LD7087 Information Governance and Cyber Security Assignment Sample 2023
Introduction
This report discusses the cyber security policies of the government of the United Kingdom. Here an airline company Air MSky wants to develop a website or database management system for storing the data of customers, to maintain every policy of the United Kingdom government to protect the customer data from any kind of cyber attacks. Air MSky is a leading private airline company. This Air MSky airline company was founded by a local businessman of Manchester. This airline company wants to expand their business in the European countries; because of it this company wants a cyber secure database management system for storing the customer details in their database. The government mainly helps the organization from any kind of cyber attack, and the government also tells the main responsibilities of the organization. Cyber attack is the main problem in recent times. To secure all of these cyber attacks Air MSky mainly wants to develop this system.
Task 1: Information Governance Need & Cyber Security Threats
Information Governance Need
In this report, information governance is needed to manage all the information or data of any organization and access the information or data if the risk is present in the database (Ghana et al., 2020). This Airline Company spread their business in European countries, British Airways faced a cyber attack in 2018, at that time all the customer details, login password details, transaction details, payment details several things were stolen through this attack, almost 400000 customer details were stolen because of this attack (bbc.com. 2018).
Through the IGRM diagram, one can see the main model of responsibility. This responsibility helps to manage the data in the database through the stakeholders, as this technology also describes the data or information and shows the best part of the stakeholder who is independent in the database. Information governance is mainly needed in the database to secure from cyber attacks, main steps are Duty means submitting all the specific information to the government, and the second is Value stands for submitting all the specific information to the business purpose, and the last one is Asset, giving the specific information about the assets. Through this technology mainly helps the framework store staff details, and reduces the storage cost.
Figure 1: IGRM Diagram
(Source: Gao et al., 2019)
In this technology the main risk management and managing the unmanaged data is important. The information or data is spread all over the internet, and this data is identically noticeable data. In this scenario, this kind of large amount of data handling is very difficult; in that case, technology helps the companies so much. This technology mainly depends on the SaaS solution, through this technology search and manages all the data into the overall database management system, and this technology also protects the data from any kind of cyber attack.
Cyber Security Threats
To making a new system of Air MSky’s for the European countries looking several cyber attack is available in the cyber crime which are as follows:
- Malware
- Emotet
- Denial Of Service
- Man in the Middle
- Phishing Cyber Attack
- SQL Injection
- Password Attacks
Malware
Malware is very malicious software, for example, “Ransom ware”, “Virus”, “Spyware”, and “Worms” (Chen, 2020). According to the case study malware attack on this new system of Air MSky airline company’s chances is very high, mainly this malware attack is mainly activated when the user clicks on any spam link or attachment which is received through the message or email. This technology or attack is very disconcerting because when the user clicks on the link or attachment that time malware spreads all over the phone or computer or the server, then blocks the network accessibility of the system, this work is mainly done through a ransom ware attack. Through this technology also install unwanted spam applications or software in the system or server. Using malware attack data transmission also blocked in the hard disk, this is happening through the Spyware. This is the main work of the malware.
Emotet
Emotet attack is mainly used in the banking sector, this technology mainly used for the downloader of the bank details, this technology is also an advanced technology Trojan on the internet, and this Trojan is so costly, as well as this malware can evaluate the data from one place to another place. According to the case study malware attack on this new system of Air MSky Airline Company’s this attack happening chances is almost low, because this system is mainly used for the banking sector. This Emotet malware can download all the data can download through this software (cisa.gov. 2020).
Denial of Service
Denial of Service is mainly a cyber attack; this attack mainly corrupted all the databases and networks of the internet (Franceschini, 2020). In this scenario, a malware attack on this new system of Air MSky airline company’s chances is high, because a big amount of data is stored in any airline company’s database. The Distributed denial of service is not a similar cyber attack, but this attack mainly originated using a computer network. In recent times several cyber attacks have mainly happened using this technology. This type of malware system mainly activated another network to hack all over the system using one computer network. This denial of service is a “Handshake” attack.
Man in the Middle
Man in the middle attack mainly stole the data between two transactions (Yang and Yang, 2020). The hacks insert into the transactions, then filter all the important data then steal the data using the public network. According to the case study, this type of malware attack on this new system of Air MSky airline companies in the Europe chances is very high because at the time of transaction any hacker can enter between the transactions and steal the sensitive data of the customer as well as the airlines. After stealing the data, hacks install the malware in the database or in the system then the hack is left from the transactions.
Phishing Cyber Attack
This attack’s main motive is to steal sensitive data from the system or server or database. The hacker sends some spam messages or emails to the victim, when the victim links on the link or opens the message or email then their malware installs in the victim’s system, after that the hacker steals sensitive data like debit or credit card details, login id, and password, etc (Wang et al., 2018). Phishing attack chances are very low in this system because the Air MSky airline companies store all the information in the cloud database. In this scenario, all the system corruption process is not possible using this technology.
SQL Injection
SQL injection is one type of cyber attack; SQL stands for “Structured Query Language Injection”. All the queries of this attack were mainly made through SQL queries. According to the case study, Air MSky airline’s European database can be affected by this attack, because hackers can install spam applications using this SQL injection.
Password Attacks
Using this password attack hackers can store several types of information because this password attack is mainly developed using social engineering framework. The hacker mainly stores the database of the customer of Air MSky airlines then chooses the victim (Shen and Ahlers, 2019). Then the hacker tries to understand the regular working of the database, then all the information can be stolen using this password attack. Password attacks can happen in this new system.
The role of Information Security auditors
The role of the Information Security auditors is mainly to maintain all the databases, prevent the database from using the firewall and encryption process. These Air MSky companies’ new European databases are tested and compiled through the practices and standards. The Air MSky airlines company’s information security auditor mainly confirms to the government as well as the organization all the information or data is completely secure from cyber attacks.
Figure 2: Cyber Security Threats
(Source: Shen and Ahlers, 2019)
The information security auditor’s works are very important to the spread of the airline business of Air MSky companies in the European countries; this auditor also analyzes the data and checks all the policies of the companies. The information auditor of this system also analyzed the data and tried top cost-efficient software for the Air MSky airline companies.
Task 2: Framework
In this scenario to develop a cyber-attack secure Information Security Management System has to tackle a framework to secure all over the system. This airline companies’ database is secured through a framework, and this framework mainly organizes the data and assesses, monitors, and mitigates cyber security risks.
To develop this information management system some common framework is
- ISO 27001 and ISO 27002
- NIST Cyber security Framework
- Service Organization Control Type 2 (SOC2)
ISO 27001 and ISO 27002
ISO stands for International Organization for Standardization (ISO); this framework mainly has two types ISO 27001 and ISO 27002. Through this framework, Air MSky airline companies describe the connection between the shareholders, customers, board, and partners, as well as manage the cyber risk. Having this ISO 27001 and ISO 27002 certification of any company is represent a good side for these Airline companies.
NIST Cyber Security Framework
This framework develops by the order of the United State of America from President Barrack Osama. This NIST cyber security framework is a relation to the public and private sector and manages all the cyber risk. This framework mainly searched out the security issue as well as the cyber security rules and regulations. According to the case study, Air MSky airlines mainly can handle all the databases that are secure using this framework.
Service Organization Control Type 2 (SOC2)
Service Organization Control Type 2 (SOC2) is a mainly trustable cyber security system, and this framework was mainly created by the “American Institute of Certification Public Accountants (AICPA)”. In this framework manage and secure all the stored data. This framework is mainly used for the banking and finance sector. This framework is also used for third-party risk management in cyber security. This framework is not workable for the airline’s management system or information management system, because this technology is mainly used in the banking sector.
Figure 3: Framework
(Source: Blasch et al., 2019)
In the current scenario, the Air MSky airline company cyber-secure information management system needs to apply the “ISO 27001 and ISO 27002” framework, because this technology create al boding with the shareholders, customers, board, and partners, as well as manage the cyber risk
Task 3: Risk Assessment
Critical evaluation of the organizational context
According to the case study, the main critical evaluation of the organizational context this Airline companies database development used here ISO/IEC 27001:2013 specification is beat for developing an Information Security Management System. Information security management systems manage the risk according to the process, people, and technology. According to the information in 2018 British Airways faced a cyber attack, caused of it almost 400000 people data was linked in the internet, log in details, payment details everything has been hacked that time. But in this scenario, Air MSky companies want to start their business in the European countries, as well as the board of the companies decided to develop a cyber security information security management system where all the customer information is secure all the time. Caused of it companies have to choose ISO 27001 framework to develop this information security management system.
Importance of information governance
The importance of information governance is used for Air MSky companies because this is a cost-efficient process for information technology. This system is mainly used for the storage utilization technique when informant data is removed from the database. Through this system also store the media of the database (Blasch et al., 2019). The importance of information governance is also securely access the data when it is required in the run time. This technology is also used for the analysis of the business data and creating a relation with the organization, shareholders, board, and customers.
Qualitative Methodology
Qualitative methodology is mainly used for the market reach, this method mainly depends on the given data open-end and conversational connection (McDonald et al., 2019). This technology not only depends on the and why. In this scenario, Air MSky airlines companies information security management system is several steps are there, number one is a one-on-one interview, the second one is Focus on the group, the third one is ethnographic research, fourth on his case study research, the fifth one is record keeping and the last one is qualitative observation. According to the qualitative methodology also store the data as a collection format, qualitative helps to analyze any kind of data, and analysis technology is a commonly used data analysis process. This methodology was also used for the case study in the online communication system.
Figure 4: Qualitative Methodology
(Source: Bahrami et al., 2019)
This methodology is also used for developing new products; this research method is also used for understanding the strength and weaknesses of the system. This technology is mainly used for the text analysis through the data analysis method; this Qualitative methodology is also used for the social life analysis data (Bahrami et al., 2019). This Qualitative methodology method was also used also decode all the data. The entire information non-uric format is mainly used for the decision making. All the information collected, this airline company also used the machine learning process to select the related data, for select all the relevant information from the database. This information secure management system is work effect and easy to handle a large number of the database for using the relevant data.
Conclusion
Cyber security is an important aspect in order to secure the transformation of confidential data in the online platform. The cyber threats are related to the financial transaction of data for booking tickets online. This airline company needs to mitigate the cyber threats related to the monetary transactions of booking tickets. The approaches taken to eliminate the cyber threats are following the ISO standards of cyber security and the information governance framework to ensure the validation of data, preserving storage space securely and detecting the threat in order to eliminate the threat.
The purpose of the information governance is to convert the simple data into business data by fixing some predefined rules and conditions to protect the open access of the confidential data from the attackers. Only the access control is provided to the registered users who are reliable to access the secured datasets.
Reference List
Bahrami, P.N., Dehghantanha, A., Dargahi, T., Parizi, R.M., Choo, K.K.R. and Javadi, H.H., 2019. Cyber kill chain-based taxonomy of advanced persistent threat actors: analogy of tactics, techniques, and procedures. Journal of Information Processing Systems, 15(4), pp.865-889.
Blasch, E., Sabatini, R., Roy, A., Kramer, K.A., Andrew, G., Schmidt, G.T., Insaurralde, C.C. and Fasano, G., 2019, September. Cyber awareness trends in avionics. In 2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC) (pp. 1-8). IEEE.
Chen, H.Y., 2020. Cashing in on the sky: financialization and urban air rights in the Taipei Metropolitan Area. Regional Studies, 54(2), pp.198-208.
Franceschini, I., 2020. As far apart as earth and sky: a survey of Chinese and Cambodian construction workers in Sihanoukville. Critical Asian Studies, 52(4), pp.512-529.
Gao, H., Yang, W., Yang, Y. and Yuan, G., 2019. Analysis of the air quality and the effect of governance policies in China’s Pearl River Delta, 2015–2018. Atmosphere, 10(7), p.412.
Ghanem, D., Shen, S. and Zhang, J., 2020. A Censored Maximum Likelihood Approach to Quantifying Manipulation in China’s Air Pollution Data. Journal of the Association of Environmental and Resource Economists, 7(5), pp.965-1003.
Kosmidis, E., Syropoulou, P., Tekes, S., Schneider, P., Spyromitros-Xioufis, E., Riga, M., Charitidis, P., Moumtzidou, A., Papadopoulos, S., Vrochidis, S. and Kompatsiaris, I., 2018. hackAIR: Towards raising awareness about air quality in Europe by developing a collective online platform. ISPRS International Journal of Geo-Information, 7(5), p.187.
Kotnala, G., Mandal, T.K., Sharma, S.K. and Kotnala, R.K., 2020. Emergence of blue sky over Delhi due to coronavirus disease (COVID-19) lockdown implications. Aerosol Science and Engineering, 4, pp.228-238.
McDonald, N., Callari, T.C., Baranzini, D. and Mattei, F., 2019. A Mindful Governance model for ultra-safe organisations. Safety Science, 120, pp.753-763.
Shen, Y. and Ahlers, A.L., 2019. Blue sky fabrication in China: Science-policy integration in air pollution regulation campaigns for mega-events. Environmental Science & Policy, 94, pp.135-142.
Wang, L., Zhang, F., Pilot, E., Yu, J., Nie, C., Holdaway, J., Yang, L., Li, Y., Wang, W., Vardoulakis, S. and Krafft, T., 2018. Taking action on air pollution control in the Beijing-Tianjin-Hebei (BTH) region: progress, challenges and opportunities. International journal of environmental research and public health, 15(2), p.306.
Yang, W. and Yang, Y., 2020. Research on air pollution control in China: From the perspective of quadrilateral evolutionary games. Sustainability, 12(5), p.1756.
Website
bbc.com. 2018. British Airways breach: How did hackers get in? Available at: https://www.bbc.com/news/technology-45446529 [Accessed on 20th December 2021]
cisa.gov. 2020. Alert (AA20-280A) Emotet Malware. Available at: https://www.cisa.gov/uscert/ncas/alerts/aa20-280a [Accessed on 20th December 2021]
Know more about UniqueSubmission’s other writing services:
