Cybersecurity Risk Assessment for Gigantic Corporation: Threats, Vulnerabilities, and Mitigation Measures
VerifiedAdded on  2024/06/27
|22
|6941
|382
AI Summary
This report examines the cybersecurity risks faced by Gigantic Corporation, identifying key threats, vulnerabilities, and their potential consequences. It provides a comprehensive risk assessment, outlining threat agents, vulnerabilities, and their impact on the organization's information assets. The report also offers practical recommendations and mitigation measures to enhance cybersecurity posture, including implementing strong passwords, regular software updates, data encryption, and employee training programs. By addressing these vulnerabilities and implementing the proposed measures, Gigantic Corporation can significantly reduce its exposure to cyber threats and protect its valuable information assets.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
ASSESSMENT ITEM: 3
SUBJECT: ITC-596 IT RISK MANAGEMENT
LECTURER:
STUDENT NAME:
STUDENT ID:
SUBJECT: ITC-596 IT RISK MANAGEMENT
LECTURER:
STUDENT NAME:
STUDENT ID:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
Gigantic Corporation is working on this issue of cybersecurity from long period of time and also
has controlled the security of certain activities conducted only by using the proposed
mechanisms and frameworks against the cyber-attacks such as creating money through
performing certain threats, access to the company’s personal and confidential information, many
other companies or organizations are developing their own hackers which are responsible for
getting the inside information of the other competitive and successful IT companies by knowing
their secrets, their USP etc. Such threats should never be overlooked as these actions can be from
anyone within or outside the company. The technical level of the risk associated with internet or
cyber is growing gradually. The risk or the problem which was earlier a major one in the
previous year, may not be that major by this year because of the remedies and thoughtful
solutions for that problems but now the other new risk and security issues have developed for
which the solutions are required to be developed. So this responsibility for managing the risks
should be well managed by the higher authorities or experts who as assigned specifically to
handle such issues in the corporation’s (Yasin, et. al., 2018).
This report covers the scope of risk assessment, overview of risk assessment, the threats and the
vulnerabilities of the cybersecurity along with the consequences and impact of these threats on
the Gigantic Corporation. Various measures are also suggested to mitigate these vulnerabilities
and threats by the adoption of the specific policies.
A risk management overview is also detailed below which provides the assessment approach,
key threat agents, types of the threats with the description by dividing its impact in the category
of high, medium, low.
Informational Compromises
Comprising the information assets of the company can lead to the damage in the coming future
for the company. There should be no negligence on the part of the organization like for example
if any error or mistake done by the employee or even by an outsider can have a long-lasting
impact on the growth of the business. Informational compromises include:
ï‚· It causes loss of productivity.
ï‚· It causes reputational damage.
ï‚· It may hamper intellectual property loss.
ï‚· Cyber-attacks may leave an impact on the profits.
ï‚· Adverse media coverage can be faced by the corporation.
ï‚· It will lead to a reduction in a competitive market.
To protect or to avoid any of the above situations it is very important to make sure that the expert
or the lead of the cybersecurity is well aware of all the activities being carried out in the
organization and also must have the up to date information regarding the threats and the
vulnerabilities for avoiding any kind of risk or threats related to the business organization.
It is not necessary that the threats are only from outside of the corporation. It can also be within
the organization as well as from outside the organization. There are many types of people who
Gigantic Corporation is working on this issue of cybersecurity from long period of time and also
has controlled the security of certain activities conducted only by using the proposed
mechanisms and frameworks against the cyber-attacks such as creating money through
performing certain threats, access to the company’s personal and confidential information, many
other companies or organizations are developing their own hackers which are responsible for
getting the inside information of the other competitive and successful IT companies by knowing
their secrets, their USP etc. Such threats should never be overlooked as these actions can be from
anyone within or outside the company. The technical level of the risk associated with internet or
cyber is growing gradually. The risk or the problem which was earlier a major one in the
previous year, may not be that major by this year because of the remedies and thoughtful
solutions for that problems but now the other new risk and security issues have developed for
which the solutions are required to be developed. So this responsibility for managing the risks
should be well managed by the higher authorities or experts who as assigned specifically to
handle such issues in the corporation’s (Yasin, et. al., 2018).
This report covers the scope of risk assessment, overview of risk assessment, the threats and the
vulnerabilities of the cybersecurity along with the consequences and impact of these threats on
the Gigantic Corporation. Various measures are also suggested to mitigate these vulnerabilities
and threats by the adoption of the specific policies.
A risk management overview is also detailed below which provides the assessment approach,
key threat agents, types of the threats with the description by dividing its impact in the category
of high, medium, low.
Informational Compromises
Comprising the information assets of the company can lead to the damage in the coming future
for the company. There should be no negligence on the part of the organization like for example
if any error or mistake done by the employee or even by an outsider can have a long-lasting
impact on the growth of the business. Informational compromises include:
ï‚· It causes loss of productivity.
ï‚· It causes reputational damage.
ï‚· It may hamper intellectual property loss.
ï‚· Cyber-attacks may leave an impact on the profits.
ï‚· Adverse media coverage can be faced by the corporation.
ï‚· It will lead to a reduction in a competitive market.
To protect or to avoid any of the above situations it is very important to make sure that the expert
or the lead of the cybersecurity is well aware of all the activities being carried out in the
organization and also must have the up to date information regarding the threats and the
vulnerabilities for avoiding any kind of risk or threats related to the business organization.
It is not necessary that the threats are only from outside of the corporation. It can also be within
the organization as well as from outside the organization. There are many types of people who
are said to be the risk for the assets of the organization or the corporation. So, careful analysis
should be done to keep the track record of these individuals. These individuals may include:
The types of individual vary as per the need and requirement for the fraud. To overcome or to
face such threats prevailing in the corporation should be handled by increasing the risk
management strategies and plans along with the awareness among the employees and the
specialists or experts who are specifically hired for ensuring the cybersecurity in the corporation.
Risks can be related to the financial, legal or any other business risks which could lead to loss of
critical information. The key to mitigating such risks involves having the proper knowledge and
information about the activities of the corporation, finding the appropriate solutions to overcome
the problems.
What is basically Information?
Information is said to be the data or the information about the particular people, system or the
entire organization. It is generally considered as the lifeblood of the organization. With the
growing automation and dependency among the various sectors of the business corporation, the
disturbance in any one of the sector can lead to the destruction of the overall IT business.
Information is said to be present everywhere from customers to employees to stakeholders.
Information is stored in the business systems related to the management, customer relationship
information. Operational systems, ensuring protection, safety, and the process control
mechanism for the overall organization. All these above-stated areas need to be considered while
identification of the information assets. All the activities in the business contain a certain amount
of relevant information or data it can either be user access to the information, corporate
management decisions, and process control systems operational networks. All these information
should be review and evaluated deeply to know the proper mitigation solutions and coming up
with the appropriate and successful solutions to ensure the cybersecurity.
Recommendations
The recommendations which are beneficial for the management are detailed below:
ï‚· Keeping all the software updated to avoid the inbound of threats and attacks in the
system.
ï‚· Keep the applications in the updated version as per the stated guidelines.
ï‚· Enabling VPN (virtual private network) in the computer systems.
ï‚· Taking the back-up of the data from the system on regular basis to avoid any future
problems.
ï‚· Enabling and installing various virus and attack detection software such as application
firewall and network firewall which helps in the prevention of attacks and threats.
ï‚· Framing up of better policies, procedures, and standards which are supported by the
cybersecurity.
ï‚· Conduction of the training programs for the employees in the corporation regarding the
cybersecurity.
ï‚· Formulation of the cybersecurity proposed plan which helps in avoiding the future
mistakes which have been repeated earlier.
ï‚· Using smart password while setting the credentials for the system or any files which
cannot be easily hacked by the hackers.
should be done to keep the track record of these individuals. These individuals may include:
The types of individual vary as per the need and requirement for the fraud. To overcome or to
face such threats prevailing in the corporation should be handled by increasing the risk
management strategies and plans along with the awareness among the employees and the
specialists or experts who are specifically hired for ensuring the cybersecurity in the corporation.
Risks can be related to the financial, legal or any other business risks which could lead to loss of
critical information. The key to mitigating such risks involves having the proper knowledge and
information about the activities of the corporation, finding the appropriate solutions to overcome
the problems.
What is basically Information?
Information is said to be the data or the information about the particular people, system or the
entire organization. It is generally considered as the lifeblood of the organization. With the
growing automation and dependency among the various sectors of the business corporation, the
disturbance in any one of the sector can lead to the destruction of the overall IT business.
Information is said to be present everywhere from customers to employees to stakeholders.
Information is stored in the business systems related to the management, customer relationship
information. Operational systems, ensuring protection, safety, and the process control
mechanism for the overall organization. All these above-stated areas need to be considered while
identification of the information assets. All the activities in the business contain a certain amount
of relevant information or data it can either be user access to the information, corporate
management decisions, and process control systems operational networks. All these information
should be review and evaluated deeply to know the proper mitigation solutions and coming up
with the appropriate and successful solutions to ensure the cybersecurity.
Recommendations
The recommendations which are beneficial for the management are detailed below:
ï‚· Keeping all the software updated to avoid the inbound of threats and attacks in the
system.
ï‚· Keep the applications in the updated version as per the stated guidelines.
ï‚· Enabling VPN (virtual private network) in the computer systems.
ï‚· Taking the back-up of the data from the system on regular basis to avoid any future
problems.
ï‚· Enabling and installing various virus and attack detection software such as application
firewall and network firewall which helps in the prevention of attacks and threats.
ï‚· Framing up of better policies, procedures, and standards which are supported by the
cybersecurity.
ï‚· Conduction of the training programs for the employees in the corporation regarding the
cybersecurity.
ï‚· Formulation of the cybersecurity proposed plan which helps in avoiding the future
mistakes which have been repeated earlier.
ï‚· Using smart password while setting the credentials for the system or any files which
cannot be easily hacked by the hackers.
ï‚· Executives should be involved in the cybersecurity issues and decisions because this
issue needs to be considered well while taking the important decisions by the upper-level
management.
issue needs to be considered well while taking the important decisions by the upper-level
management.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Contents
Executive Summary.........................................................................................................................1
1. Introduction.............................................................................................................................. 5
2. Assessment Findings- Threats, Vulnerabilities, and Consequences:.......................................7
2.1 Risk Assessment.................................................................................................................... 7
2.2 Threat Agents....................................................................................................................... 12
2.3 Vulnerabilities...................................................................................................................... 14
2.4 Recommendations................................................................................................................ 16
2.5 Mitigation Measures............................................................................................................ 17
2.6 Areas of Vulnerabilities in the Organization.......................................................................20
2.7 Threats and the impacts of threats........................................................................................20
3. Summary................................................................................................................................ 22
4. Conclusion..............................................................................................................................23
Executive Summary.........................................................................................................................1
1. Introduction.............................................................................................................................. 5
2. Assessment Findings- Threats, Vulnerabilities, and Consequences:.......................................7
2.1 Risk Assessment.................................................................................................................... 7
2.2 Threat Agents....................................................................................................................... 12
2.3 Vulnerabilities...................................................................................................................... 14
2.4 Recommendations................................................................................................................ 16
2.5 Mitigation Measures............................................................................................................ 17
2.6 Areas of Vulnerabilities in the Organization.......................................................................20
2.7 Threats and the impacts of threats........................................................................................20
3. Summary................................................................................................................................ 22
4. Conclusion..............................................................................................................................23
1. Introduction
Many business organizations, universities, and financial institutions are storing their private and
confidential data and information related to the business on their computers. This data and
information are shared among the various people with the help of internet. The internet has
facilitated the transferring and sharing of information from one person or organization to another
but the same internet is also giving rise to the problem of security. This rapid growth or the
internet is also growing the cyberattacks which result in a huge loss of data and information for
the business organizations.
Cybersecurity is basically termed as the introduction of the various mechanisms or frameworks
which help in protecting the computer hardware, computer software, various networks and
unauthorized access to data and information. Cybersecurity aims at protecting the network
equipment and internet from the various attacks and viruses which are said to be harmful to the
computer and aims at destroying the information or data stored in the computer which is very
important for the business organizations. Internet in today’s life plays a major role and is
considered to be very beneficial as it helps in promoting the business online, it facilitates the
communication among the people, and various financial transactions are conducted online with
the help of the internet. As the internet is providing us with a lot of benefits, it is also providing
the benefits to the people who are connected with the terrorism. It helps them in the gathering of
confidential and secret information; it also facilitates the dissemination of information among the
various people or group of people with the help of internet.
Cybersecurity is said to be the important part as it helps in protecting the individuals from the
online frauds. For the transactions related to finance which are generated the online certain
amount of risk is attached with that which requires financial security. It is very essential that all
the users of the internet should understand the ways or methods to protect themselves from the
online frauds and ensure cyber security. While working for the Gigantic Corporation as the IT
risk assessment lead consultant it is my duty or responsibility to ensure that all the activities
taking place online by the various stakeholders and technologist is conducted securely and safely
by avoiding any kind of threats which are harmful for the overall corporation. Cybersecurity
needs to be considered very seriously in the organization as it has the impact on the decisions
being made at the higher level.
1.1 Cyberspace:
Cyberspace is a virtual space which uses the electromagnetic spectrum and electronics which
help in storing, modification and exchange of information with the help of the network system. It
is basically an intangible place where the communication and various other activities which are
related to the internet take place. It is called to be expandable and borderless which has no
boundaries. With the growing type is growing gradually by providing a platform for sharing their
ideas, services, views and conduct the business activities online.
Many business organizations, universities, and financial institutions are storing their private and
confidential data and information related to the business on their computers. This data and
information are shared among the various people with the help of internet. The internet has
facilitated the transferring and sharing of information from one person or organization to another
but the same internet is also giving rise to the problem of security. This rapid growth or the
internet is also growing the cyberattacks which result in a huge loss of data and information for
the business organizations.
Cybersecurity is basically termed as the introduction of the various mechanisms or frameworks
which help in protecting the computer hardware, computer software, various networks and
unauthorized access to data and information. Cybersecurity aims at protecting the network
equipment and internet from the various attacks and viruses which are said to be harmful to the
computer and aims at destroying the information or data stored in the computer which is very
important for the business organizations. Internet in today’s life plays a major role and is
considered to be very beneficial as it helps in promoting the business online, it facilitates the
communication among the people, and various financial transactions are conducted online with
the help of the internet. As the internet is providing us with a lot of benefits, it is also providing
the benefits to the people who are connected with the terrorism. It helps them in the gathering of
confidential and secret information; it also facilitates the dissemination of information among the
various people or group of people with the help of internet.
Cybersecurity is said to be the important part as it helps in protecting the individuals from the
online frauds. For the transactions related to finance which are generated the online certain
amount of risk is attached with that which requires financial security. It is very essential that all
the users of the internet should understand the ways or methods to protect themselves from the
online frauds and ensure cyber security. While working for the Gigantic Corporation as the IT
risk assessment lead consultant it is my duty or responsibility to ensure that all the activities
taking place online by the various stakeholders and technologist is conducted securely and safely
by avoiding any kind of threats which are harmful for the overall corporation. Cybersecurity
needs to be considered very seriously in the organization as it has the impact on the decisions
being made at the higher level.
1.1 Cyberspace:
Cyberspace is a virtual space which uses the electromagnetic spectrum and electronics which
help in storing, modification and exchange of information with the help of the network system. It
is basically an intangible place where the communication and various other activities which are
related to the internet take place. It is called to be expandable and borderless which has no
boundaries. With the growing type is growing gradually by providing a platform for sharing their
ideas, services, views and conduct the business activities online.
2. Assessment Findings- Threats, Vulnerabilities, and Consequences:
2.1 Risk Assessment
Risk assessment is the process of identification of threats and analyzing those threats by
conducting the deep evaluation. Risk assessment lowers down the chances of errors, by
eliminating the wastage of time, resources and efforts. Things included in the risk assessment
involve:
ï‚· Identification of the various assets which are prone to be affected by the cyber attacks.
ï‚· Identifying the type of risks which is affecting the assets.
ï‚· An estimation and evaluation of the risk are performed.
ï‚· Monitoring and reviewing of the risk environment are necessary.
Before giving the detail explanation about the various vulnerabilities and threats, it is important
to understand that what these terms refer to with respect to the cybersecurity in IT companies.
For the companies like Gigantic Corporation and other IT companies which are prone to the
various cyber risks. Vulnerability refers to the fault or the weakness which is leading to the
exposure of threats or attacks in the business organization. The threat is referred to as the terms
used for the people or objects which are in danger via attacks. Management should always be
well aware of the various kinds of threats which organization is facing or may face in the coming
future. These threats can be identified by proper examination, an evaluation which can be done
by framing proper protocols and policies among the corporation. Proper training should be given
to control and identify these threats. The table given below describes the various kinds of threats
prevailing in the IT companies along with the certain other details which related to these threats
(Smith, 2018).
The risk assessment is detailed below:
Classification of information: The information is classified in the organization. Classification
basically means classifying the data on the basis of a certain category. Information assets include
the categories which involve the recording of critical data, customer interfaces. It is the
responsibility of the organization to ensure the confidentiality, availability, and integrity of the
information. Information can be stored onsite or offsite. The classification of the information
should be considered as the central list. Policies and regulations should be framed related to the
classification of the document. The employees should also be well aware and educated about the
same.
Identification of threats: The identification of threats is the next step which comes after the
classification of information. Threats can be assessed on the basis of the probability and the
occurrence of the attacks in the system. There are varieties of information threats which can
destruct the system. These threats include internal threats, physical threats, natural threats, threats
related to the network, social threats, and malicious threats. It is very important for the
organization to be aware of the threats in order to exempt the threats. These threats can be
identified at each and every level of the corporation.
Identification of Vulnerabilities: Vulnerabilities are weaknesses which exist within the
organization. These vulnerabilities need to be identified and avoided to decrease the chances of
threats and attacks. The vulnerabilities can be related to the various issues such as confidential
2.1 Risk Assessment
Risk assessment is the process of identification of threats and analyzing those threats by
conducting the deep evaluation. Risk assessment lowers down the chances of errors, by
eliminating the wastage of time, resources and efforts. Things included in the risk assessment
involve:
ï‚· Identification of the various assets which are prone to be affected by the cyber attacks.
ï‚· Identifying the type of risks which is affecting the assets.
ï‚· An estimation and evaluation of the risk are performed.
ï‚· Monitoring and reviewing of the risk environment are necessary.
Before giving the detail explanation about the various vulnerabilities and threats, it is important
to understand that what these terms refer to with respect to the cybersecurity in IT companies.
For the companies like Gigantic Corporation and other IT companies which are prone to the
various cyber risks. Vulnerability refers to the fault or the weakness which is leading to the
exposure of threats or attacks in the business organization. The threat is referred to as the terms
used for the people or objects which are in danger via attacks. Management should always be
well aware of the various kinds of threats which organization is facing or may face in the coming
future. These threats can be identified by proper examination, an evaluation which can be done
by framing proper protocols and policies among the corporation. Proper training should be given
to control and identify these threats. The table given below describes the various kinds of threats
prevailing in the IT companies along with the certain other details which related to these threats
(Smith, 2018).
The risk assessment is detailed below:
Classification of information: The information is classified in the organization. Classification
basically means classifying the data on the basis of a certain category. Information assets include
the categories which involve the recording of critical data, customer interfaces. It is the
responsibility of the organization to ensure the confidentiality, availability, and integrity of the
information. Information can be stored onsite or offsite. The classification of the information
should be considered as the central list. Policies and regulations should be framed related to the
classification of the document. The employees should also be well aware and educated about the
same.
Identification of threats: The identification of threats is the next step which comes after the
classification of information. Threats can be assessed on the basis of the probability and the
occurrence of the attacks in the system. There are varieties of information threats which can
destruct the system. These threats include internal threats, physical threats, natural threats, threats
related to the network, social threats, and malicious threats. It is very important for the
organization to be aware of the threats in order to exempt the threats. These threats can be
identified at each and every level of the corporation.
Identification of Vulnerabilities: Vulnerabilities are weaknesses which exist within the
organization. These vulnerabilities need to be identified and avoided to decrease the chances of
threats and attacks. The vulnerabilities can be related to the various issues such as confidential
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
issues, availability issue, and integrity issue. These issues must be well measured. A detail
description regarding the vulnerabilities is detailed below in the vulnerability section along with
its consequences.
Analyzing risk to information assets: Risk needs to be analyzed regarding the information
stored. If the information is confidential, then the authorized access should be granted for that
information. Such information should be well secured by people who are the competitors,
intruders. People may try to get the information by the wrong means or may also receive the
private information by accident or even the system can be attacked by the malicious attacks
which may result in loss of information? Risk can be calculated as:
Risk = (Probability of a threat occurring against any asset)* (the value of the asset)
The above equation can be summed up as; if the asset does not contain any value the risk
attached will be zero. If the assets consist of some valuable information then the risk will also be
higher
Selection of the method: Method needs to be selected for the measurement of the risk. There are
many types of methods; corporation has to select the best method among the various
methodologies as per the need and requirement. For the selection of the method, the organization
has to understand the security risk related to the information assets. The actions considered by
the corporation may depend upon the level of risk bearded by the organization. The measurement
of the risk can be done by dividing the risk on the basis of its impact. For example Risk can be
divided in form of low, medium and high on the basis of its impact.
The table given below states the threats along with the threat agents. It also displays the
description of the threats showcasing the threat assessments value.
S.NO Threats Threat Agents Description Threat
Assessment
Value
1. Viruses and
Malicious codes
Malicious attacker This threat is harming the
system in order to gain the
unauthorized access to the
computer system to extract the
information or personal data.
3
2. Jamming and
Blocking
Hackers Jamming is performed with the
help of radio transmission
which allows unauthorized
access for reading some
personal documents. It
basically leads to leakage of
sensitive and private
information from the system.
3
3. Function Creep Commercial
establishments
Function creep is the threat
when the information collected
4
description regarding the vulnerabilities is detailed below in the vulnerability section along with
its consequences.
Analyzing risk to information assets: Risk needs to be analyzed regarding the information
stored. If the information is confidential, then the authorized access should be granted for that
information. Such information should be well secured by people who are the competitors,
intruders. People may try to get the information by the wrong means or may also receive the
private information by accident or even the system can be attacked by the malicious attacks
which may result in loss of information? Risk can be calculated as:
Risk = (Probability of a threat occurring against any asset)* (the value of the asset)
The above equation can be summed up as; if the asset does not contain any value the risk
attached will be zero. If the assets consist of some valuable information then the risk will also be
higher
Selection of the method: Method needs to be selected for the measurement of the risk. There are
many types of methods; corporation has to select the best method among the various
methodologies as per the need and requirement. For the selection of the method, the organization
has to understand the security risk related to the information assets. The actions considered by
the corporation may depend upon the level of risk bearded by the organization. The measurement
of the risk can be done by dividing the risk on the basis of its impact. For example Risk can be
divided in form of low, medium and high on the basis of its impact.
The table given below states the threats along with the threat agents. It also displays the
description of the threats showcasing the threat assessments value.
S.NO Threats Threat Agents Description Threat
Assessment
Value
1. Viruses and
Malicious codes
Malicious attacker This threat is harming the
system in order to gain the
unauthorized access to the
computer system to extract the
information or personal data.
3
2. Jamming and
Blocking
Hackers Jamming is performed with the
help of radio transmission
which allows unauthorized
access for reading some
personal documents. It
basically leads to leakage of
sensitive and private
information from the system.
3
3. Function Creep Commercial
establishments
Function creep is the threat
when the information collected
4
for some purpose is used for
some another purpose than the
basic purpose which leads to
the extraction of data with the
wrong intentions or motives
which can be harmful to the
company as it may lead to
leaking out some personal or
confidential information.
4. Denial of
service attack/
Buffer overflow
Corporate raiders,
hackers,
professionals.
It aims at creating disruption of
services in the organization for
fun or for the achievement of
the illegal or political goals. It
is also known as the buffer
overflow.
3
5. Bypass
authentication/
Spoofing of
credentials
Professionals,
corporate raiders, an
employee in the
corporation
This step involves moving one
step forward for the sabotage
or penetration of the
information with the
permission of the user.
5
6. Trivialization of
unique
identifiers
Commercial
establishments
This threat is defined as using
the fingerprints of some
individual for some
unauthorized access to certain
documents or information.
4
7. Low acceptance
of equipment or
device
Employees Some systems or devices face
the problem of low acceptance
of input such as biometrics in
case of fingerprints which is
generally linked to a criminal
investigation.
4
The threats detailed above are some of the basic threats which prevail in any organization which
raises the issue of security in the company. These threats are some basic threats such as
unauthorized access to personal data or information. Various other threats also prevail such as
profiling, side channel attack, social engineering attack etc. These threats violate the information
(El Mrabet, et. al., 2018).
Various exposures which are leading to threats are detailed below:
ï‚· Spam
ï‚· Phishing
ï‚· Malware
ï‚· Spyware
ï‚· Proxies
ï‚· Adware
some another purpose than the
basic purpose which leads to
the extraction of data with the
wrong intentions or motives
which can be harmful to the
company as it may lead to
leaking out some personal or
confidential information.
4. Denial of
service attack/
Buffer overflow
Corporate raiders,
hackers,
professionals.
It aims at creating disruption of
services in the organization for
fun or for the achievement of
the illegal or political goals. It
is also known as the buffer
overflow.
3
5. Bypass
authentication/
Spoofing of
credentials
Professionals,
corporate raiders, an
employee in the
corporation
This step involves moving one
step forward for the sabotage
or penetration of the
information with the
permission of the user.
5
6. Trivialization of
unique
identifiers
Commercial
establishments
This threat is defined as using
the fingerprints of some
individual for some
unauthorized access to certain
documents or information.
4
7. Low acceptance
of equipment or
device
Employees Some systems or devices face
the problem of low acceptance
of input such as biometrics in
case of fingerprints which is
generally linked to a criminal
investigation.
4
The threats detailed above are some of the basic threats which prevail in any organization which
raises the issue of security in the company. These threats are some basic threats such as
unauthorized access to personal data or information. Various other threats also prevail such as
profiling, side channel attack, social engineering attack etc. These threats violate the information
(El Mrabet, et. al., 2018).
Various exposures which are leading to threats are detailed below:
ï‚· Spam
ï‚· Phishing
ï‚· Malware
ï‚· Spyware
ï‚· Proxies
ï‚· Adware
The above-listed exposures to threats are some of the basic viruses or attacks are done by the
attackers which create the problem in the system and interrupt the working of the entire
corporation.
Figure 1 Types of threats prevailing in the system
Source: (Aryal, 2018).
2.2 Threat Agents
It is not necessary that the threats are only from outside of the corporation. It can also be within
the organization as well as from outside the organization. There are many types of people who
are said to be the risk for the assets of the organization or the corporation. So, careful analysis
should be done to keep the track record of these individuals. These individuals may include:
ï‚· Employees: Every business or organization have given certain access to the employees
who have authority to make the legitimate access to the private and confidential
information related to the corporation and the misuse of this information can be very
harmful an destructive for the organization. It may also happen that this access is either
given to the employees by trusting them or employees may hack the information without
letting the corporation know about it (McIntosh, 2015).
ï‚· Hackers: Hackers are said to be the trained professionals who have the skill and
knowledge about the hacking various software and programs of any particular
organization to know the inside data or information about the specific corporation which
can be private and confidential.
attackers which create the problem in the system and interrupt the working of the entire
corporation.
Figure 1 Types of threats prevailing in the system
Source: (Aryal, 2018).
2.2 Threat Agents
It is not necessary that the threats are only from outside of the corporation. It can also be within
the organization as well as from outside the organization. There are many types of people who
are said to be the risk for the assets of the organization or the corporation. So, careful analysis
should be done to keep the track record of these individuals. These individuals may include:
ï‚· Employees: Every business or organization have given certain access to the employees
who have authority to make the legitimate access to the private and confidential
information related to the corporation and the misuse of this information can be very
harmful an destructive for the organization. It may also happen that this access is either
given to the employees by trusting them or employees may hack the information without
letting the corporation know about it (McIntosh, 2015).
ï‚· Hackers: Hackers are said to be the trained professionals who have the skill and
knowledge about the hacking various software and programs of any particular
organization to know the inside data or information about the specific corporation which
can be private and confidential.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
ï‚· Cyber Criminals: These are the personnel who perform the crimes online with the
motive of making money with this fraud business. For example, generating fake calls to
extract your account information (van der Walt, et. al., 2018).
ï‚· Foreign intelligence services or Industrial competitors: These are the other
competitive companies, which are interested in gaining the knowledge about your
successful business operations.
ï‚· Corporate raiders: Corporate raiders are the financier who tries to control the policies
of companies and then sell them over the bids and resell them to gain profit and earn
money from those policies (James, 2018).
ï‚· Professional criminals/ hackers: These are the hackers who have proper skills and
knowledge and who are said to be professional in this work. The threats performed by
these hackers are like spoofing of credentials, by-pass authentication.
Figure 2 Threat agents in the organization
Source: (Desjardins, 2017).
motive of making money with this fraud business. For example, generating fake calls to
extract your account information (van der Walt, et. al., 2018).
ï‚· Foreign intelligence services or Industrial competitors: These are the other
competitive companies, which are interested in gaining the knowledge about your
successful business operations.
ï‚· Corporate raiders: Corporate raiders are the financier who tries to control the policies
of companies and then sell them over the bids and resell them to gain profit and earn
money from those policies (James, 2018).
ï‚· Professional criminals/ hackers: These are the hackers who have proper skills and
knowledge and who are said to be professional in this work. The threats performed by
these hackers are like spoofing of credentials, by-pass authentication.
Figure 2 Threat agents in the organization
Source: (Desjardins, 2017).
2.3 Vulnerabilities
Vulnerabilities include the fault or mistake which is leading to the threat in the organization.
These vulnerabilities are like generally inviting the attackers for the hacking of the system. The
common software security vulnerabilities include:
ï‚· Weak password setting: When the passwords set by the employees in the corporation
are too weak that it can be easily hacked by the hackers. So it must be ensured that the
password set should be strong enough to break down.
ï‚· Bugs: Bugs are the various viruses or threats present in the system which is violating the
functionality of the system.
ï‚· Avoiding integrity checks while downloading of the codes: When the employees are
downloading the codes from the system, proper checking is not ensured which leads to
the problem in the future as it leads to loss of integrity.
ï‚· Lack of back-up/ failover procedures: There is no adequate back up in the system
taken up by the employees. Appropriate nodes related to failure are not being considered
by the employees.
ï‚· Using devices and equipment in the unprotected environments: Devices or equipment
used by the employees or the management should be used in the secure and safe
environment. Using the system in the inappropriate or unprotected environment leads to
viruses or attacks which damage the system and also increases the chances of information
leakage (Saini, et. al., 2018).
ï‚· Error rates in the computer systems: The increasing rate of errors in the computer
system or system devices create the problems which invite the errors and threats in the
system, which creates the problem of data leakage, unauthorized access to data, sharing
of confidential and private information with others without the permission of the user.
ï‚· Lacking correct data mechanisms: Procedure for collecting the correct data is improper
or incorrect which creates the problem in the system.
ï‚· Linkability of data: The linking between the different documents or data is also the
problem for the IT employees as different databases are linked with the help of profiling,
data mining, social sorting, data aggregation etc. These functions create the problem of
data linking which raises the issue of security (McIntosh, 2015).
Vulnerabilities are basically considered as the weakness prevailing in the system. These
weaknesses allow the intruders or hackers to execute certain commands, unauthorized access to
data etc. These vulnerabilities are found in every area of the corporation. The table given below
shows a relationship between the vulnerability and the threat and how this vulnerability is giving
birth to the threat is given below:
Description of Vulnerability Consequences
Increasing dependency on IT systems, external
infrastructure, and network
ï‚· This leads to the denial service of
attacks and also creates the
problem of buffer overflow.
ï‚· It gives rise to worms, malicious
code and worms.
Vulnerabilities include the fault or mistake which is leading to the threat in the organization.
These vulnerabilities are like generally inviting the attackers for the hacking of the system. The
common software security vulnerabilities include:
ï‚· Weak password setting: When the passwords set by the employees in the corporation
are too weak that it can be easily hacked by the hackers. So it must be ensured that the
password set should be strong enough to break down.
ï‚· Bugs: Bugs are the various viruses or threats present in the system which is violating the
functionality of the system.
ï‚· Avoiding integrity checks while downloading of the codes: When the employees are
downloading the codes from the system, proper checking is not ensured which leads to
the problem in the future as it leads to loss of integrity.
ï‚· Lack of back-up/ failover procedures: There is no adequate back up in the system
taken up by the employees. Appropriate nodes related to failure are not being considered
by the employees.
ï‚· Using devices and equipment in the unprotected environments: Devices or equipment
used by the employees or the management should be used in the secure and safe
environment. Using the system in the inappropriate or unprotected environment leads to
viruses or attacks which damage the system and also increases the chances of information
leakage (Saini, et. al., 2018).
ï‚· Error rates in the computer systems: The increasing rate of errors in the computer
system or system devices create the problems which invite the errors and threats in the
system, which creates the problem of data leakage, unauthorized access to data, sharing
of confidential and private information with others without the permission of the user.
ï‚· Lacking correct data mechanisms: Procedure for collecting the correct data is improper
or incorrect which creates the problem in the system.
ï‚· Linkability of data: The linking between the different documents or data is also the
problem for the IT employees as different databases are linked with the help of profiling,
data mining, social sorting, data aggregation etc. These functions create the problem of
data linking which raises the issue of security (McIntosh, 2015).
Vulnerabilities are basically considered as the weakness prevailing in the system. These
weaknesses allow the intruders or hackers to execute certain commands, unauthorized access to
data etc. These vulnerabilities are found in every area of the corporation. The table given below
shows a relationship between the vulnerability and the threat and how this vulnerability is giving
birth to the threat is given below:
Description of Vulnerability Consequences
Increasing dependency on IT systems, external
infrastructure, and network
ï‚· This leads to the denial service of
attacks and also creates the
problem of buffer overflow.
ï‚· It gives rise to worms, malicious
code and worms.
ï‚· The malfunctioning of the system,
also it leads to the breakdown of
the system and devices with the
interrupted working.
ï‚· It also leads to theft and social
engineering attack.
ï‚· Unauthorized access is granted to
some restricted areas which
contain some private and
confidential information related to
the company.
Lack of awareness, lack of training, Security
aspects
ï‚· It leads to the loss of data or even
the data can be misused for the
wrong purpose with the wrong
intentions.
ï‚· Data protection legislation is not
followed.
ï‚· Devices are not functioning
properly along with a lot of
enormous unreliable data stored in
the system.
ï‚· The problem of function creep
exists which creates the problem
of using the information apart
from the motive of collecting the
information.
ï‚· It gives birth to social engineering
attacks.
Inadequate security measures for the storage of
data.
ï‚· Device acceptance becomes low
and the equipment or devices don’t
respond properly by creating the
problem in the output.
ï‚· Unauthorized access or deleting
the data without the permission of
the users.
ï‚· Loss of devices or cards which
also involves misusing the devices
or the systems.
also it leads to the breakdown of
the system and devices with the
interrupted working.
ï‚· It also leads to theft and social
engineering attack.
ï‚· Unauthorized access is granted to
some restricted areas which
contain some private and
confidential information related to
the company.
Lack of awareness, lack of training, Security
aspects
ï‚· It leads to the loss of data or even
the data can be misused for the
wrong purpose with the wrong
intentions.
ï‚· Data protection legislation is not
followed.
ï‚· Devices are not functioning
properly along with a lot of
enormous unreliable data stored in
the system.
ï‚· The problem of function creep
exists which creates the problem
of using the information apart
from the motive of collecting the
information.
ï‚· It gives birth to social engineering
attacks.
Inadequate security measures for the storage of
data.
ï‚· Device acceptance becomes low
and the equipment or devices don’t
respond properly by creating the
problem in the output.
ï‚· Unauthorized access or deleting
the data without the permission of
the users.
ï‚· Loss of devices or cards which
also involves misusing the devices
or the systems.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2.4 Recommendations
There are certain recommendations which need to be made in the process to improve the
cybersecurity in the corporation which can be done by considering the following
recommendations detailed below:
ï‚· Using anti-virus software and updated software.
ï‚· The problem of the backup.
ï‚· Access to data problem.
ï‚· Protecting the computers.
ï‚· Software settings should be implemented.
ï‚· Sensitive data information should be stored separately.
ï‚· Enforcing the rules related to logins.
ï‚· The retirement of unused applications and software
ï‚· Regular updates
2.5 Mitigation Measures
Proper measures or methods should be proposed for controlling the vulnerabilities detailed above
because these vulnerabilities are giving birth to the various security issues which allow intruders
or attackers to attack the system and allow unauthorized sharing and access to information.
These measures help in preventing the attacks being done by the attackers. Attackers may have
their own personal reason for initiating the hacking. Given below are the certain measures which
should be initiated to find the countermeasures for the vulnerabilities prevailing in the
organization (Furnell, 2017).
 Better security system: The systems and the software in the organization should be used by
accepting the guidelines attached along with it which helps in maintaining the security level
by avoiding the threats and attacks.
 Protecting Outbound data: The data going out of the system need to be ensured that is out
bounded in a safe manner. Sending sensitive or private information out of the computer
should be considered well before sending it because it may be used by some hacker or
attacker which can misuse this personal or private information with the wrong motives
(Moreira, et. al., 2016).
 Using regular patches: Hackers can attack into your system even from a very tiny hole. So
it is important that the regular scans for the security are conducted in the computer systems of
the employees for the detection of viruses and avoiding any viruses or attacks from the
system.
 Creating smart passwords: Gigantic Corporation is very strict about the password policy
which ensures using the strong passwords which make it difficult for the hacker to corrupt
the system. The passwords set for the systems should be set wisely and should not be shared
with anyone.
 Purchasing cyber insurance policy: Cyber insurance policy helps in protecting from the
frauds or breaches. This policy will help in recovering the losses and also helps in recovering
the damage costs which is done by the attackers or hackers.
There are certain recommendations which need to be made in the process to improve the
cybersecurity in the corporation which can be done by considering the following
recommendations detailed below:
ï‚· Using anti-virus software and updated software.
ï‚· The problem of the backup.
ï‚· Access to data problem.
ï‚· Protecting the computers.
ï‚· Software settings should be implemented.
ï‚· Sensitive data information should be stored separately.
ï‚· Enforcing the rules related to logins.
ï‚· The retirement of unused applications and software
ï‚· Regular updates
2.5 Mitigation Measures
Proper measures or methods should be proposed for controlling the vulnerabilities detailed above
because these vulnerabilities are giving birth to the various security issues which allow intruders
or attackers to attack the system and allow unauthorized sharing and access to information.
These measures help in preventing the attacks being done by the attackers. Attackers may have
their own personal reason for initiating the hacking. Given below are the certain measures which
should be initiated to find the countermeasures for the vulnerabilities prevailing in the
organization (Furnell, 2017).
 Better security system: The systems and the software in the organization should be used by
accepting the guidelines attached along with it which helps in maintaining the security level
by avoiding the threats and attacks.
 Protecting Outbound data: The data going out of the system need to be ensured that is out
bounded in a safe manner. Sending sensitive or private information out of the computer
should be considered well before sending it because it may be used by some hacker or
attacker which can misuse this personal or private information with the wrong motives
(Moreira, et. al., 2016).
 Using regular patches: Hackers can attack into your system even from a very tiny hole. So
it is important that the regular scans for the security are conducted in the computer systems of
the employees for the detection of viruses and avoiding any viruses or attacks from the
system.
 Creating smart passwords: Gigantic Corporation is very strict about the password policy
which ensures using the strong passwords which make it difficult for the hacker to corrupt
the system. The passwords set for the systems should be set wisely and should not be shared
with anyone.
 Purchasing cyber insurance policy: Cyber insurance policy helps in protecting from the
frauds or breaches. This policy will help in recovering the losses and also helps in recovering
the damage costs which is done by the attackers or hackers.
 Encryption of data: This is considered as one of the best ways for keeping the information
safe from the hackers by encrypting all the information stored in the PC in the databases and
on servers (Strand, 2014).
 Physical security should not be ignored: Financial documents or files, PC containing
private information, ID badges and other personal or private belongings should be kept safe
and locked away when not in use because anyone within the organization or outside the
organization can take advantage of this personal information against you or against the
corporation (Porcedda, 2018).
 Implementation of a training program for the employees on cybersecurity: Proper
training should be provided to the employees regarding the cybersecurity as it helps in giving
them advance knowledge and information about the problem being occurred in the
cybersecurity, stating the causes along with the countermeasures to avoid these risks.
 Involvement of the executives in the issue of cybersecurity: The leaders or the upper
management should be well aware of the threats and issues of cybersecurity as it helps in
recognition of problem at the upper level and also the further policies can be framed by
keeping these problems in mind. Experts or specialist should be hired for the prevention of
attacks and ensuring the cybersecurity (Miller, et. al., 2016).
 Formulation of the Cybersecurity incident proposes a plan: The plan or layout should be
formulated regarding the past experience of the cybersecurity issues which will help in
overcoming the problems in the coming future. These plans are detailed with the problem
occurred in the system and how the problem was resolved with the specific measures which
can be considered in the coming future (Ben-Asher and Gonzalez, 2015).
 Maintenance of awareness regarding the various vulnerabilities: Employees should be
well aware of the existence of certain vulnerabilities present in the corporation. Proper
updates should be done in the systems regarding the software built up for protecting the
system from threats and viruses. The effective approach of patching also helps in reducing
the cyber-attacks.
 Using secure remote access methods: The ability of remote connection to the network
provides a great help or convenience to the employees but make sure it needs to be secured
with the help of virtual private network (VPN). With the help of VPN users can access the
files, databases, and websites remotely by reducing the chances of malware or vulnerabilities
in the network.
 Applying firewalls and implementing network segmentation: Network segmentation
refers to segregating the data and assets related to the IT in specific groups and restraining
access to these groups. Also, the application of firewall helps in threat prevention. Firewall is
a program which is installed in the system which helps in the filtering of inbound and
outbound of traffic generated by the system. It basically helps in preventing the entry of
threats into the system (Smyth, 2015).
safe from the hackers by encrypting all the information stored in the PC in the databases and
on servers (Strand, 2014).
 Physical security should not be ignored: Financial documents or files, PC containing
private information, ID badges and other personal or private belongings should be kept safe
and locked away when not in use because anyone within the organization or outside the
organization can take advantage of this personal information against you or against the
corporation (Porcedda, 2018).
 Implementation of a training program for the employees on cybersecurity: Proper
training should be provided to the employees regarding the cybersecurity as it helps in giving
them advance knowledge and information about the problem being occurred in the
cybersecurity, stating the causes along with the countermeasures to avoid these risks.
 Involvement of the executives in the issue of cybersecurity: The leaders or the upper
management should be well aware of the threats and issues of cybersecurity as it helps in
recognition of problem at the upper level and also the further policies can be framed by
keeping these problems in mind. Experts or specialist should be hired for the prevention of
attacks and ensuring the cybersecurity (Miller, et. al., 2016).
 Formulation of the Cybersecurity incident proposes a plan: The plan or layout should be
formulated regarding the past experience of the cybersecurity issues which will help in
overcoming the problems in the coming future. These plans are detailed with the problem
occurred in the system and how the problem was resolved with the specific measures which
can be considered in the coming future (Ben-Asher and Gonzalez, 2015).
 Maintenance of awareness regarding the various vulnerabilities: Employees should be
well aware of the existence of certain vulnerabilities present in the corporation. Proper
updates should be done in the systems regarding the software built up for protecting the
system from threats and viruses. The effective approach of patching also helps in reducing
the cyber-attacks.
 Using secure remote access methods: The ability of remote connection to the network
provides a great help or convenience to the employees but make sure it needs to be secured
with the help of virtual private network (VPN). With the help of VPN users can access the
files, databases, and websites remotely by reducing the chances of malware or vulnerabilities
in the network.
 Applying firewalls and implementing network segmentation: Network segmentation
refers to segregating the data and assets related to the IT in specific groups and restraining
access to these groups. Also, the application of firewall helps in threat prevention. Firewall is
a program which is installed in the system which helps in the filtering of inbound and
outbound of traffic generated by the system. It basically helps in preventing the entry of
threats into the system (Smyth, 2015).
Figure 3 Awareness regarding the Cyber security
Source: (Nepia, 2016).
2.6 Areas of Vulnerabilities in the Organization
There are potential areas of vulnerabilities in the organization which conducts certain activities
or functions which lead to threats and attacks and create the urge of cybersecurity in the
organization. These areas are detailed below:
Physical Environment: The work conducted in the physical environment ensures the logical
control of security in each and every phase of the environment by strengthening the flow of
information and data in different areas (Maskun, 2013).
Software, hardware and other equipment related to communication: Various kinds of
software and hardware devices are involved in creating the problems the problem related to the
firewall, unauthorized access to devices.
Organizational Procedures: The procedures of the organization are also considered as the area
of vulnerabilities because some procedures are framed in a way that they create the problem of
vulnerability.
Source: (Nepia, 2016).
2.6 Areas of Vulnerabilities in the Organization
There are potential areas of vulnerabilities in the organization which conducts certain activities
or functions which lead to threats and attacks and create the urge of cybersecurity in the
organization. These areas are detailed below:
Physical Environment: The work conducted in the physical environment ensures the logical
control of security in each and every phase of the environment by strengthening the flow of
information and data in different areas (Maskun, 2013).
Software, hardware and other equipment related to communication: Various kinds of
software and hardware devices are involved in creating the problems the problem related to the
firewall, unauthorized access to devices.
Organizational Procedures: The procedures of the organization are also considered as the area
of vulnerabilities because some procedures are framed in a way that they create the problem of
vulnerability.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Personnel: The personnel or employees working in the corporation are also considered as one of
the key factors for the creation of vulnerabilities which give rise to the various attacks and threats
in the corporation.
2.7 Threats and the impacts of threats
S.NO Identified Threat Impact Risk Calculation
1. Loss of data High Impact Low
2. Data leakage/ exposure of
customer information
Medium Elevated
3. Unauthorized access High Severe
4. Disruption of service or
productivity
High Low
5. Failed processes Low Low
The impact of threats is detailed above in the form of high, medium and low on the basis of the
problem occurring in the organization. The calculation of risk is done on the basis of which the
risk is calculated by measuring the adverse effect of the attacks or threats having. Some of the
impacts of cyber-attack are detailed below:
 Reputational Damage: Trust is considered as an essential element for building up the
customers in any business organization. This trust can be easily broken by the cyber-attacks
which can also harm the reputation of the business and can also shake the trust of the
customers. This trust can lead to the various other problems like:
ï‚· Loss of sales.
ï‚· Profit reduction
ï‚· Loss of customers
 The economic cost of cyber-attack: Cyber-attacks can also lead to adding up the financial
cost which results in increasing the economic cost. These costs arise from:
ï‚· Corporation information theft
ï‚· Business or contract loss
ï‚· Financial information theft
ï‚· Disruptions relating to the business operations
 Legal consequences of cyber breach: Privacy laws and protection of data require the
management of security by maintaining the security of the personal data. If the data is
the key factors for the creation of vulnerabilities which give rise to the various attacks and threats
in the corporation.
2.7 Threats and the impacts of threats
S.NO Identified Threat Impact Risk Calculation
1. Loss of data High Impact Low
2. Data leakage/ exposure of
customer information
Medium Elevated
3. Unauthorized access High Severe
4. Disruption of service or
productivity
High Low
5. Failed processes Low Low
The impact of threats is detailed above in the form of high, medium and low on the basis of the
problem occurring in the organization. The calculation of risk is done on the basis of which the
risk is calculated by measuring the adverse effect of the attacks or threats having. Some of the
impacts of cyber-attack are detailed below:
 Reputational Damage: Trust is considered as an essential element for building up the
customers in any business organization. This trust can be easily broken by the cyber-attacks
which can also harm the reputation of the business and can also shake the trust of the
customers. This trust can lead to the various other problems like:
ï‚· Loss of sales.
ï‚· Profit reduction
ï‚· Loss of customers
 The economic cost of cyber-attack: Cyber-attacks can also lead to adding up the financial
cost which results in increasing the economic cost. These costs arise from:
ï‚· Corporation information theft
ï‚· Business or contract loss
ï‚· Financial information theft
ï‚· Disruptions relating to the business operations
 Legal consequences of cyber breach: Privacy laws and protection of data require the
management of security by maintaining the security of the personal data. If the data is
compromised either deliberately or accidentally proper fines and regulation charges are faced
which leads to the management of privacy laws (Gratian, et. al., 2018).
which leads to the management of privacy laws (Gratian, et. al., 2018).
3. Summary
With the detailed study of cybersecurity in the Gigantic Corporation, it can be summarized that
the various kind of threats and attacks which are hitting the system needs to be controlled and
should be studied deeply with risk assessment analysis which helps in analysis and evaluation of
risk. Risk assessment helps in forecasting the changes coming in the future and also helps in
future analysis of the threats. Various threat agents are involved such as corporate raiders,
hackers, professional hackers, criminals, terrorist etc which are detailed above in this risk
assessment section with the detail functions being performed by these agents. The threats are
caused due to the issues of vulnerabilities. The vulnerabilities are the mistakes performed by the
individuals working in the organization repeatedly, further gives rise to the threats and attacks.
The table is drawn above which displays the vulnerabilities such as lack of back-ups, excessive
dependency on systems, lack of sufficient skills etc have created the problems of the threats. So
these vulnerabilities need to be controlled by mitigating the problems and the solutions are
suggested by which these vulnerabilities can be reduced and a better environment in the
corporation can be developed which helps in prevention of attacks and threats. Cybersecurity is
considered to be important as mentioned above in the introduction that all the essential and
confidential information is stored in the cyberspace which requires to be protected from the
hackers and attackers which may lead to distortion of data by authorized access, excessive data
storage, leakage of data etc. Therefore the security of this cyberspace is really important which
can be done by ensuring the cybersecurity.
With the detailed study of cybersecurity in the Gigantic Corporation, it can be summarized that
the various kind of threats and attacks which are hitting the system needs to be controlled and
should be studied deeply with risk assessment analysis which helps in analysis and evaluation of
risk. Risk assessment helps in forecasting the changes coming in the future and also helps in
future analysis of the threats. Various threat agents are involved such as corporate raiders,
hackers, professional hackers, criminals, terrorist etc which are detailed above in this risk
assessment section with the detail functions being performed by these agents. The threats are
caused due to the issues of vulnerabilities. The vulnerabilities are the mistakes performed by the
individuals working in the organization repeatedly, further gives rise to the threats and attacks.
The table is drawn above which displays the vulnerabilities such as lack of back-ups, excessive
dependency on systems, lack of sufficient skills etc have created the problems of the threats. So
these vulnerabilities need to be controlled by mitigating the problems and the solutions are
suggested by which these vulnerabilities can be reduced and a better environment in the
corporation can be developed which helps in prevention of attacks and threats. Cybersecurity is
considered to be important as mentioned above in the introduction that all the essential and
confidential information is stored in the cyberspace which requires to be protected from the
hackers and attackers which may lead to distortion of data by authorized access, excessive data
storage, leakage of data etc. Therefore the security of this cyberspace is really important which
can be done by ensuring the cybersecurity.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4. Conclusion
Cybersecurity is considered to be the vast topic which is gaining importance day by day as the
people are getting interconnected to each other with the help of the internet. Every year new
cyber threats are discovered and new measures are developed to ensure the cybersecurity by
protecting the cyberspace from the various threats and agents. The latest technology and
innovation is used to find the optimal solutions regarding the cybersecurity because as the trends
and technology are growing the cyber crimes are also increasing at the same pace. So, the
hackers are now becoming more confident and professional in their work which needs to be
stopped by using the optimal measures such as taking care of the existing threats, controlling the
vulnerabilities, conducting a proper risk assessment of the cyber crimes being conducted in the
corporation or in the organization. The most threats observed are spread by using the malicious
attacks such as spam, direct download campaigns, phishing etc. These threats can be mitigated
by increasing the awareness regarding the cyber crimes among the employees. The information
stored by the personnel should be kept private and confidential but which is not done by most of
the employees which lead to unauthorized access to the data. Various digital scams and threats
related to the information security will exist as long as the people will become more careful and
be more concern about their actions. It’s time that all the people in the organization or outside the
organization should take cybersecurity more seriously otherwise it will destruct everything.
Cybersecurity is considered to be the vast topic which is gaining importance day by day as the
people are getting interconnected to each other with the help of the internet. Every year new
cyber threats are discovered and new measures are developed to ensure the cybersecurity by
protecting the cyberspace from the various threats and agents. The latest technology and
innovation is used to find the optimal solutions regarding the cybersecurity because as the trends
and technology are growing the cyber crimes are also increasing at the same pace. So, the
hackers are now becoming more confident and professional in their work which needs to be
stopped by using the optimal measures such as taking care of the existing threats, controlling the
vulnerabilities, conducting a proper risk assessment of the cyber crimes being conducted in the
corporation or in the organization. The most threats observed are spread by using the malicious
attacks such as spam, direct download campaigns, phishing etc. These threats can be mitigated
by increasing the awareness regarding the cyber crimes among the employees. The information
stored by the personnel should be kept private and confidential but which is not done by most of
the employees which lead to unauthorized access to the data. Various digital scams and threats
related to the information security will exist as long as the people will become more careful and
be more concern about their actions. It’s time that all the people in the organization or outside the
organization should take cybersecurity more seriously otherwise it will destruct everything.
References
Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human traits
and cybersecurity behavior intentions. computers & security, 73, 345-358.
Porcedda, M. G. (2018). Patching the patchwork: appraising the EU regulatory framework on
cybersecurity breaches. Computer Law & Security Review.
Smith, G. (2018). The intelligent solution: automation, the skills shortage, and cyber-
security. Computer Fraud & Security, 2018(8), 6-9.
El Mrabet, Z., Kaabouch, N., El Ghazi, H., & El Ghazi, H. (2018). Cyber-security in smart grid:
Survey and challenges. Computers & Electrical Engineering, 67, 469-482.
Saini, A. S., Yuan, D., Jin, J., Gao, L., Yu, S., & Dong, Z. Y. (2018). Cyber security framework
for Internet of Things-based Energy Internet. Future Generation Computer Systems.
Desjardins, J. (2017). What's a Greater Cybersecurity Threat: Insiders or Outsiders?. [Online]
Visual Capitalist. Available at: http://www.visualcapitalist.com/cybersecurity-threat-insiders-
outsiders/, [Accessed: 11 Sep 2018].
Aryal, M. (2018). What is Computer Security? What are the Types of Computer Security Threat?
- ICT Frame Technology. [online] ICT Frame Technology. Available at:
https://ictframe.com/what-is-computer-security-what-are-the-types-of-computer-security-threat/
[Accessed 11 Sep. 2018].
Nepia (2016). Identifying Cyber Threats and Risks. [online] Nepia.com. Available at:
http://www.nepia.com/insights/cyber-security/identifying-threats-and-risks/ [Accessed 11 Sep.
2018].
James, L. (2018). Making cyber-security a strategic business priority. Network Security, 2018(5),
6-8.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, 51-61.
Moreira, N., Molina, E., Lázaro, J., Jacob, E., & Astarloa, A. (2016). Cyber-security in
substation automation systems. Renewable and Sustainable Energy Reviews, 54, 1552-1562.
van der Walt, E., Eloff, J. H. P., & Grobler, J. (2018). Cyber-security: Identity Deception
Detection on Social Media Platforms. Computers & Security.
van Schaik, P., Jeske, D., Onibokun, J., Coventry, L., Jansen, J., & Kusev, P. (2017). Risk
perceptions of cyber-security and precautionary behaviour. Computers in Human Behavior, 75,
547-559.
Yasin, A., Liu, L., Li, T., Wang, J., & Zowghi, D. (2018). Design and preliminary evaluation of a
cyber Security Requirements Education Game (SREG). Information and Software
Technology, 95, 179-200.
Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human traits
and cybersecurity behavior intentions. computers & security, 73, 345-358.
Porcedda, M. G. (2018). Patching the patchwork: appraising the EU regulatory framework on
cybersecurity breaches. Computer Law & Security Review.
Smith, G. (2018). The intelligent solution: automation, the skills shortage, and cyber-
security. Computer Fraud & Security, 2018(8), 6-9.
El Mrabet, Z., Kaabouch, N., El Ghazi, H., & El Ghazi, H. (2018). Cyber-security in smart grid:
Survey and challenges. Computers & Electrical Engineering, 67, 469-482.
Saini, A. S., Yuan, D., Jin, J., Gao, L., Yu, S., & Dong, Z. Y. (2018). Cyber security framework
for Internet of Things-based Energy Internet. Future Generation Computer Systems.
Desjardins, J. (2017). What's a Greater Cybersecurity Threat: Insiders or Outsiders?. [Online]
Visual Capitalist. Available at: http://www.visualcapitalist.com/cybersecurity-threat-insiders-
outsiders/, [Accessed: 11 Sep 2018].
Aryal, M. (2018). What is Computer Security? What are the Types of Computer Security Threat?
- ICT Frame Technology. [online] ICT Frame Technology. Available at:
https://ictframe.com/what-is-computer-security-what-are-the-types-of-computer-security-threat/
[Accessed 11 Sep. 2018].
Nepia (2016). Identifying Cyber Threats and Risks. [online] Nepia.com. Available at:
http://www.nepia.com/insights/cyber-security/identifying-threats-and-risks/ [Accessed 11 Sep.
2018].
James, L. (2018). Making cyber-security a strategic business priority. Network Security, 2018(5),
6-8.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, 51-61.
Moreira, N., Molina, E., Lázaro, J., Jacob, E., & Astarloa, A. (2016). Cyber-security in
substation automation systems. Renewable and Sustainable Energy Reviews, 54, 1552-1562.
van der Walt, E., Eloff, J. H. P., & Grobler, J. (2018). Cyber-security: Identity Deception
Detection on Social Media Platforms. Computers & Security.
van Schaik, P., Jeske, D., Onibokun, J., Coventry, L., Jansen, J., & Kusev, P. (2017). Risk
perceptions of cyber-security and precautionary behaviour. Computers in Human Behavior, 75,
547-559.
Yasin, A., Liu, L., Li, T., Wang, J., & Zowghi, D. (2018). Design and preliminary evaluation of a
cyber Security Requirements Education Game (SREG). Information and Software
Technology, 95, 179-200.
Smyth, V. (2015). Cyber-security fortresses built on quicksand. Network Security, 2015(8), 5-8.
Maskun. (2013). Cyber Security: Rule of Use Internet Safely. JL Pol'y & Globalization, 15, 20.
Miller, S., Wagner, C., Aickelin, U., & Garibaldi, J. M. (2016). Modelling cyber-security
experts' decision making processes using aggregation operators. computers & security, 62, 229-
245.
Strand, C. (2014). Challenging confidence in cyber-security. Computer Fraud &
Security, 2014(12), 12-15.
Furnell, S., Fischer, P., & Finch, A. (2017). Can't get the staff? The growing need for cyber-
security skills. Computer Fraud & Security, 2017(2), 5-10.
McIntosh, C. (2015). Cyber-security: who will provide protection?. Computer Fraud &
Security, 2015(12), 19-20.
Maskun. (2013). Cyber Security: Rule of Use Internet Safely. JL Pol'y & Globalization, 15, 20.
Miller, S., Wagner, C., Aickelin, U., & Garibaldi, J. M. (2016). Modelling cyber-security
experts' decision making processes using aggregation operators. computers & security, 62, 229-
245.
Strand, C. (2014). Challenging confidence in cyber-security. Computer Fraud &
Security, 2014(12), 12-15.
Furnell, S., Fischer, P., & Finch, A. (2017). Can't get the staff? The growing need for cyber-
security skills. Computer Fraud & Security, 2017(2), 5-10.
McIntosh, C. (2015). Cyber-security: who will provide protection?. Computer Fraud &
Security, 2015(12), 19-20.
1 out of 22
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.