Skip to main content
SpringerLink
Log in

Tackling Cybersecurity Regulatory Challenges: A Proposed Research Framework

  • Conference paper
  • First Online:
The Role of e-Business during the Time of Grand Challenges (WeB 2020)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 418))

Included in the following conference series:

Abstract

Although concerns about cybersecurity have been around for more than a decade with significant attention by governments and regulators, the problem has actually continued to increase. So, it is clear that whatever is being done is not working. The research question for this study is: To what extent does compliance help or hinder cybersecurity for the organization – and why/how. When trying to understand the interplay between compliance and cybersecurity, generally, two scenarios may occur: (1) compliance helps security or (2) compliance hinders security – or maybe both. This research attempts to provide a better understanding of the factors by evaluating compliance as a critical factor in the organization’s cybersecurity strategy through a series of corporate and government interviews to affirm, refute, and refine our initial hypotheses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Antonialli, D., Souza Abreu, J.: InternetLab Files Amicus Brief to Microsoft Warrant Case in the US Supreme Court. InternetLab. http://www.internetlab.org.br/en/privacy-and-surveillance/internetlab-files-amicus-brief-to-microsoft-warrant-case-in-the-us-supreme-court (2018). Accessed 20 Nov 2020

  2. Alfawaz, S., Nelson, K., Mohannak, K.: Information security culture: a behaviour compliance conceptual framework. In: Information Security 2010: AISC 2010 Proceedings of the Eighth Australasian Conference on Information Security [Conferences in Research and Practice in Information Technology, Volume 105], pp. 51–60. Australian Computer Society (2010)

    Google Scholar 

  3. Aurigemma, S., Panko, R.: A composite framework for behavioral compliance with information security policies. In: 2012 45th Hawaii International Conference on System Sciences, pp. 3248–3257. IEEE (2012)

    Google Scholar 

  4. Bartol, N., O’Malley, B., Bickford, J., Coden, M.: Radically Simplifying Regulatory Compliance in Cybersecurity. Boston Consulting Group (2019). https://www.bcg.com/en-ch/capabilities/technology-digital/simplifying-compliance-in-cybersecurity.aspx. Accessed 11 Oct 2020

  5. Abramatic, J.F.: Privacy bridges. In: 37th International Privacy Conference Amsterdam (2015). https://privacybridges.mit.edu/sites/default/files/documents/PrivacyBridges-FINAL.pdf

  6. Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523–548 (2010)

    Article  Google Scholar 

  7. A Charter of Fundamental Rights of the European Union: Official Journal of the European Communities (2000). http://www.europarl.europa.eu/charter/pdf/text_en.pdf. Accessed 10 Nov 2020

  8. Financial Services Sector Cybersecurity Profile v.10: an Overview and User Guide: Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (2018). https://www.fsscc.org/files/galleries/Financial_Services_Sector_Cybersecurity_Profile_Overview_and_User_Guide_2018-10-25.pdf. Accessed 10 Nov 2020

  9. GDPR and Brexit- are You Sure you are Compliant? (2018). Simplisys. https://www.simplisys.co.uk/news/gdpr-brexit-sure-compliant/. Accessed 10 Nov 2020

  10. Gross, G.: Update: Breach Exposes Data on 110 Million Customers, Target Now Says, Computer World (2014). https://www.computerworld.com/article/2487587/update--breach-exposes-data-on-110-million-customers--target-now-says.html. Accessed 10 Nov 2020

  11. Gürses, S.: Can you engineer privacy? Commun. ACM 57(8), 20–23 (2014). https://limo.libis.be/primo-explore/fulldisplay?docid=LIRIAS1662104&context=L&vid=Lirias&search_scope=Lirias&tab=default_tab&lang=en_US&fromSitemap=1

  12. Hwang, I., Kim, D., Kim, T., Kim, S.: Why not comply with information security? An empirical approach for the causes of non-compliance. Online Information Review (2017)

    Google Scholar 

  13. Johnson, L.: Infosecurity Europe 2017 Survey Report-GDPR. AT&T (2017). https://www.alienvault.com/who-we-are/press-releases/infosecurity-europe-2017-survey-report-gdpr. Accessed 10 Nov 2020

  14. Julisch, K.: Security compliance: the next frontier in security research. In: Proceedings of the 2008 New Security Paradigms Workshop, pp. 71–74 (2008)

    Google Scholar 

  15. Krebs, B.: Transcription Service Leaked Medical Records. Krebson Security (2018). https://krebsonsecurity.com/2018/04/transcription-service-leaked-medical-records/. Accessed 10 Nov 2020

  16. Kwon, J., Johnson, M.E.: The impact of security practices on regulatory Compliance and security performance. In: Proceedings of the 32nd International Conference on Information Systems, AIS (2011)

    Google Scholar 

  17. Marotta, A., Pearlson, K.: A culture of cybersecurity at Banca Popolare di Sondrio. In: Proceedings of AMCIS 2019 (Americas Conference on Information Systems) (2019). https://aisel.aisnet.org/amcis2019/info_security_privacy/info_security_privacy/24/

  18. Marotta, A., Madnick, S.: Analyzing the interplay between regulatory compliance and cybersecurity. In: 19th Annual Security Conference, Las Vegas, NV (2020). http://dx.doi.org/10.2139/ssrn.3542563

  19. Moldes, C.J.: PCI DSS and Security Breaches: Preparing for a Security Breach that Affects Cardholder Data. SANS Institute (2018). https://www.sans.org/readingroom/whitepapers/breaches/pci-dss-security-breaches-preparing-security-breachaffects-cardholder-data-38340

  20. Moody, G.D., Siponen, M., Pahnila, S.: Toward a unified model of information security policy compliance. MIS Q. 42(1) (2018)

    Google Scholar 

  21. Morrow, L.: SolarWinds Federal Cybersecurity Survey Summary Report, SolarWinds, Market Connections, Slideshare.net (2017). https://www.slideshare.net/SolarWinds/solarwinds-federal-cybersecurity-survey-2017-government-regulations-it-modernization-and-careless-insiders-undermine-federal-agencies-security-posture/1. Accessed 10 Nov 2020

  22. New Cybersecurity Industry Survey Exposes Widespread Concern about Upcoming GDPR (2018). GDPR. https://eugdpr.com/news/new-cybersecurity-industry-survey-exposes-widespread-concern-upcoming-gdpr/. Accessed 10 Nov 2020

  23. PCI and DSS Requirement 1- Install & Maintain a Firewall Configuration (2020). PCI-Guide. https://www.pci-guide.co.uk/section-1.html. Accessed 10 Nov 2020

  24. Report on Cybersecurity Practices. (2015). Financial Industry Regulatory Authority. https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf. Accessed 10 Nov 2020

  25. Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56, 70–82 (2016)

    Article  Google Scholar 

  26. Scorsim, E.M.: Brazil and the United States of America: Jurisdiction and the Application of Domestic Laws on Internet Application and Technology Companies. Mgalhas International. https://www.migalhas.com/HotTopics/63,MI273592,61044-Brazil+and+the+United+States+of+America+Jurisdiction+and+the (2018). Accessed 10 Nov 2020

  27. Sommestad, T., Hallberg, J., Lundholm, K., Bengtsson, J.: Variables influencing information security policy compliance. Inf. Manage. Comput. Secur. (2014)

    Google Scholar 

  28. Stefanelli, S.: First GDPR Sanctions are Underway: The German Case. Europrivacy. Blog.europrivacy.info (2018). https://europrivacy.info/2018/12/15/first-gdpr-sanctions-are-underway-the-german-case/. Accessed 10 Nov 2020

  29. Vance, A., Siponen, M., Pahnila, S.: Motivating IS security compliance: insights from habit and protection motivation theory. Inf. Manage. (2012). http://130.18.86.27/faculty/warkentin/SecurityPapers/Newer/VanceSiponenPahnila012_I&M49_HabitPMT.pdf

  30. Vroom, C., Von Solms, R.: Towards information security behavioural compliance. Comput. Secur. 23(3), 191–198 (2004)

    Article  Google Scholar 

  31. Woodside, S.: How not to do Healthcare Security. Medstack (2018). https://medstack.co/blog/not-healthcare-security/. Accessed 10 Nov 2020

Download references

Acknowledgements

The research reported herein was supported in part by the Cybersecurity at MIT Sloan initiative, which is funded by a consortium of organizations, and a gift from C6 bank.

Author information

Authors and Affiliations

  1. MIT Sloan School of Management, 245 First Street, Cambridge, MA, 02142, USA

    Angelica Marotta

  2. MIT Sloan School of Management, 100 Main Street, Cambridge, MA, 02142, USA

    Stuart Madnick

Authors
  1. Angelica Marotta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stuart Madnick
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Angelica Marotta .

Editor information

Editors and Affiliations

  1. University of Illinois Urbana-Champaign, Champaign, IL, USA

    Aravinda Garimella

  2. University of Hawaii at Manoa, Honolulu, HI, USA

    Prasanna Karhade

  3. Indian School of Business, Hyderabad, India

    Abhishek Kathuria

  4. Arizona State University, Tempe, AZ, USA

    Xiao Liu

  5. Bentley University, Waltham, MA, USA

    Jennifer Xu

  6. University of North Carolina at Charlotte, Charlotte, NC, USA

    Kexin Zhao

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Marotta, A., Madnick, S. (2021). Tackling Cybersecurity Regulatory Challenges: A Proposed Research Framework. In: Garimella, A., Karhade, P., Kathuria, A., Liu, X., Xu, J., Zhao, K. (eds) The Role of e-Business during the Time of Grand Challenges. WeB 2020. Lecture Notes in Business Information Processing, vol 418. Springer, Cham. https://doi.org/10.1007/978-3-030-79454-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-79454-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-79453-8

  • Online ISBN: 978-3-030-79454-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation