Cybersecurity Risks and Situation Awareness: Audit Committees’ Appraisal

Thiéry, Stéphanie; Fass, Didier

doi:10.1007/978-3-030-52581-1_11

Stéphanie Thiéry^17,19 &
Didier Fass^17,18

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1219))

Included in the following conference series:

International Conference on Applied Human Factors and Ergonomics

1482 Accesses
2 Citations

Abstract

The issue of cybersecurity has become a challenge for companies and boards of directors. Cybersecurity is not only an IT topic, but a risk extended to all operations of the companies. Indeed, cybersecurity potentially has an impact on financial reporting quality, this attribution being one of the duties of audit committees. Using Endsley’s model, our exploratory study seeks to determine the levels of cyber situational awareness of audit committee members, how they comply with it and if this appraisal matches the steps identified within the model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 119.00; Price excludes VAT (USA)

Softcover Book: USD 159.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

NACD: Cyber-Risk Oversight. In: Clinton, L. (ed.) Director’s Handbook Series, National Association of Corporate Directors, Washington DC, USA (2017)
Google Scholar
Higgs, J.L., Pinsker, R., Smith, T., Young, G.: The relationship between board-level technology committees and reported security breaches. J. Inf. Syst. 30(3), 79–98 (2016)
Google Scholar
Rahimian, F., Bajaj, A., Bradley, W.: Estimation of deficiency risk and prioritization of information security controls: a data-centric approach. Int. J. Account. Inf. Syst. 20, 38–64 (2016)
Article Google Scholar
Steinbart, P.J., Raschke, R.L., Gal, G., Dilla, W.N.: The influence of a good relationship between the internal audit and information security functions on information security outcomes”. Account. Organizations Soc. 71, 15–29 (2018)
Article Google Scholar
CF Disclosure Guidance: Topic No. 2 - Cybersecurity - SEC.gov (2011). https://www.sec.gov/divisions/…/guidance/cfguidance-topic2.htm
Clark, M.E., Harrell, C.: Unlike chess, everyone must continue playing after a cyber-attack. J. Investment Compliance 14(4), 5–12 (2013)
Article Google Scholar
Lunn, B.: Strengthened director duties of care for cybersecurity oversight: evolving expectations of existing legal doctrine. J. Law and Cyber Warfare 4(1), 109–137 (2014)
Google Scholar
Von Solms, B.: Towards a cyber governance maturity model for boards of directors. Int. J. Bus. Cyber Secur. (IJBCS) 1(1), 1–9 (2016)
Google Scholar
Gendron, Y., Bédard, J., Gosselin, M.: Getting inside the black box: a field study of practices, «Effective» Audit Committees. Auditing: J. Pract. Theory, 23(1), 153–171 (2004)
Google Scholar
KPMG, Boardroom Questions. Cybersecurity - What does it mean for the board (2017). https://home.kpmg/content/dam/kpmg/be/pdf/boardroomquestions/boardroom-questions-cyber-security-what-does-it-mean-for-the-board.pdf
Endsley, M.R.: Toward a theory of situation awareness in dynamic systems. Hum. Factors J. 37(1), 32–64. Human Factors: J. Hum. Factors Ergon. Soc. 37, 32–64 (1995a)
Google Scholar
Endsley, M.R.: Measurement of situation awareness in dynamic systems. Hum. Factors: J. Hum. Factors Ergon. Soc. 37(1), 65–84 (1995)
Article Google Scholar
Damasio, A.: Descartes’ Error: Emotion, Reason and the Human Brain. Putnam Publishing, New York (1994)
Google Scholar
Endsley, M.R.: Situation awareness analysis and measurement, chapter theoretical underpinnings of situation awareness. a critical review. In: Endsley, M.R., Garland, D.J. (eds.) Situation Awareness Analysis andMeasurement, pp. 3–33. Lawrence Erlbaum Associates, Mahwah (2000)
Google Scholar
Yin, R.K.: Case Study Research Design and Methods. Sage, Thousand Oaks (2014)
Google Scholar
PwC’s Global Economic Crime and Fraud Survey (2018). https://www.pwc.com/gx/en/services/advisory/forensics/economic-crime-survey.html
Advisor, The Corporate Governance: Cybersecurity 2, 5 (2014)
Google Scholar

Download references

Acknowledgments

We thank Marion Tellechea for research support and La Région Grand Est, Pacte Grandes Ecoles, for financial support.

Author information

Authors and Affiliations

ICN BS, 86 rue du Sergent Blandan, Nancy, France
Stéphanie Thiéry & Didier Fass
Mosel Loria, UMR CNRS 7503, Université de Lorraine, Nancy, France
Didier Fass
CEREFIGE, EA 3942, Université de Lorraine, Nancy, France
Stéphanie Thiéry

Authors

Stéphanie Thiéry
View author publications
You can also search for this author in PubMed Google Scholar
Didier Fass
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stéphanie Thiéry .

Editor information

Editors and Affiliations

Themis Research Center, Rome, Roma, Italy
Isabella Corradini
Dip. Matematica, University of Rome Tor Vergata, Rome, Italy
Enrico Nardelli
Institute for Advanced Systems Engineering, University of Central Florida, Orlando, FL, USA
Tareq Ahram

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Thiéry, S., Fass, D. (2020). Cybersecurity Risks and Situation Awareness: Audit Committees’ Appraisal. In: Corradini, I., Nardelli, E., Ahram, T. (eds) Advances in Human Factors in Cybersecurity. AHFE 2020. Advances in Intelligent Systems and Computing, vol 1219. Springer, Cham. https://doi.org/10.1007/978-3-030-52581-1_11

Download citation

DOI: https://doi.org/10.1007/978-3-030-52581-1_11
Published: 04 July 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-52580-4
Online ISBN: 978-3-030-52581-1
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics