Cybersecurity and Vital Elements Coursework

Exclusively available on Available only on IvyPanda® Made by Human No AI

There are some major elements of good cyber security. It is however imperative to recognize that factors, such as size, complexity, and sustained evolving nature of attack vectors among others, have made it difficult for the industry to develop a simple, one approach to manage risks related to cybersecurity. Nevertheless, some best practices have been identified to provide a model for locating vital elements that must be present in any cybersecurity risk management plan. The following are some essential elements for cyber security risk management.

First, cybersecurity requires an effective framework. The focus of any risk management effort is a standard system or a framework that help organizations and individuals to manage integrity, confidentiality, and data and ensure critical resources availability (Chaudhary and Hamilton 4). As such, industries have adopted different frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

The NIST offers a deliberate, risk-driven set of practices, guidelines and standards to assist firms manage any cybersecurity threats in a more cost-effective manner. At its minimum level, the framework accounts for major roles through with organizations can manage their critical data, such as identification, protection, detection, responding, and recovery. Apart from the NIST framework, other cybersecurity frameworks include ISO/IEC Security Control Standards, SEC/OCIE Cybersecurity Initiative, and FCC Cyber Security Planning Guide.

Second, cybersecurity requires an end-to-end approach. In this case, the scope is an important consideration. This element requires a broader scope of accountability for Internet resources. That is, cybersecurity program must account for all vital elements that require protection in an organisation. For instance, a scope may consider the network, computers, and other mobile gadgets. However, addressing the scope has become a challenge because of the so-called Internet of things. Today, cars, appliances, doors, and thermostats and many other gadgets are now connected to the network and can easily be accessed by the Internet. This scenario has exposed many possible devices to attacks. The scope should also address the concern from a thorough perspective – inside-out and outside-in approach (Chaudhary and Hamilton 5).

Third, cybersecurity requires comprehensive risk evaluation and threat modeling. Organizations usually have limited resources to devote to attacks. As such, when faced with many forms of threats, they must focus on risk assessment and prioritization. Firms should monitor new forms of threats and their possible impacts. In this case, the cybersecurity team may create a plan that identifies possible attacks, risks, costs, and efforts needed to protect a company.

Fourth, another element for consideration is a proactive Incident Response Plan. For the past efforts, cybersecurity efforts have focused on attack prevention and restricting access to firewalls, user information, and other related actions. Today, however, in addition to prevention, cybersecurity practices are now concentrating on effective response plans against intrusions and limiting damages from an attack. In effect, many organizations recognize that their system security almost clearly will be attacked ultimately. Hence, recovering and limiting damages are now the current efforts to restrict financial losses and organizational reputation issues that emanate after an incident.

Finally, the cybersecurity requires dedicated resources. Specifically, an organization should have a dedicated team for Incident Response. It is regrettable that many firms have not yet allocated adequate resources, developed a response team, identified roles and responsibilities, and have failed to create the required cybersecurity governance approach.

Some recent events involving cybercrime can be used to illustrate weaknesses in organizational cybersecurity system. Cases involving high-profile corporations with high impacts are now becoming common. Such attacks are normally associated with massive breach, financial losses, and severe damages. An attack on Sony Corp, Home Depot, and Target Corp are just some of the few instances. The 2014 cyber-attacks on Sony Corp set a new realm and level in a highly sophisticated technology firm. The attacks were thorough, so deep, and discrete, leaving the company and FBI to imagine just who did it, including the government of North Korea.

Sony attacks were not as any other attacks based on the impacts (Fogarty 1). It is estimated that the company lost data for about 77 million user accounts with various information, including unencrypted credit card numbers (Fogarty 1).

The attacks involved terabytes of information, implying that the attackers acquired vital information of employees, vendor passwords, login details for external users, FTP access information, maps with the company’s IT infrastructure, all servers and hardware information, IDs, staging production information, and certificates among others. Overall, the series of attacks led to the loss of crucial information required to conduct everyday operations at the firm. These attacks on the above-mentioned corporations reflect sustained growing trends that affect firms of all sizes. As such, cybersecurity is now a critical risk that many organizations across the world face today.

ERP Systems and their adoption failures

While many large organizations have adopted ERP systems for many years now, several implementation efforts have often failed, implying that there are critical success factors for a successful adoption of an ERP system. Adoption involves both critical success factors and risk factors. In fact, even these critical success factors could be at risk if poorly handled. It also imperative to note that multiple success factors exist largely based on what works for a specific organization.

  1. First, user involvement has been identified as a critical factor in an ERP system adoption. ERP systems are known to cause significant changes during implementation. As such, many stakeholders, specifically end users, are greatly affected. It is therefore necessary to involve users in change management. This process requires identification of user needs and creating effective channels of communications to facilitate information exchange and feedback systems. In addition, user involvement also accounts for training of end users. Training ensures that potential users acquire technical skills needed to operate different platforms of ERP systems. Training is necessary because of ERP systems are complex, and users can only be sufficiently engaged if they are well trained.
  2. Second, support from senior executives is an important factor for consideration (Ziemba and Obłąk 7). An IT department should seek for support from senior managers to reduce resistance. Managers should demonstrate their interests, importance of the project and communicate to all stakeholders about it. Senior managers require detailed information about an ERP system to secure their support. In addition, they can provide communications required to facilitate adoption of an ERP system. As such, leadership support ensures that an ERP system adoption gets leadership support to encourage employees to adopt it and secure the needed resources while aligning ERP systems to strategic organizational goals.
  3. Third, an ERP system needs clear articulation of needs and planning. Successful ERP system adoption should be driven by a project vision. Moreover, metrics, measures, and expected milestones are defined in this critical process.
  4. The plan should identify ERP project issues, expected outcomes, the right team and assigned roles and responsibilities. The plan should also account for change management processes.
  5. Fourth, an ERP system adoption can only succeed when realistic objectives and expectations are set. This activity should start from need identification, setting project objectives and eliminating all unrealistic goals from the project.
  6. Fifth, ERP team competency can significantly influence outcomes. In most cases, however, it could be difficult to find the right talents to implement an ERP system. Hence, organizations tend to assess skills gap and recommend the necessary training for users.
  7. Sixth, an ERP system adoption requires business process reengineering and perhaps customization. Reengineering of processes ensures that an ERP system and operations fit. Some critical processes involving daily activities may be altered (Rabaa’i 133-147). Customization ensures that an ERP is adopted to support existing processes. It is however recommended that customization should be restricted to allow exploitation of new features of the system.
  8. Seventh, the choice of an ERP vendor, consultant, and the relationship created after could influence outcomes. Thus, people and ERP components are critical success factors.
  9. Finally, organizations should conduct post-adoption assessment against the set metrics to determine the overall achievements and drawbacks of an ERP system adoption.

While there are multiple cases of failed ERP system, the case of Lumber Liquidators ERP is worth mentioning. The company claimed that it suffered massive losses because of its SAP ERP adoption. The project generally dampened productivity of workers (Kanaracus 1).

The company employees who could not figure out the new ERP system caused the ERP system failure. As such, the failure was not related to the system itself. Previously, the company had relied on a flexible and easy to manipulate system. However, the new SAP system was more structured and required users to follow defined steps. The SAP system brought about changes to the company. Given the lack of training among end users and poor change management process, the ERP system failed.

Overall, these diverse factors indicate that there is no one reason responsible for ERP system failure. Rather, multiple factors are usually involved.

Cybercrime and an example

Cybercrime is a type of illegal criminal activity done over the Internet using computers and other equipment connected to the Internet. Typical cybercrime activities vary, but they generally include spamming, hacking, phishing, denial of service and many other forms of attacks. Cybercriminal are driven by different motives, such as defrauding users, stealing, changing, or destroying sensitive information, stealing identities, swindling users, and/or harassing users.

It is imperative to profile cybercriminals to understand types of criminals engaged in such activities. While there are minimal exceptions, most cybercriminals have the following attributes. They possess technical computer knowledge, ranging from simple hackers who use malicious codes to more advanced, talented hackers. Cybercriminals generally disregard the law and believe that such laws should not exist or not applicable to them. They also seek for thrill factors associated with manipulating or outsmarting others. Finally, cybercriminals may also be grouped under motives, such as money, emotion, espionage, sexual desires, some extreme religious beliefs, or just sheer boredom and the desire to have ‘some fun’ (Shinder 1).

As such, people engaged in cybercrime have broader descriptions, but they are generally referred to as hackers or attackers driven by criminal motives because they have the means and opportunity to hack network systems. The most dangerous types of cybercriminals are individuals who create malwares and other malicious programs to perpetuate their criminal activities. Cybercriminals create programs that can steal information, including personal information and bank details, advertise some products, use infected systems to attack more systems (the so-called DDoS attacks – Distributed Network Attacks) and blackmail users – the latest ransomware program.

Computers and networks have become the most vital tools for cybercriminals to perpetuate their activities. Networks and computers have made cybercrime simpler. Cybercriminals have relied on the Internet to identify their targets. For instance, police have successfully thwarted and arrested cybercriminals engaged in child pornography and pedophilia. Cybercriminals may even use their personal gadgets or devices owned by companies.

Once again, the case of Sony Corp attack provides a good example for illustration (Fogarty 1). Irrespective of cybercriminals involved, Sony hack reflects another level of cybercrime. The industry generally believed that such attacks could not happen to a large multinational, technologically sophisticated firm. The attacks were so intense to extent that the company could not understand who was responsible. Nevertheless, the FBI had sufficient evidence to suggest that North Korea, a rogue state, was involved.

As noted, the attacks on Sony were not like any other previous attacks. Cybercriminals managed to achieve a lot. The hackers claimed that they stole terabytes of information from nearly all stakeholders, both internal and external, related to Sony. In short, the hackers stole some of the most sensitive data used in daily operations of the company.

Costs associated with the attacks were massive. For the three months that the attacks took place, the attackers detailed and documented all stolen information. About 77 million users were affected of which 12 million had unencrypted credit card numbers. Analysts estimated that the attacks were most likely to cost the company over $100 million (Fogarty 1).

The attacks reflected another different milestone in terms of costs and corporate IT security breaches. The attacks were a classic case of massive damage to a technologically driven firm that created an online empire, but failed to secure its online systems.

In addition, the issue of North Korea brought about a new perspective in cybersecurity and cybercrime. That is, a rogue state is able and convinced to attack any multinational firm as a form of punishment or intimidation to control their business practices. In this case, the Internet transgresses national boundaries and, therefore, any company could be a victim to such rogue, lawless states.

It is imperative to note that Sony was unable to identify the attackers internally. Consequently, it opted for external assistance. The response of Sony included engaging FireEye, Inc. Mandiant forensic department. The company was hired to clean up the system and restore normal operations. It is recognized for incident response to assist attack victims to clean up the network and restore the network systems. At the same time, the US FBI started their investigations to ascertain the origin of the attack.

It was noted that the response team was engaged in repairing the damage done by attackers and restore e-mail functions soonest.

However, Sony did not respond immediately to queries from customers (Abdollah 1). Instead, more than a year after the attack, Sony still responds to the incident in various forums.

Works Cited

Abdollah, Tami. “Sony CEO breaks down hack response, Google role in ‘The Interview’ release.” 2015. Web.

Chaudhary, Raj and Jared Hamilton. The Five Critical Attributes of Effective Cybersecurity Risk Management. 2015. Web.

Fogarty, Kevin. “Sony makes cybercrime even more dangerous.” Computerworld. 2014. Web.

Kanaracus, Chris. “Biggest ERP failures of 2010.” Computerworld. 2010. Web.

Rabaa’i, Ahmad A. Identifying Critical Success Factors of ERP Systems at the Higher Education Sector. 2009. Web.

Shinder, Deb. “Profiling and categorizing cybercriminals.” TechRepublic. 2010. Web.

Ziemba, Ewa and Iwona Obłąk. “Critical Success Factors for ERP Systems Implementation in Public Administration.” Interdisciplinary Journal of Information, Knowledge, and Management 8 (2013): 1-19. Print.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2020, September 30). Cybersecurity and Vital Elements. https://ivypanda.com/essays/cybersecurity-and-vital-elements/

Work Cited

"Cybersecurity and Vital Elements." IvyPanda, 30 Sept. 2020, ivypanda.com/essays/cybersecurity-and-vital-elements/.

References

IvyPanda. (2020) 'Cybersecurity and Vital Elements'. 30 September.

References

IvyPanda. 2020. "Cybersecurity and Vital Elements." September 30, 2020. https://ivypanda.com/essays/cybersecurity-and-vital-elements/.

1. IvyPanda. "Cybersecurity and Vital Elements." September 30, 2020. https://ivypanda.com/essays/cybersecurity-and-vital-elements/.


Bibliography


IvyPanda. "Cybersecurity and Vital Elements." September 30, 2020. https://ivypanda.com/essays/cybersecurity-and-vital-elements/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1