Kenneth, I cannot speak to the many specific topics you mention, as I have no particular expertise in cybersecurity warfare, ransom attacks, data breaches, internet espionage, etc. However, I would urge you to consider how all of these fit into a broader conversation that captures the interest of and relevance to a broad array of individuals outside of specific technology domains. This broader conversation, in my mind, requires a connection to two specific topics.

The first added topic is enterprise risk management. Far too often the risk management conversation ends at addressing specific risks. However, successful organizations must step back from an exclusive focus on specific risks, and understand how risks and their effective management contribute to the overall good of the organization. Risks managed solely within functional or programmatic silos jeopardize balancing risk and reward in a manner that optimizes benefit for the overall organization. We need a portfolio management approach to risks given their frequent interconnectivity.

Closely related to the topic of ERM is what I call Value-Based Management. In my use of that term, which differs from most of the literature on VBM, I make the point that every organization seeks to deliver stakeholder value. However, "stakeholder value" is a bit to vague as a term to guide management direction. I define stakeholder value as the optimal balancing (from the stakeholder perspective) of three factors: results sought, resources allocated, and risks accepted.

If the concepts of VBM (using my definition) and ERM are brought into the discussion, any discussion of specific risk management topics takes on a broader perspective. It enables individuals and organizations to articulate how specific risks and risk treatments contribute to the broader goal of organizational value. Additionally, that conversation potentially brings ALL of the organization to the table in understanding how the risk relates to be broader organizational value conversation.

While I suspect the above does not directly address your original question, I hope it contributes to a broader view of your proposal.

Doug Webster

[email protected]

Doug (@[email protected]) great response. You and others with such positive attitude along with relevant ideas would be excellent collaborators on a book.

Doug I agree with your observation that ERM is relevant, You made a good point that certain stakeholders (ie. executive decision makers) need better information to make decisions with a wide holistic view of the risks. So what can you write about that?

Dough you also mentioned VBM value based management which parallels the concept of earned value (EV) in portfolio/project management (see references) - I think the question is what is the return on investment considering the risk versus effort/money address any risk or a family of threats? What do you think?

For all other followers, my research idea for this book is to have an edited book, with contributions from everyone. I need 13-25 papers. Once I have commitments from enough researchers to write a chapter, I will assemble a proposal and try to win a project with a publisher. If we are successful I will manage the project and try to get the book put together in 7-10 months with a possible copyright year of 2022 for publication! Interested scholars should reply and follow this so we can get organized and you can get included. Ken

Consider a General integrated approach on modern risk management practice, were all your recommended topics you mention, such as cybersecurity warfare, ransom attacks, data breaches, internet espionage etc are embedded into a single risk model or concept that will try to exploit these issues in-depth. A huge knowledge gap actually exist especially on emerging innovative technology and coming up with protocols on best-practice explanation on future global risk management will be a welcome move.

@Benjamin-Musumali great point, similar in some ways to what Doug was discussing.

Benjamin, you are proposing a broad risk assessment model and or protocol?

Would you be willing to write a book chapter of let's say 15 to 25 pages (references included) to elaborate on your idea?

I have attached the last chapter from a recent book (Korstanje, Strang, & Vajjhala, 2018) about risk management practice ideas. I will soon upload the introduction and conclusion chapters if they are not already in Research Gate- to serve as a guide for prospective writers in this new project.

References

Strang, K.D., Korstanje, M. E., & Vajjhala, N.R. (Eds.) (2018). Research, Practices, and Innovations in Global Risk and Contingency Management. PA: IGI-Global. ISBN: 9781522547549

Strang, K.D., Vajjhala, N.R., & Korstanje, M. E. (2018). Global Risk and Contingency Management Overview. In K.D. Strang & M. E. Korstanje & N.R. Vajjhala (Eds.), Research, Practices, and Innovations in Global Risk and Contingency Management (pp. xxii-xxxix). PA: IGI-Global.

Korstanje, M. E., Strang, K.D., & Vajjhala, N.R. (2018). Controversies and Future Directions in Risk and Contingency Management. In K.D. Strang & M. E. Korstanje & N.R. Vajjhala (Eds.), Research, Practices, and Innovations in Global Risk and Contingency Management (pp. 345-363). PA: IGI-Global. doi:10.4018/978-1-5225-4754-9

I uploaded the following paper in my profile here as a starting point, everyone let me know what you think?

Korstanje, M. E., Strang, K.D., & Vajjhala, N.R. (2018). Controversies and Future Directions in Risk and Contingency Management. In K.D. Strang & M. E. Korstanje & N.R. Vajjhala (Eds.), Research, Practices, and Innovations in Global Risk and Contingency Management (pp. 345-363). PA: IGI-Global. doi:10.4018/978-1-5225-4754-9

There is a great need for well-educated people with intermediate cyber skills. Cybercriminals often gain access to people because they don't know when something is strange, which is why so many people have become victims. It would also encourage the use of simple IT terms and good visuals. Technology is changing so rapidly that it makes more sense to teach cybersecurity concepts and to some practical give examples. Good luck!

Good points Yvette Ghannam about vulnerability to cyber attacks and that we need teach people awareness.

Yvette could you contribute to this book? Maybe you could survey or interview several companies or associations asking them what they think needs to be taught for cyber attack awareness? Maybe universities or k12 schools could be interviewed in your area? That would make an interesting chapter.

Ken

Blockchain risks would be an excellent area to explore as blockchains and cryptocurrencies have been trending for the last few years. Some of the topics that can be explored include legal risks and security risks. In the context of legal risks, data privacy and regulatory risks are topics that would be of interest to researchers.

A book on cybersecurity risks is an exciting idea as the topic is trending considering the increasing number of cybersecurity attacks and warfare. The evidence is mounting as various state actors are getting involved in instances of cyber attacks. Also, privacy and security issues are more critical now than ever as the number of Internet of Things (IoT) devices is increasing at an exponential rate. All these topics would ideally fit into this book.

Good points Narasimha-Vajjhala about blockchains and cryptocurrencies. Would you be able to write a chapter elaborating on this for a book?

Yes Ken, I would definitely be interested in writing a chapter on blockchain risks, this is a broad area but the focus could be on cryptocurrencies in the chapter.

Kindly visit..

Strang, K.D., Vajjhala, N.R., & Korstanje, M. E. (2018). Global Risk and Contingency Management Overview. In K.D. Strang & M. E. Korstanje & N.R. Vajjhala (Eds.), Research, Practices, and Innovations in Global Risk and Contingency Management (pp. xxii-xxxix). PA: IGI-Global.

Thank you Ca_Dr_Gaurav_Bhambri

It was interesting that Gayrav Bhambri highlighted the opening chapter which described the WHY risk management research was needed, and HOW the edited book project was developed.

In contrast earlier above I was recommending the last chapter in that same edited book because there were several provocative issues raised to stimulate more risk research. Ironically some mentioned in 2018 seemed to have come true such as the political turmoil at least in the USA and somewhat in UK, plus of course the big unknown at that time was the covid19 coronavirus pandemic which occured starting world wide late 2019 early 2020 ... and still running rampant in many countries!

This raises another idea for the book, what is wrong with today's research? I wrote some of my analysis with what I thought was wrong about coronavirus research, which can be seen in this article, maybe someone could extend those thoughts?

To further elaborate on my reply above to Ca Dr. Gaurav Bhambri and his citation, I revisited the overview ch. 1 (Strang, Vajjhala & Korstanje, 2018, p. 5), refer to figure 1 (attached).

Let me explain. I wrote ch. 1 with input from Vajjhala and Korstanje. I developed that model to overcome the constraints of a two-axis (two dimensional) chart used in business Strenghts-Weaknesses-Opportunities-Threats (SWOT) analysis. I used SWOT to develop the rationale for the book (2018). I added a third axis or dimension to the model. The three SWOT chart dimensions were as follows (figure 1, p. 5) :

X (bottom axis): Teaching risk analysis to students in an academic context OR in organizations (corporate training) - the issue was where was risk knowledge needed mode?

Y (upper axis): Risk mitigation as a field practice vs. risk avoidance as a company strategy - the issue there was should we focus on how to reduce and manage risks or find then avoid uncertainty?

Z (third axis): Where do the risk theories reside, in a specific body of knowledge used on a cross-disciplinary or across disciplines, like medical practice OR interdisciplinary a combination of concepts from two or more areas much like project management - the issue was what theories or concepts do we know about uncertainty and risk management and what do we need to research further?

In the model (figure 1, chapter 1, 2018), the numbers within the bubbles represented the proposed theme of the book, based on the swot analysis, and linked back to the literature review. Let me explain further. I did a literature review BEFORE I proposed the book, to have an idea of the state-of-the-art and also to identify potential authors to contact for chapter contributions. Perhaps this time around we will see some interest from scholarly writers who are members or associated with the @Information Resource Management Association (IRMA).

It seems clear to me that the strategic positioning risk management model from figure 1 (2018, p. 5) is still very relevant for planning a 2022 book about cyberterrorism, threats, disasters, and so on, in the context of what do we know (e.g., surveys, cases, protocols, practices, theories, concepts) and what do we need to do for the future (analysis, models, speculation backed by scientific discovery).

Can anyone add to these ideas or suggest something they can write about in a future book?

Ken

http://kennethstrang.com

Strang, K. D., Vajjhala, N. R., & Korstanje, M. E. (2018). Global risk and contingency management overview [chapter 1]. In K. D. Strang & M. E. Korstanje & N. R. Vajjhala (Eds.), Research, Practices, and Innovations in Global Risk and Contingency Management (pp. xxii-xxix, ISBN: 978-1522547549, doi:1522547510.1522544018/1522547978-1522547541-1522545225-1522544754-1522547549). PA: IGI-Global.

Hi Dr Kenneth David Strang . I agree with Ca Dr. Gaurav Bhambri .

Thanks a lot for appreciation respected Dr Aref Wazwaz & Dr. Kenneth David Strang

Risk Management and Resilience are 2 of the fundamentals in the 5R's of Spherical Economies Entanglement (See5R).

We can continue to silo cybersecurity risk as many SME currently do, but may i suggest we write a book that addresses the fundamental core issues of risk management and resilience in an enterprise from a holistic strategy and implementation perspective.

Awareness and vendors supply of IT based automation has yet to produce adequate ability to enable GRC of our rapidly transforming Digital Enterprise.

I think a 5-7 member team can produce a continuous education and training for the role-based modern enterprises and not only provide awareness but help to create the HABITS at organizational level so the traits of resilience and risk management are evidenced in self-assessment or external assessment toward a maturity desired by the board of the organization. This assures that the Modern Enterprise Architecture aligns with the vision, strategy and practices while enabling agile response to dynamic threats by using "second nature" behaviours (habits acquired) during the risk management and resilience culture building.

These behaviours can be evaluated and certified fairly easily in quarterly assessment of 15min per employee from HR, LMS ir smartphone app.

Book:

Resilience and Risk Management in the Digital Age:

Building a "second nature" culture that protects the digital assets in your Modern Enterprise Architecture

@Phillip Sparks, this is a good idea. I think a prescriptive strategy of teaching enterprise risk avoidance or risk planning would make several chapters, covering the theory, and also how to operationalize it with ongoing metrics capture. This kind of fits somewhere close to 3B in figure 1?

Could you write a chapter or two on this, Phillip, perhaps with colleagues if interested?

Ken

My colleague Ilona Semencha and I managed to prove empirically in the study of the company's reputational risk factors that Adequacy of the reflection of the reputational risk, Level of formation of the mental representation of reputational risk, Strength of motivation to impact the reputational risk, Level of ability to manage the reputational risk have a strong influence on the level of reputational risk of the company. I think this statement will be true for other risks as well. Therefore, the opinion on the need to train staff in risk management and further certification is very timely.

This is useful to know @karyna

Perhaps you would be willing to write a chapter, maybe starting with a summary and findings from your study, then proposing what enterprises [and small businesses too] need to do, how, etc,

Ken

@Kenneth David Strang, thanks for the suggestion. Such a chapter in the book will be a good continuation of our study. Let me know the details when possible.

Now is your chance to contribute as an author, coauthor or reviewer of Cybersecurity for Decision Makers (2023): FL: Taylor + Francis. The book is now real here is the cfp http://kennethstrang.com/cyber

This is an example of the value of Research Gate for bringing together scholars in order to advance ther state-of-the-art.

The deadline for expressions of interest is April 25 2022 so review the site and contact the first editor if you are interested!