The aim of the report is to understand the challenges of cyber security for business. It consists of three assignments which includes literature review, business research proposal and reflective journal. The objective of the study is to understand the challenges faced by business in cyber security and what changes can they do to overcome the challenges.
Assignment 1: Literature review
1.0 Literature review
Literature review is one of the major requirements for conducting research in effective manner. It plays important role in collecting secondary information about the research subject. The current research is based on different challenges that are associated with Cyber security in business. For conducting review of literature author needs to select different research papers on tools and strategy of cyber security, methods to overcome challenges in cyber security.
1.1 Literature review scope
Cyber security involves protection of computers, its hardware, software and the information stored in it (Donaldson, Siegel and Aslam, 2015). The use of internet, cloud computing, electronic devices and online business has increased the importance of cyber security in the business. These policies have improved the productivity and efficiency but they have also increased the security challenges. According to Safety Outlook, 2016, “1 out of 40 business units are at the risk of cyber crimes and attacks” (Safety Outlook, 2016). Their policies and procedures are not of top notch quality which makes them vulnerable. They should have proper monitoring system, security controls and framework which will enable them to take the advantage of information technology. Stuart, 2016, agrees that “Organisations should use counter balancing techniques to maintain a balance between ever changing business environment and security issues” (Stuart, 2016).
1.2 Literature review objectives
Major objective of conducting literature review is obtaining secondary information about the cyber security. It helps in getting insights to understand the research problem in effective manner. Along with this, to gain background knowledge information about the research subject is also one of the major objectives of current literature. Including this, objective of literature is to find out different theories relevant to the current subject that can help in completing this assignment in effective manner. To identify the potential area and hypothesis for research on cyber security challenge is also one of the important objectives of literature.
2.0 Literature review comparative analysis
Review of literature review includes number of research papers on cyber security in business but each and every research paper is based on different objective and findings. There are crucial differences in findings of every paper. So, making comparison between findings of various papers is known as comparative analysis.
2.1 Different theme development
1.1 Importance of security
Cyber security is important for a business. They have sensitive information which may have taken several years in the formation. They have to maintain security tools and confidentially. Earlier companies kept their information and data in paper form. But changes in technology have provided them many benefits (Jackson, 2015). They can use computer systems, cloud computing and network connections to store the data. They can easily share information with different departments with the help of technology. Large corporations and business units have ample of funds to invest in security of their data. Small and medium scale business finds it very difficult to maintain and develop their security levels. According to Klimoski, 2016, “43% of the attackers target small businesses. They steal information and customer data from their system” (Klimoski, 2016). Lack of security can cause various problems:
- Loss of intellectual data and property
- Damage to brand image and reputation (Jacobs, Solms and Grobler, 2015).
- Low confidence in the company
- Unwanted litigations
- Increased scrutiny and regulations
- Business interruptions
- Breach in privacy of customers
- Reduction in market share
Protection of reputation: Jacobs, von Solms and Grobler, 2016, states that “Brand image and reputation of a company takes several years to develop but a single incident which breaches its security can cause damages to it” (Jacobs, von Solms and Grobler, 2016). Cyber security has become a challenge as well as a priority for senior executives. According to Kaplan, Bailey, Marcus and Rezek, 2015, “82 % of the senior executives consider IT security as a important element in protecting the brand and reputation of the company” (Kaplan, Bailey, Marcus and Rezek, 2015).
Intellectual property: Companies have their own mission, goals and objectives which makes them different from their competitors. Donaldson, Siegel and Aslam, 2015, believes that “Cyber crimes and attacks can result in loss of competitive advantage for a business” (Donaldson, Siegel and Aslam, 2015). Loss of patents, secrets and techniques can be very detrimental for the company.
Avoiding technological failures: As per Jacobs, Solms and Grobler, 2015, “Cyber attacks can causes disruption in manufacturing and service related provisions of a business.” (Jacobs, Solms and Grobler, 2015) It causes problems for the company as it makes it difficult for them to function properly. It increases cost and expenses to resolve the issue. On the contrary, Grau and Kennedy, 2014, believes that “Companies should not wait for any failure to happen and they should maintain proper control and monitoring system” (Grau and Kennedy, 2014).
Financial loss: According to Hubbard and Seiersen, 2016, “Cyber attacks cause long term problems including loss of trust and litigations from many parties” (Hubbard and Seiersen, 2016). Apart from this, it affects the functioning of the company in a big way.
Why cyber security has become a challenge
Many companies have strengthened their cyber security in the last five years. They have developed formal processes to identify security risks in the company. Mitigation strategies have been developed after setting priorities for different risks associated with the business. According to Jacobs, von Solms and Grobler, 2016, “ Companies have increased their budgets so as to ensure high level of security” (Jacobs, von Solms and Grobler, 2016). Desktop environment has been limited by disabling USB ports and web mail services. It has become difficult fro companies to protect their data and business information due to technological changes and ever changing corporate environment. The new trends which have emerged in businesses are:
Interconnected supply chains: Companies have connected their customers and vendors to their network. This has affected the security policies of the company. Customers and partners has become a weal link which can be used by criminals for cyber attacks.
Complex cyber attacks: Professional cyber experts have advanced technologies and software. It has increased complexity in the integration. Many organizations find it difficult to monitor changes and improve their existing system. They have to invest more money and efforts to update their security levels.
Dependency on online and digital data: The main reason why companies are facing more cyber attacks is because of increased dependency on digital data. The amount of online data has increased significantly which has attracted many cyber criminals. Information includes market data, customer information, new product launches, transaction information etc.
More access to networks: The employees are given more access to business information. Earlier, they were only allowed to view company's data in the premises. But due to smartphones and tablets this restrictions has been removed. It has given facility to the employees but it has also increased security threats.
1.2 People challenge and insider threats
According to Cyber security challenges, 2016, “ The biggest security challenge for a business is not the technology but it is insiders and employees” (Cyber security challenges, 2016). Lack of training and knowledge about organizational policies can lead to data breach risks. Klimoski, 2016, agrees that “Human error, omissions, poor decision making and process breakdown can be found in all the data breaches” (Klimoski, 2016). Business can face trouble due to many reasons. It includes loss of portable devices, using weak passwords by the employees, insecure access to company’s data etc. Jacobs, Solms and Grobler, 2015, believes that “Many employees bring additional risks in the business because they don’t follow the policies of the company” (Jacobs, Solms and Grobler, 2015). There are many rules and regulations for outsiders and the company makes sure that they do not provide access to them. But this perception is not correct because firms are not prepared for insider threats. According to Kaplan, Bailey, Marcus and Rezek, 2015, “25% of security attacks and breaches are done by insiders who surpass their rights” (Kaplan, Bailey, Marcus and Rezek, 2015). Furthermore, there are many incidents which are not reported to the senior managers. Insider threats can be more harmful as compared to external threats. They can provide confidential data and information to the competitors. It can affect the competitive position of the company in the market. Cyber security, 2016, believes that “People do not consider Australia a leader in technology. Business units in Australia bring technologies from overseas which increase the risk of safety and security” (Cyber security, 2016). It is important for people to change their perception. Business firms outsource various activities to third party especially IT functions. In this way they are giving the responsibility of protection of data to external parties. They have to share sensitive data which includes information of clients, customers, finance, employees, patents etc.
Donaldson, Siegel and Aslam, 2015, states that “Small business units have limited funds and they lack standardized systems and devices. They fail to encrypt their devices which affect the security” (Donaldson, Siegel and Aslam, 2015). They often use same devices for their business and personal use. This increases the chances of losing data. Employees should be given training so that they comply with the rules and regulations of the company. Companies have to make sure that there is an additional layer in ground level safety and security. Hubbard and Seiersen, 2016, believes that “Only those people should be allowed to access sensitive data who need it to perform their duties” (Hubbard and Seiersen, 2016). As a result, only few people will be allowed to access the confidential information of the company. It will reduce the chances of losing data or cyber attacks. Apart from this, basics of digital security should be taught to the employees. People and insider threat has become a major challenge for business units in Australia. Companies have lack of control on their employees. Stuart, 2016, states that “Many companies have admitted that they do not have any concrete strategy for their employees in terms of data security” (Stuart, 2016).
1.3 Process challenge
Grau and Kennedy, 2014, believes that “Structure framework is required to ensure high level of safety in the organisation” (Grau and Kennedy, 2014). It will protect critical systems and confidential data. All the process and procedures should be designed with the help of experts. It should be standardized for all the employees. Moreover, it should be reviewed at regular intervals and relevant changes should be made in it. An effective security framework can only be designed with the help of employees and experts. It also relies on the technology and processes adopted by the company. Donaldson, Siegel and Aslam, 2015, suggests that “Information Security management System should be used by compares to protect their data and to avoid cyber crimes” (Donaldson, Siegel and Aslam, 2015). But still many companies have failed to implement an effective process which helps them to avoid such unwanted activities. Security framework includes planning, developing security structure, procedures, practices and allocation of resources. According to Safety Outlook, 2016 “ Companies only apply those policies which have to be mandatorily followed as per the Government” (Safety Outlook, 2016). They do not understand the importance of data security. Inefficiency and lack of in house training are also challenges which are faced by the companies. Large corporations usually follow top notch security to avoid cyber attacks (Bryman and Bell, 2015). But when they collaborate with other companies their security levels gets affected. Small companies have lack of funds to maintain the same level of safety and security. It affects the security and control level of large corporations which work with them (Zikmund, 2012).
1.4 Technology challenges
As per Jacobs, von Solms and Grobler, 2016, “The change in the risk environment has been due to the adoption of new techniques and technology in the business” (Jacobs, von Solms and Grobler, 2016). Organizations have to make changes in their processes and procedures to implement the new system. They find it difficult to identify the loopholes which make it vulnerable to cyber attacks. On the contrary, Stuart, 2016, believes that “Security threats can come in variety of forms and they are not limited to new changes or technology” (Stuart, 2016). It is important for a business to maintain good security level in the organization. All the employees should follow standards set up by the management. According to Donaldson, Siegel and Aslam, 2015, “Companies will face technological challenges due to increased networks, communication system and interconnected devices” (Donaldson, Siegel and Aslam, 2015). Jacobs, von Solms and Grobler, 2016, agrees that “Australia’s IT sector and business environment has shown tremendous growth and cyber security has been an important element in it” (Jacobs, von Solms and Grobler, 2016). Apart from this, lack of leadership has been a challenge and companies fail to recognize the implication and action needed for the implementation. Companies have their stores in multiple locations and they need effective communication to connect all the units together. Grau and Kennedy, 2014, believe that “Interconnected devices and innovations have opened the door for cyber attacks and data breaches. It has become more frequent and severe” (Grau and Kennedy, 2014). It is a big challenge for the companies to develop and maintain impenetrable security in the business. Klimoski, 2016, agrees that “Most of the companies are not capable to perform risk assessment in their organisation” (Klimoski, 2016). They are restricted due to their budget, controlling cost, IT and risk management. IT audit directors should be allowed to take part in the decision making and the meetings of the company. As per Safety Outlook, 2016, “Technology is dynamic in nature and there is critical risk associated with it” (Safety Outlook, 2016). On the other hand, Hubbard and Seiersen, 2016, believe that “Policies and procedures of the business should be strong so as to avoid cyber attacks and data breaches” (Hubbard and Seiersen, 2016). But rapid changes in technology and lack of expertise make it difficult for a business to understand each and every aspect of cyber security. They have to changes their policies and standard after assessing the functions and techniques used in the new technology. Donaldson, Siegel and Aslam, 2015, conclude that “IT managers should be involved in the formulation of policies and procedures regarding IT security. They have knowledge about the company and they understand the challenges emerging from new technologies” (Donaldson, Siegel and Aslam, 2015). They can help the management in assessing the risk and IT skills gap.
3.0 Quality and Currency of the Literature source
Conducting literature is one of the complex tasks for researcher because there are number of research paper that can be selected by author for conducting literature. Currency of literature is based on the date of publication of the research paper. Current paper increases the quality of the literature. Quality and currency of the literature are also based on inclusion and exclusion criteria of the research paper.
3.1 Quality of the paper you choose for literature review
Researcher has selected the research papers on the basis of the quality of the findings. First researcher has chosen papers which are based on similar subjects of the current investigation. Afterwards author has analyzed the different methods which had been used by past research scholars in their research studies and use of findings in the current research. All these are considered as major criteria for selecting qualitative sources for literature.
3.2 Currency of the paper you choose for literature review
Currency of the selected sources is very important for literature because it plays important role in collecting relevant and contemporary data about the subject. Author has selected only those research papers which have been published after 2010.
3.3 Literature review sources validity and reliability
Validity of the literature are based on valid data which has been used by researchers. Along with this, process that has been used author can also increase the validity of the sources. So, author has chose only those research papers that have followed a specific method for conducting investigation. Along with this researcher has selected research papers from reliable sources that have appropriate an updates copyrights.
4.0 Research gap and contribution
There are number of researchers those have conducted investigation on this subject but after conducting review of literature author has found that all author have conducted investigation of cyber security and associated challenges. But no one has related this topic with business. So, determining challenges of cyber security in business is the major research gap for conducting this investigation.
The current literature has concluded that challenges of cyber security increase the cost of the company but reduce cyber attacks on the business. Senior managers, employees and stakeholders should be involved in the entire process. Business firms have to maintain consistency in their operations. They should make relevant changes in their security and safety procedures to avoid any risk. Innovation and rapid changes in technologies have made it difficult for the companies to have complete control over this (William, James and Arora, 2015). Many business units have room for improvement and it should be taken care by the management.
Bryman, A. and Bell, E., 2015. Business Research Methods, (Fourth Edition), UK, Oxford University Press.
Cyber security challenges. 2016. [Online]. Available through: < https://fortune.com/2016/01/26/davos-cybersecurity-challenge-business/> [Accessed on 16th April 2017]
Cyber security. 2016. [Online]. Available through: < https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf> [Accessed on 16th April 2017]
Donaldson, S.E., Siegel, S.G. and Aslam, A., 2015. Managing an Enterprise Cybersecurity Program. In Enterprise Cybersecurity (pp. 243-262). Apress.
Grau, D. and Kennedy, C., 2014. TIM Lecture Series The Business of Cybersecurity. Technology Innovation Management Review, 4 (4): 53-57.
Hubbard, D.W. and Seiersen, R., 2016. How to measure anything in cybersecurity risk. John Wiley & Sons.
Jacobs, P.C., von Solms, S.H. and Grobler, M.M., 2016. Towards a framework for the development of business cybersecurity capabilities. The Business & Management Review, 7(4), p.51.
Kaplan, J.M., Bailey, T., Marcus, A. and Rezek, C., 2015. Beyond Cybersecurity: Protecting Your Digital Business. John Wiley & Sons.
Klimoski, R., 2016. Critical Success Factors for Cybersecurity Leaders: Not Just Technical Competence. People and Strategy, 39(1), p.14.
Safety Outlook. 2016. [Online]. Available through: <https://www.safetyoutlook.com/cybersecurity-challenges-facing-small-business/> [Accessed on 16th April 2017]
Stuart, D., 2016. Defence mechanism. Company Director, 32(6), p.40.
Zikmund, W. G., 2012. Business Research Methods, (9th edn), USA, Cengage
Sherri L. Jackson, 2015), Research Methods and Statistics; Critical Thinking Approach, (5th edn), USA,Cengage.
William, T., James, P. and Arora, K., 2015. Research Methods: The Essential Knowledge Base, (2nd edn), USA, Cengage
Assignment 2: Business Research Proposal
1. Aims and Motivation of the project
The main aim of the research is “To identify methods and standards to overcome challenges in cyber security in business”. The major motivation behind this research is that the previous papers and literatures on cyber security are only limited to the types of challenges and problems faced by the business. They do not provide methods which can be adopted by companies to reduce risk of cyber crime.
There are three objectives of the research which are given below:
- To assess the importance of cyber security tools and strategy
- To identify methods to overcome challenges in cyber security
- Role of employees and management in the development of cyber security standards
2. Research Questions and hypotheses development
- What is the importance of cyber security tools and strategy in a business?
- What methods should be adopted by companies to overcome cyber security problems or challenges?
- How employees and management influence the safety and security measures taken by the business to maintain high level of security?
Researchers can carry out further researches to find out the universal applicability of the standards and methods adopted by the business. This research will also be useful for business organization is assessing their present procedures and cyber security methods. As per Taylor, Bogdan and DeVault, 2015, “Companies have increased their budgets to ensure high level of cyber security” (Taylor, Bogdan and DeVault, 2015). Literature review shows the importance of safety and security of information and data.
Definitions related to the study
- Cyber security: Jacobs, von Solms and Grobler, 2016, states that “Cyber security means protection from intentional harm or unauthorized use of electronic information and devices” (Jacobs, von Solms and Grobler, 2016).
- Safety and security: According to Hubbard and Seiersen, 2016, “Safety and security is a state of being protected or away from danger and harm” (Hubbard and Seiersen, 2016).
- Cyber security challenges: As per Cyber security challenges,2016, “There are three major challenges in cyber security for a business: Process challenge, people or insider threat and Technology challenge” (Cyber security challenges, 2016).
- Different business operating in Australia which makes use of electronic information and communication devices.
3. Research Design and Methodology
This research is based on the methods which should be adopted by companies to overcome cyber security problems or challenges. Literature review, surveys and questionnaire has been used to achieve the objective of the study. The Research design and methodology section will include research philosophy, scope, population, sampling, limitations and analysis techniques used in the investigation. Both primary and secondary information has been used in the analysis to increase the effectiveness of the research.
Research methodology is used for conducting a research in a systematic and organized manner (Mackey and Gass, 2015). It will allow the researcher to apply appropriate methods and techniques which will help him to resolve the research problem. Research methodology should include philosophy, aims and objectives, research design, approach, sampling method and data collection method. It will help the author in conducting the investigation in a structured manner. He will be able to identify different methods and standards to overcome challenges in cyber security in business.
Research philosophy is a method which helps in collection of data, its analysis and interpretation (Taylor, Bogdan and DeVault, 2015). It will allow the researcher to find out methods to overcome cyber security problems or challenges. In the present study, the author should apply positivism research technique. Research philosophy has two methods which consist of positivism and interpretivism. Positivism helps in understanding the research questions and it allows the author to gain deeper knowledge in the subject matter. On the other hand, interpretivism throws light on the subjectivity of the research. In this study, positivism should be applied.
Research design is a blue print which helps the researcher in collecting the information and analysis. It is selected after considering the nature of the research (Silverman, 2016). The present study is subjective and descriptive in nature. Descriptive method should be applied by the author in the investigation because it is based on survey and questionnaires. Apart from this, there are two more methods in research design. It includes experimental design and cause & effect design. Experimental design is used for establishing relations between independent and dependent variables. It is used by the researcher to test their hypothesis. Cause & effect design shows the cause and effect relationship between different variables. The author has used descriptive research design which is more appropriate for the current research. It will give essentials details about the subject matter which can be used to draw conclusions.
Research scope and approach
Specific to general approach has been applied in the present research. There are basically two types of approaches: Deductive and inductive. Inductive approach is used for testing and developing new theories (Panneerselvam, 2014). On the other hand, deductive approach is used to study different theories which include literature review. Deductive approach should be used by the author to find out different methods to overcome cyber security problems or challenges. It will also help him in achieving the objective of the research in an appropriate manner. Furthermore, he will get detailed answers about the research questions.
Population and Sampling
Sampling is a method which involves selection of certain samples from the population to represent them (Blumberg, Cooper and Schindler, 2014). It is not possible for a researcher to collect data from the entire population. Sampling method allows him to choose some samples on which he can draw conclusion. The sample size for the present research should be 10 business units. Samples should include all the type of business namely, small, mid and large companies. Apart from this, they should be from Australia. In the present investigation, random sampling method should be used. Random sampling method involves selection of samples at random. It reduced the chances of bias and provides better results. This method is also suitable for the current study.
Samples will include all the type of business such as small, mid and large companies. They will form the part of the population on which the survey will be conducted.
Sampling and sample size
The sample size for the present research should be 10 companies which will be selected by random sampling method.
Unit of analysis
The unit of analysis in the present study includes business organizations and the methods adopted by them for maintaining safety and security of the data. These units will be collected by survey and questionnaire method. The conclusion will be drawn on these companies and the information collected from them.
In present research, the researcher has used both primary as well as secondary methods. Primary data method will use questionnaire and surveys as an instrument. On the other hand, the secondary method will use literature review.
Reliability and validity
Deductive approach is used by the researcher to find out different methods to overcome cyber security problems. Apart from this, questionnaire method has been used to increase the reliability and validity of the investigation.
Pre testing has been done for the questionnaire and survey methods by assessing the first two samples collected in the research.
Qualitative data analysis
Research techniques consist of qualitative analysis and quantitative analysis (Blumberg, Cooper and Schindler, 2014). Quantitative research technique is used when the data consist of numerical or statistical information. On the other hand, qualitative technique is used where the sample size is small and in depth details is required. In the present investigation, the author should use qualitative technique. It will allow him to avoid complexities and the research problem can be solved easily. Literature review can provide lot of details in the current investigation. Researcher will be able to identify methods and standards to overcome challenges in cyber security in business.
Research ethics consists of ethic norms which should be followed by the researcher during data collection (Taylor, Bogdan and DeVault, 2015). It includes maintaining confidentiality and safety of the participants. They should be given the option and right to withdraw them from the study. Apart from this, the data collected from the respondents should be shared with anyone without their consent. Their safety, security and privacy should be maintained at all times in the research (Silverman, 2016). In the present study, the author will have internal details about different business units in Australia. He has to make sure that confidentiality is maintained and only that portion should be used which is relevant to the current study. Furthermore, copy paste, manipulation data and plagiarism should be avoided in the entire research. So, all the norms and guidelines should be followed by the author.
To achieve the objective of the research the author needs data from different sources. There are two sources of data. Firstly, the primary data collection is used when the researcher wants to find fresh information about any subject. It consists of surveys, questionnaire, interviews etc (Blumberg, Cooper and Schindler, 2014). The second method is secondary data collection method. It uses secondary data which has already been collect by others. It consists of past researches, books, articles and government data records (Taylor, Bogdan and DeVault, 2015). The biggest disadvantage of using secondary data is that it may not be relevant for the present study. In present study, the researcher should use both primary as well as secondary data collection method. Primary data collection includes questionnaire while the secondary method will use literature review.
Data Analysis technique
Data analysis is used to gain insights which can be used to draw conclusions (Panneerselvam, 2014). In the present study, the author should use thematic analysis. It will allow him to understand the details and information which has been collected different sources. It will be better for him to use qualitative and thematic data analysis for the study. This will help him to identify methods and standards to overcome challenges in cyber security in business. Thematic analysis takes into consideration positivism, phenomenology and grounded theory which will be useful in the study. Therefore, content data analysis technique will be appropriate for the study.
Expected results from the research
The research is expected to provide methods and standards which can be adopted to remove cyber risks and to ensure safety in the business. These standards can be modified according to the needs of the business. It will allow business organizations to improve their cyber security with the help of guidelines acquired in the research
Limitations of research
There are certain limitations in the study which cannot be ignored (Blumberg, Cooper and Schindler, 2014). The author can take various steps to reduce its influence on the data. Firstly, the size of the sample is small because it is not possible to conduct research on large number of business units. Secondly, only limited information has been gathered from the samples because companies want to ensure confidentiality and privacy of the data. The research has followed a generalized approach due to different technologies, processes, control system and regulations of business units. Apart from this, small and large business firms have different budgets and cost associated with their IT and cyber security planning. Some of the companies have also outsourced their cyber security control and there data cannot be obtained. The author has taken precautions so as to avoid various limitations in the research. Moreover, questionnaire and research questions may not be able to collect insights and details about the emotional state of a person may not be possible to identify methods and standards to overcome challenges in cyber security in business.
Contribution and Conclusion:
The research methodology will allow the researcher to increase the effectiveness of the study. Both primary and secondary data has been used in the investigation to gain insights in the subject matter. Furthermore, they will be able to identify different methods, techniques and standards to overcome challenges in cyber security.
Blumberg, B.F., Cooper, D.R. and Schindler, P.S., 2014. Business research methods. McGraw-hill education.
Cyber security challenges. 2016. [Online]. Available through: < https://fortune.com/2016/01/26/davos-cybersecurity-challenge-business/> [Accessed on 16th April 2017]
Hubbard, D.W. and Seiersen, R., 2016. How to measure anything in cybersecurity risk. John Wiley & Sons.
Jacobs, P.C., Solms, S.H. and Grobler, M.M., 2015. Framework for the implementation of Business Cybersecurity.
Mackey, A. and Gass, S.M., 2015. Second language research: Methodology and design. Routledge.
Panneerselvam, R., 2014. Research methodology. PHI Learning Pvt. Ltd..
Silverman, D. ed., 2016. Qualitative research. Sage.
Taylor, S.J., Bogdan, R. and DeVault, M., 2015. Introduction to qualitative research methods: A guidebook and resource. John Wiley & Sons.
Assignment 3: Individual Reflective Journal
In my 12 weeks I have learned many things about cyber security and its importance to a business. My reflective journal includes journey of gaining in the entire period. I have applied Gibbs Reflective model so as to improve my knowledge about the subject matter. This reflective journal is based on “The challenges of cyber security for business” and a research proposal on “To identify methods and standards to overcome challenges in cyber security in business”. Literature review including various books, journals, articles and electronic publications has been used to gain understanding about the subject matter.
3.1 Gibbs reflective cycle
Gibbs reflective cycle has five stages which consist of description, feelings, evaluation, conclusion and action (Gibbs Reflective cycle, 2017) . The first stage includes the details about the subject. The second stage reflects the experience and thoughts involved in the journey. Third stage includes evaluation such as negative and positives of the object. Conclusion stage is used to draw inferences and final thoughts about the subject. The fifth stage involves creating plans and recommendations to deal wit the similar situation if future. Gibbs reflective model focuses on gaining from experience to understand the subject in a better way.
In my first week I learned about the meaning of cyber security and how it is used in business these days. Earlier all the information was recorded on paper. It consumed time as well as money. Technological changes have allowed business units to store and share information. But they should maintain safety and security in the organisation to avoid loss or theft of sensitive data. I learned about cyber crimes and guidelines of the government to avoid it.
In second week, I learned about the importance of cyber security to a business. Loss of sensitive information can lead to loss of reputation, litigations, loss to intellectual property, financial loss and technology failure. All these factors can be detrimental for the business which will have log term effect on them.
In third week, I understood about various challenges in cyber security which is faced by a business. Moreover, I understood the importance of cyber security tools and risk management strategies adopted by business units to avoid risk.
Fourth week helped me in insights about different methods which are used by companies to maintain security in their workplace. They do not provide access to outsiders and limited information is given to the employees. Staff members are given training so that they comply with safety and security standards of the company.
In week 5, I learned about the role of employees and management in maintaining safety and security in the organisation. They are involved in planning and review system. It gives them the opportunity to learn and implement various methods in the working. It has been found that many employees are involved in cyber crimes and data breaches. It includes intentional as well as unintended people.
In this week, I learned about the difference between planning and procedures of small and large corporations. Small business units have fewer funds to invest in cyber security which makes them vulnerable to cyber attacks. On the other hand, large corporations have strict rules and regulation to avoid data breach.
In this week, I recollected all the information gathered from various sources to find out the gaps in the literature. Many authors and writers have given details about cyber security and challenges. But they have not included the method and procedures which can be adopted by companies to reduce risk and overcome the challenges.
In this week, I learned about research methodology which can be adopted to develop a research proposal for the investigation. It has allowed me to select the appropriate sample size and unit which can be used to solve the objective of the research. I decided to use questionnaire method to collect data from different business units.
In thus week, I understood the limitation of primary source of data collection method. Use of only one method for my research will affect my analysis and findings. So I decide to uses both primary and secondary data to solve my research problem.
In week 10, I understood the importance of data analysis and interpretation. The data collected from various sources can be used to draw conclusions and to answer the research questions which were formed in the beginning. It will help me to achieve my main objective to identify methods and standards to overcome challenges in cyber security in business. It will help me to give recommendations to deal with the similar problem in future.
In this week, I understood about research ethics and limitations of the research. I changed my analysis and took many steps to overcome this limitation in the research. It can affect the conclusion of the report and it should be avoided or reduced. Further come, I understood the role and importance of ethics and limitations of the research in an investigation.
The final week of my research allowed me to summarize my findings and information. I can use all the information from 12 weeks of study to prepare an action plan for future use.
3.2 Learning and outcome
Literature review and coaching has allowed me to gain understanding about cyber security and its role in business. Companies have adopted new technologies which have improved their productivity and efficiency. But it has also brought additional risks associated with the data. They have lot of information and sensitive data which they cannot share with others. It provides them edge over their competitors. They also have data of their clients, customers, employees etc which they cannot share. It is essential for them to maintain high level of security so that no use can use company’s information. Cyber attacks can affect the reputation and image of the company. It also breaks the trust of people which took several years to develop.
It can be concluded from the three assignments that cyber security plays an important role in maintaining the safety and security of the company. There are three challenges which are faced by business units in Australia. It includes people challenge, process challenge and technology challenge. All these issues have to resolve by the companies by creating proper strategies and plans. It will reduce risk associated with data breach and cyber attacks. Furthermore, they should review at their system at regular intervals and make changes in it from time to time.
Gibbs Reflective cycle. 2017. [Online]. Available through: https://skillsforlearning.leedsbeckett.ac.uk/preview/content/models/03.shtml> [Accessed on 16th April 2017]