The business problem of this study was that the federal government and military organizations’ cybersecurity workforce is lacking the knowledge in applying security controls that defend sensitive information from cybersecurity attacks. The influence of cybersecurity attacks has threatened the confidentiality, integrity, and availability of systems and how information is shared and stored. Defending sensitive information is the crucial leadership process of combining creative risk management strategies, workforce knowledge, and skill development. The purpose of this qualitative, Delphi study was to explore risk management practices to develop a defensive model for U.S. federal government and military organizations to incorporate into their information systems implementation process to prevent critical and sensitive data exposure from emerging cybersecurity attacks. This approach aimed at identifying weaknesses in applying cybersecurity defensive measures. The general deterrence theory and protection motivation theory comprise the conceptual framework of this study. Eleven experts knowledgeable of the risk management framework participated in this study. The experts' experience in information technology and cybersecurity ranged from 8 to 25 years. The Delphi method was used to reach a consensus from five open-ended questions within three rounds. Five themes emerged using standard terms: training and awareness, the cost-benefit of leadership buy-in to cybersecurity solutions, optimization of the CM approach, critical concepts of risk management, and leadership engagement in managing and mitigating risks. Key findings indicated organizational training on critical risk management concepts, IT experience, and developed skills contribute to an organization's leadership and culture. The research findings indicated that prioritizing risk management training also improves personnel's comprehension of the vulnerability and lowers the contingency influence on weak system management. The research findings also showed effective leadership could positively change workforce knowledge in risk management processes by promoting advanced and continuous training to stay abreast of technology changes. The findings of this study could aid in improving knowledge sharing processes among IT and cybersecurity personnel to decrease data loss and mitigate risks threatened by cyberattacks. Understanding cybersecurity risks through enhanced training and education increase experiences in applying security controls. The findings of this study could also benefit the scholarly community by expanding the body of knowledge between IT and cybersecurity before integrating new information systems and making major IS changes.
|Advisor:||Roh, Bradly E.|
|Commitee:||Grant, Gayle, Turner, Freda|
|Department:||School of Business, Technology and Health Administration|
|School Location:||United States -- Minnesota|
|Source:||DAI-B 82/7(E), Dissertation Abstracts International|
|Keywords:||Cyberattack, Cybersecurity, Defense, Leadership, Protection, Risk management|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be