Case Study: Cyber Security Frameworks, Risks, and Recommendations

Verified

Added on 2020/06/06

AI Summary

This case study delves into the critical domain of cyber security, examining key recommendations for professionals, including the importance of adapting to changing technologies and prioritizing user feedback. It explores available legislations and frameworks such as ISO 27001 and COBIT, which guide information security practices. The study also outlines long-term initiatives for assessing security risks, including risk assessment software and cyber health checks, along with the establishment of security and risk assessment criteria. Furthermore, it analyzes various risk assessment methodologies, focusing on identifying stakeholders, evaluating the impact of security measures, and recognizing potential threats. The comparison of methodologies highlights the significance of identifying threats and assessing the magnitude of risks to maintain a high level of data privacy and security. The study concludes with a call for the adoption of these practices to safeguard personal data and information from unauthorized access and cyber attacks.

A Case Study in Cyber
Security

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................1
Recommendations that can be implemented by the cyber security professionals......................1
Available legislations and frameworks for information security professionals..........................2
Long term initiatives for assessing security risk factors and maintaining privacy.....................3
Risk assessment methodologies that can provide a better mapping...........................................3
Comparison of the methodologies..............................................................................................4
CONCLUSION................................................................................................................................5
REFERENCES................................................................................................................................6

INTRODUCTION
Cyber security is considered as a process that has been made and designed so that it can
provide a standard rate of security from any type of unauthorised access, attack etc. There are
various organisations that deal with an important set of data and it is very important that no
external body can have access to it (Kritzinger and von Solms, 2010). So, cyber security involves
various technologies and processes that can help in preventing such information and data from
any attacker or hacker. The research is about frameworks available that are associated with cyber
security along with some factors, the cyber security professionals can follow. Long term
initiatives have also been included that can help in managing the risk and other features in cyber
security.
Recommendations that can be implemented by the cyber security professionals
Encouraging changing behaviours
It is an obvious fact that as the technology is increasing day by day, the threats are also
maximizing on a larger rate. So, the cyber security professionals should also ensure the fact that
changing behaviours are a part of life. Also, the hackers find new tactics and ways so that they
can hack someone's account and have access to their personal data, so the professionals of the
cyber security should also ensure to stay updated with the new and advanced technology which
they can make use of while dealing with them. Stay updated is very important for these
professionals and can actually throw a much positive impact.
Encourage the feedbacks
The cyber security professionals should ensure the fact that feedbacks are valuable. After
discussing with a major part of the clients, the cyber security professionals can ensure that they
can focus on every single feedback of the client because it is very important to understand that
what feature was not at all liked by them or was useless (Von Solms and Van Niekerk, 2013). It
is because when the cyber security professionals will understand such factors, they can modify it
as soon as possible. Thus, it can be made then in order to be useful enough for the customers so
that their personal data and information can stay protected from any sort of unauthorised access
or attack. Also, while taking feedbacks, the cyber security professionals can also get an idea that
what specialised features, people expect so that they can have well maintained and proper
security features. Then focusing on them can also help in providing a better solution.
Updated ways of dealing
1

As it is clear enough that the hackers and attackers are used to develop new tactics and
technologies by which they can have direct access to someone's personal data and information.
So, for preventing the risk in this case, the cyber security professionals can make sure to stay
updated with new various ways that they can also use when the attackers try to hack some
account etc. by advanced means. These hackers and attackers are so minded that if single way
fails, they make use of the other immediately so that they can have access to the personalised
account of someone. So, the cyber security professionals should ensure that they also stay
updated with new and advanced technologies so that they can deal with the tactics of the
attackers more efficiently.
Available legislations and frameworks for information security professionals
There are various laws and legislations associated with the cyber security and also can
prove helpful for the information security professionals as they can base their proposals on the
basis of it. Some of these legislations and frameworks are discussed as under :
ISO 27001
The framework ISO 27001 is also considered as ISO/IEC 27001 and a well framing of
ISMS, information security management system. Along with the legal, it also encompasses the
physical, technical etc. frameworks (Lu and et.al, 2010). The information security professionals
can make use of it to ensure the security of all the essential features, whether it is about the
details of the employees or financial status of an organisation. It considers the sensitivity of the
information by protecting in a way that for any sort of hackers or attackers, it acts difficult to get
access to that information.
Control objectives for information and related technologies (COBIT)
The control objectives for information and related technology's framework is considered
as that framework that has some specified set of control factors that can be used by the
information security professionals. It involves all the existing standards and make sure to adopt
every single way to protect the personal data and information from any unauthorised access. The
rate of technical risks have also been increased to a huge extent, so there is a need of COBIT to
ensure the minimization of these risks so that a better security can be provided to the data and
information of individuals, thus reducing the risk of any unauthorised access. Thus, the
information security professionals can make use of it while implementing any of their proposals.
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Long term initiatives for assessing security risk factors and maintaining privacy
There are various ways that can help in assessing the risk factors so that one can
previously analyse ways for maintaining the privacy of the personal as well as some public
information. These initiatives are discussed as under :
 There are risk assessment software's that can actually help in assessing all the harmful
and risk factors. Also, this can be considered as a very beneficial factor because this can
actually save a huge amount of time. There are various different functionalities as well
such as custom acceptance, the whole wizard of risk assessment etc. So, this software can
actually help in assessing all the risk factors, thus the cyber security professionals after
accessing the risk factors can adopt various ways by which they can be able to maintain
the privacy of that information and data.
 The facility of cyber health check that has been provided by IT government, is a well
maintained and advanced feature that involves various specialised features involving the
audit, assessing risks, whether they are small or vulnerable, online survey etc. So, the
cyber security professionals can make an easy use of it to assess the risk factors so that
they can involve various ways for maintenance of privacy to a huge extent (Jajodia and
et.al, 2011).
 Also, for accessing risks, the cyber security professionals can establish a certain security
and risk assessment criteria. Various risk assessments can actually help in producing a
consistent set of errors that needs to be managed and handled. By this way, the cyber
security professionals can be able to get a valid analysis on the basis of which, they can
focus on the ways by which they can prevent those risks and maintain the privacy as well.
Risk assessment methodologies that can provide a better mapping
There are various factors of the risk assessment methodologies and these are discussed as
following :
 The first factor is to identify all the benefits and the available stakeholders. There must be
a proper risk assessment team that can help in a better defining process. The information
security professionals should ensure the presence of any biased service or operation so
that if there is any such factor present, it can be removed as soon as possible so that a
well maintained security can be maintained from any sort of unauthorised access.
3

 The second factor is a proper analysis of the impact that if some specified feature has
been implemented, what can be its impact. The information security professionals should
consider the positive as well as negative factors so that the negative ones can be given
more focus and are modified as soon as possible. It also helps to define the objectives in
monetary terms.
 The third factor or methodology is the identification of the threats that what ways and
tactics, the attackers and hackers can make use of for getting access to the personal data
and information of someone's account etc. The whole investigation should take place at a
high level so that no factor can be missed as they are very helpful for the information
security professionals to base the proposals upon. For this, they can also involve various
ways for storing the data in a way that it cannot be easily accessed by the hackers (Aloul
and et.al, 2012).
 The fourth factor is to identify the controls and the magnitude of the risks because after
analysing the risk factors that the attackers and hackers can use, it is also important to
investigate ways by which it can be controlled. So, this can be done by the information
security professionals to provide a standard rate of privacy to the personalised data and
information from any sort of unauthorised access.
Comparison of the methodologies
After discussing all these methodologies, it can be said that identifying the threats can
prove very effective as threats can actually ruin the whole hard work and time of the cyber
security professions, so a pre identification of threats can help the cyber security and information
security professionals in preventing the specified system or account from unauthorised access or
cyber attacker. Also, investigating the magnitude of risks is efficient as well because it helps in
analysing the overall rate that how harmful is the specific threat. So, as per the magnitude, the
information security and the cyber security professionals can make the control factor. It is
important as well because the control factor should be efficient enough that they can be able to
manage the specific risk and can control it. This will further help in maintaining the accurate
level of privacy and security in the accounts or profile's of people from any sort of unauthorised
access.
4

CONCLUSION
It can be concluded from the research that cyber security is considered as a very essential
tool as it helps in providing security to the personal data and information from hackers, attackers
or any type of unauthorised access. There are various legislations involved as well that can be
followed by the cyber security professionals for developing more effective and appropriate
solutions. Also, there are various ways for assessing the risk factors and controlling them to
maintain security. Various risk assessment methodologies that helps in providing a better
mapping have also been included.
5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

REFERENCES
Books and Journals
Aloul, F. and et.al., 2012. Smart grid security: Threats, vulnerabilities and
solutions. International Journal of Smart Grid and Clean Energy. 1(1). pp.1-6.
Jajodia, S. and et.al., 2011. Moving target defense: creating asymmetric uncertainty for cyber
threats (Vol. 54). Springer Science & Business Media.
Kritzinger, E. and von Solms, S. H., 2010. Cyber security for home users: A new way of
protection through awareness enforcement. Computers & Security. 29(8). pp.840-847.
Lu, Z. and et.al., 2010, October. Review and evaluation of security threats on the communication
networks in the smart grid. In Military Communications Conference, 2010-MILCOM
2010 (pp. 1830-1835). IEEE.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security. 38. pp.97-102.
6