Provide the citation and attach a pdf of the article (10 pts):

Edu, A. S., Agoyi, M., & Agozie, D. (2021). Digital security vulnerabilities and threats implications for financial institutions deploying digital technology platforms and application: FMEA and FTOPSIS Analysis. PeerJ Computer Science, 7, e658. https://doi.org/10.7717/peerj-cs.658.

PDF

What is the abstract of the article?  (10 pts):

Digital disruptions have led to the integration of applications, platforms, and infrastructure. They assist in business operations, promoting open digital collaborations, and perhaps even the integration of the Internet of Things (IoTs), Big Data Analytics, and Cloud Computing to support data sourcing, data analytics, and storage synchronously on a single platform. Notwithstanding the benefits derived from digital technology integration (including IoTs, Big Data Analytics, and Cloud Computing), digital vulnerabilities and threats have become a more significant concern for users. We addressed these challenges from an information systems perspective and have noted that more research is needed identifying potential vulnerabilities and threats affecting the integration of IoTs, BDA and CC for data management. We conducted a step-by-step analysis of the potential vulnerabilities and threats affecting the integration of IoTs, Big Data Analytics, and Cloud Computing for data management. We combined multi-dimensional analysis, Failure Mode Effect Analysis, and Fuzzy Technique for Order of Preference by Similarity for Ideal Solution to evaluate and rank the potential vulnerabilities and threats. We surveyed 234 security experts from the banking industry with adequate knowledge in IoTs, Big Data Analytics, and Cloud Computing. Based on the closeness of the coefficients, we determined that insufficient use of backup electric generators, firewall protection failures, and no information security audits are high-ranking vulnerabilities and threats affecting integration. This study is an extension of discussions on the integration of digital applications and platforms for data management and the pervasive vulnerabilities and threats arising from that. A detailed review and classification of these threats and vulnerabilities are vital for sustaining businesses’ digital integration.

Was the study experimental or non-experimental? Explain, tell us what made that clear.  (10 pts):

This study is experimental. In an experimental design, the groups do not exist and must be created to control the data to gather a specific outcome. Based on the information in the study, to be a part of the study experts were pre-determined. Data was collected about the participants and then once that information was gathered, the surveys were distributed to only those who met the qualifications.

Was the research qualitative or quantitative? Again, explain. (10 pts):

The research was a mixed method approach, this means both qualitative and quantitative methods were used. The qualitative information was based on the accuracy of security vulnerabilities and threats that were currently affecting IoTs (Internet of Things). The qualitative information is important to make sure the study is accurately describing security threats that are current and that the participants can relate to. The quantitative approach was how the survey was distributed to the security experts in the financial fields. The questionnaire used a scale of 1-10 to determine the security risks. This is where the quantitative information came into play, thus creating a mixed method approach.

What was the population studied? Why do you say that? (5 pts):

The population that was studied were specific security experts that were able to verify their knowledge of IoTs, Cloud Computing, and Big Data Analytics. On top of them being security experts they also had to work in a financial institution. I say this because the study specifies that these were the individuals that were sequestered for the surveys.

What sample was used for this study? Explain. (5 pts):

The sample for this study was 234 out of the 255 responses that were sent to 23 different financial institutions. There were 21 eliminated from the pool due to incomplete responses on the survey. The sampling technique used was purposive non-probability to select the experts and collect data.

What was the method of measurement? (10 pts):

For the gathering of experts, an interval approach was used [0,1] with the 1 representing knowledge in the subject matter. Another instance of quantitative measurement was in the scoring of the surveys to determine the results (the 1-10 responses).

For the qualitative data, literature on risks vs benefits of Internet of Things, Cloud Computing, and Big Data Analytics were used. Literature on infrastructure vulnerabilities and attacks, security management failures, communication security failures, identity management failures, access control failures, network security vulnerabilities, and data and information management vulnerabilities were all used.

What was the method of analysis? (10 pts):

Quantitative: The quantitative information was the way in which the information was gathered, first by how the purposive non-probability sampling technique was used to select experts based on their knowledge of terms using the interval system of 0,1. The surveys sent out were then transposed to the scale of threats found in the qualitative research. This is where the Fuzzy Technique for Order of Preference by Similarity for Ideal Solution was used to categorize and prioritize the vulnerabilities.

Qualitative: The qualitative research was the literature used. In order for the researchers to determine the validity of the research, they used FMEA to categorize threats and vulnerabilities by placing them into categories based on their probabilities. Fuzzy TOPSIS analysis was used to take the responses and apply them to the categories created.

What was the conclusion of the study? (10 pts):

The conclusion of the study found that IT risk managers need to focus on firewall protections, reliable power sources, and security audits. Prioritizing the knowledge of vulnerabilities helps reduce or manage potential threats. The study is limited to the knowledge of the IT professionals working in these fields and that the technologies are still developing. To use audit history or logs to enhance findings and that the sample size should increase to larger groups of IT security experts. The responses are limited to the findings in the literature of the study and are limited to these threats.

Why is this study useful to you? Explain in detail. (10 pts):

This information is useful to me because I work at a financial institution and as more things become cloud based (like salesforce) or more devices (IoTs) become available to use for financial institutions it is very important to understand the risks of them. I have always been leery of cloud-based services, because your data may be housed “securely” but the biggest threat actors are those within the company. Phishing campaigns teach us that all it takes is one click on the wrong e-mail and a vulnerability can occur. It is important for risk managers to understand that using cloud services may possibly increase risks if there is a data breech to the cloud servicer.

What would be the next logical step in extending this study? (10 pts):

As stated in the study, it is important to increase the sampling size and to include more experts. Security threats are different for each sector, but attacks can be the same like phishing, so if extending the study, it would be best to start with other financial institutions. Adding other sectors with categories only after obtaining more data from financial institutions. As technologies change, it is important to also update the study to reflect the most current risks and security threats. Add additional literature to determine the latest threats or newer vulnerabilities. Using cisa.gov as a tool for security threats.