Wednesday, May 6, 2020
Cyber security Compliance and Business Continuity â⬠Free Samples
Question: Discuss about the Cyber security Compliance and Business Continuity. Answer: Introduction Cyber security could be termed as the preservation and protection of digital systems from piracy or destruction due to undesirable breaches. These breaches may be done by malicious or unauthorized users. The digital systems that need protection may be Information Technology components such as data, hardware or software. Cyber security is also breached if there is an interruption in the services provided by computer systems (Probst et.al, 2013). The significance of cyber security becomes critical in domains like finance, health care, defence or business, as these fields make use of humongous load of data and information. Due to the sensitivity in the nature of some kinds of data, like financial, private or intellectual property, an attempt for illegal use could be disastrous and may result in adverse outcomes. For a business to flourish and move ahead in an uninterrupted fashion, data has to be transmitted continuously and unceasingly. During this uninterrupted flow of data, there sho uld be procedures to ensure that data and information that is being transmitted is secure always. Since the frequency and ingenuity of cyber attacks is growing on a day by day basis, the systems that are responsible for protecting data and information related to fields like finance and personal security has to adopt steps to protect data confidentiality (Kritzinger and von Solms, 2010). The significance of cyber security becomes all the more important in the midst of a recent revelation by top intelligence agencies that cyber attacks could be the highest threats to federal security eclipsing other crimes in the near future. Unexpected catastrophes and crashes may inevitably occur in any business, if it comprises sensitive data and the transfer of information. Information technology and business are becoming increasingly interdependent on each other nowadays and many of the objectives of a business rely heavily on IT. As the relevance of internet trading and online activity of a business concern is expanding day by day, even a slight disruption in an organizations online presence or activity might result in huge loss monetary wise (Karim, 2011). The majority of companies which deal in e-business adopt a Disaster Recovery Plan to redeem its data and continue its online activities in case of a major setback. In case this recovery plan does not restore the companys activities back to normalcy, a more formal and strategic approach is followed to achieve business continuance. This approach is called the Business Continuity Plan and it ensures the important components and resources are continuously available f or the uninterrupted flow of the business. Business Continuity could be roughly defined as the ability of an organization in devising strategies that help in restoring the company to its original form once a disruption occurs in its operations. Having a well etched out business continuity strategy gives a foundation for the resources in times of a catastrophe, and guarantees the reliability a business needs. Abiding to certain rules called business compliance would help an organization in achieving business continuance. Compliance, in its general sense could be termed as the readiness of an organization or an individual in accepting the rules set forth by an authoritative body (Jouini et.al, 2014). For a business, compliance could be termed as its willingness to adhere to certain standards put forth by the governing bodies that ensure at least minimal security against cyber attacks. SWOT Analysis RealEstate.co.au is an Australian real estate company with a well etched out web and mobile platform that deals in the trade of property. The company has used state of the art Information and Communication Technology (ICT) to design a website that is used for the advancement of the business and cater to the needs of the customer. Prospective buyers can access the website or the mobile app by the help of compact and portable devices such as smart phones, tablets or laptops. In addition to the website, the company has also developed a mobile application with a matching interface as that of the website. The website and the mobile app together would serve as an ideal platform for prospective buyers to buy, view or choose a property at a desired location. A SWOT analysis is done on the company to gain insight into its operations and their subsequent plans for growth. Strengths co.au has a global presence which is well demonstrated by its pervasive online presence. The website has a customized appearance for different countries. They cater to an international audience by localizing its user interface to different languages. The appearance of the website is very coordinated and systemized. The specifications of the properties are etched out well and displayed through the website. The company provides an app with images and interactive features for the users to browse through the properties on display. They are also provided with different options to customize their search. The company also has a strong presence in social media platforms such as facebook, twitter, linkedin and youtube. These sites are used for advertising and showcasing their presence and experience in the real estate arena. With the website and the mobile app, the company intends to reach to clients on far and remote locations. The site gives them additional interactive features so that the clients can have a better look at the property they intend to own or rent. Weakness The performance of the website in a few browsers tends to be slow and takes considerable amount of time to load. Some of the functionalities that has been introduced in the website have not been completely integrated in the mobile app. This creates a mismatch in the websites appearance in different devices. The company does not have the required amount of IT resources with ample experience to support the system in case of an emergency or a breakdown. The infrastructure, system and the gateways being used by the company are not contemporary or state of the art. This becomes a limitation in hosting modern technologies and updating the services as quickly as intended. Since the site hosts a number of localized versions for different countries, there should be enough IT personnel to take care of the local and global changes. The changes have to be monitored and updated accordingly in the website. Currently the company is at a shortage of skilled and experienced personnel. Since RealEstate.co.au plans to extend its services mainly through the online medium, there is a threat of losing traditional customers who may not be computer savvy Opportunities The increasing use of mobile devices has made the company to concentrate more on incorporating interactive features on the mobile apps. Additional features like Youtube videos could be included in the website. This gives the users a more interactive feel of visiting the place from the comfort of their homes. Data analytics could be used for collecting information about the characteristics and information about the users of the website. Demographic data about the users could be used by the company for pitching promotions and deals. Better platforms could be provided for the users to interact with the company officials. They could offer online message portals or feedback forms within the website for the customers to explain their need, the type of property or the location they prefer. The general trend of increasing website and mobile app users could be used by the company towards its advantage. The company can provide a more streamlined and automated system that provides accurate and easy service to the customers. Threats Different devices like smart phones, tablets and palmtops would be accessing the application of Realestate.co.au by a number of different browsers. It may be noted that the mobile app is compatible with these devices. Increasing competition among other international real estate agents may put extra burden on the company to modernise and use state of the art tools. This may cause a cost overhead as there would be a pressure to recruit resources with technical expertise. The issue of security is always relevant for companies that use the customers personal data for business. The more the company provides in terms of the services and facilities, the more issues may arise in terms of user privacy of data and security threats. The rate of growth and updation in ICT related technologies has been more than expected. There is an upsurge in the number of users accessing the application and the website. Hence care should be given that a performance degradation does not occur. Summary and recommendations RealEstate.com.au provides a platform to the general public and prospective clients an opportunity to have a better assessment of the properties that they plan to buy, sell, rent or own by introducing ICT into their business. The company intends to build its customer base by introducing new Information and Communication technology strategies. The immediate aim is of having a far reaching audience, to consolidate its position as a leader the real estate domain. The company intends to open up new avenues by localising its website to a global audience and by launching it in different countries and languages. By including interactive features and adopting new technology the company also plans to provide better experience and satisfaction for the prospective buyers. Technological expertise could be used further by the company authorities in different activities ranging from data collection about the users to delivering a simple, customer friendly design to the users. Short term goals From the SWOT analysis, it is clear that the company lacks the necessary resources or the infrastructure to handle the ICT advances they have made in the short span of time. Priorities have to be set on what solutions are to be made on the website and how it can address the incompatibility issues of different browsers or operating systems. Midterm goals Over the next 12 to 18 months, the company plans to launch several pilot programs and promotional events through its website and mobile app. The company aims at collecting user data and information like demographic data of the users from the website. They plan to customize the appearance and functionalities of the website catering to the audience choices. Long term goals The company intends to have a global presence over the next three to five years. The company officials have decided to attain better performance by increasing sales through efficient IT governance strategies. As the company grows globally, there should be strategic methods to ensure the consistency of data and functionalities across cross platform users. Data analytics could be further used to gather deeper insights about the users buying tendencies and customize the website and mobile app accordingly. All these are to be done without compromising on privacy and security. Why is Cybersecurity important? The main intent of Cybersecurity is to keep electronic data confidential and intact from theft and piracy. Adopting cybersecurity measures would ensure that all the electronic systems and data within a business are not subject to illegal or unauthenticated use (Rid and Buchanan, 2013). The term cybersecurity implies to both hardware and software used in a business and may be used to safeguard all the information technology components that range from something as simple as private data to information as complex as the ones pert that pertain to national security. With the growing incidence of internet and its usage, the sharing of electronic data has increase manifolds. The need for a security mechanism to protect and safe guard this electronic data and devices have become more critical in the recent years. To make sure that a system is impregnable against any form of security attacks, a deep knowledge about the susceptibility of the system against the different forms of common securit y threats is required (Kumar et.al, 2006). Cybersecurity mechanisms can effectively counter security breaches in this case, if there is some information and insight about the systems security lapses and the extent to which they could be exploited by unauthorised access or security breaches. Common types of security breaches The different kinds of security breaches could be enumerated as follows: Denial of Service Denial of service is a very common type of security breach which denies the user rightful access towards a system or a resource. A common strategy of attaining denial of service is by overloading the system and not allowing the rightful owner access to a resource for which he has access and control. Bugs, Viruses and other Ransomware Bugs and viruses are common programs that sneak into a system and alter the existing structure of the system and make it behave erratically or unexpectedly. Ransomware is another serious form of security breach, which gains entry into a system and locks the resources in the system ad refuses to let go of the resources unless a ransom is being paid. Backdoor attacks This is another type of security breach that gains access of a system without any usual authentication procedures. In backdoor attacks a virus is created to gain control over a system by hackers who intend to gain access of a system. Types of Cybersecurity mechanisms Cybersecurity is a generic term and it could be used to denote any kind of resource or component that is being protected against unauthorised access (Razzaq et.al, 2013). Depending upon the nature of the component or resource being protected, cybersecurity mechanisms can be subdivided into the following categories: Application Security Applications are software components that are used to accomplish specific tasks for the end user. Applications are utility programs created by the programmer and can be susceptible to security breaches during any security threats during the different stages as it is being developed (Six, 2011). The different stages during which an application is being created could be listed out as the designing, coding, deployment and implementation. The security mechanisms being offered during these different stages are an authentication mechanism that authorizes the authenticity of the user and an auditing process that logs in each and every action of a particular use. Information Security Information security could be defined as the procedure of safeguarding information from unauthenticated users. Information security is again a very broad term and could be used to denote the strategies that are followed to maintain the integrity and confidentiality of both data and systems (Bulgurcu, et.al, 2010). Confidentiality and integrity ensure two things, that secure data and information gets transmitted only to the authorized receiver and that no modification happens to the data during its transit from the source to the destination. The protection mechanisms that are provided for ensuring that information security is guaranteed to the users are termed as identification and authentication (Lewis, 2002). Both these procedures provide certain rules to ensure that there is no unauthorized access to the information systems. Apart from this, Cryptography is another technique where data is scrambled into an intermediate form while it is being sent to a destination that could be unsc rambled and read only by the intended receiver. Network security Network security denotes the different security policies followed to prevent unauthorized users from entering into a network. Network security also denotes the security mechanisms that prevent an unauthorized entity from accessing a network or modifying or accessing the resources in the network (Perlman et.al, 2016). Unauthorized access to a network connected resource would result in a breach of the whole networks security mechanism. A few methods of providing security to network components include the installation of components like firewalls, virtual private networks and intrusion prevention systems (Rowe, et.al, 2011). Network security is very critical towards preserving a company or organizations data integrity and security policy as an unauthenticated user can gain access to any remote device and get critical information from the main repositories of data storage. Business Continuity While discussing about Cyber security and attacks, it is very relevant and pertinent to discuss about Business Continuity. As mentioned before, Business Continuity comprises of all the strategies and backup mechanisms required mandatorily by a business to keep functioning continuously even during a major disruption in its normal functioning. The strategies that are used to recover from the temporary disruption in the business and continue its normal operation is called as disaster recovery. The formal definition of Business Continuity describes it as a compilation of methods and mechanisms that is planned, prepared and stored for disposal at the event of a catastrophe or a disastrous situation. The need for a business continuity plan becomes all the more important in a business as it is impossible to predict the incidence of a disaster. In todays internet driven world, the importance and emergence of e-business and an internet driven market has become a matter of endurance and surviv al for many organizations. As the operations provided by e-business has to cater to the consumers 24 hours a day, 7 days a week, the reliance of the business on Information technology and related concepts that provide an IT infrastructure is very substantial. This makes even an hours duration of downtime or disruption disastrous for the business in the long run as it is a failure in catering to the needs of the customer. So most companies adopt a procedure formally termed as the Business Continuity Plan for explicitly specifying the procedures to follow in case of a disruption. These procedures are termed as the Business Continuity Plan and restores the critical components back to normalcy making them function as before. When is a Business Continuity plan required A Business Continuity Plan is required at certain occasions when an interruption occurs in the business. These interruptions could be disastrous for the smooth functioning of a system. There are certain events which disrupts the continuity of a business and which requires a Business Continuity plan mandatorily (Walters, 2014). The most common types of interruptions are during the attacks of malicious software. The malicious software may comprise of different programs that temporarily stop the functioning of the system. A disruption may also occur due to a failure in the power supply, internet or other major equipments. Apart from these an application failure or a database issue could also sabotage the normal functioning of a business for a few hours and stop its routine and conventional flow. As the functioning of a business concerns IT activities has shifted from a centralized repository to a distributed architecture during the recent years, the data and information may be distribut ed all throughout the business. Due to this it is a better practice to involve a variety of team members in the Business Continuity Plan like the higher authorities which include the managers and top officials as well as the IT employees who oversee the network and administration activities. Conclusion Cybersecurity compliance is a set of procedures that are put forward in published materials that attempt to protect the security of the IT components and resources of a user or organization. These components could specifically be the users, devices, data, information, the application programs or the network. The primary aim of the compliance standards is to reduce the risks, including prevention or mitigation of security threats like unauthorized access. The compliance standards are generally a collections of strategies that contain guidelines, instructions and risk management techniques to assure the safety of the resources within the organization. References Bulgurcu, B., Cavusoglu, H., Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548.Jouini, M., Rabai, L. B. A., Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489-496.Karim, A. J. (2011). Business disaster preparedness: An empirical study for measuring the factors of business continuity to face business disaster. International Journal of Business and Social Science, 2(18).Kritzinger, E., von Solms, S. H. (2010). Cyber security for home users: A new way of protection through awareness enforcement. Computers Security, 29(8), 840-847.Perlman, R., Kaufman, C., Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India. Kumar, V., Srivastava, J., Lazarevic, A. (Eds.). (2006). Managing cyber threats: issues, approaches, and challenges (Vol. 5). Springer Scie nce Business MediaLewis, J. A. (2002). Assessing the risks of cyber terrorism, cyber war and other cyber threats. Washington, DC: Center for Strategic International Studies Probst, C. W., Hunker, J., Gollmann, D., Bishop, M. (2010). Aspects of insider threats. In Insider Threats in Cyber Security(pp. 1-15). Springer US.Razzaq, A., Hur, A., Ahmad, H. F., Masood, M. (2013, March). Cyber security: Threats, reasons, challenges, methodologies and state of the art solutions for industrial applications. In Autonomous Decentralized Systems (ISADS), 2013 IEEE Eleventh International Symposium on (pp. 1-6). IEEE.Rid, T., Buchanan, B. (2015). Attributing cyber attacks. Journal of Strategic Studies, 38(1-2), 4-37.Rowe, D. C., Lunt, B. M., Ekstrom, J. J. (2011, October). The role of cyber-security in information technology education. In Proceedings of the 2011 conference on Information technology education (pp. 113-122). ACM.Six, J. (2011). Application Security for the Android Platform: Pro cesses, Permissions, and Other Safeguards. " O'Reilly Media, Inc.".Walters, R. (2014). Cyber attacks on US companies in 2014. The Heritage Foundation, 4289, 1-5
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.