SYNOPSIS: Risk Management Strategies for Security Threats

Donna Columbus October 19, 2018
Connect--But, be very careful

A review of academic work addressing how to improve cybersecurity

Larrimore, N. P. (2018). Risk management strategies to prevent and mitigate emerging operational security threats (Order No. 10747292). Available from ProQuest Dissertations & Theses Global. (2023213918). Retrieved from https://search.proquest.com/docview/2023213918?accountid=44888
  • The author uses a qualitative methodology with associated case studies as the core of her study. She is particularly focused on how small business leaders manage risk strategies to “…prevent and mitigate operational security threats…” (Larrimore, 2018, p. 2). She focuses on a qualitative approach in her research and analysis to better provide a greater understanding of management decisions and communications with theiremployees.
  • Further, the author uses an “exploratory multiple case study” approach. She reviews the available cases to prepare her designs by exploring five groups: (a) phenomenology, (b) ethnography, (c) narrative, (d) grounded theory, and (e) case study (Larrimore, 2018). Specifically, she suggests that the use of such case studies and deeper analytic approach relying upon the five groups as a “powerful approach” (Larrimore, 2018, p. 56). Using the case study design afforded her the opportunity to explore multiple facets of the phenomenon while viewing strategies from a variety of possible lenses.
  • This is a study of Risk Management strategies of small business leaders and is a qualitative approach which is more appropriate where the measures are more about policies and “best practices.” It can be better discerned by the available literature and expertise. Hubbard and Seiersen’s (2016) and Tetlock and Gardner’s (2016) works would affirm the value of such historical knowledge and expertise is just as good as a quantitative approach; “[i]f the primary concern about probabilistic [objective] methods is a lack of data, then you also lack the data to use nonquantitative [qualitative] methods”  (Hubbard & Seiersen, 2016, p. 38).
  • The Problem: The author suggests that the reliance on technology has contributed to global security threats. While business leaders have embraced technology to improve efficiency and profits such dependency has had introduced the problems of security and privacy.  “Federal Bureau of Investigations reported that 14,032 U.S. companies victimized since October 2013 incurred losses exceeding $3.1 billion” (Larrimore, 2018, p. 2).
  • Her major premise is that technological dependency has resulted in operational and financial risk and losses. Specifically, she is concerned that “…small business leaders lack risk management strategies to prevent and mitigate operational security threats, producing losses,” (Larrimore, 2018, p. 2); her understanding of the problem is substantive in that she recognizes the implications of the computer age has brought both success and challenges to business leaders within cyberspace.
  • The purpose of this qualitative multiple case study was to explore the risk management strategies small business leaders use to prevent and mitigate operational security threats that produce financial losses. The population for this case study consisted of six business leaders from four distinct organizations in South Carolina who have demonstrated successful experience in addressing the specific business problem. Positive changes may include, for example, a reduction in financial losses for small businesses, improved profitability, and a reduction in unemployment. The social impact of the study results could affect operational security influencing the success of small businesses, which in turn provides jobs and economic growth to communities (Larrimore, 2018).
banner
  • Her hypothesis is that by developing clear strategies and processes to resolve, or at least mitigate security threats, then a company will subsequently reduce its losses and increase its own profitability. She also suggests that procedures, it would also contribute to an overall reduction in unemployment and improve society by securing its own segment of its IT security environment (Larrimore, 2018).
  • Since the beginning of time, humans have recognized the immense value of technology in their daily lives.  Fire, the wheel, electricity, and now computers are regarded as immensely critical and vital elements of modern society.  The author rightly looks to one element of the classic People-Process-Technology (PPT) Triad to affect and enhance future improvement.  See Figure 1 below. These three components contribute to a solution especially holistically in the resolution of technological and cybersecurity problems.  Technology enhances the people component by giving them quicker and more processed information to make better decisions, and processes are improved as people refine those procedures and policies to derive greater adeptness and ability to resolve modern-day technological challenges. Improvements in strategies or processes can be especially beneficial in  ameliorating and responding to attacks from cyberspace.
Figure 1. PPT Triad
  • The author is particularly concerned about the small business owner and his ability to respond or reduce threats to their own IT environment. The main research question was how small business either prevent or mitigate security threats that may result in financial losses.
    • “What risk management strategies do small business leaders use to prevent and mitigate operational security threats that produce financial losses?” (Larrimore, 2018, p. 4).
  • The author describes the limitation of the study is that it only considered management vice individual employee responses to security threats. The author suggests follow-on efforts should focus on those individuals who are involved in the performance of “daily operational functions,” (Larrimore, 2018, p. 97) to improve upon the output of the author’s study.
  • It is unclear whether just any employee might be able to play a major role in “strategy” without the consent of company leadership. It may be better to engage especially those IT personnel within the company to suggest “tactical” solutions such as a better product or process to mitigate any current or future operational threats. While individual employees might be able to assist in strategy, they can only contribute to a truly corporate approach to reduce, mitigate or eliminate any future threats to small businesses.

Predictive Analytics: The Power to Predict Who Will Click, Buy, Lie, or Die Paperback – January 20, 2016  
by Eric Siegel  

If you are interested in “predictive analytics” this is a good starter book on the topic.
(Image takes you to Amazon)
Tags: , ,

More Stories

Cyber Threat Hunting (CTH) in an Age of Escalating Cyber Threats

Dr. Mark Russo July 4, 2023

SPOT: Security Technical Implementation Guides (STIGs): Why are They Neglected by System Developers?

Dr. Mark Russo December 31, 2022

The Importance of Metrics in Cybersecurity

Dr. Mark Russo December 30, 2022
art artistic blank book bindings

CRITIQUE: The Problems with the Scientific-based Risk Metrics Methodology

Dr. Mark Russo August 16, 2020

CO-ACT: An Ethics Model for Data Science Privacy

Dr. Mark Russo June 24, 2020

SPOT: Neural Networks to Improve Cyber-Intrusion Detection

admin January 21, 2020

You may have missed

Cyber Threat Hunting (CTH) in an Age of Escalating Cyber Threats

Dr. Mark Russo July 4, 2023

Should You Hire a Virtual CISO?

admin February 1, 2023

TOP 5: The Main Implications of ML to Help Deter Cyber-threats

Dr. Mark Russo January 27, 2023

CYBER DECEPTION: Impact to Cybersecurity and the Application of Machine Learning Tools

Donna Columbus January 15, 2023
%d bloggers like this: