Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Corporate Governance and Cyber Security: Best Practices and Recommendations

Verified

Added on 2023/06/07

AI Summary

The report covers the range of the criminal cyber activities that can take place in the organisation and the ways in which the management of the organisation can prevent the same. It also provides best practices and recommendations for corporate governance and cyber security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

28 August 2018
orporate o ernanceC G v
Cyber Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

CORPORATE GOVERNANCE 1
Executive Summary
The advancements of the information security technology and the internet has made the
organisations more and more dependent on computer systems and network. The technologies
not only aid in a range of the management functions, but also help the organisations survive
cutthroat competitions in the event of globalisations. However, the cyber security crimes are
favourite of criminals and hackers because of the lack of prohibition and the difficulties in
recognition of the real criminal, because of the complexities involved in the overall channel.
In order, to keep the systems and the organisations secure, the managers of the organisation
must take the initiative of designing sound information security policies. The report covers
the range of the criminal cyber activities that can take place in the organisation and the ways
in which the management of the organisation can prevent the same.

CORPORATE GOVERNANCE 2
Contents
Introduction................................................................................................................................2
Background................................................................................................................................2
Need for Cyber Security.............................................................................................................3
Forms of Cyber Crimes in Organizations..................................................................................4
Instances of inadequate cyber resilience and the related consequences.....................................5
Role of the management.............................................................................................................6
Best practice and recommendations...........................................................................................6
Discussion of the scope and the responsibilities....................................................................7
Regular updating of the current threats and the ongoing hacking practices..........................7
Setting of the accountability...................................................................................................7
Definition and quantification of the Risk appetite.................................................................7
Resilience Plans:....................................................................................................................7
Conclusion..................................................................................................................................8
References..................................................................................................................................9

CORPORATE GOVERNANCE 3
Introduction
With the advancements of the internet, other information technological innovations and cost
effective data storage techniques, it has become easier for the organisations of the 21st century
to access the market information. The inflow and the outflow of the information has become
an integral part of the business organizations of today. The processing and the storage of the
obtained information aids the management in data analysis and dynamic decision-making
(Von Solms and Van Niekerk, 2013). The information technology practices aid in the varied
areas of business operations ranging from the international trade, finance, marketing,
logistics, supply chain, to corporate social responsibility management and the overall
strategic planning.
However, with the utilisation of the networks and the systems, comes the responsibility to
manage the associated risks in the form of the hacks and the breaches. Thus, the managers
must aim for the utilisation of the information security resources while ensuring the
confidentiality, integrity, availability and the accountability (Johnson, et. al, 2016).
Moreover, the increasing reliance on the innovation, information technology products,
practices and pressure from the regulators has made the concept of the cyber security even
more critical for today’s organisations and the management.
The report is aimed at describing the various facets of cyber security. It begins with the brief
description of the importance of the security of the information technology systems and
protocols in the organisations. The report affirms the empirical role of the managers in the
cyber security regime of the organisations and further describes the best practices in this
field. The report concludes with the set of the recommendations to the top-level management
of the organisation, which would aid them to devise the cyber resilience policy at the
corporate board level.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

CORPORATE GOVERNANCE 4
Background
Cyber Security refers to the ability to control the access of the systems connected through a
network and the range of information shared therein (Gupta, Agrawal and Yamaguchi, 2016).
This includes the technologies and processes designed to aid protection of the computers, the
hardware, the software, networks, other digital equipment and the data from the unauthorized
access so as to avoidance of being misused by the hackers, terrorists and the cyber criminals.
Cyberspace refers to the virtual space that makes use of the electromagnetic spectrums and
electronics for the storage, modification and the exchange of information (Hunter, 2017).
This is done with the help of the related physical structure and the networked systems.
Cyberspace is an intangible framework, better known as virtual environment that helps
connect the people across the globe and facilitates the exchange of information and
communication.
Cyber security is a crucial concept from the point of view of the individuals, families and
regulators, but also from the point of view of businesses and the organisations. The reason for
the same is the potential criminal activities that can take place in the form of production and
distribution of child pornography, conspiracies concerning child exploitation, banking and
financial frauds, violations of the intellectual property rights, and many more (Elmaghraby
and Losavio, 2014). The crimes not only/ lead to the disruption or destruction of essential of
the networking and the communication activities, but also lead to a substantial loss to the
human and economic development of a nation (Safa, Von Solms and Futcher, 2016).
Need for Cyber Security
The role of cyber security in the organisations is empirical. The rationale behind the same is
the mounting dependence of the organisations on the computer systems for data procurement,
analysis and storage. In addition to this, the various tasks with respect to research, marketing,

CORPORATE GOVERNANCE 5
strategic planning are also performed through the aid of the computer systems and the
internet. Failure to ensure the security of the systems might lead to the loss of the important
data with respect to the information about patents, copyrights, vital statistics about the
customers, employees and much more. In addition to this, the loss of information might lead
to the loss of integrity and the public trust on the operations of the entity. Thus, it is important
for the organisations to keep the systems, networks and the data secure from the intrusion of
the third parties including competitors.
Forms of Cyber Crimes in Organisations
There are various forms of the cyber-crimes, which hold the potential of undermining the
economic and financial resources along with the reputation of an entity. Some of them are
listed as follows.
 Intellectual Property Theft: The business secrets on the line of researches
conducted, models or formulas developed and innovation and the related information
are the highly attacked assets of the organisations in the event of the competition.
Thus, the organisations must ensure to protect the intellectual properties, patents,
trademarks and the vital information from being misused.
 Phishing: It refers to the fraudulent attempt to gain access to the personal and
financial information with the help of the email or text messages. The hackers and the
cyber criminals gain an access to the list of the suppliers, customers or such and send
email that seems to come from the trustworthy sources. The email further asks the
vital information with respect to the details like bank account holder name, account
number, credit card number, social security number, one-time passwords and more.
Thus, in the name of the trustworthy organisations, hacker steal the vital details of the
customers, suppliers or such.

CORPORATE GOVERNANCE 6
 Spoofing: The technique is describes as to have an unauthorized access to the
computer, which begins with the sending of the message to a networked computer
through an IP address. This involves the modification and the alteration of the trusted
host IP address of an entity, in order to use the same on the targeted individuals to
extract important details.
 Worms and Viruses: A computer virus when linked with a malicious file or an
executable programme can harm the computer systems of an entity and affect the
performance. The same is the case with the computer worms. The damage caused by
the worms and viruses to the computers are a potential base to extract the information
from the systems.
In addition to this, some other crimes are email bombing, identity theft, denial of services
attacks, distributed denial of services attacks, cyber stalking and many more. The
cybercrimes further hold the potential to engage with the other criminal activities such as
money laundering, fraud and terrorism that further lead to severe economic and financial
consequences.
Instances of inadequate cyber resilience and the related consequences
There have been many cases across the world, where the hackers and criminals have
managed to impede the security of the computers and the systems and the entities have
consequently faced the economic and financial losses along with the loss of reputation. Some
of the widely known cases have been listed as follows.
 There was a recent breach in the information technology system of the credit-
reporting agency Equifax Inc. in the year 2017 (Walker, 2018). The incident affected
some 143 million customers belonging to the United States.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

CORPORATE GOVERNANCE 7
 In the year 2013-14, the Internet giant Yahoo was the victim of the biggest ever data
breach in which accounts of approximately 3 billion users were affected
(Kuchler,2017). The breach resulted in the disclosure of names, addresses, date of
birth, and telephone numbers of the users. In addition, to this the breach knocked an
estimated $ 350 million from the sale price of the internet business to Verizon.
 Personal information of about 57 million users and the 600000 drivers of Uber were
exposed in the late 2016 (Wong, 2017). The leaked information comprised of names,
email addresses and the mobile phone numbers of the users. The hackers also exposed
the driver license information. The breach resulted in the loss of the reputation as well
as the vital information of the company Uber.
Role of the management
The organisationsplay an empirical role in the contribution towards the cyber resilience and
thereby benefiting not just the immediate consumers, suppliers and the stakeholders, but also
towards nation as a whole. Paying regards to the gravity of the cyber security issues and the
long-term impacts of the same, cyber security management can longer be regarded as a prime
responsibility of the information technology department (Shrobe, Shrier and Pentland, 2018).
The responsibility must flow from top to bottom and the role of the board is crucial in the
same.
The directors must possess the basic knowledge of the cyber security concepts such as the
nature, scope and the implications of the cyber security risk. The basic knowledge is essential
to be able to formulate the policies of the organisations in order to mitigate the risk arising
out of the cyber breaches and hacks (Mowbray, 2013).
In addition to the above, the further course of action involves determination of the company’s
overall behaviour and the setting up the risk appetite of the entity.

CORPORATE GOVERNANCE 8
Best practice and recommendations
Countering cyber risk is the major challenge faced by the leaders and managers across
various industries. However, these challenges are a part of the opportunities presented by the
use of the technological advancements in the field of internet and communication. Instead of
the implementation of the solutions, post the security breach crisis, the leaders of the
organisations must design the cyber security policies in advance (Densham, 2015). The
leaders must also oversee the management and the implementation of the cyber security
measures, in order to counter the risk of breaches and hacks beforehand and in an efficient
manner. Some of the best practices and the recommendations made to the board of the
directors of the company are listed as follows.These are in line with the principles of cyber
resilience as laid down by the World Economic Forum. The board can incorporate the
principles and practices as part of their governance responsibilities (World Economic Forum,
2017).
Discussion of the scope and the responsibilities: It is the ultimate responsibility of the
board to design the framework of the cyber security in the entity. The boards can delegate the
same to the various committees such as the audit committee or the risk committee of the
entity. The responsibilities, access and the authority of the functions must be clearly defined
at each operational and executive level.
Regular updating of the current threats and the ongoing hacking practices: The board
must update itself regularly with the ongoing practices in the field of the cyber security
breaches. In addition to the above, the board must acquaint itself with the industry practices
adopted for the resilience. The board may organise a cyber-resilience orientation programme
for itself and the employees as well.

CORPORATE GOVERNANCE 9
Setting of the accountability: The board must define the framework of the responsibility
and the accountability within the organisation. The designated employees or the accounting
officers must have regular board access, sufficient authority, knowledge of the subject, and
the relevant experience and resources for the performance of the duties (Knowles, et. al,
2015).
Definition and quantification of the Risk appetite. The board must define and quantify the
tolerance level of the risk of the cyber security for the entity (Cavelty, 2014). The board must
also ensure that the said risk appetite is consistent with the overall business strategy and the
risk appetite in terms of the industry. The risk appetite must be decide taking into account the
interest of the shareholder, regulators, customers and external societal perspectives.
Resilience Plans: The board must devise the resilience plans, which should define the best
practices to be made use of in the organisation. The plans may use strategies such as the use
of firewalls, limited access to systems and passwords, periodical review of the hardware and
software. The establishment of policies for the use of the internet and social media, degree of
allowance of the third party access to the systems, usage of the internet security programmes,
availing of the cyber-crime insurance and more are also some means (Geers, 2011).
Review: It is essential to review the overall cyber security policy from time to time, update
the knowledge and the infrastructure and fill the loopholes. The review of the performance of
the information technology department, accountable officers and management itself, must be
carried on (Graham, Olson and Howard, 2016).
Conclusion
Thus, as per the discussions conducted in the previous parts of the report it can be concluded
that with the advancements and the dependence over the technological innovations,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

CORPORATE GOVERNANCE 10
networked practices and communications; cyber security has become a major challenge in the
21st century. Larger number of individuals and the organisations are dependent on the cyber
space and the networked systems for their various kinds of operations. Thus, it can be said
that the issue is crucial not only from the point of view of the individuals, but also from the
point of view of organisations. The report describes a few of the instances of the cyber
security breaches and the related activities, which have cost the entities loss of the reputation
as well as the financial and the economic losses. Even the largest of the companies have not
been spared from the threat of the cyber security breach. The report further describes the
various ways in which the criminals or the hackers may interrupt with the working of the
organisations and can harm the infrastructures. Some of the popular means are spoofing,
email bombing, violation of the intellectual property rights, phishing and more. In order to
counter the issue, the report describes the role of the management. On evaluation, it is found
that management of the enterprise holds great potential as well as the responsibility to address
the cyber security within the organisation. The report suggests various best practices and the
recommendations that can be integrated by the management in the strategic planning of the
entities to counter the cyber-attacks and resulting losses. Some of the means as suggested are
definition of roles and responsibilities, delegation of authority, designing of the resilience
plan, definition of the risk appetite, risk assessment and reporting, and review of the risk plan.
Thus, the integration of the cyber resilience and management is the key to addressing the
issues of cyber security in the organisations.

CORPORATE GOVERNANCE 11
References
Cavelty, M. D. (2014) Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), pp.701-715.
Densham, B. (2015)Three cyber-security strategies to mitigate the impact of a data
breach. Network Security, 2015(1), pp.5-8.
Elmaghraby, A. S. and Losavio, M. M. (2014) Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.
Geers, K. (2011)Strategic cyber security. Estonia: CCD COE Publication.
Graham, J., Olson, R. and Howard, R.(2016)Cyber security essentials. New York: Auerbach
Publications.
Gupta, B., Agrawal, D. P. and Yamaguchi, S. eds., (2016)Handbook of research on modern
cryptographic solutions for computer and cyber security. United States: IGI Global.
Hunter, D.(2017) Cyberspace as Place and the Tragedy of the Digital Anti commons. In Law
and Society Approaches to Cyberspace, Oxon: Routledge. pp. 59-139.
Johnson, C., Badger, L., Waltermire, D., Snyder, J. and Skorupka, C.(2016) Guide to cyber
threat information sharing. NIST special publication, 800, p.150.
Knowles, W., Prince, D., Hutchison, D., Disso, J.F. P. and Jones, K.(2015) A survey of cyber
security management in industrial control systems. International journal of critical
infrastructure protection, 9, pp.52-80.
Kuchler, H. (2017) Yahoo says 2013 cyber breach affected all 3bn accounts. [online]
Available from:https://www.ft.com/content/9412c2b0-a87c-11e7-93c5-
648314d2c72c[Accessed on 31/08/2018].

CORPORATE GOVERNANCE 12
Mowbray, T. J. (2013) Cybersecurity: Managing Systems, Conducting Testing, and
Investigating Intrusions. UK: John Wiley & Sons.
Safa, N.S., Von Solms, R. and Futcher, L. (2016) Human aspects of information security in
organisations. Computer Fraud & Security, 2016(2), pp.15-18.
Shrobe, H., Shrier, D. L. and Pentland, A. eds., (2018)New Solutions for Cybersecurity.
Cambridge: MIT Press.
Von Solms, R. and Van Niekerk, J. (2013)From information security to cyber security.
computers& security, 38, pp.97-102.
Walker, D. (2018) Equifax data breach: Equifax admits even more data was stolen than
previously thought. [online] Available
from:http://www.itpro.co.uk/data-breaches/29418/equifax-data-breach-equifax-admits-even-
more-data-was-stolen-than-previously[Accessed on 31/08/2018].
Wong, J. C. (2017) Uber concealed massive hack that exposed data of 57m users and drivers.
[online] Available from: https://www.theguardian.com/technology/2017/nov/21/uber-data-
hack-cyber-attack [Accessed on 31/08/2018].
World Economic Forum. (2017) Advancing Cyber Resilience Principles and Tools for
Boards. [online] Available from:
http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf
[Accessed on 31/08/2018].

1 out of 13

+13062052269

info@desklib.com

Corporate Governance and Cyber Security: Best Practices and Recommendations

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Corporate Governance & Ethics: Cyber security in organisations

Cybersecurity Risk Assessment and Investment

Analysis of Cloud Security Breaches and Threats

Emerging Trends in Cybercrime and Problems Related to Policing Online Crimes

Cyber Security and Resilience Protocols for Corporations: A Case Study of Woolworths Group Limited

Cyber Security Best Practices & Attacks