Organizational Cybersecurity Research Articles

Implementasi Sistem Manajemen Log untuk Penanggulangan Serangan Server dengan SIEM

In the current digital era, information security has become a primary focus for organizationsworldwide. Rapid technological advancements have brought significant benefits but alsointroduced increasingly sophisticated cyber threats and attacks. One approach to addressing thesechallenges is through Security Information and Event Management (SIEM). SIEM integratesSecurity Information Management (SIM) and Security Event Management (SEM) to collect,analyze, and report security data from various network sources, enabling more effective detection,response, and management of security incidents. This study focuses on handling server attacksusing Wazuh SIEM as an early warning system. The methodology involves setting up a networktopology to detect Distributed Denial of Service (DDoS) attacks using SIEM, collecting andanalyzing log data, correlating data to identify threats, and responding to detected threats. Theresults indicate that SIEM is crucial in modern cybersecurity, providing real-time threat detectionand response capabilities. The system successfully detected and blocked 42 attacks during thetrial. In conclusion, SIEM offers greater security visibility and control, enabling organizations todetect and respond to complex security threats efficiently and effectively. Modern SIEM systems,equipped with advanced analytics and machine learning, can identify anomaly patterns and newthreats, thus strengthening an organization's cybersecurity defenses.

We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers.

Cyberattacks pose a significant business risk to organizations. Although there is ample literature focusing on why people pose a major risk to organizational cybersecurity and how to deal with it, there is surprisingly little we know about cyber and information security decision-makers who are essentially the people in charge of setting up and maintaining organizational cybersecurity. In this paper, we study cybersecurity awareness of cyber and information security decision-makers, and investigate factors associated with it. We conducted an online survey among Slovenian cyber and information security decision-makers (N = 283) to (1) determine whether their cybersecurity awareness is associated with adoption of antimalware solutions in their organizations, and (2) explore which organizational factors and personal characteristics are associated with their cybersecurity awareness. Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles. They also provide insights into which threats (e.g., distributed denial-of-service (DDoS) attacks, botnets, industrial espionage, and phishing) and solutions (e.g., security operation center (SOC), advanced antimalware solutions with endpoint detection and response (EDR)/extended detection and response (XDR) capabilities, organizational critical infrastructure access control, centralized device management, multi-factor authentication, centralized management of software updates, and remote data deletion on lost or stolen devices) are cyber and information security decision-makers the least aware of. We uncovered that awareness of certain threats and solutions is positively associated with either adoption of advanced antimalware solutions with EDR/XDR capabilities or adoption of SOC. Additionally, we identified significant organizational factors (organizational role type) and personal characteristics (gender, age, experience with information security and experience with information technology (IT)) related to cybersecurity awareness of cyber and information security decision-makers. Organization size and formal education were not significant. These results offer insights that can be leveraged in targeted cybersecurity training tailored to the needs of groups of cyber and information security decision-makers based on these key factors.

Organisational cyber resilience: a heuristic for bridging foundations and applications

PurposeThe drive for digitalisation has increased the scope of cyber threats which can exploit the growing footprint of information and communication technology infrastructure supporting modern societies. Despite substantial interest and efforts in researching and building organisational cyber resilience, the resulting body of work is heterogeneous and has yet to reach maturity. This paper aims to address the gap in the conceptualisation of cyber resilience in academic and practice-oriented grey literature.Design/methodology/approachIn this conceptual paper, we firstly seek to explore the available foundations of resilience as a construct and consider how these can be applied to organisational cybersecurity. To that aim, this study employs a targeted literature review approach, incorporating systematic elements to ensure rigour. Literature was identified through comprehensive searches in key academic databases, reference chaining and expert recommendations. Articles were selected based on relevance and contribution to the field, resulting in a thematic analysis to identify gaps and propose a heuristic model for cyber resilience. With this approach, we aim to position the emerging view of cyber resilience relative to risk analysis, while highlighting its domain of “conceptual comparative advantage” – the types of applications it is best suited to address. Finally, a high-level heuristic model for cyber resilience is proposed, which functions across the relevant policy, strategy and operational dimensions while also considering its relationship with cyber risk management.FindingsA conceptual model for organisational cyber resilience is proposed which helps position and frame research contributions in this domain relative to risk analysis, highlighting its domain of comparative advantage. The model integrates policy, strategy and operational dimensions, in a manner conducive to bridging foundations and applications of the concept of cyber risk management. The proposed model provides a critical point of reference to evaluate individual models, frameworks and tools.Originality/valueThis paper is a pioneering effort to overcome the current gaps between conceptual and practical views of cyber resilience. It proposes a new, risk-aligned view of the concept of cyber resilience and provides a structural foundation for further research and practice in the field.

Towards a cybersecurity culture-behaviour framework: A rapid evidence review

A strong organisational cybersecurity culture (CSC) is critical to the success of any cybersecurity effort, and understanding and measuring CSC is essential if it is to succeed. To facilitate the framing and measurement of CSC we conducted a rapid evidence assessment (REA) to synthesise relevant studies on CSC. The systematic search identified 1,768 records. 59 studies were eligible for the final synthesis.Thematic analysis of the CSC definitions in the included studies highlighted that CSC should not be viewed solely as a technical problem but as a management issue too; CSC requires top management involvement and role modelling, with full organisational support for the desired employee behaviours. We identify both theoretically and empirically derived models of CSC in the REA, along with a range of methods to develop and test these models. Integrative analysis of these models provides detailed information about CSC dimensions, including employee attitudes towards CS; compliance with policies; the role of security education, training and awareness; monitoring of behaviour and top management commitment. The evidence indicates that CSC should be understood both in the context of the wider organisational culture as well as in the shared employee understanding of CS that leads to behaviour.Based on the findings of this review, we propose a novel integrated framework of CSC consisting of cultural values, the culture-to-behaviour link, and behaviour itself. We also make measurement recommendations based on this CSC framework, ranging from simple, broad-brush tools through to suggestions for multi-dimensional measures, which can be applied in a variety of sectors and organisations.

Navigating Cybersecurity: Environment’s Impact on Standards Adoption and Board Involvement

ABSTRACT This study investigates cybersecurity governance dynamics within organizations, investigating the influence of supply chains, environmental factors, and stakeholder engagement. Utilizing the UK’s Cyber Security Longitudinal Survey and employing artificial neural networks and k-means cluster analysis, we explore how organizational practices and external pressures shape cybersecurity strategies. Our findings show the managerial and political dimensions of improving organizational cybersecurity, highlighting the critical role of environmental influences alongside incident perception and self-efficacy. The research shows the necessity for organizations to remain receptive to external influences and identifies supply chains as critical factor in shaping cybersecurity practices, advocating for comprehensive security protocols. We demonstrate that guidance from governing bodies is essential for aligning with industry standards. The findings suggest a range of strategies, from implementing standards to encouraging board-level integration of cybersecurity, facilitated by a combination of coercive, normative, and mimetic pressures exerted by various agents, including governments, stakeholders, and the supply chain.

United We Stand, Divided We Fall: An Autogenic Perspective on Empowering Cybersecurity in Organizations

United We Stand, Divided We Fall: An Autogenic Perspective on Empowering Cybersecurity in Organizations

Design and Analysis of Cybersecurity Information Sharing Mechanism Between Computer Security Incident Response Teams (CSIRT) in Indonesia on Blockchain Technology Through Hyperledger Composer and Interplanetary File System (IPFS)

Sharing cybersecurity information among the Computer Security Incident Response Team (CSIRT) is a crucial step in enhancing organizational cybersecurity. However, a primary challenge faced is the lack of trust among users regarding the confidentiality, integrity, and availability of shared information. This study proposes a new approach by designing a mechanism for sharing cybersecurity information among CSIRTs in Indonesia on blockchain technology using Hyperledger Composer. This approach offers an innovative solution by leveraging the advantages of blockchain technology. Through this approach, cybersecurity information can be shared in a decentralized manner, overcoming the weaknesses of centralized systems, and enhancing overall information security. Another advantage of blockchain technology is its high performance and scalability, enabling increased speed, and user capacity in the process of sharing information. By implementing a blockchain-based mechanism for sharing cybersecurity information, this research aims to ensure crucial aspects of information security, namely confidentiality, integrity, and availability. The contribution of this study is not only in enhancing organizational cybersecurity but also in providing an innovative solution to practical challenges in sharing cybersecurity information among CSIRTs.

Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains

Digitalization has revolutionized the supply chain networks but also introduces vulnerabilities to the cyber threats. Notably, in past two years, the cyber-attacks on different organizations worldwide have increased at an alarming rate resulting in significant financial loss to supply chains, intellectual property breaches and supply disruptions. As a result, companies are making significant investments in their cybersecurity. However, many incidents were reported where threat actors attacked a company using the shared digital systems with its suppliers. Therefore, it is important that suppliers are selected based on their cyber resilience. This paper identifies the cyber resilience criteria and proposed a multi criteria decision making based framework to evaluate the cyber resilience of a supply chain partner. It has been also realized that investment in organizational cybersecurity alone is not sufficient to protect supply chains. Companies are now investing in increasing their supply chain cyber capabilities. In this direction, paper also proposes a mixed integer linear program (MILP) to jointly optimize supplier selection and cyber investment decisions in a supply chain based on the supplier's current cyber resilience and potential return on the cyber investments made in selected suppliers. Computational experiments are conducted to study the tradeoffs and impact of sourcing strategy, supplier capacity, cyber security investment decisions on supply chain cyber resilience. The findings underscore that an integrated decision making of supplier selection and cyber investments maximizes the supply chain cyber resilience.

Quick service during DDoS attacks in the container-based cloud environment

Distributed Denial of Service (DDoS) attacks are one of the biggest internet security risks. As DDoS attacks directly target the availability of the victim’s services, defending against them is one of the most challenging tasks for the victim organization’s cyber security personnel. Service disruptions, resource conflicts, reputation harm, and financial losses are just a few of the many direct and indirect effects of DDoS attacks. There are several DDoS attack solutions, however, victim organization(s) cyber security personnel still struggle to mitigate it. Among the several ways of mitigating DDoS attacks, it was observed that the most effective approaches include bandwidth limiting and resource reservations. Individually, these solutions have a drawback of increasing the average response time during a DDoS attack for both the malicious and the benign users. We propose a two-line defense system that combines both of these strategies in addition to containerization to minimize DDoS attack effects. First line defense system separates incoming requests based upon the number of connections made for target web-service at any particular instant and sends them to second line defense system. At second line defense system, we limit the bandwidth of intermediate machines that transmit requests to the destination web-service(s). Additionally, the load balancer at the second line defense system routes incoming requests to different containers on the target computers based on line defense system decisions. By segregating incoming requests, we are able to serve benign users requests which send lesser number of requests than threshold value even in the presence of DDoS attacks. The proposed technique shows that benign users’ average response time under DDoS attack is nearly equivalent to that obtained under normal network conditions. The proposed technique is able to preserve the service availability to ∼98% of benign requests even in the presence of massive DDoS attack.

A taxonomy of factors that contribute to organizational Cybersecurity Awareness (CSA)

Purpose Developing cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and organizational aspects affect each other in an intertwined way. With the goal of providing a holistic representation of CSA, this paper aims to develop a taxonomy of factors that contribute to organizational CSA. Design/methodology/approach The research used a design science approach including a literature review and practitioner interviews. A taxonomy was drafted based on 71 previous research publications. It was then updated and refined in two iterations of interviews with domain experts. Findings The result of this research is a taxonomy which outline six domains for importance for organization CSA. Each domain includes several activities which can be undertaken to increase CSA within an organization. As such, it provides a holistic overview of the CSA field. Practical implications Organizations can adopt the taxonomy to create a roadmap for internal CSA practices. For example, an organization could assess how well it performs in the six main themes and use the subthemes as inspiration when deciding on CSA activities. Originality/value The output of this research provides an overview of CSA based on information extracted from existing literature and then reviewed by practitioners. It also outlines how different aspects of CSA are interdependent on each other.

Design of Cybersecurity Maturity Assessment Framework Using NIST CSF v1.1 and CIS Controls v8

Cybersecurity threats are constantly evolving, making it crucial for organizations to maintain a robust and maturing cybersecurity posture. According to the 2022 Annual Report of the Honeynet Project of the National Cyber and Crypto Agency (BSSN), there were 370,022,283 cyber attacks against Indonesia.  One of the strategies that can be implemented is to conduct a cybersecurity maturity assessment to determine the organization's current level of cybersecurity implementation. This paper proposes a design for a cybersecurity maturity assessment framework leveraging two established standards: the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) v1.1 and the Center for Internet Security (CIS) Controls v8. The proposed framework utilizes a mapping between the NIST CSF v.1.1 subcategories and the CIS Controls v8 subcontrols, enabling a comprehensive assessment of an organization's cybersecurity maturity. The assessment methodology focuses on evaluating the implementation and effectiveness of controls aligned with each NIST CSF function. This approach allows organizations to identify strengths and weaknesses in their cybersecurity posture and prioritize areas for improvement. This research developed a mapping between the NIST CSF framework and CIS Controls v8. The mapping aligns 23 integrated cybersecurity categories from NIST CSF (including 64 subcategories out of a possible 108) with 124 subcontrols from CIS Controls v8 (out of a total 153). This combined framework serves as a tool to help organizations improve their cybersecurity maturity and capabilities.

Cyber Security Incident Response

In response to the growing cyber-attack threat, incident response teams have become a critical component of an organization's cybersecurity strategy. These teams are responsible for detecting, analyzing, and responding to security incidents promptly and effectively. However, detecting code injection attacks can be particularly challenging, as they can be difficult to detect and often go unnoticed until it is too late. Cybersecurity professionals use detection tools to detect and respond to DLL injection attacks that monitor system activity and detect unusual behavior. A large portion of the related literature focuses on the use of commercial DLL injection tools. In contrast, little attention has been paid to the effectiveness of using open-source DLL injection detection tools. Thus, this research project aims to evaluate the effectiveness of three widely used open-source tools, VirusTotal, Sysinternals, and Yara, in detecting DLL injection incidents. This study's findings highlight each tool's strengths and limitations, which in turn enables cybersecurity professionals to make informed decisions when selecting the most suitable tool for DLL injection detection. Furthermore, the study emphasizes the importance of continuous tool development and updates to keep pace with evolving malware techniques and emerging threats. By highlighting the effectiveness of the tools, this research enhances the overall security posture of organizations and individuals, empowering them to mitigate the risks associated with DLL injection attacks proactively. The outcomes of this research project also underscore the significance of leveraging advanced tools to fortify cybersecurity defenses and safeguard critical systems and data.

Securing the Digital Frontier: Strategies for Cloud Computing Security, Database Protection, and Comprehensive Penetration Testing

This research paper explores the effectiveness of integrated cybersecurity strategies, focusing on the amalgamation of cloud computing security, database protection, and penetration testing into a unified risk management framework. The primary aim is to evaluate how such integration impacts the overall cybersecurity posture of organizations, offering insights into mitigating cyber threats, unauthorized access, and data breaches. Employing a survey-based methodology, the study gathered data from 365 professionals across cloud computing, database administration, and cybersecurity fields. Through descriptive statistics and Partial Least Squares Structural Equation Modeling (PLS-SEM), the research explored the interrelations between various cybersecurity strategies and their collective influence on organizational resilience against cyber threats. The findings underscore the significant benefits of a holistic cybersecurity approach, revealing that penetration testing, robust database security measures, and strict adherence to cloud computing security requirements significantly reduce vulnerabilities and incidents of data breaches. Moreover, the study established that a unified risk management framework substantially enhances an organization's cybersecurity posture, highlighting the critical role of integrated security measures in fostering organizational resilience. The research confirms the hypothesis that incorporating cybersecurity strategies across different domains leads to a synergistic enhancement of security defenses, offering a more robust mechanism against the multifaceted nature of cyber threats. In conclusion, the study advocates for the adoption of a comprehensive, integrated approach to cybersecurity, emphasizing regular penetration testing, stringent database security protocols, and adherence to cloud computing security standards as essential components of a robust cybersecurity framework. This approach not only mitigates the risk of cyber threats but also strengthens organizational resilience, ensuring a secure digital environment for future challenges.

Implementing SIEM(Security Information and Environment Management) in Microsoft Azure

Abstract: In an increasingly interconnected and digital world, the need for robust cybersecurity measures is paramount. Cyberattacks can therefore occur upon any device at any moment of time in order to steal the sensitive information of the user or can result in identity theft and cyberbullying. There are varieties of attacks that may occur without the user being aware about the same that their computer has been attacked and the hacker has overall access of their data. Also, a user cannot sit in front of their device throughout their life to monitor and protect any type of cyberattack. Therefore, in order to solve the following problems and to enhance the overall security and accuracy of safeguarding the device and its data, we implement our project Security Information and Environment Management (SIEM) system within the Microsoft Azure cloud ecosystem. SIEM plays a critical role in monitoring, detecting, and responding to security threats, making it a crucial component of any organization's cybersecurity strategy. To view the notification of the attack for a user and all its details, we therefore connect the SIEM implementations and logs over Microsoft Azure platform, and generate the same with the help of a command-shell Windows PowerShell.

An Integrated Entropy-Weighted Sum Model Technique for Evaluating the Metrics of Cybersecurity under Uncertainty

Businesses and organizations handle large amounts of data that may be accessed unauthorized by hackers, so we need to protect this data and other resources from malicious users. Here comes the role of cybersecurity. Cybersecurity is a multidisciplinary field touching on the technical sciences as well as the social and behavioral sciences. Cybersecurity is the result of intelligent cyberattacks. Cybersecurity is crucial to protecting sensitive data stored on any device due to the increasing amount of information. So, this study evaluates cybersecurity using neutrosophic multi-criteria decision-making (MCDM) techniques such as entropy to obtain weight and the weighted sum model (WSM), for ranking and obtaining the best digital footprint of modern organization's cybersecurity. The cybersecurity estimation issue illustrates the validity and great performance of the presented method as (1) its capability to deal with uncertainty phenomena (2) its straightforwardness; and (3) its heightened capacity to discern alternatives. The presented case study shows that the best alternative of this study is A3 which refers to (Digital supply chain risk) as the best one of all alternatives.

Bridging knowledge gap: the contribution of employees’ awareness of AI cyber risks comprehensive program to reducing emerging AI digital threats

Purpose In the modern digital realm, while artificial intelligence (AI) technologies pave the way for unprecedented opportunities, they also give rise to intricate cybersecurity issues, including threats like deepfakes and unanticipated AI-induced risks. This study aims to address the insufficient exploration of AI cybersecurity awareness in the current literature. Design/methodology/approach Using in-depth surveys across varied sectors (N = 150), the authors analyzed the correlation between the absence of AI risk content in organizational cybersecurity awareness programs and its impact on employee awareness. Findings A significant AI-risk knowledge void was observed among users: despite frequent interaction with AI tools, a majority remain unaware of specialized AI threats. A pronounced knowledge difference existed between those that are trained in AI risks and those who are not, more apparent among non-technical personnel and sectors managing sensitive information. Research limitations/implications This study paves the way for thorough research, allowing for refinement of awareness initiatives tailored to distinct industries. Practical implications It is imperative for organizations to emphasize AI risk training, especially among non-technical staff. Industries handling sensitive data should be at the forefront. Social implications Ensuring employees are aware of AI-related threats can lead to a safer digital environment for both organizations and society at large, given the pervasive nature of AI in everyday life. Originality/value Unlike most of the papers about AI risks, the authors do not trust subjective data from second hand papers, but use objective authentic data from the authors’ own up-to-date anonymous survey.

The influence of work overload on cybersecurity behavior: A moderated mediation model of psychological contract breach, burnout, and self-efficacy in AI learning such as ChatGPT

In today's rapidly evolving digital landscape, organizations face the critical challenge of safeguarding their sensitive information and systems from an ever-increasing array of cybersecurity threats. As employees play a crucial role in maintaining organizational cybersecurity, it is essential to understand the factors that influence their cybersecurity behavior. This study investigates the impact of work overload on employee cybersecurity behavior, exploring the sequential mediating effects of psychological contract breach and burnout, as well as the moderating role of self-efficacy in AI learning. Drawing upon the Job Demands-Resources (JD-R) model, Conservation of Resources (COR) theory, and Social Cognitive Theory, we propose a moderated mediation model to elucidate the complex relationships among these variables. To test our hypotheses, we conducted a three-wave survey study involving 363 employees from various sectors in South Korea. Data was collected using an internet-based survey platform, and the study employed stratified random sampling to reduce sampling bias. Results from structural equation modeling (SEM) analyses revealed that work overload indirectly impacts cybersecurity behavior through the sequential mediation of psychological contract breach and burnout. Furthermore, self-efficacy in AI learning such as ChatGPT was found to moderate the relationship between work overload and psychological contract breach, acting as a buffer to mitigate the negative effects of work overload. This study contributes to the existing literature by addressing several research gaps. First, it provides a comprehensive examination of the impact of work overload on employee cybersecurity behavior. Second, it investigates the underlying psychological processes (i.e., psychological contract breach and burnout) that explain the relationship between work overload and cybersecurity behavior. Third, it explores the moderating role of self-efficacy in AI learning such as ChatGPT, an understudied factor in the context of work overload and cybersecurity behavior.

On Data Leakage Prevention Maturity: Adapting the C2M2 Framework

In an evolving cybersecurity landscape marked by escalating data breaches and regulatory demands, data leakage prevention (DLP) has emerged as one of several defense mechanisms. This study underscores unresolved foundational issues within DLP, revealing that it remains a significant challenge in large organizations. This highlights the necessity for a holistic approach to DLP to effectively address these persistent challenges. By developing a DLP Maturity Model, adapted from the renowned C2M2 framework, this research provides a comprehensive tool for assessing organizational DLP capabilities and pinpointing critical gaps. Applying the DLP Maturity Model within the financial sector as demonstrated through a banking scenario showcases its relevance and added value. This application illuminates the model’s effectiveness in securing sensitive data and adhering to essential regulatory standards, highlighting its adaptability across various compliance landscapes. Implementing this DLP Maturity Model in a banking scenario showcases its applicability, highlighting its ability to formulate a strategy to secure sensitive data and comply with regulatory standards. This approach aligns with the concept of a continuous risk-based strategy, merging the holistic model to identify and address critical insider risks within organizations. The study addresses a specific gap in DLP research, notably the lack of a holistic framework for assessing and enhancing DLP strategies across organizations. It equips practitioners with a foundational tool to determine current DLP maturity and devise strategies for mitigating insider-driven data breach risks, thereby bolstering organizational cybersecurity resilience.

The Influence of Governmental Support on Cyber-Security Adoption and Performance

The accelerated cyberattacks presents a severe challenge to the companies, as they seem unprepared to confront the threat of cyberattacks, they will suffer enormous losses and have their performance suffer as a result. To better serve its population and communities, Kuwait will have improved and updated its national infrastructure by 2035. This study examines how the governmental top management support, cyber security readiness, and technology readiness affect employee's organizational security adoption intentions in Kuwait governmental organizations and realization of its benefits. The quantitative method was employed in this work. The study found that top management support influencing organizational security performance mediating by cyber security readiness and technology, which affects the tangible and intangible benefits. This study can help policy makers in governmental organizations to improve cyber security adoption. The findings of this study may be utilized for enhancing the sustainability of cyber security in governmental organizations in Kuwait.

Utilization and Sharing of Cyber Threat Intelligence Produced by Open-Source Intelligence

Open-source intelligence (OSINT) is crucial for enhancing organizational cybersecurity by proactively identifying and mitigating potential threats using publicly available information. This study, part of the DYNAMO project, explores the production of cyber threat information (CTI) through OSINT, its application in safeguarding against cyber threats, and the necessary elements for secure information exchange between organizations. The authors employed an integrative literature review of various sources, including industry literature, articles, blog posts, studies, and organizational websites, which were then systematically analyzed using content analysis. The research focuses on OSINT tools and techniques emphasizing the need for expertise in discerning relevant data and respecting privacy rights. Human judgment is highlighted as crucial in ethical decision-making despite the significant role of technology in data collection. Platforms like the Malware Information Sharing Platform (MISP) facilitate the sharing of threat information, promoting prevention and identification of cyber-attacks. Ethical considerations, adherence to data protection legislation, and compliance with directives like the revision of the Network and Information Security Directive (NIS2) and artificial intelligence regulations are paramount. In conclusion, OSINT is a valuable tool for cybersecurity, requiring expertise, transparent processes, and a balanced integration of technology and human skills. The ethical dimensions of OSINT and the role of artificial intelligence merit separate in-depth studies.