Discuss About The Cyber Security Regulatory Bodies Approach.
Technology has grown gradually from simple to complex and as the days go by every aspect of human life is undergoing a technological revolution. A new era of technology has been achieved due to the availability of ubiquitous network capabilities such as the wireless mobile network, cloud computing, and distributed network. The Internet has made possible as it connects computer networks all over the world. As a result, bulky information of individuals, companies and other institutions can be stored in a computer and uploaded into the clouds so that it can be easy to retrieve them wherever a person will be and whenever need be. It is feasible to transact over the internet conveniently and do another kind of tasks conveniently. Technology helped to reduce work burden and ease the way of doing things. In spite of all the benefits that technology brought, it doesn’t go without saying that that it came with its vices.
As a result of these technological upgrade, people with malicious mind have devised mechanisms through which they can extort people and companies. [1]They are able to dig deeper into the software and hardware loopholes so that they can exploit those vulnerabilities with an intention to hold on to something that they can use as their leverage. This brought an uproar among the network users that their information is not safe and thus the need to create better structures and measures to safeguard information on the network. Cybersecurity team mandated to create a better world of technology was created all over the world to regulate usage of internet and how one should conduct him/herself while accessing information on the network.
Thus, according to [2]Choucri et al (2012) “Cybersecurity comprises technologies, processes, and controls that are designed to protect systems, networks, and data from cyber attacks.” It important to make sure that all levels of network architecture are safeguarded to minimize case of cybercrime. [3] There is focuses on information security pillars that will help in ensuring that data are secure. They are confidentiality, integrity, and privacy commonly referred to as CIA. ISO2700 is the body entitled to ensure that any system meets the standards set to ensure that only the person intended to access certain information can be able to do so.
During the research period, I employed [4]different kind of methods so as to gather and analyze information that was relevant to my line of study. I was able to collect information from that was previously done by other authors as well as the journals pertaining regulatory bodies that were available in the library. Class work that we have been using was acted as the basis of what I was to work on as it gave me the guideline on how to attain the maxima of the research. I also consulted my lecture, colleagues as well as IT practitioners within the institution so as they can tell more about regulatory bodies they know of and how they have been involved in fighting against cybercrime involving data storage and the cloud computing technology.
It is the duty of every right-minded individual to work hard and comply with the set rules and standard set by some of the bodies mandated to ensure that information kept on the network is safe. [5]Von Solms and Nieker (2013) highlights some of the attacks which include;
These kind of attacks have led to various government and organizations to come up with rule and regulations that will help curb these vices and make people aware of the existing limit of internet usage [7](Orji, U. 2010).
There are bodies whose mandate is to ensure the safety of the data of the internet users. There work is to oversee the success of a crime-free cloud network. There has been an outcry among the victims of cyber attack who have suffered financial or data loss. The impact of such loss is psychological traumatizing as well as wasting a lot of time and resources trying to solve the case pertaining the same or trying to repossess the lost data. In case of data loss, there are some incidence through which they can be recovered but in most cases it requires skilled practitioners who are very expensive to come by. As a result, new regulations and laws were formulated to help individuals deal with such cases at a low cost. They have set rules and guidelines that should always be adhered to by any IT expert as Orji (2010) describes in his book “Cybersecurity Law and Regulation” (p 398). Some of these bodies include the European Union Commission Cybersecurity Regulations, Norway’s regulatory regime for cybersecurity, African Union Convention on Cyber Security and Personal Data Protection, and ENISA (European Union Agency for Network Information Security) among others. These bodies were created as a result of rampant cybercrimes.
Cyber-attacks targeted most of the vital infrastructures such as the banking systems, government infrastructures, online marketplaces among other critical environments that highly depends on the clouds to store some vital information in a distributed network.[8]Kim (2014) states the worry impounded on banking system data network in case of unauthorized person holds on to data with bad intention.
The aim for the formation of this body was to;
To have a strong and resilience cyber it requires collective and a wide-range of the approach of things. A more robust and operational system that will help to reinforce cyber security and ability to respond to cases pertaining cyber attacks from the member states, government institutions as well as other agencies. EU cyber security team of better experts should be put in place to help create a much stronger cloud network infrastructure that is able to withhold any kind of cyber attack directed to the members of the EU so as to create a common market where a member can feel safer. The team should also work hard counteract any kind of attack on the cloud before it happens and the culprit held into justice.
ENISA is one of the agencies created by the EU to help fight against cyber crime. [9]Its work is to help build a strong cyber resilience and also to respond to cases of cyber attacks. It is the work of the agency to implement directives concerning cloud security and the information system as well as the framework proposals for cyber-security certification.
They will act on the capacity of advisory on formulating policies to be implemented as well as promoting soundness among sectorial enterprises and the directives from Cloud Providers in helping to net-share information and centres for analysis in acute sectors. [10]ENISA have a responsibility to make sure that EU states are prepared by holding annual pan-European cybersecurity training in unison. This shall be involving all the response units which cuts across all different levels of practitioners involved in IT mostly with the cloud computing. This unison training will act a source of knowledge on the way to curb cloud network cybercrime.
So as to build a strong cybesecurity base, it will require highly skilled personnel’s to manage it. Training of the experts will help to raise more professional who will be able to come and fill the gap that is there since most of the better experts have been absorbed by the private sectors who offers better employment terms. Also [11]creating awareness about hoe to manage ones account credetials will help individuals to be vigilant while using the clouds so as to have a knowhow of the tricks used by the attackers in order to gain access to once credentials. Creating awareness does not only help one avoid being a victim of attack but it will also help in lowering the cost of curbing the vice.
The bases have been created all over the Europe to ensure that the scope has been reached. They are working hard to ensure that they train a lot of member to carry on with the task of enforcing a free cyber space Europe. One of the training base is in Geneva Switzerland while other is in the UK, Germany and other countries. They bring together the experts from across the states who works in harmony to curd the vices.
[12]Training should be done at the various level of administration such as the higher learning institutions, training employees who are IT illiterate as well as those who are not well aware of the dangers hovering over the usage of cloud systems as a mode of information storage. Candidates should be taught how to detect any kind of mischievous behavior that could lead to an attack and how they should respond to it. This training should not be limited to just IT experts but also channeled to other interested personnels such as the accountants, secretaries, and any other person who is a stakeholder in cloud computing.
It is required of any institution to be on the lead in trying to educate about cloud computing and the danger it imposes on institution and individual data. At times, some people do the wrong things out of their knowledge and as such, it is good to create awareness of the existence of rules and regulations pertaining cybercrime. [13] O’Connell (2012) states the necessity to create that conducive atmosphere free from fear of attack and it is only possible if some parameters are met. Some of them include use of up-to-date software, encouraging updating of operating systems so as to seal already known vulnerabilities and avoiding public networks while dealing with sensitive information.
Member States ought to quicken the utilization of more digital secure devices in the advancement of e-government and furthermore draw full advantage from the skill arrange. The selection of secure methods for recognizable proof ought to be advanced, expanding on the [14]EU structure of electronic ID and put stock in administrations for electronic exchanges in the interior market, which has been in drive since 2016 and gives an anticipated administrative condition to empower secure and consistent electronic collaborations between organizations, people and open experts
[15]EU fundamental rights and core values in ensuring there is right to privacy and that personal data are protected has helped to create an opening of free and secure cyberspace among the EU states, the EU’s worldwide cybersecurity arrangement is intended to address the ceaselessly advancing test of ever-growing worldwide digital soundness, and additionally adding to Europe’s key self-rule in the cloud computing.
Since cybersecurity is an international disaster, there is a need among the European nations to work together by formulating policies that shall be adopted by all the states under the umbrella of the union. This will ensure that all the nations have worked closely in eradicating the vice without letting one nation to fall on its knee due to severe attacks from attackers. Developed nations will help the developing countries by providing gadgets and equipment required in fighting against cloud related crimes. They will also provide training and skilled manpower to teach them and help in moving the next step.
The work of the Commission has been fully recognized by the states and in has bared fruits, they offer guidelines on how to solve different puzzles pertaining the so cyber security. They formulate policies that have been implemented throughout their states. They have made it clear that there is need to work in harmony since they all faces a common enemy. Norway, Germany, Switzerland among other nations have implemented most of the commissions policies including erecting some of the well-equipped training base and creation of a common market platform. The fulfilment of these policies has seen most of the success in fight again Wannacry Ransom ware in which most of the states worked closely with ENISA agency in fighting the malware and creating public awareness. This made it possible to fight the attack in the shortest time possible and saving a lot of companies from being exploited.
According to [16] Muller (2016), the Norwegian government has not been left behind in trying to deal with the cybersecurity mammoth targeting various sectors that relies on cloud computing and thus has gone ahead to formulate some set guide and regulation to help cloud user from being exploited by the attackers and at the same time giving them a sense a security due to the kind of penalties that one should incur if found guilty of such vices.
There is coordination between the ministry of justice, the defense and other lawmakers to formulate policies relating to cybersecurity. Some the responsibilities of these joint teams include;
It is important for any agency to prevent any impending danger before it happens. Norwegian has equipped well the Agency responsible for dealing with the cyberattacks. [17]The agency can be able to track the network flow and see where there is bleach or where packets are being sniffed from. They work closely with the cloud providers who are on a lookout in case of any attack attempt. Their task is to monitor network traffic and in case of any red alarm they move in swiftly and neutralize the situation before any attack has occurred.
It is always important to work things out before things have fallen apart as this will ease the task to be done in trying to amend the damage that has been caused. [18]Mitigation should always be the co-thing for any government agency and so is the cybercrime unit.
At times thing may go out of hands and mitigation process fail, it should not be let go but a more robust step should be taken to curb it. Bass (2000)[19]reveal that whenever an attack has been detected, a swift approach should be taken in order to make good use of the available equipment. Managing the situation quickly before many falls victim of the same will help minimise the damage. For instance, once the [20]ransom WannaCry attack was detected since it used Microsoft security vulnerability which was found on Windows 7, 2000 and XP, they urged the users to update their operating system so as to seal the loophole. These agencies should act on the capacities of software vendors to advise natives on the need to update such kind of software. They will in return embark on finding the culprits behind the attack so as they can face the law. In order to fulfil this mandate, agencies from the states came together to brainstorm on what they should do and how to quickly respond to the WannaCry Ransom ware attack in Bergen in 2017. This was one of the case that the Norwegian agency was highly involved in carrying the task of eradicating cybercrimes.
Agencies and the task forces have to ensure that there is competence in the way network and Information system is handled. This will minimize the cases of cybersecurity and that users of the node are able to take caution while on the network. Their mandate is to alert users on the impending dangers, revert attacks and offer training to the experts and other willing individual. All the stakeholders gets involved on the way to keep their information safe by being taught simple tricks like clearing the cache before using public network. This will ensure that every individual is competent on what he/she is doing.
[21]Penetration testing of any software, network or website should be done prior to deployment according to Valli et al. (2014). This shows that the IT experts are sure and competent in what they are doing and knows well of all dangers that surrounds internet usage. This creates a better and safe environment for the users and the entire organization to network and store any kind of information with little worry. They should also ensure that any institutions has better infrastructures that can be able to withhold any kind of attack with better experts who will be on lookout for any impending attack.
There are some of the infrastructures that are so sensitive in any government. They include [22]banking, government websites, and airport control system as well as missile launch codes. It is the work of the government to ensure that they keep these infrastructures against intrusion from any unauthorized person and that the information is kept confidential. Only should it be accessed by the right personnel and at the right place while ensuring that the data are always up to date.
[23] Ghernouti-Hélie (2010) illustrates the important of having competent and uncompromising experts in those areas who will safeguard the cloud infrastructures. Strong softwares that are uncrackable should be put in place and reinforce it with a firewall protection.
The Commission introduces an outline so the EU has set up an all-around practiced arrangement if there should be an occurrence of a huge scale cross-border digital episode or emergency. It sets out the targets and methods of collaboration between the Member States and EU Institutions in reacting to such episodes and emergencies, and clarifies how existing Crisis Management instruments can make full utilization of existing cybersecurity substances at EU level
In realization of the mandate of a free cybercrime nation, as a member of EU states, the Norwegian agency is working crossly with the ENISA, an agency within EU that is tasked to deal with cases involving cybersecurity in order to gain training and the much-required help on the way to curb the vice. This is in the realization of the need to work with international agencies and recognizing that the war against cyber security is not a one nation issue but an international one that requires the attention of each and every individual and work in harmony to create a cyber security free nations.
A cybersecurity package of rules formulated in 13th Sep 2017 by the EU which aimed at improving the cyber resilience of the EU, how to deter and defend its cyber space. This came after the occurrence of Ransom WannaCry attack which led companies to lose lots of money which threatened and hampered the progress of the EU economy, as a result, better policies were put across in order to strengthen the already existing law. [24]Some of the proposals policies were to create a unit that would be tasked to carry on the work of neutralizing cybercrime among the EU nations, the task force was named ENISA. Also, they proposed a public-private partnership in the fight against cybercrime. The work of ENISA was;
The agency is based in almost all of the EU states to ensure that its purpose is fulfilled. It will be responsible I protecting stored data on the clouds and training of the IT practitioners on the way to curb Cyber crime. Using there more advanced technology, they will be responsible of making sure that EU cyber space is secure and have been granted permission to monitor network traffic with an intention to isolate any packet that looks suspicious and counteract it. They will respond to any attack whenever call upon.
One of the agencies whose work has gone unnoticed globally due to its quick way of responding to the attacks. Globally, it has been heavily involved in working with other agencies in coming with better policies and ways of fighting the vices. It has been the source of knowledge to other agencies within the European states. It has worked in harmony with lots of agencies in providing basic training to the other agencies. It’s well equipped training base in some of the EU states such as in Geneva, Berlin, London among other cities has acted as the training base whenever need be. The EU commissions have formulated policies with the help of the agencies and ENISA implements them which has in a way ensured the safety of the states. The creation of a common market which is being managed by the agencies have proved a good way forward and a better investment in crippling cybercrime. The rate of attacked has reduced drastically with only Wannacry being the biggest threat that have been reportedly in the past. They are anticipating reduction in cyberattack in the near future if the stakeholder were to comply to their policies on security measures.
Conclusion
From the above regulatory bodies, it is evident that cybercrime is an international problem that is affecting every single human being who relies on the internet. As such, every government, authority or cloud providers. It is time for all stakeholders to hold hands and work together to eliminate the vice. [25]A lot of time, resources and finance are lost when one incidence happens, it causes depression to the victims and cripples the economy of a nation. At this juncture, illiteracy has played a big role in attracting attackers not forgetting ignorance among the cloud users. Much work should be done to try and educate cloud user on the ways to evade being a victim. This includes a fresh introduction of the curriculum at school level so as to teach people on the way forward. Even though government agencies are doing their best to regulate internet usage, attackers on their side are not taking a rest to try and find vulnerabilities that they will exploit thus it is a [26]collective responsibility in ensuring that every individual is well informed about his role and responsibility on the matter related to information and network security.
As it is a responsibility of every network users to enforce security measures, government and other regulatory bodies tasked to create a cyber-crime safety cyberspace, it is their responsibility to ensure that they are on look out of any potential attack and mitigate it beforehand. Likewise, ensuring that formulated policies are followed to the letter.
References
Hassan, Lass, Makinde. “Causes, effects and the way out”. In Cybercrime in Nigeria: 626-631. ARPN Journal of Science and Technology. 2012.
Von Solms, Van Niekerk. “From information security to cyber security”. In computers & security 97-102. 2013.
Choucri, Daw Elbait, Madnick. “What is Cybersecurity?”. In Explorations in Automated Knowledge Generation 2-4. 2012.
Albrechtsen, Hovden. “Improving information security awareness and behaviour through dialogue, participation and collective reflection”. In Computers & Security, An intervention study. 432-445. 2010.
Brewer, Ross. “Advanced persistent threats: minimising the damage.” In Network Security 2014, no. 4: 5-9 .2014
Orji. In Cybersecurity Law and Regulation. Wolf Legal Publishers( 2012): 398-400.
Kumar, Sameer, Promma. “Type of Research Methods”. In Research Methodology 45-50. Springer, 2005
Kim, “Cyber security issues imposed on nuclear power plants”. In Annals of Nuclear Energy 141-143. 2014.
Levi-Faur, “Regulatory networks and regulatory agencification”. In towards a Single European Regulatory Space. Journal of European Public Policy (2011): 810-829.
Rittberger, Wonka. ”Introduction: agency governance in the European Union”. Journal of European Public Policy (2011) 780-789.
Dodge, Carver, Ferguson. “Phishing for user security awareness”. In computers & security 73-80. 2007.
Aloul. “The need for effective information security awareness”. In the Journal of Advances in Information Technology, 176-183. 2012.
O’Connell. “Cyber security without cyber war”. In the Journal of Conflict and Security Law, 187-209. 2012.
Kirkpatrick. “Cyber policies on the rise”. In the Communications of the ACM, 21-23. 2015.
Li. “International actions against cybercrime”. In the Networking legal systems in the networked crime scene. Webology: 2007.
Muller. “How to govern cyber security? The limits of the multi-stakeholder approach and the need to rethink public–private cooperation”. In Conflict in Cyber Space. 132-145. Routledge: 2016.
Kuner. “European data protection law”. Corporate Compliance and Regulation Oxford University Pres, Büyük Britanya: 2007.
Pfleeger, Caputo. “Leveraging behavioral science to mitigate cyber security risk”. In Computers & security, 597-61: 2012.
Bass. “Intrusion detection systems and multisensor data fusion”. Communications of the ACM, 99-105: 2000.
Martin, Kinross, Hankin. Effective cybersecurity is fundamental to patient safety, 10: 2017.
Valli, Woodward, Hannay, Johnstone. “Why penetration testing is a limited use choice for sound cyber security practice”. In Proceedings of the Conference on Digital Forensics, Security and Law 35: (2014, January). Association of Digital Forensics, Security and Law.
Harrop, Matteson. “Cyber resilience”. In Current and Emerging Trends in Cyber Operations 149-166: A review of critical national infrastructure and cyber-security protection measures applied in the UK and USA, 2015. Palgrave Macmillan, London.
Ghernouti-Hélie.” A national strategy for an effective cybersecurity approach and culture”. In Availability, Reliability, and Security, 2010. ARES’10 International Conference 370-373: February, 2010. IEEE.
Marion. “The Council of Europe’s Cyber Crime Treaty: An exercise in Symbolic Legislation”. In International Journal of Cyber Criminology, 699: 2010.
Kshetri. “Diffusion and effects of cyber-crime in developing economies”. Third World Quarterly 1057-1079. 2010.
Sklerov. “Solving the Dilemma of Sate Responses to Cyberattacks”. In A Justification for the Use of Active Defenses against States Who Neglect Their Duty to Prevent. 2009.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download