BMO6630 Business Research Methods Essay Enhances Understanding.

“The research should be organised for analysing the gabs which exist between the cyber-criminal activities and cyber-security procedures used by the organization” (Bos, 2014). There are various capabilities gaps in the research of cyber -criminal activities and mitigation plans which can be described in the table below:

The research is proposed for analysing limitations of the small enterprise. The goal of the research is to predict the cybercriminal activities which occurred in the organization and the security measures which an organization take against them for mitigation. The focus should be given on assessment and evaluation of cyber security, experiments and pilot reports on cyber security, and transition to practice.

Primary Questions:

• What assets we are protecting?

We are focusing on protecting assets, infrastructure of the network, availability of the network resources, maintaining confidentiality of personal data, and others.” Classification of assets into three categories which are transmission of information on the network, physical storage of information, and information stored on virtual machine” (Ryan, 2011).

• Why intrusion occurs?

From the research we have analysed that intrusion occurs in the system due to weak cyber-crime detection system, no privilege given to escalations and reviews, applicability of policies, no procedures and processes implemented for proactive auditing. “The emphasis is not given on the event management. The organization infrastructure does not include authentication and authorization technique” (Wuest, 2013).

Secondary Questions:

• What are the major challenges for the businesses?

The major challenges which are faced by the businesses are increasing complexity of the environment, exploitation and emergence of new threats, limitation of security procedures, limitation of budget for the implementation of security procedures, and no accumulation of qualified experts for taking security measures. “The security measures should be planned for securing the mobile devices of the organization” (Effiong, 2016).

• Why attacks are not able to be detected?

“Most of the companies are not able to detect the cybercrime activities. The hackers can badly exploit the data structure of the organization” (Moonen, 2016). The research should be organized to know the reason why the organization not able to detect the occurrence of the abnormal activities. The escalations should be severely taken for consideration for reviewing the security procedures of the company.

• Why are attackers not punished for their deed?

“It is hard to detect the hacker and collect evidences against him. The laws are not applicable internationally” (Budish, 2015). The international legislation should be developed for the cyber-crime as it can takes place globally.

• What is the motivation behind cybercriminals?

“Cybercriminals carry out the criminal activities for financial gains. Political reasons can be the source of motivation” (Curtis, 2016).

• What is the target of the attacker?

From the research, it has been analysed that the attacker focus on gathering confidential information of the organization.

The research should be proposed for analysing the answer of the question that what are the limitations of the small enterprise? The research hypothesis is divided into two categories. The first hypothesis focuses on generating report on the information security program indulges in the organization. “The second hypothesis focuses on the study of literature review. It also focuses on managing the connectivity of the internet program within the enterprise” (Kumar, 2015). The report is generated which focuses on the information security program of the organization. Research hypothesis focuses on the written security policies and procedures which are undertaken by the organization. The report is generated on the type of security breaches which the organization faced during its working curriculum. The focus is also given on the loss experienced by the organization in terms of finance, confidential data of the organization, and confidential and private data of the employees. The experienced of the organization on the unauthorised accessing of data within the curriculum of the enterprise. The security measures which are undertaken to mitigate the risks associated with the firm. The failure of the security measures to overcome the risks should be analysed briefly to make the enterprise proactive in against of viruses and attacks.

The data is collected for the research from the following sources:

Research Areas:

The following are the areas which should be taken under consideration for identifying the cyber-security problems:

• Development of trustworthy system
• Development of methodology
• Development of metrics for enterprise level
• Development of parameters for system evaluation life cycle
• Combating with the occurrence of insider threats
• Development of identity management scheme at global level
• Development of time critical system
• Understanding of situation
• Understanding of attack attributes
• Development of provenance related to hardware and software
• Security measures for awareness of privacy
• Development of usable security methods
• Development of attack model
• Development of process control security system
• Development of security protocols

The strategies and programs which are used for analysis of cyber-crime activity and associated measures which the organization takes to mitigate from the cybercrime situation are described in the table below:

The research methodology which is used for collecting data to carry out the research are based on the following:

Primary Data:

The primary data is collected through the method of interviews and questionnaire.

• Interviews: The interviews were conducted with the top executives of the organization to know the real situation of the cybercrime and associated security measures which are used by the enterprise. During the interview, we analysed that the organization does not use rules and policies for security methods, no central database is organized, no deployment of training program, and other.
• Questionnaire: It was organised between the professional to gather views and opinions of the respondents. It makes the clear picture of the events related to cyber activities. It helps in providing different alternatives which can be used for mitigating risks.
• Key areas of the research are categorised as security methods adopyted by the organization, awareness among the employees about the cyber security, and following of security norms
• Analysing of cyber security system

Secondary Data:

 The secondary data is collected in the form of evidences collected from the literature review. It is used for determining the flow of action in which the attack takes place. It helps in providing various action plan which can be undertaken to mitigate the risks.

From the research we conclude that initiatives should be taken for enhancing the privacy and the security measures for the effective development of the enterprise.

Abdullah, M. (2011). Research proposal on information security. 1st ed. [ebook] Available at: https://www.mastersthesiswriting.com/blog/sample-research-proposals/research-proposal-on-information-security.html [Accessed 06 Jun. 2017].

Bos, H. (2014). National cyber security research agenda. 1st ed. [ebook] Available at: http://www.google.co.in/url?sa=t&rct=j&q=research%20proposal%20on%20cyber%20security%20in%20business&source=web&cd=2&cad=rja&uact=8&ved=0ahUKEwiApfjIoKjUAhUBs48KHfXPB6YQFgg6MAE&url=https://www.nwo.nl/binaries/content/documents/nwo/algemeen/documentation/application/ew/cyber-agenda/Cyber%2BAgenda%2B20141111.pdf&usg=AFQjCNHDa7hHdcrNaynPQYRzNU2l_l6Rog [Accessed 06 Jun. 2017]. 

Budish, R. (2015). Privacy and cyber security. 1st ed. [ebook] Available at: https://dash.harvard.edu/bitstream/handle/1/28552575/02Cybersecurity.pdf?sequence=1 [Accessed 06 Jun. 2017]. 

Curtis, K. (2016). Research Methodology. 1st ed. [ebook] Available at: http://shodhganga.inflibnet.ac.in/bitstream/10603/120320/8/08_chapter%202.pdf [Accessed 06 Jun. 2017]. 

Effiong, E. (2016). Cyber-crime control, prevention, and nvestigation. 1st ed. [ebook] Available at: http://www.academia.edu/4259163/Cyber_Crime_Research_Proposal [Accessed 06 Jun. 2017]. 

James, C. (2012). Cyber-security threats, challenges, and opportunities. 1st ed. [ebook] Available at: https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf [Accessed 06 Jun. 2017]. 

Kumar, A. (2015). Cyber security research development. 1st ed. [ebook] Available at: https://www.dsci.in/sites/default/files/Cyber%20Security%20Research%20Developments%20_Global%20and%20Indian%20Context%20.pdf [Accessed 06 Jun. 2017]. 

 Louis, L. (2016). Progress and research in cyber-security. 1st ed. [ebook] Available at: https://royalsociety.org/~/media/policy/projects/cybersecurity-research/cybersecurity-research-report.pdf [Accessed 06 Jun. 2017]. 

Moonen, M. (2016). A road map for cyber-security research. 1st ed. [ebook] Available at: https://www.dhs.gov/sites/default/files/publications/CSD-DHS-Cybersecurity-Roadmap.pdf [Accessed 06 Jun. 2017]. 

Ryan, J. (2011). Program on information resources policies. 1st ed. [ebook] Available at: http://www.pirp.harvard.edu/pubs_pdf/ryan/ryan-i01-2.pdf [Accessed 06 Jun. 2017]. 

Wuest, K. (2013). Cyber security research and experimental development program. 1st ed. [ebook] Available at: https://www.cse-cst.gc.ca/en/system/files/pdf_documents/csredp-prdecs-eng_1.pdf [Accessed 06 Jun. 2017]