1. REFERENCES

REFERENCES

Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003. https://doi.org/10.1016/j.cose.2020.102003

America is Under Cyber Attack: Why Urgent Action is Needed, 112–85, 112th Congress, Second (2012). https://www.govinfo.gov/content/pkg/CHRG112hhrg77380/html/CHRG-112hhrg77380.htm

Aon. (2020). 2020 Cyber Security Risk Report. https://www.aon.com/getmedia/8496a44a-7006-40ad-81a2-111aa15cc237/Aon-2020-Cyber-Security-Risk-Report-vDigital-SECURE.pdf

Ashford, W. (2017, August 25). Security professionals name top causes of breaches. ComputerWeekly.Com. https://www.computerweekly.com/news/450425184/Security-professionalsname-top-causes-of-breaches

Balozian, P., & Leidner, D. (2017). Review of IS security policy compliance: toward the building blocks of an IS Security Theory. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 48(3), 11–43. https://doi.org/10.1145/3130515.3130518

Bandura, A. (1978). The self system in reciprocal determinism. American Psychologist, 33(4), 344–358. https://doi.org/10.1037/0003-066X.33.4.344

Bandura, A. (1997). Self-efficacy: The exercise of control (pp. ix, 604). W H Freeman/Times Books/ Henry Holt & Co.

Barlow, J., Warkentin, M., Ormond, D., & Dennis, A. (2018). Don’t even think about it! The effects of antineutralization, informational, and normative communication on information security compliance. Journal of the Association for Information Systems, 19(8). https://aisel.aisnet.org/jais/vol19/iss8/3

Bauer, S., & Bernroider, E. W. N. (2017). From information security awareness to reasoned compliant action: Analyzing information security policy compliance in a large banking organization. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 48(3), 44–68. https://doi.org/10.1145/3130515.3130519

Benbasat, I., Cavusoglu, H., & Bulgurcu, B. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523. https://doi.org/10.2307/25750690

Bicchieri, C., Dimant, E., Gaechter, S., & Nosenzo, D. (2021). Social proximity and the erosion of norm compliance (SSRN Scholarly Paper ID 3355028). Social Science Research Network. https://doi.org/10.2139/ssrn.3355028

Bowen, A. S. (2021). Russian Cyber Units. Congressional Research Service. https://crsreports.congress.gov/product/pdf/IF/IF11718

Cancian, M. F. (2019, October 15). U.S. Military Forces in FY 2020: Army. U.S. Military Forces in FY 2020: Army. https://www.csis.org/analysis/us-militaryforces-fy-2020-army

Center for Internet Security. (n.d.). Cybersecurity Spotlight—Cyber Threat Actors. CIS. Retrieved February 25, 2021, from https://www.cisecurity.org/spotlight/cybersecurity-spotlight-cyber-threatactors/

Cluley, G. (2021, February 18). North Korean hackers charged by US in relation to attacks. The State of Security. https://www.tripwire.com/state-ofsecurity/featured/us-charges-north-korean-hackers-wannacry-sony-picturesattack/

Connell, M., & Vogler, S. (2017). Russia’s Approach to Cyber Warfare. Center for Naval Analyses. https://apps.dtic.mil/sti/pdfs/AD1032208.pdf

Cyberedge Group. (2021). 2021 Cyberthreat Defense Report. https://www.isc2.org//-/media/ISC2/Research/Cyberthreat-DefenseReport/2021/CyberEdge-2021-CDR-Report-v10–ISC2-Edition.ashx

Da Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, 101713. https://doi.org/10.1016/j.cose.2020.101713

D’Arcy, J., & Lowry, P. (2019). Cognitive-affective drivers of employees’ daily compliance with information security policies: A multilevel, longitudinal study. Information Systems Journal, 29, 43–69. https://doi.org/10.1111/isj.12173

Datta, P. (2021). Hannibal at the gates: Cyberwarfare & the Solarwinds sunburst hack. Journal of Information Technology Teaching Cases, 204388692199312. https://doi.org/10.1177/2043886921993126

Donahue, S. E. (2011). Assessing the impact that organizational culture has on enterprise information security incidents. https://www.semanticscholar.org/paper/Assessing-the-impact thatorganizational-cultureonDonahue/d9cac5132a3b0b518f56d94d96f7aada660745eb

Donalds, C., & Osei-Bryson, K.-M. (2020). Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management, 51, 102056. https://doi.org/10.1016/j.ijinfomgt.2019.102056

Eggers, S. (2021). A novel approach for analyzing the nuclear supply chain cyber-attack surface. Nuclear Engineering and Technology, 53(3), 879–887. https://doi.org/10.1016/j.net.2020.08.021

European Union Agency for Network and Information Security. (2018). Cyber Security Culture in organisations. https://doi.org/10.2824/10543

Executive Office of the President. (2018). Classification Guidance. https://ustr.gov/sites/default/files/foia/Classification%20Guidance.pdf

Executive Office of the President of the United States. (n.d.). Federal information Security Modernization Act of 2014: Annual Report to Congress. https://www.whitehouse.gov/wp-content/uploads/2020/05/2019-FISMARMAs.pdf

Federal Bureau of Investigation. (2021). IC3 Releases 2020 Internet Crime Report [Press Release]. Federal Bureau of Investigation. https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-the-internetcrime-complaint-center-2020-internet-crime-report-including-covid-19-scamstatistics

Fessler, P., & Martin, M. (2017, June 18). Russians believed to have used spearphishing in election hacking. NPR.Org. https://www.npr.org/2017/06/18/533438850/russians-believed-to-have-usedspear-phishing-in-election-hacking

Franks, J. (n.d.). Urgent Actions Needed to Address Federal Cybersecurity Challenges. https://www.gao.gov/podcast/urgent-actions-needed-addressfederal-cybersecurity-challenges

Fruhlinger, J. (2020, February 12). The OPM hack explained: Bad security practices meet China’s Captain America. CSO Online https://www.csoonline.com/article/3318238/the-opm-hack-explained-badsecurity-practices-meet-chinas-captain-america.html

Gcaza, N., & Solms, R. von. (2017). Cybersecurity Culture: An ill-defined problem.* Information Security Education for a Global Digital Society*, 98–109. https://doi.org/10.1007/978-3-319-58553-6_9

Gootman, S. (2016). OPM hack: The most dangerous threat to the Federal Government today. Journal of Applied Security Research, 11(4), 517–525. https://doi.org/10.1080/19361610.2016.1211876

Graham, S. (2020). An attributional theory of motivation. Contemporary Educational Psychology, 61, 101861. https://doi.org/10.1016/j.cedpsych.2020.101861

Haith, A. M., & Krakauer, J. W. (2018). The multiple effects of practice: Skill, habit and reduced cognitive load. Current Opinion in Behavioral Sciences, 20, 196–201. https://doi.org/10.1016/j.cobeha.2018.01.015

Howard, D. (2018). Development of the Cybersecurity Attitudes Scale and Modeling Cybersecurity Behavior and its Antecedents. Graduate Theses and Dissertations. https://scholarcommons.usf.edu/etd/7306

Huang, K., & Pearlson, K. (2019, January 8). For what technology can’t fix: Building a model of organizational cybersecurity culture. https://doi.org/10.24251/HICSS.2019.769

Jennings, J., & Nagel, J. C. (2020). Federal Workforce Statistics Sources: OPM and OMB. 1–11. Congressional Research Service.

Kiener-manu, katharina. (2019). Cybercrime. //www.unodc.org

Kierkegaard, S. M. (2005). Cracking down on cybercrime global response: The cybercrime convention. Communications of the IIMA, 5(1), 9.

Koohang, A., Anderson, J., Nord, J. H., & Paliszkiewicz, J. (2020). Building an awareness-centered information security policy compliance model. Industrial Management & Data Systems, 120(1), 231–247. https://doi.org/10.1108/IMDS-07-2019-0412

Kweon, E., Lee, H., Chai, S., & Yoo, K. (2019). The utility of information security training and education on cybersecurity incidents: An empirical evidence. Information Systems Frontiers. https://doi.org/10.1007/s10796-019-09977-z

Latto, N. (2020, December 19). What is Cybercrime and How Can You Prevent It? https://www.avast.com/c-cybercrime

Lederer, E. M. (2021, February 9). UN experts: North Korea using cyber attacks to update nukes. AP NEWS. https://apnews.com/article/technology-globaltrade-nuclear-weapons-north-korea-coronavirus-pandemic19f536cac4a84780f54a3279ef707b33

Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity

behavior. International Journal of Information Management, 45, 13–24. https://doi.org/10.1016/j.ijinfomgt.2018.10.017

Macak, M., Kruzikova, A., Daubner, L., & Bühnová, B. (2020). Simulation games platform for unintentional perpetrator attack vector identification. In Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops (pp. 222–229). Association for Computing Machinery. https://dl.acm.org/doi/abs/10.1145/3387940.3391475

Michael, C., & Sammons, J. (2017). Chapter 5. Cybercrime. In The Basics of Cyber Safety (pp. 87–116). Joe Hayton. https://learning.oreilly.com/library/view/the-basicsof/9780124166394/xhtml/chp005.xhtml

Milkovich, D. (2020, December 23). 15 Alarming Cyber Security Facts and Stats. Cybint. http://www.cybintsolutions.com/cyber-security-facts-stats/

Monteith, S., Bauer, M., Alda, M., Geddes, J., Whybrow, P. C., & Glenn, T. (2021). Increasing cybercrime since the pandemic: concerns for psychiatry. Current Psychiatry Reports, 23(4), 18. https://doi.org/10.1007/s11920-021-01228-w

Muhire, B., & Ayyagari, R. (2019). Employee Compliance to Information Security in Retail Stores. Communications of the IIMA, 16(4). https://scholarworks.lib.csusb.edu/ciima/vol16/iss4/2

Musto, J. (2020, October 21). NSA warns Pentagon about Chinese government hackers. FOXBusiness; Fox Business. https://www.foxbusiness.com/technology/nsa-advisory-warns-defensedepartment-about-chinese-government-hackers

Office of Information Security. (2021, March 25). North Korea Cyber Activity. https://www.hhs.gov/sites/default/files/dprk-cyber-espionage.pdf

Office of Personnel Management. (n.d.). Federally Mandated Training—Training and Development Policy Wiki. U.S. Office of Personnel Management. Retrieved May 4, 2021, https://www.opm.gov/wiki/training/FederallyMandated-Training.ashx

Office of the Director of National Intelligence. (2021). Annual Threat Assessment of the US Intelligence Community. https://www.dni.gov/files/ODNI/documents/assessments/ATA-2021-Unclassified-Report.pdf

Office of the Secretary of Defense. (2015). Department of Defense Cybersecurity Culture and Compliance Initiative. https://dod.defense.gov/Portals/1/Documents/pubs/OSD011517-15-RESFinal.pdf

Olejarz, J. M. (2015, July 27). Why Cybersecurity Is So Difficult to Get Right. Harvard Business Review. https://hbr.org/2015/07/why-cybersecurity-is-sodifficult-to-get-right

Petric, Dr. G., Eriksen, A.-C., Huisman, J., Smothers, R. L., & Carpenter, P. (n.d.). Measure to Improve. KnowBe4, Inc. https://www.knowbe4.com/hubfs/Security-Culture-Report.pdf

Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers & Security, 31(4), 597–611. https://doi.org/10.1016/j.cose.2011.12.010

Pollock, T. (2017, October 20). Reducing human error in cyber security using the Human Factors Analysis Classification System (HFACS). 2017 KSU Conference on Cybersecurity Education, Research and Practice. https://www.researchgate.net/publication/321278165_Reducing_human_error_in_cyber_security_using_the_Human_Factors_Analysis_Classification_System_HFACS

ProofPoint. (2019). Protecting People 2019. https://www.proofpoint.com/sites/default/files/gtd-pfpt-us-tr-protecting-people2019.pdf

Reinheimer, B., Aldag, L., Mayer, P., Mossano, M., Duezguen, R., Bettina Lofthouse, Tatiana von Landesberger, & Melanie Volkamer. (2020). An investigation of phishing awareness and education over time: When and how to best remind users. 27.

Roberts, S. A. (2021). Exploring the relationships between user cybersecurity knowledge, cybersecurity and cybercrime attitudes, and online risky behaviors. Northcentral University, ProQuest Dissertations Publishing. https://www.proquest.com/docview/2506630550/BFE64010521C479BPQ/1

Sanger, D. E., & Perlroth, N. (2020, April 15). U.S. accuses North Korea of cyberattacks, a sign that deterrence is failing. The New York Times. https://www.nytimes.com/2020/04/15/world/asia/north-korea-cyber.html

Scarfone, K., & Souppaya, M. (2009). Guide to Enterprise Password Management (NIST Special Publication (SP) 800-118 (Retired Draft)). National Institute of Standards and Technology. https://csrc.nist.gov/publications/detail/sp/800-118/archive/2009-04-21

Schneier, B. (2000). Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition (15th Anniversary Edition). John Wiley & Sons, Inc. https://learning.oreilly.com/library/view/secrets-and-lies/9781119092438/

Schunk, D. H., & DiBenedetto, M. K. (2020). Motivation and social cognitive theory. Contemporary Educational Psychology, 60, 101832. https://doi.org/10.1016/j.cedpsych.2019.101832

Sen, R. (2018). Challenges to cybersecurity: current state of affairs. Communications of the Association for Information Systems, 43, 22–44. https://doi.org/10.17705/1CAIS.04302

Sobers, R. (2020, September 8). Government Hacking Exploits, Examples and Prevention Tips. Inside Out Security. https://www.varonis.com/blog/government-hacking-exploits/

SolarWinds. (2020). SolarWinds Public Sector Cybersecurity Survey Report 2020: IT Complexity, Insider Threats, and an Abundance of Privileged Users Plague Public Sector Cyber Readiness (p. 43). https://www.solarwinds.com/resources/survey/solarwinds-public-sectorcybersecurity-survey-report-2020

Steves, M. P., Greene, K. K., & Theofanos, M. F. (2019). A Phish Scale: Rating Human Phishing Message Detection Difficulty. Proceedings 2019 Workshop on Usable Security. Workshop on Usable Security, San Diego, CA. https://doi.org/10.14722/usec.2019.23028

Temple-Raston, D. (2021, April 16). A “Worst Nightmare” Cyberattack: The Untold Story Of The SolarWinds Hack. NPR.Org. https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattackthe-untold-story-of-the-solarwinds-hack

United States Department of Agriculture. (2019). Improper Usage of USDA’s Information Technology Resources. https://www.usda.gov/sites/default/files/50501-0020-12.pdf

United States Department of Justice. (2021, February 17). Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe. https://www.justice.gov/opa/pr/threenorth-korean-military-hackers-indicted-wide-ranging-scheme-commitcyberattacks-and

United States Department of State. (2019). DS Report on Security Incidents Related to Potentially Classified Emails sent to Former Secretary of State Clinton’s Private Email Server.

United States Government Accountability Office. (2021, March 24). High-Risk Series: Federal Government Needs to Urgently Pursue Critical Actions to Address Major Cybersecurity Challenges. https://www.gao.gov/products/gao21-288

Veiga, A. (2016). Comparing the information security culture of employees who had read the information security policy and those who had not: Illustrated through an empirical study. Information and Computer Security, 24, 139– 151. https://doi.org/10.1108/ICS-12-2015-0048

Whitaker, B. (2021, February 14). Unprecedented Russian SolarWinds hack that infiltrated federal government likely still happening. CBS. https://www.paramountplus.com/shows/60_minutes/video/BJMDBl_P14QPGckrQzu9n3yMRUEzNZMc/unprecedented-russian-solarwinds-hack-thatinfiltrated-federal-government-likely-still-happening/

Wood, R., & Bandura, A. (1989). Social Cognitive Theory of organizational management. Academy of Management Review, 14, 361–384. https://doi.org/10.5465/AMR.1989.4279067

Table of Contents

• CHAPTER ONE - INTRODUCTION
• CHAPTER TWO - CYBERCRIME IN GOVERNMENTS
• CHAPTER THREE - METHODOLOGY
• CHAPTER FOUR - RESULTS
• CHAPTER FIVE - DISCUSSION
• REFERENCES