آشفتگی از طریق امنیت سایبری
ترجمه نشده

آشفتگی از طریق امنیت سایبری

عنوان فارسی مقاله: آشفتگی از طریق امنیت سایبری: دیدگاه هایی از صنعت بهداشت ایالات متحده
عنوان انگلیسی مقاله: Muddling through cybersecurity: Insights from the U.S. healthcare industry
مجله/کنفرانس: افق های کسب و کار – Business Horizons
رشته های تحصیلی مرتبط: مهندسی فناوری اطلاعات، مدیریت
گرایش های تحصیلی مرتبط: اینترنت و شبکه های گسترده، مدیریت سیستم های اطلاعاتی، مدیریت فناوری اطلاعات
کلمات کلیدی فارسی: امنیت سایبری، فناوری اطلاعات بهداشتی، انعطاف پذیری سایبری، حملات سایبری، مدیریت ریسک امنیت سایبری
کلمات کلیدی انگلیسی: Cybersecurity; Healthcare information technology; Cyber resilience; Cyberattacks; Cybersecurity risk management
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
شناسه دیجیتال (DOI): https://doi.org/10.1016/j.bushor.2019.03.010
دانشگاه: Raymond A. Mason School of Business, College of William & Mary, Alan B. Miller Hall, Williamsburg, VA 23185, U.S.A
صفحات مقاله انگلیسی: 10
ناشر: الزویر - Elsevier
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2019
ایمپکت فاکتور: 4.488 در سال 2018
شاخص H_index: 67 در سال 2019
شاخص SJR: 1.296 در سال 2018
شناسه ISSN: 0007-6813
شاخص Quartile (چارک): Q1 در سال 2018
فرمت مقاله انگلیسی: PDF
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: خیر
آیا این مقاله مدل مفهومی دارد: ندارد
آیا این مقاله پرسشنامه دارد: ندارد
آیا این مقاله متغیر دارد: ندارد
کد محصول: E13549
رفرنس: دارای رفرنس در داخل متن و انتهای مقاله
فهرست مطالب (انگلیسی)

Abstract

1. Is muddling through an acceptable approach to cyber risk management?

2. What is causing the ‘muddling through’ approach?

3. Cybersecurity risk management roadmap

4. What are some generalizable insights?

5. Summary

Appendix. Methods

References

بخشی از مقاله (انگلیسی)

Abstract

TheU.S. healthcaresectoris inadequatelypreparedtodealwith the reality of cyber threats. The increasing use of smart medical equipment and mobile devices is making healthcare organizations more susceptible to ransomware and other types of malware. The size and complexity of operations, coupled with the presence of numerous legacy and incompatible systems, make it difficult to implement effective cybersecurity measures. The daunting nature of the problem often results in an if-itain’t-broke-don’t-fix-it stanceamong senior healthcare leaders. The preponderance of healthcare-related laws, compliance regulations, and security guidance frameworks serve to complicate the cybersecurity challenge further and too often results in senior leadership assuming a state of blissful ignorance. This study sheds light on the key factors contributing to the chaotic state of affairs and presents a roadmap to a more deliberate and proactive approach to cybersecurity risk management.

Is muddling through an acceptable approach to cyber risk management?

Muddling through is a dangerous approach to cybersecurity risk management. Yet, many organizations fall into this chaotic trap for reasons ranging from a lack of top management priority and commitment to organizational size and complexity, presence of numerous and incompatible legacy systems, inadequate budget, and more (Cram, Proudfoot, & D’Arcy, 2017; Kaminski, Rezek, Richter, & Sorel, 2017; Sweeney, 2016). There is enough evidence to suggest that U.S. healthcare organizations lack a deliberate, organized, and comprehensive cyber-resilience strategy. To quote a recent survey report: “One-third of hospital executives have purchased cybersecurity solutions blindly without much vision or discernment” (Leventhal, 2018). Investments in establishing cyber resilience severely lag behind other regulated industries. Not only are cybersecurity budgets low and being cut but also many firms have neither a formal security program nor a dedicated leader assigned to security (Donovan, 2018a; Leventhal, 2018; Lord, 2018). Size and complexity of operations are some of the other factors contributing to an ineffective approach to cybersecurity risk management. The following quote reflects this unfortunate state of affairs: Healthcare rivals the public sector in our mission and complexity. Both industries tend to be too trusting that everyone (internal employees and information exchange partners) is doing their due diligence regarding cybersecurity. But the sectors are just too large to know for sure. We don’t truly understand our own risks until it’s made plain to us by the hackers. –—Senior Executive Services (SES) in public health and cyber operations