Cyber Security Governance and Management for Brazilian Energy Utilities
VerifiedAdded on 2022/11/17
|10
|2598
|408
AI Summary
This study focuses on the building of a theoretical-empirical model of cyber security governance and management for Brazilian Energy Utilities sector. It examines the cyber security issue of Brazilian Energy Utilities sector and suggests a framework for mitigating the risks of cyber security breaching.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CYBER SECURITY
Cyber Security
Name of the Student
Name of the University
Author Note
Cyber Security
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1CYBER SECURITY
Part A.
Introduction
The world of cyber security has become very dynamic along with the advancement of
technology and as a result the critical protection of the infrastructure available in the system has
become very crucial. This issue of cyber protection has greatly affected the government,
regulatory agencies and consumers of the energy utility system as the energy utility systems are
more prone to be vulnerable in front of the cyber risks. It is quite evident that, the vulnerability
of the cyber security system is closely correlated with the risks of attacks in the cyber security
system of an organization. On the contrary, it is the duty of the government and the organization
to make the system more secure from the risks of cyber security by implementing proper
governance and management system. The study of Pardini, Heinisch, and Parreiras (2017), stated
about the building of a theoretical-empirical model of cyber security governance and
management and also to examine the system along with the professionals from the energy sectors
of Brazil as the study aimed to investigate the cyber security issue of Brazilian Energy Utilities
sector. The concept of cyber security refers to the exploitation of the security of any individual
or an organization. It is quite evident that the improvement in the communication speed and
accessibility of huge amount of information by using internet have make the condition more
vulnerable in terms of exploiting the automated control system indulged in the infrastructure. In
this study, Delphi method and statistical techniques were used for assessment of the instruments
and validation of those instruments and they were developed based on the two constructs and
they are management and governance. The analysis of the situation is based on the situation of
Brazilian energy utilities concerning the safety of their cyberspaces.
Part A.
Introduction
The world of cyber security has become very dynamic along with the advancement of
technology and as a result the critical protection of the infrastructure available in the system has
become very crucial. This issue of cyber protection has greatly affected the government,
regulatory agencies and consumers of the energy utility system as the energy utility systems are
more prone to be vulnerable in front of the cyber risks. It is quite evident that, the vulnerability
of the cyber security system is closely correlated with the risks of attacks in the cyber security
system of an organization. On the contrary, it is the duty of the government and the organization
to make the system more secure from the risks of cyber security by implementing proper
governance and management system. The study of Pardini, Heinisch, and Parreiras (2017), stated
about the building of a theoretical-empirical model of cyber security governance and
management and also to examine the system along with the professionals from the energy sectors
of Brazil as the study aimed to investigate the cyber security issue of Brazilian Energy Utilities
sector. The concept of cyber security refers to the exploitation of the security of any individual
or an organization. It is quite evident that the improvement in the communication speed and
accessibility of huge amount of information by using internet have make the condition more
vulnerable in terms of exploiting the automated control system indulged in the infrastructure. In
this study, Delphi method and statistical techniques were used for assessment of the instruments
and validation of those instruments and they were developed based on the two constructs and
they are management and governance. The analysis of the situation is based on the situation of
Brazilian energy utilities concerning the safety of their cyberspaces.
2CYBER SECURITY
Organizations Background and Cyber Risks
Brazil is the highest electricity producing country of Latin America and the country has
the largest energy supplying capacity in the continent. It is reported that, among all the countries
in the South America region, Brazil produces a huge amount of electricity energy and
simultaneously distributes the electricity to more than 79 million of residential, industrial and
commercial consumers of various countries of the South America. It is reported that, the growth
of the electricity load in the country was approximately 5 per cent per year and as a result the
country has to produce almost 4GW source of new energy generation in each year in order to
meet the requirement of the electricity market of the country. It is estimated that, by the end of
20124, the requirement of the electricity in the country will enhance by 4.2 per cent and that will
require almost 79 GW of electricity production (Export.gov 2019). With this enhanced
requirement of the electricity in the Brazilian market, the market players also concentrate on the
new technologies so that they can produce the required amount of energy to distribute in the
market. As electricity is one of the essential services required for maintaining the quality of life,
so the market players attempt to modernize the energy sector of the country and simultaneously
them aim to reduce the risks of power outages as well. According to the study of Di Santo et al.
(2015), it is reported that there are various type of threats or issues that may challenge the
security perspective of the electric sectors of the company. In the study of Aitel (2013), it is
stated that, the cyber environment invaders can be categorized in terms of their motivation of
attacks and they can be either a group or an individual. Along of this it can be stated that, in
some cases, any nation or a group of activists engaged in unethical practices may also associated
with the alteration of the cyber security of the organization (Pardini, Heinisch, and Parreiras
2017). The threats of the cyber security in the organizational context, are associated with the
Organizations Background and Cyber Risks
Brazil is the highest electricity producing country of Latin America and the country has
the largest energy supplying capacity in the continent. It is reported that, among all the countries
in the South America region, Brazil produces a huge amount of electricity energy and
simultaneously distributes the electricity to more than 79 million of residential, industrial and
commercial consumers of various countries of the South America. It is reported that, the growth
of the electricity load in the country was approximately 5 per cent per year and as a result the
country has to produce almost 4GW source of new energy generation in each year in order to
meet the requirement of the electricity market of the country. It is estimated that, by the end of
20124, the requirement of the electricity in the country will enhance by 4.2 per cent and that will
require almost 79 GW of electricity production (Export.gov 2019). With this enhanced
requirement of the electricity in the Brazilian market, the market players also concentrate on the
new technologies so that they can produce the required amount of energy to distribute in the
market. As electricity is one of the essential services required for maintaining the quality of life,
so the market players attempt to modernize the energy sector of the country and simultaneously
them aim to reduce the risks of power outages as well. According to the study of Di Santo et al.
(2015), it is reported that there are various type of threats or issues that may challenge the
security perspective of the electric sectors of the company. In the study of Aitel (2013), it is
stated that, the cyber environment invaders can be categorized in terms of their motivation of
attacks and they can be either a group or an individual. Along of this it can be stated that, in
some cases, any nation or a group of activists engaged in unethical practices may also associated
with the alteration of the cyber security of the organization (Pardini, Heinisch, and Parreiras
2017). The threats of the cyber security in the organizational context, are associated with the
3CYBER SECURITY
alteration and destruction of the technological infrastructure, revealing of information regarding
the business plans of an organization, accessing the network of the organization in an unethical
ways, gathering information related to the financial sector of the company and in some cases, it
is also reported that the cases of cyber security breaching is also associated with the personal
revenge issues of an individual or an organization. In the recent time, the threats of the
cyberspaces are associated with gaining the physical control of the computer network and data
of the organization from the control system by using unethical means (Diniz, Muggah, and
Glenny 2014).
Cyber Risk Governance
While analyzing the security system of an organization in the context of ERM
framework, it can be stated that, there are mainly two layers in the cyber security system and
they are governance and management. It is reported that, any kind of agility in the decision
making process can promote the risks of cyber-attacks against the corporations and the
shareholders of the company. Along with this, it is reported that, the poor security systems in the
organization can also promote the risks of cyber-attack in the organization. Lack of strategic
implementation in the organization can also alter the cyber risk management in the context of
ERM as it is directly associated with the security of the organization (Pardini, Heinisch, and
Parreiras 2017).
Although the used smart grid system is in the cybernetic layer and the main concerns of
the distribution company of the electric sector are associated with the technological
infrastructures for assessing the transmission and with the distribution of the electric grid in the
country. The main reason behind this concerns is associated with the enhanced vulnerability of
alteration and destruction of the technological infrastructure, revealing of information regarding
the business plans of an organization, accessing the network of the organization in an unethical
ways, gathering information related to the financial sector of the company and in some cases, it
is also reported that the cases of cyber security breaching is also associated with the personal
revenge issues of an individual or an organization. In the recent time, the threats of the
cyberspaces are associated with gaining the physical control of the computer network and data
of the organization from the control system by using unethical means (Diniz, Muggah, and
Glenny 2014).
Cyber Risk Governance
While analyzing the security system of an organization in the context of ERM
framework, it can be stated that, there are mainly two layers in the cyber security system and
they are governance and management. It is reported that, any kind of agility in the decision
making process can promote the risks of cyber-attacks against the corporations and the
shareholders of the company. Along with this, it is reported that, the poor security systems in the
organization can also promote the risks of cyber-attack in the organization. Lack of strategic
implementation in the organization can also alter the cyber risk management in the context of
ERM as it is directly associated with the security of the organization (Pardini, Heinisch, and
Parreiras 2017).
Although the used smart grid system is in the cybernetic layer and the main concerns of
the distribution company of the electric sector are associated with the technological
infrastructures for assessing the transmission and with the distribution of the electric grid in the
country. The main reason behind this concerns is associated with the enhanced vulnerability of
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4CYBER SECURITY
the system and it is not at all known to the management whether the organizations are prepared
for any kind of cyber threat or not. So, it is very crucial to enhance the level of knowledge
regarding the new concept of electric energy among the management (Pardini, Heinisch, and
Parreiras 2017).
Policy and Process of the Proposed Model
In current scenario, most of the companies present in the Brazilian Energy Utilities
sectors are using the smart grid system in the security processes. According to the study of
Pardini, Heinisch, and Parreiras (2017), it is reported that, the concept of smart grid system in the
security system comprises of enhanced use of digital information technology and control
technology and they are mainly used to increase the dependability, security and efficacy to the
electric grid. It is reported that the use of the smart grid in the security of organizations engaged
in the electricity utilities generally follow the traditional measures of security. From the article, it
can be stated that, the Smart grid model is composed of stakeholder security, cyber security
governances, cyber security management and cyber environments. All of the components are
interconnected with the smart grids itself and with the critical energy infrastructure (Pardini,
Heinisch, and Parreiras 2017). As per the ISO 31000 risk management framework, there are five
components and they are policy and governance, program design, implementation, monitoring
and review and continual improvement. Therefore, it can be stated that, this model is closely
aligned with the described framework of ERM in the organization. The ISO framework is also
associated with the addressing the problems of the organization and thereby try to improve the
security system of the organization as well. Moreover this framework wills also monitor and
oversight the structure and performances of the organization as well (Quintella et al. 2017). On
the other hand, the COSO framework comprises of five components and they are risk
the system and it is not at all known to the management whether the organizations are prepared
for any kind of cyber threat or not. So, it is very crucial to enhance the level of knowledge
regarding the new concept of electric energy among the management (Pardini, Heinisch, and
Parreiras 2017).
Policy and Process of the Proposed Model
In current scenario, most of the companies present in the Brazilian Energy Utilities
sectors are using the smart grid system in the security processes. According to the study of
Pardini, Heinisch, and Parreiras (2017), it is reported that, the concept of smart grid system in the
security system comprises of enhanced use of digital information technology and control
technology and they are mainly used to increase the dependability, security and efficacy to the
electric grid. It is reported that the use of the smart grid in the security of organizations engaged
in the electricity utilities generally follow the traditional measures of security. From the article, it
can be stated that, the Smart grid model is composed of stakeholder security, cyber security
governances, cyber security management and cyber environments. All of the components are
interconnected with the smart grids itself and with the critical energy infrastructure (Pardini,
Heinisch, and Parreiras 2017). As per the ISO 31000 risk management framework, there are five
components and they are policy and governance, program design, implementation, monitoring
and review and continual improvement. Therefore, it can be stated that, this model is closely
aligned with the described framework of ERM in the organization. The ISO framework is also
associated with the addressing the problems of the organization and thereby try to improve the
security system of the organization as well. Moreover this framework wills also monitor and
oversight the structure and performances of the organization as well (Quintella et al. 2017). On
the other hand, the COSO framework comprises of five components and they are risk
5CYBER SECURITY
assessment, control environment, control activities, information and communication and
monitoring of activities. Therefore, it can be stated that, the COSO framework and ISO 31000
frameworks are aligned with the frame work stated in the article and all of the framework are
mainly aiming to reduce the risks in the organization by monitoring and reviewing the existing
system of an organization (Lotti Oliva et al. 2017).
Critical Review of Model
While analyzing the overall effectiveness of the smart grid model in the context of
energy sectors of Brazil, it can be said that, the smart grid system in the energy sector is quite
effective as it is capable of handling a huge amount of data and information in a secure way. The
study result showed that, there are lack of knowledge regarding the cyber security of the
electrical sector of the country. Along with this, it was revealed in the study that, the
management of electric sector is not completely engaged in the operational decisions regarding
the cyber security. Hence, it can be stated that although the smart grid system is helpful in
maintaining the cyber security of the organization, still the organizations are not completely
capable of implementing the system in the organization. However, a few sectors of the industry
showed improvement regarding the reduction of risks in the cyber security sectors. The study
result showed that cyber security issues in the Brazilian energy sector is associated with the
isolated actions of the organizations and they are mainly focusing on the area of communication
technology and information technology of the country (Pardini, Heinisch, and Parreiras 2017).
Therefore, it can be stated that, as the smart grid system is very effective, so it can be applied to
other industries as well.
Part B.
assessment, control environment, control activities, information and communication and
monitoring of activities. Therefore, it can be stated that, the COSO framework and ISO 31000
frameworks are aligned with the frame work stated in the article and all of the framework are
mainly aiming to reduce the risks in the organization by monitoring and reviewing the existing
system of an organization (Lotti Oliva et al. 2017).
Critical Review of Model
While analyzing the overall effectiveness of the smart grid model in the context of
energy sectors of Brazil, it can be said that, the smart grid system in the energy sector is quite
effective as it is capable of handling a huge amount of data and information in a secure way. The
study result showed that, there are lack of knowledge regarding the cyber security of the
electrical sector of the country. Along with this, it was revealed in the study that, the
management of electric sector is not completely engaged in the operational decisions regarding
the cyber security. Hence, it can be stated that although the smart grid system is helpful in
maintaining the cyber security of the organization, still the organizations are not completely
capable of implementing the system in the organization. However, a few sectors of the industry
showed improvement regarding the reduction of risks in the cyber security sectors. The study
result showed that cyber security issues in the Brazilian energy sector is associated with the
isolated actions of the organizations and they are mainly focusing on the area of communication
technology and information technology of the country (Pardini, Heinisch, and Parreiras 2017).
Therefore, it can be stated that, as the smart grid system is very effective, so it can be applied to
other industries as well.
Part B.
6CYBER SECURITY
1. Based on the models described in the study by Pardini, Heinisch, and Parreiras (2017) , it
is reported that, in an ideal ERM framework there will be following components.
a) As per the smart grid model, the analysis of the stakeholder is very crucial to fix the
cyber security issues in the organization. In this context, the internal stakeholders are
very crucial and the internal stakeholders of the company are technology providers,
policy makers, management responsible for implementing the policy in the
organization. Proper analysis of the internal stakeholders of the company will also the
organization to select identify their vision and goal regarding the cyber security (Trim
and Lee 2016).
b) Identification of threats regarding the cyber security by the management is also very
crucial for managing the risks of cyber security in the organization as it will help the
organization to identify the issue in a proper manner.
c) The risk assessment is another crucial step for risk management framework as per the
smart grid system. This step will help the organization to take adequate steps
followed by an adverse incidents in the organization.
d) The next of ideal ERM frame work will address the issue of asset management as per
the smart grid system and in this step the organization must address the human
resource management and asset management so that the risks can be mitigated within
the organization (Trim and Lee 2016).
e) Control activities in the organization is also very important in case of the organization
and implementation of the policies and procedures are associated in this step . Hence,
it can be stated that proper implementation of policies and procedures in the
1. Based on the models described in the study by Pardini, Heinisch, and Parreiras (2017) , it
is reported that, in an ideal ERM framework there will be following components.
a) As per the smart grid model, the analysis of the stakeholder is very crucial to fix the
cyber security issues in the organization. In this context, the internal stakeholders are
very crucial and the internal stakeholders of the company are technology providers,
policy makers, management responsible for implementing the policy in the
organization. Proper analysis of the internal stakeholders of the company will also the
organization to select identify their vision and goal regarding the cyber security (Trim
and Lee 2016).
b) Identification of threats regarding the cyber security by the management is also very
crucial for managing the risks of cyber security in the organization as it will help the
organization to identify the issue in a proper manner.
c) The risk assessment is another crucial step for risk management framework as per the
smart grid system. This step will help the organization to take adequate steps
followed by an adverse incidents in the organization.
d) The next of ideal ERM frame work will address the issue of asset management as per
the smart grid system and in this step the organization must address the human
resource management and asset management so that the risks can be mitigated within
the organization (Trim and Lee 2016).
e) Control activities in the organization is also very important in case of the organization
and implementation of the policies and procedures are associated in this step . Hence,
it can be stated that proper implementation of policies and procedures in the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CYBER SECURITY
organization will help to reduce the chance of cyber security risks within the
organization.
f) The next crucial step for constructing a ERM framework for mitigating the risks of
cyber security breaching is the documentation of the required information and proper
communication among the stakeholders of the organization. Therefore, it can be
stated that effective communication will help people to carry out their responsibilities
in a better manner.
g) Monitoring is also very crucial for an ideal ERM framework as the technological
advancements make the security mechanism very dynamic in nature and so regular
monitoring is important for changing the security system as per the requirement (Trim
and Lee 2016).
2. This suggested that framework may be effective as it has all possible measures regarding
minimizing of cyber security risks. From the proposed ERM structure, it can be stated
that, identification of the risks and stakeholders in a proper manner are the strengths of
this policy. Along with this, proper monitoring system, application of effective
communication are also marked as strengths of the policy. On the other hand, the
proposed ERM frame work fails to explain the use of the latest technology such as
artificial intelligence in the system as a part of the cyber security and it can be stated as a
weakness of this ERM frame work (Malik and Holt 2013). Therefore, in order to
overcome, the organization may use artificial intelligence system in the cyber security
team of their organization.
organization will help to reduce the chance of cyber security risks within the
organization.
f) The next crucial step for constructing a ERM framework for mitigating the risks of
cyber security breaching is the documentation of the required information and proper
communication among the stakeholders of the organization. Therefore, it can be
stated that effective communication will help people to carry out their responsibilities
in a better manner.
g) Monitoring is also very crucial for an ideal ERM framework as the technological
advancements make the security mechanism very dynamic in nature and so regular
monitoring is important for changing the security system as per the requirement (Trim
and Lee 2016).
2. This suggested that framework may be effective as it has all possible measures regarding
minimizing of cyber security risks. From the proposed ERM structure, it can be stated
that, identification of the risks and stakeholders in a proper manner are the strengths of
this policy. Along with this, proper monitoring system, application of effective
communication are also marked as strengths of the policy. On the other hand, the
proposed ERM frame work fails to explain the use of the latest technology such as
artificial intelligence in the system as a part of the cyber security and it can be stated as a
weakness of this ERM frame work (Malik and Holt 2013). Therefore, in order to
overcome, the organization may use artificial intelligence system in the cyber security
team of their organization.
8CYBER SECURITY
References
Aitel, D.,2013. Cybersecurity essentials for electric operators. The Electricity Journal, 26(1), 52-
58.
Di Santo, K.G., Kanashiro, E., Di Santo, S.G. and Saidel, M.A., 2015. A review on smart grids
and experiences in Brazil. Renewable and Sustainable Energy Reviews, 52, pp.1072-1082.
Diniz, G., Muggah, R. and Glenny, M., 2014. Deconstructing cyber security in brazil. Strategic
Paper.
Export.gov, 2019. Brazil Energy. Export.gov. Retrieved from- https://www.export.gov [Accessed
on 13th Sept 2019]
Lotti Oliva, F., Cecília Sobral, M., Damasceno, F., Janny Teixeira, H., Cláudio de Hildebrand e
Grisi, C., Américo Fischmann, A. and Aparecido dos Santos, S., 2014. Risks and strategies in a
Brazilian innovation–flexfuel technology. Journal of Manufacturing Technology
Management, 25(6), pp.916-930.
Malik, S.A. and Holt, B., 2013. Factors that affect the adoption of Enterprise Risk Management
(ERM). OR Insight, 26(4), pp.253-269.
Pardini, D.J., Heinisch, A.M.C. and Parreiras, F.S., 2017. Cyber security governance and
management for smart grids in brazilian energy utilities. JISTEM-Journal of Information Systems
and Technology Management, 14(3), pp.385-400.
Quintella, V.D.M., Silva Jr, A.F.D.A.D., Almeida, J.R.U.C. and Embirucu, M., 2017. Financial
exposure and technology innovation investment: Measuring project results in Brazilian
References
Aitel, D.,2013. Cybersecurity essentials for electric operators. The Electricity Journal, 26(1), 52-
58.
Di Santo, K.G., Kanashiro, E., Di Santo, S.G. and Saidel, M.A., 2015. A review on smart grids
and experiences in Brazil. Renewable and Sustainable Energy Reviews, 52, pp.1072-1082.
Diniz, G., Muggah, R. and Glenny, M., 2014. Deconstructing cyber security in brazil. Strategic
Paper.
Export.gov, 2019. Brazil Energy. Export.gov. Retrieved from- https://www.export.gov [Accessed
on 13th Sept 2019]
Lotti Oliva, F., Cecília Sobral, M., Damasceno, F., Janny Teixeira, H., Cláudio de Hildebrand e
Grisi, C., Américo Fischmann, A. and Aparecido dos Santos, S., 2014. Risks and strategies in a
Brazilian innovation–flexfuel technology. Journal of Manufacturing Technology
Management, 25(6), pp.916-930.
Malik, S.A. and Holt, B., 2013. Factors that affect the adoption of Enterprise Risk Management
(ERM). OR Insight, 26(4), pp.253-269.
Pardini, D.J., Heinisch, A.M.C. and Parreiras, F.S., 2017. Cyber security governance and
management for smart grids in brazilian energy utilities. JISTEM-Journal of Information Systems
and Technology Management, 14(3), pp.385-400.
Quintella, V.D.M., Silva Jr, A.F.D.A.D., Almeida, J.R.U.C. and Embirucu, M., 2017. Financial
exposure and technology innovation investment: Measuring project results in Brazilian
9CYBER SECURITY
commodity industries. Academia Revista Latinoamericana de Administración, 30(4), pp.547-
564.
Trim, P. and Lee, Y.I., 2016. Cyber security management: a governance, risk and compliance
framework. Routledge.
commodity industries. Academia Revista Latinoamericana de Administración, 30(4), pp.547-
564.
Trim, P. and Lee, Y.I., 2016. Cyber security management: a governance, risk and compliance
framework. Routledge.
1 out of 10
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.