The advancements in the field of the technological innovations, global business practices and the competition, have led the organisations to be extensively dependent on the use of the information technology, in the various business operations. The phenomenon is often referred to as the information revolution. There is a wide range of increasingly convergent and linked technologies, which aid in the overall management of the businesses of the twenty first century (Liu et. al, 2015). Some of the improved business practices because of the technological integration are conduct of the virtual meetings and call conferencing, automating tedious business practices in the field of finance, supply china, logistics, and more; digital marketing practices and overall corporate social responsibility.
However, with the increased dependence of the organisations on the technology, the risk of the exposure of the vital data and information has also increased.
The report is a critical evaluation of the role of the cyber security in the modern business organisations. The report begins with a brief description of the basic concepts of cyber security and the need for the same. In addition, it critically analyses the role of the management in the development of the overall cyber resilience. The report concludes with the guidance to the senior management, in the form of step-by-step framework to be applied and to be reviewed as per the needs of the organisation, on the lines of the cyber security principles.
Security of the information systems refers to an entity’s ability to protect the internet-connected systems including the hardware, software, data, and the information from the unauthorised access of hackers and the cyber criminals for obtaining undue advantages. Thus, the cyber security and the physical security, both are the components of the overall security of the systems of an enterprise.
Cyber security culture of an organisation refers to the framework of knowledge, attitudes, values, beliefs, assumptions, and the norms applicable on the people of an organisation, in order to guide their behaviour with the information technologies (Ben-Asher and Gonzalez, 2015). Thus, it is an overall integration of information security considerations into the roles and responsibilities, habits and conduct of the employees while handling the systems and the operations.
The concept of cyber security is critical not only from the point of view of the individuals, but also from the point of view of organisations. This is because the organisations of today are highly dependent on the computer systems for the storage, processing, and the retrieval of the data. Moreover, much of the activities in relation to accounting, digital marketing, communication and more, are performed though making use of the computer systems, internet and the cyberspace.
The researches have revealed the fact that most of the cyber-crimes are committed in the organisations due to the various human factors (Ponemon Institute, 2012). The research conducted by Ponemon Institute further accorded that the employees and the insiders of the organisation itself hold the vast potential to expose the sensitive and the confidential information towards the risk of being misused. Some of the instances of the unintentional or the intentional acts that may put the data of the companies ate risk are employees losing laptops or other mobile devices, data being mishandled while in motion or at rest, breaches of the authorities or responsibilities by the malicious employees or other insiders and more.
The economic costs of the economic breaches to an entity can be both in direct and indirect terms. The direct costs can be in the form of loss of intellectual property such as information about patents, copyrights, trademarks, information relating to the clients and employees and more (Sen and Borle, 2015). The indirect costs can be in the form of loss of the reputation, resulting in change in the preferences of the customers and loss of the market value. In addition to the above, the profits of the entity can be reduced because of the reputational damage and there can be imposed hefty penalties and fines because of the data breach.
According to a data published by McAfee and Intel in the year 2014, the losses worldwide on the account of the cybercrimes accounted to be approximately between €325 and €500 billion (ENISA, 2017). Further to add, with the notable developments in the Ransom ware between the year 2015 and 2016 marked an increase in the diversity and the demand for the cybercrimes globally.
In addition to the above-mentioned factors, safeguarding the information technology systems and the infrastructure has become a significant part of the company’s corporate social responsibility today. Recently, the Australian government introduced the Notifiable Data Breaches (NDB) scheme under the Privacy Act, 1988, in which the entities have been obligated to notify the data breach. The same has been prescribe to ensure the notification of the data breach when the same might lead to serious harms to any individuals whose personal information is involved in the breach (OAIC, 2018). The same kinds of practices have been prescribed globally as well. For instance, the legislations such as the Sarbanes-Oxley Act in the US, makes it mandatory for the top management of an entity to consistently consider, ensure, practice and report on the information security aspects of entities.
On a positive note, it can be said that an overall increased awareness and knowledge of the cyber security and the considerable investment in the modern technological innovations and practices on the same lines can guard an enterprise against the significant effects of cyber-attacks. It would aid in raising the overall immunity of the stakeholders interests and the assets of the organisation (Fielder, et. al, 2016). Thus, it can be said that investing in cyber security practices would not only result in the enhanced trust among the customers and the stakeholders, but would also aid in the reduction in the economic and other losses and costs because of the hacks and the breaches.
With the increased risk of the financial and the reputational losses because of the breaches, hacks by the cyber criminals, the responsibility of senior management has become significant to safe guard the assets and the information of the organisations. It is the responsibility of the senior management of an entity to integrate the cyber security principles in the strategic decisions of the company, to mitigate the cyber security risks. It is necessary for the management to devise a system of clear priorities, authorities and the duties for each member of the organisation. It is the prime duty of the senior management to align the cyber risk appetite of the company with that of the interest of the stakeholder and the requirements of the regulators.
The role of the CISO is empirical in the cyber security of an entity. A CISO must understand the needs and operations of their business, while using the technical and the communication skills (Safa, Von Solms and Futcher, 2016). It is the duty of the CISO to interact with the employees to identify the existing framework of the cyber security and the attitudes and overall culture of the company towards the same. It is the role of the CISO, to enable the managers and the employees to participate in the decision making, to facilitate the roles between the various departments and the committees, liaison roles among the individuals and to communicate throughout the entire cyber resilience transformation process.
4.3 The role of the IT Department: The role of the IT team is multifaceted. The technical team has to look that up to date technical measure are adopted in the entity, the team has to ensure that the infrastructure is securely placed, the adequate wiring and the other basic requirements have been complied with (Gupta, Agrawal and Yamaguchi,2016). Further, to add, the have to secure the access and passwords to data repository and the main systems.
Their role is also to enable the senior management and the CISO with the latest technologies and the challenges in the market. They must keep themselves updated and transfer the knowledge to the stakeholders. In addition, they must comply with the legal requirements of the IT industry, with respect to standards and the norms.
Countering the cyber security issues and the hacks is a major challenge faced by the leaders and the managers across the globe. It must be a continuous process in an organisation. In the words of Densham (2015), the leaders must design the solution in advance; instead of the designing, the same post the security breach. Further, to add, a policy must be developed by the senior management describing the roles and responsibilities of each of the member of the organisation to counter the cyber-attacks in the interest of the stakeholders and the organisation as a whole. Thus, this section of the report will provide a step-by-step process to be implemented by an entity. The process is iterative in a way that after each activity is done, the impact is measured, the results are observed, and analysed and the same are reviewed in the light of the changes in the environment (World Economic Forum, 2017). The procedure has been laid down as follows.
Setting up the core cyber security group: It is the prime responsibility of the board of the entity to design the overall framework of the cyber security in an entity. While designing the framework, the first and foremost step is to update the members of the core group with the ongoing challenges and the technological updates in the field of cyber security. This is because, an evidence based approach is needed for the cyber security. It would be the duty of the said group to oversee the overall development of the strategies and the implementation of the same.
Understanding of the business of the entity and the assessment of the risk: It is crucial to understand the organisations existing culture, beliefs, attitudes and the practices, to align the security measures with the same. Accordingly, the risk appetite of the entity must be quantified in order for it to be mitigated (Johnson, et. al, 2016). The risk assessment of the entity would be done on the basis of the overall industry risk, size and nature of operations and the overall vision and mission of the entity.
Define the main goals, accountability, target audience, and the success criteria: The next step is to lay down the main goals of the development of the cyber resilience policy in the company. That is whether it is to improve the existing culture or to implement an overall new culture. In addition, it is important that the gaps must be analysed, as to what are the current capabilities of the entity and what are the desired objectives. Further to add, if there is any target threat in the industry of the work of the entity, the same must be identified and acknowledged.
Selection of the activities: The resilience plan should describe the activities as decided by the management for countering the cyber security threat. The activities can range from the use of the firewalls, using of the internet security programmes, definition of the roles and responsibilities with respect to the passwords, access to the infrastructure and database repository and more (Knowles, et. al, 2015).
Review and the consideration of the results: The plan must be run at a trial level before implementing the same at the final level. The gaps in the performance must be identified, changed must be made in the reliance plans to counter the same and the same must be updated to the individuals concerned (Luiijf and te Paske, 2015). The final blue print of the reliance plan must be devised. The overall plan must be written and circulated in the organisation.
Implementation: The plan must be implemented according the set standards and the norms and keeping in mind the laws and legislations if applicable. Each and every department and the individual must fulfil his or her responsibility with respect to the cyber security policy of the company.
Review and Updating: The process of implementing and the cyber security plans is continuous and iterative. The plan must be reviewed and analysed periodically and the loopholes must be identified in the light of the new challenges and the threats. The seminars, webinars, awareness programmes, group discussions must be conducted, in order to update the employees, stakeholders and the management itself from time to time.
Conclusion
The previous discussions in the report gave the insight that cyber security is a crucial aspect of the organisations of the 21st century. With the technological innovations taking place and the new challenges coming up each day, every day in the field of the information security, the organisations must guard themselves from the threats and breaches. It is the duty of the management of the organisation to ensure that a healthy and safe framework is established for the security of the vital data and information of the enterprise. However, the prime responsibility is of the top management, but it is not limited to them. Each member has a role to play in the security of the systems and the processes of the entity.
The report highlighted the basic definitions of the cyber security and the need for it. It highlighted how the involvement of the human factor and legal aspect necessitates for the entities to have a strong cyber resilience plan. The report further described the roles of the senior management, IT department and the CISO, in implementation for the successful cyber security plans.
The report concluded with the best practices and the step wise recommendation that can be taken as a guide by the entities for the development and the implementation of the resilience plans.
Thus, it can be said that cyber security plays an empirical role in the overall functioning and the success of the organisations. The same must be viewed as a chief responsibility by the management and every member of the entity, in the interest of the entity and stakeholders as a whole.
References
Ben-Asher, N. and Gonzalez, C. (2015) Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, pp.5 1-61.
Densham, B. (2015) Three cyber-security strategies to mitigate the impact of a data breach. Network Security, 2015(1), pp. 5-8.
European Union Agency For Network and Information Security. (2017) Cyber Security Culture in organisations. [online]. Available from: www.enisa.europa.eu. [Accessed on: 10/09/2018].
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F. (2016) Decision support approaches for cyber security investment. Decision Support Systems, 86, pp.13-23.
Gupta, B., Agrawal, D. P. and Yamaguchi, S. eds., (2016) Handbook of research on modern cryptographic solutions for computer and cyber security. United States: IGI Global.
Johnson, C., Badger, L., Waltermire, D., Snyder, J. and Skorupka, C. (2016) Guide to cyber threat information sharing. NIST special publication, 800, p. 150.
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P. and Jones, K. (2015) A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 9, pp. 52-80.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M. and Liu, M. (2015) Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX Security Symposium pp. 1009-1024).
Luiijf, H. A. M. and te Paske, B. J. (2015) Cyber security of industrial control systems. TNO.
Office of the Australian Information Commissioner. (2018) Notifiable Data Breaches scheme. [online]. Available from: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme [Accessed on: 10/09/2018].
Ponemon Institute. (2012) The human factor in data protection [online]. Available from: https://www.ponemon.org/library/the-human-factor-in-data-protection [Accessed on: 10/09/2018].
Safa, N. S., Von Solms, R. and Futcher, L. (2016) Human aspects of information security in organisations. Computer Fraud & Security, 2016(2), pp. 15-18.
Sen, R. and Borle, S. (2015) Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems, 32(2), pp. 314-341.
World Economic Forum. (2017) Advancing Cyber Resilience Principles and Tools for Boards. [online] Available from: https://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf [Accessed on 11/09/2018].
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download