Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Cyber Security and Resilience: A Report for the Board of the Company

Verified

Added on 2023/06/10

AI Summary

This report discusses the concept of cyber security and resilience, its importance, and the threats related to it. It also provides recommendations for developing an effective cyber resilience policy. The report is directed towards the board of the company. It includes information on cyber resilience practices, key elements, and cyber resilience policy.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Corporate Governance 1
Corporate Governance

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Corporate Governance 2
Abstract:
Cyber security is also known as computer security and IT security, as it is considered as the
protection of the computer systems from theft or from damage in context of hardware, software,
electronic data, disruption and misdirection of the services provided by the company.
Cyber security includes the controlling physical access in terms of system hardware, and also
provides protection against the harm that may be done through the network access malicious data
and code injection. It also happens because of the malpractice by operators, whether such
practice is intentional or accidental. IT security personnel are susceptible in nature as it being
tricked into different procedures with the help of different methods of the social engineering.
This topic is important to understand because of the increasing dependency on computer
systems, internet, wireless networks, etc.
This report is directed to the board of the company, so that they can understand the concept and
importance of the cyber security.

Corporate Governance 3
Contents
Abstract:......................................................................................................................................................2
Introduction:...............................................................................................................................................4
About cyber Security:..................................................................................................................................4
Threats of cyber security:........................................................................................................................5
Prevention of the cyber-crime:................................................................................................................6
Cyber Resilience:.........................................................................................................................................6
Cyber resilience practices:.......................................................................................................................6
Key elements:..........................................................................................................................................8
Cyber Resilience policy:...............................................................................................................................8
Recommendations:..................................................................................................................................9
Conclusion:..................................................................................................................................................9
References:..................................................................................................................................................9

Corporate Governance 4
Introduction:
Cyber security is considered as the concept which ensures the protection of the internet-
connected systems and devices, and this also includes the hardware, software and data related to
the cyber-attacks. In terms of computers, security includes both cyber-security and physical
security, as both the terms are used by the organizations for the purpose of protection against the
unauthorized access to data centers and other systems of the computers. Information securities
which are designed for the purpose of maintaining the confidentiality, integrity, and availability
of data are the subset of the cyber-security.
Cyber security includes the technologies, processes, and controls which are designed for the
purpose of protecting the systems, networks and data from cyber-attacks. Effective cyber
security reduces the risk related to the cyber-attacks (Bjorck, Henkel, Stirna & Zdravkovic,
2015).
This report is written for the board members of the company, so that they gain adequate
knowledge about the cyber security and all its aspects. This report addresses various issues such
as it critically evaluate the manner through which organization can best integrate its cyber
security and resilience protocol. This report further provides the examples related to the best
practice in this context and also the recommendations on how company should initiate its cyber
resilience policy at the board level of the company. At the end, brief paragraph is defined from
the name of conclusion which reflects all the essential components of this report.
About cyber Security:
The biggest issue related to the cyber security is its constant evolving nature of security risks.
Traditional approach of this concept mainly focuses on the resources related to the difficult
system components and also provides protection against the biggest known threats. In other
words, it leaves the components undefended and fails to protect the systems from the risk which
are less dangerous.
In context of dealing with the current environment, organizations of advisory nature promotes
the more proactive and adaptive approach.
It must be noted that, there are different types of threats which relates with the cyber security.
While adopting the new technologies and digitalization, security trends and threat intelligence
are considered as the challenging task. However, it is necessary to protect the information and
other assets from the cyber threats, as they can immerge in any form.
Threats of cyber security:
Following are some threats related to the cyber security:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Corporate Governance 5
Ransom ware-this is considered as the malicious software which makes the data or systems
unusable till the time payment is made by the victim. It is define as the fastest growth threat
related to the malware and it target all types of users and business organizations across the globe.
Phishing- Phishing is the concept in which untargeted and bulk of emails are sent to the large
number of people, and these e-mails asked sensitive information from the persons such as their
bank details. All these mails encourage the readers to open the malicious attachment or to visit
their fake website which either download the malicious content in the system of the user or ask
them to provide their sensitive information, respectively.
Distributed Denial of services - A Distributed Denial of Service (DDOS) attack at the time
when accesses of the legal user are denied by the system, and when the services overcome with
the request from different sources (CERT, 2018).
Scams targeting the businesses- business organizations operated in Australia are considered as
the common targets of the scams, with the adversaries using the advanced social engineering
techniques for the purpose of targeting the members of the staff and increase the perception of
being the legitimate.
Secondary targeting- In this opponents target the small networks which are connected through
the IT systems for the purpose of targeting the organizations of higher value. It helps the cyber
rivals to exploit the data related to the customers and network with the help of the direct and
indirect means.
Targeting bulk personally identifiable information- networks of the Australia holds large
number of records related to the personally identifiable information (PII), and these records are
generally targeted by the cyber opponents. Stolen information is used by the cyber criminals for
the purpose of identity theft and extorting money from the organizations and individuals by
threatening them to release their stolen data.
Unauthorized crypto mining- CERT Australia is very well aware in context of the crypto
currency mining malware, as it is used to destroy the processing power of the systems across the
globe. Crypto mining software uses the processing system for the purpose of resolving the
difficult mathematical problems, which verified the existing digital currency transactions
(Webroot, 2018).
Prevention of the cyber-crime:
The use of the cyber security helps the organizations in preventing cyber-attacks, data breaches,
and identity theft. Cyber security also helps in the risk management. Organization holds the
strong system of network security, and it is necessary to adopt the measures to prevent and
mitigate these attacks. This can be understood through example; end user protection defends the
information and also provides protection against the loss or theft, at the time of scanning for
malicious code (Tech target, n.d.).

Corporate Governance 6
Cyber Resilience:
Cyber resilience is considered as the continuous approach which includes both cyber security
and business continuity management, and its main purpose is to safeguard against the cyber-
attacks and also ensure the survival of the organization during following attacks. Resilience of
organization in terms of cyber-attack will become most important attribute for survival of the
organization in future (IT Governance, 2018).
Cyber resilience practices:
Following are some good practices which enable the organizations to operate on highly adaptive
and responsive processes related to the cyber resilience:
Board management- This practice includes following attributes on part of the board
management of the company, as these attributes ensures the effective cyber resilience culture in
the organization (ASIC, 2017):
 Board of directors must take the accountability related to the cyber strategy and must
review the strategy on period basis for the purpose of evaluating the progress against the
success measures determined by the organization.
 Board is accountable to consider the cyber resilience as the critical management tool for
the purpose of ensuring effective risk management in the organization and making
important decisions related to the cyber risk.
 It is necessary that board management ensure deep understanding of the cyber risk and
threats related to the cyber security, so that they resolve the issues of risk and audit
committees and also answer their relevant questions.
Governance- This practice includes following attributes on part of the governance of the
company:
 Organizations make changes in their traditional governance process for the purpose of
ensuring responsive governance. In this changing environment of cyber risk, present
policies and regulations are not effective in nature, and these required changes on
continuous basis. Therefore, it is necessary that organization must ensure effective
responsive governance.
 It is necessary that cyber security governance must clearly and visibly relates to the
organizations wide governance procedures and policies. In other words, documented
strategies, principles, policies, rules and procedures of the organization must comply with
the complete framework of the governance (ASIC, 2017).
Cyber Risk Management- this approach of the risk management is rapidly becomes the
intelligence process and moving to the real time process through the automation and using of the
risk management tools. Following are the important attributes in context of the cyber risk
management:

Corporate Governance 7
 Organizations must take the steps for the purpose of establishing the specialist functional
groups in the organizations for the purpose of ensuring the monitoring of the process, and
these specialist functional groups are known as fusion centers.
 Risk management in terms of the third party is also necessary in the organization, as
outsourcing and cloud based services becomes the important part of the organization
working. Dependency of the organization on the third-party service providers and
partners becomes necessary in context of products and services offered by the
organization.
Third party risk management- It is necessary for the organizations to develop the risk-based
assessment methods and tools for the purpose of ensuring that third-party suppliers and partners
are assessed on regular basis for the purpose of complied with the necessary security standards of
the organization. There are number of organizations which are suing the external service
providers for carrying out the evaluation of partners and vendors on continuous basis.
Collaborating and information sharing- For the purpose of gathering the intelligence,
organizations are generally engaging in the specialist third party organizations for the purpose of
undertaking the security monitoring and assessment. For gathering the threat intelligence,
organization can employ the services of the specialist individuals and companies operating the
jurisdictions of foreign. Organizations also have confidential information, and sharing
arrangements in place with the help of the other financial institutions, security agencies and law
enforcement (Jerome, Allen & George, 2009).
Asset Management- Following are the most important attributes of the asset management in the
organization:
 Organization must ensure the centralized asset management system in the organization,
which means this process is used by the organizations for the management of the asset
related to the inventories for hardware, and software and data.
 Configuration management is another important approach which is important for
ensuring the cyber resilience in the organization, as it ensures the visibility of the critical
assets in the organization, and also for managing the software versions and security
patches.
 It must be noted that, clear recognition of the effective cyber resilience needs the strong
cultural focus which is driven by the board and reflected in the organizations wide-
programs for staff awareness, education and random testing, including of third parties
(ASIC, 2017).
Key elements:
Following are some key elements which must be considered by the board in terms of cyber
resilience before developing the risk management framework in the organization:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Corporate Governance 8
 Board must ensure that cyber risk is considered as the important element of the broader
risk framework of the organization.
 Periodic reviews of the risk management program must be ensured by the board.
 Board must take measures to identify the cyber threats in the business organizations.
 Experts must be appointed by the management in the board for understanding the cyber
risk and its important elements (ASIC, 2017).
Cyber Resilience policy:
Cyber resilience strategy means that organizations must adopt the holistic approaches in terms of
their defenses, an also implement the email- security system that not only helps the organization
in blocking the spams and viruses, but also provide protection to the organization from the wide
range of threats. By developing the strategy, organizations ensure best chance to stay protected
against the ransom ware attacks.
Cyber resilience can be achieved by the organization only with the help of effective policy, and
such policy must comply with national and international best practices recognized by the
relevant authorities. Organization must ensure the building of skills and competencies and also
the leading expertise, tools, publications for the purpose of implementing the strategy in the
complete organization (Lennon, 2017). Following are the important requirements to develop the
effective cyber resilience strategy in the organization:
 Development of the skills, understanding and competency required for the management
and their team in terms of planning and delivering the effective cyber resilience strategy
in the organization.
 Development of the skills in terms of public training courses which mainly includes the
guidelines developed by the ISO27001 and ISO22301, risk management training, and
cyber security qualifications which include CISA, CISM, CRISC and CISSP.
Strategy related to the cyber resilience must ensure with the following guidelines:
 Risk management framework of the organization.
 National and international guidelines related to the best practices in cyber resilience.
 Guidelines provided by the ISO27001 and ISO22301.
 Strategy of the organization for achieving the organization objectives (IT Governance,
2018).
Recommendations:
Following are the most important key recommendations which must be considered by the
organization while developing the cyber-resilience strategy of the organization:

Corporate Governance 9
 Organization must consider the broader objectives of the business and also the manner
through which strategy developed by the management in terms of cyber resilience help
the management in achieving these overall objectives of the organization.
 Burden must be taken away from the IT and imposed in the leaders across the
organization. It is necessary to understand that cyber resilience is not only the issue of IT
but also the issue for complete business organizations.
 Planning related to the strategy must be communicated to all the members of the staff,
and must ensure that employees and other staff members get adequate understanding
related to the cyber resilience and they must be engaged on regular basis. Education to
the staff in this context is necessary for the purpose of ensuring that they deal with the
potential attacks in effective manner (Grieco, 2017).
Conclusion:
After considering the elements of this report, it is clear that Cyber security includes the
controlling physical access in terms of system hardware, and also provides protection against the
harm.
Cyber resilience is considered as the continuous approach which includes both cyber security
and business continuity management, and its main purpose is to safeguard against the cyber-
attacks and also ensure the survival of the organization during following attacks.
References:
ASIC, (2017). Cyber resilience good practices. Available at: https://asic.gov.au/regulatory-
resources/digital-transformation/cyber-resilience/cyber-resilience-good-practices/. Accessed on
30th June 2018.
ASIC, (2017). Cyber resilience in Australia’s financial markets. Available at:
https://asic.gov.au/regulatory-resources/markets/resources/markets-articles-by-asic/cyber-
resilience-in-australia-s-financial-markets/. Accessed on 30th June 2018.
ASIC, (2017). Cyber resilience. Available at: https://asic.gov.au/regulatory-resources/digital-
transformation/cyber-resilience/. Accessed on 30th June 2018.

Corporate Governance 10
ASIC, (2017). Key questions for an organization’s board of directors. Available at:
https://asic.gov.au/regulatory-resources/digital-transformation/cyber-resilience/key-questions-
for-an-organisation-s-board-of-directors/. Accessed on 30th June 2018.
Axelos, (2015). Cyber Resilience Best Practices. Available at: https://www.axelos.com/resilia.
Accessed on 30th June 2018.
Bjorck, F. Henkel, M. Stirna, J. & Zdravkovic, J. (2015). Cyber Resilience – Fundamentals for a
Definition. Maturity, Benefits and Project Management Shaping Project Success, Pp 311-316.
CERT, (2018). Common threats. Available at: https://www.cert.gov.au/threats/common-threats.
Accessed on 30th June 2018.
Grieco, A. (2017). Three Essential Elements of a Reliable Cyber Resilience Strategy. Available
at: https://blogs.cisco.com/security/three-essential-elements-of-a-reliable-cyber-resilience-
strategy. Accessed on 30th June 2018.
IT Governance, (2018). Cyber Resilience. Available at: https://www.itgovernance.co.uk/cyber-
resilience. Accessed on 30th June 2018.
IT Governance, (2018). Put a Cyber Resilience Strategy in place. Available at:
https://www.itgovernance.asia/put-a-cyber-resilience-strategy-in-place. Accessed on 30th June
2018.
Jerome H. Allen, A. & George. J. (2009). "An operational framework for resilience." Journal of
Homeland Security and Emergency Management, Volume, 6(1), Pp- 10.
Lennon, N. (2017). Developing an effective cyber resilience strategy to deal with the threat of
ransom ware. Available at: https://www.cso.com.au/article/627356/developing-an-effective-
cyber-resilience-strategy-deal-threat-ransomware/. Accessed on 30th June 2018.
Tech target. cyber security. Available at:
https://searchsecurity.techtarget.com/definition/cybersecurity. Accessed on 30th June 2018.
Webroot, (2018). Types of Computer Security Threats and How to Avoid Them. Available at:
https://www.webroot.com/us/en/resources/tips-articles/computer-security-threats. Accessed on
30th June 2018.

1 out of 10

+13062052269

info@desklib.com

Cyber Security and Resilience: A Report for the Board of the Company

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Cyber Security and Resilience: Best Practices for Organizations

Cyber Security and Cyber Resilience: A Board of Directors' Guide

Corporate Governance and Cyber Resilience: Recommendations for Board of Directors

Integration of Cyber Security and Resilience Protocols

Cyber Security: Attacks and Mitigation Techniques

Cyber Security Essentials for Students