Cyber Security Essay: Objectives, Scope, And Literature Review.

The concept of the internet is playing a very vital role in the field of individual user as well as business bodies. This directly puts an importance factor in the field of security, which is involved into the aspect. Security can also be considered as an important key relating to the modern connected world and can be considered a crucial factor in order to achieve success for new technology emerging in the field of information technology. The growing dependence on the digital networked system, services and the products has eventually brought a major rise in both the quality and the variety of the cyber threats. The criminals who are related to the cyber security are becoming very much inventive (Von Solms and Van Niekerk 2013). In recent times, there is a huge increase in the number of cybercrime activity – some accidental and others deliberate.

The main aim of the report is to put emphasis on the concept of the cyber security taking into consideration all the aspects, which can be related to the topic. The focus point would be on the project objectives relating to the project scope and literature review.

The main project objectives, which can be defined in the area of cyber security, are:

Project objective 1: Safeguard the infrastructure of the critical information.

Project objective 2:  Respond to, recover and resolve from the cyber security and the attacks though timely responding of information collaboration, sharing and action.

Project objective 3: Establish a regulatory framework and legal to enable a vibrant cyberspace.

Project objective 4: Foster a basic culture of the security related to cyber that promotes the appropriate use and safe guard the cyber space.

Project objective 5: Cultivate and develop the national cyber security capability (Liu et al. 2015).

Collectively these objectives are important in creating a foundation for the protection against and preparing for the threats related to cyber (i.e. a proactive approach to cyber security). This mainly takes into consideration the detection, responding to and recovering from the challenges and the threat (i.e. reactive cyber security aspects) (Bonaci et al. 2015).

Few points that can be incorporated in top of the above stated objectives in the project that would play a vital role in the sphere of cyber security risk management are:

• A framework, which is effective: A framework should always be adopted, fine-tuned to an organization’s particular circumstances and the type of data which is being protected. The executive need to establish proper governance that directly applied to all the organization resources – its processes, people and technology. Implementing and choosing an appropriate framework is an essential first step to build a cyber-security management program (Hong, Liu and Govindarasu 2014).
• End to end scope: A cyber security program should always be comprehensive to successfully cover up all the important aspects. The important aspect involve the vital data, which are incurred in the organization. It is a challenge for the organization to discover all the locations, which contains the data. This is due to the factor that the ever growing number of devices in the network. In addition this the organization must adopt an approach which can be termed as comprehensive to identifying every cyber security area – from third party vendors to work processes.
• Thorough Risk assessment and threat modeling: The concept of identifying the risk that could reinforce can be very much critical step to prioritize cyber security threats. In prioritizing the team of the cyber, security should take into consideration the organizations data from an outside perspective. This is done to identify which data is vital and can be attacked by the hackers. This perspective would directly help the team to develop an effective cyber security strategy to help prevent attacks, which are likely to occur.
• Dedicated cyber security resources: this point can be considered as a last point, critical element can be considered as a personal who is very much dedicated in managing the organizations cyber security aspect and related to it, its issues. To establish an effective cyber security risk management program it is very much essential that the responsibility and the roles are clear and very much clearly defined (Robert and Directorate 2015).

The project scope, which is related to the cyber security, can be broadly divided into few categories. The following example gives a detailed explanation of the future scope of the aspect.

• Growth of internet of things: The concept of the internet of things are playing a role in the daily life of the user. This concept blurs the virtual and physical world. This entanglement leads to the online risks, which becomes intangible, contributing to future cyber security (Thakur et al. 2015). The social norms evolve sufficiently that the internet of things is very much an affective way and those who use the technology can be viewed as antiquated.
• Proliferation of offensive tools: The cyber quality offensive government and the concept of the attacks proliferation of the simple attack can tool both the frequent incident to contribution. The cyber criminals can steal the information from the organization reuse this. Intelligent agencies stockpile zero day vulnerability rather than informing the affected vendors resulting in the deluge of the breaches of the data (Cavelty 2014).
• Privacy becomes reinterpreted: The “digital natives” who have been raised up in the ages of the social networking and ubiquitous access of the internet reinterpret the basic concept of the privacy. Individual become more accustomed to the development of technology, which is invasive, which directly offer great productivity and benefit. Lives are lived “online” and the reputational damage is frequent as citizen display intimate histories through digital portals.
• Heterogeneity of state postures: The heterogeneity of the state technology postures stifles international agreement and cooperation over the norms of the cyber. This raised global tension as attacks increasingly originated from “safe havens” who refused to prosecute the cyber criminals. The challenges of the attribution related to the digital leads to a fragmentation of understanding which is shared, with nation treating their allies with cool suspicion (Hahn et al. 2013)

There are no answers when relating to the solution for the concept of the cyber security. It is apparently increasing that there should be steps that should be incorporated by the global community as well as individual organization. This would directly help drive demonstrable progress in order to reduce the risk, which are related to the cyber security. The concept can be linked with collaboration to reach an agreement on the principles, standard, laws protocol and norms of conduct – with recognition that can trusted which has been continuously validated and earned. NIST framework of the cyber security can be considered as a tool, which can help an organization to understand their level of risk and the chart a basic path towards a more standardized and appropriate state of preparedness and sustainable risk. An organization in order to move to a more appropriate, transparent and sustainable supply chain management requires three things to be precise.

• Know how to address the risk
• Understand what the supply chain risk
• Motivated to act by external drivers and internal drivers and to be held directly accountable if they fall short.

Project Scope

Important tools help the organization to address the cyber security risk; the O-TTPS (Open trusted technology provider standard) focus on the supply chain and the third party risk. O-TTPS mitigating malicious tainted and product, which are counterfeit products V1.0, recognized by ISO during the third and fourth quarter -of 2015. Cyber security initiative in order drive the collaboration concept of the cyber stakeholders in order to address some concern areas such as difficult cyber issue. Organizations has to understand the overall all the factors that are involved in the concept of then cyber security. The NIST standard neutral tool, which provides the organization with one piece of standard neutral tool in order to access their own cyber security risk. This allows the organization to prepare themselves towards achieving the set of ability to incorporate the set of course towards a more appropriate posture of security into their risk environment. The O-TTPS standard categorizes and identifies applicable technology industry secure engineering and the supply chain integrity relating to best practice whose use in a systematic way can make the vendors product worthy of being considered more secured and trustworthy. The field of the trust and the trustworthy can be directly related to the sector of commercial and government enterprise customer (Jouini, Rabai and Aissa 2014).

The success factor play a very vital role in the journey to a more secured state for an individual organization. It is very much vital for any organization to identify and put forward the basic of all the factors into one place and put forward a basic set up to prevent those situations. The key factors, which are involved in order to address the security risk of the organization, are governance, commitment, clear requirement for the security aspect, consistent processes and the performance matrix for internal compliance, individual and transparency. The organizations should make commitment at every level in order to address privacy risk and cyber security, systematically incorporating these factors into the risk management prospective should be incorporated as a part of an overarching strategy to prioritize, inform and address the current and the risk challenges in the future.

• Involvement of senior management and the leadership from across the organization.
• Continually monitoring of basic effectiveness of the risk management and the implementation of the program.
• Having a metrics of performance that align with the baseline requirement.
• To be very much transparent and open with the customers and the stakeholders regarding the progress of the risk management, success and the rate of the failure. This transparency which is coupled with organization and the organizational accountable to dynamically address the risk in the risk fluid environment.

The field of cyber-attack can be broadly be classified into five types:

• Brute force attack: An algorithm or a program, which is sophisticated which is written so that it can attack the search – by searching for vulnerability - and in many of the cases arracks a password protection mechanism. The brute force attack use the concept of software, which is specially designed to go through thousands of different words in order to crack the password (Robert and Directorate 2015).
• Social engineering / cyber fraud: In this prospective the attackers does not attacks the system but they actually attack individuals. This type of attack can be considered as a type of attack where the data is not the target; it targets the money and ones it has transferred its unlikely that the money cannot be retrieved.
• Distributed denial of service attack (DDoS): This type of attack mainly incorporates that the system is overloaded with connections with a goal of ultimately shutting down the target website or the system network. It is where the hackers overload the system with a main motive of hoping it and shutting the system down the network and you will not be able to access the business operation.
• Phishing attacks: The phishing attack can be considered as one of the most basic forms of cyber-attack. Keeping up with the method of some phishing, attack is proving to be very much difficult.
• Malware, ransom ware, spyware: Each of this attack has their own objectives and motive. Any one of these attack is a direct attack on the software of the system of the user. If a malware is introduced into the system, it will directly cause intended damage and this damage could be erasing all the information, which are contained on the hardware of the system. Other type of attacks mainly are incorporated into non-IT sectors where there are no such sophisticated technique to counter the attacks (Wang and Lu 2013).

Conclusion

It can be concluded from the report that the concept of the cyber security can be applied all over the platform of internet. The people being more addicted to the concept of internet it has directly helped the hackers to indulge in activity, which is unethical. There are different countermeasures that can be applied in this aspect so that the data of an individual or business body are kept safe. Taking into consideration the data of an organization, it is very much viral to safe guard the data. If the data is in the hand of hackers, it can directly lead to a big problem from the point of view of the organization. In the report the project scope as well and the project objectives are taken into consideration. The different aspects such as the supply chain management also play a very vital role in the sector of the security, which is related to the cybercrimes. The overall effect of the crime can be minimized using the prospective of the stated remedies. In the near future, it can be estimated that the role that would be played in the concept of the cyber security and the crime related to it would be on the higher end so sophisticated approach has to be incorporated to minimize the overall effect of the crime.

References

Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T. and Chizeck, H.J., 2015. To make a robot secure: An experimental analysis of cyber security threats against teleoperated surgical robots. arXiv preprint arXiv:1504.04339.

Cavelty, M.D., 2014. Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities. Science and Engineering Ethics, 20(3), pp.701-715.

Hahn, A., Ashok, A., Sridhar, S. and Govindarasu, M., 2013. Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on Smart Grid, 4(2), pp.847-855.

Hong, J., Liu, C.C. and Govindarasu, M., 2014. Integrated anomaly detection for cyber security of the substations. IEEE Transactions on Smart Grid, 5(4), pp.1643-1653.

Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.

Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M. and Liu, M., 2015, August. Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX Security Symposium (pp. 1009-1024).

Robert, M. and Directorate, I.C., 2015. ISR.

Thakur, K., Qiu, M., Gai, K. and Ali, M.L., 2015, November. An investigation on cyber security threats and security models. In Cyber Security and Cloud Computing (CSCloud), 2015 IEEE 2nd International Conference on (pp. 307-311). IEEE.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Wang, W. and Lu, Z., 2013. Cyber security in the Smart Grid: Survey and challenges. Computer Networks, 57(5), pp.1344-1371.