DBA Instruction Document

DBA Instruction Document

Stages

RM-III- Research Proposal In Progress

DBA Research Topic

SMALL AND MEDIUM-SIZED BUSINESSES (SMB) IN OMAN DATA PROTECTION IN DIGITAL TRANSFORMATION POST-COVID 19 - GAP ANALYSIS AND RISK MITIGATION.

Word Count and Pages as per the below (Excluding referencing, Table of content)

RM Document Type Word Count Page Deadline to submit

Research Proposal 6800 No Limit 1-Sep-22

Document Delivery

Appendix included Survey Evidence (600 Words)

Research Proposal with infographics and Table of data (6200)

Coverage as per Topic

Target Market - Small and Medium Business in Oman and Middle east

Problem - Digital Data protection post covid19 and Risk Mitigation

More information follow approved Concept Paper and Literature review

Read Instructions Carefully before you Start.

Good page layout

Use a standard A4 page size.

Your name, personal identifier, module and assignment numbers must appear at the top of each page.

Leave wide margins and space at the end of each page for tutor comments.

Consider using double spacing so you can easily handwrite corrections to your drafts and tutors have space to engage with your points as you make them.

Dont forget to insert page numbers

Add Infographics, Tables of Data Proof with source of reference.

Readability

Use an easily readable typeface such as 12-point Times New Roman for your text. Smaller typefaces are harder to read not just because your reader may not have perfect eyesight, but because there will be more words to a line.

Must share pledge report and Pledge must be less than 2%.

Dont forget to add source of reference, where ever examples used to validate the information with proof concept.

Concept Must be writing in HAVARD Style

Reference must not old March 2020 to until date.

Cohesive and writing skills including word count.

Academic writing Grammar, Punctuations, References must meet the basic criteria.

NOTE Make sure completed work shared for concept paper should not be shared with anyone else as predefine work for reference or copy purpose, there might be other student reach from same institute or classmate to do same work as concept paper, literature review, proposal writing and thesis on same topic or close by but make sure you keep it confidential, even you are not authorized to sell my work as reference to some other student to do their assignment.

SMB data protection in digital transformation post covid 19 - Gap analysis and risk mitigation.

Research Methods I - Concept Paper for the Swiss School of Business and Management DBA 2021

Program - DBA

Submitted by

Sukhwinder Singh

Student ID:47976

August 2021

Contents

TOC o "1-3" h z u Introduction PAGEREF _Toc90842003 h 31.1 Process of digital transformation for SMBs during Covid-19 pandemic PAGEREF _Toc90842004 h 31.2 Threats to data protection PAGEREF _Toc90842005 h 31.3 Problem statement PAGEREF _Toc90842006 h 3Preliminary literature review PAGEREF _Toc90842007 h 42.1 Preliminary literature review objective PAGEREF _Toc90842008 h 4Discussion and conclusion PAGEREF _Toc90842009 h 63.1 Discussion PAGEREF _Toc90842010 h 63.2 Conclusion PAGEREF _Toc90842011 h 6References PAGEREF _Toc90842012 h 7

Introduction

1.1 Process of digital transformation for SMBs during Covid-19 pandemicThe global impact of the Covid-19 pandemic has been extraordinary in terms of social and economic devastation. Many governments have taken great actions to curb the spreading of an unknown enemy, a virus that is both alien and pervasive, and to lessen the infection (Newsland at al.,2021). The quick proliferation of emerging digital technologies, like as contact-tracing apps, has been an especially visible feature of the Covid-19 pandemic (Ferretti et al., 2020). The use of pre-existing digital resources, such as video-conferencing software, has also increased in general. Many small and medium sized businesses were forced to adopt this drastic transformation of adopting work from home culture. This was an era when all the companies, irrespective of their sizes, adopted digital transformation. Some of these companies become vulnerable to data protection due to lack of infrastructure. Covid-19 has accelerated digital transformation processes, however, the readiness of data protection controls including technical as well as legislation has not been improved (Hantrais et al., 2021).

1.2 Threats to data protection

While safeguarding company data has become a top issue for companies of all sizes, the challenge of SMB data protection (small to medium-sized business) has gotten more difficult and expensive. Data is now kept in a greater range of areas, ranging from on-premises servers and data centers to virtual servers and the cloud. Regulatory requirements have never been more difficult, and productivity SLAs have never been tighter. As the constraints of SMB data protection become more difficult to overcome, the expectation on IT teams to save costs and "do more with less" grows (Dell Technologies, 2021). In Middle-east alone, the data leaks rise up to 3 times during the initial months of the pandemic (Bull, 2020). The most impacted sectors were logistics, healthcare, energy and utilities, aviation, government and retail.

1.3 Problem statementThis research will investigate the impact of Covid-19 pandemic upon the data protection strategy of SMBs in Omani context. It is vital to assess the post-covid situation of data protection in such companies as this will help in knowing and eliminating gaps in data protection. The identified risk can be mitigated once recognized. SMBs can protect their data which are stored digitally, in a more secured manner from technical challenges e-mail phishing, ransomware attacks, DDoS attacks, user data stolen, authentication two factor lack usage, antivirus disable, public free network connection, social media misuse.

Preliminary literature review2.1 Preliminary literature review objective

As per the preliminary literature review, there are not much research performed on the data protection of SMBs during and after covid-19 pandemic. It was found out by Forrester that 53% of the data violations occurred in companies, were the result of inside job. Hence, it can be said that the workforce is critical in determining the data protection strategy of the company (Babbs, 2020). Ahmad and Chauhan (2020) found out that many governments have developed regulations and guidelines to protect data breaches and use of PII (Personally Identified able Information), by imposing penalties on companies which fails to comply. In Europe, the General Data Protection Regulations (GDPR) regulates the data privacy of an individual within a company. Kumari (2018) found that more than one third of the companies participated in her study, lacks protection against spam and viruses, while others were protected by only with some basic methods such as server backup or recovery. There was no protection against complex digital attack on the assets of the company. The researcher also revealed that the participants reported that their data security and IT protection budgets are increasing and they are now paying more attention towards data protection (Kumari, 2018). Hjertstedt Lansborg (2020) believes that GDPR can help in reducing the risk on data protection in SMB. He developed an online self-assessment tool for SMBs to ensure that GDPR guidelines compliance is shown by the companies. From the preliminary literature review, it can be concluded that there is a significant research gap on this issue after the Covid-19 pandemic. There is no such framework available in Middle Eastern countries or Oman to provide data protection to SMBs. This research aims to eliminate that research gap while developing methods to mitigate the risk involves in data protection in SMBs. Following is the table for framework/regulation/legislation in various part of the world. It is evident that Middle East region lacks data protection legislations.

Region Framework Year

Europe General Data Protection Regulation (GDPR) 2018

Africa Convention on Cyber Security and Personal Data protection 2014

Australia Australia Privacy Act 1988

Asia-pacific Asia-Pacific Economic Cooperation (APEC) Framework for data privacy 2021

America EU-US Privacy Shield Framework 2021

Middle East No framework or legislation -

Source: Consumer International, 2021.

Discussion and conclusion

3.1 Discussion

The data collection method for this research will be a combination of qualitative and quantitative methods. The quantitative methods will comprise of primary data acquired from the participants involves in survey. The data obtained will then be assessed using statistical tools. The researchers will interview the executives who were a part of work from home culture and currently involved in data protection or cybersecurity issues. The qualitative method will involve secondary data analysis from existing literature sources such as journal articles, government documents, and seminar materials. Also, the experience of the survey participant will be noted down as an open-ended response, which will be analyzed by the researchers. This finding of this research can be used to form framework within Middle East to provide data protection to SMBs.

3.2 Conclusion

With the emergence of Covid-19 pandemic and shift in work culture, data protection methods became to gain significance in all kinds of organization, irrespective of size. The advancement of technology and increase in digitalization opened a whole new dimension of data protection. Remote working lead to increase in digital storage and using more online resources. This made the data prone to breach, particularly in SMBs, which are much irresponsible towards data protection. This study will point out the gap between data protection in SMBs and will suggest methods to mitigate the risk of data violation. It should also be noted that this research will be having a direct practical implication on the performance of SMBs. This study encourages other researchers to perform extensive research to find various risks and methods to mitigate them in various contexts.

References

Ahmad, N., and Chauhan, P. 2020. State of data privacy during COVID-19.Computer,53(10), 119-122.

Babbs, A. 2020. How to leverage data security in a post-Covid world.Computer Fraud & Security,2020(10), 8-11.

Bulls, M. 2020. Data leakage on the rise in the Middle East. International Security Journal. [online], Available at: Data leakage on the rise in the Middle East | ISJ (internationalsecurityjournal.com) [accessed on 16/12/2021]

Consumer International. 2021. The state of data protection rules around the world: A briefing for consumer organisations. [Online]. Available at: gdpr-briefing.pdf (consumersinternational.org) [accessed on 08/12/2021]

Dell Technologies. 2021. SMB Data protection. [Online]. Available at: SMB Data Protection Data Protection Solutions | Dell Technologies United Kingdom [accessed on 08/12/2021]

Ferretti, L., Wymant, C., Kendall, M., Zhao, L., Nurtay, A., Abeler-Drner, L., and Fraser, C. 2020. Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing.Science,368(6491).

Hantrais, L., Allin, P., Kritikos, M., Sogomonjan, M., Anand, P.B., Livingstone, S., Williams, M. and Innes, M., 2021. Covid-19 and the digital revolution.Contemporary Social Science,16(2), pp.256-270.

Hjertstedt Lansborg, K. F. 2020.INNAFOR: Developing an online self-help tool to ensure GDPR compliance in SMB s(Master's thesis, NTNU).

Kumari, M. N. 2018. Analysis of security issues and challenges in big data among SMBs. International Research Journal of Mathematics, Engineering and IT , 5 (4).

Newlands, G., Lutz, C., Tam-Larrieux, A., Villaronga, E. F., Harasgama, R., and Scheitlin, G. 2020. Innovation under pressure: implications for data privacy during the Covid-19 pandemic.Big Data & Society,7(2), 2053951720976680.

SMALL AND MEDIUM-SIZED BUSINESSES (SMB) IN OMAN DATA PROTECTION IN DIGITAL TRANSFORMATION POST-COVID 19 - GAP ANALYSIS AND RISK MITIGATION.

Research Methods II - Literature-Review the Swiss School of Business and Management DBA 2021

A Literature Review Proposal

Presented

by

Sukhwinder Singh

Student ID: 47976

August 2021

Copyright by Sukhwinder Singh 2022

All Rights Reserved

LITERATURE REVIEW

1.1 IntroductionOrganizations use information technology (IT) systems to trade, transport goods, maintain client accounts, and assess their resources from the boardroom to the post office. IT permits the storage and transfer of information, which is typically the most important resource in a corporation, from one market segment to another (Stankov and Tsochev, 2020). The trading floor is not fixed; it shifts as people migrate from one office to the next, from site to site, or even from office to home. The necessity to design, implement, and manage security information systems, such as encrypted email communication, is highlighted by human dependence on technology to work securely and efficiently in an environment ranging from air traffic control and healthcare to e-commerce and communications. As new goods are released to the market on a routine basis, a considerable number of security vulnerabilities and risk categories are frequently found and revealed during the company's operational life (Stankov and Tsochev, 2020). This literature review will discuss the data protection legislation, data vulnerabilities faced by Small and Medium-sized Businesses (SMBs), and challenges for SMBs in the post-Covid-19 era. Many countries such as Oman, based in Western Asia, do not have any well-established definition for SMBs, but for this research work, we will consider SMB to be an organization with less than 500 employees, and annual revenue of less than $1 billion (Gartner, 2022). The purpose of this research is to identify and fill the research gap in the field of digital transformation after Covid-19 in Oman. In the following paragraphs, the literature will be reviewed on the aspects such as data protection legislation around the world, digital vulnerabilities, threats to data collection, and challenges for SMBs. In addition, the sampling method will be selected and used for the analysis.

Review of literatureData protection legislation around the world

According to Forrester Research Joseph (2020), 53% of data breaches in businesses are the outcome of an inside job. As a result, the workforce plays a crucial role in developing the company's data protection plan (Babbs, 2020). Many countries have adopted legislation and standards to safeguard security vulnerabilities and the use of PII (Personally Identifiable Information) by imposing fines on organizations that fail to comply, according to Ahmad and Chauhan (2020). The General Data Protection Regulations (GDPR) govern an individual's data privacy within a firm or externally. Even though it was designed and enacted by the European Union (EU), it imposes duties on enterprises everywhere that target or collect data about EU citizens (GDPR.EU 2020). It was established and passed by the European Union. Kumari (2018), discovered that more than a third of the organizations in her survey lacked anti-spam and anti-virus security, while others were only secured by basic measures such as server backup and recovery. There was no safeguard in place to protect the company's assets against a sophisticated digital attack. The participant's cybersecurity and IT protection expenditures are expanding, according to the study, and they are now paying closer attention to information security (Kumari, 2018). GDPR, according to Hjertstedt Lansborg (2020), can assist Small and Medium-sized Businesses (SMBs) reduce the risk of data security. He created an online self-assessment tool for small businesses to guarantee that they are following GDPR standards. According to the preliminary literature analysis, there is a huge study gap on this topic following the Covid-19 epidemic. SMBs in Middle Eastern nations like Oman do not have access to such a framework for data protection.

Digital vulnerabilities

Among so many vulnerabilities faced by SMBs is Kernel security problems in Windows. It is one of the major security problems. Attackers modify designated data files in the Windows kernel to prohibit malware drivers from being detected and to elevate system privileges. A loaded driver's information is stored in many system lists, which are made up of allocated elements linked together via linked lists. Attackers can uninstall the malware driver's structure from all of these categories to make it invisible (Stankov and Tsochev, 2020).

Another vulnerability to issues with user data. After the Covid-19 pandemic, almost every SMB stored the data on digital devices, mainly hard drives. Malware might, for example, steal or erase encryption information, which is used in cryptographic modules and can be exploited to decode user information. By accessing Windows analytics and other data gathered by Windows OS, malware can also compromise a user's privacy. Illegal access to RAM data temporarily allocated by third-party drivers must be prevented by the security system.

Finally, malware that targets industrial control software might inflict significant damage. Stuxnet, a well-known example of kernel-mode malware, was responsible for the destruction of 1000 centrifuges at Iran's nuclear facilities. Its driver targeted Windows-based Industrial Control Systems (ICS), which are commonly used with Siemens PLCs (Anderson et al., 2017). Software for computer numerical control (CNC) machines, which employ computers to manage different industrial equipment such as lathes, grinders, and drilling machines, provides a comparable vector for cyber-attacks. CNC machines are widely utilized in cutting-edge manufacturing; for example, NASA, Boeing, and SpaceX all employ them (Isakovic, 2018).

Threats to data protection

While protecting firm data has become a major priority for businesses of all sizes, the difficulty of SMB (small to medium-sized business) data protection has become increasingly challenging and costly according to Bull (Bull, 2020). Data is now stored in a wider variety of locations, ranging from on-premises datacentres to virtual servers and the cloud. Legislative obligations have never been tougher, and performance SLAs have never been more stringent. As the challenges of SMB data security become increasingly difficult to handle, IT teams are expected to save money and "do more with less" (Dell Technologies, 2021). During the first months of the epidemic, data leakage in the Middle East region increased thrice (Bull, 2020). Logistics, healthcare, energy and utilities, aviation, government, and retail were the most affected industries.

Challenges for SMBsThe disparities in executives' perspectives of climate conditions might be one of the difficulties in altering a business model and transforming it into a digital one, but there is a difficulty to establish a convergent perspective of managers toward environmental changes. The development of the COVID-19 epidemic, on the other hand, leads practically everyone to conclude that the corporate climate has changed dramatically (Anderson et al. 2017). More than half of businesses believe the COVID-19 pandemic will have a significant negative impact on the current operations of the business and that they must act swiftly to prevent it. One of the major challenges, even for established organizations was to transform their business model into a digital one, during Covid-19. The SMBs must develop innovative methods to survive during and after Covid-19. The senior management is responsible for determining short-term and long-term vision to manage the challenge

Even though some general techniques exist at a high level, the transition route toward digitalized enterprises is distinctive for each organization, according to the study conducted by Korkin (2018). In addition, the chosen path is flexible. External shifts will force companies to rethink their digital transformation strategy as soon as they choose a path. Whatever path the companies choose, they must delve deeply into the organization's background and history, as this is the foundation for the managers' design of organizational strategy, authority, and responsibility, as well as the value systems that impact how business operations are carried out (Korkin 2018).

MethodSample selection

To find the answers to the research questions of this study, qualitative and quantitative research methods would be used. The quantitative research method will comprise data collection from the participant, and the qualitative method will include the assessment of secondary data from previous research. The sample population for the survey will be working employees with 5 years of experience in SMBs and who are involved in cybersecurity or data protection in Oman. The sample population will be having work experience of at least 5 years, and working with the same company for at least 1 year. To choose the sample, a non-probability sampling technique will be employed. Every participant who comes under the inclusion criteria will be invited for participating in the research. The participants will be selected based on who accepts the invitation first. 20 participants will be selected for this study. To conduct the survey, the participant will be asked to fill out the survey questionnaire form. The next process will be an interview. The interviewer will ask open-ended questions to the participant individually and privately. Their response will be recorded with their permission and transcribed. For those participants who do not consent to voice recording, their responses will be written down on a notepad by the researcher. For the secondary data research analysis, the sample will be selected using a subjective sampling technique. The sample will comprise journal articles, government documents, business reports, and media reports. All the work will be credible and peer-reviewed. The sample participants will be shortlisted by comparing relevancy with this research topic. At least 10 literary materials will be used for this research, published after the year 2020.

Bibliography

Ahmad, N., and Chauhan, P. 2020. State of data privacy during COVID-19.Computer,53(10), 119-122.

Anderson, R. S., Benjamin, J., Wright, V. L., Quinones, L., & Paz, J. (2017).Cyber-informed engineering(No. INL/EXT-16-40099). Idaho National Lab. (INL), Idaho Falls, ID (United States).

Anderson, R.S., Benjamin, J., Wright, V.L., Quinones, L. and Paz, J., 2017.Cyber-informed engineering(No. INL/EXT-16-40099). Idaho National Lab. (INL), Idaho Falls, ID (United States).

Babbs, A. 2020. How to leverage data security in a post-Covid world.Computer Fraud & Security,2020(10), 8-11.

Hjertstedt Lansborg, K. F. 2020.INNAFOR: Developing an online self-help tool to ensure GDPR compliance in SMBs(Master's thesis, NTNU).

Isakovic, H. and Grosu, R., 2018. A Mixed-Criticality Integration in Cyber-Physical Systems: A Heterogeneous Time-Triggered Architecture on a Hybrid SoC Platform. InComputer Systems and Software Engineering: Concepts, Methodologies, Tools, and Applications(pp. 1153-1178). IGI Global.

Korkin, I., 2018. Hypervisor-based active data protection for integrity and confidentiality of dynamically allocated memory in windows kernel.arXiv preprint arXiv:1805.11847.

Kumari, M. N. 2018. Analysis of security issues and challenges in big data among SMBs. International Research Journal of Mathematics, Engineering and IT, 5 (4).

Stankov, I. and Tsochev, G., 2020. Vulnerability and protection of business management systems: threats and challenges.Problems of Engineering Cybernetics and Robotics,72, pp.29-40.

Joseph, B. 2020. National Insider Threat Awareness Month: Stop Insiders With Zero Trust. Forrester. Available at: https://www.forrester.com/blogs/national-insider-threat-awareness-month-stop-insiders-with-zero-trust/ [Accessed on 14 April 2022]

GDPR.EU. 2020. What is GDPR, the EUs new data protection law? Available at: What is GDPR, the EUs new data protection law? - GDPR.eu [Accessed on 14/04/2022]

Gartner. 2020. Small and Midsize Business. Available at: Definition of Small and Midsize Business (SMB) - Gartner Information Technology Glossary [Accessed on 14/04/2022]