Risk assessment is the process in which the potential measures of the organization can be minimized using the various risk assessment techniques. The organizations devise effective policies to minimize the risk of the organization so that the work place can be controlled and a better environment can be maintained at the organization. The employees will have a positive working environment. The qualitative and the quantitative value of the risks can be determined by the risk assessment process of the organization. The risk assessment technique can be achieved by four ways. They are identification of the exposure, reviewing the effect, evaluation of the risk and application of the control. This is done in order to manage activities at work place in an effective manner.
The present report will focus on identification of the potential threats as a Chief Information Security officer and finding solution to the identified problems to minimize the threats.
The chosen profile that has been elaborated in the report is the Policy Profile.
The CISO of the multinational organization protects the organization from the potential threats that relates to the collection of intellectual property. The CISO has the responsibility to protect the large sections of the business. The business mostly comprises of intellectual property like the cash trade, online marketing and targeting and conversation with the share holders. These are vital information of the organization. The organization has to preserve the vital information so that the ethical aspect of the organization is not violated (Slater, 2015).
CISO is a senior level executive that is responsible for lining up the security initiatives so that the technology and the information assets of the organization are preserved (Florentine, 2015). Apart from performing the respective duties, a CISO has various other responsibilities like formulation of the various security related policies. He is also responsible for employing the policies. A CISO is also responsible for maintaining the privacy of the data. He is responsible for administrating the regulatory compliance. He is also responsible for working in alliance with the other executives in order to develop a plan for the continuity of a business and for recovering from a disaster. He is also responsible for the establishment of a security architecture for the securing the data of the organization. He is also responsible for managing the security of the computer system of the organization. Apart from the above responsibilities, a CISO is also involved in delivering services related to consultancy for the security of the information of the organization. This is done to minimize the risk of the organization. A program related to security of information can be implemented by the CISO in order to minimize the risk of the organization. It is seen that 60% of the organization benefit from the responsibilities performed by the Chief Information security officer in order to secure the data that are important. Thus the CISO is bestowed with immense responsibilities. He has to work with full determination in order to maintain the responsibilities. Apart from securing the information of the organization, CISO is also responsible for maintaining the technological and physical aspects of the organization. This will protect the organization from the various threats at workplace. A CISO has to identify the probable health and safety risks of the organization. The technological aspects that affect the organization are issues related to communication, IT system and application of the software techniques. The technological aspects have to be appropriate in order to identify the potential risks of the organization. Management of security of the organization is a major aspect that a CISO is responsible for. It is to be ensured that each department of the organization has to be protected from the various threats and risks. Moreover, a CISO is responsible for training and developing the employees about the various risk issues that can arise in the organization regarding and the ways in which the risk issues can be minimized. The staff members have to be aware of the various risks arising in the organization and have to handle the issues effectively. They must be aware of the basic techniques to minimize the risks of the organization. The staff members have to be aware of the antivirus that has been installed within the organization so that the organization can have a secured and protected environment (National Initiative for Cybersecurity Careers and Studies (NICCS), 2015).
CISO is an organizational representative. He provides relevant information to the customers of the organization, partners of the organization and the shareholders of the organization. The information is provided information regarding the security strategies implemented by the organization.
CISO is involved in the process of planning and testing of the security issues in the organization. They are responsible for protecting the organization from the potential risks by testing the programs. The programs have to be tested to verify that whether they are generating expected results or not. If the program gives appropriate results then CISO will recommend the program to the senior department of the organization.
In order to monitor the potential risks existing within the organization, a CISO has to work with the law enforcement agencies. The risks can be monitored with their help. The possible action against the threats can be taken on the basis of the recommendations of the law enforcement agency. Using the help of the Law enforcement agency, CISO can track the theft that has been done by the employees within the organization.
CISO is involved in developing the various procedures and policies that is required for providing security to the information system of the organization. The security procedures include securing the database, training the staff members regarding the maintenance of the database (Bowen, Wilson & Hash, 2006).
CISO is responsible for balancing the security level within the organization. It actively takes part to ensure that the data has been secured at the various levels. This will help to carry the work in the most productive manner (IBM Center for Applied Insights, 2015).
The security issues that has arisen and registered as the chief information security officer includes low standard of emailing , theft of tax record , difference between protection and monitoring , issues relating to social engineering and network that was less effective. There were further issues that were registered. The other problems that were encountered has been entailed below –
1. Virus - As a result of virus attack, the information in the database gets damaged and the confidential file gets corrupted. It is seen that there is $1.2 billion damage as a result of the destruction of the database within 15 days after the internet was installed. One of the major threats that affect the organization is shared frequency ( Hunter , 2011). On the other hand it is seen that 72% of the business houses receives offensive or emails that generate threats. A recent survey had been conducted regarding the threats received from emails. It is seen that email threat percentage has risen by 83 percent. It is seen in the report of Symantec’s Security Threats that the Worms and Trojan Horses are actively involved in damaging the documents of the corporate house (Symantec Internet Security Threat Report Trends for January 06–June 06, 2006). It has been identified by the CISO that a back door virus leads to bigger difficulties by the generation of the codes that can damage the database of the organization.
2. Blended Attacks - Attacks are also seen in the form of blended attacks that is applied by the hacker or the cyber criminal. The hacker applies various different methods to break down the security system of the organization. They steal valuable information of the organization. This affects the working in the organization. It is a blend of phishing and hacking. The company is threatened by this attack can lose the valuable information such as the product of the company or the budget prepared by the company or the details of the customers (Chien & Ször, 2002).
3. Phishing – Phishing attacks are very common in the organization. The share holders, customers and the employees of the organization have very little faith regarding the implementation and the use of IT system in the organization. The threat of phishing has been prominent in the banking sector. The bank customers have a specific bank id and password to protect their bank account. They can fill the bank form online by using the specific id and password. But it has been seen that the chief information security officer (CISO) of the organization that by phishing activity the worms and the virus damage the remote computer system and erase the data (Microsoft.com, 2015). It has been seen that the cascade volumes of data are sent by the worms into the server of the mail of the organization where it is prone to be attacked. The criminals use the phishing activity to access the sensitive information about the organization. They gather the information regarding the credit card, secret information like password and usernames and other important data that can be hacked by the hackers (Microsoft.com, 2015).
4. Application specific attacks - The valuable data regarding the details of the customers and the total production by the employees is used by the cyber criminal. They use the SQL rob to steal the valuable information of the organization for their own benefit. Hacking is an application specific attack in order to erase or steal the information of the organization for the own purpose. It is often done by some hacker without any specific motive. SQL injection is performed by the hackers to enter into the security system of the organization (Acunetix, 2015). The confidential information of the organization is accessed and the information is published in the public. The system is broken by the hackers in order to steal the information regarding the customers, employees. The worksheet plan is stolen and it is used for business activities of the organization. CISO is responsible for maintaining the security of information in the workplace. This will ensure workplace security and safety. It is seen that the hackers create a breach to steal the information of the organization. The hackers steal the information in such a manner so that it can be shared with other network (Conroy, 2015).
The organization can come up with several solutions to protect the information of the organization from the possible threat. The security departments along with the IT department work in cohesion to provide maximum security to the resources of the organization. The security department of the IT system can form the following layers to ensure security of the information of the organization.
The first layer of the security system uses the prevention technology like the RSS method. It can be an effective way for the group member to activate the element that has been suspected. On the other hand it is important to monitor the element that has been suspected. The request that is new to the organization has to be monitored. The anomalous request that has been received via emails has to be monitored on a regular basis (Daniel Draz, 2015). In order to protect the data, the intrusion prevention system can be useful for knowing the threats. The system can monitor the unexpected entries and data traffic.
The second layer has been made to add a defense to get protect the system from the virus. On installation of the antivirus system in the computer system of the organization, the back door system has to be activated. This will prevent the virus from entering the system. Further there has to be a system for the management of security for better protection of the system from the malicious attack and threat of the virus.
The third layer is known as the internet security system. It has been enforced for acknowledging the vulnerability and the business opportunities provided by the system. Proper calculation has to be done before the system is installed and the system that comprises of vulnerable has to be identified. There should be specific protective measures for securing the system. The internet security system will be effective in lowering the risk of the organization. Moreover it is important to control the external security threats by using the system (Symantec.com, 2015).
The strategies for protecting the computer system can be prepared by a proper framework so that the security virus can be prevented. The framework will also protect the computer system from the phishing attacks and the blended attacks.
The framework is essential for building an internal connection system within the organization that will provide security to the organizational resources. Situational crime results in instrumental fusion which allows structural activity for traditional crime within the organization. Moreover, the situation lens can help the organization for scanning the malicious code or the virus activity that can be delivered by the hackers via email. The security breaches within the organization can be prevented by using the spillover effect that has been used in selected multinational organizations. The prevention framework will be useful for the organization to track the information regarding the hacking of information, products etc. Apart from the following benefits , the situational framework for crime prevention helps in directing the staff members about the various malicious activities that can occur within the organization and train them about the preventive measures on a routine basis. This will improve the flexibility at workplace by maintenance of proper security at the work place. The organization will gain from the situational framework and the external threat affecting the organization will be lowered. On the other side, it has been discussed that providing guidance and assistance to others can be a valuable way to avoid the security attacks using the system of information technology. Thus the framework for situational crime prevention can be an effective way for controlling the security problem within the organization. The framework for situational crime prevention can be an effective way to control the security problems affecting the organization. CISO will be responsible for providing the guidelines of internet security to the staff members so that monitoring can be done in a minute way. The illegal activities within the organization can be prevented (Adewale, Ogunde, Ogunleye & Alese, 2011).
Terrorism Act 2006 - The Act provides guidelines for the development of wide range of array of offences to information security terrorism. In the section 19, it has been mentioned that the organization should disclose the information regarding hacking from the IT system (Cs.jhu.edu, 2015).
Malicious Communication Act 1988 - According to this Act, the legal articles can be prepared by the organization for providing the necessary information to the other parties. According to this Act, it has been said that before any data regarding malicious activity has been addressed it has to be checked so that it does not affect network or the system. This will result in transferring the information in a secured manner.
Privacy and Electronic Communications Regulations 2003
According to this Act, the organization will be provided with the authority for adoption of the system. It will be under the data protection Act that has been mentioned under section 11. This will help the individual in controlling the security if there is any unexpected email received from the direct market. The regulation provides assistance for the use of electronic media and communication such as cold calls, texts and emails (Sans.org, 2015).
This Act can be used for the prevention of threat. It is used for the regulation of appropriate media. This is essential when there is sharing of information within the network or during the adoption of the market opportunities based on the networking websites of the social media. The Act is effective to deal with the online issues such as issues related to obligations from the providers of internet service. Thus the Act has been helpful for handling the security of the online activities of the organization.
The domestic industries face the problems of virus along with the international organizations. The important information of the organization is damaged by the attack of the virus. An incident happened in 2008 in which 10% of the computer system was affected that were linked to the internet by Morris Worm. Further it was found from the report that 60000 computers were affected by Morris Worm and access to the data is available in the computer system. Thus the attack from this virus led many of the important files data missing. Moreover, there are other viruses like Trojan Horses, Mapson , Trile C etc that will have damaging impact on the computer system of the world(Gilbert, 2012).
One of the major international problems that affect the security of the information system is the phishing activities. Anti phishing has to be prominent in order to prevent the phishing activities in the organization. For example, a student of the Cornell University received an email in January 2015 regarding the IT Service Desk Support. The email also required the student to upgrade the personal email account and the student had to provide the bank details for up gradation. Thus from the following incident it is clear that phishing activity can affect the global companies (Bristol.ac.uk, 2015).
Hacking and Blended attacks
Hacking is prevalent in the banking sector worldwide. The hackers exploit the information from the banking industry. Illegal hacking has become rampant. In 2002, the New York Time’s internal network was hacked. The information of NYT was gathered from their database. In 2013 , the face-book page of Mark Zuckerberg was hacked. Blended attacks have become prominent worldwide (Gilbert, 2012).
The CISO has the major responsibility for protecting the information of the organization. The information system within the organization is subjected to potential threats from virus, blended attacks, hacking and phishing activities. There are certain laws that have been proposed for the prevention of the threats affecting the information system. There are certain proposed laws for dealing with the security issues within the organization. The situational crime prevention framework is an effective way to deal with the security related issues. The CISO must make the employees aware of the various threats faced the information system of the organization by proper training and with necessary guidelines.
Acunetix,. (2015). What is SQL Injection and How to Fix It. Retrieved 5 February 2015, from https://www.acunetix.com/websitesecurity/sql-injection/
Adewale, O., Ogunde, A., Ogunleye, G., & Alese, B. (2011). A COMPUTER-BASED SECURITY FRAMEWORK FOR CRIME PREVENTION IN NIGERIA (1st ed., pp. 1-8). Retrieved from https://www.ncs.org.ng/wp-content/uploads/2011/08/ITePED2011-Paper5.pdf
Bowen, P., Wilson, M., & Hash, J. (2006). Information Security Handbook: A Guide for Managers (1st ed., pp. 2-60). Retrieved from https://https://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf
Bristol.ac.uk, (2015). Retrieved 4 February 2015, from https://www.bristol.ac.uk/media-library/sites/infosec/migrated/documents/guide.pdf
Chien, E., & SzÃ¶r, P. (2002). Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses. symantec.com. Retrieved 5 February 2015, from https://www.symantec.com/avcenter/reference/blended.attacks.pdf
Conroy, J. (2015). How They Hack Your Website: Overview of Common Techniques. CMSWire.com. Retrieved 5 February 2015, from https://www.cmswire.com/cms/web-cms/how-they-hack-your-website-overview-of-common-techniques-002339.php
Cs.jhu.edu, (2015). Retrieved 4 February 2015, from https://www.cs.jhu.edu/~rubin/courses/sp07/Reading/newlawis.pdf
Daniel Draz, C. (2015). Fraud prevention: Improving internal controls. CSO Online. Retrieved 5 February 2015, from https://www.csoonline.com/article/2127917/fraud-prevention/fraud-prevention--improving-internal-controls.html
Florentine, S. (2015). Inside the Changing Role of the CISO. CIO. Retrieved 5 February 2015, from https://www.cio.com/article/2367504/security0/inside-the-changing-role-of-the-ciso.html
Gilbert, F. (2012). Thirteenth annual Institute on Privacy and Data Security Law. New York, N.Y.: Practising Law Institute.
Hunter, M. (2011). Identifying Issues of the Chief Information Officer Role through Qualitative Interviews. International Journal Of Sociotechnology And Knowledge Development, 3(2), 42-52. doi:10.4018/jskd.2011040104
IBM Center for Applied Insights,. (2015). 2014 CISO Assessment â€“ Fortifying for the future. Retrieved 5 February 2015, from https://www.ibm.com/smarterplanet/us/en/centerforappliedinsights/article/ciso_insights.html
Microsoft.com,. (2015). What is Phishing | Phishing Scams | Report Phishing Scams. Retrieved 5 February 2015, from https://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
National Initiative for Cybersecurity Careers and Studies (NICCS),. (2015). Explore the Framework. Retrieved 5 February 2015, from https://niccs.us-cert.gov/training/tc/framework/spec-area-detail/30
Sans.org, (2015). Retrieved 4 February 2015, from https://www.sans.org/reading-room/whitepapers/assurance/mixing-technology-business-roles-responsibilities-chief-information-security-of-1044
Slater, D. (2015). What is a Chief Security Officer?. CSO Online. Retrieved 5 February 2015, from https://www.csoonline.com/article/2122505/it-careers/what-is-a-chief-security-officer-.html
Symantec Internet Security Threat Report Trends for January 06â€“June 06. (2006) (1st ed., pp. 4-80). Retrieved from https://www.symantec.com/specprog/threatreport/ent-whitepaper_symantec_internet_security_threat_report_x_09_2006.en-us.pdf
Symantec.com,. (2015). Security Best Practices: Stopping malware and other threats | Symantec. Retrieved 5 February 2015, from https://www.symantec.com/page.jsp?id=stopping_malware
MyAssignmenthelp.com has appointed best assignment experts who are wizards of words. Our writers know every trick of crafting high quality write-ups within a short period. With years of experiences, we have become one of the most prolific assignment help services in the USA. We deliver custom-made help to students with writing different types of assignments. We guarantee total need-based and timely service, and this is why increasing numbers of students prefer to buy assignment online.
You are required to write a researched argument essay that convinces persuades the reader of your position / stance. This is an academic, researched and referenced do...Read More
Executive Summary The purpose of this report is to elaborate the factors which are considered by individuals before selecting an occupation. Choosing an occupati...Read More
Introduction With the increase enhancement in the field of technology, it has been considered essential by the businesses to implement such technology in their b...Read More
Executive Summary In a merger & acquisition, role of an HR has emerged as a very critical function. At each stage of merger and acquisition process, HR plays a s...Read More
Introduction In this competitive business environment where every business organization is trying to attract the customers of each other, it becomes essential for ...Read More