Technology is one of the greatest inventions we have in this life. With this invention, our life became much easier than it was. Nowadays, technology has given our society full opportunities to explore our world in many fields such as medicine, Engineering, information systems, communications and information technology. In addition, it helped countries and organizations to reduce time and effort by using online services, e-gov and e-business. Moreover, it allowed people to communicate with each other in all over the world and to share information, documents and pictures by using mobile phone and social media such as Facebook, Twitter, YouTube, and Instagram. These things made governments, organizations and information security experts in IT thinking seriously about finding right strategies to apply the cybersecurity in order to protect networks, PCs and information from hacking, steal passwords, vandalism or unauthorized access by hackers, crackers and Social engineering. These strategies include applying cybersecurity polices.in fact, issuing cybersecurity polices are only the first step however, applying cybersecurity polices is the core step to minimize of risks, so cybersecurity policies have some rules that need IT group to be aware of. These policies had been reviewed by case study and our professor Dr. Elliott Lynn in the first life classroom include:
1- “The biggest potential weakness in cyber security policy is when IT group do not have any support.
2- The staff who are responsible for cyber security policy are IT professionals, because we cannot expect that executive management to be aware of security issues.
3- IT group is responsible for making sure that cyber security policy is enforced including tools.
4- The bes...
... middle of paper ...
...chieve level of work ethics that help organization to move on.
Cybersecurity is not only IT responsibility, but also the every single person at organization. Also, employees need to understand that attack at any part of organization means attack's at all organization due we work as a one team. Training, workshops, conferences are good methods to increase the level of staff awareness. Using antivirus, firewalls and security policy would reduce security threats.
This is my last case study and I hope you like it.
Best Regards
Mohammed Almohdar
Works Cited
Dhillon, G. (2007). Principles of information systems security: Text and cases. Hoboken, NJ:
John Wiley & Sons.
Media: life classroom # 1 by Dr. Elliott Lynn.
https://seu-online.blackboard.com/webapps/portal/frameset.jsp?url=%2Fwebapps%2Fblackboard%2Fexecute%2Flauncher%3Ftype%3DCourse%26id%3D_349997_1%26url%3D
During the process of analyzing an organizations effectiveness to manage cybersecurity risks, there are ranges of security policies that need to be implemented. A prime example of this concept is the cybersecurity policies developed for consulting firm Booz Allen Hamilton. The direct division formed to address the firm’s requirements within cyberspace is the Cyber Solution Network (CSN). The CSN division within Booz Allen Hamilton has a range of policies used to ensure the firm is protected against risk.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
President Obama has realized the seriousness of the upcoming threats and turned the government focus more toward defending the information and communications infrastructure and In May 2009, he issued a request from top to bottom review of the current situation. The report titled the Cyberspace Policy Review includes strategy, policy, and standards regarding the security of and operations in cyberspace. According the white house’s cybersecurity foreign policy, the Cyberspace Policy Review highlighted two objectives and ten near-term actions to support the cybersecurity strategy.
United States President Barack Obama has identified cyber security as a key issue the nation will face. President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cyber security (“Foreign Policy Cyber Security,” 2013).”
Data breaches have gone up significantly and hackers are coming up with innovative techniques of breaching the data security network. There are several challenges associated with cybersecurity management as there are a multitude of threats arising from various sources. Cybersecurity threat can have different levels of impact on an organization or a business and varies based on the industry type. According to the Securitas USA survey, manufacturing, healthcare and insurance, finance, information, and utilities saw cybersecurity as the topmost threat for their businesses (Securitas USA,
Implementation of policies and standards within an organization are important to maintain information systems security. Employees within an organization play a huge role in the effort to create, execute, and enforce a security policy. Every business requires a different strategy and approach to it's security policy, depending on their size and nature of business.
This is a case study of how policies, laws and regulations affect the cybersecurity field in organizations. Laws and regulations have been used in multiple various fields to provide guidance and control over how certain practices are been done. Their introduction to the Information Security field is recent, and due to the importance of what’s at stake, they seem to play a necessary role. It’s vital that we explain in details what has been observed in organizations’ programs and normal operations as a result of implementing these rules. In the past, not having any kind of direction while creating Information Security programs have proved to isolate agencies away from current progress in cybersecurity, while creating confusion on how to face
A IT disaster can be unpredictable and inevitable to an organization. For instance, these types of disasters “can be man-made, natural disasters, technology failures and more” (Business continuity and disaster recovery plan, 2008). Many cybersecurity companies should emphasize the need for organizations to have a DR/BCP in place. In fact, cybersecurity “should acknowledge and embrace the linkages between information security and other departments, such as business continuity, disaster recovery, and emergency management” (Kirvan, P, 2014). It is important for a CISO in an organization to integrate cybersecurity to their DR/BCP. According to SISS-Consulting, “75% of organizations say IT risk can impact customer satisfaction” (Cyber Security, 2016). There are a variety of reasons, plans, and implementations that a CISO must have in mind when they are looking to
Therefore, Cyber intelligence sharing and protection act are very significant because it allows the government, organization or companies free rein to bypass the existing laws to monitor communication and filter the content or even under extreme cases the online services shuts down for cyber security purposes. The threats could be; malware or compromised software, malicious or compromised hardware, insider attack or espionage, code injection, attacks that overload the resources or capacity of the systems such as distributed denial of service attacks and social engineering and phishing. Companies are encouraged to be aware of the threats and should share data with the legal authorities and with one another, and the government can distribute the data in return (Chen et al,
According to Lineberry (2007), organization spends a significant amount of money on information technology budget on computer security with firewalls, vaults, lock, biometrics and more can be pierced by attackers by going after the untrained and uninformed employees, (Lineberry, 2007). Employees need to be trained on cyber security awareness. They should be familiar with ways hackers will try to get into the network by uses of viruses, spam emails to spread viruses, social networking and more. If the organization has an open internet for employees to research items on the internet, inform them on what to look for in the search that could lead to a harmful site. For an example, the title of the page could be what they are looking for but the web address linked to it could be completely different. Monthly newsletters on current trends in cyber security awareness could help keep employees informed such as last month there been an increase in social engineering attacks and expected to be more this month, it keeps employees on a look out. The employees should also be informed who their IT people are and what they will not ask for over the phone such as password information. A yearly refresher course would help either by an online training or by having training conference. Process should be put in place by policies on dealing with
There are many impacts that identifies with human error and why these errors occur. The human factor is the major problem in the importance of information security. The human factor is also referred to as “the missing link” in the security world as it implies the proactive approach whether than the reactive approach. The major contributing components to security concerns concluded that the non-acquiescence to the cybersecurity policy and lack of training.
According to the information security governance, success is often less, due to inability to value the the organisation 's information and data. This creates the discussion on the needs for security and the resources to be assigned to this.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
The nation has become dependent on technology, furthermore, cyberspace. It’s encompassed in everything we deliver in our daily lives, our phones, internet, communication, purchases, entertainment, flying airplane, launching missiles, operating nuclear plants, and implicitly, our protection. The more ever-growing technology empower Americans, the more they become prey to cyber threats. The United States Executive Office of the President stated, “The President identified cybersecurity as one of the top priorities of his administration in doing so, directed a 60-day review to assess polices.” (United States Executive Office of the President, 2009, p.2). Furthermore, critical infrastructure, our network, and internet alike are identified as national assets upon which the administration will orchestrate integrated cybersecurity policies without infringing upon and protecting privacy. While protecting our infrastructure, personal privacy, and civil liberties, we have to keep in mind the private sector owns and operates the majority of our critical and digital infrastructure.
As the Department of Homeland Security continues to improve cyber security across all critical information sectors as well as in cyber infrastructure and network they are not effective. This lack of effectiveness comes from the overwhelming work load that is being put on one department which can cause one purpose to fail more than another and as a result the purpose fails as a