How Do Research Proposal On Cyber Security Challenges

Discuss Research Proposal on Cyber Security Challenges ?

 

 

Introduction

Increasing use of internet also increases risk of cyber threat. Huawei Company is also exposed to some security threats that are faced by its supply chain system. This research would explore these risks and would identify solutions to beat them. For assessing the security threats that would be identified for the company, the research would make use of the NIST framework.

The key objective of the organization is to make its end points secure. For this level of security, the organization already uses some procedures like USB port protection using BitLocker. The supply chain system of the organization consists of a number of propriety applications that are developed for the company and the third party solutions integrated together to take care of its supply chain operations (Veracode, 2017). However, the IT infrastructure has resulted into certain security challenges that even the USB locker is unable to prevent as the data still passes through a network causing leakage of data. Security issues that the organization is currently facing include (DHS, 2009):

• The organization does not use efficient security measures that can protect the data from leaking through the network.
• The organization is unable to establish a control over the flow of the data or keep track of the same using its existing IT systems.
• The company does not have a very sound emergency response system and thus, is unable to handle the responsibilities of detection of attacks or intrusion and clearing of those attacks.
• The company does not use sound security tools like breach indicator and data encryption that can be used for warning company in case of any attacks or prevent the loss of data respectively.
• The mobile device management system and the application control system of other organization needs a significant improvement(CGI, 2013).

Project Objective

The objective of this research project is to identify the security risks faced by the organization and come up with the recommendations to resolve them such that the security posture of the company can be improved.

Project Scope

Following activities are included in the scope of the research project:

• Identification of various types of security risks that are faced by the Huawei Company
• Exploration of the causes behind the seuciryt risks that are faced by Huawei Company
• Discovery of the ways security issues faced by the organization can be solved
• Study of literature on cyber security challenges and methods to overcome them
• Collection of the primary data for the propose of the exploration of the objectives of this research
• Recommendations on the enhancement of the security posture of the Huawei Company

Literature Review

Key concerns of the organization is its supply chain which is facing cyber security risks that needs to be addressed by improving the security posture of the supply chain of the organization. USB encryption is a major problems wit the Huawei Company as one of the security risks.  Several surveys were carried out on the company representatives to understanding what kinds of problems did they face with he USB level protection and it was found that the techniques used for the USB and enterprise level security protection was not effective enough. The organization systems failed to encrypt the data that was flowing through the network of the organization. Moreover, the organization also failed to secure the end points of the systems.

As a result of the security problems, the environment of the company became hostile. TO solve this issue the company implemented BitLocker for its USB protection. The encryption had to be efficient such that it enhanced the company’s capability to prevent the cyber crimes from happening in the company through end point attacks.

The organization is currently using third party solutions that are integrated with the devices used in the company and with other software. The time that is taken to capture the data became easy and thus, data was stored efficiently. This also allows the organization to enhance its control over the data that was flowing through the network. However, the integration of the application s with third party solutions did arise security issues that are required to be addressed. The organization is facing risk of losing the privacy and security of the network data. This is mainly because the security settings of individual solutions were not always as per the company policy demands. This has resulted into entry of cyber worms in the system affecting the security and efficiency of the system.

In addition to the encryption of USB, company needs more controls over the USB access as threats can modify the access control of this end point. However, currently the company does not have any solid control over the access to USB nor does it have a control over the data that flows through the network beyond certain level. Unauthorized users can enter into the network and access the data that flows over the company network. This also poses additional risks as these entrants can spread the attacks in the network.

Moreover, there are risks of unidentified devices connecting to the organizational systems which can again pose the cyber threats to the supply chain system of the company thereby reducing efficiency of the system operations. The organization lacks any effective data protection system and in the case of a malware attack, company risks losing a large amount of its data.

The company was working on the reverse engineering methods for virus attack prevention but it is only in the developing phase but once it is developed, it can be expected to bring more security benefit stop the organization specially for the data recovery.

Some problems that can be identified with the company’s security capability include lack of effective emergency response system, absence of breach indicators, lack of effective disk encryption, lack of application control and ineffective mobile management system.

Research Questions

The aim of this research is to identify current security problems of Huawei Company and come up with the methods to resolve them such that appropriate recommendations can be made to enhance the security in the company. To achieve this aim, following research questionnaire required to be answered in this research:

• What are the security challenges that Huawei Company is facing?
• What are the causes behind the security issues faced by Huawei Company?
• What data protection measures can be used by Huawei Company for protecting the data leakage from the network?
• How can Huawei Company control the data flowing over its network?
• What kind of emergency system is being used by the organization and how can it be improved?
• What is breach indicator and how it can be implemented in the Huawei Company?
• What measures can the company take in order to encrypt its disk such that data loss can be prevented?
• Can application control system of the organization be improved and how?
• How the company and enhance its mobile device management?(E&Y, 2013)

Research Design and Methodology

A research methodology can be formulated based on the assumptions of the philosophical constructs that are relevant that are structured through the exploration of ontology that identifies existence of knowledge and epistemology which helps in understanding it. As per these philosophies, there can be two approaches a researcher can take including positivism and interpretive. Positivists say that there exists a true knowledge that can be empirically explored while interpretevists say that multiple perspectives of people form an illusion of reality. When both approaches are combined, they can be used for building theories. As this research assumes the existence of a reality and needs empirical testing of the problems faced by the organization, positivis approach would be taken in the research.

For this, the researcher would make use of standard steps of identifying the research questions, selecting research design collecting data, interpreting data, analysing it, and collating findings to derive a conclusion (HP Enterprise, 2015).

The research is required to explore how the company systems are working and what are the challenges or gaps in the system that need improvement. As per the research already conducted by other researchers on the organization, some useful insights were delivered. These included considerations of specific challenges that were faced by the organization and the measures that were taken by the company for improving its security. The researchers also exposed the challenges that organization faced while adopting the security enhancement techniques in the organization. However, with this insight forming the base of the inquiry, a deeper inquiry is required to be made on how the identified problem can be solved and thus, the research needs a primary data exploration which would be done by using interview process (Infrascale, 2014).

Secondary Research: Past journals, research reports, books, and security specific articles on the authentic websites would be explored to identify secondary resources for the literature data analyses. The resulting data would be thematically analysed to come up with critical themes for a further exploration of the study that would be important for making the recommendation that can enhance the security posture of the organization (MYOB, 2016).

Primary Research: In the primary research, the interview guide would be prepared based on the themes that are identified in the secondary data analysis. The security professionals would be approach including two internal employs of the organization for the interview. There would also be 5 more professionals who would be approach form outside the company for the interviews (NIST, 2014).

Data Collection

The primary research data would be collected through the interview that would be conducted on the 7 professionals including 2 internal and 5 external security professionals. The sample size is small because it would make use of an extensive inquiry with individual and explore specific security problem that can be explored in depth. A huge amount of information is going to guide the research. A small sample size appears to be sufficient for the current research as it s only going to explore the problems of a specific company and also address specific issues that are already identified in the previous researches. For the interviews, the security professionals would be approached by the researcher to take face to face interview and the conversations happening during the interview would be recoded and transcribed into textual dat. An interview guide would be used for guiding the interview with open ended questions on the security challenges as well as solutions to be implemented in the supply chain of the organization (Raddon, 2010).

Data Analysis

The data that would be obtained from the past research studies would be analysed using thematic analyses which would reveal some themes that would be coded for identifying common categories of challenges and possible solutions. The codes would be refined with deeper exploration of the secondary data such that the final thematic codes that are selected can be used to come up with a question set for the interview (TrustSphere, 2012).

The primary research would be conducted using an interview and the data thus obtained would be analysed using a content analyses that would be based on the selected features and short descriptions related to the security challenges and solutions. A large textual data would be divided into smaller segments of data for this analysis (Raddon, 2010).

Research Limitations

This research has certain limitations like:

• Because of the limited sample size, the results cannot be generalized for a wider audience or organizations
• As the research makes use of only security professionals, the perspectives is limited and does not include the views of the actual users who would be using supply chain systems and facing security issues.

Time Schedule (Research plan)

Milestone Step	Milestone Date
Introduction and objectives	15th June 2017
Literature review	10th July 2017
Methodology selection	15th July 2017
Thematic data analysis	20th July 2017
Interview guide preparation	24th July 2017
Data collection	15th Aug 2017
Data Analysis and interpretation	20th Aug 2017
Conclusions and recommendations	22nd Aug 2017
Finalization of reports including proofreading and editing	24th Aug 2017
Report submission	25th Aug 2017

Conclusion

In this research, a research on the security systems of Huawei Company was proposed. It was found that there were earlier researches already done that revealed the challenges of the organization such that primary research was required to further find the possible solutions that would solve the problems arising from the current risks that are faced by the organization. The researcher proposes use of secondary data analysis using thematic analyses that would reveal themes that would be used for preparation of an interview guide that would further be used for the primary data collection from 7 security professionals. The primary data is proposed to be analysed using the content analyses. Specific problems that would be explored in the research including data loss and security enhancement.

Reference List

CGI, 2013. Developing a Framework to Improve Critical Infrastructure Cybersecurity, s.l.: CGI.

DHS, 2009. A Roadmap for Cybersecurity Research, s.l.: DHS.

E&Y, 2013. Bring your own device - Security and risk considerations for your mobile device program, s.l.: E&Y.

HP Enterprise, 2015. Cybersecurity Challenges, Risks, Trends, and Impacts: Survey Findings, s.l.: MIT.

Infrascale, 2014. BYOD Program Best Practices for Data Protection & Security , s.l.: Infrascale.

MYOB, 2016. Company file security. [Online]
Available at: https://help.myob.com/wiki/display/ar/Company+file+security

NIST, 2014. Framework for Improving Critical Infrastructure Cybersecurity, s.l.: National Institute of Standards and Technology.

Raddon, A., 2010. Epistemology & Ontology in Epistemology & Ontology in Social Science Research , s.l.: University of Leicester.

TrustSphere, 2012. Advanced Security Methods for eFraud and Messaging, s.l.: TrustSphere.

Veracode, 2017. APPLICATION SECURITY SOFTWARE. [Online]
Available at: https://www.veracode.com/products
[Accessed 19 May 2017].