Discuss about the Cyber Defence and Cyber Warfare.
The management of the information technology is a critical issue regarding the proper deployment of the information technology infrastructure. The control of the information technology in the organization includes different issues like maintaining the cyber security, adequate monitoring of the system. To manage the IT infrastructure properly, there are specific steps and the planning are needed to be followed by the organization (Ashok et al. 2015). The primary objective of this paper is to evaluate the security and the risks associated with the implementation of the cyber system in a selected organization. The chosen, in this case, is Abu Dhabi Commercial Bank, which is a prominent organization in the banking sector of UAE. The primary objective of this paper is to evaluate the project management planning to maintain the cyber security in the organization. In this context, the reference of the cyber security system and the managing plan has been discussed at Abu Dhabi Commercial Bank. The discussion in the paper provides the proper guideline or the roadmap for the implementation of the cyber security and the data security in the organization. Along with that it also helps to give the ways those are effective in the elimination of the security threats and the risks associated with the cyber security in the organization.
The proper implementation of the cyber security can be carried out through the application of the project management processes. Abu Dhabi Commercial bank has adopted the IT project management processes to implement the cyber security in the organization.
The IT project management process consists of the distinct steps or the stages which ensures the IT project will deliver the right come, meeting all the requirements of the clients. There are five phases of the project IT project management (Han et al. 2017). The first phase includes the gathering of the requirements and the documentation of the elements. The requirement gathering phase is essential to phase, and the clarity in the condition reduces the chances of scope creep in the project management. Abu Dhabi Commercial bank has gathered the requirements at the beginning of the project planning. This helps the bank to understand the security system that is needed to be implemented. The planning and the designing phase follow the requirement gathering phase. The planning phase includes the planning or making the blueprint for the execution based on the requirements. The third phase of the process is the execution based on the plan. The monitoring and the control phase include the evaluation of the performance of the project. The project closes with the closing stage.
The information management system is the database; manages all the business information related to the financial and operational matters. The managers can obtain reports and the feedback through the use of the information management system. Abu Dhabi Commercial bank uses the information management system to get the financial information regarding the business of the bank. The information management system helps to manage the data in the Abu Dhabi Commercial Bank to maintain the economic data and get the forecast of the economic issues and matters (Slay 2016). Information management system collects data from different electronic checkout counters and periodic intervals. The regular reports are run on the ranges and data are provided on demand to the project managers in the bank.l:
Project planning and control deals with the preparation of the execution of the project and monitoring the performance of the project. The development of the project mainly focuses on the making of the blueprint for the implementation of the plan (Van den Berg et al. 2014). The planning is based on the requirements those were documented at the initial phase of the project management (Kim, Park and Lim 2015). The implementation of the cyber security system at Abu Dhabi commercial bank has gone through the planning phase that includes the fulfillment of all the requirements needed for the banking system (Lee et al.2015). The planning phase ensures the execution of the cyber security system will ensure that the transaction of the data in the banking system will be secured and the confidential data of the consumers will be safely handled by the banking authority (Mierzwa and Scott 2017.). The planning phase also ensures that the unauthorized users will not access all the systems running in the bank.
The control phase includes controlling and monitoring the performance of the system. The Abu Dhabi Commercial bank ensures that the project regarding the cyber security has been implemented correctly and the system those are supporting the newly implemented security measures is working correctly (Kuusisto and Kuusisto 2016). The planning phase has its significance in the project management as it helps the project managers to understand the quality and the performance of the newly implemented system. In case, if it is known that the system is not meeting all the requirements and not working correctly, the further modification is needed to be made on the project.
Staffing and costing of the project is an essential factor for the success of the project. The staffs, in this case, the crews are the members of the project management team of the Abu Dhabi Commercial bank. The selection of the project team members is needed to be chosen in a right way so that each of the team members has the proper knowledge of the domain of the project. In this case, the sharing of the awareness among the team members will result in the choice of the best option for the compilation of the project (DiMase et al. 2015). Abu Dhabi Commercial bank has chosen the group of employees who have the sound knowledge about the cyber security and threats related to it (Pangulur, Nelson and Wyman 2017). The experience of the cyber security has helped the team members to understand the possible risks and the threats related to this domain, based on that the project team has implemented the implementation of the solution.
The costing of the project is another issue. Every organization granted a specific amount of the budget for the particular project. The managers and the higher authority of the Abu Dhabi Commercial bank have also given a budget of the specific amount for the implementation of the cyber security in the banking process. The primary target for the project development team is to complete the project within the budget. To do this the following of the project management lifecycle is essential for the project development team. The planning of the project management aims to deliver the right outcome cost-effectively.
The information system security aims to protect the data and the information stored in the system of the organization. It is the responsibility of the organization to protect the confidential and the sensitive data. In the context of the information security, the cyber security can be discussed (Min, Chai and Han 2015). The information security and the cyber security overlap partially as the cyber security is related to maintaining the safety of the sensitive data transmitted through the internet (Benzel 2015). During the implementation of the project, maintenance of the cyber security and information security will be an essential subject (Carter 2016). Abu Dhabi Commercial bank deals with the sensitive data regarding the bank and the consumers of the bank. Data breaches in the bank are not desirable. In this context, the bank took some security measures for the implementation and maintaining the cyber security during execution of the project.
Security threats and the information vulnerabilities can of different types like the breaching of data, modification, insertion or deletion of the information by the unauthorized access.
One of the main threats from the cybercrime is the data breaching. The data breaching can be done through the unauthorized access to the systems of the organizations. The data breaching enables the entrance of the confidential information of the organization and its clients to be exposed, which is a significant security threat for the business of the organization.
Cybercrime can be regarded as the emerging risks. Presently, the word is becoming more dependent on the internet; in this context the cyber security risks are increasing rapidly (Okubo et al.2016.). The companies and the individuals can be affected from the cyber security risks both directly and indirectly (Bang, Jung and Lee 2017). To mitigate the effects of the cybercrime, specific strategies are needed to be taken during the implementation of the project management (DuBow et al. 2016 ). The identification of the risks will help the developer and the project managers to implement the solutions applicable to mitigate those risks. Some of the ways those can help to reduce the risks from the cybercrime are-
Multi criteria Decision Framework for Cyber security Risk Assessment and Management:
The data security is partially overlapped with the cyber security. The data security concerns the excellent maintenance of the information stored in the organization. The violation of the information security by some external entities can be regarded as the cybercrime. Some of the roadmaps and strategies can be taken to mitigate the risks.
Multi-criteria decision making framework can be achieved through the use of DECRIS approach. The process of the DECRIS follows the mentioned approach:
There are various risk assessment methodologies preset for the evaluation and mitigation of the risks related to the cyber security. Some of these methodologies are-
In this method, all the plans are cover ECIP (Enhanced Critical Infrastructure Protection). The collection of the reliable data supports all the arrangements under this cover. It facilitates 18 infrastructure sectors and the approach in this case sectored approach is followed.
Baseline protection plan has been issued by the Federal Ministry of Interior of Germany. This is a risk assessment methodology that helps to make the communication between the infrastructure operators and the states. The primary function of this methodology is to assess the risk in critical infrastructure.
The security management in the enterprise includes implementing and managing the procedure and plans those will support the security system of storing and processing the data in the organization. There are specific methodologies those can be followed to implement the cyber security management. The different governing bodies create different methods.
There are six steps those can act as the strategies for the control of the cyber security. These ares-
Steps to integrate these strategies into enterprise cyber security:
Some of the actions those can be helpful for the integration of the policy into enterprise cyber security system:
Understanding Human Factors affecting the cyber security:
The human factors play a significant role in maintaining the cyber security in the dynamic system. The violation of the security can be happened due to the lack of attention of the people. Sometimes the security breaches are done by the internal employees of the organization.
Information systems security governance and auditing
The role of internal audit and user training in information security policy compliance: The improved audit practices will help to improve the cyber security systems and will help to counter the risks associated with the cyber security (Shackelford and Bohm 2016). The auditors of the information security can take two roles in mitigation of the security risks in the cyber system. They can identify the risks and evaluate the risks, and they can advise the users about the dangers.
The importance of organization governance for Information systems and cyber security
If the government is not able to properly secure the information systems in the organization, then it may hamper the daily working of the organization. Other than this the organization may get easily hampered. The government must be efficient in discovering the threats. Management authority must be competent to protect the integrity of the data’s that are stored in the systems of the organizations. The confidentially of the data is also one of the other factors that are the responsibility of the governance. Other than this the management must also be efficient enough making the data available to which it is meant.
The use of project risk management tools to manage and protect enterprises, infrastructure and project against cybercrime
Use of project risk management tools against the cyber security:
Risk management tools:
The risk management tools those are necessary to secure an information system and from the cyber world are:
Risk identification: This is one of the primary tools that can be used to protect the data from the cyber world. There also some significant risk identification tools that are used for the risk identification.
Other than this some of the different techniques that are used for the analysis of the risk assessments are cause analysis which is recognizing a problem, learning the causes that led to it and developing preventive action. Analysis of checklists is also an important technique that is used for the analyzing the risk in the purpose of the analyzing risks. Swot analysis can also be used to explain the risks in an organization.
Techniques for managing the risks against the cybercrime in the organization:
Securing an information system is one of the vital things to be done by any governing body of any organization. The first action for any management program is to implement the security protocols for the organization correctly. Some of the significant security options that an organization must achieve are
Conclusion
There are various ways and methods for the evaluation and analysis of the cyber security risks in the organization. The discussion revolves around different issues in maintaining the sustainability in the cyber security system in the organization. The example, in this case, is taken from the implementation of the cyber security in the Abu Dhabi Commercial Bank. It can be concluded from the above discussion that the application of the correct cyber security methodology and the framework will help the decision making process regarding the cyber security plans in the organizations.
References
Ashok, A., Wang, P., Brown, M. and Govindarasu, M., 2015, July. Experimental evaluation of cyber attacks on automatic generation control using a CPS security testbed. In Power & Energy Society General Meeting, 2015 IEEE (pp. 1-5). IEEE.
Bang, S.W., Jung, B.S. and Lee, S.C., 2017. Research on financial institutional network partition design for anti-hacking. Journal of Computer Virology and Hacking Techniques, 13(4), pp.257-263.
Benzel, T., 2015. A strategic plan for cybersecurity research and development. IEEE Security & Privacy, 13(4), pp.3-5.
Carter, A., 2016. DoD Cybersecurity Discipline Implementation Plan. Department of Defense Washington United States.
DiMase, D., Collier, Z.A., Heffner, K. and Linkov, I., 2015. Systems engineering framework for cyber physical security and resilience. Environment Systems and Decisions, 35(2), pp.291-300.
DuBow, J. and Meyer, D., Fulcrum IP Services, LLC, 2016. System and method for implementation of cyber security. U.S. Patent 9,401,926.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F., 2016. Decision support approaches for cyber security investment. Decision Support Systems, 86, pp.13-23.
Han, J.W., Hoe, O.J., Wing, J.S. and Brohi, S.N., 2017, December. A Conceptual Security Approach with Awareness Strategy and Implementation Policy to Eliminate Ransomware. In Proceedings of the 2017 International Conference on Computer Science and Artificial Intelligence (pp. 222-226). ACM.
Kim, K., Park, S. and Lim, J., 2015, August. Changes of cybersecurity legal system in East Asia: focusing on comparison between Korea and Japan. In International Workshop on Information Security Applications (pp. 348-356). Springer, Cham.
Kuusisto, T. and Kuusisto, R., 2016, July. Leadership for Cyber Security in Public-Private Relations. In European Conference on Cyber Warfare and Security (p. 173). Academic Conferences International Limited.
Lee, M.S., Kim, T.H., Park, S.P. and Kim, Y.M., 2015. Systematic elicitation of cyber-security controls for NPP I and C system.
Mierzwa, S. and Scott, J., 2017. Cybersecurity in Non-Profit and Non-Governmental Organizations. Institute for Critical Infrastructure Technology, February.
Min, K.S., Chai, S.W. and Han, M., 2015. An international comparative study on cyber security strategy. International Journal of Security and Its Applications, 9(2), pp.13-20.
Okubo, S., Yamaguchi, K., Nakamikawa, T., Jp, P.E. and Uchiyama, H., 2016. Security Solutions that Protect the Life Cycle of Control Systems. Hitachi Review, 65(8), pp.58-62.
Panguluri, S., Nelson, T.D. and Wyman, R.P., 2017. Creating a Cyber Security Culture for Your Water/Waste Water Utility. In Cyber-Physical Security (pp. 133-159). Springer, Cham.
Park, J., Suh, Y. and Park, C., 2016. Implementation of cyber security for safety systems of nuclear facilities. Progress in Nuclear Energy, 88, pp.88-94.
Randall, K.P. and Kroll, S.A., 2016. Getting Serious about Law Firm Cybersecurity. NJ Law., p.54.
Shackelford, S.J. and Bohm, Z., 2016. Securing North American critical infrastructure: A comparative case study in cybersecurity regulation. Can.-USLJ, 40, p.61.
Slay, J., 2016. Training and education for cyber security, cyber defence and cyber warfare. United Service, 67(3), p.24.
Van den Berg, J., Van Zoggel, J., Snels, M., Van Leeuwen, M., Boeke, S., van de Koppen, L., Van der Lubbe, J., Van den Berg, B. and De Bos, T., 2014. On (the Emergence of) Cyber Security Science and its Challenges for Cyber Security Education. In Proceedings of the NATO IST-122 Cyber Security Science and Engineering Symposium (pp. 13-14).
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download