Cybersecurity Measures for Businesses

Verified

Added on  2020/02/24

|12
|3133
|112
AI Summary
This assignment delves into the critical topic of cybersecurity for businesses. It emphasizes the need for robust security measures to protect against cyber threats and data breaches. The text discusses various approaches to enhance cybersecurity, including implementing comprehensive threat identification mechanisms, employing effective threat mitigation strategies, and adhering to best practices for maintaining data security. The overall goal is to provide a framework for businesses to strengthen their cybersecurity posture and safeguard their valuable assets.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
CORPORATE GOVERNANCE
1 | P a g e

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Contents
Introduction......................................................................................................................................2
Main Body:..................................................................................................................................2
1) Cyber Name..........................................................................................................................2
2) How do company respond....................................................................................................3
3) It will affect current operation and new ones.......................................................................4
4) How to manage the risk:.......................................................................................................5
Qualities of Directors...................................................................................................................6
Project Plans.................................................................................................................................7
How to Monitor............................................................................................................................7
Uses of Consultants......................................................................................................................8
Recommendation.........................................................................................................................9
References........................................................................................................................................9
2 | P a g e
Document Page
Introduction
Irrespective of the size or magnitude of the firm, companies today emphasise on implementing
network security measures to improve data protection and prevent unauthorised access or misuse
of information. The system also helps the user to regulate and monitor unauthorised modification
in a computer network. In short it enhances the overall data security of an organisation. As far as
this report here is concerned, as a corporate governance consultant one is expected to address the
issue of cyber security in a proper manner and also help the company board in understanding the
need for implementing certain changes in the technical department and overall system to ensure
data security and monitor unauthorised activity of any nature (Amoroso, 2007).
In this report as a consultant of cyber security a complete evaluation on ways in which cyber
protection could be improved has been discussed in detail so that the company could improve
business performances in a defined way. The report discusses key approaches in a step by step
manner to help in proper implementation and understanding of the same.
In this report as per instruction the company Ansell Limited has been selected for discussing the
cyber security issue. The company is listed the Australian Stock Exchange and ranked within the
ASX 200 and hence selected here for discussion.
Main Body:
1) Cyber Name
Cyber security is of key importance for any firm across the world. In the health care domain,
there are endless information that is needed for patient care and treatment. Ansell is primarily
into manufacturing special protecting items such as medical gloves and other essential items for
operation and health care. Cyber security is a most important topic for both the company in
general and for the managing directors. Stories on data breaches are common these days and this
affects millions of customer records, payment and even on the final accounts as the purchase and
store data is affected (Augastine, 2007). Hence professionals are needed to focus on cyber
security and for data management and stopping hackers from damaging internal data or deface
3 | P a g e
Document Page
the website. Attacks are common these days and hence impact on the conventional data
management system. Some of the common threats impacting on business are,
i. Software bugs
ii. Trojan horses
iii. Exploiting passwords
iv. IP address spoofing
v. Sniffers
Research also confirms that attack trends have grown over the years;
2) How do company respond
Risk management is important here so as to identify and eliminate key threats coming from
breach of networking system (Cyber-security, 2014). Management should focus on altering the
existing system and improve four key functional areas, namely
a. alignment of the entire organisation that will include implementation of monitoring
approaches and tools in horizontal, vertical and flat organisational structure so as to
identify and eliminate cyber risks.
b. Analytics to transform from an indicator-driven approach to evolve as pattern detention
c. Data to support business event detection instead of technology detection
4 | P a g e

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Cyber risk monitoring programme has time and again helped companies in improving overall
system and improve cyber security (Felici, 2013).
3) It will affect current operation and new ones.
Within the organisation it is likely to impact on the following. Cyber-attacks and hacking have
become daily phenomenon and impacted negatively on businesses. It impacts on both present
and future operations.
A cyber-attack could lead to major damages including harming business reputation and
consumer trust, other issues are financial loss, theft of corporate information, loss of financial
data such as bank detail, payment information, disruption in trading and loss of business or
contacts. Criminals today are no longer using traditional methods of haring people, instead have
incorporated technology driven practices to cripple an organisation from its core. Thus they are
using or leveraging malware, bots and other types of threats to attack an organisation and cripple
its functioning ability (Hilb, 2016). It has been further studied that cybercriminals are employed
by rival companies or gangs to affect the brand and cripple the company so that its functioning
ability is disrupted and other organisations could successfully lead the sector. It is often
identified as a type of modern warfare where companies are often targeting such cyber threats
against each other to stay ahead in the competition. This strategic approach though seems
unethical and heinous; however is reality in the present day business scenario. In many situations
cyber criminals often attack multiple sites and overall functioning gets badly affected. New
variants of malware are included and companies struggle to manage the undetected issues if it is
not conscious about cyber security. Cyber criminals include a group of well-structured, skilled
hackers that jointly execute such attacks to cripple the company and even lead to closed down
due to loss in functioning ability (Hirschey et al. 2004). The level of risk of cyber-crime however
varies from company to company and from country to country. For example, while DoS attacks
leading to greater risks to organisations were common in UK and Hong Kong virus and worms
were common in Germany. Thus depending on the nature of attacks the country or the company
should develop the much needed shield.
5 | P a g e
Document Page
However, world reports on cyber security enlightens the researcher here with the data security
that about 17 per cent of machines as well as mobiles in an organisation are generally infected by
cyber hacking. Respondents from Australia have different perceptions about cyber risk and they
generally believe that cyber criminals are fraud and seals company’s financial records. In UK
and USA it has been recorded that these criminals steal customer data. Thus cybercrime is a
growing threat across the countries around the world. Hence for companies like Ansell it is
important to introduce cyber security plan and enhance security level (Horowitz and Lucero,
2016).
There are several ways in which the issues effects on business performances. Major areas of
concern therefore include Application security, Information security, Network security and
Disaster security.
Application security involves approaches considered while protecting applications from breaches
or malware threats which arises from wrong application designs. Some key types of application
security are, input parameter validation, session management, audit and logging.
Information security protects information from being accesses by unauthorised users. Identity
theft and privacy protection are important in this regard.
Disaster recovery planning however includes approaches like risk assessment, recovery strategy
development to overcome problems of any kind.
Network security involves activities t protect the network. Network safety measures are
implemented.
4) How to manage the risk:
The risk may be managed in the following manner;
Selection of framework on a compliance checklist
Several organisations are focussed on improving security measures and meet compliance need as
none of the company wishes to fail in the audit. To overcome audit failure it is advised to
develop a proper security program which is based on a framework and helps in implementing apt
control on the respective measures. Some of the most commonly used reliable frameworks for
6 | P a g e
Document Page
ensuring appropriate cyber security is NIST in US and is adopted by several companies across
the state. Hence it is essential to implement a proper and effective program as per the inherent
need of the company (Lehto, 2013).
Data classification:
This helps in enhancing security of the information as per each department. Information are
classified and secured as per specific department. A proper understanding of information and
strategies to protect data is possible by streamlining the system and classification of data
management. By completing data classification companies like Ansell could protect information
and also save money.
Security control and implementation:
General computer controlling system which is known to people includes IT control so that
financial statement audit could be properly managed and cyber security controls could be
improved in a defined way. There are several cyber security programmes, and frameworks
available in the market (Mallin, 2016). The below mentioned three frameworks are most
commonly implemented and could be used by Ansell;
Qualities of Directors
In several companies cyber security is treated mainly as a technology issues and it is identified
that directors have little knowledge about the issue as far as IT security risks and business are
concerned. Hence it is important as a consultant to first discuss issues with the director or the
management and then proceed accordingly. Here it is essential to inform them about the various
risks associated with the cyber security and how breach of security could lead to serious loss and
negative branding (Monks and Minow, 2011). Financial loss could even lead to complete loss
and in extreme condition might even lead to closed down of the firm. Hence security consultants
expect direct involvement of the management so that they not only understand about the changes
taking place within the company’s process, but also support the venture with proper budget so
that the company gets proper budget for the particular job.
Directors should be understanding and adjustable to changes. They should be flexible in nature
or it is difficult for them to understand the changes recommended by the consultant (Voeller,
7 | P a g e

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
2014). It is to be mentioned here that if they fail to understand the need for implementation of
cyber security, it would harm the infrastructure further and cripple the system. Hiring a
consultant will not help unless and until the management understands the need for
implementation of the approach and thus impact on the overall set up.
Project Plans
Security and Privacy controls for Federal Information Systems and Organisations: is known as a
comprehensive framework and offers standard security control to companies. Several US
companies use this approach and control system impact from negative threats. The system
functions in a unique way that includes, cyber security lifecycle, namely identify, protect, detect,
respond and recover from the problem.
ISO 27001 is an international standard framework focussing on establishing, implementing,
maintaining and perennially improving the security management system. The ISO standard
informs the company the basic standard guideline one should follow and how one should manage
information security. ISO standards helps companies in understanding the approaches they
should follow to control threats and cyber-attacks. In the Annex A of the ISO standard detail
objectives have been given that should be followed by information security management system
(Tsoumas and Gritzalis, 2012).
Therefore cyber security the art of protection of valuable intellectual property as well as business
information in the digital form from theft as well as misuse is a critical management issue. The
US government has underpinned cyber security as an important phenomenon and important so as
to protect economic challenges and also measures should be considered as a part of national
security challenges. Increasing pace of complexity of threats however, has forced companies to
adopt key approaches to ensure innovation and growth (Voeller, 2014).
How to Monitor
In order to protect company technological asset is of key importance so that assets are protected
from malicious damage as well as meets the need of employees, consumers and stakeholders. As
far as monitoring the implementation plan is concerned it should be mentioned that considering
adequate plan and step by step approach will help in proper implementation of the cyber security
network. Considering a step by step approach will help in identifying key issues and control
8 | P a g e
Document Page
monitoring of the situation. Monitoring of the implementation of the cyber security programme
will be implemented in a strategic way so that step by step implementation is supervised in a
proper way. The phenomenon of cyber security programme implementation also impact on
company’s culture and overall performance several issues has been critically studied here. The
researchers have discussed how over the years the entrepreneurs have occupied prominent
position in the SME sector by following apt ways of business management and considering
proper security measure.
Uses of Consultants
Consultants here focuses on improving the overall system and hence in order to improve
knowledge on the cyber security issue, he has collected information from various sources
commonly known as secondary data is that data which was published before by other scholarly
researchers on the similar topic. These data were based on primary research work that was
conducted by previous scholars and published in order to evaluate and analyse the respective
topic. In this research work, the analyst has collected secondary data from books, academic
journals, research woks, PDfs, online databases, website, portals etc and presented the issue in a
critical manner in the in this section. Several journals on cyber-threat and ways of reducing
cyber-attacks have enlightened the consultant here about the issue and helped in put forwarding
the below mentioned guidelines;
Hence as a consultant it is primarily responsibility is to inform and coach managers and
management about data security and data protection (Hilb, 2016). After this discussion is to be
continued on the issues such as which areas are to be secured and how these could be secured.
Finally the needed application and its budget as well as required amount of time are to be
discussed and an approval on the same is needed for ensuring overall performance of the
organisation in a systematic way. The research articles also emphasises on shedding a light on
key issues like relationship between cyber security and its need in entrepreneurship in the
process of economic development. Several journals have been referred in this regard for
assistance in this perspective (Augastine, 2007).
Recommendation
After studying the need and application of cyber security programme it could be further
recommended here that,
9 | P a g e
Document Page
Firstly, besides application of technological advancement, users and employees should stay alert
and use external drives in a proper way. Use of external drives in a careless way often lead to
virus attack or even impact on the system’s functioning ability. Thus virus scan is important and
should be applied if and when staffs are using a pen drive or any external drives in the system.
Secondly, regular IT scanning and system monitoring would also help in reducing threats.
Thirdly, implementation of apt file management and planning in data storage will further
streamline information network and help in eliminating unnecessary threats of any sort.
Fourthly, a proper virus or threat identification clock is to be implemented and managed so that
the company could easily identify probable threats of any kind.
Implementing such approaches generally help in eliminating threats from cyber-attacks and
assist companies in improving functioning ability in a defined way. Thus, in order to put an end
to cyber-attacks and security breaches implementation of apt security measures is suggested.
There are countless malicious software locking devices and some even breaches data security
and information is accessed by hackers in an unethical way. Such approaches impact on overall
business environment and hence companies adopt adequate measures to eliminate such issues
cropping up from cyber security breaches.
10 | P a g e

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
References
Amoroso, E. (2007). Cyber security.
Augastine, P. (2007). Cyber security. New Delhi: Crescent Pub. Corp.
Branson, D. (1993). Corporate governance. Charlottesville, Va.: Michie Co.
Cleary, F. and Felici, M. (n.d.). Cyber Security and Privacy.
Cyber-security. (2014). Network Security, 2014(1), p.4.
Dunham, K., Hartman, S., Morales, J., Quintans, M. and Strazzere, T. (n.d.). Android malware
and analysis.
Farrar, J. and Hanrahan, P. (n.d.). Corporate governance.
Felici, M. (2013). Cyber Security and Privacy. Berlin, Heidelberg: Springer.
Flegel, U., Markatos, E. and Robertson, W. (2013). Detection of intrusions and malware, and
vulnerability assessment. Berlin: Springer.
Hilb, M. (2016). New Corporate Governance. Berlin, Heidelberg: Springer.
Hirschey, M., John, K. and Makhija, A. (2004). Corporate governance. Oxford [etc.]: Elsevier
JAI.
Horowitz, B. and Lucero, D. (2016). SYSTEM-AWARE CYBER SECURITY: A SYSTEMS
ENGINEERING APPROACH FOR ENHANCING CYBER SECURITY. INSIGHT, 19(2),
pp.39-42.
Lehto, M. (2013). The Cyberspace Threats and Cyber Security Objectives in the Cyber Security
Strategies. International Journal of Cyber Warfare and Terrorism, 3(3), pp.1-18.
Mallin, C. (2016). Corporate governance. Oxford: Oxford University Press.
Monks, R. and Minow, N. (2011). Corporate governance. Chichester, West Sussex, U.K.: John
Wiley & Sons.
11 | P a g e
Document Page
Samuels, D. and Rohsenow, T. (2015). Cyber security. New York: Arcler Press.
Sheikh, S. (2003). Corporate Governance & Corporate Control. London, England: Taylor &
Francis.
Tittel, E. (2005). PC magazine fighting spyware, viruses, and malware. Indianapolis, IN: Wiley
Pub.
Tsoumas, B. and Gritzalis, D. (2012). Inside Cyber Warfare: Mapping the Cyber
Underworld. Computers & Security, 31(6), p.801.
Voeller, J. (2014). Cyber Security. Wiley.
12 | P a g e
1 out of 12
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]