ACC03043 - Cyber Security, Resilience, and Governance Report
VerifiedAdded on 2023/06/10
|9
|2583
|350
Report
AI Summary
This report provides an overview of cyber security and cyber resilience within the context of corporate governance. It defines cyber security and resilience, discusses various cyber threats such as ransomware, phishing, and DDOS attacks, and explores best practices for cyber resilience. The report emphasizes the importance of board management, effective governance, and cyber risk management, including third-party risk assessment. It also outlines key considerations for developing a robust cyber resilience policy, including skill development, competency, and compliance with national and international guidelines. The report concludes with recommendations for enhancing cyber resilience strategies, such as adopting a broader organizational approach, ensuring accountability across all levels, and promoting effective communication. Desklib offers a wealth of similar documents and past papers for students.
Corporate Governance & Ethics 1
Corporate Governance & Ethics
Corporate Governance & Ethics
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Corporate Governance and Ethics 2
Part 3
Executive summary:
Cyber security is defined as the security related to the computer and information technology,
which means, it is the tool which protect the computer systems of the organization against any
theft or damage related to the hardware, software, electronic data, disruption, etc. This security
system mainly ensures the control in context of the system hardware, and it also ensures the
protection of the system against any damage occurred because of the access of the network
capture the corrupt data and code inoculation. Computer systems also have threat from the
operator’s negligence, and whether negligence conduct by them is intentional or non-intentional
in nature.
Part 3
Executive summary:
Cyber security is defined as the security related to the computer and information technology,
which means, it is the tool which protect the computer systems of the organization against any
theft or damage related to the hardware, software, electronic data, disruption, etc. This security
system mainly ensures the control in context of the system hardware, and it also ensures the
protection of the system against any damage occurred because of the access of the network
capture the corrupt data and code inoculation. Computer systems also have threat from the
operator’s negligence, and whether negligence conduct by them is intentional or non-intentional
in nature.
Corporate Governance and Ethics 3
Contents
Executive summary:....................................................................................................................................2
Introduction:...............................................................................................................................................4
Cyber Security:............................................................................................................................................4
Cyber Resilience:.........................................................................................................................................5
Cyber Resilience policy:...........................................................................................................................7
Recommendations:..................................................................................................................................8
Conclusion:..................................................................................................................................................8
References:..................................................................................................................................................9
Contents
Executive summary:....................................................................................................................................2
Introduction:...............................................................................................................................................4
Cyber Security:............................................................................................................................................4
Cyber Resilience:.........................................................................................................................................5
Cyber Resilience policy:...........................................................................................................................7
Recommendations:..................................................................................................................................8
Conclusion:..................................................................................................................................................8
References:..................................................................................................................................................9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Corporate Governance and Ethics 4
Introduction:
Cyber security is the tool through which protection of the computer system is ensured through
different types of cyber threats. In other words, cyber security ensures safeguarding of the
internet-connected systems and other devices such as data related to the hardware and software
in terms of the cyber-attacks. Security related to the computer devices is differentiated in two
types that are cyber-security and physical security. It must be noted that, company use both type
of securities for ensuring the safeguarding against the illegal access to the data centers of the
organization and other systems of the organization. Information technology is considered as the
subpart of the cyber security, because IT is designed for ensuring the confidentiality and integrity
related to the data.
This paper mainly discusses the concept of the cyber security, and it is prepared for the purpose
of board of directors of the organization. This report provides necessary and sufficient
knowledge to the board of the directors of the company about the cyber security and related
concepts of the cyber security. Structure of this report includes the brief introduction of the cyber
security and cyber resilience. Numbers of issues are addressed by this report such as it
determines the way through which management ensure the cyber security in its organization and
also the protocol related to the cyber resilience. Further this report states the illustrations of best
practices and recommendations related to the cyber resilience policy at the board level.
Cyber Security:
Cyber security deals with number of issues in the organization and these issues occurred at each
level of its implementation. The most important issue which needs to handle by the board is the
continuous evolution of the risks related to the security. It is not possible to handle these issues
with the traditional approach of the cyber security. Computer systems deals with number of
threats related to the cyber security. Modern approach of the cyber security handles with these
issues in effective manner, and this includes the adoption of the new technologies and
digitalization. It is important to ensure the asset and information protection from different type of
cyber threats (Herington & Aldrich, 2013). There is different type of cyber threats which affects
the computer systems:
Ransom-ware is the type of threat which relates with the malicious software and does not
allowed the individual to use the data or software until payment is made by the victim.
This threat is rapidly increase and affect different types of users such as individuals,
business organizations, etc.
Phishing is the threat which opposes sent number of e-mails to the large groups for the
purpose of asking sensitive information from these groups such as personal and bank
details.
Introduction:
Cyber security is the tool through which protection of the computer system is ensured through
different types of cyber threats. In other words, cyber security ensures safeguarding of the
internet-connected systems and other devices such as data related to the hardware and software
in terms of the cyber-attacks. Security related to the computer devices is differentiated in two
types that are cyber-security and physical security. It must be noted that, company use both type
of securities for ensuring the safeguarding against the illegal access to the data centers of the
organization and other systems of the organization. Information technology is considered as the
subpart of the cyber security, because IT is designed for ensuring the confidentiality and integrity
related to the data.
This paper mainly discusses the concept of the cyber security, and it is prepared for the purpose
of board of directors of the organization. This report provides necessary and sufficient
knowledge to the board of the directors of the company about the cyber security and related
concepts of the cyber security. Structure of this report includes the brief introduction of the cyber
security and cyber resilience. Numbers of issues are addressed by this report such as it
determines the way through which management ensure the cyber security in its organization and
also the protocol related to the cyber resilience. Further this report states the illustrations of best
practices and recommendations related to the cyber resilience policy at the board level.
Cyber Security:
Cyber security deals with number of issues in the organization and these issues occurred at each
level of its implementation. The most important issue which needs to handle by the board is the
continuous evolution of the risks related to the security. It is not possible to handle these issues
with the traditional approach of the cyber security. Computer systems deals with number of
threats related to the cyber security. Modern approach of the cyber security handles with these
issues in effective manner, and this includes the adoption of the new technologies and
digitalization. It is important to ensure the asset and information protection from different type of
cyber threats (Herington & Aldrich, 2013). There is different type of cyber threats which affects
the computer systems:
Ransom-ware is the type of threat which relates with the malicious software and does not
allowed the individual to use the data or software until payment is made by the victim.
This threat is rapidly increase and affect different types of users such as individuals,
business organizations, etc.
Phishing is the threat which opposes sent number of e-mails to the large groups for the
purpose of asking sensitive information from these groups such as personal and bank
details.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Corporate Governance and Ethics 5
Another threat is the distributed denial of service (DDOS) attack, as this threat block the
access of the legal user. In other words, system denies the legal user access, and in this
services overcome with appeal from other bases (Peter, 2017).
Scams are considered as most common threat which not only targets the business
organizations but affects the individuals also. In these oppose use the social engineering
techniques which are advanced in nature for targeting the staff members and increase the
insight of being legal.
Secondary targeting is the threat which mainly affects those small networks which are
connected with the IT systems in context of adequately affects the companies of higher
value. Through these threat opponents exploits the customer and network data with direct
and indirect ways.
Targeting bulk personally identifiable information is the threat which directly affects the
personally identifiable information (PII) in adequate manner. As, Australian networks
contain large amount of data in terms of PII, and opponents target this information for
using that information for wrong purpose such as theft, extorting money, etc.
Crypto currency mining is the malware which is used by the opponents for the purpose of
destroying the processing power related to the systems.
After understanding the above stated threats, it can be said that cyber security ensures the
protection of the organization against the cyber-attacks, breach of data, and theft identification.
Cyber security also provides the facility related to the risk management. For dealing with these
issues, organization must develop the security system which is enough strong, response plan, and
must adopt the practices which help in removing with these risks (ASIC, 2017).
Cyber Resilience:
Another important topic is the cyber resilience, as it is considered as the tool which consists both
in its ambit that is business management and cyber security. The main purpose of this tool is to
provide the protection against the cyber-attacks and also help the management in ensuring the
long term survival of the organization. Cyber resilience is the wider term as compared to the
cyber-attacks, and in future terms it is the most important attribute of the organization for
ensuring survival (ASIC, 2017).
There are number of best practices which are recommended by the government authorities of the
Australia through which organizations can prevent cyber-attacks in the organization. These
practices are defined as the cyber resilience practices, and some of these practices are defined
below:
Management of board:
In this management of the board is held responsible in terms of different elements of the
organization, as it impose obligations on the board to ensure the effective cyber resilience culture
Another threat is the distributed denial of service (DDOS) attack, as this threat block the
access of the legal user. In other words, system denies the legal user access, and in this
services overcome with appeal from other bases (Peter, 2017).
Scams are considered as most common threat which not only targets the business
organizations but affects the individuals also. In these oppose use the social engineering
techniques which are advanced in nature for targeting the staff members and increase the
insight of being legal.
Secondary targeting is the threat which mainly affects those small networks which are
connected with the IT systems in context of adequately affects the companies of higher
value. Through these threat opponents exploits the customer and network data with direct
and indirect ways.
Targeting bulk personally identifiable information is the threat which directly affects the
personally identifiable information (PII) in adequate manner. As, Australian networks
contain large amount of data in terms of PII, and opponents target this information for
using that information for wrong purpose such as theft, extorting money, etc.
Crypto currency mining is the malware which is used by the opponents for the purpose of
destroying the processing power related to the systems.
After understanding the above stated threats, it can be said that cyber security ensures the
protection of the organization against the cyber-attacks, breach of data, and theft identification.
Cyber security also provides the facility related to the risk management. For dealing with these
issues, organization must develop the security system which is enough strong, response plan, and
must adopt the practices which help in removing with these risks (ASIC, 2017).
Cyber Resilience:
Another important topic is the cyber resilience, as it is considered as the tool which consists both
in its ambit that is business management and cyber security. The main purpose of this tool is to
provide the protection against the cyber-attacks and also help the management in ensuring the
long term survival of the organization. Cyber resilience is the wider term as compared to the
cyber-attacks, and in future terms it is the most important attribute of the organization for
ensuring survival (ASIC, 2017).
There are number of best practices which are recommended by the government authorities of the
Australia through which organizations can prevent cyber-attacks in the organization. These
practices are defined as the cyber resilience practices, and some of these practices are defined
below:
Management of board:
In this management of the board is held responsible in terms of different elements of the
organization, as it impose obligations on the board to ensure the effective cyber resilience culture
Corporate Governance and Ethics 6
in the organization. Following are the different attributes related to the cyber resilience culture
are:
It is the responsibility of the board of directors to take the responsibility related to the
cyber resilience policy, and they are also responsible to conduct periodic assessment of
the strategy for review the working of the strategy against those measures which
determine the success standards of this strategy.
Board also holds the responsibility to ensure that cyber resilience becomes the important
tool of the management for implementing the risk management policy in effective
manner and also in taking the decisions which relates with the cyber securities.
For resolving the issues related to the cyber risk, it is important for board members to
understand the risk related to cyber security in well manner. This helps the board
members in frame effective policy, and answers the questions asked by the risk and audit
committees.
Effective Governance:
Effective governance is important for the purpose of dealing with the cyber risk in well manner,
as following are the elements of the effective governance in the organization:
Management must make required changes traditional governance approach adopted by
the organization, as these changes makes the governance process more responsive in
nature. These changes are important for making the process more compatible with this
changing requirement of the cyber risks, current strategies and provisions, etc. It must be
noted that these changes must be occurred on continuous basis.
Cyber security governance must be related to the current governance framework and
policies of the organization such as with those strategies which are documented,
principles, plans, directions and procedures of the company (ASIC, 2017).
Cyber Risk Management:
This is the current approach of the risk management in the organization and very useful approach
from future perspectives because of the digitalization. This process rapidly becomes the process
of intelligence, and following are some important elements of this process which must be
considered by the organization:
Companies are required to take the steps in terms of making the expert functional group
for ensuring effective monitoring of cyber risk management process.
It is also important for the management to understand the risk related to third party, as
now a days outsourcing and cloud services are common at every part of the organization.
In other words, these services become important part of the organization working.
Organization on some part becomes dependent on the third party service distributors and
in the organization. Following are the different attributes related to the cyber resilience culture
are:
It is the responsibility of the board of directors to take the responsibility related to the
cyber resilience policy, and they are also responsible to conduct periodic assessment of
the strategy for review the working of the strategy against those measures which
determine the success standards of this strategy.
Board also holds the responsibility to ensure that cyber resilience becomes the important
tool of the management for implementing the risk management policy in effective
manner and also in taking the decisions which relates with the cyber securities.
For resolving the issues related to the cyber risk, it is important for board members to
understand the risk related to cyber security in well manner. This helps the board
members in frame effective policy, and answers the questions asked by the risk and audit
committees.
Effective Governance:
Effective governance is important for the purpose of dealing with the cyber risk in well manner,
as following are the elements of the effective governance in the organization:
Management must make required changes traditional governance approach adopted by
the organization, as these changes makes the governance process more responsive in
nature. These changes are important for making the process more compatible with this
changing requirement of the cyber risks, current strategies and provisions, etc. It must be
noted that these changes must be occurred on continuous basis.
Cyber security governance must be related to the current governance framework and
policies of the organization such as with those strategies which are documented,
principles, plans, directions and procedures of the company (ASIC, 2017).
Cyber Risk Management:
This is the current approach of the risk management in the organization and very useful approach
from future perspectives because of the digitalization. This process rapidly becomes the process
of intelligence, and following are some important elements of this process which must be
considered by the organization:
Companies are required to take the steps in terms of making the expert functional group
for ensuring effective monitoring of cyber risk management process.
It is also important for the management to understand the risk related to third party, as
now a days outsourcing and cloud services are common at every part of the organization.
In other words, these services become important part of the organization working.
Organization on some part becomes dependent on the third party service distributors and
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Corporate Governance and Ethics 7
because of this it is important for them to understand the risk related to them, so that they
can mitigate it in effective manner.
Third party risk management:
Risk based assessment frameworks must be developed by the organizations for ensuring that risk
related to these third party suppliers are assessed on continuous basis, as it also helps the
organization in complied with the defined security standards. Different companies are there
which appoint the external service providers for conduct assessment of these third parties in
periodic manner (ACS, 2017).
Cyber Resilience policy:
Cyber resilience is the approach which can only be ensured in the organization through the
strategy which is both effective and efficient in nature otherwise it is not possible for the
organization to ensure cyber resilience in their organization. Management of the organization
must make sure that they adopt the best practices defined by the expert authorities at both
national and international level. Through this strategy, management ensures the skills and
competencies development, expert’s leadership in this context, required tools, and publications
for ensures effective implementation of this strategy in each and every department of the
organization (ACSC, 2017). Some important considerations which must be considered by the
organization for the purpose of preparing the right cyber resilience strategy are stated below:
Management must ensure the skill development, competency, and expert advice while
making the plan related to the cyber resilience policy and also for ensuring the effective
delivery of this.
Management also ensures the skills development in terms of public training courses, and
these courses are framed on the basis of the provisions stated by the ISO27001 and
ISO22301, risk management training, CISA, CISM, CRISC and CISSP.
Management of the organization is also under responsibility ensures that cyber resilience policy
framed by the organization complied with the guidelines stated below:
Risk management strategy and framework developed by the management and board of
the organization.
Guidelines defined by the national and international authorities in terms of the cyber
resilience.
Guidelines defined by the ISO27001 and ISO22301.
Strategy developed by the organization for achieving the aims and objectives (ASIC,
2017).
because of this it is important for them to understand the risk related to them, so that they
can mitigate it in effective manner.
Third party risk management:
Risk based assessment frameworks must be developed by the organizations for ensuring that risk
related to these third party suppliers are assessed on continuous basis, as it also helps the
organization in complied with the defined security standards. Different companies are there
which appoint the external service providers for conduct assessment of these third parties in
periodic manner (ACS, 2017).
Cyber Resilience policy:
Cyber resilience is the approach which can only be ensured in the organization through the
strategy which is both effective and efficient in nature otherwise it is not possible for the
organization to ensure cyber resilience in their organization. Management of the organization
must make sure that they adopt the best practices defined by the expert authorities at both
national and international level. Through this strategy, management ensures the skills and
competencies development, expert’s leadership in this context, required tools, and publications
for ensures effective implementation of this strategy in each and every department of the
organization (ACSC, 2017). Some important considerations which must be considered by the
organization for the purpose of preparing the right cyber resilience strategy are stated below:
Management must ensure the skill development, competency, and expert advice while
making the plan related to the cyber resilience policy and also for ensuring the effective
delivery of this.
Management also ensures the skills development in terms of public training courses, and
these courses are framed on the basis of the provisions stated by the ISO27001 and
ISO22301, risk management training, CISA, CISM, CRISC and CISSP.
Management of the organization is also under responsibility ensures that cyber resilience policy
framed by the organization complied with the guidelines stated below:
Risk management strategy and framework developed by the management and board of
the organization.
Guidelines defined by the national and international authorities in terms of the cyber
resilience.
Guidelines defined by the ISO27001 and ISO22301.
Strategy developed by the organization for achieving the aims and objectives (ASIC,
2017).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Corporate Governance and Ethics 8
Recommendations:
Some recommendations are stated below which contributes in the cyber resilience strategy
framed by the organization, and make that strategy more effective in nature:
Broader approach in context of the objectives of the organization must be considered by
the organization, as it ensures that cyber resilience strategy developed by the organization
complied with the overall objectives of the organization.
Obligations related to this concept must not be only imposed on the IT sector, which
means, it is not only the IT sector which is accountable for any cyber resilience issue.
Leaders across the organization must also be held accountable in this context.
There must be effective communication at each and every level of the organization in
terms of the cyber resilience strategy, which means, this strategy must be communicated
to all the staff members and other employees of the organization. It must be noted that,
only effective communication of the strategy is not sufficient, as organization must take
steps to ensure that’s staff understand the important aspects of the policy also
(AUSTRALIA’S CYBER SECURITY STRATEGY, 2017).
Conclusion:
Security related to the computer devices is differentiated in two types that are cyber-security and
physical security. It must be noted that, company use both type of securities for ensuring the
safeguarding against the illegal access to the data centers of the organization and other systems
of the organization. Management of the organization must make sure that they adopt the best
practices defined by the expert authorities at both national and international level. Through this
strategy, management ensures the skills and competencies development, expert’s leadership in
this context, required tools, and publications for ensures effective implementation of this strategy
in each and every department of the organization .
Recommendations:
Some recommendations are stated below which contributes in the cyber resilience strategy
framed by the organization, and make that strategy more effective in nature:
Broader approach in context of the objectives of the organization must be considered by
the organization, as it ensures that cyber resilience strategy developed by the organization
complied with the overall objectives of the organization.
Obligations related to this concept must not be only imposed on the IT sector, which
means, it is not only the IT sector which is accountable for any cyber resilience issue.
Leaders across the organization must also be held accountable in this context.
There must be effective communication at each and every level of the organization in
terms of the cyber resilience strategy, which means, this strategy must be communicated
to all the staff members and other employees of the organization. It must be noted that,
only effective communication of the strategy is not sufficient, as organization must take
steps to ensure that’s staff understand the important aspects of the policy also
(AUSTRALIA’S CYBER SECURITY STRATEGY, 2017).
Conclusion:
Security related to the computer devices is differentiated in two types that are cyber-security and
physical security. It must be noted that, company use both type of securities for ensuring the
safeguarding against the illegal access to the data centers of the organization and other systems
of the organization. Management of the organization must make sure that they adopt the best
practices defined by the expert authorities at both national and international level. Through this
strategy, management ensures the skills and competencies development, expert’s leadership in
this context, required tools, and publications for ensures effective implementation of this strategy
in each and every department of the organization .
Corporate Governance and Ethics 9
References:
ACS, (2017). Cyber security Threats Challenges Opportunities. Available at:
https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf.
Accessed on 1st July 2018.
ACSC, (2017). Cyber Threat. Available at:
https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf. Accessed on 1st July
2018.
ASIC, (2017). Cyber resilience good practices. Available at: https://asic.gov.au/regulatory-
resources/digital-transformation/cyber-resilience/cyber-resilience-good-practices/. Accessed on
1st July 2018.
ASIC, (2017). Cyber resilience in Australia’s financial markets. Available at:
https://asic.gov.au/regulatory-resources/markets/resources/markets-articles-by-asic/cyber-
resilience-in-australia-s-financial-markets/. Accessed on 1st July 2018.
ASIC, (2017). Cyber resilience. Available at: https://asic.gov.au/regulatory-resources/digital-
transformation/cyber-resilience/. Accessed on 1st July 2018.
ASIC, (2017). Key questions for an organization’s board of directors. Available at:
https://asic.gov.au/regulatory-resources/digital-transformation/cyber-resilience/key-questions-
for-an-organisation-s-board-of-directors/. Accessed on 1st July 2018.
Australia’s cyber security strategy, (2017). First Update. Available at:
https://cybersecuritystrategy.pmc.gov.au/cyber-security-strategy-first-annual-update-2017.pdf.
Accessed on 1st July 2018.
Herington, L. & Aldrich, R. (2013). The Future of Cyber-Resilience in an Age of Global
Complexity. International Journal of Management, Volume 33(4), Pp 299-310.
Peter, A. (2017). Cyber resilience preparedness of Africa’s top-12 emerging economies,
International Journal of Critical Infrastructure Protection, Volume 17.
References:
ACS, (2017). Cyber security Threats Challenges Opportunities. Available at:
https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf.
Accessed on 1st July 2018.
ACSC, (2017). Cyber Threat. Available at:
https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf. Accessed on 1st July
2018.
ASIC, (2017). Cyber resilience good practices. Available at: https://asic.gov.au/regulatory-
resources/digital-transformation/cyber-resilience/cyber-resilience-good-practices/. Accessed on
1st July 2018.
ASIC, (2017). Cyber resilience in Australia’s financial markets. Available at:
https://asic.gov.au/regulatory-resources/markets/resources/markets-articles-by-asic/cyber-
resilience-in-australia-s-financial-markets/. Accessed on 1st July 2018.
ASIC, (2017). Cyber resilience. Available at: https://asic.gov.au/regulatory-resources/digital-
transformation/cyber-resilience/. Accessed on 1st July 2018.
ASIC, (2017). Key questions for an organization’s board of directors. Available at:
https://asic.gov.au/regulatory-resources/digital-transformation/cyber-resilience/key-questions-
for-an-organisation-s-board-of-directors/. Accessed on 1st July 2018.
Australia’s cyber security strategy, (2017). First Update. Available at:
https://cybersecuritystrategy.pmc.gov.au/cyber-security-strategy-first-annual-update-2017.pdf.
Accessed on 1st July 2018.
Herington, L. & Aldrich, R. (2013). The Future of Cyber-Resilience in an Age of Global
Complexity. International Journal of Management, Volume 33(4), Pp 299-310.
Peter, A. (2017). Cyber resilience preparedness of Africa’s top-12 emerging economies,
International Journal of Critical Infrastructure Protection, Volume 17.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.