@article {962, title = {Editorial: Cybersecurity (February 2016)}, journal = {Technology Innovation Management Review}, volume = {6}, year = {2016}, month = {02/2016}, pages = {3-4}, publisher = {Talent First Network}, address = {Ottawa}, keywords = {cybersecurity, intrusion, licensing, literature reviews, machine learning, malware, multisided platforms, new domains, open source}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/962}, url = {http://timreview.ca/article/962}, author = {Chris McPhee and Dan Craigen} } @article {902, title = {A Design Science Approach to Constructing Critical Infrastructure and Communicating Cybersecurity Risks}, journal = {Technology Innovation Management Review}, volume = {5}, year = {2015}, month = {06/2015}, pages = {6-16}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {Academics are increasingly examining the approaches individuals and organizations use to construct critical infrastructure and communicate cybersecurity risks. Recent studies conclude that owners and operators of critical infrastructures, as well as governments, do not disclose reliable information related to cybersecurity risks and that cybersecurity specialists manipulate cognitive limitations to overdramatize and oversimplify cybersecurity risks to critical infrastructures. This article applies a design science perspective to the challenge of securing critical infrastructure by developing a process anchored around evidence-based design principles. The proposed process is expected to enable learning across critical infrastructures, improve the way risks to critical infrastructure are communicated, and improve the quality of the responses to citizens{\textquoteright} demands for their governments to collect, validate, and disseminate reliable information on cybersecurity risks to critical infrastructures. These results will be of interest to the general public, vulnerable populations, owners and operators of critical infrastructures, and various levels of governments worldwide. }, keywords = {advanced persistent threats, critical infrastructures, cybersecurity, design propositions, design science, resilience}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/902}, url = {http://timreview.ca/article/902}, author = {Steven Muegge and Dan Craigen} } @article {901, title = {Editorial: Critical Infrastructures and Cybersecurity (June 2015)}, journal = {Technology Innovation Management Review}, volume = {5}, year = {2015}, month = {06/2015}, pages = {3-5}, publisher = {Talent First Network}, address = {Ottawa}, keywords = {botnet, club theory, critical infrastructure, cybersecurity, design principles, design science, healthcare, networked medical devices, project management maturity model}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/901}, url = {http://timreview.ca/article/901}, author = {Chris McPhee and Dan Craigen and Steven Muegge} } @article {906, title = {TIM Lecture Series {\textendash} Three Collaborations Enabling Cybersecurity}, journal = {Technology Innovation Management Review}, volume = {5}, year = {2015}, month = {06/2015}, pages = {45-48}, publisher = {Talent First Network}, address = {Ottawa}, keywords = {book launch, collaboration, cybersecurity, entrepreneurship, NSA, research}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/906}, url = {http://timreview.ca/article/906}, author = {Deborah Frincke and Dan Craigen and Ned Nadima and Arthur Low and Michael Thomas} } @article {844, title = {Assessing Scientific Contributions: A Proposed Framework and Its Application to Cybersecurity}, journal = {Technology Innovation Management Review}, volume = {4}, year = {2014}, month = {11/2014}, pages = {5-13}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {Through a synthesis of existing work on evaluating scientific theories and contributions, a framework for assessing scientific contributions is presented. By way of example, the framework is then applied to two contributions to the science of cybersecurity. The science of cybersecurity is slowly emerging. As the science and its theories emerge, it is important to extract the key contributions that characterize actual progress in our understanding of cybersecurity. Researchers and funding agencies will be interested in the assessment framework as a means of assessing scientific contributions to cybersecurity. In a nascent research area such as the science of cybersecurity, this article may contribute to a focused research program to accelerate the growth of the science.}, keywords = {assessing science, cybersecurity, science of cybersecurity, scientific contributions, scientific progress, societal contributions}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/844}, url = {http://timreview.ca/article/844}, author = {Dan Craigen} } @article {835, title = {Defining Cybersecurity}, journal = {Technology Innovation Management Review}, volume = {4}, year = {2014}, month = {10/2014}, pages = {13-21}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {Cybersecurity is a broadly used term, whose definitions are highly variable, often subjective, and at times, uninformative. The absence of a concise, broadly acceptable definition that captures the multidimensionality of cybersecurity impedes technological and scientific advances by reinforcing the predominantly technical view of cybersecurity while separating disciplines that should be acting in concert to resolve complex cybersecurity challenges. In conjunction with an in-depth literature review, we led multiple discussions on cybersecurity with a diverse group of practitioners, academics, and graduate students to examine multiple perspectives of what should be included in a definition of cybersecurity. In this article, we propose a resulting new definition: "Cybersecurity is the organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems from occurrences that misalign de jure from de facto property rights." Articulating a concise, inclusive, meaningful, and unifying definition will enable an enhanced and enriched focus on interdisciplinary cybersecurity dialectics and thereby will influence the approaches of academia, industry, and government and non-governmental organizations to cybersecurity challenges.}, keywords = {cybersecurity, cyberspace, definition, interdisciplinary, security}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/835}, url = {http://timreview.ca/article/835}, author = {Dan Craigen and Nadia Diakun-Thibault and Randy Purse} } @article {711, title = {Developing an Innovation Engine to Make Canada a Global Leader in Cybersecurity}, journal = {Technology Innovation Management Review}, volume = {3}, year = {2013}, month = {08/2013}, pages = {5-14}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {An engine designed to convert innovation into a country{\textquoteright}s global leadership position in a specific product market is examined in this article, using Canada and cybersecurity as an example. Five entities are core to the innovation engine: an ecosystem, a project community, an external community, a platform, and a corporation. The ecosystem is the focus of innovation in firm-specific factors that determine outcomes in global competition; the project community is the focus of innovation in research and development; and the external community is the focus of innovation in resources produced and used by economic actors that operate outside of the focal product market. Strategic intent, governance, resource flows, and organizational agreements bind the five entities together. Operating the innovation engine in Canada is expected to improve the level and quality of prosperity, security, and capacity of Canadians, increase the number of Canadian-based companies that successfully compete globally in cybersecurity product markets, and better protect Canada{\textquoteright}s critical infrastructure. Researchers interested in learning how to create, implement, improve, and grow innovation engines will find this article interesting. The article will also be of interest to senior management teams in industry and government, chief information and technology officers, social and policy analysts, academics, and individual citizens who wish to learn how to secure cyberspace. }, keywords = {business ecosystem, cybersecurity, innovation engine, innovation in commercialization, innovation in research and development}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/711}, url = {http://timreview.ca/article/711}, author = {Tony Bailetti and Dan Craigen and David Hudson and Renaud Levesque and Stuart McKeen and D{\textquoteright}Arcy Walsh} } @article {705, title = {Managing Cybersecurity Research and Experimental Development: The REVO Approach}, journal = {Technology Innovation Management Review}, volume = {3}, year = {2013}, month = {07/2013}, pages = {34-41}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {We present a systematic approach for managing a research and experimental development cybersecurity program that must be responsive to continuously evolving cybersecurity, and other, operational concerns. The approach will be of interest to research-program managers, academe, corporate leads, government leads, chief information officers, chief technology officers, and social and technology policy analysts. The approach is compatible with international standards and procedures published by the Organisation for Economic Co-operation and Development (OECD) and the Treasury Board of Canada Secretariat (TBS). The key benefits of the approach are the following: i) the breadth of the overall (cybersecurity) space is described; ii) depth statements about specific (cybersecurity) challenges are articulated and mapped to the breadth of the problem; iii) specific (cybersecurity) initiatives that have been resourced through funding or personnel are tracked and linked to specific challenges; and iv) progress is assessed through key performance indicators. Although we present examples from cybersecurity, the method may be transferred to other domains. We have found the approach to be rigorous yet adaptive to change; it challenges an organization to be explicit about the nature of its research and experimental development in a manner that fosters alignment with evolving business priorities, knowledge transfer, and partner engagement. }, keywords = {cybersecurity, experimental development, performance indicators, research, research program lifecycle, research-activity descriptions, research-requirement statements, strategic research contexts}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/705}, url = {http://timreview.ca/article/705}, author = {Dan Craigen and Drew Vandeth and D{\textquoteright}Arcy Walsh} } @article {704, title = {Securing Canada{\textquoteright}s Information-Technology Infrastructure: Context, Principles, and Focus Areas of Cybersecurity Research}, journal = {Technology Innovation Management Review}, volume = {3}, year = {2013}, month = {07/2013}, pages = {12-18}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {This article addresses the challenges of cybersecurity and ultimately the provision of a stable and resilient information-technology infrastructure for Canada and, more broadly, the world. We describe the context of current cybersecurity challenges by synthesizing key source material whose importance was informed by our own real-world experiences. Furthermore, we present a checklist of guiding principles to a unified response, complete with a set of action-oriented research topics that are linked to known operational limitations. The focus areas are used to drive the formulation of a unified and relevant research and experimental development program, thereby moving us towards a stable and resilient cyberinfrastructure. When cybersecurity is viewed as an inherently interdisciplinary problem of societal concern, we expect that fundamentally new research perspectives will emerge in direct response to domain-specific protection requirements for information-technology infrastructure. Purely technical responses to cybersecurity challenges will be inadequate because human factors are an inherent aspect of the problem. This article will interest managers and entrepreneurs. Senior management teams can assess new technical developments and product releases to fortify their current security solutions, while entrepreneurs can harness new opportunities to commercialize novel technology to solve a high-impact cybersecurity problem..}, keywords = {Canada, cyberdefence, cyberinfrastructure, cybersecurity, entrepreneurship, experimental development program, information-technology infrastructure, management, research}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/704}, url = {http://timreview.ca/article/704}, author = {Dan Craigen and D{\textquoteright}Arcy Walsh and David Whyte} }