Cybersecurity & AIS

Cybersecurity - Research 

Thought Leadership, Funding Specific Research Projects 

 

Anti-Phishing Countermeasures 

  • Activities during current fiscal period (cumulative): Anti-Phishing Countermeasures
  • Research team is Efrim Boritz.
  • Objective: To explore countermeasures to phishing.
  • Met with MITACS and Richter to discuss funding possibilities

  • Status: Early development stage 

Cybersecurity

  • Activities during current fiscal period (cumulative): Cybersecurity Fatigue. 
  • Research team is Alec Cram, Jeff Proudfoot and John D'Arcy. 
  • The objective is to understand how employees become tired and disillusioned with security-related initiatives in organizations.  
  • A paper from this project was published (Volume 31, Issue 4) in the Information Systems Journal (ISJ). 
  • A supplementary survey (research team is Alec Cram, John D’Arcy, and Alex Benlian) was conditionally accepted to MIS Quarterly.

  • Status: In process 

Cybersecurity

  • Activities during current fiscal period (cumulative): Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications. 
  • Research team is Alec Cram and Rissaile Mouajou-Kenfack.  
  • Included in the proceedings of the Hawaii International Conference on System Sciences (January 2022). 
  • An updated manuscript was presented at the Cybersecurity Emerging Research Symposium at the University of Colorado, Colorado Springs in May 2022.  

  • A further updated manuscript is forthcoming in the Organizational Cybersecurity Journal.

  • Status: In process 

Cybersecurity

  • Activities during current fiscal period (cumulative): Out with the Old, In with the New: Examining National Cybersecurity Strategy Changes Over Time.  
  • Research team is Alec Cram and Jonathan Yuan.  
  • Presented and included in the proceedings of the Hawaii International Conference on System Sciences (January 2022). 
  • An updated manuscript is forthcoming in the Journal of Cyber Policy.
  • Status: In process 

Cybersecurity

  • Activities during current fiscal period (cumulative): “What a Waste of Time”: A Longitudinal Examination of Cybersecurity Illegitimacy. 
  • Research team is Alec Cram and John D'Arcy. 
  • This research introduces employee judgements of cybersecurity illegitimacy as a new angle for understanding employee compliance with cybersecurity policies over time. 
  • Manuscript is forthcoming in the Information Systems Journal.
  • Status: In process 

 

Cybersecurity

  • Activities during current fiscal period (cumulative): Weathering the Storm: Charting a Course for Organizations to Navigate the Raging Tempest of Cybersecurity Regulations. 
  • Research team is Jeff Proudfoot and Alec Cram. 
  • This research aims to clarify how cybersecurity regulations are operationalized in organizations, as well as reveal the compliance and performance consequences of cybersecurity regulations. 

  • A manuscript is under second review at MIS Quarterly Executive. An earlier version of the research was presented at the MISQE Workshop on 'Boards of Directors and the Governance of Digital Technology' at ICIS 2022 in Copenhagen.

  • Status: In process 

CYBERSECURITY

  • Activities during current fiscal period (cumulative): Conceal or Communicate? Organizational Notifications to Stakeholders Following Ransomware Attacks
  • Research team is Alec Cram, Albert Chan (UW undergrad student), Jonathan Yuan (UW Phd student), and Dennis Joo (UW undergrad student).
  • This research examines the organizational communications following 101 ransomware attacks.
  • A manuscript has been conditionally accepted to the Hawaii International Conference on System Sciences (HICSS).
  • Status: In process 

CYBERSECURITY

  • Activities during current fiscal period (cumulative): Evaluating a Cybersecurity Operations Center Implementation Program in a Regional Healthcare System: Challenges and Lessons Learned
  • Research team is Alec Cram and Ian McKillop.
  • This research examines an early-stage program to establish a series of cybersecurity operations centers within a large, regional, publicly funded healthcare system.
  • A manuscript has been accepted to the Hawaii International Conference on System Sciences (HICSS).
  • Status: In process 

Cybersecurity – Education and Knowledge Transfer 

Disseminating Best Practices, Sharing Material (Workshops / Conferences) 

Developing Courses, Workshops, Cases and Other Teaching Material 

 

DEVELOPING COURSES, WORKSHOPS, CASES AND OTHER TEACHING MATERIAL

  • Activities during current fiscal period (cumulative): Alec Cram developed a new undergraduate elective course at UW called AFM 347 - Cybersecurity. The course has been offered four times (Fall/Winter 2021 and Fall/Winter 2022). The course was also approved by the UWaterloo Cybersecurity and Privacy Institute (CPI) to grant a 'Cybersecurity and Privacy Institute Undergraduate Award' beginning in Fall 2023. Each semester, the top student in AFM 347 will be awarded $1000. Fall enrollment is currently full at 60 students.

Cybersecurity – Interaction 

 

Alliances and Relationships - AICPA 

  • Activities during current fiscal period (cumulative): Efrim is a member of the AICPA Trust Services Information Integrity Task Force, the Cybersecurity Task Force.

  • Updated Cybersecurity risk management material for Boards is in progress.

  • Response to SEC proposal on Cybersecurity Risks is in progress.

  • Response to NY state proposal on Cybersecurity assurance is in progress.

 

Alliances and Relationships – UW CPI Institute 

  • Activities during current fiscal period (cumulative): Alec Cram is a member.