Integration of Cyber Security and Resilience Protocols

Verified

Added on  2023/06/07

|12
|3291
|393
AI Summary
This report discusses the importance of cyber security and resilience in organizations. It provides recommendations for integrating cyber resilience strategy in the overall business strategy, planning and resource allocation. The report also presents best practices and recommendations for initiating a cyber-resilience policy at the corporate board level.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Assessment Task 3
Case Study

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Table of Contents
Integration of cyber security and resilience protocols...............................................................3
Recommendations initiating a cyber-resilience policy at the corporate board level.................6
Conclusion................................................................................................................................10
References................................................................................................................................11
Document Page
Integration of cyber security and resilience protocols
Countering cyber risk is one of the major concerns for leaders across different industries. The
vast technological advances in the area of networked technology however present several
opportunities that can be used by organizations as an advantage for countering the cyber risks
in their early stages. Cyber security is about protection of the interconnected systems that
includes data, hardware and software from the cyber attacks. For example: the implantable
cardiovascular defibrillators in the healthcare sector are susceptible to short-range wireless
attacks. For this purpose, short range radio can be used for managing the capabilities of the
device (Cavelty, 2014).
With the advancements in networked technology, the power of cyber attackers has also
significantly increased and with this, the concept of cyber resilience came into existence.
Cyber resilience is a broader approach that includes both the business continuity management
and the cyber security. Cyber resilience not only aims at defending the cyber attacks but it
also helps in ensuring the survival of an organization followed by an attack. This indicates
that resilience of an organization towards the cyber attacks is one of the critical survival traits
in the future (Bagheri & Ridley, 2017). Cyber resilience is a concept that is constantly
evolving and rapidly gaining recognition. This concept brings together the areas of business
continuity, organizational resilience and the information security. In order to be resilient to
the cyber attack, some of the essential elements include critical infrastructure, business
processes and IT systems. The adverse cyber attacks can be referred to as the events, which
can negatively impact the integrity, availability or the confidentiality of the information
system and the IT systems. The overall objective of cyber resilience is to maintain
organization’s ability to continuously deliver the outcomes even when the regular delivery
mechanisms of the organization fail such crisis after the breach (Wilding, 2016).
Document Page
There are some major principles associated with cyber resilience in an organization. One of
the ten principles given in the report of the World Economic Forum is the principle
associated with the integration of the cyber resilience. According to this principle, the board
of an organization ensures the integration of the cyber resilience and the risk assessment
related to the cyber risk with the overall strategy of the business, resource allocation and the
budgeting (World Economic Forum, 2017).
This report will focus on how the organization can integrate its cyber security and resilience
protocols to ensure continued corporate survival and improved business performance. In
addition, this report will also present the examples of best practice and a clear set of
recommendations for organization on initiating a cyber resilience policy at the corporate
board level. The two major ideas in the context of integrating the cyber security and
resilience protocols focus on leadership and a mindset that goes beyond cyber security so as
to build an effective corporate strategy that can be incorporated in the overall strategic
thinking. The report will focus on the tools that are used at the corporate board level for
integrating the cyber security and resilience protocols. This will help the organization in
growing and innovating sustainably (World Economic Forum, 2017).
The integration of cyber strategy into the organizational strategy or the business strategy is a
challenge. The board of the organization should ensure the integration of cyber resilience and
risk assessment in the strategy of the business, budgeting and the resource allocation of the
business (World Economic Forum, 2017). In this context, the board of the organization
should focus on evaluation of the cyber resilience and cyber risks with the help of risk
assessment. For this purpose, the board can use the Risk Benchmarking method. It is a
method with which different types of risks involved in the business are identified using a
benchmark such as NASDAQ (Peter, 2017). Some of the potential items that can be used by
the board for the risk benchmarking include the demographic factors, risk portfolio factors,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
risk controls and threats. Another risk assessment tool that can be used by the board of the
organization is the risk assessment matrix. The cyber risk portfolio will be identified by the
executive team of the board. The portfolio should take the considerations such as the
financial, operational, reputational and the strategic risks into consideration. A risk
assessment matrix is the two dimensional matrix with two dimensions of risk impact and risk
probability that range from high to low level. The figure presented below shows an example
of the risk matrix (World Economic Forum, 2017).
Source: (World Economic Forum, 2017)
Further, the organization should critically focus on its governance body for the cyber security
management, as it is one of the three pillars of the overall cyber risk management. It should
be ensured that the governance body for the cyber security management should include the
decision makers, risk decision experts along with engaging the key stakeholders in the
governance (Tobar, 2017).
The senior executives and the board members of the organization should also review the
principles of cyber resilience so as to set the cyber resilience expectations and engage with
the management. Further, the organization board should focus on the annual review of the
strategic plan of the organization. The annual strategic plan should allocate an optimum
budget for the cyber security along with setting the strategic priorities for cyber security. The
annual review of the cyber security policies will help in improving the overall cyber security
Document Page
of the organization (Terrill, 2017). The annual review should also be accompanied by a
periodic review of the business strategy that should focus on the key cyber security priorities.
For the integration of the cyber resilience with the overall business strategy, it is essential to
incorporate the awareness at the operational level of the organization. For this purpose, the
board should allocate the optimum budget for creating the awareness regarding the
importance and ways that can help in creating organization cyber resilient. This committee
will help the organization in assisting the boards in fulfilling the responsibilities regarding the
risk management compliance and policies (Klíma, 2016). The board members of the
organization should have clear goals and objectives so that they can perform their tasks and
responsibilities. The members of the committee should be entitled to rely on the expertise and
integrity of the people providing the information and the completeness and accuracy of such
information. The committee should also have the optimum resources as well as the authority
for discharging its responsibilities (North & Pascoe, 2016).
Recommendations initiating a cyber-resilience policy at the corporate
board level
Some of the best practices and recommendations for the organization, for initiating cyber
resilience policy at the corporate board level are discussed below:
In order to initiate the cyber resilience at the corporate governance level, the organization
should focus on identification and management of the risks associated with the overall
network and information system (Linkov & Kott, 2018). In this context, the systems and
information of the organization should be protected from the cyber attacks, unauthorized
access and the failure of the systems. The organization should continuously monitor the
information system and the network so as to detect the anomalies before the cyber attacks or
security incidents take place and cause a significant damage (Swinney, 2016).
Document Page
It also requires the protection of information and systems from cyber attacks, system failures,
or unauthorised access. A robust cyber resilience posture also requires continual monitoring
of network and information systems to detect anomalies and potential cyber security incidents
before they can cause any significant damage. In order to identify, protect and detect the
anomalies, an information security management system (ISMS) should be implemented
along with the regular penetration testing. ISMS is a system of process, technology,
documents and the people that will help the organization in managing, monitoring, auditing
and improving the information security of the organization. (Park et al., 2010). This
information system will also help the board in managing the security practices consistently
and cost effectively. The information system should also be combined with the penetration
testing. (chessict, 2012) A penetration test is also known as a pen test that is an attempt to
evaluate the overall security of IT infrastructure by exploiting the vulnerabilities. The
vulnerabilities might be present in the application flaws, operating systems, improper
configurations etc. (Buglab, 2017).
The above steps will help in improving the information security defences along with reducing
the overall risk of cyber attacks (Fomin et al., 2012).
Once the system is implemented for regular monitoring of the information system and the IT
systems, the focus should be on responding or recovering stage. A comprehensive cyber
resilience programme will help in building the capacity of the organization along with
business continuity management. The recovery and response measures will help in
minimizing the impact of security attack. These response and recovery measures will help
organization in taking the essential steps that can be used for minimizing the impact of the
cyber-attack (Hult & Sivanesan, 2014).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
A business continuity management system (BCMS) should be implemented in the
organization. It is one of the comprehensive approaches that can help in achieving the
organisational resilience. A BCMS involves the risk management along with ensuring the
continuity of the essential function even during the crisis phase. For example: Accenture that
is a leading professional services company of the world that is involved in a broad range of
services such as – consulting, technology, operations and strategy. It uses the BCM for
building and aligning the strategic objectives of the organization with an integrated planning
and response. The corporate governance of the organization is involved in the establishing,
implementing, monitoring and maintaining BCMS (Accenture, 2017). Many successful
organizations utilize the response management systems for protecting their organization
against the cyber security threats or the attacks (Cavelty, 2014). Incorporation of a
comprehensive response management system or a programme by the BCMS will also ensure
that the system responds effectively against an attack.
Another major recommendation that can be followed by an organization for initiating a cyber
resilience policy at the corporate board level and protecting the organization against the cyber
threats and breach is utilizing the cyber insurance policy. The board members should take the
decisions regarding the optimum allocation of funds for the insurance policy. The cyber
insurance policy cover is one of the effective risk transfer options that are used in a number
of countries that have the laws related to mandatory data breach (Romanosky & Ablon,
2014). A cyber insurance policy is also known as the cyber risk insurance coverage, cyber
liability insurance or the cyber risk insurance coverage that help the organization in
mitigating the risks by offsetting the risk that are involved in the recovery of the security
breach or any other similar event. Some of the most successful and sophisticated
organizations of the world use the best protocols related to cyber security in the organization
offer a full security to the organizations. A significant increase in the cyber attacks in the
Document Page
business world is seeking for the cyber insurance for protecting the organization against the
cyber threats (Marotta et al., 2017).
The pattern of risks of the organization changes from time to time. In order to manage the
cyber security risks of the successful organization that is listed on the Australian Stock
Exchange and ranked within the ASX 200, it is essential to monitor the changes in the risk
patterns with the changing business model, mergers and acquisitions and the new market
entries. For example: a new technology can be introduced for reducing a certain type of risk
or threat in the organization. Communication is another important element that cannot be
ignored by the board of the organization. There should be a political correctness in the
corporate communication that is done among the board members. For this purpose, an
effective communication strategy should that should focus on open, transparent
communication and should also focus on the engagement of the relevant stakeholder in the
governance process of the countering risk. The actual risk of cyber security depends on the
underlying technologies and the business model of the organization. The organization in this
context should focus on the regular and frequent review of the risk management strategy used
by the organization (Park et al., 2010).
Apart from the recommendations discussed above, some of the other strategies that should be
adopted by the board of the organization are discussed below:
Awareness of emerging technology risk: The board of the organization should be always
actively involved in understanding the risks related with the emerging technology. The board
should also suggest all the informed presentation of the risks related to the cyber security
threat before the organization ventures are approved for the same. Board Cyber Risk can be
used for the risk assessment for the new systems and technologies (Bagheri & Ridley, 2017).
The board should be actively involved in understanding and managing the risks associated
with emerging technology. Board members should suggest an informed presentation of the
Document Page
risks before business ventures are approved as well as continuously manage risk through
periodic assessments using frameworks such as the Board Cyber Risk Framework to new
technologies. Board Cyber Risk can be used for the risk assessment for the new systems and
technologies (World Economic Forum, 2017).
The board of the organization should also focus on enquiring the security of the initial
technology endeavours that have been taken by the organization. For example: an
information system implemented for managing the human resource or improving the
efficiency of the processes (Merrey et al., 2017).
The continuous improvement of the control processes should be the responsibility of the
cyber risk officers in the organization. Continuous improvement can be achieved by
frequently conducting the control assessments and the reviews for managing the risks that are
associated with the existing or the emerging technologies (World Economic Forum, 2017).
Conclusion
The above report has focused on the importance of cyber security and cyber resilience in an
organization. The cyber resilience is a new approach or a concept that has gained a
significant importance in the business world. The report indicates the ways and
recommendations on how the corporate governance of an organization should integrate the
cyber resilience strategy in the overall business strategy, planning and resource allocation.
The report has recommended a number of strategies and the ways that can help in initiating
the cyber resilience strategy at the board level. The corporate governance of an organization
will have deep impact on the overall cyber security of an organization.
References
Accenture, 2017. How to Build Resiliency through Business Continuity Management.
[Online] Accenture Available at: https://www.accenture.com/t20170113T003242Z__w__/us-

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
en/_acnmedia/PDF-40/Accenture-InsideOps-Business-Continuity-Management.pdf
[Accessed 03 September 2018].
Bagheri, S. & Ridley, G., 2017. Organisational Cyber Resilience: Research opportunities. In
Australasian Conference on Information Systems. Hobart, Australia, 2017.
Buglab, 2017. Cybersecurity Penetration Testing on the Ethereum Blockchain. [Online]
Available at: https://buglab.io/assets/docs/Buglab_WhitePaper.pdf [Accessed 05 September
2018].
Cavelty, M.D., 2014. Cyber-security. [Online] Collins Available at:
https://poseidon01.ssrn.com/delivery.php?
ID=06609706710210708109000000410102012406104506608403806610909800501109311
510412307109300205003212506109905406711011602411412706605308100702104511909
31020700830210081250220540360670251231111240640740050871060850921 [Accessed
03 September 2018].
chessict, 2012. CyberSecurity Penetration Testing. chessict.
Fomin, V.V., Vries, H.J.d. & Barlette, Y., 2012. ISO/IEC 27001 Information Systems
Security Management Standard. [Online] Available at:
https://pdfs.semanticscholar.org/2be0/f60530378b5595cb6138be39a13c0fa60e13.pdf
[Accessed 05 September 2018].
Hult, F. & Sivanesan, G., 2014. What good cyber resilience looks like. Journal of business
continuity & emergency planning, 7(2), pp.112-25.
Klíma, T., 2016. PETA: Methodology of Information Systems Security Penetration Testing.
Acta Informatica Pragensia, 5(2), pp.98–117.
Linkov, I. & Kott, A., 2018. Fundamental Concepts of Cyber Resilience: Introduction and
Overview. In Cyber Resilience of Systems and Networks. Switzerland: Springer. pp.1-27.
Marotta, A., Martinelli, F. & Nanni, 2017. Cyber-insurance survey. Computer Science
Review, 24, pp.35-61.
Merrey, P., Smith, M. & Martindale, M., 2017. Seizing the cyber insurance opportunity.
KPMG International.
North, J. & Pascoe, R., 2016. Cyber security and resilience — it’s all about governance.
[Online] Available at:
https://www.governanceinstitute.com.au/media/874783/cyber_security_resilience_governanc
e_april_2016.pdf [Accessed 05 September 2018].
Park, C.-S., Jang, S.-S. & Park, Y.-T., 2010. A Study of Effect of Information Security
Management System[ISMS] Certification on Organization Performance. IJCSNS
International Journal of Computer Science and Network Security, 10(3), pp.10-20.
Document Page
Peter, 2017. Cyber resilience preparedness of Africa’s top-12 emerging economies.
International Journal of Critical Infrastructure Protection, 17, pp.49-59.
Romanosky, S. & Ablon, L., 2014. Content Analysis of Cyber Insurance Policies. ftc.
Swinney, J., 2016. Safe, Secure and Prosperous: A Cyber Resilience. [Online] Available at:
https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/
ScotlandNCSS.pdf [Accessed 05 September 2018].
Terrill, C., 2017. How To Build A Cybersecurity Strategy For 2017. [Online] Available at:
https://www.forbes.com/sites/christieterrill/2017/02/14/how-to-build-a-cybersecurity-
strategy-for-2017/ [Accessed 05 September 2018].
Tobar, D., 2017. 7 Considerations for Cyber Risk Management. [Online] Available at:
https://insights.sei.cmu.edu/insider-threat/2018/02/7-considerations-for-cyber-risk-
management.html [Accessed 05 September 2018].
Wilding, N., 2016. Cyber resilience: How important is your reputation? How effective are
your people? Business Information Review, 33(2).
World Economic Forum, 2017. Advancing Cyber Resilience. [Online] Available at:
http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf
[Accessed 05 September 2018].
1 out of 12
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]