INF80043: Cyber and Digital Risk Executive Briefing Paper Analysis

Verified

Added on 2022/12/23

AI Summary

This executive briefing paper addresses cyber and digital risks as a crucial responsibility for the Young Acorn Foundation (ACORN). The report highlights the increasing threats in the digital landscape, including organized crime, data breaches, and corporate espionage. It emphasizes the importance of board-level oversight, proactive risk management, and the development of a comprehensive cybersecurity strategy. The paper discusses key questions for the Senior Executive Team of Acorn, covering securing vital information resources, understanding the threat landscape, and adopting a risk-based approach to cybersecurity. The report suggests recommendations such as prioritizing material cyber risks, maintaining a risk register, and ensuring input from various departments, including physical security, privacy, and crisis management. The paper advocates for independent third-party reviews and a continuous focus on adapting to the evolving cyber threat landscape, offering a risk-based approach to the organization's cybersecurity strategy.

Running head: CYBER AND DIGITAL RISK
Cyber and Digital Risk
Young Acorn Foundation (ACORN)
Name of the student:
Name of the university:
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1CYBER AND DIGITAL RISK
Executive Briefing on Cyber and Digital Risk as an Executive/Board-level
Responsibility
Purpose:
ACORN or The Young Acorn Foundation is a leading NFP or two-2-not-for-profit business.
Their mission and vision include the promotion of a sustainable society. Here, all the child must be
getting the scope to possess a fair go on life. This would help them to develop as a young adult. The
situation would help them to acquire dignity and achieve enough skills in enriching the community
as well as individual personality. One important aspect of the IS/IT that all the people in the nation
have been actually proud of the current establishment of their data center. It is situated as the east
wing of its headquarter. This is expected to be used extensively for supporting and driving numerous
aspects of their programs and operations. Moreover, they have the constant redundant facility of
backup that is connected to the external having the broadband connections of high speed. Besides,
they are intended to consist of the integrated facility of voice-video-data telecommunication along
with the technology of RAID storage and removable HDD. In this briefing report the cyber and
Digital Risk as an Executive or board-level liability is demonstrated.
Target audience:
Here, the target audience of the Senior Executive Team of Acorn.
Concerns with Cyber and Digital Risk:
Cybersecurity is one of the rapidly evolving and complex concerns that ACORN should be
contending with. It is witnessed that with the rise of social media, cloud computing and mobile
technology, a different type of reports towards important breaches of the proprietary data and ham to

2CYBER AND DIGITAL RISK
the organizational IT infrastructure is rousingly common. In this way it has been changing the risk of
IT landscape at quick speed. As a result the cybersecurity has been regarded as great priority on
various board’s agendas along with its audit committees (Agustina 2015). Further, organized crimes
have been monetizing the cyberspace. It has exploited the vulnerabilities in the systems for
compromising and remotely maintain the computers. They have been found to be recording the
keystrokes, controlling the screen displays and found to be manipulating the users' computers to
divulging the sensitive data. Being borderless, the cyberspace has been permitting the attackers in
routing the assaults with the help of numerous jurisdictions and countries. This has included law
enforcement and complicated investigation (Shin, Son and Heo 2017). Further, ACORN has been
running the risks to lose substantial quantities of sensitive company data to malicious staffs. One can
also be potentially eradicating to the business premises and introducing the malicious software to the
corrupt the company databases along with sabotage network operations. Moreover, the corporate
espionage by ACORN has been commonplace in the field of cyberspace. It is seen that the attacks
are the target of intellectual property that is sensitive in nature (Tonn et al. 2019). Multiple instances
have been there of important firms having the security features getting compromised over for many
months. They have lost substantial quantity of sensitive information while those attacks go on. This
involves the loss of substantial quantity of sensitive information while the attack goes on (Bridges et
al. 2015). Besides, activism has been prevalent within cyberspace having the denial-of-service
attacks and sabotages rising frequently progressing. Previously, they have been attributed to the
groups of hacktivist like anonymous and the rising attacks has been pointing to the official
motivations (Underwood and Ehrenreich 2017).

3CYBER AND DIGITAL RISK
Discussion on Cyber and Digital Risks:
Board level Responsibilities:
The cyberspace has been revolutionizing the time s people work and live. The Internet has
more than three billion users has been powering the financial development, rising collaboration with
innovation along with giving rise to jobs. The protection of key responsibilities resources is of
complex importance to the competitiveness and sustainability of ACORN. The organizations require
to be on the front as per the cyber preparedness. Further, cybersecurity has been though as a crucial
issue of IT instead of any strategic issue of risk management (Choi, Scott and LeClair 2016).
ACORN must gain benefits from controlling the risks drawing on the support of senior management,
risk awareness culture, risk management processes and policies and analysis of risk against the
objectives (Ruan 2017). Here, many benefits have been there to adopt the approach of risk
management to protect the cyber world. These are mentioned hereafter.
Strategic benefits:
For ACORN, the corporate decision making is developed across with great visibility of
exposure of risk for major projects and individual activities around their overall business
(Shackelford 2016).
Financial Benefits:
This is provided through diminishing the losses and developed the potential of ‘value for money’
(Green 2016).
Operational Benefits:
ACORN must be getting prepared for the utmost eventualities and ensure enough number of
contingency plans (Sallam 2015).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4CYBER AND DIGITAL RISK
Hence, a set of questions are developed for Senior Executive Team of Acorn that can assist
and provide support to the current discussions on strategic level risks. This is particularly to assure
that suitable cultures and safeguards are in place.
The key questions for boards and CEOs of Senior Executive Team of Acorn:
Question regarding securing the key information resources:
 How confident has ACORN been that the most vital data has been managed properly and is
safeguarded from the threats of the cyber world?
 Is ACORN clear that their bard can likely be the primary targets?
 Do ACORN has an accurate and complete view of
o the impact of their reputation, sharing the prices or the present as any sensitive
customer or internal data held by them is stolen or lost?
o impact on their business as their online service is disrupted for a sustained or short
time period?
Questions to explore who should comprise the information of ACORN and the reason behind
that:
 Does ACORN receive the constant intelligence from the head of security or chief
information officer on who might be targeting ACORN and the motivation and methods?
 Does ACORN encourage the technical staffs in entering the exchanges of information-
sharing having other business in their sector and around the finance for benchmarking,
learning from the others and helping to determine the rising threats?

5CYBER AND DIGITAL RISK
Questions to understand how pro-active management of cyber risk at the board level has been
critical:
The risk of cybersecurity has been affecting the mergers, share values, reputations, staffs,
cultures, pricing, data, brand, process control, finance and technology. Are ACORN confident that
 ACORN has identified all the primary assets of information and entirely analyze the
vulnerability to attacks?
 Labiality of cyber risk has been allocated suitably? Is that documented on the risk register?
 Does ACORN have the written information security policy at a proper place that has been
championed by them and been supported through constant training of staffs? Are they
confident that the total workforces can understand follow that?
Cybersecurity strategy and the risk oversight of ACORN:
It must be reminded that the security of digital systems has been undermined by various
vulnerabilities in systems and products. The failure for heeding the experts is considered as the main
source regarding vulnerability and a known problem in technology sector. Here, the cultural theory
related to risk perceptions is useful to analyze the issue. This cultural theory can expose the tendency
of few males in underestimating the challenges. This is known as WME o White Male Effect. It is
seen that frequently, at ACORN the information technology has been resenting the bards with the
reports of cybersecurity. These have been technical and lacking the strategic overlay enterprise wise.
Regarding the efficient oversights, ACORN’s boards must be holding their senior management is
accountable for assuring that a concise and clear cybersecurity strategy is there. These must be
understood as per nontechnical terms in place. There must be controls and systems for monitoring
the deployments (Lupton 2016). This should be understood as per the nontechnical terms. This must
be in place beside the controls and systems for monitoring the deployments. It needs constant

6CYBER AND DIGITAL RISK
dialogue occurring between the management and board and sharing useful and accurate data. This
must involve the metrics for tracking performances and deliver accountabilities (Renaud et al. 2018).
Here, a concise and greater level of strategic plan of cybersecurity should be agreed to by ACORN’s
board and the senior management. Derived from the effective and innovative securitization theory,
the plan can theorize cyber security as the different area as specific constellation of referent and
threat objects. This can be linked and articulated with the help of three different types of
securitizations. This comprises of hyper-securitizations, daily security practices with technificatins.
A risk-based strategy must be adopted by cybersecurity:
Rather than the castle-and-moat, the cybersecurity approach must be evolved towards a risk-
based measure. Since the perimeter of defense should never deliver the overall security, the strategy
that is risk-based must concentrate on protecting and prioritizing the crown jewels identified. For
instance, this must include the intellectual property, third-party information and complex method of
networks (Radanliev et al. 2019). Moreover, the risk-based defense must be involving the response
and detection prior to the extra procedures across those crown jewels that could be compromised. It
can be done while stopping the different intruders prior they make inflict of additional types of
reputational and disruptive damage. As the perimeter defenses have been staying significant to deter
the lesser sophisticated attacks, the efficient strategies of cybersecurity have been now allocating the
security resources across ACORN’s processes and information (Radanliev et al. 2019). It has
involved extra layers of security across the most important resources. New techniques and
technologies might need further changes in their strategies. Besides, the boards must be constantly
finding the independent reviews of third-party on policy best practices regarding organizations
having the same industry type, risk profile and size (Radanliev et al. 2019).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CYBER AND DIGITAL RISK
Conclusion:
ACORN must be understanding the resources of cybersecurity are finite. Hence, the strategy
must be concentrating on the utmost material cyber risks. They must be considering the likelihood of
the damages as the risks are understood. For prioritization, ACORN should be maintaining a risk
register that must document all the material cyber risks. This should work as the core repository for
every chance determined by them. It must involve the locations data, points of access, devices of
security and other relevant data. This process of risk prioritization must be preceding the resource
and budget allocation measure to assure the alignment across the risks and resources. Determining
and ranking risks must be accepted, mitigated and transferred to substantial undertaking. The
efficiency depends on the efficiency and quality of knowledge and information individuals making
the recommendations. Here, the board members should be ensured that all the functions at ACORN
are solicited in contributing to the development of strategy. People who are liable for physical
security, privacy, law and particularly the crisis management must provide the integral type of input.
Besides, ACORN must have the particular regulatory challenges woven into that strategy. As the
element of risk prioritization measure, the senior management must be delivering detailed
recommendations regarding the plan to ACORN’s board. This must involve the risks transferred,
mitigated or accepted through cyber insurances.
Recommendations:
The cybersecurity has been escalating very quick and in a highly public way. Here, the
entities at everyplace have been scrambling for regaining the ground and then they have been
keeping up with the cyber threat evolving. The same leaders, companies, industries, regulators and
governments have been fetching for the proper approaches and addressing the dynamic and complex
issues. Hence, it is of no surprise that the best practices of cybersecurity strategy pubic policies and

8CYBER AND DIGITAL RISK
standards have been highly fluid and found to be multiplying quickly. Hence, it is unclear that the
standards have been turning to be viewed widely as the best practices and the rules have been
varying as per every company and industry size. The management and boards must be agreeing on
the most effective approach for ACORN. They must include the worldwide accepted standards of
technology and practices and guidelines that must involve the COBIT 5, ISA 62443 and ISO 27001.
Thus must require the five type of functions that can comprise the cybersecurity risk foundations for
ACORN. They are listed below.
 Identifying:
o ACORN must develop an organizational understanding of the entire context of cyber
risk. This must involve resource management like communication flow, devices data
and systems, various business environments like activities, objectives and risk
productions. This must include the governance where all the part of ACORN should
be knowing the role and prove to be accountable.
 Protection:
o ACORN must be deploying the securities against intrusions. This must involve the
training, awareness and controlling the security of data, the process of information
protections, protection and maintenance technologies.
 Detection:
o They must enable the finding of the breach of cybersecurity to the extent that the
harm from the intrusions is made from intrusions from surveillances. This must
involve the discovery of events and anomalies, constant monitoring of security and
process of detections.
 Responds:

9CYBER AND DIGITAL RISK
o ACORN should be deploying the activities and plans that constant o the damage from
a breach in cybersecurity. This must happen with the help of a comprehensive type of
crisis management and planning of incident response with deploying tabletop
exercises.
 Recovering:
o Activities and plans must be developed for resuming normal operations. This should
be followed by the vents of cybersecurity involving the lessons learned and post-
event mitigation.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10CYBER AND DIGITAL RISK
Bibliography:
Agustina, J.R., 2015. Understanding cyber victimization: Digital architectures and the disinhibition
effect. International Journal of Cyber Criminology, 9(1), p.35.
Bridges, S.M., Keiser, K., Sissom, N. and Graves, S.J., 2015, April. Cyber security for additive
manufacturing. In Proceedings of the 10th Annual Cyber and Information Security Research
Conference (p. 14). ACM.
Choi, K.S., Scott, T.M. and LeClair, D.P., 2016. Ransomware against police: diagnosis of risk
factors via application of cyber-routine activities theory. International Journal of Forensic Science
& Pathology.
Green, J.S., 2016. Cyber Security: An Introduction for Non-technical Managers. Routledge.
Johnson, M., 2016. Cyber crime, security and digital intelligence. Routledge.
Lupton, D., 2016. Digital risk society. The Routledge handbook of risk studies, pp.301-309.
Radanliev, P., De Roure, D., Cannady, S., Mantilla Montalvo, R., Nicolescu, R. and Huth, M., 2018.
Analysing IoT cyber risk for estimating IoT cyber insurance. In Living in the Internet of Things:
Cybersecurity of the IoT-2018. IET Conference Proceedings. London: The Institution of Engineering
and Technology.
Radanliev, P., De Roure, D.C., Nurse, J.R., Burnap, P., Anthi, E., Ani, U., Maddox, L., Santos, O.
and Montalvo, R.M., 2019. Cyber risk from IoT technologies in the supply chain–discussion on
supply chains decision support system for the digital economy. Univ. Oxford.