Cyber Security: Industry Compliance, Legal and Technical Analysis

Verified

Added on 2023/04/25

AI Summary

This report provides a comprehensive analysis of cyber security compliance, addressing legal requirements, technical assessments, and industry-specific standards. It identifies relevant cyber laws, assesses critical information infrastructure, and determines necessary configurations for compliance. The report also highlights key vulnerabilities, compliance testing procedures, and the legal and cost implications of non-compliance. It references US-based cyber laws like HIPAA and the Cybersecurity Information Sharing Act, emphasizing the importance of ISO 27001 for international cyber security standards. Desklib offers this document along with a wealth of other resources to support students in their academic pursuits.

Running head: CYBER SECURITY
Cyber Security Part 2
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
CYBER SECURITY
Part 2
1. Identification of Industry Specific Cyber Law in relation to Inquiries and Incidents
Cyber laws are extremely important and significant for eradication of any type of
issue and complexity related to data breaching or system breaching (Anwar & Mahmood,
2014). These types of cyber laws are present in every industry and organization for the core
purpose of maintaining legal system and not allowing cyber threats to enter into the system.
The cyber law is responsible for covering a fairly broad area that eventually encompasses
various aspects like access to as well as use of the Internet connection, online security and
privacy and freedom of expression. It is also termed as the Law of the Internet and it is
required for protecting people and organizations over the Internet from hackers and also
helping to maintain order (Dandurand & Serrano, 2013). Breaking of cyber laws in any
company leads to serious offense and the convicted faces several issues and high penalty.
Cyber law is applicable to the Internet related technologies and the Internet. It is
linked to the legal system and provides legal protections to organizational people, thus helps
in reduction of cybercrime to a greater extent (Pacheco & Hariri, 2016). The weaknesses of
cyber risks and cybercrime are easily addressed with these laws. The International Cyber
Security Standard is termed as ISO 27001. Cyber laws focuses on providing proper guidance
to vulnerable activities in any business. The major examples of US based cyber laws for any
organization mainly include 1996 Health Insurance Portability and Accountability Act or
HIPAA, 1996 Gramm Leach Bliley Act, Cyber security Information Sharing Act, Cyber
security Enhancement Act of 2004, National Cyber Security Protection Advancement Act of
2015 and 2002 Homeland Security Act (DiMase et al., 2015). These laws are although
applicable to every industries, are mainly used in the cyber industry.

2
CYBER SECURITY
2. Assessment of Critical Information Infrastructure and Determination of Doors,
Windows, Logical Controls, Data Storage and Encryption Configuration for being
Compliant
Critical information infrastructure or CII can be referred to as the interconnected
communication infrastructure that is required for better maintenance of important societal
functionalities like safety, security and social wellbeing of individuals as well as the
destruction and disruption (Kott, 2014). This critical infrastructure is stated as
communication and information service whose resilience, reliability and availability are quite
vital to the functioning of organizational systems.
The door configuration is the collection of few devices like readers and locks that are
connected to Cisco physical access gateway and then configured to Cisco PAM (Collins,
2016). For configuring a door, gateway is added to Cisco PAM and then assign these
configurations to that particular gateway with pre-defined door template. The system
configuration tool is useful to people for management of Windows start up as well as
performance issues. Windows configuration can be determined by opening system
configuration tool by using search. Logical access control is protocol and tool that is utilized
for authentication, accountability and identification in information systems (Kent, 2016).
These logical controls allow access control measures for processes, programs and
information.
In network configuration manager, the storage encryption could be utilized for the
purpose of storing device phone numbers, passwords, usernames, configurations and any
other confidential data so that data security is maintained (Ashok, Hahn & Govindarasu,
2014). Firewalls can be configured in five steps of securing of firewalls, architecting firewall
zones as well as IP addresses, configuration of access control lists, configuration of firewall

3
CYBER SECURITY
service and logging and finally testing of firewall configuration. Moreover, servers, routers,
switches and hubs configurations can be determined with different network configurations.
3. Identification of Key Vulnerabilities Point and Strengths and Demonstration of Actual
Compliance Test of Server, Workstation for Indicating Pass and Fail
There are several key vulnerabilities in network servers. The first and the foremost
key vulnerability is USB thumb drive (Graham, Olson & Howard, 2016). The ubiquity of the
these thumb drivers has eventually driven the hackers in developing targeted malware like
Conflicker worm, which can automatically execute while connection to the live USB port and
hence network ports are vulnerable to threats and vulnerabilities . The second vulnerability is
at wireless access point. The wireless attacks take place by war drivers and hence customer
transactions are highly vulnerable (Singer & Friedman, 2014). The robust protocols like
WPA or WPA2 are eventually prone to few attacks when stronger keys are not being utilized.
The inside connections and Trojan human are two other key vulnerabilities.
The compliance test of server is required for ensuring that data is secured and passing
of a compliant scan is required for requiring changing of few default settings on the server for
being more secured even before the user can proceed with the scan (Kogiso & Fujita, 2015).
Passing of compliance test needs few things to be done like closing ports at the firewall and
then ensuring that the user is using an updated software. The closing of open ports for
compliance server, FTP clear or plain text vulnerability can lead this test to failure.
4. Indication of Legal Elements and Costs for Encountering Non Compliance
The legal elements that any organization encounter for non-compliance mainly
include specification, policy, standard and law (Linkov et al., 2013). The regulatory
compliance is the objective that organization aspire in achievement of their efforts to ensure
that they are absolutely responsive of and taking several steps in compliance with the laws,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
CYBER SECURITY
regulations and policies. For the higher increasing regulations and requirement for the
operational transparencies, the organization is increasingly adopting use of harmonized or
consolidated sets of few compliance controls. The compliance liability or cost in conforming
to regulation and legislation. The organizational adherence to laws, specifications, guidelines
and regulations that are relevant to the business processes (Onyeji, Bazilian & Bronk, 2014).
The violation of regulatory compliance regulation eventually result in legal punishments like
federal fines. The CIO and SSA or System Security Authority are responsible for
maintenance of compliance in an organization.

5
CYBER SECURITY
References
Anwar, A., & Mahmood, A. N. (2014). Cyber security of smart grid infrastructure. arXiv
preprint arXiv:1401.3936.
Ashok, A., Hahn, A., & Govindarasu, M. (2014). Cyber-physical security of wide-area
monitoring, protection and control in a smart grid environment. Journal of advanced
research, 5(4), 481-489.
Collins, A. (Ed.). (2016). Contemporary security studies. Oxford university press.
Dandurand, L., & Serrano, O. S. (2013, June). Towards improved cyber security information
sharing. In 2013 5th International Conference on Cyber Conflict (CYCON 2013)(pp.
1-16). IEEE.
DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework
for cyber physical security and resilience. Environment Systems and Decisions, 35(2),
291-300.
Graham, J., Olson, R., & Howard, R. (2016). Cyber security essentials. Auerbach
Publications.
Kent, A. D. (2016). Cyber security data sources for dynamic network research. In Dynamic
Networks and Cyber-Security(pp. 37-65).
Kogiso, K., & Fujita, T. (2015, December). Cyber-security enhancement of networked
control systems using homomorphic encryption. In 2015 54th IEEE Conference on
Decision and Control (CDC) (pp. 6836-6843). IEEE.
Kott, A. (2014). Towards fundamental science of cyber security. In Network science and
cybersecurity (pp. 1-13). Springer, New York, NY.

6
CYBER SECURITY
Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013).
Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4),
471-476.
Onyeji, I., Bazilian, M., & Bronk, C. (2014). Cyber security and critical energy
infrastructure. The Electricity Journal, 27(2), 52-60.
Pacheco, J., & Hariri, S. (2016, September). IoT security framework for smart cyber
infrastructures. In 2016 IEEE 1st International Workshops on Foundations and
Applications of Self* Systems (FAS* W) (pp. 242-247). IEEE.
Singer, P. W., & Friedman, A. (2014). Cybersecurity: What everyone needs to know. OUP
USA.