Literature Review
The problems of the modern day cyber security are as urgent as never before. With enterprises relying on computer and internet networks more and more often, IT security faces a significant number of issues. Researchers determine the nature of such problems in different ways. For example, Grau and Kennedy (2014) define such problems as “common threats faced today, such as malware, physical attacks, social engineering, social media, misuse, errors, and environmental effects” (p. 53). Moreover, the problems are approached from the perspective of their relation to different strata of society (e. g. citizens, governments, banks, and key infrastructures). The authors then note that the problems are caused by various “actors.” These are “the criminal,” “the hactivist,” and “the nation-state” (Grau and Kennedy 2014, p. 54).
Based on these findings, authors present the current trends and trends that are in development as of now. There are six current trends of interest. Firstly, the man-in-the-browser attacks, which are characterized by the criminal’s attempting to emulate a believable browser experience to gather information on security details (logins, passwords, etc.). Secondly, the ransomware is emerging; it is a malware that is embedded in the operational system as an anti-virus or any other type of malware protecting software. The goal of this malware is also to gather sensitive or compromising data. The third trend is the development of polymorphisms. This is a sophisticated malware that is generated for each user while remaining equal functionality-wise. Remaining trends drawn out by the authors include other types of malware (package exploit kits, new-generation botnets) and methods of causing network malfunctions (DDoS)
Other researchers focus on different topics; some may argue that these subjects are based on more general problems. Chin, Kaplan and Weinberg (2014) concentrate on the general problems that the current cybersecurity units face. These include insufficient cyberattacks protection, minimal efforts of improving cyber security in various institutions, and low engagement of senior leaders of public and private institutions in the problems of cyber security. Another article by Tisdale (2015) suggests that, despite the widespread problems which seem to take over the cybersecurity efforts, it is wrong to approach the solution search in technical, and information technology connected way. Instead, Tisdale argues, recent researches in cyber security call for a “comprehensive approach that considers business objectives, governance, and risk management along with organizational psychology and other factors such as those described in the Clinger-Cohen Act” (p. 191).
Thus, the trends may be perceived in different ways and via different approaches. Some argue that the cyber security efforts must be focused on fighting off the new-generation malware developed en masse by various criminals and criminal collectives across the world. Others call for developing a new perspective that would alter the approach to cyber security with taking different nuances into account. As of right now, there is no way to tell which approach will be the most beneficial one. However, while some tend to focus on developing the methods to fight off malware and cyber attacks, other researchers create new-generation tools that allow ensuring a higher quality of cyber security. For example, Fielder, Panaousis, Malacaria, Hankin and Smeraldi (2016) in their article provide “an analysis of a hybrid game-theoretic and optimisation approach to the allocation of an SME’s cyber security budget” (p. 22).
Another example of approaching cyber security is, for instance, an article by Craigen, Diakun-Thibault and Purse (2014) that has a goal of providing a more precise definition of what the cybersecurity must be. The authors conclude that “the more inclusive, unifying definition presented in this article aims to facilitate interdisciplinary approaches to cybersecurity” (Craigen, Diakun-Thibault & Purse 2014, p. 18). Thus, a more sophisticated theoretical approach is taken to represent the goals of cyber security. This allows for clearer understanding of the primary focuses that the cyber security units must preserve.
On the other hand, some researchers tend to concentrate on identifying practical approaches either undertaken by some organizations, or the approaches that are still being developed. For example, Nelson and Madnick (2017) provide a “list of approaches around cyber-security measurement and reporting” (p. 12). These approaches include measures of cyber-security compliance, tracking of risk based on business models, and cyber-risk activities tracking. Thus, it is evident that there is a focus on both theoretical and practical aspects of the problem. The question is, then, what approach to cybersecurity is the most beneficial one?
Research Model
The research model would include the evaluation of beneficial nature of current approaches to cyber security as a dependent variable. The independent variable would then be the researches focused on both practical and theoretical aspects of the debate. The moderating variable that determines the relationship between dependent and independent variables is the prevalence of research data on either theoretical or practical solution proposed by researchers. A mediating variable, in turn, is the effectiveness of cyber security measures perceived from theory- and practice-related standpoints. These variables are meaningful because they allow determining which approach to cyber security is prevailing and what types of solutions it offers.
Identification Hypothesis
The first hypothesis is as follows: identifying which approach to cyber security is more efficient (practical or theoretical) will allow ensuring better means of cyber security. This hypothesis will rely on the results drawn out by researchers. While performing either theory-based or practice-focused research, each approach is aimed at providing a more in-depth analysis of the situation. However, while the theoretical studies have a goal of better understanding the nature of the problems that the cyber security faces in the modern environment, the practical researches focus on providing means to fight off different types of cyber attacks. Therefore, understanding each perspective may be equally important, while providing insight on which one is better in the modern era of cyber security. If this hypothesis is correct, any research that tries to cover each approach would be perceived as excessive and lacking focus on significant problems that are not currently included.
Equality Hypothesis
The second hypothesis is: both methods to researching cyber security are equally important and must not be separated; rather, both theory and practice must be viewed as inseparable means to provide a better environment in which cyber security will function to its maximum extents. This hypothesis may be equally as vital because the nature of cyber attacks requires both understanding of the means used to compromise security and development of means of protection against possible or actual attacks. If this hypothesis proves to be correct, there would seem to be no point in carrying out research that is focused solely on one approach to increasing cybersecurity. If on the other hand, the hypothesis proves to be wrong, the current researches focused on theory and practice separately would be strengthened and proved to be equally important.
References
Chinn, D., Kaplan, J., & Weinberg, A. (2014). Risk and responsibility in a hyperconnected world: Implications for enterprises.
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13-21.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Grau, D., & Kennedy, C. (2014). TIM lecture series – the business of cybersecurity. Technology Innovation Management Review, 4(4), 53-57.
Nelson, N., Madnick, S. (2017). Trade-offs between digital innovation and cyber-security. Cambridge, MA: Massachusetts Institute of Technology.
Tisdale, S. M. (2015). Cybersecurity: Challenges from a systems, complexity, knowledge management and business intelligence perspective. Issues in Information Systems, 16(3), 191-198.