Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Strategies for Cybersecurity and Resilience in Organizations

Verified

Added on 2023/06/05

AI Summary

This article discusses the importance of cybersecurity and resilience in organizations. It covers strategies such as software updates, security audits, compliance requirements, cybersecurity education, and more. The article also provides recommendations on how companies can initiate a cyber resilience policy at the corporate board level.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Cyber Security1
Cyber Security
By (NAME)
Course
Professor’s Name
Institution
Location of Institution
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cyber Security2
Cyber Security
Executive Summary
Cybersecurity is among the issues that organizations must consider for their operations to
achieve the success desired. Companies have lost huge parts of their income due to loss of data
and the inability to recover the information. However, appropriate measures can be taken to
secure an organization's information from being accessible to parties that are not authorized. The
study evaluates the strategies that the organization can rely on to ascertain that its data is secured
by facilitating the targeted levels relating to performance.
Contents

Cyber Security3
Executive Summary.........................................................................................................................1
Introduction......................................................................................................................................1
Strategies for the company to integrate its cybersecurity and resilience protocols to ensure
continued corporate survival and improved business performance.................................................2
Recommendations on how the company should initiate a cyber resilience policy at the corporate
board level.......................................................................................................................................7
Conclusion.......................................................................................................................................8
References........................................................................................................................................9
Introduction
Cybersecurity encompasses various technologies controls in addition to processes
designed for the main purpose of ensuring that systems are adequately protected from different

Cyber Security4
forms of cyber-attacks. The attacks often feature situations in which systems are exploited
without authorization. Hackers often utilize exploit kits or even ransomware to disrupt the
systems organizations can use. Safa et al. (2016), state that the damage expenses projected by
2021 owing to cybercrimes are at $6 trillion globally. Moreover, the rate at which cyber-attacks
are bound to occur is anticipated to increase following a limitation in the personnel available to
ensure that such occurrences are adequately combated. The Cyber Security Breaches Survey
which was conducted in 2018 by the government in the UK indicated that enterprises whose
scale of operation is large incur losses evaluated at £22,300. On the other hand, checkpoint.com.
(n.d.) indicates that the expenses anticipated for small organizations are estimated at £2,310. The
report presented in the form of a letter to the chairman aims at indicating the strategies that the
enterprise can rely on to integrate protocols that relate to cybersecurity and resilience.
Dear Chairman and the AICD,
REF: Strategies for cybersecurity and board recommendations for implementation
The company should make updates to its software and application systems. Organizations
are making the necessary shifts to ensure that they keep abreast with the IoT. The systems
implemented must be capable of meeting market requirements. Moreover, they must be
adequately secured for increased efficiency. For example, Štitilis et al. (2016), explain that
Spectre is among the incidences that marked 2018. The outcome was that security fixes were
issued by Apple. More specifically, the operating systems incorporated into the company’s iOS
11 mandated some improvement (Itgovernance.co.uk. n.d.). The result was that regardless of the
devices in possession of different users, they are assured of protection from being victims of
cyber-attacks.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cyber Security5
The strategy must include security audits for different organizational levels. IT related
practices and enterprise assets must be subjected to some scrutiny. The IT systems centrally used
by the company can be reviewed (Quigley et al. 2015). Furthermore, departments dealing with
end-users and other external parties should be made to participate in the procedures developed.
The outcome anticipated is that protective measures can be adequately underscored and
measures can be taken to ascertain that loopholes are eradicated. The circumstances evident at
TransPerfect, which is an American company offering translation services, qualify the need for
security audits. Cybercriminals were able to obtain social security, routing as well as bank
account numbers of the employees (Min et al. 2015). Appropriate measures in place would have
prevented anonymous from being received by workers affiliated with the company.
The corporation’s survival and exceptional performance depends on the education of the
parties involved. Enterprises are answerable to various categories of stakeholders. They include
workers, board members and other parties who might deal with the organization. Cybersecurity
education is an essential factor that would ensure that potential risks are understood. Moreover, it
provides the impetus through which proactive policies can be established (Gupta et al. 2016). For
example, John Hopkins offers individuals skills applicable for their enterprises if they ensure that
cyber attacks can be effectively prevented.
The company must strive to ensure that it complies with the regulations set concerning its
industry of operation. Moreover, it is mandatory for enterprises to ascertain that compliance
requirements which align with security provisions are adequately scrutinized (Johnston et al.
2016). The outcome is that necessary updates can be made for the enterprise’s IT system. The
policies to which companies are necessitated to adhere to may be national or even regional. For
example, businesses operational in Colombia are expected to align their activities with the

Cyber Security6
stipulations of Law 1273. The regulation targeted cyberspace and was enacted in 2009. It aims at
ensuring that information is protected as well as any data that may accrue to an enterprise.
Individuals involved in network crimes involving telecommunication as well as information
systems are not only liable to large fines, but also a prison sentence.
Additional standards that the enterprise can comply with in relation to the prevention of
cyber-crimes include the framework provided for cybersecurity by NIST, HIPAA as well as ISO
27001. More specifically, the establishment can make use of the NIST Special Publication 800-
53. The regulation concerns itself with controlling the privacy in addition to the security of
organizations and the information systems that they use. For example, agencies affiliated with
the government in America have implemented the standard as among the provisions enshrined in
the Federal Information Security Management Act. Controls stipulated in 800-53 specify the
practices mandatory for cloud computing and maintaining appropriate levels relating to digital
privacy.
The enterprise must evaluate cybersecurity expertise that is available in-house. The
experts that must be recruited can be determined to facilitate appropriate actions. Among the
categories that must be considered include operational experts who guard data by solving issues
that emanate from software obsolescence (Carr 2016). In addition, strategic experts engage in
endeavors which are proactive to ensure that risks are effectively mitigated. For example, a Chief
Information Security Officer can be recruited to oversee how the company can react to threats
concerning its data. Furthermore, they can be tasked with the duty of developing best practices
while offering assurance to stakeholders. However, the income attributable to an enterprise must
be within the range of $1.5billion for professionals to be recruited for data security (Graves et al.
2016).

Cyber Security7
Vulnerabilities which are cybersecurity-related often originate from the priorities or
attitudes that executive leaders indicate. The CISO must be guided by a mission that indicates
the responsibilities that must be fulfilled. New regulations formulated with respect to the
prevention of cyber-attacks include GDPR. Hence, knowledge that is specialized is a necessity
as well as technical expertise. Thus, greater effort is being directed towards the provision of the
education that executives might require. Institutions such as the Heinz School of Executive
Education ensure that leaders can access an approach that is holistic to ensure that executives can
perform their digital responsibilities effectively.
Furthermore, the enterprise may offer the indication that it requires the services availed
by external consulting firms to combat cyber attacks. Outside resources are only suitable where
operations limited and the risks anticipated are low. The revenue that accrues to an enterprise
determines its risk (Schell 2015). Moreover, reliance on technology is also considered as a
threshold that should be accorded some consideration.
The company can seek partnership with other organizations to facilitate efforts which are
collaborative against cyber-crimes. Cyberspace does not offer protection for select enterprises
while others are exposed. Hence, solidarity is encouraged to ensure that the threats which might
ensue are adequately mitigated. For example, the battle against cyber-attacks has paved the way
for the formulation of the SINCERE5 project (Anwar et al. 2017). The result is that island
nations can co-operate with countries such as the UK as well as the States of Guernsey. The
relationship was intended to facilitate the investigation into cyber-crimes, the provision of
reports relating to prevalent incidences while facilitating mechanisms geared towards the sharing
of information (Cavelty 2014). Similarly, the company can capitalize on the opportunities
availed by other establishments to combat threats to enterprise data.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber Security8
Company partners, as well as vendors, must be mandated to provide individual audits.
Appropriate policies offer the possibility for an enterprise to acquire audit reports which are IT
related regularly from parties with whom it may interact. Commvault and CITO research
developed a report in 2017 which underscored the importance of the cloud to companies
estimated at 18% (Wang et al. 2015). However, the trend is that data centers which are internally
operational in an organization are becoming obsolete. Current preferences are for edge
companies which are already running. The implication is that manufacturers who own plants
which are located on areas which are deemed as remote can make use of robots which are
automated in addition to production analytics where servers operating locally are used. Software
security is a necessity for the devices which are to be used.
Organizations must determine the structure applicable for the provision of necessary
reports. Cybersecurity procedures must be under the jurisdiction of an individual selected by the
establishment (Shin et al. 2015). Final reports are mandatory for the chairman or even the C.E.O.
The outcome is that assets in addition to important data can be safeguarded.
Policies that allow workers to utilize personal devices can be implemented. It should be
expected that the productivity of workers will be enhanced owing to their reliance on devices
which are considered as familiar. However, the likelihood of data being lost or stolen is much
higher. The functions workers are to perform individually must be monitored and subjected to
appropriate controls. Moreover, the systems accessible to employees must be limited to their
designated duties.
Regardless of the measures that might be taken to implement policies which are effective,
it is essential for awareness to be raised among respective parties. Workplaces can only be
considered as secure where the parties involved are aware. Breaches evident in most enterprises

Cyber Security9
often arise from the errors that people commit. For example, most employees opt for password
options which can easily be recalled. The investigation report which was tabled by Verizon
concerning data breaches indicated that 63% of the occurrences emanated from relying on
passwords which were either stolen or weak (Gordon et al. 2015). Employees enjoy the liberty of
ascertaining that desired programs are installed into their computers. Some of the applications
increase the ease through which organizational systems can be compromised. Therefore, it is of
paramount importance that employees learn strategies that would ensure they utilize
technological applications more securely.
Securing the data that accrues to an enterprise mandate that investments directed towards
the acquisition of various technologies must be made. The Federal Communications Commission
which is located in the US insists that enterprises are better suited to fight off viruses and
different forms of threats that might be evident online when they install updated security
software versions, web browsers as well as operating systems (Cavelty and Mauer 2016). India is
among the nations with the highest prevalence of software which is pirated. The result is that
companies that elect to purchase counterfeit innovations can easily succumb to the threats
evident online. Moreover, firewalls must also be applied to assess any traffic generated by
sources that exist externally from an enterprise. Parameters that relate to company security must
be efficiently determined.
Threat models can be relied on for the ROI that accrues to cybersecurity to be
maximized. The strategy would help to ensure the response given is effective for appropriate
mitigation measures to be used. Security architecture can be customized. Moreover, endeavors
can also be directed toward the development of company-specific processes that manage risks
arising from cyber-attacks. For example, the ODNI Cyber Threat Framework is among the

Cyber Security10
programs formulated by the government in America to ascertain that threat events could be
consistently categorized. Through the guideline, trends and modifications can be highlighted in
relation to the activities that cyber adversaries might choose to undertake.
Enterprises must adopt approaches which are improved to deal with the threats which
might ensue. Threat hunting must include measures which are proactive. Hence, approaches that
involve passive measures including logging, performing some monitoring activities and issuing
alerts is among the practices that enterprises should desist from. Platforms which integrate
various security operations are more preferable. For example, the portfolio can include Security
Operations Analytics Platform Architecture as well as SOAR related solutions. The implication
is that SIEM, utilized traditionally can be overlooked. Moreover, compliance artifacts can be
subjected to automatic generation. The result is that the artifacts can be subjected to some
analysis to determine the security posture that would be deemed as proactive for the
organization. Static code scanning is among the discrete activities that can be undertaken.
Recommendations on how the company should initiate a cyber resilience policy at the corporate
board level
The board in charge of the functions relating to an enterprise must assume responsibility
where cyber resilience is concerned. However, it can also decide to delegate its duties to
committees which might be inexistent. Cybersecurity mandates that an officer should oversee the
responsibilities that may ensue. It is necessary for the officer to access the board regularly.
Moreover, the authority bestowed on the individual must be sufficient. Adequate resources
should also be at the individual's disposal for then to adequately fulfill their responsibilities.
The board should opt for an approach that is based on risk where cybersecurity is
concerned. Through the assessment of potential risks, valuable assets can be identified. The

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cyber Security11
security requirements of the enterprise can also be determined (Boopathi et al. 2015). Moreover
threats to organizational data and their implication for the bottom line set.
The company’s board must ensure that its policy for cybersecurity is written down. The
outcome is that it can serve as a formal guide that is centralized in relation to various practices
that must be observed by all parties (Wong et al. 2017). The document can serve to guarantee
that the objectives of security specialists and individuals employed by the company align.
Moreover, rules for the enforcement of data protection can be based on the policy.
Updates must be implemented in relation to cybersecurity. Malware targets security
vulnerabilities which are already known. However, software which featuring updates that are
newly formulated is more likely to ensure that the data belonging to an enterprise remains secure.
In addition, back-ups must be created for the company's data. Ransomware encrypts data
ensuring that they are blocked from being accessible. Hackers may demand some money in
exchange for decryption keys (Kott 2014). Files which are routinely stored away assist in
processes that pertain to the recovery of data while keeping potential losses to a minimum.
The company must impose some limitations in regards to the parties allowed to access
data that is sensitive. Establishments operating at a scale that is limited offer new recruits
privileges which ease their access to information that should be confidential. Hence, additional
risks are presented for the enterprise. Privileges must only be escalated depending on the services
that workers offer the organization.
Account protection can also rely on two-factor authentication. Physical devices which
include mobile devices, as well as security tokens, are relied on for the confirmation of an
employee's identity. The precaution is that the devices used must not be lost or even stolen. The

Cyber Security12
result is that individuals who make use of shared accounts can be distinguished to ease
procedures relating to access control.
Conclusion
Cyber-attacks are bound to instigate some damages which are irreparable for an
organization. Data is often categorized as a valuable asset attributable to an enterprise. However,
it is often quite vulnerable, and measures which are sufficient must be implemented to ensure its
security. Appropriate systems are critical for the prevention of security breaches. Incorporating
devices which are individually used in addition to various operating systems is also critical.
Professions conversant with new threats can be recruited to ascertain that the possibility of
disastrous attacks occurring is minimized.
Bibliography
Anwar, M., He, W., Ash, I., Yuan, X., Li, L. and Xu, L. (2017) Gender difference and
employees' cybersecurity behaviors. Computers in Human Behavior, 69, pp.437-443.
Boopathi, K., Sreejith, S. and Bithin, A. (2015) Learning cybersecurity through gamification.
Indian Journal of Science and Technology, 8(7), pp.642-649.
Carr, M. (2016) Public-private partnerships in national cyber-security strategies. International
Affairs, 92(1), pp.43-62.

Cyber Security13
Cavelty, M.D. and Mauer, V. (2016) Power and security in the information age: Investigating
the role of the state in cyberspace. Routledge.
Cavelty, M.D. (2014) Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), pp.701-715.
Checkpoint.com. (n.d.) What is a Cyber Attack | Check Point Software. Retrieved from
https://www.checkpoint.com/definition/cyber-attack/
Gordon, L.A., Loeb, M.P., Lucyshyn, W., and Zhou, L. (2015) The impact of information
sharing on cybersecurity underinvestment: a real options perspective. Journal of
Accounting and Public Policy, 34(5), pp.509-519.
Graves, J.T., Acquisti, A. and Christin, N. (2016) Big data and bad data: on the sensitivity of
security policy to imperfect information. U. Chi. L. Rev., 83, p.117.
Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds. (2016) Handbook of research on modern
cryptographic solutions for computer and cybersecurity. IGI Global.
Itgovernance.co.uk. (n.d.) What is cyber security? – IT Governance. Retrieved from
https://www.itgovernance.co.uk/what-is-cybersecurity
Johnston, A.C., Warkentin, M., McBride, M., and Carter, L. (2016) Dispositional and situational
factors: influences on information security policy violations. European Journal of
Information Systems, 25(3), pp.231-251.
Kott, A. (2014) Towards fundamental science of cybersecurity. In Network science and
cybersecurity (pp. 1-13). Springer, New York, NY.
Min, K.S., Chai, S.W. and Han, M. (2015) An international comparative study on cybersecurity
strategy. International Journal of Security and Its Applications, 9(2), pp.13-20.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber Security14
Quigley, K., Burns, C. and Stallard, K. (2015) ‘Cyber Gurus’: A rhetorical analysis of the
language of cybersecurity specialists and the implications for security policy and critical
infrastructure protection. Government Information Quarterly, 32(2), pp.108-117.
Safa, N.S., Von Solms, R. and Furnell, S. (2016) Information security policy compliance model
in organizations. Computers & Security, 56, pp.70-82.
Schell, R.R. (2015) A University Education Cyber Security Paradigm Shift. National Initiative
for Cybersecurity Education (NICE),(San Diego, CA.
Shin, J., Son, H. and Heo, G. (2015) Development of a cybersecurity risk model using Bayesian
networks. Reliability Engineering & System Safety, 134, pp.208-217.
Štitilis, D., Pakutinskas, P. and Malinauskaitė-van de Castel, I. (2016) Preconditions of
sustainable ecosystem: cybersecurity policy and strategies. Entrepreneurship and
sustainability issues, 4(2), pp.174-181.
Wang, P., Ali, A. and Kelly, W. (2015) August. Data security and threat modeling for smart city
infrastructure. In Cyber Security of Smart Cities, Industrial Control System and
Communications (SSIC), 2015 International Conference on (pp. 1-6). IEEE.
Wong, E.Y., Porter, N., Hokanson, M. and Xie, B.B. (2017) BENCHMARKING ESTONIA'S
CYBERSECURITY: AN ON-RAMPING METHODOLOGY FOR RAPID ADOPTION
AND IMPLEMENTATION. In Proceedings of the International Annual Conference of
the American Society for Engineering Management. (pp. 1-8). American Society for
Engineering Management (ASEM).

1 out of 14

+13062052269

info@desklib.com

Strategies for Cybersecurity and Resilience in Organizations

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Best Practices for Cyber Resilience in Corporate Governance

THE CYBER OPERATIONS

Cybersecurity Name of the Student

Legal and Ethical Issues in Cybersecurity

Cyber Defence Project in ANZ Bank: Analysis of Project Risks

The Role of Innovation in Entrepreneurship