Widget Inc Dot Com: Cyber Security Awareness, Policies And Procedures

Cyber Security Overview

Cyber security or information technology security is the proper protection of any computer system from damage or theft to the information, software or even hardware (Von Solms and Van Niekerk 2013). Cyber security helps to secure the information and thus the information is never lost. Moreover, the accidental or intentional attacks are also stopped with this security.

The following report outlines a brief description about the case study of Widget Inc Dot Com (Hahn et al. 2013). This particular organization is involved in the designing, manufacturing and distribution of Internet of Things. This report provides a significant discussion on the cyber security awareness of Widget Inc Dot Com. A training scheme is highly required for this purpose (Wang and Lu 2013). The various types of policies and procedures for the training and the kinds of cyber threats are solely explained in this particular report.

Case Study

Widget Inc Dot Com is an organization that does designing, manufacturing and distribution of Internet of Things. The annual turnover of this organization is about 10 million pounds (Amin et al. 2013). The organization has employed around 85 people for the various responsibilities like widget design, widget architecture, testing, production, selling and distribution. Experts in Accountancy, Finance, IT Support, Human Resources, Health, Safety, Network Support and IT administration, properly support the procedure of widget production (Elmaghraby and Losavio 2014). The executive board of this particular organization is extremely worried regarding the cyber threats that are common for any company and the type of damage that can easily occur due to this cyber attack. 

Cyber Security Awareness Training for Widget Inc Dot Com

The cyber security in the organization of Widget Inc Dot Com can be provided with the help of proper training to the staffs and employees. This training is extremely important for the employees of this organization (Buczak and Guven 2016). It is a specific formal procedure that helps to educate the staff members of an organization. The corporate policies, procedures for completing the tasks with information technology are helped to understand in this training. Information is received by the employees regarding the security threats and the reason that data is the most important and vulnerable asset of the organization. Widget Inc Dot Com should involve a special cyber security training awareness for all the employees and staff members working there (Wells et al. 2014).  This would certainly increase the awareness amongst them and moreover, they would not be involved in any accidental or unintentional cyber threats.

Introduction to Widget Inc Dot Com

There are various policies and procedures that are solely required for the cyber security awareness training within the organization of Widget Inc Dot Com (Cavelty 2014). The cyber security policy and procedure are particular formal set of rules that should be followed by all the employees and staff members of the organization. These employees are mainly related to the information technology or the technological assets of the company and any type of violation of rule leads to serious steps or even imprisonment (Gupta, Agrawal and Yamaguchi 2016). The major aim of these policies and procedures is to properly inform all the authorized users, who have the access of information technology assets and technological resources. These assets mainly include software, hardware, disc, operating systems, application servers, electronic mail, routers, modems, hubs and many more (Hong, Liu and Govindarasu 2014). This type of policy helps to understand how these assets and resources can be secured from all types of cyber threats and what measures should be taken when these types of attacks will occur with the resources. The cyber security policies and procedures of Widget Inc Dot Com are as follows:

1. i) Access Control: The access to the technological assets and resources is controlled, so that unauthorized users cannot access the data or information and information technology (Abawajy 2014).
2. ii) User Responsibilities: It is the responsibility of each and every employee or staff member to follow the rules and regulations of the company and also to follow the usage policy.

iii) Penalty for Security Violation: This is the third most important policy for cyber security (Ben-Asher and Gonzalez 2015). There should be a high penalty for the violation of security within the organization of Widget Inc Dot Com.

Types of Cyber Threats

Cyber attacks or cyber threats are extremely common in modern world. All types of information technology assets and resources are vulnerable or exposed to these types of attacks (Taddeo 2013). These cyber threats can cause major destruction to all the assets and resources and thus the confidential data or information would be lost. The most significant and vulnerable cyber threats for Widget Inc Dot Com are as follows:

1. i) Malware: This is the most important cyber threat for any information technology assets and resources. Malware means to several types of harmful software present within a computer system (Taylor, Fritsch and Liederbach 2014). Virus is the most significant type of malware, present within the resources of information technology. There are various methods of injecting malware in a system and this is extremely dangerous for any organization.
2. ii) Phishing: This is the second important type of cyber threat that is very common in any computer system (Tamjidyamcholo et al. 2013). In this type of attack, the intruder or the attacker sends an email to the victim for the purpose of stealing confidential information. As soon as the email is clicked to open, the data or the information is stolen and accessed by the attacker (Fennelly 2016). Usually, a link is provided in this email and there is an instruction to click on the link. Widget Inc Dot Com should keep a track so that no such emails come into the systems.

iii) Denial of Service Attacks: DoS attacks or denial of service attacks are again very common and vulnerable attack in any system of information technology (Hahn et al. 2013). This type of attack occurs when the intruder or attacker makes any particular machine completely unavailable for the access of the authorized and legitimate users. This causes major loss of confidential information or data within the system.

1. iv) Man in the Middle Attacks: This is another important cyber threat for any organization. In this type of attack, the network or the session is hijacked by any attacker. The attacker hijacks the session by simply capturing the ID of the session and thus posing as the authorized user (Amin et al. 2013). The confidential information is thus open to the attacker or intruder and he as the full access to change or alter the data. At the end, the legitimate user gets the access of the confidential information and he or she changes or alters it.

Prevention from Cyber Attacks

Although the above mentioned cyber threats are extremely vulnerable for any organization, there are certain methods to stop or prevent these types of attacks. Widget Inc Dot Com should follow certain methods or methodologies for the successful prevention of cyber attacks or cyber threats (Von Solms and Van Niekerk 2013). The most important ways of preventing cyber attacks from any computer system or information technology devices are as follows:

1. i) Antivirus: This is the simplest method of stopping or preventing any type of cyber attack to the computer system (Hong, Liu and Govindarasu 2014). Antivirus is a software program that helps to prevent the cyber attacks and also provide security to that particular system. The most significant advantage of this software program is that it is extremely easily available in the market and can be acquired in very low cost. Therefore, all organizations can easily afford this antivirus. Widget Inc Dot Com should install antivirus software in all of their computer systems (Gupta, Agrawal and Yamaguchi 2016). This will prevent the various types of cyber threats and thus the attacks can be mitigated or even stopped completely.
2. ii) Firewalls: This is the second most important way or method of preventing cyber attacks in any particular computer system. Firewalls are yet another software programs that prevent all types of cyber threats from entering into the system. As the name suggests, firewalls work as walls for the successful prevention of cyber threats to the system (Tamjidyamcholo et al. 2013). Like antivirus, firewalls are extremely easily available in the market and can be easily afforded by all organizations. Widget Inc Dot Com should install firewalls in all of their systems. This will result in detecting and preventing all types of vulnerabilities of a computer system. 

Cyber Security Challenges and Threats

iii) Proper Training: This is the third most important way to prevent any type of cyber threat to the system of Widget Inc Dot Com (Taylor, Fritsch and Liederbach 2014). The employees or the staff members of the organization should be trained properly so that no unintentional or accidental threats occur within the organization. Widget Inc Dot Com should hire a cyber security expert for the training purpose of their employees.

1. iv) Risk Assessment: This is the fourth method for the proper prevention of cyber threat to any computer system (Amin et al. 2013). There should be a proper process of risk assessment in the organization and this will reduce the chance of risks or threats within the company.

Processes for Enabling Business Continuity

The business continuity of Widget Inc Dot Com can be enabled with the help of various processes. The most significant processes for enabling business continuity within the organization are as follows:

1. i) Business Impact Analysis: The Business Impact Analysis or BIA is the first process that helps to enable the business continuity (Von Solms and Van Niekerk 2013).
2. ii) Recovery Plans: These types of plans are extremely required for the successful enabling of business continuity. This is the second process.

iii) Testing: Testing is yet another important process that will help to enable the business continuity of Widget Inc Dot Com organization (Fennelly 2016). They should test all the products and services properly and perfectly, so that no fault is present within the products.

1. iv) Maintenance and Monitoring: The products and the services should be maintained and monitored after the testing process and this particular process will reduce the chance the any type of major loss or threat. 

Professional, Social, Ethical and Legal Considerations

There are various professional, social, ethical and legal considerations of cyber security (Gupta, Agrawal and Yamaguchi 2016). The awareness training should include these considerations. The professional considerations are as follows:

1. i) Provide Advice: The employees should provide advice to the clients wherever required.
2. ii) Priority to Client: The client should be the first and the foremost priority for the organization and all of the demands should be properly fulfilled (Hong, Liu and Govindarasu 2014).

The social considerations are as follows:

1. i) Help all Other Employees: The employees should help all other staff members and employees and this will improve the social relation amongst them.
2. ii) Work as Group: The employees should work as teams and groups and this will also increase the social bonding amongst all the employees (Amin et al. 2013).

The ethical considerations are as follows:

1. i) Maintaining Confidentiality: This is the most important consideration in any organization. The confidentiality of the information and data should be strictly maintained.
2. ii) Avoiding Conflicts: Any type of conflicts should be avoided and thus the ethical considerations should be maintained (Tamjidyamcholo et al. 2013). 

The legal considerations are as follows:

1. i) Stealing of Information: The confidential information should be properly secured and if this is violated, legal actions should be taken (Von Solms and Van Niekerk 2013).
2. ii) Copyright: This is another important and significant factor. Violating this factor can lead to legal steps or even imprisonment.

Conclusion

Therefore, from the above discussion it can be concluded that cyber threats are the most vulnerable threats in today’s world. Cyber security can be defined the appropriate protection of all the computer systems from damage of the software, information or hardware. Moreover, the misdirection or disruption of these above mentioned resources and services are also protected with the help of cyber security. The physical access is eventually controlled and managed by securing the software and hardware. Information is the most important resource of any organization. This report has provided the proper understanding regarding Widget Inc Dot Com. It is an organization that manufactures and designs widgets. The report has also given the various types of cyber threats that are extremely common here. For the mitigation of these threats, the report has provided a proper training scheme for the employees of Widget Inc Dot Com. 

References

Abawajy, J., 2014. User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), pp.237-248.

Amin, S., Litrico, X., Sastry, S. and Bayen, A.M., 2013. Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks. IEEE Transactions on Control Systems Technology, 21(5), pp.1963-1970.

Ben-Asher, N. and Gonzalez, C., 2015. Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, pp.51-61.

Buczak, A.L. and Guven, E., 2016. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), pp.1153-1176.

Cavelty, M.D., 2014. Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities. Science and Engineering Ethics, 20(3), pp.701-715.

Elmaghraby, A.S. and Losavio, M.M., 2014. Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.

Fennelly, L., 2016. Effective physical security. Butterworth-Heinemann.

Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds., 2016. Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global.

Hahn, A., Ashok, A., Sridhar, S. and Govindarasu, M., 2013. Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on Smart Grid, 4(2), pp.847-855.

Hong, J., Liu, C.C. and Govindarasu, M., 2014. Integrated anomaly detection for cyber security of the substations. IEEE Transactions on Smart Grid, 5(4), pp.1643-1653.

Taddeo, M., 2013. Cyber security and individual rights, striking the right balance.

Tamjidyamcholo, A., Baba, M.S.B., Tamjid, H. and Gholipour, R., 2013. Information security–Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language. Computers & Education, 68, pp.223-232.

Taylor, R.W., Fritsch, E.J. and Liederbach, J., 2014. Digital crime and digital terrorism. Prentice Hall Press.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Wang, W. and Lu, Z., 2013. Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5), pp.1344-1371.

Wells, L.J., Camelio, J.A., Williams, C.B. and White, J., 2014. Cyber-physical security challenges in manufacturing systems. Manufacturing Letters, 2(2), pp.74-77.