LD7087 Information Governance and Cyber Security Assignment Sample 2023
Task 1
Information-Governance-Need and the Cyber-Security-Threats
Information technology helps the organization to protect the security system. Information governance is really needed to protect the important information of the organizations. Information security ensures that any organization has many important key factors which are really important for the security system and those key factors are like proper leadership which is one of the best approaches to guide the employees to work properly, then required information structure this is really essential to construct the perfect information structure, next is the guidance.
All these are ensured by information governance (Lallie, et al. 2021.). Governance helps any company by many different approaches and those approaches are like this to inform the authority that they have the perfect or at least required administrative controls or not to mitigate risks. The risk managements help the organization to ensure that they properly determine their risks which arise in their security system and also the risk managements help the organization to analyze their security system and find out the risks.
If they identify any risk then they try to mitigate those risks from their security system. Information governance helps the organizations in their framework and also this ensures that the personal information or data is-deal-with many factors like legally, then efficiently and also deal with effectively because this has only one aim that is to provide the best care to the security system to protect them from unethical access.
Figure 1: The Information Governance model
(Source: www.blog.doculabs.net)
Information governance is really important for any organization no matter if it is the government sector or any private sector (Bellekens, et al. 2021.). This approach helps any company to build their security system strong and also protect their confidential information. Information technology helps the organizations to secure the system and they direct all the activities and also control their Information technology security.
Information technology management helps the organization to be concerned in their decision making to prevent the mitigation risks (Shepherd, et al. 2021.). The governance decides who will be the authority to take the position to decide something for the security system. But it is also true that technology improves day by day to help the people to be updated in their lives but some of the threats also coming with it and those are known as a threat to the system.
Those threats really need to be removed from the system because those threats may create some major issues to the company (Pardini, et al. 2017). One more important goal which is possible with the Information governance and that is with the help of the organizations is able to provide their employees trustable and easy access data while they make any decisions regarding the business. But this task is divided into many parts in many companies. All the divided parts of that is security, then storage and also into database teams.
In recent years some of the threats which is faced by every organization which is firstly phishing and this is a hacking scheme, this tricks are mainly used to download some harmful messages from the internet, then malware, this is a software or a code and this code is used to infect any network and also explore that though the user is able to steal the information.
This code is used in many different ways for that they have many methods to infect any computer system. Next threat to any organization is ransom ware (Parreiras, et al. 2017). In this threat the employees who are working in any organization they are involved in means their encryption of the data access is held by the other party and they demand the ransom for the employee’s access (Srinivas, et al. 2019).
Then data breaches, in these threat hard-copy-notes are theft from the organization and some unethical person has access to the organizations confidential information. The next threat is compromised passwords. These are the common threats which are recently faced by the organizations and these threats are really essential to identify by the organizations for their immediate action for preventing those risks.
Figure 2: All the risks which is present in the cyber security system
(Source: www.healthlabs.net)
All these latest threats arise in the security system. These cyber threats need immediate rectification (Kumar, et al. 2019). All the organizations required Information governance for their understanding and also to determine all these types of risks in their organization. Many methods are applied by the organizations for prevention of all these threats.
Some common methods which are applied by the organizations and those methods are first develop the cyber security rules or policies to prevent the threats, then secondly implement the training which is helps the employees and the authorities to aware of the theft of the information from the organization, next is the spam filter is installed by the organization to prevent the malpractice in their security system and also for the virtual data protection they must be develop and also installed the anti-malware-software (Renaud, et al. 2019) .
These are the ways which are adopted by the authorities to protect their confidential data from the hackers. Along with these approaches, if the companies set some complicated and strong passwords for their data protection then definitely they are more able to protect their information. Data is the most important factor in a business, based on the past information the organizations are try to take their future actions.
Figure 3: some of the risks prevention process in cyber security system
(Source: www.bournetocode.net)
Task2
The Framework for the cyber security system and the Information Governance
Cyber-security governance helps the organizations governance to inform them what types of components are required for their security system (Solms, et al. 2019). The framework refers to the organization’s governance that those components depend on their cyberspace and those components are present in the adversaries. By the framework the organization’s C-suites set their appropriate tone which is required for the organization and this is the best cornerstone program for the governance.
The framework is used for security reasons. This is mainly a compilation where the state-mandated and also the international cyber-security rules or the policies are involved and also the process which is used to protect the data in a critical infrastructure is included (Christensen, et al. 2017.).
In framework the companies instructions are included for the control or management of the personal information and this helps them to keep the information stored in the system and by doing this they ensure the decreased-vulnerability for the security regarding risks.
The framework is also needed because every organization needs some basic factors in their organization for their success and those factors are like leadership which is one of the best approaches to guide the employees to work properly, then required information structure this is really essential to construct the perfect information structure, next is the guidance (Petersen, et al. 2017.).
These factors are really important for any organization to expand their business in many places and also gain a good market value. Some of the frameworks are present which are applied by the companies for their better understanding and also for their better future business strategies.
This is the main motive of every company to have a successful business for that their first priority is to keep their future business plans hidden from their competitors so that they are more focused on their security system (von Solms, et al. 2018). Some of the famous frameworks which are adopted by the organizations and those frameworks are the United State of national-institute-and the technology framework, this framework is used by those companies who are faced with some of the critical infrastructure in their cyber security system.
The next framework is the center which is for internet security and this is used in the critical situation of the security control system. The next framework is International standards of the organization framework that is also applied by many companies for their security system. This particular framework is present in two models: the first model’s ISO number is 27001 and the second one’s ISO number is 27002.
Some of the latest threats arise in the security system. These cyber threats need immediate rectification. All the organizations required a proper framework for Information governance to their better understanding and also to determine all the risks in their organization.
Many methods are applied by the organizations for prevention of all these threats. Many frameworks are also applied by the organizations and one latest framework is included in the business field to prevent data theft from the organizations. The latest framework is NIST 8170 which was launched by the NIST. This framework is used for the federal agencies means this agency is able to access the cyber security system with the help of this framework.
This framework helps those agencies by guiding them on how they can use this framework for the United State’s federal-government where the recent or the current plans are suites of the NIST security system to provide the risk-management-publications. The NIST framework and the ISO-27000 are the most common frameworks which are applied by the companies.
The Information-security-management-system has many scopes but initially this is defined only the specific processes which are required in any organizations, after that it defines the particular system or the department of the company. All these functions or the activities are done in any organization for which the companies have their success stories which is known to the world as a success business case and this helps them to expand the ISMS otherwise they create new ISMS for their organizations which have different requirements and scopes for the protections (Van Horenbeeck, et al. 2018).
Some of the common scope of the ISMS is like it helps the company to think about their business models and identify the critical situations, then the goals which is needed for the success, next is the expansion thought, and the last one which is need a good ISMS approach that is determine the relevant and essential stakeholders and also the key players of the company.
Task 3
Risk Assessment for the cyber security system
The cyber security system conducts the risk assessment for risk identifications in the organizations. Many assets are affected by the cyber attacks and those assets are laptops, then computers, smart phones, next is hardware, and intellectual property etc. All these assets are mainly affected by the cyber attacks. After assets identification the risk assessments identify various risks which are the main cause of the attacks of those assets (Pretorius, et al. 2020).
If any organizations try to arrange their risk assessment then the steps which is required for the assessment is first they try to identify the main purpose of the assessment, then second step is consider all the key technologies and all the components which are required for the risk identification, after that the third step is determine the vulnerabilities and all types of threats which is create any problem in the business regarding their data security system, next step is to evaluate the issues or risks of the business, and the last step is after risk evaluation provide them the correct approach which helps them to control the risks or at least alternative options which is used to reduce all the risks from their system.
All the assets which are identified with the help of the risk assessment, some threats and vulnerabilities are software attacks; this is mainly happening in the electronic devices like laptops, then computers, smart phones, next is hardware. Then theft the intellectual property, next is identity theft, then equipment theft or the information theft, next is sabotage and also data extortion etc these are the threats and vulnerabilities which arise with the assets.
All these threats and the vulnerabilities create many issues in the business regarding their security system for that Information governance is really needed to protect the important information of the organizations (van Niekerk, et al. 2020). Governance helps any company by many different approaches and those approaches are like this to inform the authority that they have the perfect or at least required administrative controls or not to mitigate risks.
Information governance is really important for any organization no matter if it is the government sector or any private sector. This approach helps any company to build their security system strong and also protect their confidential information. Information technology helps the organizations to secure the system and they direct all the activities and also control their Information technology security.
Risk management is a really important factor of any organization because without controlled system business expansion is very difficult so this is really important for every company.
The framework refers to the organization’s governance that those components depend on their cyberspace and those components are present in the adversaries.
Many functions or the activities are done in any organization for which the companies have their success stories which is known to the world as a success business case and this helps them to expand the ISMS otherwise they create new ISMS for their organizations which have different requirements and scopes for the protections (Furnell, et al. 2020).
Some famous frameworks are used by the organizations and those are the United State of national-institute-and the technology framework, this framework is used by those companies who are faced with some of the critical infrastructure in their cyber security system.
The next framework is the center which is for internet security and this is used in the critical situation of the security control system. The next framework is International standards of the organization framework that is also applied by many companies for their security system.
If any attack occurs in any organization then a quantitative approach is the best approach to find out the risks in the risk assessments. This is a very easy process to conduct and this process helps the organization to establish a financial impact on the basis of the incident. This is the most applicable method in the risk assessment. This approach is easily handled by the management team and they can easily analyze the risks.
The quantitative method is very useful for gauging-probability and also for prioritizing the risks which helps the non-project peoples to understand those risks for the projects (Bishop, et al. 2020). In the cyber security system of any organization the quantitative approach helps the risk assessment to produce a systematic way to evaluate all the risks which arise from the threats.
In this approach many frameworks and different methodologies are available to find out the risks or conduct the risk assessment. This approach provides a flexible tool to the organization for their current state and helps them to set their future strategy of a successful business.
All the organizations are trying to fix their threats and turn those threats into a controlled system. For that all the companies mainly used quantitative methods to analyze their security system and also conduct the risk assessments. After determining the companies are focused on their present system and develop their current technologies for a better security system like right now almost every company adopts artificial intelligent technology, then biometric system to protect their important data from being stolen.
Reference list
Journal
Lallie, H.S., Shepherd, L.A., Nurse, J.R., Erola, A., Epiphaniou, G., Maple, C. and Bellekens, X., 2021. Cyber security in the age of covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, p.102248.
Pardini, D.J., Heinisch, A.M.C. and Parreiras, F.S., 2017. Cyber security governance and management for smart grids in Brazilian energy utilities. JISTEM-Journal of Information Systems and Technology Management, 14, pp.385-400.
Srinivas, J., Das, A.K. and Kumar, N., 2019. Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, pp.178-188.
Renaud, K., Von Solms, B. and Von Solms, R., 2019. How does intellectual capital align with cyber security?. Journal of Intellectual Capital.
Tagarev, T., 2019. DIGILIENCE–A Platform for Digital Transformation, Cyber Security and Resilience. Information & Security, 43(1), pp.7-10.
Christensen, K.K. and Petersen, K.L., 2017. Public–private partnerships on cyber security: a practice of loyalty. International Affairs, 93(6), pp.1435-1452.
von Solms, B. and von Solms, R., 2018. Cybersecurity and information security–what goes where?. Information & Computer Security.
Van Horenbeeck, M., 2018. The future of Internet governance and cyber-security. Computer Fraud & Security, 2018(5), pp.6-8.
Ristolainen, M., 2017. Should ‘runet 2020’be taken seriously? contradictory views about cyber security between russia and the west. Journal of information warfare, 16(4), pp.113-131.
Eugen, P. and Petruţ, D., 2018. Exploring the new era of cybersecurity governance. Ovidius University Annals, Economic Sciences Series, 18(1), pp.358-363.
Christensen, K.K. and Liebetrau, T., 2019. A new role for ‘the public’? Exploring cyber security controversies in the case of WannaCry. Intelligence and National Security, 34(3), pp.395-408.
Pretorius, B. and van Niekerk, B., 2020. Cyber-security for ICS/SCADA: a south African perspective. In Cyber Warfare and Terrorism: Concepts, Methodologies, Tools, and Applications (pp. 613-630). IGI Global.
Kahyaoglu, S.B. and Caliyurt, K., 2018. Cyber security assurance process from the internal audit perspective. Managerial Auditing Journal.
Almuhammadi, S. and Alsaleh, M., 2017. Information security maturity model for NIST cyber security framework. Computer Science & Information Technology (CS & IT), 7(3), pp.51-62.
Furnell, S. and Bishop, M., 2020. Addressing cyber security skills: the spectrum, not the silo. Computer Fraud & Security, 2020(2), pp.6-11.
Fields, Z. ed., 2018. Handbook of Research on Information and Cyber Security in the Fourth Industrial Revolution. IGI Global.
Know more about UniqueSubmission’s other writing services: