Corporate Governance & Ethics Case Study: Cyber Resilience
VerifiedAdded on 2020/02/24
|15
|3682
|194
Report
AI Summary
This report focuses on cyber resilience, corporate governance, and ethical considerations in the face of increasing cyber threats. It begins with an executive summary highlighting the rising risks associated with cyber attacks, emphasizing the need for a cyber resilience policy. The introduction unders...
Read More
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
REPORT 2
Executive Summary
A rising threat which the company is facing relates to the cyber attacks which are the new kind
of theft and is the result of the digital era. With the companies becoming increasingly reliant
upon data being stored on computer systems and work being done on connected networks, the
cyber criminals have been presented with a golden opportunity to not only steal the finances of a
company, but also to steal their confidential information and misuse it, as it best suits them. This
has presented the company with the need to adopt a cyber resilience policy, which after being
adopted by the board, would be applicable for the entire company.
Through this report, the very issue of cyber security has been highlighted with the case studies
where the companies and the government was put in an unwanted situation and the personal and
confidential information of the general public was leaked by the hackers. Such incidents have led
to certain best practices being adopted by the company, which this company also needs to adopt,
whilst coming up with the cyber resilience policy. To help the board in drafting this policy, the
best practices have been covered here, along with the recommendations, which would help the
board in this regard.
Executive Summary
A rising threat which the company is facing relates to the cyber attacks which are the new kind
of theft and is the result of the digital era. With the companies becoming increasingly reliant
upon data being stored on computer systems and work being done on connected networks, the
cyber criminals have been presented with a golden opportunity to not only steal the finances of a
company, but also to steal their confidential information and misuse it, as it best suits them. This
has presented the company with the need to adopt a cyber resilience policy, which after being
adopted by the board, would be applicable for the entire company.
Through this report, the very issue of cyber security has been highlighted with the case studies
where the companies and the government was put in an unwanted situation and the personal and
confidential information of the general public was leaked by the hackers. Such incidents have led
to certain best practices being adopted by the company, which this company also needs to adopt,
whilst coming up with the cyber resilience policy. To help the board in drafting this policy, the
best practices have been covered here, along with the recommendations, which would help the
board in this regard.
REPORT 3
Contents
Introduction......................................................................................................................................4
Why Cyber Security?.......................................................................................................................4
Integration of Cyber Security and Resilience Protocols..................................................................5
Examples of Best Practices..............................................................................................................7
Recommendations for initiating Cyber Resilience Policy.............................................................10
Recommendation 1....................................................................................................................10
Recommendation 2....................................................................................................................10
Recommendation 3....................................................................................................................11
Recommendation 4....................................................................................................................11
Recommendation 5....................................................................................................................11
Conclusion.....................................................................................................................................11
References......................................................................................................................................13
Contents
Introduction......................................................................................................................................4
Why Cyber Security?.......................................................................................................................4
Integration of Cyber Security and Resilience Protocols..................................................................5
Examples of Best Practices..............................................................................................................7
Recommendations for initiating Cyber Resilience Policy.............................................................10
Recommendation 1....................................................................................................................10
Recommendation 2....................................................................................................................10
Recommendation 3....................................................................................................................11
Recommendation 4....................................................................................................................11
Recommendation 5....................................................................................................................11
Conclusion.....................................................................................................................................11
References......................................................................................................................................13
REPORT 4
Introduction
A key strategic challenge which is being faced by the leaders across the nations, irrespective of
the sectors or industries in which they operate, and one which needs to be surmounted for taking
advantage of the vast technological advancements in the networked technology relates to
countering of the cyber risks. In the recent times, the understanding of how a secure and resilient
digital network can be built has significantly been expanded. Though, the pace of the ones
making misuse of the technology and the ones who pose a threat to the cyber security of an entity
is rising at a faster pace. This has resulted in the technological risks being topping the charts and
the innovations proving slow in dealing with them effectively (World Economic Forum, 2017).
The board of any company has the duty to identify and mitigate the risks which the company
faces and the cyber risk is no exception to this. Hence, the boards of the companies have to take
the required steps towards countering the cyber risks (Willson and Dalziel, 2015). And the very
purpose of presenting this report is to educate the board on the issues surrounding cyber security
and the manner in which the cyber security and resilience protocols can be integrated in the
company for ensuring the survival of the company and improving upon the business
performance. Some recommendations have been also drawn in this report regarding the manner
in which the company can initiate the cyber resilience policy.
Why Cyber Security?
Cyber security, in the simplest of terms, refers to the computer systems being protected from any
and all kinds of damage or theft of information, software or hardware, apart from the
Introduction
A key strategic challenge which is being faced by the leaders across the nations, irrespective of
the sectors or industries in which they operate, and one which needs to be surmounted for taking
advantage of the vast technological advancements in the networked technology relates to
countering of the cyber risks. In the recent times, the understanding of how a secure and resilient
digital network can be built has significantly been expanded. Though, the pace of the ones
making misuse of the technology and the ones who pose a threat to the cyber security of an entity
is rising at a faster pace. This has resulted in the technological risks being topping the charts and
the innovations proving slow in dealing with them effectively (World Economic Forum, 2017).
The board of any company has the duty to identify and mitigate the risks which the company
faces and the cyber risk is no exception to this. Hence, the boards of the companies have to take
the required steps towards countering the cyber risks (Willson and Dalziel, 2015). And the very
purpose of presenting this report is to educate the board on the issues surrounding cyber security
and the manner in which the cyber security and resilience protocols can be integrated in the
company for ensuring the survival of the company and improving upon the business
performance. Some recommendations have been also drawn in this report regarding the manner
in which the company can initiate the cyber resilience policy.
Why Cyber Security?
Cyber security, in the simplest of terms, refers to the computer systems being protected from any
and all kinds of damage or theft of information, software or hardware, apart from the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
REPORT 5
misdirection or disruption of the services which are provided through them. Cyber security
includes protection against the harm to the computer systems which can be done through
accessing network, and through data or code injections, and also by controlling physical access
to the hardware. By using different methods, the security of the company is tricked and made to
defer from its secure procedures (Singer and Friedman, 2014). As per Forbes, for 2015, the
global cyber security marked reached the value of $75 billion and the projected value for the
same for 2020 is $170 billion (Tech Target, 2017). This high value of funds being utilized for a
particular purpose highlight the significance which this issue holds.
Cyber security is of utmost importance to all the entities, particularly the businesses as a cyber
security breach could cost millions for the business. The data of the company can be misused or
can be constantly monitored without the company even knowing it, which in the long run, could
prove devastating for the company (Kostopoulos, 2012) The funds of the company could be
misused, along with the own personnel of the company being locked out of the system, thus,
stopping the entire business of the company. The vulnerabilities and attacks could take form of
tampering, phishing, privilege escalation, click jacking, direct-access attacks, denial of service
attacks, eavesdropping and spoofing. Thus, it is crucial that the company take the requisite steps
towards cyber security (Graham, Olson and Howard, 2016).
Integration of Cyber Security and Resilience Protocols
It is important that the company integrates its cyber security and resilience protocols as they are
of utmost importance for the survival of the company and for improving the performance of the
business of the company. As a result the cyber attacks, serious financial damages have been
caused in the past and the projections of the future show $2 Trillion for 2019 (Morgan, 2016).
misdirection or disruption of the services which are provided through them. Cyber security
includes protection against the harm to the computer systems which can be done through
accessing network, and through data or code injections, and also by controlling physical access
to the hardware. By using different methods, the security of the company is tricked and made to
defer from its secure procedures (Singer and Friedman, 2014). As per Forbes, for 2015, the
global cyber security marked reached the value of $75 billion and the projected value for the
same for 2020 is $170 billion (Tech Target, 2017). This high value of funds being utilized for a
particular purpose highlight the significance which this issue holds.
Cyber security is of utmost importance to all the entities, particularly the businesses as a cyber
security breach could cost millions for the business. The data of the company can be misused or
can be constantly monitored without the company even knowing it, which in the long run, could
prove devastating for the company (Kostopoulos, 2012) The funds of the company could be
misused, along with the own personnel of the company being locked out of the system, thus,
stopping the entire business of the company. The vulnerabilities and attacks could take form of
tampering, phishing, privilege escalation, click jacking, direct-access attacks, denial of service
attacks, eavesdropping and spoofing. Thus, it is crucial that the company take the requisite steps
towards cyber security (Graham, Olson and Howard, 2016).
Integration of Cyber Security and Resilience Protocols
It is important that the company integrates its cyber security and resilience protocols as they are
of utmost importance for the survival of the company and for improving the performance of the
business of the company. As a result the cyber attacks, serious financial damages have been
caused in the past and the projections of the future show $2 Trillion for 2019 (Morgan, 2016).
REPORT 6
There is no standard model, by the use of which the costs of such incidents could be estimated.
Thus, the data which has been made public by the companies can only be taken as an example of
this. In 2003, the estimated losses through worm and virus attacks contributed to $13 billion and
from all the cover attacks together, the value stood at $226 billion (Cashell et al, 2004). This
figure is of 2003 when the technology was not as advanced as the present day. And this raises the
concern for the companies and makes it obligatory for them to take steps for dealing with such
issues at the earliest and on the basis of the best practices.
Such attacks not only impact the performance of the businesses, but also threaten their survival.
The Office of Personnel Management, back in April 2015 discovered that it had been hacked a
year earlier, which resulted in a theft of personnel records of around 21.5 million which were
handled by the office (Eng, 2015). This was described as amongst the biggest breaches of the
government data in the US history. This data include the information through which a person
could be identified, and included their names, place and date of birth, address, fingerprints and
even their social security numbers (Waddell and Volz, 2015).
In July 2015, “The Impact Team”, which was a hacker group, breached the website Ashley
Madison which was an extramarital relationship website. The group not only stole the data of the
company but also of its users. They even threatened to dump the entire customer data online
unless their demand regarding the website being taken down permanently was met with (Lamont,
2016). The data of the customers was more important in this case due to the same containing
their profiles where even their sexual fantasies were mentioned (Hern, 2016). As the demands of
the group were not met, they dumped the data of the company, which led to the CEO of the
company resigning. Even though the website remains to be functional, its existence was
There is no standard model, by the use of which the costs of such incidents could be estimated.
Thus, the data which has been made public by the companies can only be taken as an example of
this. In 2003, the estimated losses through worm and virus attacks contributed to $13 billion and
from all the cover attacks together, the value stood at $226 billion (Cashell et al, 2004). This
figure is of 2003 when the technology was not as advanced as the present day. And this raises the
concern for the companies and makes it obligatory for them to take steps for dealing with such
issues at the earliest and on the basis of the best practices.
Such attacks not only impact the performance of the businesses, but also threaten their survival.
The Office of Personnel Management, back in April 2015 discovered that it had been hacked a
year earlier, which resulted in a theft of personnel records of around 21.5 million which were
handled by the office (Eng, 2015). This was described as amongst the biggest breaches of the
government data in the US history. This data include the information through which a person
could be identified, and included their names, place and date of birth, address, fingerprints and
even their social security numbers (Waddell and Volz, 2015).
In July 2015, “The Impact Team”, which was a hacker group, breached the website Ashley
Madison which was an extramarital relationship website. The group not only stole the data of the
company but also of its users. They even threatened to dump the entire customer data online
unless their demand regarding the website being taken down permanently was met with (Lamont,
2016). The data of the customers was more important in this case due to the same containing
their profiles where even their sexual fantasies were mentioned (Hern, 2016). As the demands of
the group were not met, they dumped the data of the company, which led to the CEO of the
company resigning. Even though the website remains to be functional, its existence was
REPORT 7
threatened. Also, the performance of the business has been hit due to leak of customer data and a
threat of the same occurring again (Thielman, 2015).
Examples of Best Practices
Security can be stated as a moving target in the digital age and with each passing day, the cyber
criminal are getting more advanced. For protecting the data of the company, as far as possible, it
is important that the employees are educated and told to make the cyber security a top priority.
There is a need for staying on top of the latest trends of the attacks and also adopting the newest
prevention techniques, as the business of the company is dependent upon it (Segal, 2017). The
gaining interest in the area of cyber security has led to a lot of publications and writings on what
can be deemed as the best practise for the companies. Some of the best practices which ne
adopted by the companies have been summarized below.
Using firewalls
The firewalls in any computer system are its very first line of defence. It is always
preferable for the companies to set up their firewalls, so that it could act as a barrier
between the data of the company and the cyber criminals. Apart from the standard
external firewalls, the companies need to install internal firewalls so that it acts as an
additional protection measure. Another important step in this regard is for the employees
who work from home, need to have firewalls installed on their home network as well.
This would prevent the cybercriminals from using the employees working from home as
a channel to attack the data of the company (Phillips and Sianjina, 2013).
Documenting the cyber security policies
threatened. Also, the performance of the business has been hit due to leak of customer data and a
threat of the same occurring again (Thielman, 2015).
Examples of Best Practices
Security can be stated as a moving target in the digital age and with each passing day, the cyber
criminal are getting more advanced. For protecting the data of the company, as far as possible, it
is important that the employees are educated and told to make the cyber security a top priority.
There is a need for staying on top of the latest trends of the attacks and also adopting the newest
prevention techniques, as the business of the company is dependent upon it (Segal, 2017). The
gaining interest in the area of cyber security has led to a lot of publications and writings on what
can be deemed as the best practise for the companies. Some of the best practices which ne
adopted by the companies have been summarized below.
Using firewalls
The firewalls in any computer system are its very first line of defence. It is always
preferable for the companies to set up their firewalls, so that it could act as a barrier
between the data of the company and the cyber criminals. Apart from the standard
external firewalls, the companies need to install internal firewalls so that it acts as an
additional protection measure. Another important step in this regard is for the employees
who work from home, need to have firewalls installed on their home network as well.
This would prevent the cybercriminals from using the employees working from home as
a channel to attack the data of the company (Phillips and Sianjina, 2013).
Documenting the cyber security policies
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
REPORT 8
It is crucial that the protocols regarding the cyber security are adequately documented.
Where a plan for protection of data is not realized fully, the safety precautions can slips
easily through the cracks. This makes it crucial for the companies to have a proper cyber
security policy. Cyber security policies not just save the data, but also money and the
valuable employee resources. The actions which are undertaken by the employees, both
externally and internally, impact the sustainability of the business. And the actions of a
single individual could result in the data of the company being compromised, which
could include the financial data, as well as, its intellectual property. Often, the business
associations come up with detailed toolkits which can help in determining, as well as,
documenting the cyber security policies (Bayuk, Healey and Rohmeyer, 2012).
Planning the mobile devices
In the fast growing digital age, the devices have transformed and from simple computers
and mobiles, they have taken forms of wearables, which include wrist watches and even
digital glasses. “Bring Your Own Device” or BYOD is permissible by majority
companies and with these devices the threat to the security of the company is increased.
The smart watches or the fitness trackers have wireless capacity in them, which makes it
important to include the BYOD in the cyber security policy of the company. Hence, the
employees should be made to update the security of their device and also require the
password policy to be applied on the mobile devices which access the network of the
company (Moore, 2016).
Educating the employees
It is crucial that the employees are properly trained regarding the manner in which they
access the network and regarding the network security policies of the company (LeClair,
It is crucial that the protocols regarding the cyber security are adequately documented.
Where a plan for protection of data is not realized fully, the safety precautions can slips
easily through the cracks. This makes it crucial for the companies to have a proper cyber
security policy. Cyber security policies not just save the data, but also money and the
valuable employee resources. The actions which are undertaken by the employees, both
externally and internally, impact the sustainability of the business. And the actions of a
single individual could result in the data of the company being compromised, which
could include the financial data, as well as, its intellectual property. Often, the business
associations come up with detailed toolkits which can help in determining, as well as,
documenting the cyber security policies (Bayuk, Healey and Rohmeyer, 2012).
Planning the mobile devices
In the fast growing digital age, the devices have transformed and from simple computers
and mobiles, they have taken forms of wearables, which include wrist watches and even
digital glasses. “Bring Your Own Device” or BYOD is permissible by majority
companies and with these devices the threat to the security of the company is increased.
The smart watches or the fitness trackers have wireless capacity in them, which makes it
important to include the BYOD in the cyber security policy of the company. Hence, the
employees should be made to update the security of their device and also require the
password policy to be applied on the mobile devices which access the network of the
company (Moore, 2016).
Educating the employees
It is crucial that the employees are properly trained regarding the manner in which they
access the network and regarding the network security policies of the company (LeClair,
REPORT 9
2013). The cyber security policies of the company are becoming savvier due to the
growth of cybercriminals, it is important that not only the protocols are updated regularly,
but also that the new protocols are explained to the employees. The employees could also
be made liable by making to sign a document whereby they agree to be informed about
the policies and to take the requisite actions in case they fail to follow the security
measures (Segal, 2017).
Enforcing practice of safe password
Even though changing passwords is amongst the least preferred work for the employees,
it is important that the same is done at regular intervals. The Data Breach Investigations
report by Verizon for 2016 showed that 63% of the breaches in the data took place due to
the passwords being weak, lost or stolen. In the world of BOYDs it is crucial that the
devices which access the network of the company are password protected. So, the
employees should be educated not only to change their passwords in the interval of 60-90
days but also to use passwords with numbers, symbols and upper and lower cases letters
(Segal, 2017).
Backing up the data on regular basis
Even after deploying a lot of resources, there are still chances of an attack happening.
Hence, it is always recommended to back up the documents, spreadsheets, financial files,
databases, human resource files and the files related to accounts payables/ receivables.
These backups have to be on the cloud and backed up at different locations to avoid data
loss owing to force majeure clauses. This could not only help in recovering the lost data
but also in pulling the plug during a cyber attack as the data would be secure at another
place (Donovan, 2017).
2013). The cyber security policies of the company are becoming savvier due to the
growth of cybercriminals, it is important that not only the protocols are updated regularly,
but also that the new protocols are explained to the employees. The employees could also
be made liable by making to sign a document whereby they agree to be informed about
the policies and to take the requisite actions in case they fail to follow the security
measures (Segal, 2017).
Enforcing practice of safe password
Even though changing passwords is amongst the least preferred work for the employees,
it is important that the same is done at regular intervals. The Data Breach Investigations
report by Verizon for 2016 showed that 63% of the breaches in the data took place due to
the passwords being weak, lost or stolen. In the world of BOYDs it is crucial that the
devices which access the network of the company are password protected. So, the
employees should be educated not only to change their passwords in the interval of 60-90
days but also to use passwords with numbers, symbols and upper and lower cases letters
(Segal, 2017).
Backing up the data on regular basis
Even after deploying a lot of resources, there are still chances of an attack happening.
Hence, it is always recommended to back up the documents, spreadsheets, financial files,
databases, human resource files and the files related to accounts payables/ receivables.
These backups have to be on the cloud and backed up at different locations to avoid data
loss owing to force majeure clauses. This could not only help in recovering the lost data
but also in pulling the plug during a cyber attack as the data would be secure at another
place (Donovan, 2017).
REPORT 10
Installing anti-malware softwares
It is a common knowledge that the phishing emails are not to be opened by the
employees. Yet the Data Breach Investigations report by Verizon for 2016 showed that
30% of the employees open the phishing emails and this percentage was higher by 7% in
comparison to 2015. Through phishing attacks, malwares are installed in the computer of
the employee, upon being clicked, it is important for anti-malware softwares to be
installed on all the networks and devices (Segal, 2017).
Using multifactor identifications
Despite of the numerous protections and preparations undertaken by the companies, the
employees are most likely to make a security mistake which has the possibility of the
data of the company being compromised. Due to these factors, the company needs to
adopt a multifactor identification setting on the majority of its key networks and on email
products, which acts as an extra layer of protection (Segal, 2017).
Recommendations for initiating Cyber Resilience Policy
Recommendation 1
Cyber security and resilience policies can take different forms, where at times it can be stated in
a single sheet, and at other instances, 50 page document is required to cover every aspect and for
keeping the threat of network security away. Ideally, the cyber security policy of the company
needs to be properly documented, reviewed and also to be maintained on regular basis (Zamora,
2016).
Installing anti-malware softwares
It is a common knowledge that the phishing emails are not to be opened by the
employees. Yet the Data Breach Investigations report by Verizon for 2016 showed that
30% of the employees open the phishing emails and this percentage was higher by 7% in
comparison to 2015. Through phishing attacks, malwares are installed in the computer of
the employee, upon being clicked, it is important for anti-malware softwares to be
installed on all the networks and devices (Segal, 2017).
Using multifactor identifications
Despite of the numerous protections and preparations undertaken by the companies, the
employees are most likely to make a security mistake which has the possibility of the
data of the company being compromised. Due to these factors, the company needs to
adopt a multifactor identification setting on the majority of its key networks and on email
products, which acts as an extra layer of protection (Segal, 2017).
Recommendations for initiating Cyber Resilience Policy
Recommendation 1
Cyber security and resilience policies can take different forms, where at times it can be stated in
a single sheet, and at other instances, 50 page document is required to cover every aspect and for
keeping the threat of network security away. Ideally, the cyber security policy of the company
needs to be properly documented, reviewed and also to be maintained on regular basis (Zamora,
2016).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
REPORT 11
Recommendation 2
It is important that before drawing up any policy in this regard, the cyber security regulations
which have been presented by the commonwealth government or by the industry are taken into
consideration as these often prove to be a helpful roadmap in the development of cyber security
plans. It is important that the policy confirms with the law and is not against it in any form
(Zamora, 2016).
Recommendation 3
A cyber security policy would be considered as well thought out only when it is in such system
which could guard the important information of the company against the cyber attacks. The
Information Technology infrastructure of the company has an important role to play in it. This
infrastructure is the strength of the company upon which is affixed the responsibility for the
protection of the data of the company (Zamora, 2016).
Recommendation 4
A cyber security policy can still be drawn with ease, but what is more important is for the
company to explain this policy to its employees and also to educate them about the acceptable
use conditions. This is important to ameliorate the damages and also to limit the potential for
attacks. Instead of banning the social media on the company platforms, there is a need to detect
the social engineering tacts and to regulate the social media use (Zamora, 2016).
Recommendation 2
It is important that before drawing up any policy in this regard, the cyber security regulations
which have been presented by the commonwealth government or by the industry are taken into
consideration as these often prove to be a helpful roadmap in the development of cyber security
plans. It is important that the policy confirms with the law and is not against it in any form
(Zamora, 2016).
Recommendation 3
A cyber security policy would be considered as well thought out only when it is in such system
which could guard the important information of the company against the cyber attacks. The
Information Technology infrastructure of the company has an important role to play in it. This
infrastructure is the strength of the company upon which is affixed the responsibility for the
protection of the data of the company (Zamora, 2016).
Recommendation 4
A cyber security policy can still be drawn with ease, but what is more important is for the
company to explain this policy to its employees and also to educate them about the acceptable
use conditions. This is important to ameliorate the damages and also to limit the potential for
attacks. Instead of banning the social media on the company platforms, there is a need to detect
the social engineering tacts and to regulate the social media use (Zamora, 2016).
REPORT 12
Recommendation 5
It is recommended that the cyber security policy of the company contains all the features stated
here, along with incorporating the best practices covered under the previous section, for being an
effective cyber resilience policy.
Conclusion
On the basis of the discussion carried in the preceding parts, it becomes very clear that cyber
security holds significance for the companies to continue their business and also to improve its
performance. This is the digital era, where everything is interconnected and this connectivity has
raised the treats of cyber attacks, which puts the company in a helpless situation. Cyber attacks
have the capacity of running the company as they steal not only the information of the company,
but of its customers also, along with impairing the company financially. It is important that the
companies adopt a proper cyber resilience policy and in this regard, the recommendations drawn
in the previous segment prove to be help. Through the case study of Ashley Madison and Office
of Personnel Management, the magnitude of cyber attacks and the problems associated with it
were highlighted. This further makes it important for the company to adopt the best practices and
the recommendations drawn in this report to create a comprehensive cyber resilience policy.
Recommendation 5
It is recommended that the cyber security policy of the company contains all the features stated
here, along with incorporating the best practices covered under the previous section, for being an
effective cyber resilience policy.
Conclusion
On the basis of the discussion carried in the preceding parts, it becomes very clear that cyber
security holds significance for the companies to continue their business and also to improve its
performance. This is the digital era, where everything is interconnected and this connectivity has
raised the treats of cyber attacks, which puts the company in a helpless situation. Cyber attacks
have the capacity of running the company as they steal not only the information of the company,
but of its customers also, along with impairing the company financially. It is important that the
companies adopt a proper cyber resilience policy and in this regard, the recommendations drawn
in the previous segment prove to be help. Through the case study of Ashley Madison and Office
of Personnel Management, the magnitude of cyber attacks and the problems associated with it
were highlighted. This further makes it important for the company to adopt the best practices and
the recommendations drawn in this report to create a comprehensive cyber resilience policy.
REPORT 13
References
Bayuk, J.L., Healey, J., and Rohmeyer, P. (2012) Cyber Security Policy Guidebook. Hoboken,
New Jersey: John Wiley & Sons.
Cashell, B., Jackson, W.D., Jickling, M., and Webel, B. (2004) The Economic Impact of Cyber-
Attacks. [Online] Federation of American Scientists. Available from:
https://fas.org/sgp/crs/misc/RL32331.pdf [Accessed on: 01/09/17]
Donovan, K. (2017) 10 Best Practices for Cyber Security in 2017. [Online] Observe It. Available
from: https://www.observeit.com/blog/10-best-practices-cyber-security-2017/ [Accessed on:
01/09/17]
Eng, J. (2015) OPM Hack: Government Finally Starts Notifying 21.5 Million Victims. [Online]
NBC News. Available from: https://www.nbcnews.com/tech/security/opm-hack-government-
finally-starts-notifying-21-5-million-victims-n437126 [Accessed on: 01/09/17]
Graham, J., Olson, R., and Howard, R. (2016) Cyber Security Essentials. London: CRC Press.
Hern, A. (2015) Infidelity site Ashley Madison hacked as attackers demand total shutdown.
[Online] The Guardian. Available from:
https://www.theguardian.com/technology/2015/jul/20/ashley-madison-hacked-cheating-site-
total-shutdown [Accessed on: 01/09/17]
Kostopoulos, G. (2012) Cyberspace and Cybersecurity. London: CRC Press.
References
Bayuk, J.L., Healey, J., and Rohmeyer, P. (2012) Cyber Security Policy Guidebook. Hoboken,
New Jersey: John Wiley & Sons.
Cashell, B., Jackson, W.D., Jickling, M., and Webel, B. (2004) The Economic Impact of Cyber-
Attacks. [Online] Federation of American Scientists. Available from:
https://fas.org/sgp/crs/misc/RL32331.pdf [Accessed on: 01/09/17]
Donovan, K. (2017) 10 Best Practices for Cyber Security in 2017. [Online] Observe It. Available
from: https://www.observeit.com/blog/10-best-practices-cyber-security-2017/ [Accessed on:
01/09/17]
Eng, J. (2015) OPM Hack: Government Finally Starts Notifying 21.5 Million Victims. [Online]
NBC News. Available from: https://www.nbcnews.com/tech/security/opm-hack-government-
finally-starts-notifying-21-5-million-victims-n437126 [Accessed on: 01/09/17]
Graham, J., Olson, R., and Howard, R. (2016) Cyber Security Essentials. London: CRC Press.
Hern, A. (2015) Infidelity site Ashley Madison hacked as attackers demand total shutdown.
[Online] The Guardian. Available from:
https://www.theguardian.com/technology/2015/jul/20/ashley-madison-hacked-cheating-site-
total-shutdown [Accessed on: 01/09/17]
Kostopoulos, G. (2012) Cyberspace and Cybersecurity. London: CRC Press.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
REPORT 14
Lamont, T. (2016) Life after the Ashley Madison affair. [Online] The Guardian. Available from:
https://www.theguardian.com/technology/2016/feb/28/what-happened-after-ashley-madison-
was-hacked [Accessed on: 01/09/17]
LeClair, J. (2013) Protecting Our Future, Volume 1: Educating a Cybersecurity Workforce. New
York: Hudson Whitman/ Excelsior College Press.
Moore, M. (2016) Cybersecurity Breaches and Issues Surrounding Online Threat Protection.
Hershey, PA: IGI Global.
Morgan, S. (2016) Cyber Crime Costs Projected To Reach $2 Trillion by 2019. [Online] Forbes.
Available from: https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-
projected-to-reach-2-trillion-by-2019/#53b93d2b3a91 [Accessed on: 01/09/17]
Phillips, R., and Sianjina, R.R. (2013) Cyber Security for Educational Leaders: A Guide to
Understanding and Implementing Technology Policies. Oxon: Routledge.
Segal, C. (2017) 8 Cyber Security Best Practices For Your Small To Medium-Size Business
(SMB). [Online] Cox Blue. Available from: https://www.coxblue.com/8-cyber-security-best-
practices-for-your-small-to-medium-size-business-smb/ [Accessed on: 01/09/17]
Singer, P.W., and Friedman, A. (2014) Cybersecurity: What Everyone Needs to Know. Oxford:
Oxford University Press.
Tech Target. (2017) Cybersecurity. [Online] Tech Target. Available from:
http://whatis.techtarget.com/definition/cybersecurity [Accessed on: 01/09/17]
Thielman, S. (2015) Ashley Madison CEO Noel Biderman resigns after third leak of emails.
[Online] The Atlantic. Available from:
Lamont, T. (2016) Life after the Ashley Madison affair. [Online] The Guardian. Available from:
https://www.theguardian.com/technology/2016/feb/28/what-happened-after-ashley-madison-
was-hacked [Accessed on: 01/09/17]
LeClair, J. (2013) Protecting Our Future, Volume 1: Educating a Cybersecurity Workforce. New
York: Hudson Whitman/ Excelsior College Press.
Moore, M. (2016) Cybersecurity Breaches and Issues Surrounding Online Threat Protection.
Hershey, PA: IGI Global.
Morgan, S. (2016) Cyber Crime Costs Projected To Reach $2 Trillion by 2019. [Online] Forbes.
Available from: https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-
projected-to-reach-2-trillion-by-2019/#53b93d2b3a91 [Accessed on: 01/09/17]
Phillips, R., and Sianjina, R.R. (2013) Cyber Security for Educational Leaders: A Guide to
Understanding and Implementing Technology Policies. Oxon: Routledge.
Segal, C. (2017) 8 Cyber Security Best Practices For Your Small To Medium-Size Business
(SMB). [Online] Cox Blue. Available from: https://www.coxblue.com/8-cyber-security-best-
practices-for-your-small-to-medium-size-business-smb/ [Accessed on: 01/09/17]
Singer, P.W., and Friedman, A. (2014) Cybersecurity: What Everyone Needs to Know. Oxford:
Oxford University Press.
Tech Target. (2017) Cybersecurity. [Online] Tech Target. Available from:
http://whatis.techtarget.com/definition/cybersecurity [Accessed on: 01/09/17]
Thielman, S. (2015) Ashley Madison CEO Noel Biderman resigns after third leak of emails.
[Online] The Atlantic. Available from:
REPORT 15
https://www.theguardian.com/technology/2015/aug/28/ashley-madison-neil-biderman-stepping-
down [Accessed on: 01/09/17]
Waddell, K., and Volz, D. (2015) OPM Announces More Than 21 Million Affected by Second
Data Breach. [Online] The Atlantic. Available from:
https://www.theatlantic.com/politics/archive/2015/07/opm-announces-more-than-21-million-
affected-by-second-data-breach/458475/ [Accessed on: 01/09/17]
Willson, D., and Dalziel, H. (2015) Cyber Security Awareness for Corporate Directors and
Board Members. Waltham, MA: Elsevier.
World Economic Forum. (2017) Advancing Cyber Resilience Principles and Tools for Boards.
[Online] World Economic Forum. Available from:
http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf [Accessed
on: 01/09/17]
Zamora, W. (2016) How to create a successful cybersecurity policy. [Online] Malwarebytes
Labs. Available from: https://blog.malwarebytes.com/101/2016/03/how-to-create-a-successful-
cybersecurity-policy/ [Accessed on: 01/09/17]
https://www.theguardian.com/technology/2015/aug/28/ashley-madison-neil-biderman-stepping-
down [Accessed on: 01/09/17]
Waddell, K., and Volz, D. (2015) OPM Announces More Than 21 Million Affected by Second
Data Breach. [Online] The Atlantic. Available from:
https://www.theatlantic.com/politics/archive/2015/07/opm-announces-more-than-21-million-
affected-by-second-data-breach/458475/ [Accessed on: 01/09/17]
Willson, D., and Dalziel, H. (2015) Cyber Security Awareness for Corporate Directors and
Board Members. Waltham, MA: Elsevier.
World Economic Forum. (2017) Advancing Cyber Resilience Principles and Tools for Boards.
[Online] World Economic Forum. Available from:
http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf [Accessed
on: 01/09/17]
Zamora, W. (2016) How to create a successful cybersecurity policy. [Online] Malwarebytes
Labs. Available from: https://blog.malwarebytes.com/101/2016/03/how-to-create-a-successful-
cybersecurity-policy/ [Accessed on: 01/09/17]
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.