransomware and distributed denial of service attacks, halting many emergency services during COVID-19. Personal data breaches are becoming more common day by day, and privacy concerns are often raised when sharing data across a network, mainly due to transparency and security issues. To tackle this problem, various researchers have proposed privacy-preserving solutions for EHR. However, most solutions do not extensively use Privacy by Design (PbD) mechanisms, distributed data storage and sharing when designing their frameworks, which is the emphasis of this study. To design a framework for Privacy by Design in Electronic Health Records (PbDinEHR) that can preserve the privacy of patients during data collection, storage, access and sharing, we have analysed the fundamental principles of privacy by design and privacy design strategies, and the compatibility of our proposed healthcare principles with Privacy Impact Assessment (PIA), Australian Privacy Principles (APPs) and General Data Protection Regulation (GDPR). To demonstrate the proposed framework, ‘PbDinEHR', we have implemented a Patient Record Management System (PRMS) to create interfaces for patients and healthcare providers. In addition, to provide transparency and security for sharing patients' medical files with various healthcare providers, we have implemented a distributed file system and two permission blockchain networks using the InterPlanetary File System (IPFS) and Ethereum blockchain. This allows us to expand the proposed privacy by design mechanisms in the future to enable healthcare providers, patients, imaging labs and others to share patient-centric data in a transparent manner. The developed framework has been tested and evaluated to ensure user performance, effectiveness, and security. The complete solution is expected to provide progressive resistance in the face of continuous data breaches in the patient information domain.
ABSTRACT
The rapid growth in technology and several IoT devices make cyberspace unsecure and eventually lead to Significant Cyber Incidents (SCI). Cyber Security is a technique that protects systems over the internet from SCI. Data Mining and Machine Learning (DM-ML) play an important role in Cyber Security in the prediction, prevention, and detection of SCI. This study sheds light on the importance of Cyber Security as well as the impact of COVID-19 on cyber security. The dataset (SCI as per the report of the Center for Strategic and International Studies (CSIS)) is divided into two subsets (pre-pandemic SCI and post-pandemic SCI). Data Mining (DM) techniques are used for feature extraction and well know ML classifiers such as Naïve Bayes (NB), Support Vector Machine (SVM), Logistic Regression (LR) and Random Forest (RF) for classification. A centralized classifier approach is used to maintain a single centralized dataset by taking inputs from six continents of the world. The results of the pre-pandemic and post-pandemic datasets are compared and finally conclude this paper with better accuracy and the prediction of which type of SCI can occur in which part of the world. It is concluded that SVM and RF are much better classifiers than others and Asia is predicted to be the most affected continent by SCI. Author
ABSTRACT
Implementing a well-integrated procurement system and applying uniform practices to achieve the strategic goals of any company is a complex phenomenon. Navigating the digital procurement systems in achieving supply-chain resilience remains a predicament. Framed within the technology acceptance model (TAM), which is a key model in understanding the predictors of human behaviour toward the potential acceptance or rejection of the technology. This study explored the benefits and barriers of digital procurement at Airports Company South Africa (ACSA). A qualitative approach in a form of a single holistic case study design was adopted. The sample involved 18 employees and individuals who were supply chain management (SCM), information technology (IT), and programme management office (PMO) professionals. Semi-structured interviews conducted focused on those with extensive experience on procurement, digital technologies, procurement automation or the implementation of transformation programmes. Digital procurement is a value-adding function at ACSA with the possibilities of providing cost reduction in the supply chain. However, the participants highlighted job losses, cyber security, lack of interoperability, lack of skills and system downtimes as obstacles affecting the adoption of digital procurement and as organizational barriers. The infusion of digital technologies into various aspects of organisational processes and outcomes remains a complex, dynamic, fluid, and volatile phenomenon. A framework highlighting critical focus areas when it comes to the adoption of digital procurement of digitalization is presented.
ABSTRACT
PurposeThis research addresses the relationships between the current, dynamic organisational cyber risk climate, organisational cybersecurity performance and changes in cybersecurity investments, with an aim to address the hostile epistemic climate for intellectual capital management presented by the dynamics of cybersecurity as a phenomenon.Design/methodology/approachExpanding on the views of digital security and resilience as a knowledge problem, the research looks at cybersecurity as a critical capability within organisations, particularly relevant in critical infrastructure sectors. The problem is studied from the perspective of 400 C-level executives from critical infrastructure sectors across the UK. Data collected at the peak of the coronavirus disease 2019 (COVID-19) pandemic, a time when critical infrastructure organisations have been under a significant strain due to an increase in cybersecurity incidents, were analysed using partial least square structural equation modelling.FindingsThe research found a significant correlation between the board's perception of a change in their cybersecurity risk climate and patterns of both the development of cybersecurity management capabilities and cybersecurity investments. The authors also found that a positive correlation exists between the efforts placed by critical infrastructure organisations in cybersecurity training and the changes in investment in their cybersecurity, particularly in relation to their intellectual capital development efforts.Originality/valueTo the best of the authors' knowledge, this is the first paper that explores the board's perception of cybersecurity in critical infrastructure organisations both from the intellectual capital perspective and in the dynamic cyber risk climate derived from the COVID-19 crisis. The authors' findings expand on the growing perception of cybersecurity as a knowledge problem, and thus inform future research and practice in the domain of intellectual capital management and its role in supporting the cybersecurity and digital resilience of business and society.
ABSTRACT
Cybersecurity leaders are not adequately developed to guide the re-engineering of quality customer service (QCS) workflows, designed with automation and AI, that interrelate with people through customers perceptions. Realizing re-engineering processes should be a team effort with well-versed leadership and stakeholders guiding the successful design through a follow-up process. Leaders must shape compelling and straightforward needs to learn and teach employees and chat boxes indispensable customer service skills demonstrating patience, self-discipline, flexibility, and resourcefulness in communication with irritated customers or difficult circumstances. Whether the analysis, design, development, and implementation struggles are vacuums in cybersecurity knowledge, skill, and abilities or a dearth of budget and resource limits, creating thorough QSC workflows and training requires time and purpose. This knowledge must be proactively, not reactively built. QSC re-engineering epitomizes a shift from reactionary behaviors to proactively preparing a well-defined collection of intends, activities, and aims delineating how organizations will contend through products and services. This article should benefit respondents absorbed in the success of updating and implementing QCS actions and workflows, practitioners who guide direct customer services initiatives, enterprise governance strategists, QCS and machine learning trainers, and learners who want to know more about QCS swathed in cybersecurity.
ABSTRACT
Fintech is now defined by a long-term, global process of digitisation of finance, increasingly combined with datafication and new technologies including cloud computing, blockchain, Big Data and artificial intelligence. Cybersecurity and technological risks are thus evolving into major threats to financial stability and national security. This trend has been magnified by the COVID-19 crisis which has heightened dependence on digital technologies and seen substantial parts of the population working from home through systems of questionable security. Additionally, the entry of BigTech firms brings two new issues. The first arises with new forms of potentially systemically important infrastructure. The second arises because data-like finance-benefits from economies of scope and scale and from network effects and-even more than finance-tends towards monopolistic or oligopolistic outcomes. This leads to potential systematic risk from new forms of "Too Big to Fail" and "Too Connected to Fail" phenomena. We suggest some basic principles about how to address this entire range of risks.
ABSTRACT
The COVID-19 pandemic has radically altered the federal government, demonstrating the need for increased attention and resources in combating cybersecurity threats and providing a modern digital government experience to constituents. A severe cyber skills gap within the federal government, coupled with an increasingly aging federal workforce, has left some federal agencies struggling to modernize. This crisis also presents unique opportunities. As the push for a technologically modern federal government grows along with recognition of the importance of federal cybersecurity, a number of possibilities for the modern federal agency have opened up and are on the path to becoming certainties. To take advantage of the opportunities presented by these changes and to best position their respective agencies going forward, Chief Information Officers (CIOs) and agency executives should prioritize solutions to attract, train, and retain a technologically savvy workforce. This requires carving out or seeking funding for different information technology (IT) pay scales to compete with private practice, rebranding the federal government to attract young talent, and centering customer experience in the design and development of new programs, websites, and digital services that serve as the bedrock of IT modernization.