Abstract
Although concerns about cybersecurity have been around for more than a decade with significant attention by governments and regulators, the problem has actually continued to increase. So, it is clear that whatever is being done is not working. The research question for this study is: To what extent does compliance help or hinder cybersecurity for the organization – and why/how. When trying to understand the interplay between compliance and cybersecurity, generally, two scenarios may occur: (1) compliance helps security or (2) compliance hinders security – or maybe both. This research attempts to provide a better understanding of the factors by evaluating compliance as a critical factor in the organization’s cybersecurity strategy through a series of corporate and government interviews to affirm, refute, and refine our initial hypotheses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Antonialli, D., Souza Abreu, J.: InternetLab Files Amicus Brief to Microsoft Warrant Case in the US Supreme Court. InternetLab. http://www.internetlab.org.br/en/privacy-and-surveillance/internetlab-files-amicus-brief-to-microsoft-warrant-case-in-the-us-supreme-court (2018). Accessed 20 Nov 2020
Alfawaz, S., Nelson, K., Mohannak, K.: Information security culture: a behaviour compliance conceptual framework. In: Information Security 2010: AISC 2010 Proceedings of the Eighth Australasian Conference on Information Security [Conferences in Research and Practice in Information Technology, Volume 105], pp. 51–60. Australian Computer Society (2010)
Aurigemma, S., Panko, R.: A composite framework for behavioral compliance with information security policies. In: 2012 45th Hawaii International Conference on System Sciences, pp. 3248–3257. IEEE (2012)
Bartol, N., O’Malley, B., Bickford, J., Coden, M.: Radically Simplifying Regulatory Compliance in Cybersecurity. Boston Consulting Group (2019). https://www.bcg.com/en-ch/capabilities/technology-digital/simplifying-compliance-in-cybersecurity.aspx. Accessed 11 Oct 2020
Abramatic, J.F.: Privacy bridges. In: 37th International Privacy Conference Amsterdam (2015). https://privacybridges.mit.edu/sites/default/files/documents/PrivacyBridges-FINAL.pdf
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523–548 (2010)
A Charter of Fundamental Rights of the European Union: Official Journal of the European Communities (2000). http://www.europarl.europa.eu/charter/pdf/text_en.pdf. Accessed 10 Nov 2020
Financial Services Sector Cybersecurity Profile v.10: an Overview and User Guide: Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (2018). https://www.fsscc.org/files/galleries/Financial_Services_Sector_Cybersecurity_Profile_Overview_and_User_Guide_2018-10-25.pdf. Accessed 10 Nov 2020
GDPR and Brexit- are You Sure you are Compliant? (2018). Simplisys. https://www.simplisys.co.uk/news/gdpr-brexit-sure-compliant/. Accessed 10 Nov 2020
Gross, G.: Update: Breach Exposes Data on 110 Million Customers, Target Now Says, Computer World (2014). https://www.computerworld.com/article/2487587/update--breach-exposes-data-on-110-million-customers--target-now-says.html. Accessed 10 Nov 2020
Gürses, S.: Can you engineer privacy? Commun. ACM 57(8), 20–23 (2014). https://limo.libis.be/primo-explore/fulldisplay?docid=LIRIAS1662104&context=L&vid=Lirias&search_scope=Lirias&tab=default_tab&lang=en_US&fromSitemap=1
Hwang, I., Kim, D., Kim, T., Kim, S.: Why not comply with information security? An empirical approach for the causes of non-compliance. Online Information Review (2017)
Johnson, L.: Infosecurity Europe 2017 Survey Report-GDPR. AT&T (2017). https://www.alienvault.com/who-we-are/press-releases/infosecurity-europe-2017-survey-report-gdpr. Accessed 10 Nov 2020
Julisch, K.: Security compliance: the next frontier in security research. In: Proceedings of the 2008 New Security Paradigms Workshop, pp. 71–74 (2008)
Krebs, B.: Transcription Service Leaked Medical Records. Krebson Security (2018). https://krebsonsecurity.com/2018/04/transcription-service-leaked-medical-records/. Accessed 10 Nov 2020
Kwon, J., Johnson, M.E.: The impact of security practices on regulatory Compliance and security performance. In: Proceedings of the 32nd International Conference on Information Systems, AIS (2011)
Marotta, A., Pearlson, K.: A culture of cybersecurity at Banca Popolare di Sondrio. In: Proceedings of AMCIS 2019 (Americas Conference on Information Systems) (2019). https://aisel.aisnet.org/amcis2019/info_security_privacy/info_security_privacy/24/
Marotta, A., Madnick, S.: Analyzing the interplay between regulatory compliance and cybersecurity. In: 19th Annual Security Conference, Las Vegas, NV (2020). http://dx.doi.org/10.2139/ssrn.3542563
Moldes, C.J.: PCI DSS and Security Breaches: Preparing for a Security Breach that Affects Cardholder Data. SANS Institute (2018). https://www.sans.org/readingroom/whitepapers/breaches/pci-dss-security-breaches-preparing-security-breachaffects-cardholder-data-38340
Moody, G.D., Siponen, M., Pahnila, S.: Toward a unified model of information security policy compliance. MIS Q. 42(1) (2018)
Morrow, L.: SolarWinds Federal Cybersecurity Survey Summary Report, SolarWinds, Market Connections, Slideshare.net (2017). https://www.slideshare.net/SolarWinds/solarwinds-federal-cybersecurity-survey-2017-government-regulations-it-modernization-and-careless-insiders-undermine-federal-agencies-security-posture/1. Accessed 10 Nov 2020
New Cybersecurity Industry Survey Exposes Widespread Concern about Upcoming GDPR (2018). GDPR. https://eugdpr.com/news/new-cybersecurity-industry-survey-exposes-widespread-concern-upcoming-gdpr/. Accessed 10 Nov 2020
PCI and DSS Requirement 1- Install & Maintain a Firewall Configuration (2020). PCI-Guide. https://www.pci-guide.co.uk/section-1.html. Accessed 10 Nov 2020
Report on Cybersecurity Practices. (2015). Financial Industry Regulatory Authority. https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf. Accessed 10 Nov 2020
Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56, 70–82 (2016)
Scorsim, E.M.: Brazil and the United States of America: Jurisdiction and the Application of Domestic Laws on Internet Application and Technology Companies. Mgalhas International. https://www.migalhas.com/HotTopics/63,MI273592,61044-Brazil+and+the+United+States+of+America+Jurisdiction+and+the (2018). Accessed 10 Nov 2020
Sommestad, T., Hallberg, J., Lundholm, K., Bengtsson, J.: Variables influencing information security policy compliance. Inf. Manage. Comput. Secur. (2014)
Stefanelli, S.: First GDPR Sanctions are Underway: The German Case. Europrivacy. Blog.europrivacy.info (2018). https://europrivacy.info/2018/12/15/first-gdpr-sanctions-are-underway-the-german-case/. Accessed 10 Nov 2020
Vance, A., Siponen, M., Pahnila, S.: Motivating IS security compliance: insights from habit and protection motivation theory. Inf. Manage. (2012). http://130.18.86.27/faculty/warkentin/SecurityPapers/Newer/VanceSiponenPahnila012_I&M49_HabitPMT.pdf
Vroom, C., Von Solms, R.: Towards information security behavioural compliance. Comput. Secur. 23(3), 191–198 (2004)
Woodside, S.: How not to do Healthcare Security. Medstack (2018). https://medstack.co/blog/not-healthcare-security/. Accessed 10 Nov 2020
Acknowledgements
The research reported herein was supported in part by the Cybersecurity at MIT Sloan initiative, which is funded by a consortium of organizations, and a gift from C6 bank.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Marotta, A., Madnick, S. (2021). Tackling Cybersecurity Regulatory Challenges: A Proposed Research Framework. In: Garimella, A., Karhade, P., Kathuria, A., Liu, X., Xu, J., Zhao, K. (eds) The Role of e-Business during the Time of Grand Challenges. WeB 2020. Lecture Notes in Business Information Processing, vol 418. Springer, Cham. https://doi.org/10.1007/978-3-030-79454-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-79454-5_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-79453-8
Online ISBN: 978-3-030-79454-5
eBook Packages: Computer ScienceComputer Science (R0)