Cybercrime and Cybersecurity in the Global South: Concepts, Strategies and Frameworks for Greater Resilience

Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
Preface
Authors
Chapter 1: Cybersecurity and the Global South: Solution-Oriented Reflections
	1.1 Introductory Discussion
	1.2 Contributions to the Conversation
		1.2.1 Part I – Assessing the Situation
		1.2.2 Part II – Understanding User Cybersecurity Compliance Behaviour
		1.2.3 Part III – Developing Solutions for Managing Cybersecurity Risks
	1.3 Conclusion
	References
Part I: Assessing the  Situation
	Chapter 2: An Exploration of Country Group Differences in the Global Cybersecurity Index
		2.1 Introduction
		2.2 Data Analysis
			2.2.1 Modelling Dataset
			2.2.2 Addressing the Research Questions
		2.3 Conclusion
		References
	Chapter 3: Cybercrime in the Caribbean: Risks, Challenges and Opportunities
		3.1 Introduction
		3.2 Digital Access and Use in the Caribbean
		3.3 Cybercrime and Cyber Threat Landscape in the Caribbean
		3.4 Cybercrime Legislative Models
			3.4.1 HIPCAR Project
			3.4.2 Budapest Convention
		3.5 Cybercrime Legislation in the Caribbean
			3.5.1 Computer Misuse Acts
			3.5.2 Electronic Crimes Acts
			3.5.3 Cybercrime Acts
		3.6 Risk, Challenges and Opportunities
		3.7 Conclusion
		References
	Chapter 4: Privacy and Security Management: Lessons from the Enforcement of the EU General Data Protection Regulation (GDPR)
		4.1 Introduction
		4.2 Infringements and the Corrective Powers of Supervisory Authorities
		4.3 Consequences of Infringements
		4.4 Issues and Challenges in Meeting the Obligations of GDPR
			4.4.1 Data Protection Principle Relating to Processing of Personal Data
			4.4.2 Lawfulness of Processing of Personal Data and Conditions of Consent
			4.4.3 Transparent Information, Communication and Modalities for the Exercise of the Rights of the Data Subject
			4.4.4 Security of Processing
			4.4.5 Processing of Special Categories of Personal Data
		4.5 Supplementary Matters and Considerations
			4.5.1 Lodging a Complaint
			4.5.2 One-Stop-Shop Mechanism and Lead SA Competent to Handle Complaints
		4.6 Lessons and Opportunities for Improved Business-Regulatory Alignment
		References
Part II: Under-standing User Cybersecurity Compliance Behaviour
	Chapter 5: Cybersecurity Policy Compliance Assessment: Findings from Government Agencies in the Global South
		5.1 Introduction
		5.2 Relevant Literature
		5.3 Theoretical Framework
		5.4 Research Model and Hypotheses
			5.4.1 General Cybersecurity Awareness
			5.4.2 Cybersecurity Policy Awareness
			5.4.3 Top Management Support
			5.4.4 Cybersecurity Training
		5.5 Research Method and Data
			5.5.1 Construct Operationalization
			5.5.2 Data Collection
			5.5.3 Data Analyses and Results
			5.5.4 Assessment of the Overall Fit of the Saturated Model
			5.5.5 Assessment of the Measurement Model
			5.5.6 Structural Model Assessment
		5.6 Discussion, Implications and Future Research
			5.6.1 Discussion of the Findings
			5.6.2 Contribution to Practice
			5.6.3 Limitations and Future Research
		5.7 Conclusion
		Appendix A – Description of the Constructs
		Acknowledgements
		References
	Chapter 6: Cybersecurity Compliance Behaviour: Exploring the Influences of Individual Decision Style and Other Antecedents
		6.1 Introduction
		6.2 Relevant Literature
			6.2.1 Decision-Making Style and Behaviour
			6.2.2 Decision-Making Style Model
		6.3 The Donalds and Osei-Bryson Model
		6.4 Research Model and Hypotheses
		6.5 Hypotheses Development
			6.5.1 Dominant Orientation
			6.5.2 Dominant Decision Style
			6.5.3 General Security Orientation
			6.5.4 General Security Awareness
			6.5.5 Security Self-Efficacy
		6.6 Methodology
		6.7 Discussion, Implications, Limitations and Future Research
			6.7.1 Discussion of Findings
			6.7.2 Contribution to Theory
			6.7.3 Contribution to Practice
			6.7.4 Limitations and Future Research
		6.8 Conclusion
		Appendix A – Description of the Constructs
		Appendix B – Loadings & Cross Loadings
		Appendix C – Methodology Followed to Generate the Donalds and Osei-Bryson Model
		Acknowledgement
		Note
		References
	Chapter 7: Individual Decision-Making Styles and Employees’ Security Compliance Behaviour: Reflections using an Alternate Lens
		7.1 Introduction
		7.2 Description of the Research Problem
		7.3 Importance of the Research Problem
		7.4 Overview on Individual Decision-Making Style (DMS)
			7.4.1 Decision-Making Style and Behaviour
			7.4.2 Decision-Style Inventory (DSI)
			7.4.3 DMS Framework of Scott and Bruce
		7.5 DMS and Cybersecurity Compliance
		7.6 Research Methodology
		7.7 Results
			7.7.1 Use Existing Theory to Identify Relevant Variables
			7.7.2 Instrument Development and Data Collection
			7.7.3 Factor Analysis
			7.7.4 Regression Analysis
				7.7.4.1 Model 1 – Results and Interpretation
				7.7.4.2 Model 2 – Results and Interpretation
		7.8 Conclusion
		References
Part III: Developing Solutions for Managing Cybersecurity Risks
	Chapter 8: Designing an Effective Cybersecurity Programme in the Organization for Improved Resilience
		8.1 Introduction
		8.2 Background
			8.2.1 The Cost of Security Breaches
			8.2.2 Managing Cybersecurity Risks
				8.2.2.1 NIST Framework
				8.2.2.2 Cybersecurity Capability Maturity Model
		8.3 Design Science Methodology
		8.4 Cybersecurity Programme Framework
			8.4.1 Step 1: Understand the Environment
			8.4.2 Step 2: Identify the Security Risks
			8.4.3 Step 3: Protect the Environment
			8.4.4 Step 4: Build Capabilities
			8.4.5 Step 5: Monitor Performance
			8.4.6 Step 7: Respond to Breaches
			8.4.7 Step 8: Evolve in a Dynamic Environment
		8.5 Operationalizing the Cybersecurity Framework
		8.6 Critical Success Factors
			8.6.1 Business Alignment
			8.6.2 Good Governance Practices
			8.6.3 Executive Management Support
			8.6.4 Stakeholder Buy-in
			8.6.5 Good Security Practices
			8.6.6 Capacity Building
			8.6.7 Cooperation and Partnerships
			8.6.8 Access to Resources
			8.6.9 Incident Reporting
		8.7 Conclusion
		Acknowledgement
		References
	Chapter 9: The Cybersecurity Capability Maturity Model for Sustainable Security Advantage
		9.1 Introduction
		9.2 Research Background
			9.2.1 Cybercrime, Security and Strategy
			9.2.2 Capabilities and Competitive Advantage
			9.2.3 Capability Maturity Model
		9.3 DS Research Approach
		9.4 Cybersecurity Capability Maturity Model (CCMM)
			9.4.1 Security Advantage and Building Capabilities
			9.4.2 Levels of CCMM
		9.5 Conclusion
		Acknowledgement
		References
	Chapter 10: An Enhanced Value-Focused Thinking Methodology for Addressing Cybersecurity Concerns
		10.1 Introduction
		10.2 Overview on Applying the VFT Methodology
		10.3 Some Applications of VFT Methodology to Cybersecurity Concerns
		10.4 Overviews on Some Supporting Frameworks
			10.4.1 The S.M.A.R.T Framework
			10.4.2 Some Relevant Organizational Issues
				10.4.2.1 Overview on the Organizational Types
				10.4.2.2 Overview on Individual Decision Styles
				10.4.2.3 Overview on the Cultural Dimensions
				10.4.2.4 Overview on Organizational Perspectives
			10.4.3 Assessing An Existing VFT Cybersecurity Model
		10.5 Description of the Integrated Extended VFT Methodology
			10.5.1 Business Understanding (BU)
			10.5.2 Domain Understanding (DU)
			10.5.3 Modelling Objectives (MD)
				10.5.3.1 Initial Identification of Objectives
				10.5.3.2 Classification and Refinement of Objectives
				10.5.3.3 Identification of Achievement Processes (APs)
			10.5.4 Elicit Preference Information
			10.5.5 Generate and Evaluate Alternatives
		10.6 Conclusion
		Appendix: Details of Generate and Evaluate Alternatives Phase
			A1: Mathematical Programming Formulation Sub-Phase
				Parent-Child Constraints on Achievement of Performance Levels
				Resource Conflicts
				Intrinsic Conflicts
				Integer Programming Problem (MPP) to Generate Alternatives
			A2: Procedure for Generating Alternatives Sub-Phase
			A3: Illustrative Example
		Acknowledgement
		References
	Chapter 11: Values of Optimizing Cyber-Hygiene Practices in MSMEs
		11.1 Introduction
		11.2 Good Cyber-Hygiene Practices
		11.3 Understanding Values
		11.4 Values for Good Cyber Hygiene
			11.4.1 Identify Values
			11.4.2 Convert Values to Common Form
			11.4.3 Organize Values
		11.5 Discussion
			11.5.1 Manage Enterprise Risks
			11.5.2 Build Reputation
			11.5.3 Maximize Ease of Implementation
			11.5.4 Improve Regulatory Compliance
			11.5.5 Maximize Business Continuity
			11.5.6 Maximize Partnerships
			11.5.7 Minimize Costs
		11.6 Implications for Practice
		11.7 Conclusion
		References
	Chapter 12: Towards a Cybercrime Classification Ontology: A Knowledge-based Approach
		12.1 Introduction
		12.2 Background
			12.2.1 Summary of Existing Cybercrime Classification Schemes
			12.2.2 Knowledge, Knowledge-Based System, Crime and Ontology
		12.3 Related Works
		12.4 Methodology
		12.5 Conceptual Model and Classification Concepts
			12.5.1 Our Conceptual Model
			12.5.2 Structural Comparison of Cybercrime Classification Models
		12.6 Ontological Representation, Classification, Comparison and Evaluation
			12.6.1 Our Cybercrime Classification Ontological Representation in Protégé OWL
			12.6.2 Classifying and Storing Two Real World Cyber Attack Events
				12.6.2.1 Details of Attack_Event 1 – EmailHacked_NudePhotosUploaded – and its classification in Protégé OWL
				12.6.2.2 Classification Schemes' Comparison of Attack_Event 1 – EmailHacked_NudePhotosUploaded
				12.6.2.3 Details of Attack_Event 2 – LulzSec Associate Indicted – and its classification in Protégé OWL
				12.6.2.4 Classification Schemes' Comparison of Attack_Event 2: LulzSecAssociateIndicted
			12.6.3 Evaluating Our CCO
		12.7 Conclusion and Future Work
		Acknowledgement
		References
	Chapter 13: An Integrated Framework for Developing and Implementing a National Cybersecurity Strategy for Global South Countries
		13.1 Introduction
		13.2 Select National Cybersecurity Strategy Development Guides
			13.2.1 NIST Framework for Improving Critical Infrastructure Cybersecurity
			13.2.2 ISO/IEC 27110: 2021 Standard
			13.2.3 ENISA Cybersecurity Guide
			13.2.4 ITU National Cybersecurity Strategy Guide
			13.2.5 Cybersecurity Development Guides Best Practices
		13.3 Select National Cybersecurity Strategies
			13.3.1 South Africa National Cybersecurity Policy Framework
			13.3.2 Jamaica National Cybersecurity Strategy
			13.3.3 Trinidad and Tobago National Cybersecurity Strategy
			13.3.4 Columbia National Cybersecurity Strategy
			13.3.5 Belize National Cybersecurity Strategy
			13.3.6 Nigeria National Cybersecurity Policy and Strategy
			13.3.7 Comparison: Published National Cybersecurity Strategies and Best Practices
		13.4 Proposed Framework for Developing a National Cybersecurity Strategy
			13.4.1 Foundational Strategic Focus Areas
				13.4.1.1 Risk-Based Approach
				13.4.1.2 Governance
				13.4.1.3 Capacity Building
				13.4.1.4 Technical Measures/Standards/Controls
				13.4.1.5 Incident Management
				13.4.1.6 Trusted Information Sharing Framework/Mechanism
				13.4.1.7 International Cooperation
				13.4.1.8 Fundamental Rights and Civil Liberties
			13.4.2 Supporting Columns Strategic Focus Areas
				13.4.2.1 Multi-stakeholder Collaboration
				13.4.2.2 Awareness, Education and Training
				13.4.2.3 Public–Private Partnership
				13.4.2.4 Communication Framework
				13.4.2.5 Incident Reporting
				13.4.2.6 Legal and Regulatory Controls
				13.4.2.7 CSS Implementation Framework
		13.5 Conclusion
		References
Index