1. NCCU Academic Hub
  2. 學術產出
  3. College of Commerce
  4. Theses
  5. Item

學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

  • No doi shows Citation Infomation
題名 管理視角下的網路安全研究
A study of cybersecurity from the managerial perspective
作者 程宇歌
Hugueville, Maxime
貢獻者 尚孝純
Shang, Shari
程宇歌
Maxime Hugueville
關鍵詞 資訊安全
管理
風險
根因
Cybersecurity
Management
Risks
Causes
日期 2023
上傳時間 6-Jul-2023 16:34:40 (UTC+8)
摘要 This study analyses four case studies of cybersecurity incidents (Equifax, NHS, Australian National University, and Desjardins) to determine the causes of management-related cybersecurity risks in organisations. Five main causes are identified: anticipation, understanding, commitment, accuracy, and strategy. They exert their influence over the whole organisation through the leading teams and structures, and especially top managers. They are interrelated and able to trigger and influence each other. Managers should use this framework to identify the weaknesses of their organisations and prevent cybersecurity incidents. A potential sixth cause have been identified: implementation, the rationale behind cybersecurity management structures in practice. Further observation and research are required to confirm it.
參考文獻 Reference
2020 Data Breach Investigation Report. (2020). Verizon. https://www.verizon.com/business/resources/reports/2020-data-breach-investigations-report.pdf
2022 Thales Data Threat Report. (2022). Thales. https://mb.cision.com/Public/20506/3530950/b55a39d9e52a4074.pdf
Ahmetoglu, H., & Das, R. (2022). A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions. Internet of Things, 20, 100615. https://doi.org/10.1016/j.iot.2022.100615
Alahmari, A., & Duncan, B. (2020). Cybersecurity Risk Management in Small and Medium-Sized Enterprises: A Systematic Review of Recent Evidence. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 1–5. https://doi.org/10.1109/CyberSA49311.2020.9139638
Alexander, D. E. (2002). Principles of Emergency Planning and Management. Oxford University Press.
Alford, J. (2019, October 2). NHS cyber-attacks could delay life-saving care and cost millions. Imperial News. https://www.imperial.ac.uk/news/193151/nhs-cyber-attacks-could-delay-life-saving-care/
Aljaidi, M., Alsarhan, A., Samara, G., Alazaidah, R., Almatarneh, S., Khalid, M., & Al-Gumaei, Y. A. (2022). NHS WannaCry Ransomware Attack: Technical Explanation of The Vulnerability, Exploitation, and Countermeasures. 2022 International Engineering Conference on Electrical, Energy, and Artificial Intelligence (EICEEAI), 1–6.
Aljohani, T. M. (2022). Cyberattacks on Energy Infrastructures: Modern War Weapons.
Altulaihan, E., Almaiah, M. A., & Aljughaiman, A. (2022). Cybersecurity Threats, Countermeasures and Mitigation Techniques on the IoT: Future Research Directions. Electronics, 11(20). https://doi.org/10.3390/electronics11203330
Anant, V., Caso, J., & Schwarz, A. (2020). COVID-19 crisis shifts cybersecurity priorities and budgets.
Annab, R. (2021, August 12). Cybersecurity management: Academic Centre of Cyber Security Excellence, The University of Melbourne. School of Computing and Information Systems. https://cis.unimelb.edu.au/cyber-security-excellence/research/cybersecurity-management
ANU releases detailed account of data breach. (2019, October 1). ANU; The Australian National University. https://www.anu.edu.au/news/all-news/anu-releases-detailed-account-of-data-breach
Arthur, C. (2017, May 13). The ransomware attack is all about the insufficient funding of the NHS. The Observer. https://www.theguardian.com/commentisfree/2017/may/13/nhs-computer-systems-insufficient-funding
Asen, A., Bohmayr, W., Deutscher, S., González, M., & Mkrtchian, D. (2019). Are You Spending Enough on Cybersecurity?
Ashraf, M., Jiang, J. (Xuefeng), & Wang, I. Y. (2022). Are there trade-offs with mandating timely disclosure of cybersecurity incidents? Evidence from state-level data breach disclosure laws. The Journal of Finance and Data Science, 8, 202–213. https://doi.org/10.1016/j.jfds.2022.08.001
Azmi, R., Tibben, W., & Win, K. T. (2018). Review of cybersecurity frameworks: Context and shared concepts. Journal of Cyber Policy, 3(2), 258–283. https://doi.org/10.1080/23738871.2018.1520271
Ball, R. A. (1966). An Empirical Exploration of Neutralization Theory. Criminologica, 4(2), 22–32.
Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don’t make excuses! Discouraging neutralization to reduce IT policy violation. Computers & Security, 39, 145–159. https://doi.org/10.1016/j.cose.2013.05.006
Barlow, J., Warkentin, M., Ormond, D., & Dennis, A. (2018). Don’t Even Think About It! The Effects of Antineutralization, Informational, and Normative Communication on Information Security Compliance. Journal of the Association for Information Systems, 19(8). https://aisel.aisnet.org/jais/vol19/iss8/3
Berthier, T. (2015). Hacktivisme: Vers une complexification des cyberattaques. Revue Défense Nationale, 784(9), 45–48. Cairn.info. https://doi.org/10.3917/rdna.784.0045
Borys, S. (2019, October 2). Hackers gained access to ANU’s network with a single email—Here’s what we know. ABC News. https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540
Bronskill, J. (2020, December 14). Data breach at Desjardins caused by series of gaps, privacy watchdog says | Globalnews.ca. Global News. https://globalnews.ca/news/7520414/desjardins-data-breach-privacy-watchdog-probe/
Calleja, A., Tapiador, J., & Caballero, J. (2019). The MalSource Dataset: Quantifying Complexity and Code Reuse in Malware Development. IEEE Transactions on Information Forensics and Security, 14(12), 3175–3190. https://doi.org/10.1109/TIFS.2018.2885512
Canada, O. of the P. C. of. (2020, December 14). PIPEDA Findings #2020-005: Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019. https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2020/pipeda-2020-005/
Carlton, M., Levy, Y., & Ramim, M. (2019). Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills. Information & Computer Security, 27(1), 101–121. https://doi.org/10.1108/ICS-11-2016-0088
Center, E. P. I. (n.d.). EPIC - Equifax Data Breach. Retrieved May 20, 2023, from https://archive.epic.org/privacy/data-breach/equifax/
Chigada, J., & Madzinga, R. (2021). Cyberattacks and threats during COVID-19: A systematic literature review. South African Journal of Information Management, 23, 1–11.
Chinese Hackers Charged in Equifax Breach. (n.d.). [Story]. Federal Bureau of Investigation. Retrieved May 20, 2023, from https://www.fbi.gov/news/stories/chinese-hackers-charged-in-equifax-breach-021020
Coccia, M. (2020). Critical decisions in crisis management: Rational strategies of decision making. Journal of Economics Library, 7(2), 81–96.
Collier, R. (2017). NHS ransomware attack spreads worldwide. Can Med Assoc.
Comptroller and Auditor General. (2016). Financial sustainability of the NHS (No. 2016–17). National Audit Office - Department of Health.
Corallo, A., Lazoi, M., Lezzi, M., & Luperto, A. (2022). Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review. Computers in Industry, 137, 103614. https://doi.org/10.1016/j.compind.2022.103614
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13–21.
Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: A systematic review of data availability. The Geneva Papers on Risk and Insurance - Issues and Practice, 47(3), 698–736. https://doi.org/10.1057/s41288-022-00266-6
Cyber-attack on the NHS (Report of Parliamentary Session No. 2017-19 (32)). (2018). House of Commons Committee of Public Accounts.
CYBERSECURITY: CHALLENGES FROM A SYSTEMS, COMPLEXITY, KNOWLEDGE MANAGEMENT AND BUSINESS INTELLIGENCE PERSPECTIVE. (2015). Issues In Information Systems. https://doi.org/10.48009/3_iis_2015_191-198
Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach (GAO-18-559). (2018). United-States Government Accountability Office. https://www.warren.senate.gov/imo/media/doc/2018.09.06%20GAO%20Equifax%20report.pdf
Davis, J. (2020, March 12). ANU releases details of data breach. The Uni Guide. https://theuniguide.com.au/news/anu-releases-details-of-data-breach
Debb, S. M., & McClellan, M. K. (2021). Perceived Vulnerability As a Determinant of Increased Risk for Cybersecurity Risk Behavior. Cyberpsychology, Behavior, and Social Networking, 24(9), 605–611. https://doi.org/10.1089/cyber.2021.0043
Définitions: Cybernétique—Dictionnaire de français Larousse. (n.d.). Larousse. Retrieved May 20, 2023, from https://www.larousse.fr/dictionnaires/francais/cybern%C3%A9tique/21261
Desjardins says employee who stole personal data also accessed credit card info. (2019, December 10). BNN Bloomberg. https://www.bnnbloomberg.ca/desjardins-says-employee-who-stole-personal-data-also-accessed-credit-card-info-1.1360652
Desjardins settles 2019 data breach class-action lawsuit for up to nearly $201M | CBC News. (2021, December 16). CBC. https://www.cbc.ca/news/canada/montreal/desjardins-data-breach-lawsuit-settlement-1.6288428
Dionne, G. (2013). Risk Management: History, Definition, and Critique. Risk Management and Insurance Review, 16(2), 147–166. https://doi.org/10.1111/rmir.12016
Dwyer, A. (2018). The NHS cyber-attack: A look at the complex environmental conditions of WannaCry. RAD Magazine, 44(512), 25–26.
Echt, K. V., Morrell, R. W., & Park, D. C. (1998). Effects of Age and Training Formats on Basic Computer Skill Acquisition in Older Adults. Educational Gerontology, 24(1), 3–25. https://doi.org/10.1080/0360127980240101
Equifax Data Security Breach: What You Need to Know. (n.d.). Department of Financial Services. Retrieved May 20, 2023, from https://www.dfs.ny.gov/consumers/alerts/equifax_data_breach
Fruhlinger, J. (2020, February 12). Equifax data breach FAQ: What happened, who was affected, what was the impact? CSO Online. https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html
Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2020). Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management. Risk Analysis, 40(1), 183–199. https://doi.org/10.1111/risa.12891
Gebayew, C., Hardini, I. R., Panjaitan, G. H. A., Kurniawan, N. B., & Suhardi. (2018). A Systematic Literature Review on Digital Transformation. 2018 International Conference on Information Technology Systems and Innovation (ICITSI), 260–265. https://doi.org/10.1109/ICITSI.2018.8695912
Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., & Aylin, P. (2019). A retrospective impact analysis of the WannaCry cyberattack on the NHS. Npj Digital Medicine, 2(1), 98. https://doi.org/10.1038/s41746-019-0161-6
Gredley, R. (2019, October 2). China suspected of sophisticated uni hack. News.Com.Au — Australia’s Leading News Site. https://www.news.com.au/national/shocking-in-its-sophistication-how-hackers-targeted-anu-student-data/news-story/f80269d9bee79916fe9f5f48a860d2ec
Gressin, S. (2017). The equifax data breach: What to do. Federal Trade Commission, 8.
Groch, S. (2019, October 2). “Like a diamond heist”: How hackers got into Australia’s top university. The Canberra Times. https://www.canberratimes.com.au/story/6414841/like-a-diamond-heist-how-hackers-got-into-australias-top-uni/
Haggard, S., & Lindsay, J. R. (2015). North Korea and the Sony hack: Exporting instability through cyberspace.
Haislip, J., Pinsker, R., Kolev, K., & Steffen, T. (n.d.). The economic cost of cybersecurity breaches: A broad-based analysis.
Hills, M. (2017). Lessons from the NHS ransomware calamity. EDQuarter, 26.
Huang, K., & Madnick, S. (2020). A cyberattack doesn’t have to sink your stock price. Harvard Business Review.
Hubbard, D. W., & Seiersen, R. (2023). How to Measure Anything in Cybersecurity Risk. John Wiley & Sons.
IBM. (2022a). Cost of a Data Breach Report 2022. https://www.ibm.com/downloads/cas/3R8N1DZJ
IBM. (2022b, July). Global average cost of a data breach by industry 2022. Statista. https://www.statista.com/statistics/387861/cost-data-breach-by-industry/
(ICS)2. (2022). (ISC)2 Cybersecurity Workforce Study 2022. https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx
Juneja, P. (n.d.). The Equifax Data Breach Scandal. Management Study Guide. Retrieved May 20, 2023, from https://www.managementstudyguide.com/equifax-data-breach-scandal.htm
Karp, P. (2019, October 2). ANU says blaming China for massive data breach is speculative and “harmful.” The Guardian. https://www.theguardian.com/australia-news/2019/oct/02/anu-says-blaming-china-for-massive-data-breach-is-speculative-and-harmful
Kenny, C. (2018). The Equifax data breach and the resulting legal recourse. Brook. J. Corp. Fin. & Com. L., 13, 215.
Khairi, M. H., Ariffin, S. H., Latiff, N. A., Abdullah, A. S., & Hassan, M. K. (2018). A review of anomaly detection techniques and distributed denial of service (DDoS) on software defined network (SDN). Engineering, Technology & Applied Science Research, 8(2), 2724–2730.
Kiener, K. (2019, March). Cybercrime Module 5 Key Issues: Obstacles to Cybercrime Investigations. UNODC. https://www.unodc.org/e4j/zh/cybercrime/module-5/key-issues/obstacles-to-cybercrime-investigations.html
Kimathi, S. (2020, December 22). Combination of weaknesses led to massive data breach at Desjardins—FinTech Futures. FinTech Futures. https://www.fintechfutures.com/2020/12/combination-of-weaknesses-led-to-massive-data-breach-at-desjardins/
Kramer, S., & Bradfield, J. C. (2010). A general definition of malware. Journal in Computer Virology, 6(2), 105–114. https://doi.org/10.1007/s11416-009-0137-1
Layton, R., & Watters, P. A. (2014). A methodology for estimating the tangible cost of data breaches. Journal of Information Security and Applications, 19(6), 321–330.
Maalem Lahcen, R. A., Caulkins, B., Mohapatra, R., & Kumar, M. (2020). Review and insight on the behavioral aspects of cybersecurity. Cybersecurity, 3(1), 10. https://doi.org/10.1186/s42400-020-00050-w
Manager Demographics and Statistics [2023]: Number Of Managers In The US. (2021, January 29). https://www.zippia.com/manager-jobs/demographics/
Martin, L. (2019, June 4). Australian National University hit by huge data breach. The Guardian. https://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breach
Meszaros, J., & Buchalcevova, A. (2017). Introducing OSSF: A framework for online service cybersecurity risk management. Computers & Security, 65, 300–313. https://doi.org/10.1016/j.cose.2016.12.008
Nahari, S. (2019, June 21). Data Breach at Desjardins Bank Caused by Malicious Insider. https://www.cyberark.com/resources/blog/data-breach-at-desjardins-bank-caused-by-malicious-insider
National Audit Office. (2018). Investigation: WannaCry cyber attack and the NHS. https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf
National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018
NHS cyber-attack fears return as all tested trusts fail assessments. (2018, 06). https://www.nationalhealthexecutive.com/News/nhs-cyber-attack-fears-return-as-all-tested-trusts-fail-assessments/193261
O’dowd, A. (2017). Major global cyber-attack hits NHS and delays treatment. British Medical Journal Publishing Group.
Padilla, V. S., & Freire, F. F. (2019). A contingency plan framework for cyber-attacks. Journal of Information Systems Engineering & Management, 4(2), 2–7.
Petratos, P. N. (2021). Misinformation, disinformation, and fake news: Cyber risks to business. CIBER SPECIAL ISSUE: CYBERSECURITY IN CRISIS, 64(6), 763–774. https://doi.org/10.1016/j.bushor.2021.07.012
Poremba, S. (2023, January 5). The cybersecurity talent shortage: The outlook for 2023. Cybersecurity Dive. https://www.cybersecuritydive.com/news/cybersecurity-talent-gap-worker-shortage/639724/
PurpleSec. (2023). 2023 Cyber Security Statistics Trends & Data. PurpleSec. https://purplesec.us/resources/cyber-security-statistics/
Reed, K., Doty, D. H., & May, D. R. (2005). The Impact of Aging on Self-efficacy and Computer Skill Acquisition. Journal of Managerial Issues, 17(2), 212–228. JSTOR.
Riley, M., Robertson, J., & Sharpe, A. (2017, September 29). The Equifax Hack Has the Hallmarks of State-Sponsored Pros. Bloomberg. https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros
Rodrigues, J. (2022, June 21). The Desjardins Data Breach + What We Can Learn From It. TitanFile. https://www.titanfile.com/blog/the-desjardins-data-breach-what-we-can-learn-from-it/
Rothrock, R. A., Kaplan, J., & Van Der Oord, F. (2018). The Board’s Role in Managing Cybersecurity Risks. 59(2), 12–15.
Russia’s cyberattacks aim to “terrorize” Ukrainians. (2023, January 11). POLITICO. https://www.politico.com/news/2023/01/11/russias-cyberattacks-aim-to-terrorize-ukrainians-00077561
Sarraf, S. (2019, October 3). ANU details findings of data breach. CSO Online. https://www.csoonline.com/article/3572622/anu-details-findings-of-data-breach.html
Security noun—Definition, pictures, pronunciation and usage notes. (n.d.). Oxford Leaner’s Dictionnaries. Retrieved May 20, 2023, from https://www.oxfordlearnersdictionaries.com/definition/american_english/security
Siponen & Vance. (2010). Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations. MIS Quarterly, 34(3), 487. https://doi.org/10.2307/25750688
Smart, W. (2018). Lesson learned review of the WannaCry Ransomware Cyber Attack. Department of Health and Social Care.
Smith, C. (2019, June 20). Massive Desjardins Group data breach caused by employee who’s since been fired. The Georgia Straight. https://www.straight.com/news/1257561/massive-desjardins-group-data-breach-caused-employee-whos-been-fired
Solomon, H. (2020, December 14). Desjardins at fault for huge data breach, say privacy commissioners. https://www.itworldcanada.com/article/breaking-desjardins-at-fault-for-huge-data-breach-say-privacy-commissioners/439581
Sophos. (2019, November 19). UK Public Sector Information Vulnerable to Cyberattack Due To Awareness Gap Between IT Professionals. SOPHOS. https://www.sophos.com/en-us/press/press-releases/2019/11/uk-public-sector-information-vulnerable-to-cyberattack-due-to-awareness-gap-between-it-professionals
Stilgherrian. (2019, October 2). ANU incident report on massive data breach is a must-read. ZDNET. https://www.zdnet.com/article/anu-incident-report-on-massive-data-breach-a-must-read/
Swanson, M., Wohl, A., Pope, L., Grance, T., Hash, J., & Thomas, R. (2002). Contingency planning guide for information technology systems: Recommendations of the National Institute of Standards and Technology (NIST SP 800-34; 0 ed., p. NIST SP 800-34). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-34
Thangavelu, M., Krishnaswamy, V., & Sharma, M. (2021). Impact of comprehensive information security awareness and cognitive characteristics on security incident management – an empirical study. Computers & Security, 109, 102401. https://doi.org/10.1016/j.cose.2021.102401
The NHS cyber attack: How and why it happened, and who did it. (2020, February 7). Acronis. https://www.acronis.com/en-us/blog/posts/nhs-cyber-attack/
Tillet, A. (2019, October 2). ANU cyber attack began with email to senior staff member. Australian Financial Review. https://www.afr.com/politics/federal/anu-cyber-attack-began-with-email-to-senior-staff-member-20191001-p52wpv
Tomesco, F. (2019, June 20). Desjardins: Rogue employee caused data breach for 2.9 million members. Montreal Gazette. https://montrealgazette.com/business/desjardins-rogue-employee-caused-data-breach-for-2-9-million-members
Tomesco, F. (2020, December 14). Desjardins slammed by privacy commissioner for handling of data breach. Montreal Gazette. https://montrealgazette.com/business/quebec-financial-watchdog-orders-desjardins-to-overhaul-practices
University, A. N. (2019). Incident report on the breach of the Australian National University’s administrative systems (Australia, China) [Report]. Australian National University. https://apo.org.au/node/262171
Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: A case study of the Equifax data breach. Issues in Information Systems, 19(3).
Wang, S., & Wang, H. (2019). Knowledge Management for Cybersecurity in Business Organizations: A Case Study. Journal of Computer Information Systems, 0(0), 1–8. https://doi.org/10.1080/08874417.2019.1571458
Wang, Z., Sun, L., & Zhu, H. (2020). Defining Social Engineering in Cybersecurity. IEEE Access, 8, 85094–85115. https://doi.org/10.1109/ACCESS.2020.2992807
WannaCry cyber-attack cost the NHS £92m after 19,000 appointments were cancelled. (2018, October 12). National Health Executive. https://www.nationalhealthexecutive.com/articles/wannacry-cyber-attack-cost-nhs-ps92m-after-19000-appointments-were-cancelled
Williams-Banta, P. E. (2019). Security Technology and Awareness Training; Do They Affect Behaviors and Thus Reduce Breaches? [Ph.D., Northcentral University]. In ProQuest Dissertations and Theses (2236379962). ProQuest Dissertations & Theses A&I; ProQuest Dissertations & Theses Global. https://proxyone.lib.nccu.edu.tw/login?url=https://www.proquest.com/dissertations-theses/security-technology-awareness-training-do-they/docview/2236379962/se-2?accountid=10067
Wroe, M. K., David. (2019, June 4). ANU says “sophisticated operator” stole data in new cyber breach. The Sydney Morning Herald. https://www.smh.com.au/politics/federal/anu-says-sophisticated-operator-stole-data-in-cyber-breach-20190604-p51ua9.html
Young, A. L., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24–26. https://doi.org/10.1145/3097347
Yucel, S. (2018). Estimating the Benefits, Drawbacks and Risk of Digital Transformation Strategy. 2018 International Conference on Computational Science and Computational Intelligence (CSCI), 233–238. https://doi.org/10.1109/CSCI46756.2018.00051
Zou, Y., Mhaidli, A. H., McCall, A., & Schaub, F. (2018). “ I’ve Got Nothing to Lose”: Consumers’ Risk Perceptions and Protective Actions after the Equifax Data Breach. SOUPS@ USENIX Security Symposium, 197–216.
描述 碩士
國立政治大學
國際經營管理英語碩士學位學程(IMBA)
111933053
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0111933053
資料類型 thesis
dc.contributor.advisor 尚孝純zh_TW
dc.contributor.advisor Shang, Sharien_US
dc.contributor.author (Authors) 程宇歌zh_TW
dc.contributor.author (Authors) Maxime Huguevilleen_US
dc.creator (作者) 程宇歌zh_TW
dc.creator (作者) Hugueville, Maximeen_US
dc.date (日期) 2023en_US
dc.date.accessioned 6-Jul-2023 16:34:40 (UTC+8)-
dc.date.available 6-Jul-2023 16:34:40 (UTC+8)-
dc.date.issued (上傳時間) 6-Jul-2023 16:34:40 (UTC+8)-
dc.identifier (Other Identifiers) G0111933053en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/145808-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 國際經營管理英語碩士學位學程(IMBA)zh_TW
dc.description (描述) 111933053zh_TW
dc.description.abstract (摘要) This study analyses four case studies of cybersecurity incidents (Equifax, NHS, Australian National University, and Desjardins) to determine the causes of management-related cybersecurity risks in organisations. Five main causes are identified: anticipation, understanding, commitment, accuracy, and strategy. They exert their influence over the whole organisation through the leading teams and structures, and especially top managers. They are interrelated and able to trigger and influence each other. Managers should use this framework to identify the weaknesses of their organisations and prevent cybersecurity incidents. A potential sixth cause have been identified: implementation, the rationale behind cybersecurity management structures in practice. Further observation and research are required to confirm it.en_US
dc.description.tableofcontents TABLE OF CONTENTS
1. Introduction and Research Objectives 1
1.1. Research Background 1
1.2. Research Motivation 2
1.3. Research Objectives 3
2. Literature Review 5
2.1. Cybersecurity Issues and Challenges 5
2.1.1. Definition of Cybersecurity 5
2.1.2. Types of Threats 7
2.1.3. Current Challenges 13
2.1.4. Limitation of Scope 15
2.2. Cybersecurity Management 16
2.2.1. Cybersecurity Management 16
2.2.2. Protection and Risk Management 17
2.2.3. Incident Response and Crisis Management 22
2.2.4. Organisational Integration 23
2.3. Management Risks in Cybersecurity 24
2.3.1. Management Risks 24
2.3.2. Anticipation Risks 26
2.3.3. Understanding Risks 28
2.3.4. Commitment Risks 30
2.3.5. Accuracy Risks 33
2.3.6. Strategy Risks 34
3. Research Methodology 37
3.1. Research Design 37
3.2. Data Collection 38
3.2.1. Equifax 39
3.2.2. NHS 41
3.2.3. Australian National University 45
3.2.4. Desjardins 48
3.3. Data Analysis 50
4. Research Results 53
4.1. Equifax Data Breach 53
4.1.1. Case Background 53
4.1.2. Risks and Causes Identification 56
4.1.3. Primary Cause Identification 61
4.2. NHS Ransomware Attack 63
4.2.1. Case Background 63
4.2.2. Risks and Causes Identification 65
4.2.3. Primary Cause Identification 69
4.3. Australian National University Data Breach 71
4.3.1. Case Background 71
4.3.2. Risks and Causes Identification 73
4.3.3. Primary Cause Identification 76
4.4. Desjardins Data Leak 77
4.4.1. Case Background 77
4.4.2. Risks and Causes Identification 79
4.4.3. Primary Cause Identification 82
4.5. Multiple Cases Analysis 82
4.5.1. Comparative Analysis 82
4.5.2. Additional Factor Suggestion 87
5. Conclusion 90
5.1. Major Findings 90
5.2. Managerial Implications 91
5.3. Limitations and Future Research 92
Reference 95

List of Tables
Table 1: Types of cyberthreats 11
Table 2: Elements of Cybersecurity Management 21
Table 3: Management Risks Categorisation by Cause 25
Table 4: Equifax Data Sources 41
Table 5: NHS Data Sources 44
Table 6: ANU Data Sources 47
Table 7: Desjardins Data Sources 50
Table 8: Multiple-Cases Analysis 84		zh_TW
dc.format.extent 1368912 bytes-
dc.format.mimetype application/pdf-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0111933053en_US
dc.subject (關鍵詞) 資訊安全zh_TW
dc.subject (關鍵詞) 管理zh_TW
dc.subject (關鍵詞) 風險zh_TW
dc.subject (關鍵詞) 根因zh_TW
dc.subject (關鍵詞) Cybersecurityen_US
dc.subject (關鍵詞) Managementen_US
dc.subject (關鍵詞) Risksen_US
dc.subject (關鍵詞) Causesen_US
dc.title (題名) 管理視角下的網路安全研究zh_TW
dc.title (題名) A study of cybersecurity from the managerial perspectiveen_US
dc.type (資料類型) thesisen_US
dc.relation.reference (參考文獻) Reference
2020 Data Breach Investigation Report. (2020). Verizon. https://www.verizon.com/business/resources/reports/2020-data-breach-investigations-report.pdf
2022 Thales Data Threat Report. (2022). Thales. https://mb.cision.com/Public/20506/3530950/b55a39d9e52a4074.pdf
Ahmetoglu, H., & Das, R. (2022). A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions. Internet of Things, 20, 100615. https://doi.org/10.1016/j.iot.2022.100615
Alahmari, A., & Duncan, B. (2020). Cybersecurity Risk Management in Small and Medium-Sized Enterprises: A Systematic Review of Recent Evidence. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 1–5. https://doi.org/10.1109/CyberSA49311.2020.9139638
Alexander, D. E. (2002). Principles of Emergency Planning and Management. Oxford University Press.
Alford, J. (2019, October 2). NHS cyber-attacks could delay life-saving care and cost millions. Imperial News. https://www.imperial.ac.uk/news/193151/nhs-cyber-attacks-could-delay-life-saving-care/
Aljaidi, M., Alsarhan, A., Samara, G., Alazaidah, R., Almatarneh, S., Khalid, M., & Al-Gumaei, Y. A. (2022). NHS WannaCry Ransomware Attack: Technical Explanation of The Vulnerability, Exploitation, and Countermeasures. 2022 International Engineering Conference on Electrical, Energy, and Artificial Intelligence (EICEEAI), 1–6.
Aljohani, T. M. (2022). Cyberattacks on Energy Infrastructures: Modern War Weapons.
Altulaihan, E., Almaiah, M. A., & Aljughaiman, A. (2022). Cybersecurity Threats, Countermeasures and Mitigation Techniques on the IoT: Future Research Directions. Electronics, 11(20). https://doi.org/10.3390/electronics11203330
Anant, V., Caso, J., & Schwarz, A. (2020). COVID-19 crisis shifts cybersecurity priorities and budgets.
Annab, R. (2021, August 12). Cybersecurity management: Academic Centre of Cyber Security Excellence, The University of Melbourne. School of Computing and Information Systems. https://cis.unimelb.edu.au/cyber-security-excellence/research/cybersecurity-management
ANU releases detailed account of data breach. (2019, October 1). ANU; The Australian National University. https://www.anu.edu.au/news/all-news/anu-releases-detailed-account-of-data-breach
Arthur, C. (2017, May 13). The ransomware attack is all about the insufficient funding of the NHS. The Observer. https://www.theguardian.com/commentisfree/2017/may/13/nhs-computer-systems-insufficient-funding
Asen, A., Bohmayr, W., Deutscher, S., González, M., & Mkrtchian, D. (2019). Are You Spending Enough on Cybersecurity?
Ashraf, M., Jiang, J. (Xuefeng), & Wang, I. Y. (2022). Are there trade-offs with mandating timely disclosure of cybersecurity incidents? Evidence from state-level data breach disclosure laws. The Journal of Finance and Data Science, 8, 202–213. https://doi.org/10.1016/j.jfds.2022.08.001
Azmi, R., Tibben, W., & Win, K. T. (2018). Review of cybersecurity frameworks: Context and shared concepts. Journal of Cyber Policy, 3(2), 258–283. https://doi.org/10.1080/23738871.2018.1520271
Ball, R. A. (1966). An Empirical Exploration of Neutralization Theory. Criminologica, 4(2), 22–32.
Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don’t make excuses! Discouraging neutralization to reduce IT policy violation. Computers & Security, 39, 145–159. https://doi.org/10.1016/j.cose.2013.05.006
Barlow, J., Warkentin, M., Ormond, D., & Dennis, A. (2018). Don’t Even Think About It! The Effects of Antineutralization, Informational, and Normative Communication on Information Security Compliance. Journal of the Association for Information Systems, 19(8). https://aisel.aisnet.org/jais/vol19/iss8/3
Berthier, T. (2015). Hacktivisme: Vers une complexification des cyberattaques. Revue Défense Nationale, 784(9), 45–48. Cairn.info. https://doi.org/10.3917/rdna.784.0045
Borys, S. (2019, October 2). Hackers gained access to ANU’s network with a single email—Here’s what we know. ABC News. https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540
Bronskill, J. (2020, December 14). Data breach at Desjardins caused by series of gaps, privacy watchdog says | Globalnews.ca. Global News. https://globalnews.ca/news/7520414/desjardins-data-breach-privacy-watchdog-probe/
Calleja, A., Tapiador, J., & Caballero, J. (2019). The MalSource Dataset: Quantifying Complexity and Code Reuse in Malware Development. IEEE Transactions on Information Forensics and Security, 14(12), 3175–3190. https://doi.org/10.1109/TIFS.2018.2885512
Canada, O. of the P. C. of. (2020, December 14). PIPEDA Findings #2020-005: Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019. https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2020/pipeda-2020-005/
Carlton, M., Levy, Y., & Ramim, M. (2019). Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills. Information & Computer Security, 27(1), 101–121. https://doi.org/10.1108/ICS-11-2016-0088
Center, E. P. I. (n.d.). EPIC - Equifax Data Breach. Retrieved May 20, 2023, from https://archive.epic.org/privacy/data-breach/equifax/
Chigada, J., & Madzinga, R. (2021). Cyberattacks and threats during COVID-19: A systematic literature review. South African Journal of Information Management, 23, 1–11.
Chinese Hackers Charged in Equifax Breach. (n.d.). [Story]. Federal Bureau of Investigation. Retrieved May 20, 2023, from https://www.fbi.gov/news/stories/chinese-hackers-charged-in-equifax-breach-021020
Coccia, M. (2020). Critical decisions in crisis management: Rational strategies of decision making. Journal of Economics Library, 7(2), 81–96.
Collier, R. (2017). NHS ransomware attack spreads worldwide. Can Med Assoc.
Comptroller and Auditor General. (2016). Financial sustainability of the NHS (No. 2016–17). National Audit Office - Department of Health.
Corallo, A., Lazoi, M., Lezzi, M., & Luperto, A. (2022). Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review. Computers in Industry, 137, 103614. https://doi.org/10.1016/j.compind.2022.103614
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13–21.
Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: A systematic review of data availability. The Geneva Papers on Risk and Insurance - Issues and Practice, 47(3), 698–736. https://doi.org/10.1057/s41288-022-00266-6
Cyber-attack on the NHS (Report of Parliamentary Session No. 2017-19 (32)). (2018). House of Commons Committee of Public Accounts.
CYBERSECURITY: CHALLENGES FROM A SYSTEMS, COMPLEXITY, KNOWLEDGE MANAGEMENT AND BUSINESS INTELLIGENCE PERSPECTIVE. (2015). Issues In Information Systems. https://doi.org/10.48009/3_iis_2015_191-198
Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach (GAO-18-559). (2018). United-States Government Accountability Office. https://www.warren.senate.gov/imo/media/doc/2018.09.06%20GAO%20Equifax%20report.pdf
Davis, J. (2020, March 12). ANU releases details of data breach. The Uni Guide. https://theuniguide.com.au/news/anu-releases-details-of-data-breach
Debb, S. M., & McClellan, M. K. (2021). Perceived Vulnerability As a Determinant of Increased Risk for Cybersecurity Risk Behavior. Cyberpsychology, Behavior, and Social Networking, 24(9), 605–611. https://doi.org/10.1089/cyber.2021.0043
Définitions: Cybernétique—Dictionnaire de français Larousse. (n.d.). Larousse. Retrieved May 20, 2023, from https://www.larousse.fr/dictionnaires/francais/cybern%C3%A9tique/21261
Desjardins says employee who stole personal data also accessed credit card info. (2019, December 10). BNN Bloomberg. https://www.bnnbloomberg.ca/desjardins-says-employee-who-stole-personal-data-also-accessed-credit-card-info-1.1360652
Desjardins settles 2019 data breach class-action lawsuit for up to nearly $201M | CBC News. (2021, December 16). CBC. https://www.cbc.ca/news/canada/montreal/desjardins-data-breach-lawsuit-settlement-1.6288428
Dionne, G. (2013). Risk Management: History, Definition, and Critique. Risk Management and Insurance Review, 16(2), 147–166. https://doi.org/10.1111/rmir.12016
Dwyer, A. (2018). The NHS cyber-attack: A look at the complex environmental conditions of WannaCry. RAD Magazine, 44(512), 25–26.
Echt, K. V., Morrell, R. W., & Park, D. C. (1998). Effects of Age and Training Formats on Basic Computer Skill Acquisition in Older Adults. Educational Gerontology, 24(1), 3–25. https://doi.org/10.1080/0360127980240101
Equifax Data Security Breach: What You Need to Know. (n.d.). Department of Financial Services. Retrieved May 20, 2023, from https://www.dfs.ny.gov/consumers/alerts/equifax_data_breach
Fruhlinger, J. (2020, February 12). Equifax data breach FAQ: What happened, who was affected, what was the impact? CSO Online. https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html
Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2020). Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management. Risk Analysis, 40(1), 183–199. https://doi.org/10.1111/risa.12891
Gebayew, C., Hardini, I. R., Panjaitan, G. H. A., Kurniawan, N. B., & Suhardi. (2018). A Systematic Literature Review on Digital Transformation. 2018 International Conference on Information Technology Systems and Innovation (ICITSI), 260–265. https://doi.org/10.1109/ICITSI.2018.8695912
Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., & Aylin, P. (2019). A retrospective impact analysis of the WannaCry cyberattack on the NHS. Npj Digital Medicine, 2(1), 98. https://doi.org/10.1038/s41746-019-0161-6
Gredley, R. (2019, October 2). China suspected of sophisticated uni hack. News.Com.Au — Australia’s Leading News Site. https://www.news.com.au/national/shocking-in-its-sophistication-how-hackers-targeted-anu-student-data/news-story/f80269d9bee79916fe9f5f48a860d2ec
Gressin, S. (2017). The equifax data breach: What to do. Federal Trade Commission, 8.
Groch, S. (2019, October 2). “Like a diamond heist”: How hackers got into Australia’s top university. The Canberra Times. https://www.canberratimes.com.au/story/6414841/like-a-diamond-heist-how-hackers-got-into-australias-top-uni/
Haggard, S., & Lindsay, J. R. (2015). North Korea and the Sony hack: Exporting instability through cyberspace.
Haislip, J., Pinsker, R., Kolev, K., & Steffen, T. (n.d.). The economic cost of cybersecurity breaches: A broad-based analysis.
Hills, M. (2017). Lessons from the NHS ransomware calamity. EDQuarter, 26.
Huang, K., & Madnick, S. (2020). A cyberattack doesn’t have to sink your stock price. Harvard Business Review.
Hubbard, D. W., & Seiersen, R. (2023). How to Measure Anything in Cybersecurity Risk. John Wiley & Sons.
IBM. (2022a). Cost of a Data Breach Report 2022. https://www.ibm.com/downloads/cas/3R8N1DZJ
IBM. (2022b, July). Global average cost of a data breach by industry 2022. Statista. https://www.statista.com/statistics/387861/cost-data-breach-by-industry/
(ICS)2. (2022). (ISC)2 Cybersecurity Workforce Study 2022. https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx
Juneja, P. (n.d.). The Equifax Data Breach Scandal. Management Study Guide. Retrieved May 20, 2023, from https://www.managementstudyguide.com/equifax-data-breach-scandal.htm
Karp, P. (2019, October 2). ANU says blaming China for massive data breach is speculative and “harmful.” The Guardian. https://www.theguardian.com/australia-news/2019/oct/02/anu-says-blaming-china-for-massive-data-breach-is-speculative-and-harmful
Kenny, C. (2018). The Equifax data breach and the resulting legal recourse. Brook. J. Corp. Fin. & Com. L., 13, 215.
Khairi, M. H., Ariffin, S. H., Latiff, N. A., Abdullah, A. S., & Hassan, M. K. (2018). A review of anomaly detection techniques and distributed denial of service (DDoS) on software defined network (SDN). Engineering, Technology & Applied Science Research, 8(2), 2724–2730.
Kiener, K. (2019, March). Cybercrime Module 5 Key Issues: Obstacles to Cybercrime Investigations. UNODC. https://www.unodc.org/e4j/zh/cybercrime/module-5/key-issues/obstacles-to-cybercrime-investigations.html
Kimathi, S. (2020, December 22). Combination of weaknesses led to massive data breach at Desjardins—FinTech Futures. FinTech Futures. https://www.fintechfutures.com/2020/12/combination-of-weaknesses-led-to-massive-data-breach-at-desjardins/
Kramer, S., & Bradfield, J. C. (2010). A general definition of malware. Journal in Computer Virology, 6(2), 105–114. https://doi.org/10.1007/s11416-009-0137-1
Layton, R., & Watters, P. A. (2014). A methodology for estimating the tangible cost of data breaches. Journal of Information Security and Applications, 19(6), 321–330.
Maalem Lahcen, R. A., Caulkins, B., Mohapatra, R., & Kumar, M. (2020). Review and insight on the behavioral aspects of cybersecurity. Cybersecurity, 3(1), 10. https://doi.org/10.1186/s42400-020-00050-w
Manager Demographics and Statistics [2023]: Number Of Managers In The US. (2021, January 29). https://www.zippia.com/manager-jobs/demographics/
Martin, L. (2019, June 4). Australian National University hit by huge data breach. The Guardian. https://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breach
Meszaros, J., & Buchalcevova, A. (2017). Introducing OSSF: A framework for online service cybersecurity risk management. Computers & Security, 65, 300–313. https://doi.org/10.1016/j.cose.2016.12.008
Nahari, S. (2019, June 21). Data Breach at Desjardins Bank Caused by Malicious Insider. https://www.cyberark.com/resources/blog/data-breach-at-desjardins-bank-caused-by-malicious-insider
National Audit Office. (2018). Investigation: WannaCry cyber attack and the NHS. https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf
National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018
NHS cyber-attack fears return as all tested trusts fail assessments. (2018, 06). https://www.nationalhealthexecutive.com/News/nhs-cyber-attack-fears-return-as-all-tested-trusts-fail-assessments/193261
O’dowd, A. (2017). Major global cyber-attack hits NHS and delays treatment. British Medical Journal Publishing Group.
Padilla, V. S., & Freire, F. F. (2019). A contingency plan framework for cyber-attacks. Journal of Information Systems Engineering & Management, 4(2), 2–7.
Petratos, P. N. (2021). Misinformation, disinformation, and fake news: Cyber risks to business. CIBER SPECIAL ISSUE: CYBERSECURITY IN CRISIS, 64(6), 763–774. https://doi.org/10.1016/j.bushor.2021.07.012
Poremba, S. (2023, January 5). The cybersecurity talent shortage: The outlook for 2023. Cybersecurity Dive. https://www.cybersecuritydive.com/news/cybersecurity-talent-gap-worker-shortage/639724/
PurpleSec. (2023). 2023 Cyber Security Statistics Trends & Data. PurpleSec. https://purplesec.us/resources/cyber-security-statistics/
Reed, K., Doty, D. H., & May, D. R. (2005). The Impact of Aging on Self-efficacy and Computer Skill Acquisition. Journal of Managerial Issues, 17(2), 212–228. JSTOR.
Riley, M., Robertson, J., & Sharpe, A. (2017, September 29). The Equifax Hack Has the Hallmarks of State-Sponsored Pros. Bloomberg. https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros
Rodrigues, J. (2022, June 21). The Desjardins Data Breach + What We Can Learn From It. TitanFile. https://www.titanfile.com/blog/the-desjardins-data-breach-what-we-can-learn-from-it/
Rothrock, R. A., Kaplan, J., & Van Der Oord, F. (2018). The Board’s Role in Managing Cybersecurity Risks. 59(2), 12–15.
Russia’s cyberattacks aim to “terrorize” Ukrainians. (2023, January 11). POLITICO. https://www.politico.com/news/2023/01/11/russias-cyberattacks-aim-to-terrorize-ukrainians-00077561
Sarraf, S. (2019, October 3). ANU details findings of data breach. CSO Online. https://www.csoonline.com/article/3572622/anu-details-findings-of-data-breach.html
Security noun—Definition, pictures, pronunciation and usage notes. (n.d.). Oxford Leaner’s Dictionnaries. Retrieved May 20, 2023, from https://www.oxfordlearnersdictionaries.com/definition/american_english/security
Siponen & Vance. (2010). Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations. MIS Quarterly, 34(3), 487. https://doi.org/10.2307/25750688
Smart, W. (2018). Lesson learned review of the WannaCry Ransomware Cyber Attack. Department of Health and Social Care.
Smith, C. (2019, June 20). Massive Desjardins Group data breach caused by employee who’s since been fired. The Georgia Straight. https://www.straight.com/news/1257561/massive-desjardins-group-data-breach-caused-employee-whos-been-fired
Solomon, H. (2020, December 14). Desjardins at fault for huge data breach, say privacy commissioners. https://www.itworldcanada.com/article/breaking-desjardins-at-fault-for-huge-data-breach-say-privacy-commissioners/439581
Sophos. (2019, November 19). UK Public Sector Information Vulnerable to Cyberattack Due To Awareness Gap Between IT Professionals. SOPHOS. https://www.sophos.com/en-us/press/press-releases/2019/11/uk-public-sector-information-vulnerable-to-cyberattack-due-to-awareness-gap-between-it-professionals
Stilgherrian. (2019, October 2). ANU incident report on massive data breach is a must-read. ZDNET. https://www.zdnet.com/article/anu-incident-report-on-massive-data-breach-a-must-read/
Swanson, M., Wohl, A., Pope, L., Grance, T., Hash, J., & Thomas, R. (2002). Contingency planning guide for information technology systems: Recommendations of the National Institute of Standards and Technology (NIST SP 800-34; 0 ed., p. NIST SP 800-34). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-34
Thangavelu, M., Krishnaswamy, V., & Sharma, M. (2021). Impact of comprehensive information security awareness and cognitive characteristics on security incident management – an empirical study. Computers & Security, 109, 102401. https://doi.org/10.1016/j.cose.2021.102401
The NHS cyber attack: How and why it happened, and who did it. (2020, February 7). Acronis. https://www.acronis.com/en-us/blog/posts/nhs-cyber-attack/
Tillet, A. (2019, October 2). ANU cyber attack began with email to senior staff member. Australian Financial Review. https://www.afr.com/politics/federal/anu-cyber-attack-began-with-email-to-senior-staff-member-20191001-p52wpv
Tomesco, F. (2019, June 20). Desjardins: Rogue employee caused data breach for 2.9 million members. Montreal Gazette. https://montrealgazette.com/business/desjardins-rogue-employee-caused-data-breach-for-2-9-million-members
Tomesco, F. (2020, December 14). Desjardins slammed by privacy commissioner for handling of data breach. Montreal Gazette. https://montrealgazette.com/business/quebec-financial-watchdog-orders-desjardins-to-overhaul-practices
University, A. N. (2019). Incident report on the breach of the Australian National University’s administrative systems (Australia, China) [Report]. Australian National University. https://apo.org.au/node/262171
Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: A case study of the Equifax data breach. Issues in Information Systems, 19(3).
Wang, S., & Wang, H. (2019). Knowledge Management for Cybersecurity in Business Organizations: A Case Study. Journal of Computer Information Systems, 0(0), 1–8. https://doi.org/10.1080/08874417.2019.1571458
Wang, Z., Sun, L., & Zhu, H. (2020). Defining Social Engineering in Cybersecurity. IEEE Access, 8, 85094–85115. https://doi.org/10.1109/ACCESS.2020.2992807
WannaCry cyber-attack cost the NHS £92m after 19,000 appointments were cancelled. (2018, October 12). National Health Executive. https://www.nationalhealthexecutive.com/articles/wannacry-cyber-attack-cost-nhs-ps92m-after-19000-appointments-were-cancelled
Williams-Banta, P. E. (2019). Security Technology and Awareness Training; Do They Affect Behaviors and Thus Reduce Breaches? [Ph.D., Northcentral University]. In ProQuest Dissertations and Theses (2236379962). ProQuest Dissertations & Theses A&I; ProQuest Dissertations & Theses Global. https://proxyone.lib.nccu.edu.tw/login?url=https://www.proquest.com/dissertations-theses/security-technology-awareness-training-do-they/docview/2236379962/se-2?accountid=10067
Wroe, M. K., David. (2019, June 4). ANU says “sophisticated operator” stole data in new cyber breach. The Sydney Morning Herald. https://www.smh.com.au/politics/federal/anu-says-sophisticated-operator-stole-data-in-cyber-breach-20190604-p51ua9.html
Young, A. L., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24–26. https://doi.org/10.1145/3097347
Yucel, S. (2018). Estimating the Benefits, Drawbacks and Risk of Digital Transformation Strategy. 2018 International Conference on Computational Science and Computational Intelligence (CSCI), 233–238. https://doi.org/10.1109/CSCI46756.2018.00051
Zou, Y., Mhaidli, A. H., McCall, A., & Schaub, F. (2018). “ I’ve Got Nothing to Lose”: Consumers’ Risk Perceptions and Protective Actions after the Equifax Data Breach. SOUPS@ USENIX Security Symposium, 197–216.		zh_TW