COMING SOON! PQDT Open is getting a new home!

ProQuest Open Access Dissertations & Theses will remain freely available as part of a new and enhanced search experience at

Questions? Please refer to this FAQ.

Dissertation/Thesis Abstract

Defensive Model for Protecting Sensitive Information
by Johnson, Dana R., D.I.T., Capella University, 2020, 135; 28263420
Abstract (Summary)

The business problem of this study was that the federal government and military organizations’ cybersecurity workforce is lacking the knowledge in applying security controls that defend sensitive information from cybersecurity attacks. The influence of cybersecurity attacks has threatened the confidentiality, integrity, and availability of systems and how information is shared and stored. Defending sensitive information is the crucial leadership process of combining creative risk management strategies, workforce knowledge, and skill development. The purpose of this qualitative, Delphi study was to explore risk management practices to develop a defensive model for U.S. federal government and military organizations to incorporate into their information systems implementation process to prevent critical and sensitive data exposure from emerging cybersecurity attacks. This approach aimed at identifying weaknesses in applying cybersecurity defensive measures. The general deterrence theory and protection motivation theory comprise the conceptual framework of this study. Eleven experts knowledgeable of the risk management framework participated in this study. The experts' experience in information technology and cybersecurity ranged from 8 to 25 years. The Delphi method was used to reach a consensus from five open-ended questions within three rounds. Five themes emerged using standard terms: training and awareness, the cost-benefit of leadership buy-in to cybersecurity solutions, optimization of the CM approach, critical concepts of risk management, and leadership engagement in managing and mitigating risks. Key findings indicated organizational training on critical risk management concepts, IT experience, and developed skills contribute to an organization's leadership and culture. The research findings indicated that prioritizing risk management training also improves personnel's comprehension of the vulnerability and lowers the contingency influence on weak system management. The research findings also showed effective leadership could positively change workforce knowledge in risk management processes by promoting advanced and continuous training to stay abreast of technology changes. The findings of this study could aid in improving knowledge sharing processes among IT and cybersecurity personnel to decrease data loss and mitigate risks threatened by cyberattacks. Understanding cybersecurity risks through enhanced training and education increase experiences in applying security controls. The findings of this study could also benefit the scholarly community by expanding the body of knowledge between IT and cybersecurity before integrating new information systems and making major IS changes.

Indexing (document details)
Advisor: Roh, Bradly E.
Commitee: Grant, Gayle, Turner, Freda
School: Capella University
Department: School of Business, Technology and Health Administration
School Location: United States -- Minnesota
Source: DAI-B 82/7(E), Dissertation Abstracts International
Subjects: Information Technology
Keywords: Cyberattack, Cybersecurity, Defense, Leadership, Protection, Risk management
Publication Number: 28263420
ISBN: 9798557042857
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy