The Refractive Thinker® Vol XII: CYBERSECURITY
The Refractive Thinker® Press 2017
Number of Pages: 187


Summary

Join Bill Bonney, Matt Stamper, and Gary Hayslip and contributing scholars for this next volume in the 15 time award winning series as they discuss current research regarding the challenges of the world of cybersecurity and its effects in and on the marketplace. This volume contains research shaping the conversation regarding what the future may hold to protect businesses and consumers regarding the perils of digital technology. As you read the pages ahead, we ask you to ask yourself: “What should I be doing to make a safer cyber world?” This is critically important if we’re to reap the benefits promised in this new digital age.

Chapters

RT Vol XII: FOREWORD
The headlines have been screaming for several years about cyber-attacks that hit every aspect of our daily lives. What once was solely the province of credit card fraud has now extended to phishing for personal details. Infections bring malicious code that does everything from destroy your hard disk to steal your personal information to encrypt your files and hold them for ransom to turn your PC or cell phone, or even TV, into a mindless drone in a massive bot army ready to wreak havoc in your digital name. Where does it stop? We can no longer trust the news now that bots push fake news to drive up clicks, we worry about the lights going off because power plants are under siege, and now we wonder if we can trust our elections.
One of the key factors that drove us to write the CISO Desk Reference Guide was the realization that we’re outmanned and out gunned. Outmanned in that we need thousands more cybersecurity specialists than are available today, and many firms are hiring their first Chief Information Security Officer (CISO). Out gunned in that the tools of the past, that aimed to deploy a firewall to protect a well-defined and completely self-contained enterprise network, are no longer even a meager deterrent for a mildly determined cybercriminal. We can no longer even draw the distinction between cybercrime and nation-state activity, as recent reports acknowledge that the criminals are almost as well equipped as the spies.
What is critically important is that we bring all the soft power and all the hard power we can muster against this threat. We envision a world that is safe from threats and to get there, society must become educated, we must act in unison, and we must become more informed consumers and a more informed electorate. As we engage more on how to make our world safer, we must recognize each person’s role and resist the temptation to assume our government or big industry bears sole responsibility. We didn’t eradicate most infectious disease in the developed world by leaving it to just the doctors, and we’re not going to rid the world of cybercrime and cyber terrorism by leaving it to the experts alone.
It is with this backdrop that Dr. Cheryl Lentz continues her award-winning Refractive Thinker® series by bringing forth PhD theses on cybersecurity in a new volume XII: Cybersecurity in an Increasingly Insecure World. In this pivotal work, her scholars are approaching the cybersecurity issue from all the right angles. Dr. Tracy Celaya and Dr. Adam Pierce look at the challenges of getting talent right in Human Resources in the Cloud: Hiring and Protecting Data and Hiring Outsourced Cybersecurity Professionals for Government Contracts, respectively. Dr. Ivan Salaberrios further explores the talent area, addressing how to hang out your own shingle. Several authors address cybersecurity issues in the realm of higher education, where profound changes must be made to bring critical skills to those who are preparing to enter the cyber workforce. These works include addressing integrity and ethics, as well as raising awareness of cybersecurity in the higher education domain, because yes, our schools are under attack as well.
These acclaimed authors bring critical thinking to many of the topics so important to the cybersecurity discussion. From setting policy as discussed by Dr. Loyce Chitambo to managing access in the cloud as put forth by Dr. Susie Schild and Dr. Robert Boggs these topics are timely and the need for scholarly treatment has never been greater.
As you read the pages ahead, we ask you to ask yourself: “What should I be doing to make a safer cyber world?” This is critically important if we’re to reap the benefits promised in this new digital age.
RT Vol XII: Chapter 1: Cybersecurity in Human Resources on Multiple Fronts
Human Resources (HR), as a strategic business component, confronts security on multiple fronts. The concept of security in HR on multiple fronts is unconventional. Using a refractive thinking approach, this includes securing data and applications using cloud technologies, hiring, learning and development, and partnering with information technology(IT) groups to ensure information security of data and applications. Organizations confront a talent shortage in their cybersecurity workforce with HR professionals who may not fully understand the complexity and breadth of information security. Additionally, employees and contractors are likely the most valuable asset and biggest threat to an organization’s line of data defense.
Cyber-attacks increase on a daily basis requiring organizational leaders to prepare people, systems, and processes to cross-functionally handle security. Otherwise, organizations can suffer high cost losses of revenue, talent, data, property, and more. This chapter examines the role of data security in implementing cloud technology for HR, talent acquisition, and security awareness training and development. With senior executive support, HR and IT can partner to provide a solid line of defense for information security.
RT Vol XII: Chapter 2: Effect of Cyber Security Risks on Business Continuity and Organizational Performance
Cyber security is a highly dynamic domain encircled by cyber criminals. Millions of computer and mobile device users, interconnected through the Internet of Things (IoT), are discovering hundreds of millions of vulnerabilities every year and users around the globe are finding new weaknesses hourly, ready for exploitation. Organizations of all sizes are falling victim to cyber attacks all over the globe. Whenever such intrusions occurred, the consequences for the victim organizations were grave ranging from fines to lawsuits to diminished reputation to ceasing operations. Evidently, many cyber criminals are able to wage relentless attacks on an organization’s information technology assets for long periods, undetected. Consequently, organizational leaders must evaluate their major cyber risks, improve their information security posture, and protect their information assets by implementing appropriate solutions that address people, processes, and technologies. This paper included examination of the various cyber security risks facing organizations in different industries and discussed the effect such risks may have on business continuity and organizational performance. Specific mitigation strategies and recommendations comprised purchasing cyber risk insurance, strengthening organizational cyber resilience, and improving preparedness with better informed human firewalls. The paper featured a special emphasis on the Universant Assess, Educate, Protect, Comply, and Respond information security framework that represents thinking beyond the box as it places the education stage ahead of the protection stage.
RT Vol XII: Chapter 3: Hiring Outsourced Cybersecurity Professionals for DoD Contracts
Cyber war is an emerging threat to the United States in the new cyber frontier. Cyberspace is relatively new, and billions of users have access to the Internet. With a low barrier to entry for potential attackers, protecting critical military and civilian assets is a top priority. The Cybersecurity Commission for the state of Virginia estimated 30,000 cybersecurity related unfilled cybersecurity positions across the state. The U.S. Department of Defense (DoD) is not immune to the problems in hiring cybersecurity professionals. The purpose of this paper is to present research about hiring cybersecurity professionals for DoD. The research explored tactics and techniques used by hiring managers in Virginia to hire cybersecurity professionals for DoD contracts. Successfully hiring cybersecurity professionals to fill contract positions is possible if the contracting organizations maintain the requirements of the contract and develop a strong recruitment process. DoD currently hires contractors to conduct parts of the cybersecurity mission, but it may serve the U.S. better if the DoD changes the focus to building a cybersecurity workforce that is tailored to the type of cybersecurity professionals they need. The current cyber workforce in the United States is weak and a new innovative hiring process may enhance the cybersecurity workforce. A different approach to cybersecurity hiring could enhance the cybersecurity capabilities of the DoD. The DoD needs to take measures, some immediate and some over time, to strengthen their ability to protect information and information systems.
RT Vol XII: Chapter 4: Using Cryptocurrencies to Fund Small Business: Managing the Cyber Security Risks
Every small business can use a good cyber security plan. The marketplace is full of professionals available to provide their cyber security services. Selecting a consulting service can be tricky. As an entrepreneur, one must have solutions to answer security questions to address technological liabilities. What is the difference between levels of cyber security services? If you are a do-it-yourselfer then one may ensure cyber security having the Internet and Google to search for low cost cyber security methods. Self-performing cyber security tasks can save a business some time and money, but is the business really protected from cyber-attacks? How does one measure the vulnerabilities of an online presence? Cyber security is a growing concern and a growing business in the digital world. Proper planning is a must-have to be effective. Cryptocurrency is gaining popularity, and soon small businesses can fund their activities using cryptocurrencies such as Bitcoin. The vulnerabilities of Bitcoin are as popular as the advantages of using digital cash. Most digital currency experts know about users that create Bitcoin can remain anonymous. This chapter analyzes existing research and shows opportunities to consult small businesses on mitigating cyber security risks if storing cryptocurrency in the future. Storing cryptocurrency is similar to storing live cash on the premises of a brick-and-mortar business. Though the currency is digital, proper preparation for securing the cryptocurrency should not be underestimated.
RT Vol XII: Chapter 5: Challenges of Setting Policy to Reduce Cyber Attacks in the Information Technology Industry
The increase in web services has enabled most companies the opportunity to communicate on the Internet. Although some research shows companies have identified policies and procedures to protect users’ privacy when individuals access the web, little research exists to describe how companies are enforcing policies, rules, and procedures that would eradicate the existence of cyber hackers. This qualitative descriptive study explored policies in place to protect proprietary and individual information when employees work remotely. The sample consisted of four information technology leaders from one of five industries, finance, health-care, automotive, technology, and airline companies; 20 information technology leaders in total, from Fortune 500 companies within a 100-mile radius from the Dallas Metroplex. The key findings of this study confirm earlier studies that (a) information technology leaders need to be held accountable to provide adequate security on the equipment used by telecommuter, and (b) leaders who grant telecommuter privileges must ensure that they assign the privileges to the appropriate individuals.
RT Vol XII Chap 6: The Healthcare Cybersecurity Challenge
Cybersecurity in healthcare is the same as cybersecurity in other industries; except when it is not. Any cybersecurity professional can describe the technologies and methods used to protect information technology service and sensitive data. However, a healthcare cybersecurity professional can also describe conditions unique to their industry, articulate threats to their business, and prioritize cybersecurity efforts. These unique conditions and threats also guide executive decisions about investment of limited resources to minimize both business risk and patient safety.
Healthcare industry professional face evolving medical technology, new regulatory requirements, and they operate in challenging economic conditions. Armed knowledge of cybersecurity drivers, professionals can make investment decisions that balance healthcare business risks and patient safety needs. Failing to make careful and thoughtful decisions may cause financial damage or worse; a security breach may result the death of a patient. Business executives and cybersecurity professionals govern cybersecurity programs. However, healthcare executives who become refractive thinkers look beyond traditional technologies and practices to integrate knowledge of the total cybersecurity landscape in innovative ways to minimize risk to their organization’s assets and the safety of the lives entrusted to their care.
RT Vol XII: Chap 7: The Cloud and Cybersecurity Threats for the Non-IT Leader
Constructed for the leader in a non-IT function, the goal of this chapter is to raise awareness of cyber risks for security, and thus, increase leaders’ value proposition in cloud migration discussions in their organizations. Celaya’s (2015) study identified that organizations lack cybersecurity awareness. Cyber threats are more commonplace than one might think; “of 520 executives surveyed from a variety of industries, 40 percent say data volumes are increasing in size and are becoming unmanageable” (Clemmons, 2008, p. 14). Cloud computing offers flexibility, scalability, reduced costs, and thus, an attractive solution to voluminous data. Hacking data from a computer or a cloud storage device is not difficult; hacking involves understanding a computer’s programing language. Today’s complex software is impossible to produce without flaws and therefore, software vulnerabilities are unavoidable (Zhang, Raghunathan, & Jha, 2014). Data threats continue to increase in various forms of malware that include viruses, keyloggers, worms, botnets, Trojans, and rootkits, which quickly evolve and make defending against hackers a substantial challenge (Zhang et al., 2014). Join us in this chapter for knowledge and empowerment to ask questions regarding cloud services.
RT Vol XII: Chap 8: The Impacts of Integrity and Ethics on Cybersecurity in Higher Education
The continually emerging world of digital technology offers many significant challenges to the world of higher education. While digital technology offers the ability of education to expand its reach beyond traditionally served on-ground communities, offering convenience comes with a price. A question considered by the authors of this article considered was whether the potential ramifications impacts on integrity and ethics within post-secondary education is worth the price to be paid for the unintended cost and consequences. Literature supports that a truth discussed was that online learning is not a fad; online learning is an educational modality that requires educators to learn to manage a new era of unethical behavior in academia. The focus of this chapter was to explore the refractive thinking of the next generation of ethical dishonesty and cybersecurity faced in this new digital age.