Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Cyber Security Threats and Information Governance

Verified

Added on 2023/01/19

AI Summary

This report discusses the importance of cyber security and information governance in protecting computer systems from cyber attacks. It critically assesses cyber security threats and the need for information governance. It also justifies the approaches and purpose of an Information Security Management System (ISMS) and illustrates the significance of information governance and risk assessment methodologies.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Cyber Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
Introduction......................................................................................................................................3
Task 1...............................................................................................................................................4
Critically assess cyber security threats for demonstration of needs of information governance.
.....................................................................................................................................................4
Task 2...............................................................................................................................................6
Justify approaches and purpose of ISMS....................................................................................6
Task 3...............................................................................................................................................8
Illustrate significance of information governance along with risk assessment methodologies.. 8
Conclusion.....................................................................................................................................10
References .....................................................................................................................................11

Introduction
Cyber security is defined as protecting computer system from any kind of damage or theft
to software, electronic data or hardware. It involves controls, processes and technologies which
are premeditated for protection of programs, networks, data and devices from any kind cyber
attacks (Abomhara, 2015). Efficacious cyber security eliminates the risk associated with cyber
attacks along with this; it is liable for protecting from unauthorised exploitation of technologies,
networks and systems. This report is based on Wallington Trust Hospital which is liable for
rendering secondary health services in London. It offers their patients with rehabilitation,
orthopaedics, gynaecology, neurosurgery and various other services. This report is based on
cyber security threats approaches along with information security management system.
Furthermore, significance of information governance will be illustrated.
Task 1
Critically assess cyber security threats for demonstration of needs of information governance.
The preventive techniques that are being utilised for protecting data, networks and
programs from any kind of unauthorised access, damage or attack is referred to as cyber security.
It involves protection of systems and information from cyberthreats which can be in any form
like exploit kits, phishing, ransomware and malware. The different real life case studies have
been illustrated beneath:
 Dunkin's Donuts Credential Stuffing Attack: This attack took place in November 2018
but still now they are notifying their users with more number of account breaches. In this
attack, hackers got leverage into accounts of user’s credentials as they prompted them to
enter their details within DD Perks reward account. The purpose behind this was not
having personal information of users but instead they wanted to have account itself for
selling Dark Web Forums (Top 5 Cyber Security Breaches of 2019 So Far, 2019). This
attack tool place last year but still organisation has not taken any peculiar steps through
which it can be protected as same attack again occurred in the same firm. The

organisation must have taken appropriate countermeasures through which they can be
avoided.
 Toyota's second data breach: The attack took place on 29th March, 2019 and has created
impact on 3.1 million individuals. Firm is identifying whether still the cybercriminals
possess access to their data or they are able to read data (Brown, Gommers and Serrano,
2015). Unauthorised access occurred to server which was connected with network of
Toyota. The server to which intruder was able to get in do not contained details of credit
card. When this attack came into notice, the systems were made offline to make sure that
more details do not get compromised. For this they have taken appropriate
countermeasures by interacting with experts from international cyber security so that they
can prevent such attacks in future.
 Citrix breach:The firm believe that cyber criminals has acquired access to their internal
network. It was reported that Iranian-backed Iridium hacker group has attacked Citrix in
December, 2018 and on 6th March, 2019 again again the attack took place which lead to a
leak of sensitive internal files which were around of 6 terabytes. This information
contained blueprints, emails and other relevant documents. Same group of hackers have
attacked around 200 government agencies and for this they have been making use of
bypassing multi-factor authentications for having access to critical services and
application via SSO and VPN channels (Collins, 2016) .
 NHS WannaCry attack: On May, 2017 this ransomware attack affected lots of
organisation in which third person infected computers as well as encrypted content on
hard disk. For this they made demand for payment in the form of bitcoin for decrypting it.
Cost of around £92m was declined as appointments were being cancelled. Due to the
cyber attack near about 2,00,000 computers of users were locked with an red-lettered
error message. Similarly, other firms were also impacted by this and lots of data was lost.
 Phishy Wipro Breach: It was observed that the systems of Wipro (which is a consulting
and outsourcing giant) acted as a jumping-off points for digital phishing expeditions
which target various customer systems. The customers traced suspicious & malicious
network reconnaissance activities which were being carried back to their partner systems
which were then directly communicated within the network of Wipro. The breach was
restricted to only few employees and there systems were phished.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Some cyber security threats have been illustrated above and in some cases it is clear that
it was mistake of technical team of the firm like Dunkin' Donuts were not serious and they
avoided to take any relevant step. Breaches always creates a negative impact on either entire
organisation and even their customers (Graham, Olson and Howard, 2016). This implies that
there is need to opt for information governance which will ensure that appropriate measures are
being taken by which such kinds of things can be avoided by firms independently. Along with
this, organisations also need to ensure that systems they are being using are up to date as well as
are less vulnerable to threats. Furthermore, they must have monitored activities which are being
carried out on the network on regular basis so that they must be aware if any kind of illegal
activities occur (Gupta, Agrawal and Yamaguchi, 2016).
Information governance is defined as an holistic approach that is being used for
managing information of corporate through execution of metrics, controls, roles and processes
which treats data as a valuable asset of business. This will eliminate threats which might be
caused on data of Wallington Trust Hospital. An example can be taken to understand this
concept, information governance provides firm with ECM (Enterprise content management)
which acts like a strategy as well as practice for capturing, management, storage and delivery of
content & data by leveraging technology tools. ECM will render firms with an option to manage
their unstructured data.
Information security auditors are liable for analysing as well as accessing technological
infrastructure of organisation for making sure that systems and processes execute efficiently &
accurately (Hendrix, Al-Sherbaz and Bloom, 2016). Along with this, they identify IT issues
associated with risk & security management and in case if any problems are identified then they
are responsible for interacting with others as well as provide solutions for improvisation within
system or processes.
Task 2
Justify approaches and purpose of ISMS.
In context of cybersecurity, different instances have been provided above. This implies
that to have adequate results it is necessary that appropriate measures are being taken by firm for
ensuring that there systems are secured. For this different approaches can be utilised by
Wallington Trust Hospital. Cyber Security Approaches implies the way in which firm can

protect their systems from any kind of threats like malware, spyware, phishing and many others
(Johnson, 2015). The steps that can be taken by Wallington Trust Hospital to protect their
systems are illustrated beneath:
 Bolster access control: The process of restricting access to virtual or physical resources
in context of what they can use as well as see is defined as access controls. Weaker
controls will leave systems and data hyper-sensitized for unauthorised access. It is
necessary for Wallington Trust Hospital that they boost up control measures through
utilisation of strong password and access control policies.
 Update all software: The pop-up for software update must not be avoided as they are
crucial for health of network. It must vary from operating system to anti-virus when
newer versions of software are being released (Knowles and et. al, 2015). This needs to
be carried out by Wallington Trust Hospital as new versions comprises of fixes for
carrying out security vulnerabilities. Apart from this, manual software updates are time-
consuming therefore, it is recommended that automatic updates must be utilised for
maximum processes or programs.
 Standardise software: Technical team of Wallington Trust Hospital needs to ensure that
the systems of firm are protected by making use of standardizing software. Along with
this, it is necessary that individuals must be restricted to install software within system
within prior approval. As, it is difficult to identify that which software is vulnerable on
the network (Liu and et. al, 2018). For this, all systems must have identical browser,
operating system, plugins and standardisation.
 Use network protection measures: It is crucial to protect the network to ensure that third
person do not get access to it. For this effective criterion must be utilised by technical
team of Wallington Trust Hospital, they includes: installation of firewall, make sure that
proper controls are provided, IPS/IDS must be used for tracking probable packet floods,
network needs to be segmented, utilise VPN (virtual private network) and carry out
appropriate maintenance.
 Employee training:It is usually observed that external threats takes place due insiders
which acts as the weaker link within the firm. For this it is mandatory for Wallington
Trust Hospital to make employees aware about network security so that they can identify

threats id they have anything suspicious on their screen. Along with this, they must be
aware that if any kind of problem occurs then whom they should contact with.
The approach for prevention of cybersecurity has illustrated above which is necessary to
every firm that they acknowledge them for ensuring that they stay away from unwanted attacks
(Sayan, Hariri and Ball, 2017). The rationale behind this is to have a secured environment in
terms of data as well as systems. Information security management system refers to control
which firm must execute for ensuring that it is able to sensibly protect their integrity, availability
and confidentiality of assets from vulnerabilities and threats. This enables them within
assessment of risks and protecting their important assets. It implies that Wallington Trust
Hospital must make use of information governance frameworks for attaining this. This will
provide them with details related to defining, creating, usage, security, ownership as well as
permission for deleting all the data of organisation. It is liable for covering organisational roles
and models which are required for defining as well as managing processes & policies which will
affect the technical and business creation, usage and maintenance of data of enterprise (Sun,
Hahn and Liu, 2018). The rationale behind this is that it will render audit trails, ECM, access
governance, information lifecycle management and many others.
COBIT framework: A control objective for information and related technology is developed
for management as well as IT governance. This can be used by Wallington Trust Hospital like a
supportive tool that will bridge gap in between control requirements, technical issues and risks.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Figure 1 COBIT Framework
(Source: COBIT 4.1: Framework for IT Governance and Control, 2019)
This is responsible for making sure that quality, reliability and control is attained with
respect to information system. By using this, hospital can develop plans, organise them, and
ensure delivery, support, monitoring and evaluating system by which enhanced level of security
can be attained. This framework involves description of processes, maturity models along with
management guidelines.
ISO27001 framework: It is an international standard that is being utilised for making sure
security in system of organisation. This entirely depends on ISMS which will allow Wallington
Trust Hospital in consistent management of information security risks, vulnerabilities and threats
associated with this. Along with this, it will assist in designing as well as execution of various
security controls for having coherent and comprehensive systems.

Figure 2ISO 27001 Information Security Framework
(Source: Information Security Framework (ISO 27001), 2019)
The ISO framework will assist in mitigation of risks which are being identified. Plan-do-
check-act (PDCA) cycle can be used which will enable within development of procedures,
policies and processes for managing risks. After plan has been formulated, execution can be
conducted in context InfoSec strategies. Apart from this all the activities must be tracked as well
as reviewed through which performance can be analysed with respect to objectives & policies.
Preventive and corrective measures can be used for carrying out internal audit.
Basis COBIT ISO27001
What is it It is a business framework for
management as well as governance
It denotes international standard
that is being utilised for IT service

of IT enterprise. management system needs.
How it is seen within
market
This is attained from history of
compliance and audit.
It emphasise on attainment of
certification for demonstrating
compliance to standard.
Who use it Defining compliance as well as
audit needs for IT
Demonstration that IT firms
acknowledge recognised
standards.
Task 3
Illustrate significance of information governance along with risk assessment methodologies.
The process which is liable for illustrating ways in which firms handle or process data is
referred to as information governance. The relevance of this (IG) with respect to Wallington
Trust Hospital is illustrated beneath:
 Know your customer (KYC): It denotes the process for identifying their customers or
clients as well as assessing risks related with criminal or legal business relationship
(THOMAS and et. al, 2019). It is crucial for Wallington Trust Hospital to ensure this to
stay away from legal troubles. This can be carried out through utilisation of information
governance.
 Knowledge management: It implies discipline for creation, sharing, usage as well as
management of information and knowledge that is being held by firm for reaching
objectives of firm through optimum utilisation of knowledge. This will aid Wallington
Trust Hospital to have crucial information related with security aspects within a network.
 Audit trails: They are the chronological records which render documentary evidences
related with sequence of activities that are concerned with operations, events, workflow
or any specified program (Abomhara, 2015). Through this, technical team of Wallington
Trust Hospital will be able to capture and preserve assets such as meeting records,
documents , etc.
 Process/ Workflow automation: By utilising such kind of software Wallington Trust
Hospital can automate as well as digitize the repetitive and mundane aspects associated

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

with information governance. This leads to enhancement within accuracy, speed as well
as security aspects of processes which leads to reduction within cost as well as errors.
 Information governance software: Technical team of Wallington Trust Hospital must
make of information governance tools such as ECM (Enterprise Content Management)
solutions and data for addressing demands of data governance (Brown, Gommers and
Serrano, 2015). Along with this, employees must be provided with different tools to
render their services as per desired standard.
Figure 3 Information Governance
(Source: What is Information Governance and how does it differ from Data Governance?, 2019)
Through appropriate utilisation of information governance Wallington Trust Hospital can
ensure that relevant standards are being formulated which enables them to deliver their services
accordingly.
Risk assessment refers to systematic process for evaluation of potential risks which might
create pessimistic effect on assets, environment and individuals. For this Wallington Trust
Hospital can opt for either quantitative or qualitative methods. Some crucial aspects have been
illustrated beneath:
 In context of cyber security, quantitative methods will denote formulation of algorithms
or models by which specified problem can be resolved. But since then there lies high

chances that model might not be that much effective and is also time consuming (Collins,
2016).
 On the other hand, qualitative methods will assist within making use of existent models
by analysing benefits that are being provided by them. This method will be apt for
Wallington Trust Hospital on the basis of functionalities that are being rendered by
specified tool, firm can use it instead of bringing in something new. Along with this, it
will assist them within development of new policies and strategies to avoid security
threats.
(Source: MANAGING THIRD-PARTY CYBER RISK – NEXT LEVEL CHALLENGE, 2019)
 The information assets with respect to Wallington Hospital comprises of the data of
patients, employees as well as other information related with the working structure.
 The major threat is hacking through which third person can get access to their system for
misusing them or getting information from them. Vulnerabilities denote loopholes which exist within the system which might enable
intruder to get access into their system. In context of Wallington Hospital it can be
outdated systems.
Risk assessment
Illustration 1: Digital Transformation introduces Third Party Risk

Risk matrix will render Wallington Trust Hospital with appropriate guidelines with
respect to risk management. It is liable for integration of likelihood of risks occurring as well as
consequences related with risks which may occur along with consequences in context of risk
rating for treating as well as monitoring. The major threat that can be faced by Wallington Trust
Hospital is issues related with confidentiality and privacy of data. For this appropriate measures
has to be taken up by technical team.
Illustration 2: Risk Matrix

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

The different aspects related with risk assessment in context of Wallington Trust Hospital
have been specified beneath:
Threat Vulnerability Assets &
Consequences
Risk Solution
Malicious
human
interference
Firewall is
configured in an
appropriate manner
and DDOS
mitigation
Low impact on
Wallington Trust
Hospital
Website will not
be available.
Critical influence
on Wallington
Trust Hospital
Moderate (due to
downtime there
can be a high
loss)
Firewall must be
monitored by
technical team of
Wallington Trust
Hospital
Accidental
human
interference
IT auditing
software is placed,
permissions are
appropriately
configured and
backups are
regularly taken up.
Low influence on
Wallington Trust
Hospital.
Critical data
might be lost but
certainty can be
restored from
backup.
Moderate
impact on
Wallington Trust
Hospital.
Low Technical team of
hospital needs to
monitor the
permissions that
have been altered,
take backups and
privileged users.
Data handling Furnish data
confidentiality and
data privacy. High
influence will be
created on
organisation.
Data of patients
as well as hospital
will become
vulnerable to
attacks.
High threat
Medium Information
governance is
being utilised by
WTH to handle
such kind of
issues.

Data is important asset of firm and it is important that confidentiality, integrity and its
availability is ensured so that it can be authenticated & access must be provided to authenticated
users only. Along with this, firm need to ensure that threats must be identified along with
vulnerabilities as this will ensure that any kind of data breach will not take place (Graham, Olson
and Howard, 2016).
 It is crucial for Wallington Trust Hospital to ensure that systems that are being utilised by
them are secured. An example can be taken to understand this aspect, suppose that
employees of firm have access to entire database this implies that there are higher
chances of security breaches as often they are insiders who creates trouble. This denotes
that there needs to be appropriate access control depending upon who needs it and in case
if someone else needs to have details then permission must be given.
 Apart from this, while transferring any kind of confidential data each individual involved
within this have to ensured that data is encrypted so that it is not altered while it is being
delivered, (this referred to as integrity) and this is being carried out through man in the
middle attack (Gupta, Agrawal and Yamaguchi, 2016). Encryption will provide a way in
which data is being secured even if it is accessed by intruder. But this is only possible in
case strong passwords are being utilised for encrypting otherwise it will become easy to
decrypt the information by making use Brute force attack, dictionary attack and many
others.
Conclusion
From above it can be concluded that cyber security refers to ways in which data or
information can be protected by making use appropriate tools and strategies. It is the critical
asset of organisation as without information it is impossible to carry out their operations.
Different security attacks take place which makes this critical for analysing each aspect related
with their processes, systems and software. For this, information governance frameworks as well
as information security management systems must be utilised by them.

References
Books & Journals
Abomhara, M., 2015. Cyber security and the internet of things: vulnerabilities, threats, intruders
and attacks. Journal of Cyber Security and Mobility, 4(1), pp.65-88.
Brown, S., Gommers, J. and Serrano, O., 2015, October. From cyber security information
sharing to threat management. In Proceedings of the 2nd ACM workshop on information
sharing and collaborative security (pp. 43-49). ACM.
Collins, A. ed., 2016. Contemporary security studies. Oxford university press.
Graham, J., Olson, R. and Howard, R., 2016. Cyber security essentials. Auerbach Publications.
Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds., 2016. Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI global.
Hendrix, M., Al-Sherbaz, A. and Bloom, V., 2016. Game based cyber security training: are
serious games suitable for cyber security training?. International Journal of Serious
Games, 3(1).
Johnson, T.A. ed., 2015. Cybersecurity: Protecting critical infrastructures from cyber attack and
cyber warfare. CRC Press.
Knowles, W. and et. al, 2015. A survey of cyber security management in industrial control
systems. International journal of critical infrastructure protection, 9, pp.52-80.
Liu, X. and et. al, 2018. Trace malicious source to guarantee cyber security for mass monitor
critical infrastructure. Journal of Computer and System Sciences, 98, pp.1-26.
Sayan, C., Hariri, S. and Ball, G., 2017, September. Cyber security assistant: Design overview.
In 2017 IEEE 2nd International Workshops on Foundations and Applications of Self*
Systems (FAS* W) (pp. 313-317). IEEE.
Sun, C.C., Hahn, A. and Liu, C.C., 2018. Cyber security of a power grid: State-of-the-
art. International Journal of Electrical Power & Energy Systems, 99, pp.45-56.
THOMAS, R.K. and et. al, 2019. System and method for modeling and analyzing the impact of
cyber-security events on cyber-physical systems. U.S. Patent 10,262,143.
Online
Top 5 Cyber Security Breaches of 2019 So Far. 2019. [Online]. Available through:
<https://www.cshub.com/attacks/articles/top-5-cyber-security-breaches-of-2019-so-
far>.

1 out of 16

+13062052269

info@desklib.com

Cyber Security Threats and Information Governance

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Computer Security: Elements, Issues, and Frameworks

Computer Security: Fundamentals, Examples, and Countermeasures

JP Morgan Data Breach

Network security - Sample Assignment

Cybersecurity Measures for Businesses

Semantic Data Breach