Essay Available:
You are here: Home → Research Paper → IT & Computer Science
Pages:
15 pages/≈4125 words
Sources:
4 Sources
Level:
MLA
Subject:
IT & Computer Science
Type:
Research Paper
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 39.95
Topic:
Research And Describe What Is Cybersecurity Governance (Research Paper Sample)
Instructions:
Description
what is cybersecurity governance and the role it plays in an organizations
Content:
Student’s Name
Professor’s Name
Course
Date
Cyber Security Governance
Globally, people live in an ever-growing networking platform ranging from personal electronic banking to government operations. These networks to be protected have been no longer an option but a necessity due to increased cybercrimes, threats, and attacks. Cyber risk has in many cases raise fears due to high profile criminal breaches and is seen to endanger the world economy due to increase in hack attacks and similar security threats (Kohnke, et al. 34). According to international reports, most organizations worldwide have attested to the fact that they are inadequately prepared by way of protection against cyber-attacks by themselves. This has led to cybercrime losses of cost in the world economy at an amount of approximately $500 billion and above each year (Lam, 90). This is often money compromised from organization's systems by criminals. For instance, these attackers target customer debit or credit card data and information. In financial institutions, cyber criminals embezzle money from the accounts, carries out businesses espionage and in extreme cases; they take over control of an organization system and later demand payments to unlock the systems. This leaves the government and many corporations with no doubt to search for better and excellent cyber strategy defense.
Cyber security governance is essential in many organizations since it will utilize technologies, standard procedures, and practices about safeguard information systems. This leads to comprising of data, software programs, computers, and networking elements from malicious attacks, unauthorized modification, and access, damage or theft. It has become one of the major issues in today's business environments. It has brought rapid technological improvements by providing opportunities and sources of effectiveness but it also brought many unexpected threats in an organization. For instance, computer networks have remained to be a target for most cyber criminals, and the imminent danger is that cyber security attacks will continuously grow in future with the expanding networking systems. Therefore, an organization should take the necessary precautions to minimize their loss from attackers who only seek to cause them harm (Lam, 56). Particularly, they should have the correct level of preparation to tackle breaches and security experts to offer external assistance. This will help to control damages and make them recover from cyber-attacks and the outcomes.
Cyber Security Governance Strategy
To manage cybersecurity, it should be a process that is based on potential risk assessments, and it should concentrate on the primary cyber security spheres of influence which include: people, process, technology and compliance.
1 People
This human factor is commonly dealt with at two primary levels: First are the non-technical workers must always have the latest awareness of their duties in reducing and preventing cyber threats. If it is to be carried out efficiently, this staff program knowledge should help an organization in identifying possible security risks.They should assist the staff in understanding the outcome of severe cyber security governance, ensuring a persistent roll out of activities. Also, progress the communication between various teams at different levels of ranks in the organization. Second are the technical staff equally must have full, current cyber security skills, qualifications, and competency. This means they are prepared to be a specialist who will plan and carry out the most complex procedures required to realize an efficient cyber security governance strategy. A weak and less trained staff management just implies insufficient risk management and their application to cyber security control might not work exposing their system to attacks. Also, it is an organization’s responsibility to recover and respond to data and information breaches which highly depends on the technical staff competency.
2 Processes
Efficient processes explain and define how all and the many institutional activities, roles, procedures, and documentation are put to use. Specifically, to prevent risks to the organization's information security and are the main elements to implementing efficient cyber security governance strategy. The process requires a continuous improvement and assessment of the security system (Liu, et al. 56). The process ensures this by providing the threats of the organization are continually looked at and that the appropriate preventive measure for control is upgraded and implemented. The process often includes domains such as; documentation toolkits which provide a suitable template outlining the guidelines used in creating policies. Also, is work instructions, procedures, improvement methodology, and, roles according to cyber security governance of an organization. The essential cyber scheme similarly uses a backing up and supports an organization’s plan to guide their operations while protecting themselves from cyber threats. This in turn helps to greatly prevent cyber-attacks by a higher percentage. Consultancy packages, on the other hand, provide all necessary elements needed to implement governance strategy without further involved incurred costs and complexities.
3 Technology
The technological factor is another significant element in realizing cyber security management for any organization. An efficient cyber security management program requires that the detection of cyber threats and the choice of appropriate measures and controls to mitigate the effects of such cyber-attacks. A company must outline and provide a standard guidance to cyber threat management and the kind of control that should be used to prevent these threats. There are always twenty recognized technological security checks. Each of these controls should be supported by complete automation, measurement, and test guidance. Then it should reflect a consent of many security specialists on the better and efficient way to prevent specific security attacks that the technological controls are created to deal with.
Cyber Security Governance Implementation
Cyber security governance is implemented through the use of Access Control as well as CIA standards. Access control procedure involves controlling the person who is given right of access to information and data to identify which degree they can modify or use this data or information. Access control, also, includes the control of access to substantial assets. To identify with the fundamentals of the Access control, one studies how opportunity software programs work (Williams, 27). In these programs, the proprietor can craft several groups and allocate to them limited access to specific networking programs. Then various groups can be assigned to each networking systems. The administrator can also give extraordinary privileges to precise users who should get free access to private networking system in spite of belonging to different user groups. Other teams should be allowed to place announcements, as others only allowed to respond to the posts.
The Confidentiality, Integrity, and Availability (CIA) just refer to the three states of information and data that we should be protecting in the networking system. The data requires to be confidentially kept (no spying or unauthorized access). It is necessary to maintain its integrity (no manipulation, alteration, or damage of the information and data) and it is necessary to remain accessible whichever time it is needed. No ransomware or attacks, even though ransomware often endanger both the availability and integrity of the information and data.
Most Security Management systems suggest that the following are the steps regarding the setting up and implementation of a Cyber Security Management System: risk assessments, Asset identification, risk treatment. The following steps would be implemented in an organization that needs to secure its cyber security governance system. 1) Asset identification involves identifying the essential assets necessary in coming up with a cybersecurity governance system which will be used to create the system (Kohnke, et al. 77). This process majorly is the developing phase for any security system which is implemented later when tested and found to be effective. 2) Risk Assessment involves assessing the weaknesses that could result in breaches of the system. This process also allows for the testing of the system performance by access control in which an organization tries to attack its system to identify vulnerabilities. For instance, they may decide to steal information and see if the system is a success or a failure. 3) Risk Treatment involves responding to any vulnerability found during the risk assessment process. This means that if they were able to successfully identify or even get external access to vital company information, this is the phase to fix such weakness. It majorly involves setting up of even detection software systems that will recognize any intruder and raise alert of intrusion.
Cyber Security Governance for Organizations
An effective cyber security governance position should be comparative to the risks factors faced by every organization, which must be based on the result of risks assessments. All agencies commonly face two kinds of cyber security attack which include: deliberate attacks from intruders. They carry out this breach due to belief that an organization might be having a high profile and at the same time shows to be containing valuable information. Also, if they would publicly benefit from such an attack, in case it becomes successful. Also, opportunists would attack an organization's security system because their automatic scan possibly detected the presence of an exploitable weakness. Virtually all internet systems often have exploitable weaknesses unless it has been t...
Professor’s Name
Course
Date
Cyber Security Governance
Globally, people live in an ever-growing networking platform ranging from personal electronic banking to government operations. These networks to be protected have been no longer an option but a necessity due to increased cybercrimes, threats, and attacks. Cyber risk has in many cases raise fears due to high profile criminal breaches and is seen to endanger the world economy due to increase in hack attacks and similar security threats (Kohnke, et al. 34). According to international reports, most organizations worldwide have attested to the fact that they are inadequately prepared by way of protection against cyber-attacks by themselves. This has led to cybercrime losses of cost in the world economy at an amount of approximately $500 billion and above each year (Lam, 90). This is often money compromised from organization's systems by criminals. For instance, these attackers target customer debit or credit card data and information. In financial institutions, cyber criminals embezzle money from the accounts, carries out businesses espionage and in extreme cases; they take over control of an organization system and later demand payments to unlock the systems. This leaves the government and many corporations with no doubt to search for better and excellent cyber strategy defense.
Cyber security governance is essential in many organizations since it will utilize technologies, standard procedures, and practices about safeguard information systems. This leads to comprising of data, software programs, computers, and networking elements from malicious attacks, unauthorized modification, and access, damage or theft. It has become one of the major issues in today's business environments. It has brought rapid technological improvements by providing opportunities and sources of effectiveness but it also brought many unexpected threats in an organization. For instance, computer networks have remained to be a target for most cyber criminals, and the imminent danger is that cyber security attacks will continuously grow in future with the expanding networking systems. Therefore, an organization should take the necessary precautions to minimize their loss from attackers who only seek to cause them harm (Lam, 56). Particularly, they should have the correct level of preparation to tackle breaches and security experts to offer external assistance. This will help to control damages and make them recover from cyber-attacks and the outcomes.
Cyber Security Governance Strategy
To manage cybersecurity, it should be a process that is based on potential risk assessments, and it should concentrate on the primary cyber security spheres of influence which include: people, process, technology and compliance.
1 People
This human factor is commonly dealt with at two primary levels: First are the non-technical workers must always have the latest awareness of their duties in reducing and preventing cyber threats. If it is to be carried out efficiently, this staff program knowledge should help an organization in identifying possible security risks.They should assist the staff in understanding the outcome of severe cyber security governance, ensuring a persistent roll out of activities. Also, progress the communication between various teams at different levels of ranks in the organization. Second are the technical staff equally must have full, current cyber security skills, qualifications, and competency. This means they are prepared to be a specialist who will plan and carry out the most complex procedures required to realize an efficient cyber security governance strategy. A weak and less trained staff management just implies insufficient risk management and their application to cyber security control might not work exposing their system to attacks. Also, it is an organization’s responsibility to recover and respond to data and information breaches which highly depends on the technical staff competency.
2 Processes
Efficient processes explain and define how all and the many institutional activities, roles, procedures, and documentation are put to use. Specifically, to prevent risks to the organization's information security and are the main elements to implementing efficient cyber security governance strategy. The process requires a continuous improvement and assessment of the security system (Liu, et al. 56). The process ensures this by providing the threats of the organization are continually looked at and that the appropriate preventive measure for control is upgraded and implemented. The process often includes domains such as; documentation toolkits which provide a suitable template outlining the guidelines used in creating policies. Also, is work instructions, procedures, improvement methodology, and, roles according to cyber security governance of an organization. The essential cyber scheme similarly uses a backing up and supports an organization’s plan to guide their operations while protecting themselves from cyber threats. This in turn helps to greatly prevent cyber-attacks by a higher percentage. Consultancy packages, on the other hand, provide all necessary elements needed to implement governance strategy without further involved incurred costs and complexities.
3 Technology
The technological factor is another significant element in realizing cyber security management for any organization. An efficient cyber security management program requires that the detection of cyber threats and the choice of appropriate measures and controls to mitigate the effects of such cyber-attacks. A company must outline and provide a standard guidance to cyber threat management and the kind of control that should be used to prevent these threats. There are always twenty recognized technological security checks. Each of these controls should be supported by complete automation, measurement, and test guidance. Then it should reflect a consent of many security specialists on the better and efficient way to prevent specific security attacks that the technological controls are created to deal with.
Cyber Security Governance Implementation
Cyber security governance is implemented through the use of Access Control as well as CIA standards. Access control procedure involves controlling the person who is given right of access to information and data to identify which degree they can modify or use this data or information. Access control, also, includes the control of access to substantial assets. To identify with the fundamentals of the Access control, one studies how opportunity software programs work (Williams, 27). In these programs, the proprietor can craft several groups and allocate to them limited access to specific networking programs. Then various groups can be assigned to each networking systems. The administrator can also give extraordinary privileges to precise users who should get free access to private networking system in spite of belonging to different user groups. Other teams should be allowed to place announcements, as others only allowed to respond to the posts.
The Confidentiality, Integrity, and Availability (CIA) just refer to the three states of information and data that we should be protecting in the networking system. The data requires to be confidentially kept (no spying or unauthorized access). It is necessary to maintain its integrity (no manipulation, alteration, or damage of the information and data) and it is necessary to remain accessible whichever time it is needed. No ransomware or attacks, even though ransomware often endanger both the availability and integrity of the information and data.
Most Security Management systems suggest that the following are the steps regarding the setting up and implementation of a Cyber Security Management System: risk assessments, Asset identification, risk treatment. The following steps would be implemented in an organization that needs to secure its cyber security governance system. 1) Asset identification involves identifying the essential assets necessary in coming up with a cybersecurity governance system which will be used to create the system (Kohnke, et al. 77). This process majorly is the developing phase for any security system which is implemented later when tested and found to be effective. 2) Risk Assessment involves assessing the weaknesses that could result in breaches of the system. This process also allows for the testing of the system performance by access control in which an organization tries to attack its system to identify vulnerabilities. For instance, they may decide to steal information and see if the system is a success or a failure. 3) Risk Treatment involves responding to any vulnerability found during the risk assessment process. This means that if they were able to successfully identify or even get external access to vital company information, this is the phase to fix such weakness. It majorly involves setting up of even detection software systems that will recognize any intruder and raise alert of intrusion.
Cyber Security Governance for Organizations
An effective cyber security governance position should be comparative to the risks factors faced by every organization, which must be based on the result of risks assessments. All agencies commonly face two kinds of cyber security attack which include: deliberate attacks from intruders. They carry out this breach due to belief that an organization might be having a high profile and at the same time shows to be containing valuable information. Also, if they would publicly benefit from such an attack, in case it becomes successful. Also, opportunists would attack an organization's security system because their automatic scan possibly detected the presence of an exploitable weakness. Virtually all internet systems often have exploitable weaknesses unless it has been t...
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Other Topics:
- Technology: Computer Science As A Required Subject In SchoolDescription: Robotics is one of the topics that are common when it comes to understanding computer science. As a discipline of computer science, Robotics extensively looks at artificial intelligence as it involves the replication and modeling of intelligent behavior that is infused in robots...4 pages/≈1100 words| 5 Sources | MLA | IT & Computer Science | Research Paper |
- Social Media Impact in the Technological World IT Research PaperDescription: The concept of social interaction in the world of technology has changed whereby news, materials and information travel from one part of the world to the other at a supersonic speed. The concept is propagated with the introduction of different platforms through social media and advancement...10 pages/≈2750 words| 10 Sources | MLA | IT & Computer Science | Research Paper |
- Identifying the Certifications at IT SecurityDescription: In this research paper about IT Security certifications, the top-tier certifications are discussed in depth. These certifications include GIAC, CISSP, CISM, and CompTIA Security+. With the increased advancements in technology, cybercrimes have also increased drastically....7 pages/≈1925 words| 4 Sources | MLA | IT & Computer Science | Research Paper |