In this assignment there is a description about the cyber security as well as the importance and effectiveness of the cyber security. Nowadays each and every company uses network facilities in their business process. Basically, with the help of network facilities they can maintain or manage their business data as well as get proper idea about their profit and loss in a well manner. In this case they can face various kinds of issues or risks to lose their data, hacking and so on. With the help of cyber security the companies can protect their data and network and the devices. Basically, the cyber security can be referred as the information technology security. However, in this assignment, I am working as cyber intelligence and I am working in a cyber security company. Our company provide service or cyber security among our client companies. In that case, my job is to analyze the issues or network position of the client companies or those small businesses. Then refer or recommend effective cyber security as per their needs. Therefore, it can be seen that the overall assignment is based on this topic. So, with the help of this assignment the various security risks and the process of their protection can be analyzed.
An analysis of current cyber security risks to organisations
According to (Herrera, 2017), in modern organizations there can be several kinds of cyber security risks which provide negative impacts on their business process such as
Password leakage: in an organization there are several kinds of people and the company trusts them as they are the part of this business process. In this situation the company can face the risk of malicious employees (Ayres, 2016). The employees who have the intention of steal data as well as damage the company. On the other hand, they can also give the company passwords to the rival companies as well. Thus, this can be a very impactful risk for an organization.
If you need assistance with writing your assignment, our professional assignment writing service is here to help!Assignment Writing Service
The human error: in an organization there also can be some people or employees who do not have the exact knowledge of the technologies. In that case, there can occur human error. As per (Overbye, 2017),those particular employees can mistakenly send the company’s confidential data or emails to wron home or people. This cans also a cyber security risk for a company.
Cyber attacks: along with this, the cyber attack is another risk in terms of the cyber security of a company. Basically, there are many types of hackers in the market (Buczak, 2016). The hackers mainly hack the devices as well as networks of an organization in terms of stealing the details or confidential data of the company. Like this they may use the data in a negative way to damage or harm the company.
Failure of covering the cyber security basics: there are some vulnerabilities as well as exploits which can be used by the hackers in terms of hacking the data. Recently it has been seen that, for the few years they are using the vulnerabilities that are getting success to break the cyber security. Thus, the cyber security measure are lacking so, it is a very effective cyber security risk.
According to (Inan, 2016), rather than these risks the companies may have many more cyber security risks like cyber security policy, ransomware, and distributed denial of service attacks and so on.
An evaluation of the different controls that can be used to manage cyber security risks
There are some different types of controls which can be used in terms of managing the cyber security risks
Threat identification: in the time of mitigating the cyber security risks it is very essential step for the companies to identify proper security threats. Without proper identification of the risks it cannot be possible for the companies to adopt effective steps to mitigate the risks (Pan, 2016).
Boundary firewalls as well as internet gateways: the Boundary firewalls as well as internet gateways or the computer network mechanisms are very important and effective for mitigating the cyber security risks. These computer network mechanism need to be adopted by the companies in terms of protect systems, information as well as applications against the unauthorised access or exposure to internet. As sighted by (Tsikrika, 2017), on the other hand, the password needs to be very much strong as well as it cannot be an option for the company.
Secure configuration: the devices which are connected to the network that should be configured in terms of make sure that the devices can provide only the services which are required as well as can not give access for surplus the networks or the systems. Like this the companies can be helpful for reducing the characteristic vulnerabilities of few devices (Pusey, 2016). Basically, the default applications and the settings on several devices may serve as the route for the cyber attackers in terms of gaining easy access for information on the network devices.
Access control: on the other hand, the user accounts must allow for a minimum level of the access required in the case of the applications, or networks as well as the devices. The users are requiring the special privileges for managing the controls need to be authorised for individuals.
The malware protection: the devices which are connected with the internet services, the malware protection software need to be installed by them. According to (Rakitin, 2016), this can be helpful for them to protect the devices against the malicious software like viruses, as well as spyware, worms etc. basically, these can serve for performing the unauthorised functions on the computers or cyber. As per (Lam, 2016), this kind of malware protection software mainly protects the devices against the malware that can easily transmit by the number of the means such as emails, files, and websites. Thus, this is the process of the obvious protection along with this; it also helps for ensuring a greater protection from the various cyber attacks (Hills, 2016).
A critical assessment of the vulnerabilities of the computer network security of the chosen organisation U Bank
Network security is always useful in terms of securing the Web site and other related applications. Every company contains some sensitive data (Prince, 2016). But there can be some vulnerability which can attack the computer network security system of U bank. The critical assessments of the vulnerabilities are as follows
Missing patches: this missing patches can be a network security risk. These missing patches on a server can permit an unauthenticated command prompt into the cyber environment. Companies need to be very careful when they applying patches to the network system. As per (Yung, 2016), thus these missing patches can be a serious vulnerability of this U bank. Thus the bank needs to use latest operating system with the latest security patches to maintain best security practices.
Weak or default password: weak password can also be a part of network vulnerability. Database servers, content management systems and web applications of this bank contains weak or default passwords. Thus the database can be accessed directly (Gupta, 2016). This can be a serious vulnerability of this network system of U bank. Change the structure of the password and test for weak passwords regularly can solve these issues easily. As per (Sherman, 2017), U bank can also use different password management tool to maintain network security system effectively.
Mobile devices: different mobile devices, tablets, and laptops can pose some critical security risk for the web security system. All the VPN connections, email passwords, cache passwords in the browsers contain sensitive information about the bank. All the login information’s are successfully stored in the mobile devices, tablets and Laptops (Dadras, 2017). Thus these passwords can be hacked if these devices are connected with the Wi-Fi. Using clear data management tool and mandatory data encryption can help this bank to manage several security issues effectively. Thus this can be a critical vulnerability for the companies (Chen, 2016).
USB flash drive: this USB flash drives can become a great threat for the companies. This is one of the most common ways in terms of network infection. Employees can use this for different company purposes. Important documents can be stored in this USB flash drives. Since this is a bank it can face security issues. As sighted by (Fielder, 2016), the important documents can be hacked from the USB flash drives easily. Thus this can also be a network vulnerability of this bank. This can affect the overall business process of the bank.
Misconfigured firewall rule bases: fire rule bases need to be configured properly. Misconfigured these firewall rule bases can create problem to the bank (Daniele, 2017). This can allow unauthorised access to the bank. Thus this can be a major vulnerability of this U bank.
An evaluation of the impact of cyber security on your chosen organisation
The impacts of cyber security on the U bank organisation are as follows U bank has faced many security issues in their business process. Thus they need to adopt some cyber security strategies to prevent those issues effectively.
- With the help of cyber security the bank can prevent their major financial loss. This financial loss can occur if bank faces theft of money, loss of contract, theft of corporate information, theft of financial information etc (Carr, 2016). Also the bank faces many data breaches issue. But if the bank uses proper cyber security strategy then only the bank prevent those security issues easily.
- Bank can prevent their reputational damage with the help of these cyber security strategies. According to (Giacobe, 2016), cyber attacks can damage the business operation of this bank. This reputational damage can lead to loss of customers, loss of sales, reduction in profit etc. This reputational damage can even effect on the customer also. Thus the bank needs to adopt some security strategies to prevent these security issues effectively.
- Bank need to adopt cyber securities to manage their personal data effectively. They can adopt a data protection act to manage their personal data. If they fail to manage personal data, then the bank may face fines and regulatory sanctions. Thus it is very important for the bank to adopt some cyber security strategies to protect their data in a systematic way.
- With the help of cyber security, the bank can manage their risk effectively (Kasprick, 2016). They can follow cyber security response plan to fight against the security issues in a systematic way. Bank can reduce the impact of the attack, clean up their systems and manage their business with the help of this. Thus these security strategies can be really helpful for the bank to manage their business issues effectively (Mitchell, 2017).
A critical evaluation of the cyber security strategies that are used within the chosen organisation, mapping these to industry standards
Cyber security strategies which are used within the organisation are as follows
- Secure cyber ecosystem: secure cyber ecosystem is a very effective strategy, where cyber devices can work together to prevent different cyber issues effectively. With the help of this strategy the cyber devices of the bank can work together to prevent cyber attacks or can find solutions to recover from a cyber attack. This cyber ecosystem has three structures such as Automation, interoperability and Authentication (van Schaik, 2017). Bank can enhances their decision making with the help of this automation process. Also they can improve their awareness towards the cyber security with the help of interoperability process and with the help of this authentication process the bank can improve their identification and verification towards the cyber security issues effectively.
- Assurance framework: The bank can design an outline in compliance with the global security standards in terms of people and technology. The bank can give their employees IT security manpower training to prevent these security issues effectively.
- Encouraging open standards: with the help of this strategy the bank can enhance their security standard, their economic growth and also can organize new approach to fight against the new security issues (Liu, 2016). This strategy can be really useful for the bank to maintain their security issues effectively.
- Regulatory framework strengthening: with the help of this strategy the bank develop secure cyber ecosystem and also they can strengthen the regulatory framework effectively. According to (Cherdantseva, 2016), they can focus and enhance the research & development in this cyber security, also they can encourage all the employees to fight against the security issues and also the bank can identify the perfect solution of this ever changing threat with the help of this cyber security strategy. Thus this strategy is really important for the bank in terms of ultimate growth and success.
- It security mechanism: basic mechanisms of IT security can be identified as, link-oriented measures, End-end measures, data encryption and association oriented measures. These all It security mechanisms can protect the security system in such a way that only the authorised person can decrypt them. Thus this strategy is also really important for the bank (Toregas, 2016).
Technology is improving day by day. On the other hand the cyber attacks are also increasing. Thus the bank can adopt these strategies t solve different security issues effectively. But many new threats are coming day by day. Thus the bank needs to adopt some new strategies to solve this security issues effectively.
Based on the analysis and evaluation of the vulnerabilities within the chosen system
A presentation which would be used with a client. The presentation materials must identify possible improvements to make the system secure.
As per early discussion the company U Bank may face several kinds of issue in terms of their security process. Here I am conducting a presentation and going to present in front of the client U bank that can provide possible idea in terms of improving the system security. Basically, U Bank is not able to give a proper password in their devices so that there can be seen security risk. Our company will give the idea about the effective passwords so that they can get the knowledge how to use passwords. The mobile devices can be harmful in terms of the U Bank as the employees use the official data from their phones from anywhere. In this situation we can provide the security control as well as access control facilities. With the help of this facility the company can mitigate this kind of risks. The company can block the users or employees in terms of installing the software in their devices. Therefore, the employees can only access the official data in the office or in their workplace. Like this the U Bank can improve their system security. Along with this they can also bring or install antivirus this can be helpful for the company to secure the system from any kind of malware and viruses. Deploying the hardware based firewall also will help U Bank. The bank can protect any kind of security breaches from their system with this. Along with this, hardware based firewall will be flexible so that the company can easily handle this security process. By using the USB flash drive the employees can take important data from the system of U Bank in this case each and every important data can be protected with the help of network access control or NAC. Basically, the network access control can be used with wireless process and the all data can be managed from anywhere anytime. So, if the company will feel any kind of risk from their employees they can use NAC for secure their system or data.
A training plan for improving network security including user awareness and prevention mechanisms
In this part of the assignment I will produce a training plan in terms of improving the network security as well as the user awareness and the prevention mechanism. In terms of securing the network and devices the companies need to have some idea about the importance of the cyber security. On the other hand, the company can also develop their network security process with the help of this training (Wang, 2017). The process of producing the training plan has been discussed below
- At first I will convince my client organization U Bank to take a training from our company it will be beneficial for them to enhance the knowledge about network security
- Thereafter, I will take permission from my company regarding this training. Basically, this can be helpful for my company to increase their sales as the client will get the exact information about cyber security
- The training will be for 7 days
- In that training the each and every employee of the client company U Bank will take part. It is very important for every employee to have knowledge about network security
- Our training will be computer based and this computer based training can be effective as well as quick or effective. This will convey the useful knowledge and the power of the users to protect the devices. This will also help them to learn new techniques to use cyber security
- The awareness of the network security also can be provided by giving the idea about the efficiency as well as the cyber risks of the company
- There will be some topics in my training process like protecting the mobile devices, physical security or protection for the computers, Malware or the viruses, Safe password techniques, Dangers from the public Wi-Fi, Privacy basics and so on.
- After the training a short quiz will be conducted to make sure that the training has been successfully done.
After analyzing this assignment it can be concluded that, being a network intelligence it is my duty to examine the cyber risks of the client organization and give them recommendations in terms of adopting effective cyber security. However, there can be various kinds of cyber security risks for the modern organization and the risks can be very harmful for them and their business as well. On the other hand, it can be seen that, there are some techniques which can be helpful for the companies in terms of mitigating the cyber security risks in a well manner. In the chosen organization U Bank there can also occur various kinds of cyber security risks such as misconfigured firewall rule, USB flash drive, weak or default password and many others. The impacts of these risks have been discussed here also. The cyber security strategies are not much effective of the company U Bank that have been elaborated in this assignment. Along with I have planned to give the training to the U Bank. The overall training plan has been done here as well.
Ayres, N. M. L. J. H. S. R. &. H. Y., 2016. The mimetic virus: A vector for cyber security., p. 67.
Buczak, A. L. &. G. E., 2016. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), , pp. 1153-1176..
Carr, M., 2016. Public–private partnerships in national cyber‐security strategies. International Affairs, 92(1),, pp. 43-62..
Chen, Y. H. J. &. L. C. C., 2016. Modeling of Intrusion and Defense for Assessment of Cyber Security at Power Substations. IEEE Transactions on Smart Grid., p. 67.
Cherdantseva, Y. B. P. B. A. E. P. J. K. S. H. &. S. K., 2016. A review of cyber security risk assessment methods for SCADA systems. computers & security, , pp. 56, 1-27..
Dadras, S. &. W. C., 2017. Cybersecurity of Autonomous Vehicle Platooning., p. 56.
Daniele, P. M. A. &. N. A., 2017. Cybersecurity Investments with Nonlinear Budget Constraints:. Analysis of the Marginal Expected Utilities. In Operations Research, Engineering, and Cyber Security , pp. 117-134.
Fielder, A. P. E. M. P. H. C. &. S. F., 2016. Decision support approaches for cyber security investment. Decision Support Systems, 86,, pp. 13-23..
Giacobe, N. A. &. K. R., 2016. Development of Polymorphic Homework and Laboratory Assignments in Cyber Security with PolyLab.. In NICE (National Initiative for Cyber Education) Conference., p. 56.
Gupta, B. A. D. P. &. Y. S. (., 2016. Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global., p. 34.
Herrera, A. V. R. M. &. R. C., 2017. National cyber-security policies oriented to BYOD. Systematic review. In Information Systems and Technologies (CISTI), 2017 12th Iberian Conference on, pp. 1-4.
Hills, M., 2016. Written evidence submitted by Dr Mils Hills to the Culture, Media and Sport Select Committee Inquiry Cyber Security:. Protection of Personal Data Online., p. 90.
Inan, F. A. N. A. S. P. R. L. &. J. K. S., 2016. Internet use and cybersecurity concerns of individuals with visual impairments.. Journal of Educational Technology & Society, 19(1), , p. 28.
Kasprick, R. H. J. S. J. &. K. E., 2016. Cyber Security Artificial Intelligence Expert System., p. 54.
Lam, J., 2016. IIET: Cyber security in modern power systems-Protecting large and complex networks.. In Cyber Security in Modern Power Systems, IET, pp. 1-12.
Liu, X. D. M. O. K. Y. L. T. &. L. A., 2016. race malicious source to guarantee cyber security for mass monitor critical infrastructure. Journal of Computer and System Sciences., p. 56.
Mitchell, R. F. A. W. S. &. J. J., 2017. Linkography ontology refinement and cyber security.. In Computing and Communication Workshop and Conference (CCWC), 2017 IEEE 7th Annual, pp. 1-9.
Overbye, T. J. M. Z. S. K. S. &. W. J. D., 2017. An interactive, extensible environment for power system simulation on the PMU time frame with a cyber security application.. In Power and Energy Conference (TPEC), IEEE Texas , pp. 1-6.
Pan, K. T. A. L. C. &. P. P., 2016. Co-simulation for Cyber Security Analysis:. Data Attacks against Energy Management System. , p. 543.
Prince, D. D. C. &. F. O. J., 2016. The North West cyber security industry: export potential assessment., p. 543.
Pusey, P. G. M. &. P. Z., 2016. The Outcomes of Cybersecurity Competitions and Implications for Underrepresented Populations., pp. 90-95.
Rakitin, S. R., 2016. What Can Software Quality Engineering Contribute to Cyber Security?.. Software Quality Professional Magazine, 18(2)., p. 432.
Sherman, A. T. O. L. D. D. G. E. N. M. P. K. .. &. T. J., 2017. Creating a Cybersecurity Concept Inventory:. A Status Report on the CATS Project., p. 45.
Toregas, C. H. L. J. &. H. R., 2016. Exploring Ways to Give Engineering Cyber Security Students a Stronger Policy and Management Perspective., p. 43.
Tsikrika, T. A. B. K. V. V. S. B. P. &. W. M. L., 2017. 1st International Workshop on Search and Mining Terrorist Online Content & Advances in Data Science for Cyber Security and Risk on the Web.. In Proceedings of the Tenth ACM International Conference on Web Search and Data Mining, pp. 823-824.
Van Schaik, P. J. D. O. J. C. L. J. J. &. K. P., 2017. Risk perceptions of cyber-security and precautionary behaviour. Computers in Human Behavior., p. 45.
Wang, S., 2017. Integrated Framework for Information Security Investment and Cyber Insurance., p. 34.
Yung, J. D. H. &. G. L., 2016. Security of cyber-physical systems: an old idea., p. 123.
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this assignment and no longer wish to have your work published on UKEssays.com then please: