Cyber Security Part 3
VerifiedAdded on  2023/04/25
|9
|2221
|135
AI Summary
This document explains negotiations with accreditors on compliance, appropriate response strategies, employee training recommendations, and more in Cyber Security Part 3.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CYBER SECURITY
Cyber Security Part 3
Name of the Student
Name of the University
Author’s Note:
Cyber Security Part 3
Name of the Student
Name of the University
Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
CYBER SECURITY
Part 3
1. Explanation of Negotiations with Accreditors on Compliance to be dealt with Example
The negotiation with the accreditors is one of the most significant solutions for
temporary debt issues, which eventually avoids provision of BIA or Bankruptcy and
Insolvency Act. It is the informal proposal, where any agreement is being assigned directly
with the accreditors for the core purpose of reimbursement of liabilities o that have been
borrowed at a specific level that is suitable for the capacity for paying off (Shin, Son & Heo,
2015). These liabilities involve cyber security compliance and how to deal with
noncompliance issues. The negotiation of an agreement with accreditors on compliance
allows to maintain regulations and laws in the organization.
The process is much easier to maintain compliance by such negotiations. The first and
foremost step is to permit accredit organizations to effectively choose the institutions that are
used for demonstrating that they comprise of efficient mechanisms to evaluate the
compliance with proper standards (Clemente, 2013). The next step is to allow the accreditors
to submit their documentation for the demonstration of accreditor is following proper
mechanisms to evaluate compliance with relevant standards. Moreover, a lack of written
processes and policies to review the recognition petitions is also considered for leading to the
inconsistencies within reviews. Finally, a lack of post recognition oversight of the accrediting
organizations is being considered (Staheli et al., 2014). One of the basic examples of this
type of negotiation is that to apply risk based processes for identifying the number of
organizations accreditors should use for demonstrating the efficiency of compliance
evaluation mechanism.
2. Appropriate Response Strategies for putting into Action
CYBER SECURITY
Part 3
1. Explanation of Negotiations with Accreditors on Compliance to be dealt with Example
The negotiation with the accreditors is one of the most significant solutions for
temporary debt issues, which eventually avoids provision of BIA or Bankruptcy and
Insolvency Act. It is the informal proposal, where any agreement is being assigned directly
with the accreditors for the core purpose of reimbursement of liabilities o that have been
borrowed at a specific level that is suitable for the capacity for paying off (Shin, Son & Heo,
2015). These liabilities involve cyber security compliance and how to deal with
noncompliance issues. The negotiation of an agreement with accreditors on compliance
allows to maintain regulations and laws in the organization.
The process is much easier to maintain compliance by such negotiations. The first and
foremost step is to permit accredit organizations to effectively choose the institutions that are
used for demonstrating that they comprise of efficient mechanisms to evaluate the
compliance with proper standards (Clemente, 2013). The next step is to allow the accreditors
to submit their documentation for the demonstration of accreditor is following proper
mechanisms to evaluate compliance with relevant standards. Moreover, a lack of written
processes and policies to review the recognition petitions is also considered for leading to the
inconsistencies within reviews. Finally, a lack of post recognition oversight of the accrediting
organizations is being considered (Staheli et al., 2014). One of the basic examples of this
type of negotiation is that to apply risk based processes for identifying the number of
organizations accreditors should use for demonstrating the efficiency of compliance
evaluation mechanism.
2. Appropriate Response Strategies for putting into Action
2
CYBER SECURITY
The correct response strategies to put into action for the reduction of noncompliance
in an organization are as follows:
i) Breach Notification Policies: The first and the foremost strategy that can be useful
for reducing non-compliance in the organization is breach notification policy (Sabaliauskaite
& Mathur, 2015). The IT security is maintained effectively for having an adversative effect
on availability, integrity and confidentiality of that specific resource and associated resources.
These resources involve servers, media, storage devices and individual computer and even
information, messages as well as data that are stored within them. The prompt detection or
appropriate handling of security incident is required for protecting the organizational
information assets and preservation of confidentiality and privacy of sensitive data (Brown,
Gommers & Serrano, 2015). A proper guidance is provided for enabling effective recovery
from the security incident and respond in the most systematic manner towards incidents.
ii) Security Awareness Training: The second response strategy is security awareness
training. The first line of defence for any specific company is its employees. Making the
users understand about their core responsibilities in relation to the handling of information as
well as knowing what should not be done like visiting untrusted web sites and opening of
electronic mail attachment from the untrusted users would prevent several issues (Andress &
Winterfeld, 2013). This security awareness training is required for all organizations so that
the employees are updated with the type of vulnerabilities that could occur in the organization
and also how to deal with them. Moreover, such trainings are also required for checking the
precautions of threats.
iii) Ongoing Vulnerability Assessments: Another distinct response strategy that
should be put into action is ongoing vulnerability assessment. The regularly scheduled
vulnerability analysis, which subsequently define, recognize as well as classify the
CYBER SECURITY
The correct response strategies to put into action for the reduction of noncompliance
in an organization are as follows:
i) Breach Notification Policies: The first and the foremost strategy that can be useful
for reducing non-compliance in the organization is breach notification policy (Sabaliauskaite
& Mathur, 2015). The IT security is maintained effectively for having an adversative effect
on availability, integrity and confidentiality of that specific resource and associated resources.
These resources involve servers, media, storage devices and individual computer and even
information, messages as well as data that are stored within them. The prompt detection or
appropriate handling of security incident is required for protecting the organizational
information assets and preservation of confidentiality and privacy of sensitive data (Brown,
Gommers & Serrano, 2015). A proper guidance is provided for enabling effective recovery
from the security incident and respond in the most systematic manner towards incidents.
ii) Security Awareness Training: The second response strategy is security awareness
training. The first line of defence for any specific company is its employees. Making the
users understand about their core responsibilities in relation to the handling of information as
well as knowing what should not be done like visiting untrusted web sites and opening of
electronic mail attachment from the untrusted users would prevent several issues (Andress &
Winterfeld, 2013). This security awareness training is required for all organizations so that
the employees are updated with the type of vulnerabilities that could occur in the organization
and also how to deal with them. Moreover, such trainings are also required for checking the
precautions of threats.
iii) Ongoing Vulnerability Assessments: Another distinct response strategy that
should be put into action is ongoing vulnerability assessment. The regularly scheduled
vulnerability analysis, which subsequently define, recognize as well as classify the
3
CYBER SECURITY
informations security hole within networks and any other IT infrastructure are key to the risk
mitigation as soon as it comes to data breaching and active or ongoing applications of
security updates and patches (Graham, Olson & Howard, 2016). These types of vulnerability
assessments are extremely effective for reducing the issues and complexities to a higher level.
3. Employee Training Recommendations for Creation of Awareness of Organizational
Security Measurements
The employee training recommendations for creating organizational security
measurement awareness are as follows:
i) Involvement of Emerging Threats: The first recommendation is to involve
emerging threats and vulnerabilities. The cyber security landscape could change efficiently
for utilizing a security training awareness so that it is easier to select a proper training
platform that not only defines previous data breaches (Ashok, Hahn & Govindarasu, 2014).
These emerging threats are required to be eradicated on time and hence security awareness
training is required.
ii) Importance of Password Issues: The second recommendation is to make the
employees understand about the importance of password issues. This importance of
passwords would be extremely helpful for them to undertake proper knowledge about the
procedure of using passwords in securing confidential and sensitive data or information
(Dandurand & Serrano, 2013). Moreover, periodical changing of passwords is also important
for saving the organizational data from getting hacked after password getting leaked.
iii) Engagement of Employees: The significant engagement of employees is the next
important and noteworthy recommendation to create subsequent awareness of the
organizational security measurements (Pacheco & Hariri, 2016). It is important to involve the
employees since they would be able to understand the requirement of compliance and laws
CYBER SECURITY
informations security hole within networks and any other IT infrastructure are key to the risk
mitigation as soon as it comes to data breaching and active or ongoing applications of
security updates and patches (Graham, Olson & Howard, 2016). These types of vulnerability
assessments are extremely effective for reducing the issues and complexities to a higher level.
3. Employee Training Recommendations for Creation of Awareness of Organizational
Security Measurements
The employee training recommendations for creating organizational security
measurement awareness are as follows:
i) Involvement of Emerging Threats: The first recommendation is to involve
emerging threats and vulnerabilities. The cyber security landscape could change efficiently
for utilizing a security training awareness so that it is easier to select a proper training
platform that not only defines previous data breaches (Ashok, Hahn & Govindarasu, 2014).
These emerging threats are required to be eradicated on time and hence security awareness
training is required.
ii) Importance of Password Issues: The second recommendation is to make the
employees understand about the importance of password issues. This importance of
passwords would be extremely helpful for them to undertake proper knowledge about the
procedure of using passwords in securing confidential and sensitive data or information
(Dandurand & Serrano, 2013). Moreover, periodical changing of passwords is also important
for saving the organizational data from getting hacked after password getting leaked.
iii) Engagement of Employees: The significant engagement of employees is the next
important and noteworthy recommendation to create subsequent awareness of the
organizational security measurements (Pacheco & Hariri, 2016). It is important to involve the
employees since they would be able to understand the requirement of compliance and laws
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CYBER SECURITY
and hence issues will be resolved. Moreover, they will be able to know their audience and get
motivated for betterments.
iv) Involvement of Security Awareness Training Vendor: An involvement of
security awareness training vendors like PhishMe, Rapid7, KnowBe4, Symantec Security
Awareness, Digital Defense, Wombat Security and similar vendors would be extremely
effective for employee training (Onyeji, Bazilian & Bronk, 2014). This particular
recommendation can make organizational data and resources more secured in comparison to
others.
4. Explanation of Process for Obtaining Feedback on the Effectiveness of Security Policies
from Stakeholders with Example
Feedback from stakeholders is extremely vital and significant for taking any kind of
action and checking effectiveness of security policies within an organization. This is helpful
for monitoring the efficiency of intervention and the staff and stakeholders, who are closer to
this intervention comprise of valuable insights and information to feedback to the original
team (Shin, Son & Heo, 2015). This feedback is required for assessing progress against the
objectives and hence taking benefits from the opportunities during response to issues.
The first step in this process is to collect valuable feedback from the key staff for the
progress of intervention through one to one sessions and even formal meetings. The second
step is to consult stakeholders or other staff, who might be affected by this intervention of
security policies (Sabaliauskaite & Mathur, 2015). Finally, in the third step, the stakeholder
feedback is to be analysed properly. The use of process evaluation is required for improving
and strengthening the intervention. An example to obtain feedback from stakeholders
regarding effectiveness of security policies in any organization is reviewing procurement
policies for the digital services.
CYBER SECURITY
and hence issues will be resolved. Moreover, they will be able to know their audience and get
motivated for betterments.
iv) Involvement of Security Awareness Training Vendor: An involvement of
security awareness training vendors like PhishMe, Rapid7, KnowBe4, Symantec Security
Awareness, Digital Defense, Wombat Security and similar vendors would be extremely
effective for employee training (Onyeji, Bazilian & Bronk, 2014). This particular
recommendation can make organizational data and resources more secured in comparison to
others.
4. Explanation of Process for Obtaining Feedback on the Effectiveness of Security Policies
from Stakeholders with Example
Feedback from stakeholders is extremely vital and significant for taking any kind of
action and checking effectiveness of security policies within an organization. This is helpful
for monitoring the efficiency of intervention and the staff and stakeholders, who are closer to
this intervention comprise of valuable insights and information to feedback to the original
team (Shin, Son & Heo, 2015). This feedback is required for assessing progress against the
objectives and hence taking benefits from the opportunities during response to issues.
The first step in this process is to collect valuable feedback from the key staff for the
progress of intervention through one to one sessions and even formal meetings. The second
step is to consult stakeholders or other staff, who might be affected by this intervention of
security policies (Sabaliauskaite & Mathur, 2015). Finally, in the third step, the stakeholder
feedback is to be analysed properly. The use of process evaluation is required for improving
and strengthening the intervention. An example to obtain feedback from stakeholders
regarding effectiveness of security policies in any organization is reviewing procurement
policies for the digital services.
5
CYBER SECURITY
5. Explanation of Process for Identifying New Threats, Vulnerabilities or any
Countermeasure not available when Initial Security Measures are first Implemented
The process to identify new threats, vulnerabilities and any other countermeasure that
are unavailable when the initial security measure is as follows:
i) Understanding Common Attacks: The first and the foremost step is to understand
the common attacks. There can be several types of attacks within the network and it can come
in several varieties (Brown, Gommers & Serrano, 2015). Most of the time, the attackers do
not have knowledge about who they are attacking and they attack on the instances of
networks that are being targeted. Learning of different methods that are used for
compromising networks and computers, eventually provide necessary perspectives for
proceeding.
ii) Using Vulnerability Scanning Tools: The second step is to use vulnerability
scanning tool. Several tools exist for checking the existing security state of the network and
all of these tools check for the open ports, other weaknesses and unpatched software. Few of
these programs eventually focus on the specific machines, however others could scan the
entire network.
iii) Assessment of Risks: The third step is to assess the risks effectively. The several
vulnerabilities on the network are required to be assessed properly so that it becomes much
easy to deal with the vulnerabilities (Andress & Winterfeld, 2013). A proper assessment of
risks is solely responsible for reducing impact of new threats and vulnerabilities.
6. Explanation of Process for Notifying Operational Managers, Stakeholders and
Individuals Affected with Examples
The stakeholders, operational managers and other individuals, who are affected from
cyber threats should be notified in a better manner. The compliance management is required
CYBER SECURITY
5. Explanation of Process for Identifying New Threats, Vulnerabilities or any
Countermeasure not available when Initial Security Measures are first Implemented
The process to identify new threats, vulnerabilities and any other countermeasure that
are unavailable when the initial security measure is as follows:
i) Understanding Common Attacks: The first and the foremost step is to understand
the common attacks. There can be several types of attacks within the network and it can come
in several varieties (Brown, Gommers & Serrano, 2015). Most of the time, the attackers do
not have knowledge about who they are attacking and they attack on the instances of
networks that are being targeted. Learning of different methods that are used for
compromising networks and computers, eventually provide necessary perspectives for
proceeding.
ii) Using Vulnerability Scanning Tools: The second step is to use vulnerability
scanning tool. Several tools exist for checking the existing security state of the network and
all of these tools check for the open ports, other weaknesses and unpatched software. Few of
these programs eventually focus on the specific machines, however others could scan the
entire network.
iii) Assessment of Risks: The third step is to assess the risks effectively. The several
vulnerabilities on the network are required to be assessed properly so that it becomes much
easy to deal with the vulnerabilities (Andress & Winterfeld, 2013). A proper assessment of
risks is solely responsible for reducing impact of new threats and vulnerabilities.
6. Explanation of Process for Notifying Operational Managers, Stakeholders and
Individuals Affected with Examples
The stakeholders, operational managers and other individuals, who are affected from
cyber threats should be notified in a better manner. The compliance management is required
6
CYBER SECURITY
for the organizational members and stakeholders as well as operational managers play a
significant role in dealing with organizational data (Staheli et al., 2014). The easiest process
to notify the operational managers and stakeholders that they are affected is by sending
emails. These emails would be containing encrypted message and it could be decrypted with
proper key. Implementation of encryption in emails is the most common method to notify
operational managers and individuals affected.
7. Identification of Organizational Management Techniques for Responding quickly to
New Challenges with details
The organizational management techniques for responding quickly to the new
challenges of cyber security include involvement of risk management standards like ISO,
COSO and NIST after having common processes. Moreover, secured information sharing and
prioritizing risks are the other significant techniques in this sector (Onyeji, Bazilian &
Bronk, 2014). Threat environment analysis and resilience to risks are the other important
techniques that are required to be considered for responding quickly to the new challenges of
cyber security.
CYBER SECURITY
for the organizational members and stakeholders as well as operational managers play a
significant role in dealing with organizational data (Staheli et al., 2014). The easiest process
to notify the operational managers and stakeholders that they are affected is by sending
emails. These emails would be containing encrypted message and it could be decrypted with
proper key. Implementation of encryption in emails is the most common method to notify
operational managers and individuals affected.
7. Identification of Organizational Management Techniques for Responding quickly to
New Challenges with details
The organizational management techniques for responding quickly to the new
challenges of cyber security include involvement of risk management standards like ISO,
COSO and NIST after having common processes. Moreover, secured information sharing and
prioritizing risks are the other significant techniques in this sector (Onyeji, Bazilian &
Bronk, 2014). Threat environment analysis and resilience to risks are the other important
techniques that are required to be considered for responding quickly to the new challenges of
cyber security.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7
CYBER SECURITY
References
Andress, J., & Winterfeld, S. (2013). Cyber warfare: techniques, tactics and tools for
security practitioners. Elsevier.
Ashok, A., Hahn, A., & Govindarasu, M. (2014). Cyber-physical security of wide-area
monitoring, protection and control in a smart grid environment. Journal of advanced
research, 5(4), 481-489.
Brown, S., Gommers, J., & Serrano, O. (2015, October). From cyber security information
sharing to threat management. In Proceedings of the 2nd ACM workshop on
information sharing and collaborative security (pp. 43-49). ACM.
Clemente, D. (2013). Cyber security and global interdependence: what is critical?. Chatham
House, Royal Institute of International Affairs.
Dandurand, L., & Serrano, O. S. (2013, June). Towards improved cyber security information
sharing. In 2013 5th International Conference on Cyber Conflict (CYCON 2013)(pp.
1-16). IEEE.
Graham, J., Olson, R., & Howard, R. (2016). Cyber security essentials. Auerbach
Publications.
Onyeji, I., Bazilian, M., & Bronk, C. (2014). Cyber security and critical energy
infrastructure. The Electricity Journal, 27(2), 52-60.
Pacheco, J., & Hariri, S. (2016, September). IoT security framework for smart cyber
infrastructures. In 2016 IEEE 1st International Workshops on Foundations and
Applications of Self* Systems (FAS* W) (pp. 242-247). IEEE.
CYBER SECURITY
References
Andress, J., & Winterfeld, S. (2013). Cyber warfare: techniques, tactics and tools for
security practitioners. Elsevier.
Ashok, A., Hahn, A., & Govindarasu, M. (2014). Cyber-physical security of wide-area
monitoring, protection and control in a smart grid environment. Journal of advanced
research, 5(4), 481-489.
Brown, S., Gommers, J., & Serrano, O. (2015, October). From cyber security information
sharing to threat management. In Proceedings of the 2nd ACM workshop on
information sharing and collaborative security (pp. 43-49). ACM.
Clemente, D. (2013). Cyber security and global interdependence: what is critical?. Chatham
House, Royal Institute of International Affairs.
Dandurand, L., & Serrano, O. S. (2013, June). Towards improved cyber security information
sharing. In 2013 5th International Conference on Cyber Conflict (CYCON 2013)(pp.
1-16). IEEE.
Graham, J., Olson, R., & Howard, R. (2016). Cyber security essentials. Auerbach
Publications.
Onyeji, I., Bazilian, M., & Bronk, C. (2014). Cyber security and critical energy
infrastructure. The Electricity Journal, 27(2), 52-60.
Pacheco, J., & Hariri, S. (2016, September). IoT security framework for smart cyber
infrastructures. In 2016 IEEE 1st International Workshops on Foundations and
Applications of Self* Systems (FAS* W) (pp. 242-247). IEEE.
8
CYBER SECURITY
Sabaliauskaite, G., & Mathur, A. P. (2015). Aligning cyber-physical system safety and
security. In Complex Systems Design & Management Asia (pp. 41-53). Springer,
Cham.
Shin, J., Son, H., & Heo, G. (2015). Development of a cyber security risk model using
Bayesian networks. Reliability Engineering & System Safety, 134, 208-217.
Staheli, D., Yu, T., Crouser, R. J., Damodaran, S., Nam, K., O'Gwynn, D., ... & Harrison, L.
(2014, November). Visualization evaluation for cyber security: Trends and future
directions. In Proceedings of the Eleventh Workshop on Visualization for Cyber
Security (pp. 49-56). ACM.
CYBER SECURITY
Sabaliauskaite, G., & Mathur, A. P. (2015). Aligning cyber-physical system safety and
security. In Complex Systems Design & Management Asia (pp. 41-53). Springer,
Cham.
Shin, J., Son, H., & Heo, G. (2015). Development of a cyber security risk model using
Bayesian networks. Reliability Engineering & System Safety, 134, 208-217.
Staheli, D., Yu, T., Crouser, R. J., Damodaran, S., Nam, K., O'Gwynn, D., ... & Harrison, L.
(2014, November). Visualization evaluation for cyber security: Trends and future
directions. In Proceedings of the Eleventh Workshop on Visualization for Cyber
Security (pp. 49-56). ACM.
1 out of 9
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.