Cybersecurity in Corporate Governance: Comprehensive Report Analysis

Verified

Added on 2023/06/07

AI Summary

This report delves into the critical intersection of cybersecurity and corporate governance, emphasizing the importance of protecting organizational systems, data, and information from cyber-attacks. It begins by defining cybersecurity and highlighting the potential consequences of security breaches, including financial losses, reputational damage, and asset loss. The report underscores that all organizations are vulnerable and need robust security measures, including strong passwords, anti-virus software, and proactive risk management. It argues that cybersecurity is a board-level issue, requiring technical expertise, guiding policies, and staff training. The report then analyzes ways to improve cyber resilience, including developing a cyber-resilience plan, implementing technical measures like firewalls and data encryption, and training employees. It emphasizes the need for data breach response plans, secure device management, software inventory, and anti-malware solutions. The report also suggests practical practices to initiate cyber resilience policies, such as biometrics, facial recognition, IPV6, firewalls, encryption, and backup systems. It concludes by stressing the importance of keeping up with technological advancements and the need for corporate governance to adopt these new technologies to enhance security and protect data and information from attackers.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Cyber Security 1
A REPORT ON CYBER SECURITY IN CORPORATE GOVERNANCE
By (Name)
Name of the class (course)
Professor
Name of the school (university)
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cyber Security 2
INTRODUCTION
Cybersecurity is the protection of connected systems such as networks, computers,
programs, information, and data from unauthorized access who can alter, damage, or steal
important information in an organization (Zubilevych 2017). It enhances the safety of both
physical devices, hardware, and software from malicious people. Having effective cyber security
helps minimize risks of cyber-attacks or hacks and protects the unethical use of the systems,
technology, and the network of an organization.
There are tough consequences if you do not protect your systems from cyber-attacks
(Herzog 2011). It can lead to loss of finance to the organization, build a bad reputation and will
later lead to loss of important assets. Any organization is at risk of cyber-attack because the
attackers do not discriminate. They can attack organizations which assume that they cannot be
attacked. Therefore, there is a need to secure organization’s systems and technologies. The login
credentials should have strong passwords which cannot be guessed by anybody for the security
purpose of information and data from hackers and attackers.
These passwords should be private and confidential for the administrators and users only.
This ensures that there is no unauthorized access to the systems. Some attackers input viruses to
the systems which corrupt the information which leads to failure of good performance of the
organization and can easily lead to losses if the systems do not have antiviruses. Some
companies have not yet adopted the cybersecurity measures and the directors think that they
know the threats and risks hence they have not taken any action or measure to prevent cyber-
crimes (Abrams and Weiss 2008). They are waiting until the company gets a risk of data loss so
that they can take the required measures for which it might be too late.

Cyber Security 3
The magnitude of occurrence of cybersecurity threats qualifies it to become a board level
issue. It is the work of the board to ensure that the systems of the organization are well protected
and ready to deal with security breaches which may come anytime. Failure to take that action
causes a huge cost burden to solve the problem. The board should not fear the issue of
cybersecurity (Zubilevych 2017). It should ensure that it has enough and reliable technical
expertise and also make sure that guiding policies and principles are put into practice and
followed well. The directors should emphasize on policies, strategies, and management of
training staff on Information Technology and company risk management plan.
To manage the cybersecurity issue well, the organization should adopt a top-down
procedure. Cyber threats are a great risk in both economic and national security risk that most
organizations face. The board of directors should create awareness of the threats and put
measures of detecting intrusion of viruses or unauthorized access and how to deal with them in
case they had already intruded (Herzog 2011).
Cyber resilience is the preparedness of an organization to withstand cyber-attacks and
breaches during its business operation (Björck et al. 2015). Security personnel has put in place
measures to detect and protect threats and cyber-crimes. If they do not safeguard the information
and data of the organization, the entire business may fall down and lead to great losses (Haimes
2009).
According to Bodeau, Graubart and Fabius-Greene (2010), we can integrate cyber
security and resilience protocols through developing a strategy, effective training of people
involved in developing and maintaining resilience protocols and cybersecurity, prioritizing

Cyber Security 4
emerging threats and ensuring cyber resilience is at the forefront. Integrating them will keep the
corporate alive with high performance.
ANALYSIS ON WAYS OF IMPROVING CYBER RESILIENCE AND INTEGRATING IT
WITH CYBER SECURITY
Cyber risks at the board level are increasing hence there is need to improve cyber
resilience according to Goldman, McQuaid, and Picciotto (2011). First, there is a need to have a
cyber-resilience plan in the organization. This plan should incorporate some key issues such as
implementing technical measures like (firewalls, data encryption, and authentication of people
accessing the system), training employees on how to detect and protect cyber risks, and
identifying data and services.
Data breach response plan should also be incorporated in the plan to manage data from
being accessed by unauthorized access as it can be altered, changed or deleted permanently
(Saini, Rao and Panda 2012.). This plan should be checked regularly. Organizations should
always ensure there is protection of their data and information every time both data at hand and
subcontracted service providers. The board should observe the fiduciary obligation so that they
can be trusted in the organization as well as other officials and employees.
Organizations are recommended to go through their insurance agreements and see if there
are appropriate cyber risks insurance investment although this method has not been largely used.
Another way to improve is to build and manage all devices by using secure setups. By doing this,
the security of data and information in the devices is well taken care of. This can be developed

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cyber Security 5
with high skills with incorporations of strong password credentials which should be confidential
(Müller, Koslowski, and Accorsi 2013).
There is also a need to keep records and inventories of all devices which access the
organization’s system whether authorized or unauthorized (Goldman, McQuaid, and Picciotto
2011). This will help detect and track any device which could be a threat to the system.
Unauthorized people may log in or hack a system of an organization to obtain some information
or alter some important and crucial information. In this way, their devices which they used to
attack the system can be tracked down and followed. Their locations too will be tracked hence
they can be filed in a court of law.
Keeping records of all authorized and unauthorized software is also a way of improving
cyber resilience. A software can be very genuine and will not have a bad effect on the system as
they are added to improve the performance of the business and enhance great survival of the
business (Ho Wu and Xu 2011). Other people may add malware software which will damage and
alter the functioning of the system leading to inconvenience in the business. It can lead to losses
too. The cost of repairing the damage may be very high if they do not have the records to track,
detect and solve the problem. There is a need to have anti-malware to block and prevent malware
software. The organization can set an alarm in case of unauthorized access of a business system
to alert them so that they can take the appropriate measures.
Many organizations have failed to keep up with technological risks and solutions that the
new innovation provide in their business because they think that they are technology-related
issues. This is why some directors in organizations do not even talk about the issue of
cybersecurity in their board meetings. This is a big threat to business because it can make the
business to incur a lot of money to minimize cybercrimes (Cebula and Young (2010).

Cyber Security 6
Every organization should keep up with the technological risks and the solutions for good
performance and survival of the business. Some leaders are not ready to handle cases and issues
to deal with cyber-crimes. They fear they may not be able to protect the business from hackers
and the cost to cater for issues like breaching may be too much. According to Cebula and Young
(2010), the board of management should meet and discuss cybersecurity and identify assets or
systems which are at a high risk of being attacked by attackers.
This will enable them to make the correct choices hence even if they spend a lot of
money in implementing the idea, they will protect their information and that of their customers
and consumers. Implementing this idea will enhance good business performance. The board
should assess, test, and evaluate all systems including the control systems of the risks for
protection of important data and information (Zhang, et al. 2010). They should do some changes
in their business process which will ensure that the board’s target and objectives are achieved.
They can adopt the new technology and innovations provided such as automating tasks being
done manually and processes to improve efficiency and reduce costs which will save the
organization from spending a lot (Otim et al. 2012)
They should not fear to deal with risk management and cybersecurity because if they
ignore it can cost them a lot of money. Organizations are encouraged to adopt and keep up with
the new technology such as digital platforms, social media which they can use for advertisements
and promotions, and also cloud computing (Zhang, et al. 2010).
These technologies need enough security to protect data and information about the
organization from attackers. The security measures ensure the safety of data by protecting three

Cyber Security 7
key terms which are confidentiality, integrity, and availability of data, information, and network
too (Ho, Wu and Xu, 2011).
EXAMPLES OF PRACTICES TO ADOPT TO INITIATE CYBER RESILIENCE POLICY
Use of biometrics in the organization. The board of governance should implement the use
of biometrics in the company to get biometric data of anyone accessing the company’s systems.
This will reduce the rates of interfering with data and information of the business by
unauthorized users who may chip in and alter the data in the database. This enhances storage of
the correct information of day to day activities of the organization (Harrop and Matteson 2015).
Use of facial recognition. This will unveil the face of anybody in any room they get into
or where they work. This will prevent malicious people from accessing the rooms they are not
supposed to be in. This system is made to open the door after recognizing the face of the
authorized personnel. Unauthorized personnel is not allowed to get in (Linkov et al. 2013).
Use of internet protocol version 6. This practice will protect the network of the
organization from external intrusion. The corporate governance should ensure that the network is
very secure from any attack by installing IPV6 which is very strong (Perlman, Kaufman and
Speciner 2016).
Use of firewalls. According to Stewart (2013), the board should protect their network
from malicious messages which may be sent by hackers or attackers to destroy their network so
that they can get a good chance to hack it. It should ensure that there is installation of enough
firewalls which will filter messages coming in and also outgoing messages too. In this case, no
malicious messages will get into the network of the company.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber Security 8
The corporate governance should get an expert in information technology security who
can encrypt and decrypt data and information. They should ensure that they store their
information in an encrypted form so that it can be meaningless to anybody who tries to hack
(Zhang, et al. 2010). This data will not be readable to people until it is decrypted by information
technology security personnel. This is a safer method of storing data although some geeks may
be able to hack and decrypt the information.
The board should also adopt a practice of having a backup system somewhere else, can
be far from the organization, which will have a similar data like the one in the organization
(Linkov et al. 2013). This will save the organization from losing data in case the data in the
organization is corrupted, intruded by a virus, a failure of the system or a breakdown of the
system. The backup should also be safe from attackers.
The corporate should not forget to provide a security officer to protect the room where
the main server or system is kept from being accessed by unauthorized personnel. The room
should stay under key and lock unless if the information technology experts are there. The
security officer should not favor some people by allowing them to get in the main server or
system room. It should be a person with integrity and a trusted one who cannot betray the
organization (Krotofil and Cárdenas 2013).
The board should also impose laws and rules governing misuse of corporate systems.
Anyone who breaks the rules and regulations should be dealt with according to the law
governing cybercrimes. Nobody is allowed to change information in the system without being
authorized otherwise it will be a crime punishable by law (Caldwell and Hayes 2010).

Cyber Security 9
These practices will enable the organization to deal with any cyber-crime. The employees
and leaders too should have good company behavior if they really want to progress well while
gaining good performance with high profit (Caldwell and Hayes 2010). The board should also be
aware of the risks it can handle and set risk appetite too.
CONCLUSION
These practices do not mean that an attacker cannot access your information. A
determined one will always get a way to penetrate and access your information. This can be
minimized by having strong cybersecurity controls and the organization business will run way
better. Cybersecurity should be adopted in all organizations for safety purposes of information
and to keep a high performance of the business (Chari, Devaraj and David 2008).

Cyber Security 10
References
Abrams, M. and Weiss, J., 2008. Malicious control system cyber security attack case study–
Maroochy Water Services, Australia. McLean, VA: The MITRE Corporation.
Björck, F., Henkel, M., Stirna, J. and Zdravkovic, J., 2015. Cyber resilience–fundamentals for a
definition. In New Contributions in Information Systems and Technologies (pp. 311-316).
Springer, Cham.
Bodeau, D.J., Graubart, R. and Fabius-Greene, J., 2010, August. Improving cyber security and
mission assurance via cyber preparedness (cyber prep) levels. In Social Computing (SocialCom),
2010 IEEE Second International Conference on(pp. 1147-1152). IEEE.
Caldwell, C. and Hayes, L.A., 2010. Leadership, trustworthiness, and ethical
stewardship. Journal of Business Ethics, 96(4), pp.497-512.
Cebula, J.L. and Young, L.R., 2010. A taxonomy of operational cyber security risks (No.
CMU/SEI-2010-TN-028). CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE
ENGINEERING INST.
Chari, M.D., Devaraj, S. and David, P., 2008. Research note—the impact of information
technology investments and diversification strategies on firm performance. Management
science, 54(1), pp.224-234.
Goldman, H., McQuaid, R. and Picciotto, J., 2011, November. Cyber resilience for mission
assurance. In Technologies for Homeland Security (HST), 2011 IEEE International Conference
on (pp. 236-241). IEEE.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cyber Security 11
Haimes, Y.Y., 2009. On the definition of resilience in systems. Risk Analysis: An International
Journal, 29(4), pp.498-501.
Harrop, W. and Matteson, A., 2015. Cyber resilience: A review of critical national infrastructure
and cyber-security protection measures applied in the UK and USA. In Current and Emerging
Trends in Cyber Operations (pp. 149-166). Palgrave Macmillan, London.
Herzog, S., 2011. Revisiting the Estonian cyber attacks: Digital threats and multinational
responses.
Ho, J.L., Wu, A. and Xu, S.X., 2011. Corporate governance and returns on information
technology investment: Evidence from an emerging market. Strategic Management
Journal, 32(6), pp.595-623.
Krotofil, M. and Cárdenas, A.A., 2013, October. Resilience of process control systems to cyber-
physical attacks. In Nordic Conference on Secure IT Systems (pp. 166-182). Springer, Berlin,
Heidelberg.
Linkov, I., Eisenberg, D.A., Plourde, K., Seager, T.P., Allen, J. and Kott, A., 2013. Resilience
metrics for cyber systems. Environment Systems and Decisions, 33(4), pp.471-476.
Müller, G., Koslowski, T.G. and Accorsi, R., 2013, June. Resilience-a new research field in
business information systems?. In International Conference on Business Information
Systems (pp. 3-14). Springer, Berlin, Heidelberg.
Otim, S., Dow, K.E., Grover, V. and Wong, J.A., 2012. The impact of information technology
investments on downside risk of the firm: alternative measurement of the business value of
IT. Journal of Management Information Systems, 29(1), pp.159-194.

Cyber Security 12
Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security: private communication in a
public world. Pearson Education India.
Saini, H., Rao, Y.S. and Panda, T.C., 2012. Cyber-crimes and their impacts: A
review. International Journal of Engineering Research and Applications, 2(2), pp.202-209.
Stewart, J.M., 2013. Network Security, Firewalls and VPNs. Jones & Bartlett Publishers.
Zhang, X., Wuwong, N., Li, H. and Zhang, X., 2010, June. Information security risk
management framework for the cloud computing environments. In Computer and Information
Technology (CIT), 2010 IEEE 10th International Conference on (pp. 1328-1334). IEEE.
Zubilevych, A.V., 2017. CYBER SECURITY IN BUSINESS.