Cybersecurity & AIS | University of Waterloo Centre for Information Integrity and Information Systems Assurance

What is Cybersecurity and AIS?

The Cybersecurity & AIS focus area emphasizes research, education and knowledge transfer, and interaction initiatives at UWCISA, particularly attuned to topics such as:

cyber incident notifications and disclosures,
behavioural cybersecurity,
national cybersecurity strategies,
cybersecurity policy compliance,
board-level cybersecurity governance,
and cybersecurity regulations.

Led by

W. Alec Cram, PhD, CISA, CISSP

UWCISA Associate Director Cybersecurity & AIS

Research

Thought Leadership, Funding Specific Research Projects

Current Cybersecurity and AIS Research

Paper	Details
Anti-Phishing Countermeasures	Research team: Efrim Boritz Objectives: To explore countermeasures to phishing. Status: In process –early development stage. Affiliation: This paper is led by Efrim Boritz, executive director of UWCISA.
Time Will Tell: A Case for an Idiographic Approach for Behavioral Cybersecurity Research	Research team: Alec Cram, John D’Arcy, Alex Benlian. Objectives: To apply an idiographic approach, which undertakes within-person analysis of longitudinal data, to empirically test and bring a more granular perspective to neutralization theory within cybersecurity research. Status: Complete –this paper was published in MIS Quarterly, Vol. 48, No. 1, 2024. Affiliation: This paper is co-led by Alec Cram, an associate director of UWCISA.
Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications	Research team: Alec Cram, Rissaile Mouajou-Kenfack. Objectives: To examine how organizations respond to cybersecurity incidents in terms of the detail provided in incident notifications and how responses differ depending on the benefitting party. Status: Complete –this paper was published in Organizational Cybersecurity Journal: Practice, Process and People, Vol. 3, No. 1, 2023. Affiliation: This paper is co-led by Alec Cram, an associate director of UWCISA.
Out with the Old, In with the New: Examining National Cybersecurity Strategy Changes Over Time	Research team: Alec Cram, Jonathan Yuan. Objectives: To examine national cybersecurity strategies in Canada, the United Kingdom, and Australia and their level of stability or change over time. Status: Complete –this paper was published in Journal of Cyber Policy, Vol. 8, No. 1, 2023. Affiliation: This paper is led by Alec Cram, an associate director of UWCISA.
“What a Waste of Time”: A Longitudinal Examination of Cybersecurity Illegitimacy	Research team: Alec Cram, John D’Arcy. Objectives: Introduce employee judgments of cybersecurity illegitimacy as a new angle for understanding employee compliance with cybersecurity policies over time. Status: Complete –this paper was published in Information Systems Journal, Vol. 33, No. 6, 2023. Affiliation: This paper is led by Alec Cram, an associate director of UWCISA.
Weathering the Storm: Charting a Course for Organizations to Navigate the Raging Tempest of Cybersecurity Regulations.	Research team: Alec Cram, Jeff Proudfoot. Objectives: To clarify how cybersecurity regulations are operationalized in organizations, as well as reveal the compliance and performance consequences of cybersecurity regulations. Status: In process – under review at a journal. Affiliation: This paper is led by Alec Cram, an associate director of UWCISA.
Conceal or Communicate? Organizational Notifications to Stakeholders Following Ransomware Attacks	Research team: Alec Cram, Albert Chan, Dennis Joo, Jonathan Yuan. Objectives: To examine the organizational communications following 101 ransomware attacks. Status: In process – being prepared for journal submission. Affiliation: This paper is led by Alec Cram, an associate director of UWCISA.
Evaluating a Cybersecurity Operations Center Implementation Program in a Regional Healthcare System: Challenges and Lessons Learned	Research team: Alec Cram, Ian McKillop. Objectives: To examine an early-stage program to establish a series of cybersecurity operations centers within a large, regional, publicly funded healthcare system. Status: In process – under review at a journal. Affiliation: This paper is led by Alec Cram, an associate director of UWCISA.

Education and Knowledge Transfer

Disseminating Best Practices, Sharing Material (Workshops / Conferences)

Developing Courses, Workshops, Cases and Other Teaching Material

Student case competitions, mentorship, and awards

Cybersecurity and Privacy Institute Undergraduate Award

Under the leadership of Alec Cram and through the sponsorship of the UW Cybersecurity and Privacy Institute, each semester the Cybersecurity and Privacy Institute Undergraduate Award of $1,000 is given to the top student enrolled in the course AFM 347 – Cybersecurity.

UWCISA PhD & Academic Career Mentorship Program in Audit & Assurance, Cybersecurity, or Accounting Information Systems (AIS)

Under the leadership of Tim Bauer and sponsored by ISACA Toronto Chapter, UWCISA created the UWCISA PhD and Academic Career Mentorship Program in Audit & Assurance, Cybersecurity, or Accounting Information Systems (AIS).
Its purpose is to provide UW undergraduate and MAcc students who are interested in pursuing a PhD with an opportunity to learn more about an academic career in audit, assurance, cybersecurity, AIS, or related fields.
Prospective students are encouraged to follow the link above and see how to join the mentorship program in F24-W25.

Interaction

Engaging with Profession, Students, Public

Informing Practice

Through UWCISA members’ service on various task forces, the following activity was carried out:
- Updating cybersecurity risk management material for Boards.
- Responding to the SEC proposal on Cybersecurity Risks and the NY state proposal on Cybersecurity Assurance.