COM744: Security and Risk Management Assignment Sample 2023
Introduction
Aim of this study is to conduct an in-depth understanding related to information security, security risks and security control. In this study, it will be discussed the risks factors that have been found in order to protect organisational confidential data. Cybercrimes have been seen to be developed or increased due to the export knowledge of cyber hackers. For instance, this study is going to evaluate the need for security control on the basis of protecting informative data. Application of risk management and risk control has improved several issues related to important or confidential data leaks. Experts are aiming to develop advanced technologies for protecting private and sensitive information from getting hacked, which will be analysed in the study. This study will discuss the security policies that have been developed by Government bodies of multiple countries. Multi-Challenging issues related to legal, ethical and professional security management can be described in this study.
Discussion of issues with information security and security risks
Threats related to information security and security risk is developing each day due to the increasing volume of software hackers all over the globe. Government bodies and common people have been dealing with uncertainty in order to protect private and sensitive data from getting hacked. Information security refers to several processes and methodologies that are implemented or designed for protecting sensitive information. People were not much familiar with advanced technology in the past decades. Somehow, the establishment of advanced technology has become both an opportunity and a threat to the world population. Government bodies have faced various issues after seeing private data or information gets hacked. For instance, software engineers are developing modifications while designing software to avoid the risk of data theft. Business achievers aim to focus on protecting their information related to organisational or business strategies in order to run business smoothly. In this present generation, some people are misusing their skills and knowledge against earning huge funds. Therefore, working professional security departments aim to concentrate each movement of the hackers by continuous security checking methodologies. World’s population is getting satisfied after seeing their life is getting easier with the help of advanced technology. On the other hand, business industrialists are facing challenges due to software attacks, which include important documents and information [1]. As a result, those industrialists are aiming to develop risk management into their business in order to avoid the risk of data hacking. Threats of information security have been noticed through the theft of intellectual property. Therefore, individuals that have been dealing with the theft of intellectual property are dealing with complicated situations. Multinational companies and government bodies are aiming to develop several strategies to improve the security risk of unauthorised access to tables and columns. Cyber experts have noticed that default people show their interest to hack organisational secured passwords in order to disrupt within an organisation. Healthcare, IT and Educational sectors include a high chance to face issues related to security risk and information security. People that are involved with cybercrime tend to withdraw life savings through getting successful access to personal computers [2]. Issues related to security have been observed mostly in all the Government and private banks across the globe. People with bad intentions aims to duplicate self-identification by using others’ ID. As a result, after committing wrong movements cybercriminals do not get caught or identified by Government bodies. Additionally, individuals with no knowledge about the misuse of their identity get harassed by Government bodies. Government bodies have suggested bank associates stay alert from security, as maximum cybercrimes took place for huge funds. The Cyber Crime Branch is giving proper training to the experts by guiding them from previous crime status regarding data hacking. Data tampering has become a common issue in the list of cybercrime due to a lack of risk management. Cyber experts are getting complaints regarding Eavesdropping and Data Theft and such issues are not identified easily. Identifying risks related to security is only possible for experts with great experience and the ability to handle such issues. Block chain and crypto currency attacks are known to be a high risk that has been faced by famous business organisations. Apart from that, IoT attacks have become a major burden for Government departments. Government bodies tend to secure their informative data related to Nation or several bills passed initiatives for the well-being of countries’ people [3]. Business achievers are influencing their software developers to adopt several strategies to avoid issues related to Software vulnerabilities. Cyber security departments are facing multi challenging situations due to Ransom ware attacks, as data hackers are aiming to torture normal people by doing such activity. Artificial Technology (AI) has become highly popular across the world due to its unlimited satisfactory results to solve issues in healthcare and IT sectors. Possibilities were limited before the development of AI technology, as people can easily communicate with healthcare professionals with the help of AI technology. Somehow, Machine learning and AI attacks have increased in this current situation. Throughout the case study process of security crime, it has been identified by Sophism that 82% of organisations in India have faced Ransom ware attacks. Phishing attack is known to be a social engineering attack that has been used by defaulters for stealing user data [5]. Business representatives have faced Insider Attacks, as some working professionals with malicious intentions have been exported or leaked confidential data to competitors. Cyber attacks are not always relevant to software attacks yet it involves Outdated Hardware. For instance, software developers get insecure by the risk of software vulnerabilities.
Identification of security risks and security control strategies
Security risk management helps in identifying the nature of security threats and their impacts on organisational, individuals and community levels. The Internet Security Threat Report (ISTR), Volume 24, February 2019 it has shown an incident of cybercrime. In addition, hackers are focusing on using malicious JavaScript code in order to steal detailed information from credit cards [4]. As a result, those defaulters can get to know personal details through payment forms on victims’ check out web pages. Nearly 4, 818 websites have been compromised with form jacking codes in 2018 [6]. Crypto jacking has become highly effective in individuals’ lives, as cybercriminals have run coin miners on victims’ devices. As a result, victims with no knowledge about their loss deal with harassment. In order to identify the security risks, it requires in-depth knowledge about all valuable assets across a specific organisation. As a result, there is a chance to avoid security default issues within the business organisation. Identification of potential consequences that can be hampered entire working processes and programs of working professionals. Client contact information is a highly effective segment, as competitors can hack all the contact details of customers with the help of a data hack. Website hacking has become very common, as most people have faced several issues after the identification of website misuse [7]. Websites are the most important platforms that have been accessed by people in order to gather information about organisations current status. However, with the help of IP addresses Cybercrime branch has been successfully identified as defaulters or crime executors. In the current generation, young and adult generations are habituated with using electronic gadgets and they tend to save their details and information within their electronic gadgets. However, most hackers can easily access people’s software with the help of sending random messages.
Defaulter aims to send fraud messages to citizens and people with less experience that have been accessed these links that have been provided or sent by the hackers. As a result, cyber-criminal can easily get access to personal software or profiles in order to torture people. In the past decades, multiple cases have been registered in the government offices after getting misguided or being a fraud by cybercriminals. Cybercriminals include bad intentions to exploit a person by accessing their personal information or data. Women population have faced several issues after getting recorded by the CCTV camera without their knowledge while changing dresses or clothes in the changing room. Thus, people with disturbed mentality aims to disclose those videos that have been captured in the changing room, which exploits a person’s entire life. To deal with this situation, the cybercrime branch has developed several strategies to identify those cybercrimes with the help of expert technologists [9]. Software developers and engineers include enough ideas to identify defaulters. Somehow, cybercriminals have been moved freely by using their expert skills of disabling access to the identification of defaulters. Security control strategies have been developed and implemented by various industries across the globe to avoid the risk of losing important and sensitive data. Employees with bad intentions aim to disclose important information about innovation or future planning’s. However, strategies related to security protecting or controlling have improved the risk factors of personal data. In most cases, people easily enter private property even after using modifying and advanced technological security systems at the entrance. Technology has developed in such a way that people can easily handle others or unknown people visiting by staying at home after checking their activity through CCTV cameras. However, people with a fraudulent mind can easily stop all programs of a secured system that has been located by the house owner [10]. Government officials have been complaining about the fraud activity of cybercriminals. Expert thieves aim to learn the process of disabling secure systems to get full access to personal property. For instance, the cybercrime branch is suggesting their respective nations’ populations develop security controlling strategies for avoiding the risk of getting misled.
Evaluation of various security technologies
After the development of advanced technology, people are getting valuable responses in order to deal with issues related to security. Cybercrime branches have solved several cybercrime cases by using Data Loss Prevention, which has been used by the software developer while developing features within software. Several technologies have been developed by the software engineers, such as Block chain Cyber security, Artificial Intelligence, Embedded Hardware Authentication and Zero-Trust Model in order to reduce the risk from information security [12]. Limit Employee Access to data has become highly effective for maintaining the sensitive information protected, which has improved several issues within business organisations. In order to reduce data security risks, Password Management is playing a crucial part. For Instance, people can easily access their organisations personal or official accounts by getting tremendous results from password management. Card Data Management is another development by business organisations in terms of protecting personal and sensitive information from getting hacked [11]. Moreover, card data management helps in protecting personal information about bank details that are being encrypted within credit or debit cards. For instance, data hackers cannot get access to credit or debit cards with the help of card data management. Install Patches is another way to decrease the chance of risk related to cybercrime. Remote Access Management helps in identifying issues related to unauthorized access. Moreover, this technique can easily lock user accounts after 6 continuous attempts. Remote access management technology works well by changing users’ default passwords. Two factors authentication comes under remote access technology, which has helped citizens from getting harassed. Cyber security members are aiming to develop several strategies in order to reduce risk factors from the organization’s secured electronic devices. In this digitalisation, people are getting misguided by the expertise of advanced technology after getting fooled by fraud. Coding is such an innovation that is being used for people’s well-being. On the other hand, coding has become a favourite tool or technique for the defaulter or cybercriminals, as they are getting successful after misusing the coding system. Technology has been used as a solution, whereas, people with no default are dealing with challenging situations after getting exploited by cybercriminals. For instance, Government bodies are suggesting all the country’s population develop strategies to establish risk management within the business organisation [14]. Software engineers are aiming to develop expert technologies to fail all attempts from the default party. Proper strategies of the cyber team in order to develop well-structured and organised risk management for protecting confidential data.
Cyber security evolution tools are accurate software that is available by the national cyber security division. Information management includes content management, IT applications, and numerous programming techniques that are useful to increase the workflow of an organization. Intellectual and learning skills sometimes include the accurate management procedure and that specific part is to recognize numerous risks and threats of an organization [13]. Information management skills include content management, information process, and numerous IT applications.
Sometimes information management skills enhance IT knowledge and that specific factors increase the overall workflow of an organization. Another useful skill is accurately identified by the networking knowledge and it is considered a key ability between the team members. Research skill is the ability to find numerous solutions for difficulties by the question, answer process. A specific research skill involves the ability to find some information and rectify the problems [15]. The research skills sometimes include analysis, interpretation and evaluation related to several information’s to the relevant subject.
Critical analysis of business continuity planning
Oral and media communication skills are focused on the problem solving part and those conflicts with many issues. Oral communication is an essential process that improves business continuity planning and evaluates critical analysis for the organizational employees. Sometimes oral communication promotes employee encouragement to increase the motivation level of individual employees. Oral media communication is the oldest communication and that includes face to face communication with numerous employees. Oral or media communication skills accurately manage leadership skills and it is developing the future opportunity of an organization [16]. Oral communication sometimes accurately communicates with the numerous employees by the interaction process. On the other hand, written communications help to understand several readers to understand the accurate requirements of the research.
Information management skill develops the key areas of individual employees to manage numerous threats of an organization. Several strategies and business skills are accurately managed by the general knowledge of the managers and it is to develop new knowledge of the managers. Strong management skill creates specialized employees that are beneficial to product performance. Productive performance enhances the numerous difficulties of the business and that specific factors develop the theoretical knowledge of the employees. Basic knowledge of management is developed by the training and learning process. Research skill develops the overall procedure of the management and that specific process is useful to develop the general knowledge of the future learners.
Sometimes written, oral communications develop the skills of media communication. Communication skill is important to describe the job details to the individual employees and oral, written communications of the management. Information management skills are sometimes developed by effective communication skills [18]. Some potential employees of the organization develop numerous ideas of an organization. Strong oral communication skills can share numerous feelings and ideas and it can effectively understand the public feelings. Individual employees across the industries can perform by their great communication skills.
Advantage of security policy, standards, and practices
Verbal or written communication skills can articulate effective ideas. Accurate verbal and nonverbal communications are useful to understand the audience and that is essential to involve numerous employees in the organization. Sometimes oral communications create an interaction that specific process helps to improve the overall factors of the business. Oral communication skills can eliminate numerous threats and it is a great way for the problem solving part. Oral communications communicate with numerous employees and encourage them for their product performance. There are three types of basic communication such as passive, aggressive, and assertive. Both communication skills increase the basic communication of numerous employees. Proper communication skill eliminates the stress of the management and there are some important strategies for information management skills such as implementation, formulation, modification, and evaluation.
Accurate communication skills eliminate several stresses of the managers and they properly maintain the overall communication [17]. A written communication effectively communicates the overall business process in an accurate way. Sometimes communication and lack of secrecy decreases productive performance. Individual employees are motivated by effective communication. Most of the employees develop their conversation by the interaction and that specific process reduces numerous issues of an organization. Sometimes accurate communications increase the future opportunity and problem solving part. A strategic framework of information management is increasing and organization. Identifying the accurate relationship with the numerous employees is a great way to improve productivity and performance. Future opportunity sometimes depends on efficiency level and that specific factors increase the accurate understanding of job roles.
Oral or written communication sometimes creates a creative performance of an organization and that specific process creates a systematic procedure of an organization. A problem solving part is essential to identify numerous opportunities and growth. Sometimes conversational thinking is beneficial to innovative solutions and that specific process overcomes several obstacles. Sometimes numerous goals and objectives create better solutions for every difficulty [19]. The problem solving part is essential to identify numerous threats or risks and that specific process is dealing with the numerous challenges and obstacles. Potential possibilities and solutions involve numerous symptoms of an organization. Written or verbal communications are enhancing communication factors and that specific process helps to recognize numerous threats and difficulties. Creativity and problem solving part is enhancing the future opportunity and growth. Accurate research skills are develops by the information management skills.
Accurate information management tools can find out numerous problems and that is introduced how to use numerous tools to identify and rectify several problems. Sometimes research skills are needed to develop the strategy and that specific process is needed to increase the organizational framework. Information management skills include some databases that are useful to rectify several programming or application issues. Sometimes information management skills analyze specific technology that helps to figure out numerous difficulties and threats. Strong technical and project management skills are easily developed through the verbal communication process [20]. Oral communication includes the interaction between the managers and that specific process is useful to develop writing skills. Written communications also develop the writing skills of and it includes the accurate information management process to eliminate individual difficulties.
Advantage of security policy, standards, and practices
Data security is highly required for avoiding both external and internal threats. Market competitors are the main reason to deal with business risk, as it has been seen that competitors aim to take advantage by fooling internal stakeholders of other organisations. Famous business tycoons have faced business losses, as competitors have copied their strategic planning have to deal with clients. As a result, customised and secured techniques are required to protect sensitive and personal information. Security policies play an essential role in understanding organisational norms after getting caught by doing cyber crimes.
Discussion about issues of legal, ethical, and professional issues in security management
Cybercriminals are developing their skill and knowledge with the help of advanced technology practices. Industries or firms, private sectors have faced many issues related to data security. People with fraud mentality have been delivered confidential data to the opponent parties for personal intentions. Furthermore, after getting misguided by the opponent parties of employees tend to do fraud activities against their own organisation. In security management, there are legal, ethical and professional issues that have been faced by civilians while working under organisations or in their personal life. Ethical issues include personal privacy, which can hamper the respective position of individuals. In the past decades, telecom distributors were influencing people to use telephonic sim cards with other user names. Thus, such a suggestion is not fruitful to souffle identities from one to another. However, sim card registration with different identities is the main reason that fraud and criminal activities have increased. People with bad intentions have been committing criminal activities by using duplicate IDs of real users. Nowadays after the development of some advanced mobile applications, such as True caller, criminals have become more alert. People with innovative ideas tend to have their business performance in the global market. For instance, frameworks and work charts related to organisational development or growth ideas have been leaked by hackers through their electronic systems. Most people have lost their currency or capital after getting cheated by internal stakeholders. Global network professionals are developing some important initiatives to ban fake websites that can easily access a person’s electronic systems. Several basic ethical issues have occurred by using Information Technology (IT) all over the global network, which consists of harmful actions on the internet. Such ethical issues have been controlled by the IT engineers with the help of encrypted techniques, computer firewalls, digital IDs and SSL technology. Legal and ethical issues have been seen to have occurred in the computer system area in individual’s right to privacy against larger entities of an organisation [7]. Cybercriminals can easily monitor all activities of a computer user by disabling the data secured properties. For instance, most people have been terminated from their employment by the misconception of higher authorities. Professional issues have been the most due to the fraud activity of market competitors. In some cases, cybercriminals have been hired by competitive or struggling parties that are yet to develop their position in the global market. For instance, they tend to hire software hackers and data hackers against huge funding deals. After getting hired, cybercriminal aims to disable all secured protection tools. After disabling data protection tools, copying encrypted data to its system becomes quite easy for the hackers. To deal with this situation, the Government of the United Kingdom has established the Data Protection Act, 1990 in order to alert cybercriminals [9]. Hackers can access the personal computer system by sending random fake emails and messages to common people. Consequently, some people that are less experienced in getting fraud easily tap on the hyperlinks. Moreover, after tapping on the hyperlink, most people have failed to secure their personal information or sensitive data from getting hacked by the hacker. Hackers have been hired by people with bad or wrong intentions. Moreover, dealing parties do not reveal their identity to the hacker yet they aim to finalize deals against huge funding agreements. After getting hired by the defaulters, hackers tend to leak all required information of opponents as per the instruction of dealing parties. In this current generation, technology has developed. Thus, it has become easy to secure personal systems from getting hacked by encrypted methodologies. Somehow, before the development of science and technology, system hacking was easy for hackers [5]. In current days, people by default give their password and ID without knowing that the opposite person is aiming to fool him or corrupt him financially. For instance, it has been seen that people have lost their life savings by clicking yes to the unauthorized access.
Conclusion
From the above study, it can be concluded that in order to protect personal or sensitive data it requires information security to protect data. This study has evaluated the impact of risk management and practices in order to deal with data hacking issues. Risk management plays an effective role in order to protect a personal real indemnity from getting misused by the defaulters. Cybercrime branch managers are aiming to develop several strategies to reduce cyber crimes from getting increased, which have been discussed in this study. Practices of advanced technology have both positive and negative impacts, as data hackers can easily access a person’s electronic system by using a coding methodology. To find out the defaulters IT technologists have developed expert technologies by installing data protection tools within a computer system. The study has discussed the multi challenging scenarios that have been faced by cybercrime victims. This study, it has analysed several cybercrime activities along with relevant examples in order to understand the key components of this topic. In some cases, cybercriminals work under unknown yet famous enterprises that never disclose their real identity. Furthermore, cybercriminals do criminal activities by getting huge amounts of money from the dealers. The aim of cybercriminals is to do their job without getting caught in order to get huge capital from the dealing party, which have been critically discussed in this study.
Reference lists
Journals
[1] Chen, J. and Zhu, Q., 2019. Interdependent strategic security risk management with bounded rationality in the internet of things. IEEE Transactions on Information Forensics and Security, 14(11), pp.2958-2971. Available at: https://ieeexplore.ieee.org/abstract/document/8691466/
[2] Al-Dhahri, S., Al-Sarti, M. and Abdul, A., 2017. Information security management system. International Journal of Computer Applications, 158(7), pp.29-33. Available at: https://www.researchgate.net/profile/Azrilah-Abdaziz/publication/312518367_Information_Security_Management_System/links/59f5915baca272607e2a97ed/Information-Security-Management-System.pdf
[3] Wood, A., He, Y., Maglaras, L.A. and Janicke, H., 2017. A security architectural pattern for risk management of industry control systems within critical national infrastructure. International Journal of Critical Infrastructures, 13(2-3), pp.113-132. Available at: https://www.inderscienceonline.com/doi/abs/10.1504/IJCIS.2017.088229
[11] Park, J.Y. and Huh, E.N., 2020. A cost-optimization scheme using security vulnerability measurement for efficient security enhancement. Journal of Information Processing Systems, 16(1), pp.61-82. Available at: https://www.koreascience.or.kr/article/JAKO202012941165696.page
[12] Ključnikov, A., Mura, L. and Sklenár, D., 2019. Information security management in SMEs: factors of success. Entrepreneurship and Sustainability Issues, 6(4), p.2081. Available at: https://www.researchgate.net/profile/Aleksandr-Kljucnikov/publication/333885503_Information_security_management_in_SMEs_factors_of_success/links/5d0c8010458515c11ceaf543/Information-security-management-in-SMEs-factors-of-success.pdf
[13] Buldakova, T.I. and Mikov, D.A., 2017. Comprehensive approach to information security risk management. In CEUR Workshop Proceedings (Vol. 2081, No. 05, pp. 21-26). Available at: http://ceur-ws.org/Vol-2081/paper05.pdf
[14] Očevčić, H., Nenadić, K., Šolić, K. and Keser, T., 2017. The impact of information system risk management on the frequency and intensity of security incidents. International journal of electrical and computer engineering systems, 8(2.), pp.41-46. Available at: https://hrcak.srce.hr/index.php?show=clanak&id_clanak_jezik=284635
[4] Zhang, R. and Zhu, Q., 2019. $\mathtt {FlipIn} $: A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things. IEEE Transactions on Information Forensics and Security, 15, pp.2026-2041. Available at: https://ieeexplore.ieee.org/abstract/document/8913631/
[5] Fletcher, K.C., 2019. Change management and developing organization risk culture: Transportation Security Administration case study. In Public Sector Enterprise Risk Management (pp. 17-32). Routledge. Available at: https://repofeb.undip.ac.id/9371/1/Public_Sector_Enterprise_Risk_Management_Advancing…_—-_%28FULLTEXT%29.pdf#page=33
[6] Tupa, J., Simota, J. and Steiner, F., 2017. Aspects of risk management implementation for Industry 4.0. Procedia manufacturing, 11, pp.1223-1230. Available at: https://www.sciencedirect.com/science/article/pii/S2351978917304560
[15] Rindell, K. and Holvitie, J., 2019, June. Security risk assessment and management as technical debt. In 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) (pp. 1-8). IEEE. Available at: https://ieeexplore.ieee.org/abstract/document/8885100/
[16] Nurse, J.R., Creese, S. and De Roure, D., 2017. Security risk assessment in Internet of Things systems. IT professional, 19(5), pp.20-26. Available at: https://ieeexplore.ieee.org/abstract/document/8057728/
[17] Mayer, N. and Feltus, C., 2017, October. Evaluation of the risk and security overlay of archimate to model information system security risks. In 2017 IEEE 21st International Enterprise Distributed Object Computing Workshop (EDOCW) (pp. 106-116). IEEE. Available at: https://ieeexplore.ieee.org/abstract/document/8089840/
[18] Amundrud, Ø., Aven, T. and Flage, R., 2017. How the definition of security risk can be made compatible with safety definitions. Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, 231(3), pp.286-294. Available at: https://journals.sagepub.com/doi/abs/10.1177/1748006X17699145
[7] Baryannis, G., Validi, S., Dani, S. and Antoniou, G., 2019. Supply chain risk management and artificial intelligence: state of the art and future research directions. International Journal of Production Research, 57(7), pp.2179-2202. Available at: https://www.tandfonline.com/doi/abs/10.1080/00207543.2018.1530476
[8] Cha, S.C. and Yeh, K.H., 2018. A data-driven security risk assessment scheme for personal data protection. IEEE Access, 6, pp.50510-50517. Available at: https://ieeexplore.ieee.org/abstract/document/8454722/
[9] Boiko, A., Shendryk, V. and Boiko, O., 2019. Information systems for supply chain management: uncertainties, risks and cyber security. Procedia computer science, 149, pp.65-70. Available at: https://www.sciencedirect.com/science/article/pii/S1877050919301152
[10] Venkatraman, S., 2017. Autonomic framework for IT security governance. International Journal of Managing Information Technology, 9(3), pp.1-11. Available at: https://www.academia.edu/download/55902427/9317ijmit01.pdf
[19] Leo, M., Sharma, S. and Maddulety, K., 2019. Machine learning in banking risk management: A literature review. Risks, 7(1), p.29. Available at: https://www.mdpi.com/422530
[20] Somepalli, S.H., Tangella, S.K.R. and Yalamanchili, S., 2020. Information Security Management. HOLISTICA–Journal of Business and Public Administration, 11(2), pp.1-16. . Available at: https://sciendo.com/pdf/10.2478/hjbpa-2020-0015
Know more about UniqueSubmission’s other writing services:
