The Skyward Company is an IT based organization, which focuses on the creation of the IT based products such as software, hardware and various other websites. The company makes use of the various software in order to deal with the various ongoing projects that are undertaken by them. In the previous times, the data that was used by the company was mainly stored in the paper based format. With the advancements in the field of technology, the company makes use of the electronic based methods that would be helpful in recording the data of the customer, telephone numbers, emails, accounting and financial based information. In order to deal with the issues that affects the cyberspace within the organization, the organization would need to adapt such kind of changes that would be helpful for securing the vital data of the organization (Von Solms & Van Niekerk, 2013).
2. Analysis of Current Research on the Subject Matter
The use of cybersecurity within an organization would play a major role for the protection of the vital data of the organization and thus ensure that the projects and the services would be able to function without facing any such kind of difficulties or any such kind of delays (Uma & Padmavathi, 2013). In the recent times, most of the organizations depend exclusively on the use of the computer systems and the functioning of the internet based platform. They also require the use of contacting with their clients on a daily basis and also perform such kind of tasks that would require a high level of research, strategic based planning and other kind of strategies based on marketing. The overall financial based success of the organization would mainly depend on the successful based implementation of the set goals that would again depend on the significant health of the computers (Todorovic et al., 2015).
It is extremely vital that the systems would remain free from several kind of intrusions from different kind of third parties who might always attempt to gain an unauthorized access to the systems. The failure on the part of the IT security experts would result in the loss of vital data, loss on the competitive information and loss of the private data of the customers or the employees.
The implementation of the cyber security is done through the control of access and the CIA based principles. Access control could be defined as the procedure for the process of controlling the limit of access to the information and to the extent of the alteration of the message by the specific person. The control of access also incorporates the control of the arrival to physical based facilities (Zhou, Varadharajan & Hitchens, 2013).
The CIA based principles stand for confidentiality, integrity and availability. These principles would refer to the three basic qualities or the different states of data that are being protected (Block & Block, 2014). The data should be kept in a confidential state such that the unauthorized access or the spying of the data should be stopped. The data should retain their personal identity, which would mean that the alteration, destruction or the manipulation of the data should be stopped. The data should be made to available whenever it would be needed by some person. This would mean that there would not be any DDoS based attacks or any kind of ransomware based attacks that would be a fact of danger for the availability and the integrity of the data (Zargar, Joshi & Tipper, 2013).
The British Standard based on the Information Security Management would be suggesting certain kind of steps that would be concerned on the basic planning of an Information Security Management System (ISMS). The steps are Identification of the Assets, Assessment of the Various Kind of Risks and the Treatment of the Risks.
Identification of the Assets – The various kind of assets for any organization could be defined as the physical antique of any organization that would include historical based data, photographs and the electronic based inventories (Campbell, Jardine & McGlynn, 2016).
Assessment of the Risks – A physical based breach would help in resulting in the cases of theft of the important items and the financial based records of any organization. A digital based breach would result in the spying of the correspondence of the emails between the business partners, customers or experts by creating a botnet and the stealing of the sensitive data of the customer (Haimes, 2015).
Treatment of the Risks – The installation of an alarm system would be helpful in minimizing the amount of risks and thus the protection of the physical assets of the organization. The different types of software and the operating systems that are used within the organization should be maintained properly and they should be updated on a regular basis such that they do not face any kind of vulnerabilities. The security of the system is mainly based on the type of programs that are designed by the IT security experts. The access should be granted to those computers who would be designated to such kind of access. The security based personnel should be given a proper training based on the kind of vulnerabilities that could affect the system. The security personnel should not use the computers in an irresponsible way, which might put the computers at a level of risk from being hacked from various kind of attackers.
3. Recommendations for improving the use of Cybersecurity within Organization
The trust based relationships among the different individuals within the various units of the business, the IT based organization and the different functions of the cyberspace could be difficult to maintain because of the fact that these groups can sometimes function at cross based purposes (Sankowska, 2013). The cybersecurity based team should be able to impose certain protocols related to the safety that would be inconvenient for the employees to impede within their daily based operations. In order to close the gap of trust between the IT groups and the functions of cybersecurity within the business processes, the organizations would be able to provide the training based on the comprehensive based security related to staffers at different levels of the company. This would might include the meeting in town hall, different kind of training modules and various form of workshops that would mainly focus on the identification of the variable types of cyber threats and the outlining of the appropriate responses when the employees would witness any form of suspicious activity. These kinds of training could be helpful for the business based employees to understand the justification for the protocols based on cybersecurity and thus raise their level of awareness (Ben-Asher & Gonzalez, 2015). The awareness could signal the various units of the business that the level of cybersecurity would be a shared responsibility. Anyone who would have access to the confidential based systems and data should play a major role for ensuring the safety of the data.
Based on the above discussion, it could be concluded that the Skyward Company should focus on the proper implementation of the use of cybersecurity within the organization. They should develop several kind of mechanisms by which different cybersecurity professionals and the IT could learn about the several implications of the initiatives of IT based security on the various operation of the business. The use of cybersecurity within an organization plays a major role within the organization and hence this aspect should be taken into deep consideration so as to protect the security and integrity of the company.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 51-61.
Block, J., & Block, J. H. (2014). The role of ego-control and ego-resiliency in the organization of behavior. In Development of cognition, affect, and social relations (pp. 49-112). Psychology Press.
Campbell, J. D., Jardine, A. K., & McGlynn, J. (Eds.). (2016). Asset management excellence: optimizing equipment life-cycle decisions. CRC Press.
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Sankowska, A. (2013). Relationships between organizational trust, knowledge transfer, knowledge creation, and firm's innovativeness. The Learning Organization, 20(1), 85-100.
Todorovi?, M. L., Petrovi?, D. ?., Mihi?, M. M., Obradovi?, V. L., & Bushuyev, S. D. (2015). Project success analysis framework: A knowledge-based approach in project management. International Journal of Project Management, 33(4), 772-783.
Uma, M., & Padmavathi, G. (2013). A Survey on Various Cyber Attacks and their Classification. IJ Network Security, 15(5), 390-396.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), 2046-2069.
Zhou, L., Varadharajan, V., & Hitchens, M. (2013). Achieving secure role-based access control on encrypted data in cloud storage. IEEE transactions on information forensics and security, 8(12), 1947-1960.