With the due passage of time, the threat tends to change and attracts immense problem for the business. Further, the information system is the major weapon of the organization and helps in the controlling the infrastructure of the entity. The report defines the business case together with the risks that are present in the business environment followed by the audit plan. Going by the happening of the event, it needs to be noted that cybersecurity is not only the concern of the I.T department rather the same must be encountered through audit plans and objective (Barney & Ray, 2015). The application of a strong audit system will help in the prevention and mitigation of the future attack and build a strong organization.
The case relates to the cyber attack on Atlanta, where the computers of the municipal government and other services were affected by a ransomware attack. It clearly indicates that the local government is prone to cyber threats. It needs to be noted that the local government of every size and locations operates on a wide scale. The system is complex owing to the presence of a wide variety of features. The introduction of technology systems such as laptops, internet connected system, mapping and the informational system is an indication that the system is complex and needs to be tamed in an effective manner. The local government located in the United States does not have a strong control over the policies and regulations so they are unable to safeguard their system from attacks. This is of immense concern because the cyber attack can erode the entire system (Mcgalliard, 2018). It is being reported by forty percent of local government that cyber attack is a common happening on an hourly basis. Further, the biggest drawback that lies in this scenario is that a high percentage of government does not know the intensity and happening of the attack.
The provided case study shows the prevailing danger of the cyber attacks which are made on the general public systems by the use of ransom wares and cyber threats which use social engineering. The cyber threats are the most underrated risks in today’s business world. The cyber risk may be of many kinds some of which are a risk to finances, IT systems of the organization and the status of the firm which may cause huge losses to the firm because of the vast spread of the digitalization and improvement of interconnectivity between technological devices (Carroll, 2014). The risks of the firm relating to the cybersecurity should not only be bear by the It department of the firm, but also the other employees who work for the firm should also be concerned about such threats and risks. An organization should perform regular checks on the cybersecurity risks which may prevail upon it. Hence it should always be updated about the risks or threats and thus make the technological advancements in the firms IT sector so as to prevent the system from any type of hazardous activity. There should be awareness among the employees about the cyber risks which may be prevailing upon the firm. They need to identify any kind of technological risk that is present in the firms IT system (Van & Venzke, 2015). They should also be able to find and report the threats and vulnerabilities which can be used by the third parties or outsiders to exploit the firms IT system thus leading to a huge cyber loss (Francen, 2014). Also, it is the duty of the firm to remain as safe as possible by introducing new cyber solution which may help the firm to remove the present vulnerabilities and thus giving it a chance to move towards success by accelerating towards a greater lifespan of the firm (Zissis & Lekkas, 2012).
Internet connects all servers to each other and thus making it a powerful tool for the firms to discuss all the types of problems faced by them. This also increases the security risk thus exposing them to threats:
The main objective of the audit process is to assess the security. Another objective would be to find the type of information which is needed to be audited. Also, the auditor may evaluate that the necessary controls and functions of the firm are being carried out in a specified manner or not.
Internal audit proves to be helpful in the assessment of the ongoing fight of the firms with the cyber attacks. They may prove to be successful by identifying the proper risks and thus leading to help the firm find the ways of coming up with the flaws present in the system of the firm (David, 2009). It also helps the board of directors to understand the possible ways by which their firm may be affected by the various factors relating to the risks of the digital era.
The formulation of security enhancements in the firm may help it to develop the firm’s capability of handling the cyber threats in an uncomplicated way. By performing an internal audit various possible factors affecting the cybersecurity of the firm may be found. This information can be used by the IT sector of the firm to improve its technology and prevent the risks of cyber attacks (Christensen et.a l, 2016). Also, some people use to get valuable additional information by performing maturity analysis approach which helps the firm to get sudden visual references that gives clear information to the firm about the areas which it needs to improve. Also, the information may be used to create paths which may help the firm to fill the cyber security gaps thus helping it to improve its functioning. The five stages of maturity — Initial, Managed, Defined, Predictable and Optimized helps the firm to know about its progress and thus helping it to find the security advancements it needs to make in its system (O’Brien & Marakas, 2009). This will help to complete the firm’s target thus letting the board of directors meet the desired maturity level it needed to achieve.
Maintaining and enhancing security capabilities
Background checks – The ground procedure. The user of the system will be asked to complete the ground check by providing the relevant credentials. A list will be prepared of the employees who have an access to the system
Head approval – Does the access to data needs head approval?
Personal devices, mobile will be barred from storing sensitive data. To test the validity of the process, the employees need to sign the paper and then carry personal devices. The external devices will be banned from inserting into the computer.
Performing risk assessment – the risk and difficulties faced by the business will be recorded and the extent of problem needs to be ascertained.
Does the organization have the appropriate tool to combat the cyber attack? What is the frequency of attacks faced by the business?
The attacks faced by the business needs to be recorded and the same needs to be ascertained. This will help to have a proper knowledge of the attacks encountered and will enable to strengthen the system (Heeler, 2009).
Control environment
The control environment should rest on the values of the undertaking adhering to the practice, as well as guidelines. The key process needs to be documented so that a proper control is developed in a systematic manner (Gay & Simnet, 2015)
Risk assessment
It is recommended to have a risk assessment policy to identify and evaluate the risk that can impact the attainment of the targets that are specified in nature so that those risks can be eliminated (Gay & Simnet, 2015).
Control
It will comprise of automatic and manual reconciliation that will merge into the process with the main aim of ensuring the accuracy of the financial reporting. The key method will even consist of authorization and controlled mechanism (Heeler, 2009)
7. Conclusion
There have been considerable increases in the cyber risks because of the increased frequency of the types of information which have been provided over the internet. This information can be used to gain substandard knowledge thus leading to the increase in such threats. Most of the firms have already taken necessary actions for their prevention from the cyber risks by combating the dangers thus leading to the companies’ appraisal in the cyber security functions
References
Barney, J. and Ray, G. (2015) How information technology resources can provide a competitive advantage in customer service. Planning for Information Systems [online]. 3(2), pp. 444-460. Available from https://pdfs.semanticscholar.org/fe0d/ca770f19b8bbbfd7c84ea891c88ec5e8630c.pdf
Basta, A., Basta, N. and Brown, M. (2013) Computer security and penetration testing (2nd ed.). Cengage Learning.
Carroll, J.M. (2014) Computer security (3rd ed.), Butterworth-Heinemann.
Christensen, C.M., Bartman, T. And Van Bever, D. (2016) The hard truth about business model innovation [online]. Available from https://sloanreview.mit.edu/article/the-hard-truth-about-business-model-innovation/. [Accessed 6 March 2018].
David, F.R. (2009) Strategic Management: Concept & Cases. NJ: Pearson Prentice Hall
Francen, E. (2014) The 5 W’s of Information Security [online]. Available from https://www.frsecure.com/the-5-ws-of-information-security/ [Accessed 6 March 2018].
Gay, G. and Simnet, R. (2015). Auditing and Assurance Services. McGraw Hill
Hanson, D., Hitt, M., Ireland, R.D. and Hoskisson, R.E. (2011) Strategic Management: Competitiveness and globalization. South Melbourne: Cengage Learning Australia
Heeler, D. (2009) Audit Principles, Risk Assessment & Effective Reporting. Pearson Press
Layton, T.P. (2007) Information Security: Design, Implementation, Measurement, and Compliance. Auerbach Publication
Mcgalliard, T. (2018) How local government can prevent cyberattacks [online]. Available from https://www.nytimes.com/2018/03/30/opinion/local-government-cyberattack.html?rref=collection%2Ftimestopic%2FComputer%20Security%20(Cybersecurity)
Miller, W. and Pellen, R.M. (2014) Libraries and Google. Routledge
O’Brien, J. and Marakas, G. (2009) Management Information Systems. McGraw-Hill.
Travica, B. (2015) Modelling organizational intelligence: Nothing googles like Google’, Online Journal of Applied Knowledge [online]. 12(2), pp. 444-460. Available from https://www.iiakm.org/ojakm/articles/2015/volume3_2/OJAKM_Volume3_2pp1-18.pdf
VaA.S. andVenzke, C. (2015). Predatory Innovation in Software Markets’, Harvard Journal of Law & Technology [online]. 29(1), pp. 46-55. Available from https://www.questia.com/library/journal/1G1-442782249/predatory-innovation-in-software-markets
Wagner III, J.A. and Hollenbeck, J.R. (2014) Organizational behaviour: Securing competitive advantage. Routledge.
Zissis, D. and Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems [online]. 28(3), pp. 583-592.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download