Corporate Governance & Ethics: Cyber Security in Organizations Report
VerifiedAdded on  2023/06/07
|13
|3461
|430
Report
AI Summary
This report critically evaluates cyber security and resilience within organizations, focusing on the roles and responsibilities of top management. It begins with an introduction to cyber security concepts and the need for it, highlighting the increasing dependence on technology and the associated risks. The report defines key terms, such as cyber security culture, and emphasizes the human factors, economic costs, and legal obligations driving the need for robust cyber security measures. It then details the roles of senior management, the Chief Information Security Officer (CISO), and the IT department in establishing and maintaining cyber security. The report concludes with a step-by-step guide for managers, offering best practices and recommendations for tackling cyber security issues, including setting up a core cyber security group, assessing business risks, and developing a comprehensive cyber security policy. This framework is designed to be iterative and adaptable to the evolving cyber threat landscape, ensuring continuous improvement and resilience.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Corporate
Governance & Ethics
CORPORATE GOVERNANCE AND ETHICS 1
Executive Summary
The mounting dependence of the organisations on the computer systems and the networked
communications for the various business operations exposes the entities towards the threats
of the cyber-attacks and the hacks by the competitors, criminals and the hackers. This raises
the question, as to whose responsibility is to guard the entity from the same, and how it must
be done. The report is a critical evaluation of the various facets of the cyber security and the
resilience process in the organisations, with respect to the defining of the roles and
responsibilities of the top management. The report further describes a step-by-step guide for
the managers to tackle the cyber security issues in enterprise and implement the overall cyber
security policy in an efficient manner.
Cyber security in organisations
Governance & Ethics
CORPORATE GOVERNANCE AND ETHICS 1
Executive Summary
The mounting dependence of the organisations on the computer systems and the networked
communications for the various business operations exposes the entities towards the threats
of the cyber-attacks and the hacks by the competitors, criminals and the hackers. This raises
the question, as to whose responsibility is to guard the entity from the same, and how it must
be done. The report is a critical evaluation of the various facets of the cyber security and the
resilience process in the organisations, with respect to the defining of the roles and
responsibilities of the top management. The report further describes a step-by-step guide for
the managers to tackle the cyber security issues in enterprise and implement the overall cyber
security policy in an efficient manner.
Cyber security in organisations
CORPORATE GOVERNANCE AND ETHICS 2
Contents
1. Introduction............................................................................................................................3
2. Definitions..............................................................................................................................3
3. Need for Cyber Security in organisations..............................................................................4
3.1 Existence of the human factors.....................................................................................4
3.2 Economic costs of cyber-attacks and breaches............................................................4
3.3 Legal Obligations...........................................................................................................5
3.4 Others..............................................................................................................................6
4. Role of the management of the organisations in cyber security............................................6
4.1 The role of the senior management..............................................................................6
4.2 The role of the chief information security officer (CISO)..........................................6
4.3 The role of the IT Department......................................................................................7
5. Best practice and recommendations.......................................................................................7
6. Conclusion..............................................................................................................................9
7. References............................................................................................................................11
Contents
1. Introduction............................................................................................................................3
2. Definitions..............................................................................................................................3
3. Need for Cyber Security in organisations..............................................................................4
3.1 Existence of the human factors.....................................................................................4
3.2 Economic costs of cyber-attacks and breaches............................................................4
3.3 Legal Obligations...........................................................................................................5
3.4 Others..............................................................................................................................6
4. Role of the management of the organisations in cyber security............................................6
4.1 The role of the senior management..............................................................................6
4.2 The role of the chief information security officer (CISO)..........................................6
4.3 The role of the IT Department......................................................................................7
5. Best practice and recommendations.......................................................................................7
6. Conclusion..............................................................................................................................9
7. References............................................................................................................................11
CORPORATE GOVERNANCE AND ETHICS 3
1. Introduction
The advancements in the field of the technological innovations, global business practices and
the competition, have led the organisations to be extensively dependent on the use of the
information technology, in the various business operations. The phenomenon is often referred
to as the information revolution. There is a wide range of increasingly convergent and
linked technologies, which aid in the overall management of the
businesses of the twenty first century (Liu et. al, 2015). Some of the
improved business practices because of the technological integration are
conduct of the virtual meetings and call conferencing, automating tedious
business practices in the field of finance, supply china, logistics, and
more; digital marketing practices and overall corporate social
responsibility.
However, with the increased dependence of the organisations on the
technology, the risk of the exposure of the vital data and information has
also increased.
The report is a critical evaluation of the role of the cyber security in the
modern business organisations. The report begins with a brief description
of the basic concepts of cyber security and the need for the same. In
addition, it critically analyses the role of the management in the
development of the overall cyber resilience. The report concludes with the
guidance to the senior management, in the form of step-by-step
framework to be applied and to be reviewed as per the needs of the
organisation, on the lines of the cyber security principles.
1. Introduction
The advancements in the field of the technological innovations, global business practices and
the competition, have led the organisations to be extensively dependent on the use of the
information technology, in the various business operations. The phenomenon is often referred
to as the information revolution. There is a wide range of increasingly convergent and
linked technologies, which aid in the overall management of the
businesses of the twenty first century (Liu et. al, 2015). Some of the
improved business practices because of the technological integration are
conduct of the virtual meetings and call conferencing, automating tedious
business practices in the field of finance, supply china, logistics, and
more; digital marketing practices and overall corporate social
responsibility.
However, with the increased dependence of the organisations on the
technology, the risk of the exposure of the vital data and information has
also increased.
The report is a critical evaluation of the role of the cyber security in the
modern business organisations. The report begins with a brief description
of the basic concepts of cyber security and the need for the same. In
addition, it critically analyses the role of the management in the
development of the overall cyber resilience. The report concludes with the
guidance to the senior management, in the form of step-by-step
framework to be applied and to be reviewed as per the needs of the
organisation, on the lines of the cyber security principles.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CORPORATE GOVERNANCE AND ETHICS 4
2. Definitions
Security of the information systems refers to an entity’s ability to protect the internet-
connected systems including the hardware, software, data, and the information from the
unauthorised access of hackers and the cyber criminals for obtaining undue advantages. Thus,
the cyber security and the physical security, both are the components of the overall security
of the systems of an enterprise.
Cyber security culture of an organisation refers to the framework of knowledge, attitudes,
values, beliefs, assumptions, and the norms applicable on the people of an organisation, in
order to guide their behaviour with the information technologies (Ben-Asher and Gonzalez,
2015). Thus, it is an overall integration of information security considerations into the roles
and responsibilities, habits and conduct of the employees while handling the systems and the
operations.
3. Need for Cyber Security in organisations
The concept of cyber security is critical not only from the point of view of the individuals,
but also from the point of view of organisations. This is because the organisations of today
are highly dependent on the computer systems for the storage, processing, and the retrieval of
the data. Moreover, much of the activities in relation to accounting, digital marketing,
communication and more, are performed though making use of the computer systems,
internet and the cyberspace.
3.1 Existence of the human factors
The researches have revealed the fact that most of the cyber-crimes are committed in the
organisations due to the various human factors (Ponemon Institute, 2012). The research
conducted by Ponemon Institute further accorded that the employees and the insiders of the
organisation itself hold the vast potential to expose the sensitive and the confidential
2. Definitions
Security of the information systems refers to an entity’s ability to protect the internet-
connected systems including the hardware, software, data, and the information from the
unauthorised access of hackers and the cyber criminals for obtaining undue advantages. Thus,
the cyber security and the physical security, both are the components of the overall security
of the systems of an enterprise.
Cyber security culture of an organisation refers to the framework of knowledge, attitudes,
values, beliefs, assumptions, and the norms applicable on the people of an organisation, in
order to guide their behaviour with the information technologies (Ben-Asher and Gonzalez,
2015). Thus, it is an overall integration of information security considerations into the roles
and responsibilities, habits and conduct of the employees while handling the systems and the
operations.
3. Need for Cyber Security in organisations
The concept of cyber security is critical not only from the point of view of the individuals,
but also from the point of view of organisations. This is because the organisations of today
are highly dependent on the computer systems for the storage, processing, and the retrieval of
the data. Moreover, much of the activities in relation to accounting, digital marketing,
communication and more, are performed though making use of the computer systems,
internet and the cyberspace.
3.1 Existence of the human factors
The researches have revealed the fact that most of the cyber-crimes are committed in the
organisations due to the various human factors (Ponemon Institute, 2012). The research
conducted by Ponemon Institute further accorded that the employees and the insiders of the
organisation itself hold the vast potential to expose the sensitive and the confidential
CORPORATE GOVERNANCE AND ETHICS 5
information towards the risk of being misused. Some of the instances of the unintentional or
the intentional acts that may put the data of the companies ate risk are employees losing
laptops or other mobile devices, data being mishandled while in motion or at rest, breaches of
the authorities or responsibilities by the malicious employees or other insiders and more.
3.2 Economic costs of cyber-attacks and breaches
The economic costs of the economic breaches to an entity can be both in direct and indirect
terms. The direct costs can be in the form of loss of intellectual property such as information
about patents, copyrights, trademarks, information relating to the clients and employees and
more (Sen and Borle, 2015). The indirect costs can be in the form of loss of the reputation,
resulting in change in the preferences of the customers and loss of the market value. In
addition to the above, the profits of the entity can be reduced because of the reputational
damage and there can be imposed hefty penalties and fines because of the data breach.
According to a data published by McAfee and Intel in the year 2014, the losses worldwide on
the account of the cybercrimes accounted to be approximately between €325 and €500 billion
(ENISA, 2017). Further to add, with the notable developments in the Ransom ware between
the year 2015 and 2016 marked an increase in the diversity and the demand for the
cybercrimes globally.
3.3 Legal Obligations
In addition to the above-mentioned factors, safeguarding the information technology systems
and the infrastructure has become a significant part of the company’s corporate social
responsibility today. Recently, the Australian government introduced the Notifiable Data
Breaches (NDB) scheme under the Privacy Act, 1988, in which the entities have been
obligated to notify the data breach. The same has been prescribe to ensure the notification of
the data breach when the same might lead to serious harms to any individuals whose personal
information towards the risk of being misused. Some of the instances of the unintentional or
the intentional acts that may put the data of the companies ate risk are employees losing
laptops or other mobile devices, data being mishandled while in motion or at rest, breaches of
the authorities or responsibilities by the malicious employees or other insiders and more.
3.2 Economic costs of cyber-attacks and breaches
The economic costs of the economic breaches to an entity can be both in direct and indirect
terms. The direct costs can be in the form of loss of intellectual property such as information
about patents, copyrights, trademarks, information relating to the clients and employees and
more (Sen and Borle, 2015). The indirect costs can be in the form of loss of the reputation,
resulting in change in the preferences of the customers and loss of the market value. In
addition to the above, the profits of the entity can be reduced because of the reputational
damage and there can be imposed hefty penalties and fines because of the data breach.
According to a data published by McAfee and Intel in the year 2014, the losses worldwide on
the account of the cybercrimes accounted to be approximately between €325 and €500 billion
(ENISA, 2017). Further to add, with the notable developments in the Ransom ware between
the year 2015 and 2016 marked an increase in the diversity and the demand for the
cybercrimes globally.
3.3 Legal Obligations
In addition to the above-mentioned factors, safeguarding the information technology systems
and the infrastructure has become a significant part of the company’s corporate social
responsibility today. Recently, the Australian government introduced the Notifiable Data
Breaches (NDB) scheme under the Privacy Act, 1988, in which the entities have been
obligated to notify the data breach. The same has been prescribe to ensure the notification of
the data breach when the same might lead to serious harms to any individuals whose personal
CORPORATE GOVERNANCE AND ETHICS 6
information is involved in the breach (OAIC, 2018). The same kinds of practices have been
prescribed globally as well. For instance, the legislations such as the Sarbanes-Oxley Act in
the US, makes it mandatory for the top management of an entity to consistently consider,
ensure, practice and report on the information security aspects of entities.
3.4 Others
On a positive note, it can be said that an overall increased awareness and knowledge of the
cyber security and the considerable investment in the modern technological innovations and
practices on the same lines can guard an enterprise against the significant effects of cyber-
attacks. It would aid in raising the overall immunity of the stakeholders interests and the
assets of the organisation (Fielder, et. al, 2016). Thus, it can be said that investing in cyber
security practices would not only result in the enhanced trust among the customers and the
stakeholders, but would also aid in the reduction in the economic and other losses and costs
because of the hacks and the breaches.
4. Role of the management of the organisations in cyber security
4.1 The role of the senior management
With the increased risk of the financial and the reputational losses because of the breaches,
hacks by the cyber criminals, the responsibility of senior management has become significant
to safe guard the assets and the information of the organisations. It is the responsibility of the
senior management of an entity to integrate the cyber security principles in the strategic
decisions of the company, to mitigate the cyber security risks. It is necessary for the
management to devise a system of clear priorities, authorities and the duties for each member
of the organisation. It is the prime duty of the senior management to align the cyber risk
information is involved in the breach (OAIC, 2018). The same kinds of practices have been
prescribed globally as well. For instance, the legislations such as the Sarbanes-Oxley Act in
the US, makes it mandatory for the top management of an entity to consistently consider,
ensure, practice and report on the information security aspects of entities.
3.4 Others
On a positive note, it can be said that an overall increased awareness and knowledge of the
cyber security and the considerable investment in the modern technological innovations and
practices on the same lines can guard an enterprise against the significant effects of cyber-
attacks. It would aid in raising the overall immunity of the stakeholders interests and the
assets of the organisation (Fielder, et. al, 2016). Thus, it can be said that investing in cyber
security practices would not only result in the enhanced trust among the customers and the
stakeholders, but would also aid in the reduction in the economic and other losses and costs
because of the hacks and the breaches.
4. Role of the management of the organisations in cyber security
4.1 The role of the senior management
With the increased risk of the financial and the reputational losses because of the breaches,
hacks by the cyber criminals, the responsibility of senior management has become significant
to safe guard the assets and the information of the organisations. It is the responsibility of the
senior management of an entity to integrate the cyber security principles in the strategic
decisions of the company, to mitigate the cyber security risks. It is necessary for the
management to devise a system of clear priorities, authorities and the duties for each member
of the organisation. It is the prime duty of the senior management to align the cyber risk
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CORPORATE GOVERNANCE AND ETHICS 7
appetite of the company with that of the interest of the stakeholder and the requirements of
the regulators.
4.2 The role of the chief information security officer (CISO)
The role of the CISO is empirical in the cyber security of an entity. A CISO must understand
the needs and operations of their business, while using the technical and the communication
skills (Safa, Von Solms and Futcher, 2016). It is the duty of the CISO to interact with the
employees to identify the existing framework of the cyber security and the attitudes and
overall culture of the company towards the same. It is the role of the CISO, to enable the
managers and the employees to participate in the decision making, to facilitate the roles
between the various departments and the committees, liaison roles among the individuals and
to communicate throughout the entire cyber resilience transformation process.
4.3 The role of the IT Department: The role of the IT team is multifaceted. The technical
team has to look that up to date technical measure are adopted in the entity, the team has to
ensure that the infrastructure is securely placed, the adequate wiring and the other basic
requirements have been complied with (Gupta, Agrawal and Yamaguchi,2016). Further, to
add, the have to secure the access and passwords to data repository and the main systems.
Their role is also to enable the senior management and the CISO with the latest technologies
and the challenges in the market. They must keep themselves updated and transfer the
knowledge to the stakeholders. In addition, they must comply with the legal requirements of
the IT industry, with respect to standards and the norms.
5. Best practice and recommendations
Countering the cyber security issues and the hacks is a major challenge faced by the leaders
and the managers across the globe. It must be a continuous process in an organisation. In the
words of Densham (2015), the leaders must design the solution in advance; instead of the
appetite of the company with that of the interest of the stakeholder and the requirements of
the regulators.
4.2 The role of the chief information security officer (CISO)
The role of the CISO is empirical in the cyber security of an entity. A CISO must understand
the needs and operations of their business, while using the technical and the communication
skills (Safa, Von Solms and Futcher, 2016). It is the duty of the CISO to interact with the
employees to identify the existing framework of the cyber security and the attitudes and
overall culture of the company towards the same. It is the role of the CISO, to enable the
managers and the employees to participate in the decision making, to facilitate the roles
between the various departments and the committees, liaison roles among the individuals and
to communicate throughout the entire cyber resilience transformation process.
4.3 The role of the IT Department: The role of the IT team is multifaceted. The technical
team has to look that up to date technical measure are adopted in the entity, the team has to
ensure that the infrastructure is securely placed, the adequate wiring and the other basic
requirements have been complied with (Gupta, Agrawal and Yamaguchi,2016). Further, to
add, the have to secure the access and passwords to data repository and the main systems.
Their role is also to enable the senior management and the CISO with the latest technologies
and the challenges in the market. They must keep themselves updated and transfer the
knowledge to the stakeholders. In addition, they must comply with the legal requirements of
the IT industry, with respect to standards and the norms.
5. Best practice and recommendations
Countering the cyber security issues and the hacks is a major challenge faced by the leaders
and the managers across the globe. It must be a continuous process in an organisation. In the
words of Densham (2015), the leaders must design the solution in advance; instead of the
CORPORATE GOVERNANCE AND ETHICS 8
designing, the same post the security breach. Further, to add, a policy must be developed by
the senior management describing the roles and responsibilities of each of the member of the
organisation to counter the cyber-attacks in the interest of the stakeholders and the
organisation as a whole. Thus, this section of the report will provide a step-by-step process to
be implemented by an entity. The process is iterative in a way that after each activity is done,
the impact is measured, the results are observed, and analysed and the same are reviewed in
the light of the changes in the environment (World Economic Forum, 2017). The procedure
has been laid down as follows.
Setting up the core cyber security group: It is the prime responsibility of the board of the
entity to design the overall framework of the cyber security in an entity. While designing the
framework, the first and foremost step is to update the members of the core group with the
ongoing challenges and the technological updates in the field of cyber security. This is
because, an evidence based approach is needed for the cyber security. It would be the duty of
the said group to oversee the overall development of the strategies and the implementation of
the same.
Understanding of the business of the entity and the assessment of the risk: It is crucial to
understand the organisations existing culture, beliefs, attitudes and the practices, to align the
security measures with the same. Accordingly, the risk appetite of the entity must be
quantified in order for it to be mitigated (Johnson, et. al, 2016). The risk assessment of the
entity would be done on the basis of the overall industry risk, size and nature of operations
and the overall vision and mission of the entity.
Define the main goals, accountability, target audience, and the success criteria: The next
step is to lay down the main goals of the development of the cyber resilience policy in the
company. That is whether it is to improve the existing culture or to implement an overall new
designing, the same post the security breach. Further, to add, a policy must be developed by
the senior management describing the roles and responsibilities of each of the member of the
organisation to counter the cyber-attacks in the interest of the stakeholders and the
organisation as a whole. Thus, this section of the report will provide a step-by-step process to
be implemented by an entity. The process is iterative in a way that after each activity is done,
the impact is measured, the results are observed, and analysed and the same are reviewed in
the light of the changes in the environment (World Economic Forum, 2017). The procedure
has been laid down as follows.
Setting up the core cyber security group: It is the prime responsibility of the board of the
entity to design the overall framework of the cyber security in an entity. While designing the
framework, the first and foremost step is to update the members of the core group with the
ongoing challenges and the technological updates in the field of cyber security. This is
because, an evidence based approach is needed for the cyber security. It would be the duty of
the said group to oversee the overall development of the strategies and the implementation of
the same.
Understanding of the business of the entity and the assessment of the risk: It is crucial to
understand the organisations existing culture, beliefs, attitudes and the practices, to align the
security measures with the same. Accordingly, the risk appetite of the entity must be
quantified in order for it to be mitigated (Johnson, et. al, 2016). The risk assessment of the
entity would be done on the basis of the overall industry risk, size and nature of operations
and the overall vision and mission of the entity.
Define the main goals, accountability, target audience, and the success criteria: The next
step is to lay down the main goals of the development of the cyber resilience policy in the
company. That is whether it is to improve the existing culture or to implement an overall new
CORPORATE GOVERNANCE AND ETHICS 9
culture. In addition, it is important that the gaps must be analysed, as to what are the current
capabilities of the entity and what are the desired objectives. Further to add, if there is any
target threat in the industry of the work of the entity, the same must be identified and
acknowledged.
Selection of the activities: The resilience plan should describe the activities as decided by
the management for countering the cyber security threat. The activities can range from the
use of the firewalls, using of the internet security programmes, definition of the roles and
responsibilities with respect to the passwords, access to the infrastructure and database
repository and more (Knowles, et. al, 2015).
Review and the consideration of the results: The plan must be run at a trial level before
implementing the same at the final level. The gaps in the performance must be identified,
changed must be made in the reliance plans to counter the same and the same must be
updated to the individuals concerned (Luiijf and te Paske, 2015). The final blue print of the
reliance plan must be devised. The overall plan must be written and circulated in the
organisation.
Implementation: The plan must be implemented according the set standards and the norms
and keeping in mind the laws and legislations if applicable. Each and every department and
the individual must fulfil his or her responsibility with respect to the cyber security policy of
the company.
Review and Updating: The process of implementing and the cyber security plans is
continuous and iterative. The plan must be reviewed and analysed periodically and the
loopholes must be identified in the light of the new challenges and the threats. The seminars,
webinars, awareness programmes, group discussions must be conducted, in order to update
the employees, stakeholders and the management itself from time to time.
culture. In addition, it is important that the gaps must be analysed, as to what are the current
capabilities of the entity and what are the desired objectives. Further to add, if there is any
target threat in the industry of the work of the entity, the same must be identified and
acknowledged.
Selection of the activities: The resilience plan should describe the activities as decided by
the management for countering the cyber security threat. The activities can range from the
use of the firewalls, using of the internet security programmes, definition of the roles and
responsibilities with respect to the passwords, access to the infrastructure and database
repository and more (Knowles, et. al, 2015).
Review and the consideration of the results: The plan must be run at a trial level before
implementing the same at the final level. The gaps in the performance must be identified,
changed must be made in the reliance plans to counter the same and the same must be
updated to the individuals concerned (Luiijf and te Paske, 2015). The final blue print of the
reliance plan must be devised. The overall plan must be written and circulated in the
organisation.
Implementation: The plan must be implemented according the set standards and the norms
and keeping in mind the laws and legislations if applicable. Each and every department and
the individual must fulfil his or her responsibility with respect to the cyber security policy of
the company.
Review and Updating: The process of implementing and the cyber security plans is
continuous and iterative. The plan must be reviewed and analysed periodically and the
loopholes must be identified in the light of the new challenges and the threats. The seminars,
webinars, awareness programmes, group discussions must be conducted, in order to update
the employees, stakeholders and the management itself from time to time.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CORPORATE GOVERNANCE AND ETHICS 10
6. Conclusion
The previous discussions in the report gave the insight that cyber security is a crucial aspect
of the organisations of the 21st century. With the technological innovations taking place and
the new challenges coming up each day, every day in the field of the information security, the
organisations must guard themselves from the threats and breaches. It is the duty of the
management of the organisation to ensure that a healthy and safe framework is established for
the security of the vital data and information of the enterprise. However, the prime
responsibility is of the top management, but it is not limited to them. Each member has a role
to play in the security of the systems and the processes of the entity.
The report highlighted the basic definitions of the cyber security and the need for it. It
highlighted how the involvement of the human factor and legal aspect necessitates for the
entities to have a strong cyber resilience plan. The report further described the roles of the
senior management, IT department and the CISO, in implementation for the successful cyber
security plans.
The report concluded with the best practices and the step wise recommendation that can be
taken as a guide by the entities for the development and the implementation of the resilience
plans.
Thus, it can be said that cyber security plays an empirical role in the overall functioning and
the success of the organisations. The same must be viewed as a chief responsibility by the
management and every member of the entity, in the interest of the entity and stakeholders as
a whole.
6. Conclusion
The previous discussions in the report gave the insight that cyber security is a crucial aspect
of the organisations of the 21st century. With the technological innovations taking place and
the new challenges coming up each day, every day in the field of the information security, the
organisations must guard themselves from the threats and breaches. It is the duty of the
management of the organisation to ensure that a healthy and safe framework is established for
the security of the vital data and information of the enterprise. However, the prime
responsibility is of the top management, but it is not limited to them. Each member has a role
to play in the security of the systems and the processes of the entity.
The report highlighted the basic definitions of the cyber security and the need for it. It
highlighted how the involvement of the human factor and legal aspect necessitates for the
entities to have a strong cyber resilience plan. The report further described the roles of the
senior management, IT department and the CISO, in implementation for the successful cyber
security plans.
The report concluded with the best practices and the step wise recommendation that can be
taken as a guide by the entities for the development and the implementation of the resilience
plans.
Thus, it can be said that cyber security plays an empirical role in the overall functioning and
the success of the organisations. The same must be viewed as a chief responsibility by the
management and every member of the entity, in the interest of the entity and stakeholders as
a whole.
CORPORATE GOVERNANCE AND ETHICS 11
7. References
Ben-Asher, N. and Gonzalez, C. (2015) Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, pp.5 1-61.
Densham, B. (2015) Three cyber-security strategies to mitigate the impact of a data
breach. Network Security, 2015(1), pp. 5-8.
European Union Agency For Network and Information Security. (2017) Cyber Security
Culture in organisations. [online]. Available from: www.enisa.europa.eu. [Accessed on:
10/09/2018].
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F. (2016) Decision
support approaches for cyber security investment. Decision Support Systems, 86, pp.13-23.
Gupta, B., Agrawal, D. P. and Yamaguchi, S. eds., (2016) Handbook of research on modern
cryptographic solutions for computer and cyber security. United States: IGI Global.
Johnson, C., Badger, L., Waltermire, D., Snyder, J. and Skorupka, C. (2016) Guide to cyber
threat information sharing. NIST special publication, 800, p. 150.
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P. and Jones, K. (2015) A survey of
cyber security management in industrial control systems. International journal of critical
infrastructure protection, 9, pp. 52-80.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M. and Liu, M. (2015)
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX Security
Symposium pp. 1009-1024).
Luiijf, H. A. M. and te Paske, B. J. (2015) Cyber security of industrial control systems. TNO.
7. References
Ben-Asher, N. and Gonzalez, C. (2015) Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, pp.5 1-61.
Densham, B. (2015) Three cyber-security strategies to mitigate the impact of a data
breach. Network Security, 2015(1), pp. 5-8.
European Union Agency For Network and Information Security. (2017) Cyber Security
Culture in organisations. [online]. Available from: www.enisa.europa.eu. [Accessed on:
10/09/2018].
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F. (2016) Decision
support approaches for cyber security investment. Decision Support Systems, 86, pp.13-23.
Gupta, B., Agrawal, D. P. and Yamaguchi, S. eds., (2016) Handbook of research on modern
cryptographic solutions for computer and cyber security. United States: IGI Global.
Johnson, C., Badger, L., Waltermire, D., Snyder, J. and Skorupka, C. (2016) Guide to cyber
threat information sharing. NIST special publication, 800, p. 150.
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P. and Jones, K. (2015) A survey of
cyber security management in industrial control systems. International journal of critical
infrastructure protection, 9, pp. 52-80.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M. and Liu, M. (2015)
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX Security
Symposium pp. 1009-1024).
Luiijf, H. A. M. and te Paske, B. J. (2015) Cyber security of industrial control systems. TNO.
CORPORATE GOVERNANCE AND ETHICS 12
Office of the Australian Information Commissioner. (2018) Notifiable Data Breaches
scheme. [online]. Available from:
https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme [Accessed
on: 10/09/2018].
Ponemon Institute. (2012) The human factor in data protection [online]. Available from:
https://www.ponemon.org/library/the-human-factor-in-data-protection [Accessed on:
10/09/2018].
Safa, N. S., Von Solms, R. and Futcher, L. (2016) Human aspects of information security in
organisations. Computer Fraud & Security, 2016(2), pp. 15-18.
Sen, R. and Borle, S. (2015) Estimating the contextual risk of data breach: An empirical
approach. Journal of Management Information Systems, 32(2), pp. 314-341.
World Economic Forum. (2017) Advancing Cyber Resilience Principles and Tools for
Boards. [online] Available from:
http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf
[Accessed on 11/09/2018].
Office of the Australian Information Commissioner. (2018) Notifiable Data Breaches
scheme. [online]. Available from:
https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme [Accessed
on: 10/09/2018].
Ponemon Institute. (2012) The human factor in data protection [online]. Available from:
https://www.ponemon.org/library/the-human-factor-in-data-protection [Accessed on:
10/09/2018].
Safa, N. S., Von Solms, R. and Futcher, L. (2016) Human aspects of information security in
organisations. Computer Fraud & Security, 2016(2), pp. 15-18.
Sen, R. and Borle, S. (2015) Estimating the contextual risk of data breach: An empirical
approach. Journal of Management Information Systems, 32(2), pp. 314-341.
World Economic Forum. (2017) Advancing Cyber Resilience Principles and Tools for
Boards. [online] Available from:
http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf
[Accessed on 11/09/2018].
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.