Dynamic Risk Management in Information Security : A socio-technical approach to mitigate cyber threats in the financial sector / Dynamisk riskhantering inom informationssäkerhet : Ett sociotekniskt tillvägagångssätt för att hantera cyberhot i den finansiella sektorn

Lundberg, Johan

January 2020

In the last decade, a new wave of socio-technical cyber threats has emerged that is targeting both the technical and social vulnerabilities of organizations and requires fast and efficient threat mitigations. Yet, it is still common that financial organizations rely on yearly reviewed risk management methodologies that are slow and static to mitigate the ever-changing cyber threats. The purpose of this research is to explore the field of Dynamic Risk Management in Information Security from a socio-technical perspective in order to mitigate both types of threats faster and dynamically to better suit the connected world we live in today. In this study, the Design Science Research methodology was utilized to create a Dynamic Information Security Risk Management model based on functionality requirements collected through interviews with professionals in the financial sector and structured literature studies. Finally, the constructed dynamic model was then evaluated in terms of its functionality and usability. The results of the evaluation showed that the finalized dynamic risk management model has great potential to mitigate both social and technical cyber threats in a dynamic fashion. / Under senaste decenniet har en ny våg av sociotekniska cyberhot uppkommit som är riktade både mot de sociala och tekniska sårbarheterna hos organisationer. Dessa hot kräver snabba och effektiva hotreduceringar, dock är det fortfarande vanligt att finansiella organisationer förlitar sig på årligen granskade riskhanteringsmetoder som både är långsamma och statiska för att mildra de ständigt föränderliga cyberhoten. Syftet med denna forskning är att undersöka området för dynamisk riskhantering inom informationssäkerhet ur ett sociotekniskt perspektiv, med målsättningen att snabbare och dynamiskt kunna mildra bägge typerna av hot för att bättre passa dagens uppkopplade värld.  I studien användes Design Science Research för att skapa en dynamisk riskhanteringsmodell med syfte att hantera sociotekniska cyberhot mot informationssäkerheten. Riskhanteringsmodellen är baserad på funktionskrav insamlade genom intervjuer med yrkesverksamma inom finanssektorn, samt strukturerade litteraturstudier.  Avslutningsvis utvärderades den konstruerade dynamiska modellen avseende dess funktionalitet och användbarhet. Resultaten av utvärderingen påvisade att den slutgiltiga dynamiska riskhanteringsmodellen har en stor potential att mitigera både sociala och tekniska cyberhot på ett dynamiskt sätt.

DISRMM

Dynamic Risk Management

Adaptive Risk Management

Socio-Technical

Sociotechnical

Social Triggers

Technical Triggers

Information Security

Usability

SEO

Search Engine Optimization

SEAREvasion

SEAR Evasion Approach

Dynamic

Risk Management

Socio-technical Threats

Risk Management Finance

Technical Risk Management Finance

Social Risk Management Finance

Socio-technical Model

Design Science Research.

Dynamisk Riskhantering

Informationssäkerhet

Finans

Finansiell Organisation

Dynamisk Informationssäkerhet

Sociotekniska Cyberhot

Riskhantering.

Information Systems

The relationship between project funding and construction systems

Chan, Man-wai., 陳文偉.

January 1997

published_or_final_version / Real Estate and Construction / Doctoral / Doctor of Philosophy

Construction industry - Finance.

Capital de giro, fatores internos e externos que afetam seu gerenciamento

CAGNIN, Edson Aparecido

31 August 2017

Submitted by Elba Lopes (elba.lopes@fecap.br) on 2018-02-24T14:18:42Z No. of bitstreams: 2 Edson Aparecido Cagnin.pdf: 1358457 bytes, checksum: f9cdfae6093d106c7cc15fcdc2964007 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Made available in DSpace on 2018-02-24T14:18:42Z (GMT). No. of bitstreams: 2 Edson Aparecido Cagnin.pdf: 1358457 bytes, checksum: f9cdfae6093d106c7cc15fcdc2964007 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2017-08-31 / This research studies how internal and external factors impact the management of working capital. We use a sample of 519 publicly-traded companies listed on the S??o Paulo Stock Exchange, considering the period from 2000 to 2015. We find evidence that the external factors, the SELIC base interest rate, and the BNDES System's credit disbursement, impact the companies' working capital level. Our finding comply with previous studies that analyze the internal factors such as, debt level and free cash flow. We find that higher levels of cash flow increase working capital levels, and that companies' debt level does not influence the working capital management. / Esta pesquisa estuda como fatores internos e externos impactam o gerenciamento do capital de giro. Trabalha com uma amostra de 519 companhias de capital aberto listadas na Bolsa de Valores de S??o Paulo, considerando o per??odo de 2000 a 2015. Encontra evid??ncias de que os fatores externos, taxa b??sica de juros SELIC, e desembolso de cr??dito do Sistema BNDES, interferem no n??vel de capital de giro das companhias. Segue estudos anteriores que analisaram os fatores internos, endividamento e fluxo de caixa livre, constatando que n??veis maiores de fluxo de caixa aumentam os n??veis de capital de giro, e que o endividamento das companhias n??o influencia o gerenciamento do capital de giro.

Administra????o de Empresas

A comparative study of school-based management in three places - rethinking school-based financial management under the schoolmanagement initiative

Yu, Chung-ching., 虞忠正.

January 1996

published_or_final_version / Education / Master / Master of Education

Education - China - Hong Kong - Finance.

School-based management - Finance.

Educational evaluation.

Standing Processes in Service-Oriented Environments

Lehner, Wolfgang, Habich, Dirk, Preißler, Steffen

01 November 2022

Current realization techniques for service-oriented architectures (SOA) and business process management (BPM) cannot be efficiently applied to any kind of application scenario. For example, an important requirement in the finance sector is the continuous evaluation of stock prices to automatically trigger business processes--e.g. the buying or selling of stocks--with regard to several strategies. In this paper, we address the continuous evaluation of message streams within BPM to establish a common environment for stream-based message processing and traditional business processes. In detail, we propose the notion of standing processes as (i) a process-centric concept for the interpretation of message streams, and (ii) a trigger element for subsequent business processes. The demonstration system focuses on the execution of standing processes and the smooth interaction with the traditional business process environment.

info:eu-repo/classification/ddc/004

ddc:004