Cybersecurity management

Cybersecurity management is an organisation’s strategic-level capability to protect information resources and competitive advantage in a complex and evolving threat landscape. Today’s highly dynamic and fast-paced business environment shapes the way in which enterprises use their assets such as digital processes, information and IT systems to gain competitive advantage. These assets are increasingly exposed to security threats, both external and internal, such as theft, fraud, sabotage, embezzlement, and industrial espionage. Cybersecurity management mitigates the risk exposure of organisations using a range of managerial, legal, technological, process and social controls.

The cybersecurity management theme exists as part of the Academic Centre of Excellence in Cybersecurity Excellence (ACCSE) at the University of Melbourne.

Project showcase: Should business delegate information security to the IT unit?

The cybersecurity management team has developed a short film to explain how the traditional disconnect between business and IT exposes the intellectual property or ‘crown jewels’ of private enterprise to theft.

The film is a partnership between the University of Melbourne and Deakin University and was funded by the Oceania Cyber Security Centre and the Melbourne School of Engineering. The film exists in two parts:

Part A

Horizon Labs, a startup in the pharmaceutical sector, discovers its much vaunted ‘cure for cancer’ is worthless after it was beaten to the market by an unexpected competitor, a US-based firm known as FC Pharma. Horizon’s CEO suspects foul play, subsequently determining the cause to be a prolonged and sophisticated attack on the firm using multiple vectors.

Part B

FC Pharma plots to steal Horizon’s innovative capability to produce a lucrative next-generation drug. The firm realizes that stealing Horizon’s capability requires more than just stealing sensitive information. FC Pharma has to get access to Horizon’s bespoke labs and acquire Horizon’s specialized expertise to put the pieces of the puzzle together.

Research pillars

Within this theme, our research focuses on the following research pillars:

Incident response and crisis management

Looking at how organisations can adapt their defensive posture to the changing threat landscape, by developing situation awareness and by learning from past experiences.

Sample projects

  • ARC Discovery Project 2016: “Organisational Learning from Incident Response” (Atif Ahmad, Sean Maynard, Humza Naseer)
  • Security Analytics for Situation Awareness (Humza Naseer, Sandeep, Graeme Shanks, Atif Ahmad, Sean Maynard)
  • Tomorrow’s Cyber Security Response Function (Atif Ahmad, Sean Maynard)

Secure information and knowledge management

Looking at how to protect information and knowledge assets in the organisational habitat such as intellectual property and trade secrets.

Sample projects

  • Leakage of Intellectual Property and Trade Secrets in Organisations (Atif Ahmad, Rachelle Bosua, Sean Maynard, Subramaniam, Carlos Serna, Heidi Tscherning)
  • Data Privacy and Consumer Behaviours (Suelette Dreyfus, Shanton Chang)
  • Information Leakage through Social Media and BYOD (Carlos Serna, Shanton Chang, Atif Ahmad, Sean Maynard)
  • Information and Knowledge Asset Identification for Security (Wally Smith, Atif Ahmad)
  • Sensitivity Classification of Information and Knowledge (Atif Ahmad, Sean Maynard)

Security strategy and risk

Looking at new paradigms of risk and strategy as well as the role and influence of decision makers in order to address the escalating challenge posed by sophisticated threats such as Advanced Persistent Threat (APT). 

Sample projects

  • Prevention and Response paradigms in Information Security (Atif Ahmad, Sean Maynard, Abid Shah Bukhari)
  • Security Analytics for Risk Management (Humza Naseer, Graeme Shanks, Atif Ahmad, Sean Maynard)
  • Contingency-based Strategy Models in Information Security (Craig Horne, Sean Maynard, Atif Ahmad)
  • Security Governance Models (Chee Kong Wong, Stephanie James, Sean Maynard, Atif Ahmad)
  • Influence of Risk Perception of the Senior Executive on Strategy-as-Practice (Anitya Nijhara, Monica Whitty, Sean Maynard, Atif Ahmad)

Security policy, training, and behaviour

Looking broadly at the quality and effectiveness of formal and informal security controls in organisations, as well as means of setting up standards of accountability and responsibility for security in organisations.

Sample projects

  • Cyber Security training for the Senior Executive (Atif Ahmad, Sean Maynard)
  • Security Management Practices in Organisations (Moneer Al Shaikh, Sean Maynard, Shanton Chang, Atif Ahmad)
  • Quality Assessment of Strategic Information Security Policy (Sean Maynard, Atif Ahmad)
  • Security Management Behaviours (Sean Maynard, Monica Whitty, Shanton Chang, Atif Ahmad)

People

Staff

Honorary staff

Collaborators

Graduate researchers