Cyber Security, Compliance, And Business Continuity

IT Infrastructure Management: Astra Zeneca Case Study

Cyber Security

Discuss about the IT Infrastructure Management for Astra Zeneca Case Study.

1. 1. AstraZeneca is the leading biopharmaceutical company. In July, 2007, this company signed an outsourcing agreement for seven years with IBM. The total contract was of 1.4 billion dollars. The extensive SLA involved 32 schedules and 90 clauses for governing provision of the IT infrastructure services to respective 60 countries. AstraZeneca terminated SLA on 8^th April, 2011. However, the court took the side of AstraZeneca. As per the CIO of the organization, the outsourcing deal with IBM enabled a specific consistent infrastructure in every global site. Thus, new technologies, applications and reporting system were effectively rolled out. Due to the outcome based specifications, the deal was a failure. The main mistake that this company made was the rapid change of their business and this contract did not have the ability to deal with the pace.
2. 2. AstraZeneca was not only the guilty convicted in the failure of the contract. IBM was also a part of it. The main mistake that IBM made was making an extremely large and long term outsourcing contract of IT and thus IBM was also responsible for this. They should have understood the business strategies of AstraZeneca and the fact that the business changes rapidly.
3. 3. Due to the large size of a deal, it is difficult to change the contract as the vendor accrues their profit from any deal. When the outsource deals are huge, the vendors make huge investments within the first two years since their service is customized and set up. Next, the respective vendors expect profit margins in two to three years and hence the extremely larger deals are for minimum of five years.
4. 4. AstraZeneca and IBM had made major mistakes for making such huge contracts of 1.4 billion dollars. The main motive of these two major corporations was to make maximum profit for their businesses. The only thing that they did not consider was the constraints or problems that would have been possible for the contract. Since, the contract was an extremely large and outsourcing IT deal, it suffered major problems and thus both the companies have to settle with legal court case. The technical problems were not taken into consideration and thus their strategy failed.
5. 5. The 2007 SLA or service level agreement was doomed to fail as there were some of the constraints from the beginning of the deal. The first and the foremost constraint was the extremely large IT outsourcing deal. Although, the contract was for seven years, it became a failure in four years. The deal consisted of utilization of specifications that were based on outcomes and these specifications were utilized for encouraging the innovation within vendors. Thus, this SLA was doomed to fail.
6. 6. After the failure of the IT contract with IBM, AstraZeneca undertook another new strategy to work with the vendors of IT, which focuses on the rapid actions on various technical problems within any specific cooperative structure. This model replaced the previous model and comprises of various principles. One of them is “fix first, pay later”. This specifically means that if type of problem occurs, the company and vendors can easily fix it by not asking about expenses. Hence, both the parties would be saved.
7. 7. AstraZeneca eventually agreed for faster payment in case of any IT problem to vendor. If any type of conflict occurs in contract, both of these parties could appeal to the independent arbiter, who could oversee the policy of cooperation. Thus, legal cases can be avoided. 

Cyber Security, Compliance and Business Continuity

Abstract: The main aim of this paper is to understand the entire concept of cyber security, its compliance and business continuity. Cyber security is the proper protection of various computer systems from any type of damage or theft to the hardware, information and software. It also helps to protect from disruption or misdirection of services. Compliance refers to any type of rules or regulations, or specified standards for any situation or case study. The cyber security compliance is the collection of various services for creating or adapting the security strategy properly. The final part of the paper describes about the effect of cyber security in business continuity.

Index terms: Cyber security, compliance, business continuity, cyber threats, cyber attacks.

Cyber security or computer security is responsible for protecting all types of threats like theft, damage or disruption or services to the software, hardware as well as any type of confidential information (Von Solms & Van Niekerk, 2013). This type of security is extremely important for all types of organizations. Cyber security even includes controlling any kind of physical access to the hardware and thus protecting against the harm that is coming through access of network, data injection or code injection. Moreover, for the malpractices by the operators, this type of security is highly susceptible in being tricked and thus deviation from the secured procedures occurs. The malpractices can either be intentional or accidental (Wang & Lu, 2013). The following paper will be outlining a brief description on cyber security, its compliance and business continuity. The various cyber threats and cyber attacks will be provided here. Furthermore, the compliance of cyber security and the effect of cyber security on business continuity will also be described in the paper.

Cyber threats are the most dangerous threats for any type of system or computer. All organizational systems are vulnerable to these types of threats in their business (Hahn et al., 2013). Cyber attacks are the specific kinds of offensive maneuvers that are employed by various nations, states, society, groups, individuals and organizations, which eventually target the computer information, computer networks, systems, computer devices or computer infrastructures. These types of attacks target the systems by simple means of any type of malicious activity that has originated from unknown sources for the purposes of stealing, destroying and altering the information by hacking (Amin et al., 2013). The most vulnerable types of cyber threats that are extremely popular in cyber world are given below:

1. i) Virus: This is the first and the foremost cyber threat for any specific system. It is the type any malicious software program that is when executed, eventually replicates itself by the simple modification of all other computer program and thus inserting its own particular code (Elmaghraby & Losavio, 2014). As soon as this replication is being completed, all the affected areas are claimed as infected with the specific computer virus. The hackers or the attackers are responsible for creating such havoc in any system, when they inject the affected code within the system. Moreover, clicking on any type of infected website can also cause virus attack. Security vulnerabilities are exploited in this case and the systems are infected for the purpose of spreading the virus (Buczak & Guven, 2016). This type of cyber threat is recently causing more than 10 billion dollars damage in each year.
2. ii) Malware: The second significant cyber threat or vulnerability is malware. It is the type of malicious software that is the variety of various intrusive software like worms, ransom ware, Trojan horses, worms, spyware and many more (Sommestad, Ekstedt & Holm, 2013). This particular cyber threat can easily take up the form of scripts, executable codes, other software and active content. It could be easily defined with the malicious intent and thus acting against the computer user requirements. The malware does not involve any software, which causes the unintentional harm for some kind of deficiency. These types of programs are supplied by the hacker for the purpose of either slowing down the system or hacking the system (Dunn Cavelty, 2013). The user is responsible for installing the malware software within the system. This cyber threat is extremely dangerous for any user.

Cyber Threats

Phishing: The third significant cyber threat for any type of computers or systems is phishing. It is the core attempt of hackers for obtaining confidential or sensitive information like passwords, usernames, bank account details, credit card credentials and many more (Wells et al., 2014). These types of information are obtained for malicious causes by simply disguising as one of the most important trustworthy entity within any specific electronic communication. The cyber threat of phishing is eventually carried out either by instant messaging or email spoofing, thus directing the users for entering personal information within a fake web site. The look as well as feel of the web site is completely identical to the legitimate web site and the only difference between them is for the web site URL (Sou, Sandberg & Johansson, 2013). The main victims for this type of cyber threat are the IT administrators, banks, auction sites social web sites and online payment processors.

1. iv) Denial of Service Attacks: Another significant cyber threat for any computer system is the denial of service attack (Cavelty, 2014). It is the type of cyber attack, where the attacker seeks into the machine or resources of network that are unavailable to the specific users either by disrupting the host services or by disrupting the networks that are connected to the Internet. The denial of service is eventually accomplished by means of flooding the typical resource or machine with various requests and thus overloading the systems or preventing all types of legitimate requests (McGraw, 2013). In case of distributed denial of service or DDoS attacks, various computers are involved in the denial of service attacks.
2. v) SQL Injection Attacks: The next type of cyber threat is the SQL injection attack. This type of attack mainly targets the servers or databases that have stored critical and confidential data (Gupta, Agrawal & Yamaguchi, 2016). The attack is done by the help of malicious code for getting the server in divulging information that should not be divulged. Various credentials like passwords, usernames or credit card numbers are targeted in this type of attack.
3. vi) Man in the Middle Attacks: The other name of this attack is session hijacking. The hacker remains in between the authorized user and information, thus altering the confidential information eventually. This is extremely dangerous for the users or systems.

All the above mentioned attacks could be controlled by various methods of cyber security (Hong, Liu & Govindarasu, 2014). The most important as well as significant methods of cyber security are as follows:

1. i) Encryption: The first and the most important way of cyber security is encryption. It is the procedure to encode any message or information in a specific manner, where only authorized parties could access the data and the unauthorized parties could not do it (Abawajy, 2014). Encryption prevents the unauthorized access and comprises of two algorithms, which are symmetric as well as asymmetric algorithm. This algorithm converts the plain text to cipher text and only the key can open the file.
2. ii) Antivirus: The second type of cyber security is the antivirus software. It the particular computer program that secures the system and thus any type of cyber threat is restricted (Ben-Asher & Gonzalez, 2015). The malware could be easily prevented, detected as well as removed with the help of antivirus. Browser hijackers and Trojan horses are easily stopped with the help of this software.

Firewalls: The third method is the firewall. It is the specific system for network security, which monitors as well as manages the incoming or outgoing traffic of network (Amin et al., 2013). The firewall is established by a barrier within the trusted internal network and the untrusted external networks. As the name suggests, firewall detects and prevents the entry of any type of cyber threat.

1. iv) Access Control: The controlling of access to the software is also an important step for preventing any type of cyber threat to the systems.
2. v) Passwords: Enabling as well as changing of passwords is also an important step for securing and preventing any type of cyber threat or cyber attack (Knowles et al., 2015). Passwords restrict the access to the system or software.
3. vi) Restricting Access to Physical Devices: The physical access to the various devices should also be restricted or limited for stopping the cyber threats or attacks. The denial of service attacks are stopped or mitigated with the help of this cyber security.

The various rules or regulations that help to maintain the cyber security are collectively known as compliance (Cherdantseva et al., 2016). The business continuity is the proper planning as well as preparation for ensuring the fact that any organization could easily continue in operating in various incidents or disasters and has the ability in recovering to the operational state within a short period. There are three elements for any business continuity. They are the resilience, recovery and contingency. These three elements are utilized for understanding the exact position of the business (Czosseck, Ottis & Talihärm, 2013). The critical functions of the business as well as the supporting infrastructure are designed in such a method that the redundancy of the data is resolved. Cyber security helps in maintaining the business continuity and hence reducing the typical disasters related to cyber world. All the above mentioned cyber security methods are useful for the business.

Cyber Attacks

Regarding compliance, there are various standards for cyber security that are useful for the business (Gupta, Agrawal & Yamaguchi, 2016). These are various techniques, which attempt in protecting the cyber environment of the users or business. The main objective of these standards or compliances is to diminish the cyber risks or threats, which includes the mitigation or prevention of any cyber threat or attack. These are various published materials, consisting of the security concepts, guidelines, and approaches of risk management, policies, technologies, security safeguards, assurance, actions, trainings and many more (Hong, Liu & Govindarasu, 2014). If any of this compliance is violated by the employees or staffs, legal actions are to be taken against them. Thus, the vulnerability is restricted.

Hence, the business continuity is maintained by the implementation and application of compliance.

Conclusion

Therefore, from the discussion, it can be concluded that cyber security is one of the most important requirements in any computer or system for the purpose of securing it from all types of cyber threats or cyber attacks and also digital disruption or physical access to the hardware or any such equipment. This type of security is the collection of various technologies, processes as well as practices that are designed for protecting the networks, confidential data, information, programs and computer systems from damages, attacks or any type of unauthorized access. Security involves both physical security and cyber security. The most significant elements of this cyber security mainly include information security, network security, application security, disaster recovery, operational security, business continuity planning and end user education. The most dangerous element of the cyber security is the constant evolving nature of the security threats. Cyber security has various rules or compliance and also o the business continuity. The above paper has proper described about the various cyber threats, cyber security, effect on business continuity and cyber security compliance. Significant details are provided in the paper.

References

Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), 237-248.

Amin, S., Litrico, X., Sastry, S. S., & Bayen, A. M. (2013). Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models. IEEE Transactions on Control Systems Technology, 21(5), 1679-1693.

Amin, S., Litrico, X., Sastry, S., & Bayen, A. M. (2013). Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks. IEEE Transactions on Control Systems Technology, 21(5), 1963-1970.

Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 51-61.

Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176.

Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities. Science and Engineering Ethics, 20(3), 701-715.

Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & security, 56, 1-27.

Czosseck, C., Ottis, R., & Talihärm, A. M. (2013). Estonia after the 2007 cyber attacks: Legal, strategic and organisational changes in cyber security. Case Studies in Information Warfare and Security: For Researchers, Teachers and Students, 72.

Dunn Cavelty, M. (2013). From cyber-bombs to political fallout: Threat representations with an impact in the cyber-security discourse. International Studies Review, 15(1), 105-122.

Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), 491-497.

Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global.

Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on Smart Grid, 4(2), 847-855.

Hong, J., Liu, C. C., & Govindarasu, M. (2014). Integrated anomaly detection for cyber security of the substations. IEEE Transactions on Smart Grid, 5(4), 1643-1653.

Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 9, 52-80.

McGraw, G. (2013). Cyber war is inevitable (unless we build security in). Journal of Strategic Studies, 36(1), 109-119.

Sommestad, T., Ekstedt, M., & Holm, H. (2013). The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures. IEEE Systems Journal, 7(3), 363-373.

Sou, K. C., Sandberg, H., & Johansson, K. H. (2013). On the exact solution to a smart grid cyber-security analysis problem. IEEE Transactions on Smart Grid, 4(2), 856-865.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.

Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5), 1344-1371.

Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security challenges in manufacturing systems. Manufacturing Letters, 2(2), 74-77.