1,721,049 research outputs found
Strengthening incident response efforts in operational technology environments
Full text linkThis master thesis examines the main challenges tied to incident response within opera-
tional technology environments, as well as the practices organizations involved in essential
operations are implementing to secure a successful approach to incident response in such
environments. This is based on our research questions: RQ1: What are the main challenges
of Incident Response (IR) within Operational Technology (OT) environments? And RQ2:
What practices can organizations engaged in essential operations implement for a successful
approach towards IR in OT environments? Based on our findings, we intend to present some
practices we think are important to ensure a successful approach to IR in OT environments.
Methodologically, this study has an exploratory qualitative approach. This selection is based
on the need to examine incident management in OT environments in their natural context.
By gathering data through interviews and previous research and applying an inductive an-
alytical approach, this study gives insight into subjective perceptions and opinions among
actors in the OT environment. Through our work, we have focused on the emerging meaning
and an evolutionary design where we look for understanding the central principles that are
within the field. Our findings from the study show that organizations are facing multiple
challenges considering their IR within OT environments, including the handling of legacy
systems, the need for continuous operation, the implementation of security updates, and
the dependency on third-party vendor support and maintenance. Competence and culture
within the organization also play a pivotal role in securing effective IR. Respondents high-
light the importance of having robust detection mechanisms and conducting regular exercises
and training to improve preparedness. The implications show that although our findings support existing theory considering the
importance of having a solid plan for IR, do they also contribute to new insights that were
explicitly not noticed in our systematic literature review. Our study highlights the necessity
of dynamic and flexible frameworks for responsibility during incidents, as well as the need
for integrated cooperation between IT and OT departments. Other practical implications
include recommendations considering the implementation of immutable backups for data
integrity, the use of sandboxing, and the development of clear procedures and roles dur-
ing the IR. The study also underscores the importance of defense-in-depth strategies and
diversifying the use of third-party vendors to reduce their vulnerability. To ensure that
organizations can have a successful approach to IR within OT environments, they should
implement clear procedures for role delegations and decisions, develop risk assessments, se-
cure continuous revision of security procedures, and promote a culture of security awareness
and skill development
Strengthening incident response efforts in operational technology environments
Full text linkThis master thesis examines the main challenges tied to incident response within opera-
tional technology environments, as well as the practices organizations involved in essential
operations are implementing to secure a successful approach to incident response in such
environments. This is based on our research questions: RQ1: What are the main challenges
of Incident Response (IR) within Operational Technology (OT) environments? And RQ2:
What practices can organizations engaged in essential operations implement for a successful
approach towards IR in OT environments? Based on our findings, we intend to present some
practices we think are important to ensure a successful approach to IR in OT environments.
Methodologically, this study has an exploratory qualitative approach. This selection is based
on the need to examine incident management in OT environments in their natural context.
By gathering data through interviews and previous research and applying an inductive an-
alytical approach, this study gives insight into subjective perceptions and opinions among
actors in the OT environment. Through our work, we have focused on the emerging meaning
and an evolutionary design where we look for understanding the central principles that are
within the field. Our findings from the study show that organizations are facing multiple
challenges considering their IR within OT environments, including the handling of legacy
systems, the need for continuous operation, the implementation of security updates, and
the dependency on third-party vendor support and maintenance. Competence and culture
within the organization also play a pivotal role in securing effective IR. Respondents high-
light the importance of having robust detection mechanisms and conducting regular exercises
and training to improve preparedness.
The implications show that although our findings support existing theory considering the
importance of having a solid plan for IR, do they also contribute to new insights that were
explicitly not noticed in our systematic literature review. Our study highlights the necessity
of dynamic and flexible frameworks for responsibility during incidents, as well as the need
for integrated cooperation between IT and OT departments. Other practical implications
include recommendations considering the implementation of immutable backups for data
integrity, the use of sandboxing, and the development of clear procedures and roles dur-
ing the IR. The study also underscores the importance of defense-in-depth strategies and
diversifying the use of third-party vendors to reduce their vulnerability. To ensure that
organizations can have a successful approach to IR within OT environments, they should
implement clear procedures for role delegations and decisions, develop risk assessments, se-
cure continuous revision of security procedures, and promote a culture of security awareness
and skill development
Rethinking Cybersecurity Training
Full text linkAs cybersecurity threats continue to evolve, employee awareness and response have become more critical to organizational security. While most organizations offer cybersecurity training, many programs still remain rigid, generic, and poorly aligned with employees’ daily routines and roles, which can lead to limited engagement and behavioral change.
This thesis will explore how cybersecurity training can be designed to enhance motivation and engagement based on qualitative insights from employees at a chosen Norwegian technology company. Employing a human-centered approach and drawing on Martin Heidegger’s concepts and philosophy of familiarity and significance, the study will investigate what makes training meaningful and effective across different organizational roles.
A qualitative case study was conducted using semi-structured interviews and analyzed through manual thematic coding. Key findings helped highlight the importance of role-specific content, scenario-based learning, and the incorporation of performance metrics such as Mean time to recovery (MTTR). The research concludes with actionable recommendations for developing adaptive, motivating, engaging, and context-sensitive training strategies that support real-world cybersecurity resilience
Outsourcing and its Influence on Cybersecurity in SMEs: An Exploratory Study in Norwegian Context
Full text linkOutsourcing IT services to a third party is a trend that is becoming more common, and the majority of those who do not, are considering it. By outsourcing these services, companies do not have to take care of IT themselves and can expect that the provider ensures safety in the solutions. But exactly how cybersecurity is influenced by this in Norwegian small and medium-sized companies is the purpose of this qualitative study. A purposive sampling method was used to recruit participants who had first-hand experience with outsourcing and the potential to provide us with the insight we sought. Semi-structured interviews were conducted with personnel responsible for managing IT in companies with less than 250 employees. Data from the interviews were transcribed and analyzed by using the qualitative data analysis software NVivo 12 Pro. The study found several different ways in which outsourcing influences cybersecurity. The most prominent security benefits that were identified were quality improvement and increased capacity. Loss of data control, communication issues, dependency and supply chain attacks were the main security challenges found in the study. To address these difficulties, mitigation measures such as control competency, contract with SLA, and a focus on business continuity were discovered.
The findings of this study can be used by organizations that consider an outsourcing strategy to be better prepared and make correct choices at an early stage. In addition, it gives companies that already outsource a valuable insight into which measures others have applied to mitigate known challenges.
Keywords: Outsourcing, Small and medium-sized enterprises, Managed service provider, Challenges, Benefits, Mitigation technique
Privacy Challenges in Assisted Access to Digital Welfare Services
Full text linkAs digital government platforms increasingly serve as the main access point for
essential social services, new privacy challenges emerge, particularly influencing the
vulnerable citizens who rely on third-party assistance. This thesis investigates the
privacy implications that arise when users of the Norwegian Labor and Welfare
Administration seek help from voluntary organizations to complete digital welfare
applications. In navigating E-government systems, individuals often confront a trade-off
between accessibility and personal data protection. Voluntary organizations play a
crucial role in mediating this trade-off, yet their support practices can introduce and
expose sensitive user data to more privacy risks.
A systematic literature review provides the theoretical foundation, while qualitative
insights are drawn from 15 semi-structured interviews with Nav employees, welfare
users and voluntary workers. The research explores how trust, alongside perceived
privacy risks and concerns influence assisted digital interactions. Grounded in privacy
calculus theory and expanded through concepts of trust, the study frames privacy as
something dynamic, shaped by institutional, regulatory, and interpersonal factors.
Findings indicate that users may accept privacy risks when they perceive assistance as
essential to access basic welfare support, especially when faced with barriers of digital
or bureaucratic literacy. While trust in government institutions and digital platforms
plays a mitigating role, trust in voluntary organizations proves central in facilitating user
adoption. However, this reliance raises questions about consent, accountability, and
the informal data-handling practices of these actors.
The thesis presents a conceptual framework integrating privacy calculus theory with
contextual factors such as trust in intermediaries, the organizational aspects, and its
regulatory protections. It highlights how privacy concerns may be either social,
technical, or legal, and may occur in everyday negotiations between users,
technologies, and support structures. Ultimately, the study calls for more inclusive
policy implementations that protect citizen privacy and recognize informal
workarounds, without compromising accessibility
Towards a risk-based Taxonomy in Cybersecurity - An Improved Framework for Risk Management and Decision Making
Full text linkThis Thesis delves into the realm of cybersecurity, specifically focusing on the development of a foundation for risk-based taxonomy. This research investigates and addresses the need for a structured framework that not only identifies and classifies diverse cyber threats but also facilitates a wider understanding of their potential impact on organizational assets and operations.
One of the key advantages of a comprehensive taxonomy is its ability to provide clarity amidst complexity. By classifying Cybersecurity threats into distinct categories and subcategories, organizations can gain a deeper understanding of their unique risk landscape. Moreover, a well-defined risk-based taxonomy facilitates communication and collaboration across different stakeholders and will foster alignment and enable more effective decision-making and risk management.
This thesis’ main finding suggests that Cybersecurity risk management could benefit from a risk-based taxonomy to shift cybersecurity efforts from a reactive stance to a proactive one. Instead of addressing every potential threat equally, organizations should focus on identifying and mitigating risks that pose the greatest potential impact to their operations, assets, and reputation. Furthermore, this should be communicated across the organizations disciplines to mitigate potential risks to the greatest extent.
Understanding the risk landscape allows organizations to make informed strategic decisions addressing the most critical risks, maximizing the efficiency and effectiveness of cybersecurity investments and prioritize initiatives that will have the greatest impact on reducing overall risk exposure
Ethical Frameworks in Organizations for Cybersecurity
No full textCybersecurity is of critical ethical significance, because cybersecurity technologies have an important impact on human well-being as they make possible many contemporary decisions, which affects the human organizations that rely on the accessibility and integrity of data and computer systems. In cybersecurity it is important to have ethical principles and guidelines which are effective. The reason for this is that cybersecurity has a critical impact on ethics, since cybersecurity technologies have an important impact on human well-being as well as ethical trade-offs and complex moral issues, such as whether to pay hackers or not. There are a lot of ethical issues raised by cybersecurity such as what type of sensitive data to keep and what to remove, paying ransomware or testing and deceiving the employees through social engineered testing. Therefore it is important to choose an ethical framework that helps solve those issues. In this master thesis the researchers try to address what type of frameworks are used for cybersecurity and which framework should different Norwegian organizations choose to implement for their organization. The thesis will also use interviews to achieve and find out what ethics organizations use, by using a list of questions through semi-structured interviews, which are based on our research questions, and what was discovered in the existing literature. Furthermore, the researchers examine the different ethical theories that the frameworks are based on and what the differences are in those theories. The research outcome will help to choose what type of framework the organizations should choose when it comes to their ethical issues, dilemmas and values. The three main frameworks that were examined are the principlist framework, human-rights/right-based framework and Consequentialist/Utilitarianism Framework. The study uses a qualitative exploratory research approach, with semi-structured interviews to gather data from several organizations within cybersecurity in Norway. The results are analyzed and compared to existing research, to achieve a theoretical understanding of the result. The study identifies what type of ethical frameworks exist and uses different characteristics on how to compare ethics, ethical guidelines and values to the ethical frameworks. In this research work the researchers focused on examining different types of organizations and businesses operating in Norway by looking at what ethical frameworks organizations use and how ethical frameworks, guidelines and standards are used in Norwegian organizations in the context of cybersecurity. Main outcome of this study shows that none of the organizations uses a specific ethical framework, but the ethics of the organizations can be compared to two of the different types of ethical frameworks for cybersecurity. These two are the principlist framework and the human-rights/rights-based framework and some of the organizations use a combination of both of them. This research work contributes to raising awareness on the lack of knowledge and interest around ethical frameworks used for cybersecurity in Norwegian organizations. Furthermore, the outcomes of this exploratory study provided an overview on how different sectors work with ethics when it comes to cybersecurity. The work presented in this thesis provides insights to Norwegian organizations on existing ethical framework in cybersecurity; these insights can help guide strategic planning on organizational level, policy making and guidelines, which will help maintain their overall security and improve decision making
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
- …
