Designing a Model of Cybersecurity Strategies in Information Technology Services
Keywords:
Cybersecurity, IT Services, Cybersecurity Strategy, Data-Based Theory, Paradigmatic ModelAbstract
This study was conducted with the aim of designing a model of cybersecurity strategies in information technology services. The statistical population included academic experts and specialists in the fields of cybersecurity and information technology, and purposeful and snowball sampling was used, and data were collected through 15 in-depth semi-structured interviews. Data analysis was conducted through open, axial, and selective coding stages. In order to validate the findings, strategies such as coding by two researchers, peer review, member moderation, and calculating Cohen's kappa coefficient (86.9 percent) were used. The research findings led to the identification of a set of causal, contextual, and intervening conditions that, in interaction with each other, explain the formation of the central category of "integrated cybersecurity strategy in information technology services."Also, strategies were identified at three levels: governance and policymaking, technical and operational, and human and interaction, whose implementation leads to outcomes such as improving the level of security, continuity and sustainability of IT services, increasing stakeholder trust, improving organizational maturity, and creating competitive advantage. In summary, the present study, by presenting a data-based, integrated, and context-based model, covers the theoretical gap in the cybersecurity literature and can be used as a practical framework for managers, policymakers, and researchers in the field of IT services.
References
Abdelwahed, S. H., Hefny, I. M., Hegazy, M., Said, L. A., & Soltan, A. (2025). Survey of IoT Multi-Protocol Gateways: Architectures, Protocols, and Cybersecurity. Internet of Things, 33, 101703. https://doi.org/10.1016/j.iot.2025.101703
Ahmed, I., Hossain, N. U., Fazio, S. A., Lezzi, M., & Islam, M. S. (2024). A Decision Support Model for Assessing and Prioritization of Industry 5.0 Cybersecurity Challenges. Sustainable Manufacturing and Service Economics, 3, 100018. https://doi.org/10.1016/j.smse.2024.100018
Ali, S., Wang, J., Leung, V. C. M., Bashir, F., Bhatti, U. A., Wadho, S. A., & Humayun, M. (2025). CLDM-MMNNs: Cross-Layer Defense Mechanisms Through Multi-Modal Neural Networks Fusion for End-to-End Cybersecurity—Issues, Challenges, and Future Directions. Information Fusion, 122, 103222. https://doi.org/10.1016/j.inffus.2025.103222
Capaccioli, A., Urciuoli, L., Di Ciommo, F., Rondinella, G., Giorgi, S., & Hueting, R. (2023). Including the Excluded: How Can Design of Digital Delivery Service Address Cybersecurity Concerns of Vulnerable Users? Transportation Research Procedia, 72, 2604-2611. https://doi.org/10.1016/j.trpro.2023.11.791
Cappelletti, F., & Papakonstantinou, V. (2025). A Question of Strategic Legislation: Can the EU Deal with Cybersecurity Issues in Space? Telecommunications Policy, 49(5), 102954. https://doi.org/10.1016/j.telpol.2025.102954
Chidukwani, A., Zander, S., & Koutsakis, P. (2024). Cybersecurity Preparedness of Small-to-Medium Businesses: A Western Australia Study with Broader Implications. Computers & Security, 145, 104026. https://doi.org/10.1016/j.cose.2024.104026
Dominguez-Jimenez, J. J., Gomez Sanchez, R., Medina-Bulo, I., Boubeta-Puig, J., Rodriguez-Garcia, M., Munoz-Ortega, A., Balderas-Diaz, S., Guerrero-Contreras, G., Silva-Ramirez, E. L., Rosa-Bilbao, J., Luna-Ramos, P., Carretero Henares, J. J., Molina Cabrera, A. J., Fuentes Landi, G., & Torres Gomez, P. (2024). SEADETEC: Advanced Service for Early Detection of Cybersecurity Events. Heliyon, 10(19), e37893. https://doi.org/10.1016/j.heliyon.2024.e37893
Hosseingholipour, M. (2025). Information Security Management Strategies to Counter Cyberattacks in Computer Networks. Twenty-Fourth National Conference on Applied Research in Electrical, Computer, and Biomedical Engineering Sciences,
Huang, J., & Murthy, U. (2024). The Impact of Cybersecurity Risk Management Strategy Disclosure on Investors' Judgments and Decisions. International Journal of Accounting Information Systems, 54, 100696. https://doi.org/10.1016/j.accinf.2024.100696
Moghaddasi, A. (2022). Cyber Deterrence Strategies in the Context of Information and Communication Technology. Fifth National Conference on Modern Technologies in Electrical, Computer, and Mechanical Engineering of Iran,
Nguyen, P. H., Pham, T. V., Nguyen, L. A. T., Pham, H. A. T., Nguyen, T. H. T., & Vu, T. G. (2024). Assessing Cybersecurity Risks and Prioritizing Top Strategies in Vietnam's Finance and Banking System Using Strategic Decision-Making Models-Based Neutrosophic Sets and Z Number. Heliyon, 10(19), e37893. https://doi.org/10.1016/j.heliyon.2024.e37893
Omrani, M. (2025). Analysis and Review of Organizational Information and Data Protection and Cybersecurity Using Modern Information and Communication Technologies (ICT) in Municipalities. Quarterly Journal of New Research in Management and Accounting, 6(12).
Rampasek, M., Mesarcik, M., & Andrasko, J. (2024). Evolving Cybersecurity of AI-Featured Digital Products and Services: Rise of Standardisation and Certification? Computer Law & Security Review, 56, 106093. https://doi.org/10.1016/j.clsr.2024.106093
Turegun, N. (2024). Digital Transformation and Cybersecurity Risks. International Journal of Accounting Information Systems.
Downloads
Published
Submitted
Revised
Accepted
Issue
Section
License
Copyright (c) 2026 Amin Moghimi (Author); Ahmad Reza Kasraei; Sina Abuei Mehrizi, Hedeyeh Divsalar (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
