Need a perfect paper? Place your first order and save 5% with this code:   SAVE5NOW

Cybersecurity Management Essay

Cybersecurity Overview

In an organization’s private and public networks, electronic data transmitted within is protected by cyber security. As a result, data transmitted and shared within internet networks and private local area networks are protected. Nonetheless, the major role of computer security is protecting data transmittable and transmitted in a private network only. Concerning how data flows across a network, data is broken down into packets, notable chunks that enable the packets to move through and around the network (Tissir, El Kafhali & Aboutabit, 2021). Organized and packed in a series of hops, data flow across the network in hand flows effectively from the source, which is mostly a computer to its designation. Data packets may move and transverse from one host to different hosts or through broadcast domains. Moving in different paces called buffers, data flow can be optimized for direct or shared flow.

By analyzing different criteria, we are better placed to categorize cyber security vulnerabilities depending on the cause, the point, or even how they can be manipulated. For instance, in network vulnerability, the hardware or software of a network might be weak, allowing intrusion of a third party. Operating system vulnerabilities are different since they are found within an operating system and can be exploited by hackers to access the operating system or even cause damage to the entire operating system (Tissir, El Kafhali & Aboutabit, 2021). The human vulnerabilities, however, are linked to cyber technicians and architectures. If the developers use a wrong code or error, sensitive data might be exposed and used against the organization. Wise to note process vulnerability is different since it is caused by the presence or lack of process control in a process. Cyber-attacks have been categorized as offensive and intentional acts focused on causing damage by targeting computer information systems.

Additionally, computer systems, devices, and data systems can suffer the wrath of cyberattacks. Common cyber attacks include acts that overwhelm a system, making it unable to access or respond to requests sent to it. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are common among host machines in a system (Tissir, El Kafhali & Aboutabit, 2021). Flash attacks are also risky for a system since using and exploit a system’s transmission control protocol. Queues pile up, making the system unable to handle requests once perplexed up with them at once. Man-in-the-middle attacks and malware such as spyware, worms, and viruses are common cybersecurity attacks. Commonly referred to as pen testing or security testing, an organization’s cybersecurity is ethically hacked, attacking and pushing pressure on its cyber defense tools such as its networks, users, and even web apps.

Not only do network tools identify problems prior, but spot out network vulnerabilities in their communication. One of the most common and effective computer forensics analysis tools is the Distributed Network Attack (DNA). The forensic tool plays a core role in fully recovering password protection files (Tissir, El Kafhali & Aboutabit, 2021). To employ network forensic analysis tools (NFAT), a direct installation to the server is done, accessing the network and all of its compositions for decoding. Other NFATs are log aggregated for analysis and identifying software communications vulnerabilities present.

An organization’s cyber security is achieved by applying enterprise cybersecurity, a concept that entails protecting the network’s physical and cloud-based infrastructure (Krumay, Bernroider & Walser, 2018). Moreover, enterprise cybersecurity is achieved by scrutinizing third-party providers and ensuring all internet points are covered. To ensure the above is achieved, all individuals involved with the network are vetted for confidentiality, integrity, and accountability of protecting the network hardware and software. A guiding principle exists in developing an enterprise cybersecurity policy framework and making a cybersecurity policy work.

Notably, identifying an organization’s intellectual property and assets dear to the organization is the first principle in coming up with a policy framework for an organization’s cyber security. Second comes implementing procedures and processes to protect the intellectual property, followed by placing resources to detect any defects in the network. The detection of hitches in an organization’s network is followed by responding to the defects or threats noted. The last principle that entails recovery of intellectual property of a network is applied in cases where data is lost and when necessary (Jouini & Rabai, 202). Several cybersecurity situations and actions threaten your operation and data protection as a modern enterprise. Data hacking and data leakage lead the least due to the adverse effects experienced in their occurrence. Additionally, phishing and ransomware follow-through, with patch management, social engineering, and crypto-jacking following through due to their mid and low-risk natures.

Cybersecurity Weaknesses in American Electric Power

Analyzing our company from a technology aspect, several loopholes are available on our website, leaving space and a chance for unethical hacking. For instance, on our website, the HTTP Strict Transport Security (HSTS) is not enforced as it should. Man-in-the-middle attacks can happen, leading to access of clients’ data illegally. Also, there are no secure cookies in use, allowing third-party interceptions. Moreover, in the header of the website link, it is easy to notice the presence of asp.net, the host in which the website is, and where it is built. With the heder showing where the site is built on, vulnerability is easy to be applied (Chan, Morgan, Simon, Alshabanat, Ober, Gentry, … & Cao, 2019). The Domain Name System Security Extensions (DNSSEC) are not enabled as expected. With them disabled and not configured with the website domain, it is easier for third parties with malice to forge records of a Dorman’s identity, thus accessing personal data (Kshetri, 2017). Our organization’s network managers and technicians are also reluctant in their roles. For instance, our network has numerous unsecured communication channels due to the use of outdated systems of management.

A couple of unknown bugs and multiple connection points in the system act as loopholes to system access by unwanted persons. In general, a high-level management strategy to manage our networks is missing, which affects the system’s data. Also, our cybersecurity policy is out of date and should be updated for ultimate network security. Protocols should be created, and access should be limited to the roles of employees and customers for the betterment of our cybersecurity.

Cybersecurity Risk Analysis

Malware is a significant risk to our network. To curb the issues related to malware, it would be wise to defend our organization’s data by buying anti-malware. Password theft is another risk our network possesses but would be curbed by a two-factor authentification or a robust method of protecting our data and customers Krumay, Bernroider & Walser, 2018). Data manipulation in SQL injections is also a common and notable risk our organization is prone to. To curb such a risk, however, the application of small firewalls should be enabled to detect and cut off unwanted and intentionally spoilt requests (Kshetri, 2017). Water hole attacks are also possible risks to our network but can be curbed using anti-viruses that detect and drop dangerous scripts Krumay, Bernroider & Walser, 2018). The unique and identified security risks above are subject to change and, at times, subject to elevation in terms of their adverse effects. Therefore, our organization should apply the above-listed prevention methods for the safety of our network and our different shareholders and stakeholders.

Cybersecurity Weakness Assessment

It is wise to note that our systems are faulty and our hardware and the entire organizational process in network management. In case of a significant threat from either of the three security weaknesses, a security breach can occur, causing damage to our network and affecting our business operations. In terms of system vulnerability categorized under non-physical network vulnerabilities and weaknesses, our operating system is not well protected, and system features are up-to-date. With the network’s operating system being away from up-to-date with the latest security requirements and patches, curbing system-related threats and risks can be hard out of the lack of updates. Regarding the physical aspects of risks, our security has easy access to our servers and the entire data storage room. As a result of the weakness in physical security, servers can be accessed by people who mean malice and plant malware into our systems. Lastly, our organization is not invested in organizational process management in terms of network management. As a result of having no long-term strategy for network protection, the security weaknesses keep expanding and increasing into network issues and giants. A lot of focus should be given to the management of the security department since a lot of letdowns and assumptions are made at the managerial level.

Cybersecurity Models Summary and Analysis

Developed by David Elliott Bell and Leonard J. LaPadula, the purpose of the Bell–LaPadula model was to push and enforce access control in military and governmental operations. The model is categorized as a state machine into top-secret and unclassified. The model’s notable features are its strong star principle and the tranquillity principle that changes not while being referenced. On the other hand, Biba’s Strict Integrity model was developed by Kenneth J. Biba, taking the role of a transition system for the state (Kshetri, 2017). The Biba model has features that block unauthorized parties from editing and modifying data and unauthorized parties from data modification to ensure data integrity and protection. Another unique feature of the model is how its data reflects into the real world in real-time due to the use and maintenance of consistency in its internal and external systems (Goodyear, Goerdel, Portillo & Williams, 2010). The Clark-Wilson model was fully and well described by both David D. Clark and David R. Wilson to formalize the concept and ideology of information integrity. Through its basic principles, such as how well-formed it is in its series of transactions and its integrity, duties are well transacted and separated and given different entities for follow-up and identification in the future. Last is the Chinese Wall, which plays a vital role in blocking communication between conflicting parties (Herrmann & Pridöhl, 2020). Used in a diverse field, the concept behind the model is to ensure no information is exchanged by parties that have a conflict of interest hence balancing the information share and stagnating decision making to an individual level.

The above cybersecurity models would be perfect for achieving a great and tight cybersecurity firewall as an organization. From the weaknesses in our network, as noted earlier, a cybersecurity model would be ideal. We would select the most suitable security model for protecting our organization’s network and data through its application and its purpose and context of development. Key features of the models above will play a significant role in accomplishing our newly identified needs to close the earlier weaknesses. From our research and analysis, models that had the part of data encryption, data safety, access and limit controls of users, and ensuring integrity and protection of data will be important in upgrading our organization’s cybersecurity protocols and roles. Below is a detailed customary security plan that will seal all network weaknesses as noted and listed above.

Custom Cybersecurity Plan

The purpose of our cybersecurity plan is to seal all notable and yet to be noted loopholes in our network. As is the business objective, all data belonging to our organization should be protected for user privacy to enhance credibility among our users and protect company information from malicious access and destruction. As is the vision of our information technology department, all hardware, software, and policies should be sealed from third-party access as well as from unauthorized internal access. As it is our business strategy to expand into more states and nations in the future, reliable network security and concealment should be present. To have a sound and all-alert network, we need to curb our underlying internal and external risks. Weaknesses that might result in malicious individuals accessing our network should also be closed and loopholes sealed. As a security policy, all internal stakeholders should understand the adverse effects of accessing unauthorized data and sharing the accessed data with third parties. Repercussions should be well understood by our externals, too, to keep them safe from security threats and breaches. Therefore, in our plan, we shall classify available data and create data support tools and roles to have a smooth operation internally and externally. Moreover, we shall remind all involved staff and stakeholders of their roles, responsibilities, and rights concerning data security.

Organizational Business Case and Recommendations

To the chief technology officer, there are several security issues relating to the breach of data and information from our organization’s network system that poses an information risk to our internal customers and our external customers and shareholders. As a result, as members of the cybersecurity department, we have noted several weaknesses our system has and have several proposals regarding its strengthening. Moreover, we have noted a perfect cybersecurity model to address our security issues. As a result, we will need to purchase several security models to kick off our security enhancement journey and project. With due respect, if the above concerns are suppressed and assumed as in the near past, most of our network will be breached by third parties, stealing our private files and data and manipulating us for repossession. To be on the safe side, our infrastructure will need a security make-over to eliminate the chances of a third party being present. In addition, our application security system will need to be reviewed and our network security. Revamping the two will also give us the confidence to face and fully protect our cloud security.

Nonetheless, since we have no major issue with the security of our internet of things, no significant changes will be needed aside from the normal housekeeping activities. Physical access to our servers will be the first significant revolution step to improve our organization’s security. We shall move our servers to a secure location that specific individuals can only access. Apart from that, we shall purchase a new cloud of storage and migrate all our data in a clean slate as we wipe out any third-party access and links present in our current cloud storage. Pending updates that may lead to a breach of our client data will also be approved and updated, closing off and protecting our clients’ data. If the above proposals are implemented, American Electric Power will be assured of a secure network. We shall also need to clean up our IT department off any moles and data sellers to make the plan work. By so doing, we shall be confident of a network free of an intrusive third party.

References

Tissir, N., El Kafhali, S., & Aboutabit, N. (2021). Cybersecurity management in cloud computing: semantic literature review and conceptual framework proposal. Journal of Reliable Intelligent Environments7(2), 69-84.

Chan, L., Morgan, I., Simon, H., Alshabanat, F., Ober, D., Gentry, J., … & Cao, R. (2019, June). Survey of AI in cybersecurity for information technology management. In 2019 IEEE technology & engineering management conference (TEMSCON) (pp. 1-8). IEEE.

Kshetri, N. (2017). Blockchain’s roles in strengthening cybersecurity and protecting privacy. Telecommunications policy41(10), 1027-1038.

Goodyear, M., Goerdel, H., Portillo, S., & Williams, L. (2010). Cybersecurity management in the states: The emerging role of chief information security officers. Available at SSRN 2187412.

Herrmann, D., & Pridöhl, H. (2020). Basic Concepts and Models of Cybersecurity. In The Ethics of Cybersecurity (pp. 11-44). Springer, Cham.

Jouini, M., & Rabai, L. B. A. (2020). Towards New Quantitative Cybersecurity Risk Analysis Models for Information Systems: A Cloud Computing Case Study. In Handbook of Computer Networks and Cyber Security (pp. 63-90). Springer, Cham.

Krumay, B., Bernroider, E. W., & Walser, R. (2018, November). Evaluation of cybersecurity management controls and metrics of critical infrastructures: a literature review considering the NIST Cybersecurity Framework. In Nordic Conference on Secure IT Systems (pp. 369-384). Springer, Cham.

 

Don't have time to write this essay on your own?
Use our essay writing service and save your time. We guarantee high quality, on-time delivery and 100% confidentiality. All our papers are written from scratch according to your instructions and are plagiarism free.
Place an order

Cite This Work

To export a reference to this article please select a referencing style below:

APA
MLA
Harvard
Vancouver
Chicago
ASA
IEEE
AMA
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Need a plagiarism free essay written by an educator?
Order it today

Popular Essay Topics