Cyber Security Report: Security Plan, Countermeasures, and Training
VerifiedAdded on 2022/10/18
|14
|3027
|5
Report
AI Summary
This report delves into the critical role of cybersecurity in safeguarding vital organizational information from potential threats. It outlines the essential steps for effective information security management, emphasizing the need for a robust security team dedicated to protecting data confidentiality. The report highlights the importance of proactive measures, including the development of a comprehensive security policy and the implementation of countermeasures to mitigate identified risks. Furthermore, it stresses the significance of an awareness program and comprehensive data confidentiality training for all staff members. The report covers key aspects such as organizational security plans, various security countermeasures (physical and electronic), security awareness training programs, and organizational security policies. It discusses the identification of security risks, treatment strategies, and the crucial role of security controls in maintaining data integrity, confidentiality, and availability. The report also examines the importance of physical security, electronic countermeasures, and the role of security awareness training in mitigating cyber threats. It concludes by emphasizing the need for a well-defined organizational security policy to protect technological and business assets.
Running head: CYBER SECURITY
Cyber Security
Name of the Student:
Name of the University:
Author note:
Cyber Security
Name of the Student:
Name of the University:
Author note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1CYBER SECURITY
Executive Summary
This report deals with the role cybersecurity plays in order to protect the vital information
from potential security threats, and all the steps are mentioned which are undertaken for
information security management of the organisation. It is required to build a strong security
team for the organisation, which play a vital role in administrating the confidentiality of data
from accidental or deliberate threats. It helps to avoid potential security risks, and it is
essential to design a safety policy for the organisation along with the necessary
countermeasure, which identifies and manage the threats. Also, provide the implantation of
an awareness program and the comprehensive data confidentiality training for all the staffs of
the organisation.
Executive Summary
This report deals with the role cybersecurity plays in order to protect the vital information
from potential security threats, and all the steps are mentioned which are undertaken for
information security management of the organisation. It is required to build a strong security
team for the organisation, which play a vital role in administrating the confidentiality of data
from accidental or deliberate threats. It helps to avoid potential security risks, and it is
essential to design a safety policy for the organisation along with the necessary
countermeasure, which identifies and manage the threats. Also, provide the implantation of
an awareness program and the comprehensive data confidentiality training for all the staffs of
the organisation.
2CYBER SECURITY
Table of Contents
Introduction................................................................................................................................4
The organizational security plan................................................................................................5
Security Countermeasures..........................................................................................................6
Physical countermeasures......................................................................................................7
Electronic countermeasures...................................................................................................7
The security-awareness training program in an organisation....................................................9
The organizational security policy...........................................................................................10
Conclusion................................................................................................................................12
References................................................................................................................................13
Table of Contents
Introduction................................................................................................................................4
The organizational security plan................................................................................................5
Security Countermeasures..........................................................................................................6
Physical countermeasures......................................................................................................7
Electronic countermeasures...................................................................................................7
The security-awareness training program in an organisation....................................................9
The organizational security policy...........................................................................................10
Conclusion................................................................................................................................12
References................................................................................................................................13
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3CYBER SECURITY
Introduction
Information is the most sensitive organisational assets. In an organisation, information
is the most valuable thing, and it should be protected appropriately. Security ensures the
confidentiality and integrity of data security for an organisation. Data security is necessary so
that it can protect the information form deliberate attacks or prevent the information from
data theft. The internet is an open-source platform which enables businesses and organisation
to adopt the new technologies quickly. An organisation stores various types of data. This can
lead to a loss for the organisation . This allows users to access the information, share that
information through the use of the internet. This can prove a significant weakness in the
scenario of information security. Since the internet is simultaneously accessed by various
people, therefore, there is a chance of numerous security attacks from worms, viruses and
malicious software. Also, there is a different cyber attacker who keeps their eye on the
sensitive data and the financial information to steal the data. Today most of the organisation
faces various problem regarding data security, and they lost their crucial information,
financial information (Hettiarachchi & Wickramasinghe, 2016). Therefore, it is required to
build a strong security team to monitor the data security of the organisation. However,
security awareness regarding the data has been effective increases. Most the organisations are
developing security guidelines and a robust training program to protect the information. This
case study deals with the possible threat that corrupt or destroy the data, the functionality of
the security management team who keeps monitoring in order to prevent accidental threats.
This issues required to be urgently removed and for this, it is necessary to implement a
technical system which is reasonably competent and efficient in maintaining document and
database management security.
Introduction
Information is the most sensitive organisational assets. In an organisation, information
is the most valuable thing, and it should be protected appropriately. Security ensures the
confidentiality and integrity of data security for an organisation. Data security is necessary so
that it can protect the information form deliberate attacks or prevent the information from
data theft. The internet is an open-source platform which enables businesses and organisation
to adopt the new technologies quickly. An organisation stores various types of data. This can
lead to a loss for the organisation . This allows users to access the information, share that
information through the use of the internet. This can prove a significant weakness in the
scenario of information security. Since the internet is simultaneously accessed by various
people, therefore, there is a chance of numerous security attacks from worms, viruses and
malicious software. Also, there is a different cyber attacker who keeps their eye on the
sensitive data and the financial information to steal the data. Today most of the organisation
faces various problem regarding data security, and they lost their crucial information,
financial information (Hettiarachchi & Wickramasinghe, 2016). Therefore, it is required to
build a strong security team to monitor the data security of the organisation. However,
security awareness regarding the data has been effective increases. Most the organisations are
developing security guidelines and a robust training program to protect the information. This
case study deals with the possible threat that corrupt or destroy the data, the functionality of
the security management team who keeps monitoring in order to prevent accidental threats.
This issues required to be urgently removed and for this, it is necessary to implement a
technical system which is reasonably competent and efficient in maintaining document and
database management security.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CYBER SECURITY
The organizational security plan
A policy or scheme that makes a clear direction, vision and arrangements of the
organisation to how, when and what it wants to attain which is required for the security of the
organisation is known as security plan. The organisation develop its security plan to articulate
its security policy to match their objectives and priorities. The designing of a security plan for
different fields is different. The security plan reveals the mitigation strategies which is
appropriate to the various levels of threat and protective safety requirements, risk tolerances
and risks factors associated with its assets (Sennewald & Baillie, 2015). A security plan can
be defined as a living document which requires adjustment to ensure the main objectives of
the security risks and requires review to monitoring all the necessary changes in the various
field in the case of data security associated with emerging threats.
In general, security plan can be described as a specific approach, resources and the
responsibilities that are applied to manage security risks. The security plan of the organisation
allows different components to evaluate the risks in order to protect people, assets,
information. Security planning consists of designing, monitoring, implementing, continually
improving and reviewing practices for managing security risk (Ndungu & Kandel, 2015). A
security plan manages all the risks across various field (information, governance, physical
and personnel) of data security so that it can identify the resources from which the risk and
threat occur. The security plan includes:
Identification of security risk – which are comprehensive and structured processes to
address the security risk, to analyse the risks factors, evaluates various security risks and
determine the steps to reduce the risks.
The organizational security plan
A policy or scheme that makes a clear direction, vision and arrangements of the
organisation to how, when and what it wants to attain which is required for the security of the
organisation is known as security plan. The organisation develop its security plan to articulate
its security policy to match their objectives and priorities. The designing of a security plan for
different fields is different. The security plan reveals the mitigation strategies which is
appropriate to the various levels of threat and protective safety requirements, risk tolerances
and risks factors associated with its assets (Sennewald & Baillie, 2015). A security plan can
be defined as a living document which requires adjustment to ensure the main objectives of
the security risks and requires review to monitoring all the necessary changes in the various
field in the case of data security associated with emerging threats.
In general, security plan can be described as a specific approach, resources and the
responsibilities that are applied to manage security risks. The security plan of the organisation
allows different components to evaluate the risks in order to protect people, assets,
information. Security planning consists of designing, monitoring, implementing, continually
improving and reviewing practices for managing security risk (Ndungu & Kandel, 2015). A
security plan manages all the risks across various field (information, governance, physical
and personnel) of data security so that it can identify the resources from which the risk and
threat occur. The security plan includes:
Identification of security risk – which are comprehensive and structured processes to
address the security risk, to analyse the risks factors, evaluates various security risks and
determine the steps to reduce the risks.
5CYBER SECURITY
Treatments of security risk – which are coordinated, coefficient and considered
resources and actions that are required to lessen or mitigate the negative or likely
consequences of various risks (You, Cho & Lee, 2016). Regardless of security concerns, the
essential things that should be kept in mind of managing multiple security risks are:
It is the responsibility of the businesses to manage their risks from a different
perspective including contractors, and it must be supported by the safety awareness
training
The management of security risks is systematic, transparent and logical that every
organisation needs to employ in the management process of security risks
The security process helps to identify the changes in the threats that occur in the
business organisation, balancing the operational factors, maintain various levels of
security risks and security needs.
Security Countermeasures
The security controls such as various documented processes and the countermeasures
such as firewalls that are used to prevent the integrity, confidentiality and availability of
information and data in an organisation.
Physical countermeasures
Physical security can be defined as a group of security measures which ensure that
only the authorised employees have the access permission on the organisational resources,
assets and other equipment's facilitates (Norman, 2016). It consists of a broad range of
procedures in order to determine potential intruders, which is also a technology based
Treatments of security risk – which are coordinated, coefficient and considered
resources and actions that are required to lessen or mitigate the negative or likely
consequences of various risks (You, Cho & Lee, 2016). Regardless of security concerns, the
essential things that should be kept in mind of managing multiple security risks are:
It is the responsibility of the businesses to manage their risks from a different
perspective including contractors, and it must be supported by the safety awareness
training
The management of security risks is systematic, transparent and logical that every
organisation needs to employ in the management process of security risks
The security process helps to identify the changes in the threats that occur in the
business organisation, balancing the operational factors, maintain various levels of
security risks and security needs.
Security Countermeasures
The security controls such as various documented processes and the countermeasures
such as firewalls that are used to prevent the integrity, confidentiality and availability of
information and data in an organisation.
Physical countermeasures
Physical security can be defined as a group of security measures which ensure that
only the authorised employees have the access permission on the organisational resources,
assets and other equipment's facilitates (Norman, 2016). It consists of a broad range of
procedures in order to determine potential intruders, which is also a technology based
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6CYBER SECURITY
procedure. A well develops physical security prevents the equipment's, facility and resources
against theft, natural disaster, vandalism, terrorist attack, sabotage, malicious attack or some
other cyber-attack. The security perimeter in an organisation has defined the facilities so that
it can be able to enforce various security countermeasures.
Most of the organisation often apply copy-paste style in the scenario of physical-
security, and they often do the same that other companies are doing in order to develop
security (Mann, 2017). However, this approach is practical whenever both the companies are
of the same, and it is not valid when the company differs. This problem can be overcome by
starting risk-based physical-security planning and not following and keeping a standard
document which includes the operating techniques for organisational security. There is no
security awareness, and they have not conducted any workshop or training for their staffs.
Electronic countermeasures
Data protection – The encryption technique provides protection to data files and
archives.
Misuse and fraud detection - In an organisation, multiple resources are simultaneously
shared by various staffs or employees. Therefore there is a chance of data misuse and
fraud in case of virtual or physical participation by many people ("Protective Security
| Australian Security Intelligence Organisation", 2019). Activity monitoring and
logging can be used to keep track of the activity of the organisation, and this
forensically examines what transpired.
Malicious queries or injection - The application layer provide protection against
parsing of a built-in database, dynamic masking, filtering and query interception, and
monitoring the activity all are caused by the malicious questions and thwart injection.
procedure. A well develops physical security prevents the equipment's, facility and resources
against theft, natural disaster, vandalism, terrorist attack, sabotage, malicious attack or some
other cyber-attack. The security perimeter in an organisation has defined the facilities so that
it can be able to enforce various security countermeasures.
Most of the organisation often apply copy-paste style in the scenario of physical-
security, and they often do the same that other companies are doing in order to develop
security (Mann, 2017). However, this approach is practical whenever both the companies are
of the same, and it is not valid when the company differs. This problem can be overcome by
starting risk-based physical-security planning and not following and keeping a standard
document which includes the operating techniques for organisational security. There is no
security awareness, and they have not conducted any workshop or training for their staffs.
Electronic countermeasures
Data protection – The encryption technique provides protection to data files and
archives.
Misuse and fraud detection - In an organisation, multiple resources are simultaneously
shared by various staffs or employees. Therefore there is a chance of data misuse and
fraud in case of virtual or physical participation by many people ("Protective Security
| Australian Security Intelligence Organisation", 2019). Activity monitoring and
logging can be used to keep track of the activity of the organisation, and this
forensically examines what transpired.
Malicious queries or injection - The application layer provide protection against
parsing of a built-in database, dynamic masking, filtering and query interception, and
monitoring the activity all are caused by the malicious questions and thwart injection.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CYBER SECURITY
Snooping - The unauthorised queries or data inspection detected in the network can be
identified by the network-layer encryption.
The exploitation of code weaknesses - Patch management and configuration are two
main principles that are used to fix the flaws that occur in a database ("Australia’s
Cyber Security Strategy", 2019). In this situation, the virtual patching and application
layer protections helps as well.
Transactional integrity - It should be applied in the application layer so that the
database can understand the transaction performed by the system.
Compartmentalisation - The database system that stores all the information of the
organisation is inherently multitenant. The method constructs such as features,
schemas, group-based access and the facilities to valid data access through the
provided capabilities.
There are various countermeasures that can be applied for enhancing the security in the
information security system. Both the software and hardware countermeasures can be used to
protect the information. The examples include the following:
Anti-spyware and anti-virus applications provide protection against malware
(malicious software), including Trojans, adware and viruses.
Routers are used to mask the IP (Internet Protocol) addresses of the network.
Firewalls provide a facility to the authorised person to access the network.
Behavioural techniques are applied by the users to prevent threats or risks such as
doubtful email attachments.
The physical security in the organisations prevents network traffic and hacking.
Snooping - The unauthorised queries or data inspection detected in the network can be
identified by the network-layer encryption.
The exploitation of code weaknesses - Patch management and configuration are two
main principles that are used to fix the flaws that occur in a database ("Australia’s
Cyber Security Strategy", 2019). In this situation, the virtual patching and application
layer protections helps as well.
Transactional integrity - It should be applied in the application layer so that the
database can understand the transaction performed by the system.
Compartmentalisation - The database system that stores all the information of the
organisation is inherently multitenant. The method constructs such as features,
schemas, group-based access and the facilities to valid data access through the
provided capabilities.
There are various countermeasures that can be applied for enhancing the security in the
information security system. Both the software and hardware countermeasures can be used to
protect the information. The examples include the following:
Anti-spyware and anti-virus applications provide protection against malware
(malicious software), including Trojans, adware and viruses.
Routers are used to mask the IP (Internet Protocol) addresses of the network.
Firewalls provide a facility to the authorised person to access the network.
Behavioural techniques are applied by the users to prevent threats or risks such as
doubtful email attachments.
The physical security in the organisations prevents network traffic and hacking.
8CYBER SECURITY
The IDS (Intrusion-detection-systems) prevents or block unauthorised access to the
system.
The security-awareness training program in an organisation
The security-awareness training can be defined as the process for teaching staffs about
computer security. A well implemented security-awareness program offers training for the
employees about the corporate policies, procedures and rules to working with the IT (Bahr,
2018). The employees must receive a notification if anyone does misuse with their valuable
data. The regular training is necessary to give to the employees even if they are on contract or
temporary staffs in an organisation with the highest turnover rates. In an organisation,
everyone required to play a vital role in case of success of training program and security
awareness (Demirkesen & Arditi, 2015). The standard security operating document consists
of four crucial stages in the life cycle of an information technology training program and
security awareness:
Awareness in case of designing a training program – in this stage, an agency needs to conduct
a training program which is approved and developed ("What is Cyber Security? Definition,
Best Practices & More", 2019)
. This strategic document identifies all the implementation tasks that require to be
performed to established security training goals.
Awareness in case of development of training material – in this stage, the main focus
is on the availability of training content, scopes, sources and the implementation of
training material.
Program implementation – This stage identifies the effective communication of the
training program and security awareness (Shin, Gwak & Lee, 2015). It also identifies
The IDS (Intrusion-detection-systems) prevents or block unauthorised access to the
system.
The security-awareness training program in an organisation
The security-awareness training can be defined as the process for teaching staffs about
computer security. A well implemented security-awareness program offers training for the
employees about the corporate policies, procedures and rules to working with the IT (Bahr,
2018). The employees must receive a notification if anyone does misuse with their valuable
data. The regular training is necessary to give to the employees even if they are on contract or
temporary staffs in an organisation with the highest turnover rates. In an organisation,
everyone required to play a vital role in case of success of training program and security
awareness (Demirkesen & Arditi, 2015). The standard security operating document consists
of four crucial stages in the life cycle of an information technology training program and
security awareness:
Awareness in case of designing a training program – in this stage, an agency needs to conduct
a training program which is approved and developed ("What is Cyber Security? Definition,
Best Practices & More", 2019)
. This strategic document identifies all the implementation tasks that require to be
performed to established security training goals.
Awareness in case of development of training material – in this stage, the main focus
is on the availability of training content, scopes, sources and the implementation of
training material.
Program implementation – This stage identifies the effective communication of the
training program and security awareness (Shin, Gwak & Lee, 2015). It also identifies
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9CYBER SECURITY
the possibilities of delivery of training materials (distance learning, web-based, on-
site, video, etc.) and security awareness.
Post-implementation – This stage provides support for the program, monitor the
program and evaluate the effectiveness of the program. Practical feedback approaches
are surveys, benchmarking, focus groups, etc.
The standard operating document should maintain three basic models that are used to
manage security training functions as well. The models are:
Centralised: It defines all the roles, and responsibilities exist in the central authority,
for example, a security programmer in IT and CIO in an organisation.
Partially Decentralised: It defines the strategy and training policy that exists in the
central authority. However, the implementation of functionalities is distributed.
Fully Decentralised: It defines the only development policy that resides within a
central authority along with all the functionalities.
The organizational security policy
The primary purpose of all security planning is to ensure that the technological and
business assets of an organisation are protected. The information technology security
policy will help to draw a safety plan that identifies the procedures and rules for
individuals (Peltier, 2016). Every individual of the organisation using and accessing the
resources and IT assets of an organisation. An effective IT security policy can be defined
as a model of an organisational culture, which consists of procedures and rules
determined by the information and work approach of various employees. Therefore an
effective security program is a unique document for every organisation, refined from the
the possibilities of delivery of training materials (distance learning, web-based, on-
site, video, etc.) and security awareness.
Post-implementation – This stage provides support for the program, monitor the
program and evaluate the effectiveness of the program. Practical feedback approaches
are surveys, benchmarking, focus groups, etc.
The standard operating document should maintain three basic models that are used to
manage security training functions as well. The models are:
Centralised: It defines all the roles, and responsibilities exist in the central authority,
for example, a security programmer in IT and CIO in an organisation.
Partially Decentralised: It defines the strategy and training policy that exists in the
central authority. However, the implementation of functionalities is distributed.
Fully Decentralised: It defines the only development policy that resides within a
central authority along with all the functionalities.
The organizational security policy
The primary purpose of all security planning is to ensure that the technological and
business assets of an organisation are protected. The information technology security
policy will help to draw a safety plan that identifies the procedures and rules for
individuals (Peltier, 2016). Every individual of the organisation using and accessing the
resources and IT assets of an organisation. An effective IT security policy can be defined
as a model of an organisational culture, which consists of procedures and rules
determined by the information and work approach of various employees. Therefore an
effective security program is a unique document for every organisation, refined from the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10CYBER SECURITY
people's perspective of tolerance of risks, how people see the information, value the
information and maintain the information (Bauer & Bernroider, 2017). This is the reason,
many organisation will discover a boilerplate information technology safety plan, because
of the lack of consideration in the organisation that how people actually see and share the
information to the public or use the data among themselves (Safa, Von Solms & Furnell,
2016). There are the three rules; these are confidentiality of data, the integrity of data and
the availability of data security that compose the CIA-triad:
1. Confidentiality – The confidentiality refers to the protection of the organisational
assets such as personal data, financial data from unauthorised access.
2. Integrity – The integrity refers to the accurate data, this means that there is no data
modification happened in an authorised or specified manner
3. Availability – The availability refers to the state in a system, in which the authorised
user can continue their access to accurate information
The security policy associated with information technology are the regulations that
administrate the industry. It is the living document of an organisation ("About |
Cyber.gov.au", 2019). The institutions ISO and U.S. NIST have circulated best practises and
standards for information security.
people's perspective of tolerance of risks, how people see the information, value the
information and maintain the information (Bauer & Bernroider, 2017). This is the reason,
many organisation will discover a boilerplate information technology safety plan, because
of the lack of consideration in the organisation that how people actually see and share the
information to the public or use the data among themselves (Safa, Von Solms & Furnell,
2016). There are the three rules; these are confidentiality of data, the integrity of data and
the availability of data security that compose the CIA-triad:
1. Confidentiality – The confidentiality refers to the protection of the organisational
assets such as personal data, financial data from unauthorised access.
2. Integrity – The integrity refers to the accurate data, this means that there is no data
modification happened in an authorised or specified manner
3. Availability – The availability refers to the state in a system, in which the authorised
user can continue their access to accurate information
The security policy associated with information technology are the regulations that
administrate the industry. It is the living document of an organisation ("About |
Cyber.gov.au", 2019). The institutions ISO and U.S. NIST have circulated best practises and
standards for information security.
11CYBER SECURITY
Conclusion
The information or data security is essential in an organisation. It is necessary to keep
secure all the information in an organisation. Information security will provide protection
against data theft or any misuse of data. The data confidentiality is important for any
organisation since it protects confidential data, enables organisational procedures, and
enables the safe operation that helped to implement the organisation's information system.
The information’s or data are the assets of any organisation, and there are many challenges to
manage and protect the data as well. The most common challenges faced by the organisation
is the lack of understanding of the importance of data security. When there is a lack of
knowledge in employees in order to keep their information secure, the intruders or attacker
try to steal the organisation confidential data. Therefore, it is important and crucial to all
employees in the organisation to have a well understanding and knowledge about data
security to protect confidential information.
Conclusion
The information or data security is essential in an organisation. It is necessary to keep
secure all the information in an organisation. Information security will provide protection
against data theft or any misuse of data. The data confidentiality is important for any
organisation since it protects confidential data, enables organisational procedures, and
enables the safe operation that helped to implement the organisation's information system.
The information’s or data are the assets of any organisation, and there are many challenges to
manage and protect the data as well. The most common challenges faced by the organisation
is the lack of understanding of the importance of data security. When there is a lack of
knowledge in employees in order to keep their information secure, the intruders or attacker
try to steal the organisation confidential data. Therefore, it is important and crucial to all
employees in the organisation to have a well understanding and knowledge about data
security to protect confidential information.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.