October 13th, 2023 meeting

DATE:October 13th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Sophos, 777 Dunsmuir St #1400, Vancouver, B.C. V7Y 1K4
Zoom Online meeting
TOPIC:Investigating the Reasons why Small and Medium Enterprises (SMEs) are not Using the Existing Cybersecurity Frameworks such as the NIST CSF: A Qualitative Exploratory Study Using the Delphi Data Collection Method
This is an in-person event, with a Zoom session for remote participants. Guests must take the elevator to the 14th floor and go past reception to the 15th floor.


In this presentation, Dr. Lloyd Jura will talk about two things; his journey to obtaining a Ph.D. in Information Technology with a Cybersecurity concentration and secondly, he will present the findings of his research.

Dr. Jura’s exploratory qualitative study aimed to establish why small to medium enterprises (SMEs) are not adopting existing cybersecurity frameworks and establish motivating factors that SMEs can adopt by interviewing twenty-one cybersecurity subject matter experts. SMEs are not as prepared to deal with attacks as large enterprises and are not adopting cybersecurity frameworks like the NIST CSF. Current literature on cybersecurity framework adoption focused on large enterprises that excluded SMEs, even though breaches are increasingly happening to SMEs compared to large corporations. The research used the Self-determination Theory (SDT). SDT is one of the significant theories in human motivation, and its development and improvement over the years have been motivated by the desire to understand what motivates employees (Gagné, 2014). Self-determination Theory promotes “perceived autonomy, competence, and relatedness” (van Haastrecht et al. 2021, p. 1).


Dr. Lloyd Jura, an Assistant Professor at the New York Institute of Technology (NYIT) Vancouver Campus and an entrepreneur running Jura Technologies, Inc., is an accomplished expert in Governance, Risk, and Compliance (GRC) with over 25 years of industry experience. In his academic and professional pursuits, he aims to influence GRC and cybersecurity awareness training. Dr. Jura’s interdisciplinary background in information technology, business administration, and cybersecurity informs his research, focusing on governance, risk management, and compliance strategies in modern business environments. He is well-versed in frameworks like PCI-DSS, SOC 2, NIST CSF, and ISO 27001, and has led teams managing cybersecurity, data protection, and compliance programs in organizations such as Fraser Health Authority, ICBC, Vivonet, IBM Canada, and TELUS Security Solutions.