Analysis of Cyber Security Strategies, Laws, and Implementation

Verified

Added on 2023/01/07

AI Summary

This report delves into the multifaceted realm of cyber security, examining the critical intersection of strategies, laws, and their practical implementation within business environments, specifically within the context of the United Kingdom. The report begins by defining cyber security and its importance in the digital age, emphasizing the increasing reliance of organizations on technology and the corresponding rise in cyber threats. It then explores how the legal and political landscape, including the influence of government regulations, impacts cyber security functions. Key regulations such as GDPR and NIS are analyzed, highlighting their significance in protecting data and ensuring information system security. The report also addresses other relevant legal requirements and provides recommendations for businesses to enhance their cyber security posture, including building a security-focused culture, distributing responsibility, and implementing robust technical and organizational measures. The conclusion underscores the need for a strong legal and political environment to combat cybercrime and emphasizes the importance of adhering to regulations to safeguard customer data.

1 | P a g e
SECURITY
STRATEGIES LAWS
AND
IMPLEMENTATION

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2 | P a g e
TABLE OF CONTENTS
1. Introduction……………………………………………………………….03
2. How The Legal And Political Environment Can Impact The Cyber
Security Functions Within Your Business Operating Environment……
04
3. What Laws Regulations And Standards Could Be Of Particular
Significance To Your Cyber Security Policies And Operations In Your
Business……………………………………………………………………05
4. Conclusion…………………………………………………………………06
5. References…………………………………………………………………07

3 | P a g e
INTRODUCTION
Cyber Security can be defined as set of various technologies and processes which are
developed in order to protect the networks, devices and data of a company or an organization. It
can also be defined that all the methods which are required to protect the information technology
of a company.
Nowadays everything is going digital. All the important data are also stored on the online
platform only. As various organizations either they are governmental or private corporations
collect and store all their confidential data on the personal computer systems and other online
devices. It is highly possible that all these stored data consist of various personal information
which can be sensitive in nature and if any unauthorized access will be there on these sensitive
data it can cause various negative results.
Majorly the business organizations store these data for doing various activities related to
the business whereas the cyber security ensures that all these data must be protected in a
systematic manner. Nowadays the cases of cyberattack are also growing and when any
organization is keeping any data related to its customers or any other confidential data, these
business organizations must take proper steps to ensure the security of those data. Taking these
steps in protecting the data not only benefit the people whose data has been stored but also the
organization itself too.
MAIN BODY
How The Legal And Political Environment Can Impact The Cyber Security Functions
Within Your Business Operating Environment
Nowadays every business organization is dependent on information technology due to
development in the field of technology. Because of this ensuring cybersecurity becomes the
priority of each business organization in United Kingdom. It has seen that since few years many
data were hacked by the hackers due to which various important and confidential information
were leaked. All the business organizations know the negative effects of this hacking of their
data but then also they does not have sufficient measures to protect themselves against this
threat. The main reason because of which the business organizations are not making this cyber
security as their priority because it is an expensive affair (Kim, 2017).
It is also a proven fact through various studies that due to data breach, the customers of a
particular organization whose data has been leaked, are reducing as they feels that it is risky to
do business with such company. It is also the general perception of the people that their leaked
data can affect their life in various terms. So if a company faces this issue of hacking or leaking
of data from their software, it will definitely cause them the financial loss as the share of
customers would be reduced due to this act.

4 | P a g e
The law here in this matter is concerned majorly with two aspects that are to enhance the
cyber security initiatives and to protect the consumers whose data has been at risk of leaking. It
is recommended that there must be minimum standard of security so that the business
organizations can defend these types of cyber-attacks. Ensuring these standards will also increase
the trust of other business organizations and customers with whom the company is doing
business. By implementing the proper standards, the trust of customers will increase as they feel
that proper measures have been taken by the company in protecting their data(Osborn and
Simpson, 2017).
The legal mechanism of United Kingdom can ensure that the government authorities
should take necessary steps to protect the data from the cyber-attacks.
Also the political environment of the country also impact upon the cyber security
functions in the country. It is the duty of the government to implement proper laws and
guidelines which are necessary for the protection of the data of general public. The governmental
organizations must ensure that their mechanism related to the protection of data from the cyber-
attack is strong enough. They must also see that all the companies are following those laws and
standards. For this it is also the responsibility of the government of United Kingdom to provide
these cyber security software in a cost efficient manner because the main reason due to which
these cyber-crimes happens is that preventive measures are too costly(Ruiz, 2019).
What laws regulations and standards could be of particular significance to
your cyber security policies and operations in your business
There are various laws, regulations and standards which are significant in protecting the
cyber-attacks in the business. Some of them are discussed as following:
“GDPR Obligations: The process of personal data within European areas are executed by
General Data Protection Regulation. In UK businesses are required to abide with Data protection Act,
2018 due to which direct impact is drawn to GDPR. The introduction chapter of GDPR and 2018 Act were
modified and this minimised the risk of using personal data. Both of these Acts are requiring every
business to get implementation of various security measures in order to protect their data.
The GDPR and 2018 Act states that businesses are required to keep personal records in
appropriate manner and besides this businesses are allowing third party to access personal
information so that to maximise internal data safety. Besides this businesses are required to
implement technical and organisational measures within business so that to provide safeguards t
personal data. Similarly against unauthorised access and unlawful activities various measures are
taken by business so that data protection can be rendered.
Businesses are undertaking various security measures such as state of art, cost of
implementing, nature and scope of personal data. In order to minimise threat and risk this is
imperative that businesses try to measure robust and appropriate security measures.
The ICO of UK is providing various recommendations to the business in relation to
factors. There are some measures that are required to be considered while implementing security
and these are helpful in securing personal information. The ICO is recommending various such

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5 | P a g e
as staffs are accessing personal information to an extent and they are acting on behalf of
business.
When a business is failing to implement these security measures then fines are imposed.
Besides this when these measures are absence from the business this may lead in cyber-attack of
breaching of data.
NIS Regulations: GDPR is associated with securing personal data and NIS is associated
with information security system. The NIS regulations are imposing cyber-security measures in
which essential services are given that too in digital manner. In UK these services are rendered to
individual so that they can minimise threat of cyber-attack.
Businesses are required to adopt NIS regulations so that they manage system risk in
appropriate manner and prevent harm associated with information system. In this GDPR and
2018 Act are providing obligation to the business of measuring appropriate safety aspects. For
satisfying this obligation a business organisation is required to recognise risks in earlier stage so
that information system can be enhanced in appropriate manner.
Businesses are recommended that to implement NIS regulations so that to get familiar
with working and to guide various publishes in relation to NIS regulations. The NCSC is
defining cyber essentials in which certification regulations can be fulfilled. The NCSC is also
associated with keeping backup support in which common cyber attacks can be prevented by
businesses. On the other hand this is providing NIS regulation will lead in including various
security measure within business that is helpful in minimising cyber-attacks. Failure to access
this requirement will lead to fill up fine up to £17 million.
Other Legal Requirements: “In addition to the GDPR, the 2018 Act and the NIS
Regulations, businesses operating in the UK may be subject to other laws, regulations, industry
rules and the common law. For example, businesses providing electronic communications
networks and services have specific obligations to implement technical and organizational
measures to appropriately manage risks to the network and services, to prevent or minimize the
impact of security incidents on end-users and to protect data in transmission. Similarly,
businesses in the financial services sector must establish and maintain appropriate systems and
controls for managing operational risks that can arise from inadequacies or failures in its
processes and systems” (Vogel, 2016).
Also, foreign businesses in the UK will also have to consider the requirements of the law
in their own jurisdiction.
CONCLUSION
By the above study it can be concluded that cyber-attacks are happening very rapidly in
the present era. There is a need of strong legal as well as political environment so that these
crimes can be restricted. The companies who are keeping the data of the customers must ensure
that they are following the various regulations which have been discussed above.

6 | P a g e
REFERENCES
Books & Journals
Kim, J., 2017. Cyber-security in government: reducing the risk. Computer Fraud &
Security, 2017(7), pp.8-11.
Osborn, E. and Simpson, A., 2017. On small-scale IT users' system architectures and cyber
security: A UK case study. Computers & Security, 70, pp.27-50.
Ruiz, R., 2019, January. A Study of the UK Undergraduate Computer Science Curriculum: A
Vision of Cybersecurity. In 2019 IEEE 12th International Conference on Global Security, Safety
and Sustainability (ICGS3) (pp. 1-8). IEEE.

7 | P a g e
Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security
strategies. International Journal of Computer Science and Information Security, 14(1), p.129.
Taeihagh, A. and Lim, H.S.M., 2019. Governing autonomous vehicles: emerging responses for
safety, liability, privacy, cybersecurity, and industry risks. Transport Reviews, 39(1), pp.103-
128.
Thames, L. and Schaefer, D., 2017. Cybersecurity for industry 4.0. Heidelberg: Springer.
Vogel, R., 2016. Closing the cybersecurity skills gap.