學術產出-學位論文
文章檢視/開啟
書目匯出
-
題名 管理視角下的網路安全研究
A study of cybersecurity from the managerial perspective作者 程宇歌
Hugueville, Maxime貢獻者 尚孝純
Shang, Shari
程宇歌
Maxime Hugueville關鍵詞 資訊安全
管理
風險
根因
Cybersecurity
Management
Risks
Causes日期 2023 上傳時間 6-七月-2023 16:34:40 (UTC+8) 摘要 This study analyses four case studies of cybersecurity incidents (Equifax, NHS, Australian National University, and Desjardins) to determine the causes of management-related cybersecurity risks in organisations. Five main causes are identified: anticipation, understanding, commitment, accuracy, and strategy. They exert their influence over the whole organisation through the leading teams and structures, and especially top managers. They are interrelated and able to trigger and influence each other. Managers should use this framework to identify the weaknesses of their organisations and prevent cybersecurity incidents. A potential sixth cause have been identified: implementation, the rationale behind cybersecurity management structures in practice. Further observation and research are required to confirm it. 參考文獻 Reference2020 Data Breach Investigation Report. (2020). Verizon. https://www.verizon.com/business/resources/reports/2020-data-breach-investigations-report.pdf2022 Thales Data Threat Report. (2022). Thales. https://mb.cision.com/Public/20506/3530950/b55a39d9e52a4074.pdfAhmetoglu, H., & Das, R. (2022). A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions. Internet of Things, 20, 100615. https://doi.org/10.1016/j.iot.2022.100615Alahmari, A., & Duncan, B. (2020). Cybersecurity Risk Management in Small and Medium-Sized Enterprises: A Systematic Review of Recent Evidence. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 1–5. https://doi.org/10.1109/CyberSA49311.2020.9139638Alexander, D. E. (2002). Principles of Emergency Planning and Management. Oxford University Press.Alford, J. (2019, October 2). NHS cyber-attacks could delay life-saving care and cost millions. Imperial News. https://www.imperial.ac.uk/news/193151/nhs-cyber-attacks-could-delay-life-saving-care/Aljaidi, M., Alsarhan, A., Samara, G., Alazaidah, R., Almatarneh, S., Khalid, M., & Al-Gumaei, Y. A. (2022). NHS WannaCry Ransomware Attack: Technical Explanation of The Vulnerability, Exploitation, and Countermeasures. 2022 International Engineering Conference on Electrical, Energy, and Artificial Intelligence (EICEEAI), 1–6.Aljohani, T. M. (2022). Cyberattacks on Energy Infrastructures: Modern War Weapons.Altulaihan, E., Almaiah, M. A., & Aljughaiman, A. (2022). Cybersecurity Threats, Countermeasures and Mitigation Techniques on the IoT: Future Research Directions. Electronics, 11(20). https://doi.org/10.3390/electronics11203330Anant, V., Caso, J., & Schwarz, A. (2020). COVID-19 crisis shifts cybersecurity priorities and budgets.Annab, R. (2021, August 12). Cybersecurity management: Academic Centre of Cyber Security Excellence, The University of Melbourne. School of Computing and Information Systems. https://cis.unimelb.edu.au/cyber-security-excellence/research/cybersecurity-managementANU releases detailed account of data breach. (2019, October 1). ANU; The Australian National University. https://www.anu.edu.au/news/all-news/anu-releases-detailed-account-of-data-breachArthur, C. (2017, May 13). The ransomware attack is all about the insufficient funding of the NHS. The Observer. https://www.theguardian.com/commentisfree/2017/may/13/nhs-computer-systems-insufficient-fundingAsen, A., Bohmayr, W., Deutscher, S., González, M., & Mkrtchian, D. (2019). Are You Spending Enough on Cybersecurity?Ashraf, M., Jiang, J. (Xuefeng), & Wang, I. Y. (2022). Are there trade-offs with mandating timely disclosure of cybersecurity incidents? Evidence from state-level data breach disclosure laws. The Journal of Finance and Data Science, 8, 202–213. https://doi.org/10.1016/j.jfds.2022.08.001Azmi, R., Tibben, W., & Win, K. T. (2018). Review of cybersecurity frameworks: Context and shared concepts. Journal of Cyber Policy, 3(2), 258–283. https://doi.org/10.1080/23738871.2018.1520271Ball, R. A. (1966). An Empirical Exploration of Neutralization Theory. Criminologica, 4(2), 22–32.Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don’t make excuses! Discouraging neutralization to reduce IT policy violation. Computers & Security, 39, 145–159. https://doi.org/10.1016/j.cose.2013.05.006Barlow, J., Warkentin, M., Ormond, D., & Dennis, A. (2018). Don’t Even Think About It! The Effects of Antineutralization, Informational, and Normative Communication on Information Security Compliance. Journal of the Association for Information Systems, 19(8). https://aisel.aisnet.org/jais/vol19/iss8/3Berthier, T. (2015). Hacktivisme: Vers une complexification des cyberattaques. Revue Défense Nationale, 784(9), 45–48. Cairn.info. https://doi.org/10.3917/rdna.784.0045Borys, S. (2019, October 2). Hackers gained access to ANU’s network with a single email—Here’s what we know. ABC News. https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540Bronskill, J. (2020, December 14). Data breach at Desjardins caused by series of gaps, privacy watchdog says | Globalnews.ca. Global News. https://globalnews.ca/news/7520414/desjardins-data-breach-privacy-watchdog-probe/Calleja, A., Tapiador, J., & Caballero, J. (2019). The MalSource Dataset: Quantifying Complexity and Code Reuse in Malware Development. IEEE Transactions on Information Forensics and Security, 14(12), 3175–3190. https://doi.org/10.1109/TIFS.2018.2885512Canada, O. of the P. C. of. (2020, December 14). PIPEDA Findings #2020-005: Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019. https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2020/pipeda-2020-005/Carlton, M., Levy, Y., & Ramim, M. (2019). Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills. Information & Computer Security, 27(1), 101–121. https://doi.org/10.1108/ICS-11-2016-0088Center, E. P. I. (n.d.). EPIC - Equifax Data Breach. Retrieved May 20, 2023, from https://archive.epic.org/privacy/data-breach/equifax/Chigada, J., & Madzinga, R. (2021). Cyberattacks and threats during COVID-19: A systematic literature review. South African Journal of Information Management, 23, 1–11.Chinese Hackers Charged in Equifax Breach. (n.d.). [Story]. Federal Bureau of Investigation. Retrieved May 20, 2023, from https://www.fbi.gov/news/stories/chinese-hackers-charged-in-equifax-breach-021020Coccia, M. (2020). Critical decisions in crisis management: Rational strategies of decision making. Journal of Economics Library, 7(2), 81–96.Collier, R. (2017). NHS ransomware attack spreads worldwide. Can Med Assoc.Comptroller and Auditor General. (2016). Financial sustainability of the NHS (No. 2016–17). National Audit Office - Department of Health.Corallo, A., Lazoi, M., Lezzi, M., & Luperto, A. (2022). Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review. Computers in Industry, 137, 103614. https://doi.org/10.1016/j.compind.2022.103614Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13–21.Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: A systematic review of data availability. The Geneva Papers on Risk and Insurance - Issues and Practice, 47(3), 698–736. https://doi.org/10.1057/s41288-022-00266-6Cyber-attack on the NHS (Report of Parliamentary Session No. 2017-19 (32)). (2018). House of Commons Committee of Public Accounts.CYBERSECURITY: CHALLENGES FROM A SYSTEMS, COMPLEXITY, KNOWLEDGE MANAGEMENT AND BUSINESS INTELLIGENCE PERSPECTIVE. (2015). Issues In Information Systems. https://doi.org/10.48009/3_iis_2015_191-198Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach (GAO-18-559). (2018). United-States Government Accountability Office. https://www.warren.senate.gov/imo/media/doc/2018.09.06%20GAO%20Equifax%20report.pdfDavis, J. (2020, March 12). ANU releases details of data breach. The Uni Guide. https://theuniguide.com.au/news/anu-releases-details-of-data-breachDebb, S. M., & McClellan, M. K. (2021). Perceived Vulnerability As a Determinant of Increased Risk for Cybersecurity Risk Behavior. Cyberpsychology, Behavior, and Social Networking, 24(9), 605–611. https://doi.org/10.1089/cyber.2021.0043Définitions: Cybernétique—Dictionnaire de français Larousse. (n.d.). Larousse. Retrieved May 20, 2023, from https://www.larousse.fr/dictionnaires/francais/cybern%C3%A9tique/21261Desjardins says employee who stole personal data also accessed credit card info. (2019, December 10). BNN Bloomberg. https://www.bnnbloomberg.ca/desjardins-says-employee-who-stole-personal-data-also-accessed-credit-card-info-1.1360652Desjardins settles 2019 data breach class-action lawsuit for up to nearly $201M | CBC News. (2021, December 16). CBC. https://www.cbc.ca/news/canada/montreal/desjardins-data-breach-lawsuit-settlement-1.6288428Dionne, G. (2013). Risk Management: History, Definition, and Critique. Risk Management and Insurance Review, 16(2), 147–166. https://doi.org/10.1111/rmir.12016Dwyer, A. (2018). The NHS cyber-attack: A look at the complex environmental conditions of WannaCry. RAD Magazine, 44(512), 25–26.Echt, K. V., Morrell, R. W., & Park, D. C. (1998). Effects of Age and Training Formats on Basic Computer Skill Acquisition in Older Adults. Educational Gerontology, 24(1), 3–25. https://doi.org/10.1080/0360127980240101Equifax Data Security Breach: What You Need to Know. (n.d.). Department of Financial Services. Retrieved May 20, 2023, from https://www.dfs.ny.gov/consumers/alerts/equifax_data_breachFruhlinger, J. (2020, February 12). Equifax data breach FAQ: What happened, who was affected, what was the impact? CSO Online. https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.htmlGanin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2020). Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management. Risk Analysis, 40(1), 183–199. https://doi.org/10.1111/risa.12891Gebayew, C., Hardini, I. R., Panjaitan, G. H. A., Kurniawan, N. B., & Suhardi. (2018). A Systematic Literature Review on Digital Transformation. 2018 International Conference on Information Technology Systems and Innovation (ICITSI), 260–265. https://doi.org/10.1109/ICITSI.2018.8695912Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., & Aylin, P. (2019). A retrospective impact analysis of the WannaCry cyberattack on the NHS. Npj Digital Medicine, 2(1), 98. https://doi.org/10.1038/s41746-019-0161-6Gredley, R. (2019, October 2). China suspected of sophisticated uni hack. News.Com.Au — Australia’s Leading News Site. https://www.news.com.au/national/shocking-in-its-sophistication-how-hackers-targeted-anu-student-data/news-story/f80269d9bee79916fe9f5f48a860d2ecGressin, S. (2017). The equifax data breach: What to do. Federal Trade Commission, 8.Groch, S. (2019, October 2). “Like a diamond heist”: How hackers got into Australia’s top university. The Canberra Times. https://www.canberratimes.com.au/story/6414841/like-a-diamond-heist-how-hackers-got-into-australias-top-uni/Haggard, S., & Lindsay, J. R. (2015). North Korea and the Sony hack: Exporting instability through cyberspace.Haislip, J., Pinsker, R., Kolev, K., & Steffen, T. (n.d.). The economic cost of cybersecurity breaches: A broad-based analysis.Hills, M. (2017). Lessons from the NHS ransomware calamity. EDQuarter, 26.Huang, K., & Madnick, S. (2020). A cyberattack doesn’t have to sink your stock price. Harvard Business Review.Hubbard, D. W., & Seiersen, R. (2023). How to Measure Anything in Cybersecurity Risk. John Wiley & Sons.IBM. (2022a). Cost of a Data Breach Report 2022. https://www.ibm.com/downloads/cas/3R8N1DZJIBM. (2022b, July). Global average cost of a data breach by industry 2022. Statista. https://www.statista.com/statistics/387861/cost-data-breach-by-industry/(ICS)2. (2022). (ISC)2 Cybersecurity Workforce Study 2022. https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashxJuneja, P. (n.d.). The Equifax Data Breach Scandal. Management Study Guide. Retrieved May 20, 2023, from https://www.managementstudyguide.com/equifax-data-breach-scandal.htmKarp, P. (2019, October 2). ANU says blaming China for massive data breach is speculative and “harmful.” The Guardian. https://www.theguardian.com/australia-news/2019/oct/02/anu-says-blaming-china-for-massive-data-breach-is-speculative-and-harmfulKenny, C. (2018). The Equifax data breach and the resulting legal recourse. Brook. J. Corp. Fin. & Com. L., 13, 215.Khairi, M. H., Ariffin, S. H., Latiff, N. A., Abdullah, A. S., & Hassan, M. K. (2018). A review of anomaly detection techniques and distributed denial of service (DDoS) on software defined network (SDN). Engineering, Technology & Applied Science Research, 8(2), 2724–2730.Kiener, K. (2019, March). Cybercrime Module 5 Key Issues: Obstacles to Cybercrime Investigations. UNODC. https://www.unodc.org/e4j/zh/cybercrime/module-5/key-issues/obstacles-to-cybercrime-investigations.htmlKimathi, S. (2020, December 22). Combination of weaknesses led to massive data breach at Desjardins—FinTech Futures. FinTech Futures. https://www.fintechfutures.com/2020/12/combination-of-weaknesses-led-to-massive-data-breach-at-desjardins/Kramer, S., & Bradfield, J. C. (2010). A general definition of malware. Journal in Computer Virology, 6(2), 105–114. https://doi.org/10.1007/s11416-009-0137-1Layton, R., & Watters, P. A. (2014). A methodology for estimating the tangible cost of data breaches. Journal of Information Security and Applications, 19(6), 321–330.Maalem Lahcen, R. A., Caulkins, B., Mohapatra, R., & Kumar, M. (2020). Review and insight on the behavioral aspects of cybersecurity. Cybersecurity, 3(1), 10. https://doi.org/10.1186/s42400-020-00050-wManager Demographics and Statistics [2023]: Number Of Managers In The US. (2021, January 29). https://www.zippia.com/manager-jobs/demographics/Martin, L. (2019, June 4). Australian National University hit by huge data breach. The Guardian. https://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breachMeszaros, J., & Buchalcevova, A. (2017). Introducing OSSF: A framework for online service cybersecurity risk management. Computers & Security, 65, 300–313. https://doi.org/10.1016/j.cose.2016.12.008Nahari, S. (2019, June 21). Data Breach at Desjardins Bank Caused by Malicious Insider. https://www.cyberark.com/resources/blog/data-breach-at-desjardins-bank-caused-by-malicious-insiderNational Audit Office. (2018). Investigation: WannaCry cyber attack and the NHS. https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdfNational Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018NHS cyber-attack fears return as all tested trusts fail assessments. (2018, 06). https://www.nationalhealthexecutive.com/News/nhs-cyber-attack-fears-return-as-all-tested-trusts-fail-assessments/193261O’dowd, A. (2017). Major global cyber-attack hits NHS and delays treatment. British Medical Journal Publishing Group.Padilla, V. S., & Freire, F. F. (2019). A contingency plan framework for cyber-attacks. Journal of Information Systems Engineering & Management, 4(2), 2–7.Petratos, P. N. (2021). Misinformation, disinformation, and fake news: Cyber risks to business. CIBER SPECIAL ISSUE: CYBERSECURITY IN CRISIS, 64(6), 763–774. https://doi.org/10.1016/j.bushor.2021.07.012Poremba, S. (2023, January 5). The cybersecurity talent shortage: The outlook for 2023. Cybersecurity Dive. https://www.cybersecuritydive.com/news/cybersecurity-talent-gap-worker-shortage/639724/PurpleSec. (2023). 2023 Cyber Security Statistics Trends & Data. PurpleSec. https://purplesec.us/resources/cyber-security-statistics/Reed, K., Doty, D. H., & May, D. R. (2005). The Impact of Aging on Self-efficacy and Computer Skill Acquisition. Journal of Managerial Issues, 17(2), 212–228. JSTOR.Riley, M., Robertson, J., & Sharpe, A. (2017, September 29). The Equifax Hack Has the Hallmarks of State-Sponsored Pros. Bloomberg. https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-prosRodrigues, J. (2022, June 21). The Desjardins Data Breach + What We Can Learn From It. TitanFile. https://www.titanfile.com/blog/the-desjardins-data-breach-what-we-can-learn-from-it/Rothrock, R. A., Kaplan, J., & Van Der Oord, F. (2018). The Board’s Role in Managing Cybersecurity Risks. 59(2), 12–15.Russia’s cyberattacks aim to “terrorize” Ukrainians. (2023, January 11). POLITICO. https://www.politico.com/news/2023/01/11/russias-cyberattacks-aim-to-terrorize-ukrainians-00077561Sarraf, S. (2019, October 3). ANU details findings of data breach. CSO Online. https://www.csoonline.com/article/3572622/anu-details-findings-of-data-breach.htmlSecurity noun—Definition, pictures, pronunciation and usage notes. (n.d.). Oxford Leaner’s Dictionnaries. Retrieved May 20, 2023, from https://www.oxfordlearnersdictionaries.com/definition/american_english/securitySiponen & Vance. (2010). Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations. MIS Quarterly, 34(3), 487. https://doi.org/10.2307/25750688Smart, W. (2018). Lesson learned review of the WannaCry Ransomware Cyber Attack. Department of Health and Social Care.Smith, C. (2019, June 20). Massive Desjardins Group data breach caused by employee who’s since been fired. The Georgia Straight. https://www.straight.com/news/1257561/massive-desjardins-group-data-breach-caused-employee-whos-been-firedSolomon, H. (2020, December 14). Desjardins at fault for huge data breach, say privacy commissioners. https://www.itworldcanada.com/article/breaking-desjardins-at-fault-for-huge-data-breach-say-privacy-commissioners/439581Sophos. (2019, November 19). UK Public Sector Information Vulnerable to Cyberattack Due To Awareness Gap Between IT Professionals. SOPHOS. https://www.sophos.com/en-us/press/press-releases/2019/11/uk-public-sector-information-vulnerable-to-cyberattack-due-to-awareness-gap-between-it-professionalsStilgherrian. (2019, October 2). ANU incident report on massive data breach is a must-read. ZDNET. https://www.zdnet.com/article/anu-incident-report-on-massive-data-breach-a-must-read/Swanson, M., Wohl, A., Pope, L., Grance, T., Hash, J., & Thomas, R. (2002). Contingency planning guide for information technology systems: Recommendations of the National Institute of Standards and Technology (NIST SP 800-34; 0 ed., p. NIST SP 800-34). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-34Thangavelu, M., Krishnaswamy, V., & Sharma, M. (2021). Impact of comprehensive information security awareness and cognitive characteristics on security incident management – an empirical study. Computers & Security, 109, 102401. https://doi.org/10.1016/j.cose.2021.102401The NHS cyber attack: How and why it happened, and who did it. (2020, February 7). Acronis. https://www.acronis.com/en-us/blog/posts/nhs-cyber-attack/Tillet, A. (2019, October 2). ANU cyber attack began with email to senior staff member. Australian Financial Review. https://www.afr.com/politics/federal/anu-cyber-attack-began-with-email-to-senior-staff-member-20191001-p52wpvTomesco, F. (2019, June 20). Desjardins: Rogue employee caused data breach for 2.9 million members. Montreal Gazette. https://montrealgazette.com/business/desjardins-rogue-employee-caused-data-breach-for-2-9-million-membersTomesco, F. (2020, December 14). Desjardins slammed by privacy commissioner for handling of data breach. Montreal Gazette. https://montrealgazette.com/business/quebec-financial-watchdog-orders-desjardins-to-overhaul-practicesUniversity, A. N. (2019). Incident report on the breach of the Australian National University’s administrative systems (Australia, China) [Report]. Australian National University. https://apo.org.au/node/262171Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: A case study of the Equifax data breach. Issues in Information Systems, 19(3).Wang, S., & Wang, H. (2019). Knowledge Management for Cybersecurity in Business Organizations: A Case Study. Journal of Computer Information Systems, 0(0), 1–8. https://doi.org/10.1080/08874417.2019.1571458Wang, Z., Sun, L., & Zhu, H. (2020). Defining Social Engineering in Cybersecurity. IEEE Access, 8, 85094–85115. https://doi.org/10.1109/ACCESS.2020.2992807WannaCry cyber-attack cost the NHS £92m after 19,000 appointments were cancelled. (2018, October 12). National Health Executive. https://www.nationalhealthexecutive.com/articles/wannacry-cyber-attack-cost-nhs-ps92m-after-19000-appointments-were-cancelledWilliams-Banta, P. E. (2019). Security Technology and Awareness Training; Do They Affect Behaviors and Thus Reduce Breaches? [Ph.D., Northcentral University]. In ProQuest Dissertations and Theses (2236379962). ProQuest Dissertations & Theses A&I; ProQuest Dissertations & Theses Global. https://proxyone.lib.nccu.edu.tw/login?url=https://www.proquest.com/dissertations-theses/security-technology-awareness-training-do-they/docview/2236379962/se-2?accountid=10067Wroe, M. K., David. (2019, June 4). ANU says “sophisticated operator” stole data in new cyber breach. The Sydney Morning Herald. https://www.smh.com.au/politics/federal/anu-says-sophisticated-operator-stole-data-in-cyber-breach-20190604-p51ua9.htmlYoung, A. L., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24–26. https://doi.org/10.1145/3097347Yucel, S. (2018). Estimating the Benefits, Drawbacks and Risk of Digital Transformation Strategy. 2018 International Conference on Computational Science and Computational Intelligence (CSCI), 233–238. https://doi.org/10.1109/CSCI46756.2018.00051Zou, Y., Mhaidli, A. H., McCall, A., & Schaub, F. (2018). “ I’ve Got Nothing to Lose”: Consumers’ Risk Perceptions and Protective Actions after the Equifax Data Breach. SOUPS@ USENIX Security Symposium, 197–216. 描述 碩士
國立政治大學
國際經營管理英語碩士學位學程(IMBA)
111933053資料來源 http://thesis.lib.nccu.edu.tw/record/#G0111933053 資料類型 thesis dc.contributor.advisor 尚孝純 zh_TW dc.contributor.advisor Shang, Shari en_US dc.contributor.author (作者) 程宇歌 zh_TW dc.contributor.author (作者) Maxime Hugueville en_US dc.creator (作者) 程宇歌 zh_TW dc.creator (作者) Hugueville, Maxime en_US dc.date (日期) 2023 en_US dc.date.accessioned 6-七月-2023 16:34:40 (UTC+8) - dc.date.available 6-七月-2023 16:34:40 (UTC+8) - dc.date.issued (上傳時間) 6-七月-2023 16:34:40 (UTC+8) - dc.identifier (其他 識別碼) G0111933053 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/145808 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 國際經營管理英語碩士學位學程(IMBA) zh_TW dc.description (描述) 111933053 zh_TW dc.description.abstract (摘要) This study analyses four case studies of cybersecurity incidents (Equifax, NHS, Australian National University, and Desjardins) to determine the causes of management-related cybersecurity risks in organisations. Five main causes are identified: anticipation, understanding, commitment, accuracy, and strategy. They exert their influence over the whole organisation through the leading teams and structures, and especially top managers. They are interrelated and able to trigger and influence each other. Managers should use this framework to identify the weaknesses of their organisations and prevent cybersecurity incidents. A potential sixth cause have been identified: implementation, the rationale behind cybersecurity management structures in practice. Further observation and research are required to confirm it. en_US dc.description.tableofcontents TABLE OF CONTENTS1. Introduction and Research Objectives 11.1. Research Background 11.2. Research Motivation 21.3. Research Objectives 32. Literature Review 52.1. Cybersecurity Issues and Challenges 52.1.1. Definition of Cybersecurity 52.1.2. Types of Threats 72.1.3. Current Challenges 132.1.4. Limitation of Scope 152.2. Cybersecurity Management 162.2.1. Cybersecurity Management 162.2.2. Protection and Risk Management 172.2.3. Incident Response and Crisis Management 222.2.4. Organisational Integration 232.3. Management Risks in Cybersecurity 242.3.1. Management Risks 242.3.2. Anticipation Risks 262.3.3. Understanding Risks 282.3.4. Commitment Risks 302.3.5. Accuracy Risks 332.3.6. Strategy Risks 343. Research Methodology 373.1. Research Design 373.2. Data Collection 383.2.1. Equifax 393.2.2. NHS 413.2.3. Australian National University 453.2.4. Desjardins 483.3. Data Analysis 504. Research Results 534.1. Equifax Data Breach 534.1.1. Case Background 534.1.2. Risks and Causes Identification 564.1.3. Primary Cause Identification 614.2. NHS Ransomware Attack 634.2.1. Case Background 634.2.2. Risks and Causes Identification 654.2.3. Primary Cause Identification 694.3. Australian National University Data Breach 714.3.1. Case Background 714.3.2. Risks and Causes Identification 734.3.3. Primary Cause Identification 764.4. Desjardins Data Leak 774.4.1. Case Background 774.4.2. Risks and Causes Identification 794.4.3. Primary Cause Identification 824.5. Multiple Cases Analysis 824.5.1. Comparative Analysis 824.5.2. Additional Factor Suggestion 875. Conclusion 905.1. Major Findings 905.2. Managerial Implications 915.3. Limitations and Future Research 92Reference 95 List of TablesTable 1: Types of cyberthreats 11Table 2: Elements of Cybersecurity Management 21Table 3: Management Risks Categorisation by Cause 25Table 4: Equifax Data Sources 41Table 5: NHS Data Sources 44Table 6: ANU Data Sources 47Table 7: Desjardins Data Sources 50Table 8: Multiple-Cases Analysis 84 zh_TW dc.format.extent 1368912 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0111933053 en_US dc.subject (關鍵詞) 資訊安全 zh_TW dc.subject (關鍵詞) 管理 zh_TW dc.subject (關鍵詞) 風險 zh_TW dc.subject (關鍵詞) 根因 zh_TW dc.subject (關鍵詞) Cybersecurity en_US dc.subject (關鍵詞) Management en_US dc.subject (關鍵詞) Risks en_US dc.subject (關鍵詞) Causes en_US dc.title (題名) 管理視角下的網路安全研究 zh_TW dc.title (題名) A study of cybersecurity from the managerial perspective en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) Reference2020 Data Breach Investigation Report. (2020). Verizon. https://www.verizon.com/business/resources/reports/2020-data-breach-investigations-report.pdf2022 Thales Data Threat Report. (2022). Thales. https://mb.cision.com/Public/20506/3530950/b55a39d9e52a4074.pdfAhmetoglu, H., & Das, R. (2022). A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions. Internet of Things, 20, 100615. https://doi.org/10.1016/j.iot.2022.100615Alahmari, A., & Duncan, B. (2020). Cybersecurity Risk Management in Small and Medium-Sized Enterprises: A Systematic Review of Recent Evidence. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 1–5. https://doi.org/10.1109/CyberSA49311.2020.9139638Alexander, D. E. (2002). Principles of Emergency Planning and Management. Oxford University Press.Alford, J. (2019, October 2). NHS cyber-attacks could delay life-saving care and cost millions. Imperial News. https://www.imperial.ac.uk/news/193151/nhs-cyber-attacks-could-delay-life-saving-care/Aljaidi, M., Alsarhan, A., Samara, G., Alazaidah, R., Almatarneh, S., Khalid, M., & Al-Gumaei, Y. A. (2022). NHS WannaCry Ransomware Attack: Technical Explanation of The Vulnerability, Exploitation, and Countermeasures. 2022 International Engineering Conference on Electrical, Energy, and Artificial Intelligence (EICEEAI), 1–6.Aljohani, T. M. (2022). Cyberattacks on Energy Infrastructures: Modern War Weapons.Altulaihan, E., Almaiah, M. A., & Aljughaiman, A. (2022). Cybersecurity Threats, Countermeasures and Mitigation Techniques on the IoT: Future Research Directions. Electronics, 11(20). https://doi.org/10.3390/electronics11203330Anant, V., Caso, J., & Schwarz, A. (2020). COVID-19 crisis shifts cybersecurity priorities and budgets.Annab, R. (2021, August 12). Cybersecurity management: Academic Centre of Cyber Security Excellence, The University of Melbourne. School of Computing and Information Systems. https://cis.unimelb.edu.au/cyber-security-excellence/research/cybersecurity-managementANU releases detailed account of data breach. (2019, October 1). ANU; The Australian National University. https://www.anu.edu.au/news/all-news/anu-releases-detailed-account-of-data-breachArthur, C. (2017, May 13). The ransomware attack is all about the insufficient funding of the NHS. The Observer. https://www.theguardian.com/commentisfree/2017/may/13/nhs-computer-systems-insufficient-fundingAsen, A., Bohmayr, W., Deutscher, S., González, M., & Mkrtchian, D. (2019). Are You Spending Enough on Cybersecurity?Ashraf, M., Jiang, J. (Xuefeng), & Wang, I. Y. (2022). Are there trade-offs with mandating timely disclosure of cybersecurity incidents? Evidence from state-level data breach disclosure laws. The Journal of Finance and Data Science, 8, 202–213. https://doi.org/10.1016/j.jfds.2022.08.001Azmi, R., Tibben, W., & Win, K. T. (2018). Review of cybersecurity frameworks: Context and shared concepts. Journal of Cyber Policy, 3(2), 258–283. https://doi.org/10.1080/23738871.2018.1520271Ball, R. A. (1966). An Empirical Exploration of Neutralization Theory. Criminologica, 4(2), 22–32.Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don’t make excuses! Discouraging neutralization to reduce IT policy violation. Computers & Security, 39, 145–159. https://doi.org/10.1016/j.cose.2013.05.006Barlow, J., Warkentin, M., Ormond, D., & Dennis, A. (2018). Don’t Even Think About It! The Effects of Antineutralization, Informational, and Normative Communication on Information Security Compliance. Journal of the Association for Information Systems, 19(8). https://aisel.aisnet.org/jais/vol19/iss8/3Berthier, T. (2015). Hacktivisme: Vers une complexification des cyberattaques. Revue Défense Nationale, 784(9), 45–48. Cairn.info. https://doi.org/10.3917/rdna.784.0045Borys, S. (2019, October 2). Hackers gained access to ANU’s network with a single email—Here’s what we know. ABC News. https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540Bronskill, J. (2020, December 14). Data breach at Desjardins caused by series of gaps, privacy watchdog says | Globalnews.ca. Global News. https://globalnews.ca/news/7520414/desjardins-data-breach-privacy-watchdog-probe/Calleja, A., Tapiador, J., & Caballero, J. (2019). The MalSource Dataset: Quantifying Complexity and Code Reuse in Malware Development. IEEE Transactions on Information Forensics and Security, 14(12), 3175–3190. https://doi.org/10.1109/TIFS.2018.2885512Canada, O. of the P. C. of. (2020, December 14). PIPEDA Findings #2020-005: Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019. https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2020/pipeda-2020-005/Carlton, M., Levy, Y., & Ramim, M. (2019). Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills. Information & Computer Security, 27(1), 101–121. https://doi.org/10.1108/ICS-11-2016-0088Center, E. P. I. (n.d.). EPIC - Equifax Data Breach. Retrieved May 20, 2023, from https://archive.epic.org/privacy/data-breach/equifax/Chigada, J., & Madzinga, R. (2021). Cyberattacks and threats during COVID-19: A systematic literature review. South African Journal of Information Management, 23, 1–11.Chinese Hackers Charged in Equifax Breach. (n.d.). [Story]. Federal Bureau of Investigation. Retrieved May 20, 2023, from https://www.fbi.gov/news/stories/chinese-hackers-charged-in-equifax-breach-021020Coccia, M. (2020). Critical decisions in crisis management: Rational strategies of decision making. Journal of Economics Library, 7(2), 81–96.Collier, R. (2017). NHS ransomware attack spreads worldwide. Can Med Assoc.Comptroller and Auditor General. (2016). Financial sustainability of the NHS (No. 2016–17). National Audit Office - Department of Health.Corallo, A., Lazoi, M., Lezzi, M., & Luperto, A. (2022). Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review. Computers in Industry, 137, 103614. https://doi.org/10.1016/j.compind.2022.103614Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13–21.Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: A systematic review of data availability. The Geneva Papers on Risk and Insurance - Issues and Practice, 47(3), 698–736. https://doi.org/10.1057/s41288-022-00266-6Cyber-attack on the NHS (Report of Parliamentary Session No. 2017-19 (32)). (2018). House of Commons Committee of Public Accounts.CYBERSECURITY: CHALLENGES FROM A SYSTEMS, COMPLEXITY, KNOWLEDGE MANAGEMENT AND BUSINESS INTELLIGENCE PERSPECTIVE. (2015). Issues In Information Systems. https://doi.org/10.48009/3_iis_2015_191-198Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach (GAO-18-559). (2018). United-States Government Accountability Office. https://www.warren.senate.gov/imo/media/doc/2018.09.06%20GAO%20Equifax%20report.pdfDavis, J. (2020, March 12). ANU releases details of data breach. The Uni Guide. https://theuniguide.com.au/news/anu-releases-details-of-data-breachDebb, S. M., & McClellan, M. K. (2021). Perceived Vulnerability As a Determinant of Increased Risk for Cybersecurity Risk Behavior. Cyberpsychology, Behavior, and Social Networking, 24(9), 605–611. https://doi.org/10.1089/cyber.2021.0043Définitions: Cybernétique—Dictionnaire de français Larousse. (n.d.). Larousse. Retrieved May 20, 2023, from https://www.larousse.fr/dictionnaires/francais/cybern%C3%A9tique/21261Desjardins says employee who stole personal data also accessed credit card info. (2019, December 10). BNN Bloomberg. https://www.bnnbloomberg.ca/desjardins-says-employee-who-stole-personal-data-also-accessed-credit-card-info-1.1360652Desjardins settles 2019 data breach class-action lawsuit for up to nearly $201M | CBC News. (2021, December 16). CBC. https://www.cbc.ca/news/canada/montreal/desjardins-data-breach-lawsuit-settlement-1.6288428Dionne, G. (2013). Risk Management: History, Definition, and Critique. Risk Management and Insurance Review, 16(2), 147–166. https://doi.org/10.1111/rmir.12016Dwyer, A. (2018). The NHS cyber-attack: A look at the complex environmental conditions of WannaCry. RAD Magazine, 44(512), 25–26.Echt, K. V., Morrell, R. W., & Park, D. C. (1998). Effects of Age and Training Formats on Basic Computer Skill Acquisition in Older Adults. Educational Gerontology, 24(1), 3–25. https://doi.org/10.1080/0360127980240101Equifax Data Security Breach: What You Need to Know. (n.d.). Department of Financial Services. Retrieved May 20, 2023, from https://www.dfs.ny.gov/consumers/alerts/equifax_data_breachFruhlinger, J. (2020, February 12). Equifax data breach FAQ: What happened, who was affected, what was the impact? CSO Online. https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.htmlGanin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2020). Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management. Risk Analysis, 40(1), 183–199. https://doi.org/10.1111/risa.12891Gebayew, C., Hardini, I. R., Panjaitan, G. H. A., Kurniawan, N. B., & Suhardi. (2018). A Systematic Literature Review on Digital Transformation. 2018 International Conference on Information Technology Systems and Innovation (ICITSI), 260–265. https://doi.org/10.1109/ICITSI.2018.8695912Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., & Aylin, P. (2019). A retrospective impact analysis of the WannaCry cyberattack on the NHS. Npj Digital Medicine, 2(1), 98. https://doi.org/10.1038/s41746-019-0161-6Gredley, R. (2019, October 2). China suspected of sophisticated uni hack. News.Com.Au — Australia’s Leading News Site. https://www.news.com.au/national/shocking-in-its-sophistication-how-hackers-targeted-anu-student-data/news-story/f80269d9bee79916fe9f5f48a860d2ecGressin, S. (2017). The equifax data breach: What to do. Federal Trade Commission, 8.Groch, S. (2019, October 2). “Like a diamond heist”: How hackers got into Australia’s top university. The Canberra Times. https://www.canberratimes.com.au/story/6414841/like-a-diamond-heist-how-hackers-got-into-australias-top-uni/Haggard, S., & Lindsay, J. R. (2015). North Korea and the Sony hack: Exporting instability through cyberspace.Haislip, J., Pinsker, R., Kolev, K., & Steffen, T. (n.d.). The economic cost of cybersecurity breaches: A broad-based analysis.Hills, M. (2017). Lessons from the NHS ransomware calamity. EDQuarter, 26.Huang, K., & Madnick, S. (2020). A cyberattack doesn’t have to sink your stock price. Harvard Business Review.Hubbard, D. W., & Seiersen, R. (2023). How to Measure Anything in Cybersecurity Risk. John Wiley & Sons.IBM. (2022a). Cost of a Data Breach Report 2022. https://www.ibm.com/downloads/cas/3R8N1DZJIBM. (2022b, July). Global average cost of a data breach by industry 2022. Statista. https://www.statista.com/statistics/387861/cost-data-breach-by-industry/(ICS)2. (2022). (ISC)2 Cybersecurity Workforce Study 2022. https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashxJuneja, P. (n.d.). The Equifax Data Breach Scandal. Management Study Guide. Retrieved May 20, 2023, from https://www.managementstudyguide.com/equifax-data-breach-scandal.htmKarp, P. (2019, October 2). ANU says blaming China for massive data breach is speculative and “harmful.” The Guardian. https://www.theguardian.com/australia-news/2019/oct/02/anu-says-blaming-china-for-massive-data-breach-is-speculative-and-harmfulKenny, C. (2018). The Equifax data breach and the resulting legal recourse. Brook. J. Corp. Fin. & Com. L., 13, 215.Khairi, M. H., Ariffin, S. H., Latiff, N. A., Abdullah, A. S., & Hassan, M. K. (2018). A review of anomaly detection techniques and distributed denial of service (DDoS) on software defined network (SDN). Engineering, Technology & Applied Science Research, 8(2), 2724–2730.Kiener, K. (2019, March). Cybercrime Module 5 Key Issues: Obstacles to Cybercrime Investigations. UNODC. https://www.unodc.org/e4j/zh/cybercrime/module-5/key-issues/obstacles-to-cybercrime-investigations.htmlKimathi, S. (2020, December 22). Combination of weaknesses led to massive data breach at Desjardins—FinTech Futures. FinTech Futures. https://www.fintechfutures.com/2020/12/combination-of-weaknesses-led-to-massive-data-breach-at-desjardins/Kramer, S., & Bradfield, J. C. (2010). A general definition of malware. Journal in Computer Virology, 6(2), 105–114. https://doi.org/10.1007/s11416-009-0137-1Layton, R., & Watters, P. A. (2014). A methodology for estimating the tangible cost of data breaches. Journal of Information Security and Applications, 19(6), 321–330.Maalem Lahcen, R. A., Caulkins, B., Mohapatra, R., & Kumar, M. (2020). Review and insight on the behavioral aspects of cybersecurity. Cybersecurity, 3(1), 10. https://doi.org/10.1186/s42400-020-00050-wManager Demographics and Statistics [2023]: Number Of Managers In The US. (2021, January 29). https://www.zippia.com/manager-jobs/demographics/Martin, L. (2019, June 4). Australian National University hit by huge data breach. The Guardian. https://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breachMeszaros, J., & Buchalcevova, A. (2017). Introducing OSSF: A framework for online service cybersecurity risk management. Computers & Security, 65, 300–313. https://doi.org/10.1016/j.cose.2016.12.008Nahari, S. (2019, June 21). Data Breach at Desjardins Bank Caused by Malicious Insider. https://www.cyberark.com/resources/blog/data-breach-at-desjardins-bank-caused-by-malicious-insiderNational Audit Office. (2018). Investigation: WannaCry cyber attack and the NHS. https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdfNational Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018NHS cyber-attack fears return as all tested trusts fail assessments. (2018, 06). https://www.nationalhealthexecutive.com/News/nhs-cyber-attack-fears-return-as-all-tested-trusts-fail-assessments/193261O’dowd, A. (2017). Major global cyber-attack hits NHS and delays treatment. British Medical Journal Publishing Group.Padilla, V. S., & Freire, F. F. (2019). A contingency plan framework for cyber-attacks. Journal of Information Systems Engineering & Management, 4(2), 2–7.Petratos, P. N. (2021). Misinformation, disinformation, and fake news: Cyber risks to business. CIBER SPECIAL ISSUE: CYBERSECURITY IN CRISIS, 64(6), 763–774. https://doi.org/10.1016/j.bushor.2021.07.012Poremba, S. (2023, January 5). The cybersecurity talent shortage: The outlook for 2023. Cybersecurity Dive. https://www.cybersecuritydive.com/news/cybersecurity-talent-gap-worker-shortage/639724/PurpleSec. (2023). 2023 Cyber Security Statistics Trends & Data. PurpleSec. https://purplesec.us/resources/cyber-security-statistics/Reed, K., Doty, D. H., & May, D. R. (2005). The Impact of Aging on Self-efficacy and Computer Skill Acquisition. Journal of Managerial Issues, 17(2), 212–228. JSTOR.Riley, M., Robertson, J., & Sharpe, A. (2017, September 29). The Equifax Hack Has the Hallmarks of State-Sponsored Pros. Bloomberg. https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-prosRodrigues, J. (2022, June 21). The Desjardins Data Breach + What We Can Learn From It. TitanFile. https://www.titanfile.com/blog/the-desjardins-data-breach-what-we-can-learn-from-it/Rothrock, R. A., Kaplan, J., & Van Der Oord, F. (2018). The Board’s Role in Managing Cybersecurity Risks. 59(2), 12–15.Russia’s cyberattacks aim to “terrorize” Ukrainians. (2023, January 11). POLITICO. https://www.politico.com/news/2023/01/11/russias-cyberattacks-aim-to-terrorize-ukrainians-00077561Sarraf, S. (2019, October 3). ANU details findings of data breach. CSO Online. https://www.csoonline.com/article/3572622/anu-details-findings-of-data-breach.htmlSecurity noun—Definition, pictures, pronunciation and usage notes. (n.d.). Oxford Leaner’s Dictionnaries. Retrieved May 20, 2023, from https://www.oxfordlearnersdictionaries.com/definition/american_english/securitySiponen & Vance. (2010). Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations. MIS Quarterly, 34(3), 487. https://doi.org/10.2307/25750688Smart, W. (2018). Lesson learned review of the WannaCry Ransomware Cyber Attack. Department of Health and Social Care.Smith, C. (2019, June 20). Massive Desjardins Group data breach caused by employee who’s since been fired. The Georgia Straight. https://www.straight.com/news/1257561/massive-desjardins-group-data-breach-caused-employee-whos-been-firedSolomon, H. (2020, December 14). Desjardins at fault for huge data breach, say privacy commissioners. https://www.itworldcanada.com/article/breaking-desjardins-at-fault-for-huge-data-breach-say-privacy-commissioners/439581Sophos. (2019, November 19). UK Public Sector Information Vulnerable to Cyberattack Due To Awareness Gap Between IT Professionals. SOPHOS. https://www.sophos.com/en-us/press/press-releases/2019/11/uk-public-sector-information-vulnerable-to-cyberattack-due-to-awareness-gap-between-it-professionalsStilgherrian. (2019, October 2). ANU incident report on massive data breach is a must-read. ZDNET. https://www.zdnet.com/article/anu-incident-report-on-massive-data-breach-a-must-read/Swanson, M., Wohl, A., Pope, L., Grance, T., Hash, J., & Thomas, R. (2002). Contingency planning guide for information technology systems: Recommendations of the National Institute of Standards and Technology (NIST SP 800-34; 0 ed., p. NIST SP 800-34). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-34Thangavelu, M., Krishnaswamy, V., & Sharma, M. (2021). Impact of comprehensive information security awareness and cognitive characteristics on security incident management – an empirical study. Computers & Security, 109, 102401. https://doi.org/10.1016/j.cose.2021.102401The NHS cyber attack: How and why it happened, and who did it. (2020, February 7). Acronis. https://www.acronis.com/en-us/blog/posts/nhs-cyber-attack/Tillet, A. (2019, October 2). ANU cyber attack began with email to senior staff member. Australian Financial Review. https://www.afr.com/politics/federal/anu-cyber-attack-began-with-email-to-senior-staff-member-20191001-p52wpvTomesco, F. (2019, June 20). Desjardins: Rogue employee caused data breach for 2.9 million members. Montreal Gazette. https://montrealgazette.com/business/desjardins-rogue-employee-caused-data-breach-for-2-9-million-membersTomesco, F. (2020, December 14). Desjardins slammed by privacy commissioner for handling of data breach. Montreal Gazette. https://montrealgazette.com/business/quebec-financial-watchdog-orders-desjardins-to-overhaul-practicesUniversity, A. N. (2019). Incident report on the breach of the Australian National University’s administrative systems (Australia, China) [Report]. Australian National University. https://apo.org.au/node/262171Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: A case study of the Equifax data breach. Issues in Information Systems, 19(3).Wang, S., & Wang, H. (2019). Knowledge Management for Cybersecurity in Business Organizations: A Case Study. Journal of Computer Information Systems, 0(0), 1–8. https://doi.org/10.1080/08874417.2019.1571458Wang, Z., Sun, L., & Zhu, H. (2020). Defining Social Engineering in Cybersecurity. IEEE Access, 8, 85094–85115. https://doi.org/10.1109/ACCESS.2020.2992807WannaCry cyber-attack cost the NHS £92m after 19,000 appointments were cancelled. (2018, October 12). National Health Executive. https://www.nationalhealthexecutive.com/articles/wannacry-cyber-attack-cost-nhs-ps92m-after-19000-appointments-were-cancelledWilliams-Banta, P. E. (2019). Security Technology and Awareness Training; Do They Affect Behaviors and Thus Reduce Breaches? [Ph.D., Northcentral University]. In ProQuest Dissertations and Theses (2236379962). ProQuest Dissertations & Theses A&I; ProQuest Dissertations & Theses Global. https://proxyone.lib.nccu.edu.tw/login?url=https://www.proquest.com/dissertations-theses/security-technology-awareness-training-do-they/docview/2236379962/se-2?accountid=10067Wroe, M. K., David. (2019, June 4). ANU says “sophisticated operator” stole data in new cyber breach. The Sydney Morning Herald. https://www.smh.com.au/politics/federal/anu-says-sophisticated-operator-stole-data-in-cyber-breach-20190604-p51ua9.htmlYoung, A. L., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24–26. https://doi.org/10.1145/3097347Yucel, S. (2018). Estimating the Benefits, Drawbacks and Risk of Digital Transformation Strategy. 2018 International Conference on Computational Science and Computational Intelligence (CSCI), 233–238. https://doi.org/10.1109/CSCI46756.2018.00051Zou, Y., Mhaidli, A. H., McCall, A., & Schaub, F. (2018). “ I’ve Got Nothing to Lose”: Consumers’ Risk Perceptions and Protective Actions after the Equifax Data Breach. SOUPS@ USENIX Security Symposium, 197–216. zh_TW