Executive Summary
Turn2us, a charity, has the most significant risk of being a victim of various cybercrimes, and that’s why they need to put in place all the necessary cyber security measures so that all the vital information related to donors and aid recipients is secured. The result of the analysis tends to show a variety of hazards, including malware infections, phishing attacks, and insider threats. The effectiveness of security control management, following the schedule of security audits, and incorporation of model NIST Cybersecurity Framework into a system were provided to mitigate these risks. An effective security protocol would reinforce authentication, secure administrative accounts, and initiate employee security consciousness. Also, being true to ethical and legal systems is of great importance. Putting these recommendations to work will be a vital security measure to ensure that classified information, integrity, and accessibility are firmly in place. A preventive defense is critical to cyber security. A forward-thinking approach coupled with an emphasis on implementing the measures can ensure the organization’s invulnerability to various cyber threats.
Keywords: Turn2us charity, cyber security risks, sensitive data, malware infections, phishing attacks, insider threats
Introduction
As the digital landscape evolves over the years, computer security has become an indispensable means of shielding vital data against myriad cyber threats to enable operational efficiency. A charitable organization in London called Turn2us, involved in global poverty reduction, is pivotal in practical poverty relief efforts (Fabian, Alexandrova, and Yamini Cinamon Nair, 2023). Helping the most vulnerable residents of society, Turn2us heavily depends on gadgets to process the information of people who give and those of whom data is collected. However, there is the question of growing cyber-security risks, which can lead to unauthorized entry into where vital data can be collected. Thus, systemic computer security practices should become a top priority on the agenda to safeguard the privacy, accuracy, and accessibility of strategic information.
Task 1: Understanding Computer Security Elements
Computing security is a complex sphere that contains an array of the most vulnerable areas related to information systems and computer security (Taherdoost, 2022). The security of information and computer systems requires protection from various threats. Some of the critical elements of computer security networks include:
Weak Authentication Mechanisms
Weak authentication protocols, however, may be a significant risk to computer security since that way personal data is left exposed to malicious attacks. For example, when you say Turn2us and the organization uses plain passwords without MFA, it will be easily subject to numerous cyber threats. Login attempts using a password-guessing or a brute force attack might compromise accounts in one to two days, consequently allowing unauthorized access to donors’ private info or aid beneficiaries’ data (Taherdoost, 2022). To address this issue, Turn2us has to ensure the everyday use of robust authentication procedures. Foremost, imposing password complexity restrictions, which means that the passwords are sufficiently complex and resistant to cracking, addresses the issue. Besides it, the adoption of MFA, e.g., sending an SMS code or finger scanning, is an extended authentication option, which requires users to provide more than one type of evidence to log in, and thus is much more secure. Nowadays, biometric authentication, like fingerprint or facial recognition, provides a high level protection replacing passwords in the majority of business entities to increase the authentication strength (Ali et al., 2021).
Unpatched Software and Systems
The ability to efficiently apply software patches and updates to security holes that can be used for hackers to access secret data or set data is a significant problem for the system if the update isn’t done promptly. In the case of Turn2us, if this organization’s software platforms run on outdated versions or are not being updated regularly, they are professed to be exposed to various cyber threats, which include malware infection and exploitation of vulnerabilities (Taherdoost, 2022). These weak points can be abused, like malware loaded with viruses and other malicious codes, which can be used to acquire sensitive donor information and disrupt the organization’s operations. A robust patch management process must be created throughout the Turn2us organization to deal with this danger. The procedure incorporates the progressing detection of gaps and implementation of the security patches to produce the desired result of a complete remediation system.
Insufficient Data Encryption
Ensuring the security of sensitive information is the crucial task of data encryption – it encrypts the type of data along the transmission route and during storage. If using unsecured networks to transfer encrypted data such as donor information or aid recipient data, Turn2us can sometimes expose security gaps, leading to data breaches due to the activity of malicious attackers (Taherdoost, 2022). Unencrypted data, without doubt, harbors a variety of dangers, including eavesdropping, mainly when it comes to confidentiality, and might result in data breaches if not encrypted. To deal with the issue effectively, Turn2us should deploy robust encryption systems to protect the data in transit and stored data. While sending data, TLS protocols, which act as transport layer security (TLS) cryptography techniques, are adopted to ensure secure communication between the server and the client, that is, data is encrypted in transit (Ali et al., 2021).
Social Engineering Attacks
Social engineering attacks target people as much as the security of systems. Therefore, these types of attacks leverage human psychology for the purpose of tricking people into either revealing sensitive information or doing something that threatens the security of systems. In fact, Turn2us employees may be the next target for such social engineering techniques as phishing emails or pretexting calls since they end up revealing the organization’s weakness despite being unaware of it. These threats are targeted to human weaknesses therefore, they beat the conventional defenses thus putting the companies’ security in jeopardy (Taherdoost, 2022). In order to tackle social engineering threats in a better way, it is crucial to give preference to a highly detailed employee training program that works on increasing the knowledge of common tactics and prohibits being used by culprits. Through providing the security staff with necessary training on the signals highlighting the phishing emails, deceptive phone calls and other social engineering schemes, employees themselves will become wiser and more adept in recognizing and refusing such attacks. In addition, introducing a strong email filtering system will also allow screening and forestalling phishing attempts that could occur even before they reach employee’s inboxes and therefore reduce chances of a successful attack on email accounts (Walker-Roberts et al., 2019).
Lack of Regular Security Audits and Assessments
Insufficient or nonexistent security auditing and assessments make room for possible computer system strengths that can be exploited by hackers. Only to disturb the Turn2us, ignorance of the regular safety assessments leads to an unidentified security holes risks to use by cyber attackers. A security framework that will contain periodic security audits based on vulnerability scanning, penetration testing, and compliance will have to be implemented to prevent this perceived risk (Walker-Roberts et al., 2019). Through this regular auditing, the timely detection and resolution of weaknesses or gaps in IT security infrastructure is achieved which further leads to improved overall reliability threshold. Conducting routine evaluations to identify any loopholes in the security setup of their systems will help Turn2us to react promptly to the situations that may lead security failures, and thus, maintain the safety and integrity of two main factors that keep them going- their processes and systems (Ali et al., 2021).
Task 2: Addressing Computer Security Issues
Prevalent Computer Security Issues through Threat Intelligence
Malware Infections
Malware is perceived as a serious danger to system security, including all the malwares which were made by malicious programmers with sole purpose to ruin company’s services, obtain information illegally, or worse – to hack databases and gain access through unauthorized ways (Gao et al., 2021). Threat intelligence delivered by trusted sources gives the required information on new malware strains, their propagation channels, and how they could damage companies. Through the analysis of structured threat intelligence data, organizations like Turn2us can act preemptively and ascertain which malware strains are prevalent at the moment, employing multi-layered endpoint security approaches, for example, antivirus software and intrusion detection systems to quickly detect and eliminate a malware threat before damages escalate (Sarker et al., 2022).
Phishing Attacks
The phasing attacks employ social technique of fooling an individual to share secret information or to perform actions to make system weaker. Threat intelligence provides organizations with the knowledge surrounding the recently popular phishing strategies such as copied emails, fake websites and counterfeit communicators that target both the employees and users (Gao et al., 2021). Utilizing phishing threat intelligence feeds and threat intelligence platforms may help Turn2us advance its email filtering expertise in both detecting and blocking phishing attempts and creating employee awareness programs about phishing and single factor authentication to keep the threat of the unauthorized access due to successful fraudulent phishing attacks down.
Zero-day Vulnerabilities
Software vulnerabilities, known as zero-day flaws, are now used by cyber criminals before autonomous software lines are released that fix those flaws. Threat intelligence is undoubtedly a key factor in the identification of zero-day vulnerabilities, monitoring the exploiting of those vulnerabilities as well as assessing the possible toll on overall company based systems and networks (Sarker et al., 2022). With threat intelligence feeds coming from our reputable sources, Turn2us can scan websites for vulnerabilities letting us to be further prepared to fix bugs and implement a set of compensating controls until patches are released. Besides proactive monitoring and one-time exploitation systems may help to detect and deal with zero-day attacks immediately, preventing them from doing damage to security of the organization.
Insider Threats
The biggest danger of insider threats in computer security comes from such actions as employee unpleasant deeds or careless attitude to organizational system and data. They imply both the offenders intentionally trying to do harm and the people accidentally bringing it. Threat intelligence allows companies to reveal unusual attributes of users and to detect and prevent insider threats by monitoring suspicious behavior, flagging them, and reporting unauthorized attempts to access to information (Gao et al., 2021). Through adoption and deployment of threat intelligence platforms as well as user behavior analytics solutions, Turn2us can set in place proactive insider threats identification and mitigation measures, introduce access control and privilege management policies as well as promote on-going training and alert programs for the staff in order to prevent insider related security incidences (Sarker et al., 2022).
Enhancing Computer Security through Comprehensive Measures
In the field of Information Technology (IT) Security, a holistic risk management process that includes preventive measures, identification of vulnerable areas, detection of malicious activity, repairing the compromised system, and incident handling is indispensable for the effective management of information security (Rich and Aiken, 2024). Proper access control, security policy enforcement and hardware security components like firewalls and anti-virus, enable us to develop the first defense layers for network security. The implemented security techniques can be referred to as “preventive”, because their ultimate goal is to avert a cyber-attacks by identifying the threats and reducing the chances of successful attack as much as possible. A peculiar goal of vulnerability detection lies in the discovery of loopholes in the system of the organization as well as flaws in its software. The vulnerability audits and penetration tests will allow organizations to find those security risks and fix them depending on their importance and implication faster (Tawalbeh et al., 2020). Effectiveness can be achieved by eradicating necessary weaknesses through timely patch management and remediation plans. Such a move will considerably decrease the attack area and improve the overall security stance.
Moreover, threat intelligence involves the analyses of network queries searching for signs of suspicious or abnormal activity such as deviation from the rule about network traffic. The use of threat intelligence feeds and security information and event management (SIEM) contributes to fast threat detection and response for real-time attack prevention, therefore blocking hackers’ success rates (Rich and Aiken, 2024). In case of a hacked or improper behavior detection, fast and accurate actions are of priority. Organization countermeasures should be developed and incident response plans, which describe the standards for containing, mitigating, and recovering from security incidents, should be in place. These include reverting the hacked components, fortifying the system for post-mortem investigation, and returning the affected systems back to normal operation status as early as possible. Consistently carrying out testing and improvement processes of incident response engenders an alert stance to deal with any instances so that they do not affect the organization processes and image (Tawalbeh et al., 2020).
Task 3: Exploring Cyber Security Frameworks
On the cyber-landscape of modern security, most organizations focus on compliance with existing frameworks, considering them adequate security strategies and practices. Such frameworks are tailored mechanisms for identifying, classifying, and controlling security events, and consequently, the process of overall security posture is strengthened (Saeed et al., 2023). Cyber security frameworks for Turn2us charity must be considered in line with comprehensiveness to threats as they may be coming from internal and external threat actors as well as being used as to the situation and customary needs of the organization
Common Cyber Security Frameworks
Plenty of cybersecurity frameworks exist, and the application is different and more specific, with varying guidelines focusing on diverse security challenges. The NIST Cybersecurity Framework and the Information Security Management System (ISMS) of ISO/IEC 27001 are among the standard models commissioned by the Center for Internet Security (CIS). This is why the administrators design these controls to support the execution of complete security controls and risk management issues, as well as compliance with regulations (Saeed et al., 2023). The NIST Framework for Improving Critical Infrastructure Cybersecurity proposes a flexible, risk-based approach, empowering organizations to focus on identifying core critical functions: Identify, Protect, Detect, Respond, and Recover. Through this framework, organizations will be able to gain insights into their current security posture, detect weaknesses, and make targeted security controls to jam up the threats in time. Enabling the NIST framework promotes information sharing and collaboration, thereby offering the ground for communication spread among the stakeholders to attain an integrated approach to security threat management (Aldaej et al., 2022).
Likewise, the ISMS of ISO/IEC 27001 frames information security risk handling as a consistent and formal way for organizations. This structure stresses the role of risk assessment, treatment of the issues, and continuous improvement. Organizations can then adapt to the security practices and maintain the shown ones. ISO/IEC 27001 certification confirms an organization’s continued focus on information security and thus improves the company’s credibility and trustworthiness (Saeed et al., 2023). The CIS Control comprises a list of actions taken to deal with the most prevalent cyber threats that threaten the integrity of the cyber environment. These controls are organized into 20 security controls across three categories: §Tangible, Relevant, Credible, and Ethical and Social. The CIS Controls provide these workable and accessible prescriptions on how to boost cybersecurity, making them useful for health organizations with limited resources or expertise in cybersecurity (Aldaej et al., 2022).
Evaluation of Frameworks
Each framework has its characteristics, which constitute its strengths and weaknesses. It is, therefore, important to carry out a suitable assessment to determine the needs of Turn2us charity before choosing the framework. AD NIST Cybersecurity Framework is one example of a rule that provides a flexible and risk-based approach to cyber security and emphasizes some core processes such as identifying, protecting, and Recovering (Aldaej et al., 2022). This model bridges the gap of overall cyber security involving the customization of the prevention techniques according to unique organizational risk profiles. The ISO/IEC 27001 ISMS implementation consistently offers a systematic approach to the security management of information risks, including identification, assessment, treatment, and continuous improvement. ISO/IEC 27001 certification portrays a will to invest in robust information security management systems and has worldwide recognition. Nevertheless, establishing and keeping up an ISMS might require considerable input of time and skills, making it costly and difficult to execute (Liu, Nikitas, and Parkinson, 2020).
Selection of Framework
It is even more essential to choose the proper cyber protection framework when selecting a balance between the organization’s size and requirements, membership in an industry sector, etc. The Turn2us organization, as a charity specializing in poverty reduction, can focus its effort on a framework that has been proven practical, cost-efficient, and suitable for the given country. Therefore, the NIST Cybersecurity Framework is ideal for Turn2us charity, considering this plays the role (Liu, Nikitas, and Parkinson, 2020)—the risk-adaptive and process-based approach seamlessly combes the company’s mission and operational objectives. Putting the NIST framework into practice, Turn2us can view its present security state and analyze which areas might be underperforming; then, controls and technologies can be planned and applied to minimize risks. In addition, the NIST framework’s collaboration and information sharing are part of Turn2us’s mission of transparency and openness. Cyber security at Turn2us will become a culture that can unite the whole organization by effectively responding to challenges posed by its staff, volunteers, and donors (Saeed et al., 2023).
Task 4: Implementing Access Control System
Access border control management is of great importance as it acts as a gateway for granting or denying access to sensitive data and other resources on the computer. Therefore, appropriate elimination of access privileges makes it possible to give access to the services, systems, or information to individuals or entities with legitimate configuration, and this, in turn, helps in the prevention of unauthorized access, data hacks, and malicious actions (Liu, Han and Li, 2020). Given that Turn2us charity, where donor-sensitive data and aid recipient data are taken scrupulous care of, implementing the most robust access control measures is of fundamental importance to maintain confidentiality, integrity, and availability of the crucial data.
Overview of Access Control Management
Access control management refers to enacting policies and procedures on using technologies as techniques to control and restrict access rights to an organization’s IT infrastructure (Liu, Han, and Li, 2020). This involves specifying user roles and privileges, enacting authentication mechanisms, and flagging access activities to take the required action against suspect activities as quickly as possible. Using layered ways to access control, e.g., defense approaches in depth, orchestrates different countermeasures and permits you to comply with the rules and regulations.
Active Directory (AD) Implementation Steps
The purpose of Active Directory (AD) is to enable central management of users, privileges, and account access rights within a domain-based Windows network. Performing AD requires some crucial stages, beginning with the domain controller installation, ending with the domain creation, and user account provisioning. As a first step, admins should install the Active Directory Domain Services (AD DS) role on separate servers and answer ‘yes’ to be promoted to domain controllers (Prince and Lovesum, 2020). They start by creating a new domain or linking to already available domains, dealing with the domain settings of their choice, and, if necessary, establishing trust relationships. Executives should set up the AD architecture. After that, accounts, groups, and operational units (OUs) can be created so access rights can be protected and the organizational structure is in order.
Default Groups and Users
Active Directory comprises users and groups with varied access permissions focusing on specific domains in various administrative or functional roles. In addition, some user groups include different users like Domain Admins, Enterprise Admins, and Domain Users. Moreover, there are also inbuilt users like Administrators and Guests (Prince and Lovesum, 2020). Although they come as defaults, allowing for specific groups and users is critical, so you should polish it. One can do it with some essential settings—instructions: Humanize the given sentence. Administrators would need to overhaul default group membership and only assign necessary privileges, as this will significantly minimize the levels of privilege escalation and data theft risk while at the same time allowing users to perform their essential duties effectively.
Securing Administrative Accounts
One must recognize the importance of protecting administrative accounts, which is the only way to outsmart intrusion and loss of data and system resources. Accounts-related to administration, such as those of domain admins or IT personnel, are compassionate and susceptible to being used by intruders to increase the vulnerability of system integrity (Prince and Lovesum, 2020). This risk can be tackled via regular application of the best process for account security in the admin area: a robust password process, MFA (multi-factor authentication) can be activated, and restricted administrative access can be assigned to limited devices or workstations. Administrators must also be in charge of assembling the inventory of administrative privileges to cancel unused permissions and keep an eye on the account activities for any incongruous or malicious behavior symptoms (Taherdoost, 2022).
Configuring Users & Groups
Setting up users and groups in the Active Directory so that the groups are isolated, hence granular access control and non-authoritarian by least privilege principles, is the fundamental part of the configuration. The administration should create a logical hierarchy of users and groups based on job positions, department loyalty, and project attributes, through which granting appropriate permission to different groups is easier (Taherdoost, 2022). Administrators can assign users to groups that meet their requirements and give groups aggregate permissions to help them get permission management on an orderly basis and enforce an organization-wide uniform policy adherence. As a side note, applying RBAC enables admins to grant privileges according to job positions or assignments, which lessens the probability of unauthorized access and confirms the principle of least privilege.
Demonstrating Effective Access Control Implementation
Properly writing access control in Active Directory helps make today’s situation much safer against cyberattacks and unauthorized entry. Through best user and group management practices, significantly tightening the controls of all administrative accounts, and configuring access permissions according to the principle of least privilege, organizations can enforce security controls and shrink the attack surface (Bartolacci, 2023). Additionally, enacting robust identification systems like MFA allows administrators to respond to security incidents quickly by ascertaining and constantly monitoring access activities. Accordingly, the implementation of effective access control become a significant factor in terms of improving computer security as well as protecting sensitive data from unauthorized sharing or taking advantage of it.
Task 5: Social, Ethical, and Legal Considerations
In the Information technology and security area, IT professionals perform dual duties since they not only strive to safeguard data and ensure systems integrity, but they also keep ethics and regulations in high spirits (Kaplan, 2020). As the caretakers of the systems that manage and process highly confidential data and information, IT Team Members have to traverse the multitude of social, ethical, and legislative dimensions to protect the integrity and ensure the security and accountability of their actions.
Code of Conduct for IT Professionals: IT labor is just like any other work, and it should follow a code of ethics that specifies the principles and standards for which IT labor can be held accountable. The Code stresses these values as core to such areas as integrity, full respect for privacy, and professional competence (Kaplan, 2020). Ethical principles are a set of values that all IT professionals must follow to maintain the people’s faith, maintain the profession’s reputation, and eventually meet the stakeholder’s requirements.
Maintaining Integrity: Integrity is the main ethical notion that stands for the need for honest, trustworthy, dependable persons among IT professionals. Such as truthful reflecting the abilities and qualifications, giving true information, and not doing whatever is deceptive or can lead to fraud (Nifakos et al., 2021). Maintaining integrity implies that one must be responsible and accept responsibility for mistakes, and if mistakes should occur, they need to be rectified as soon as possible to minimize the harm caused.
Upholding Confidentiality: The Confidentiality must be demonstrated for preventing any unauthorized information access or unsolicited disclosure. Information security experts of IT are depended upon their confidential data protection skills, like personal or financial information, and must make it sure how that information is kept private and secure (Nifakos et al., 2021). This type of process implicates implementing security measures, including encryption, access control, and also a data anonymization, to ensure information is not leaked or accessed without authorization. IT professionals are responsible for abiding by on privacy right and confidentiality arrangements by keeping off from leaking or accessing information without proper approvals.
Adhering to Legal and Ethical Standards: The IT specialists are challenged by the difficult legal environment covering the matters of data protection, privacy as well as cyber security. Here of course, we are referring to the legal compliance with several acts of laws, such as GDPR, HIPAA, and others which are industry or sector-specific (Kaplan, 2020). Next, IT workers need to be acquainted with ethical norms in the field of computing, issued by major corporations: the Association for Computing Machinery (ACM) and the International Federation of Information Processing (IFIP).
Conclusion
In summary, comprehensive consideration of the main points of computer safety problems, risky problems and mitigation frameworks suggests the paramount act of ensuring great computer security at Turn2us charity. The recommendations feature implementation of advanced authentication packages, security audits (both regular and penetrative), and access control issuance. Utilization of reference standards with the likes of NIST Cybersecurity Framework will enhance complete protection. Besides that, consistency of behavior like security awareness training for end users, and compliance to ethical and legal standards are pivotal as well. With the incorporation of this guidelines, the organization can help to strengthen its social media security as well as protect the confidential data and prevent the cyber-attacks.
References
Aldaej, A., Ahanger, T.A., Atiquzzaman, M., Ullah, I. and Yousufudin, M. (2022). Smart Cybersecurity Framework for IoT-Empowered Drones: Machine Learning Perspective. Sensors, 22(7), p.2630. doi: https://doi.org/10.3390/s22072630.
Ali, R.F., Dominic, P.D.D., Ali, S.E.A., Rehman, M. and Sohail, A. (2021). Information Security Behavior and Information Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance. Applied Sciences, 11(8), p.3383. doi: https://doi.org/10.3390/app11083383.
Bartolacci, C. (2023). Enhancing your security through role-based access controls. [online] Thoropass. Available at: https://thoropass.com/blog/compliance/role-based-access-controls/ [Accessed 10 Mar. 2024].
Fabian, M., Alexandrova, A. and Yamini Cinamon Nair (2023). Coproducing Wellbeing Policy: A Theory of Thriving in Financial Hardship. Journal of Happiness Studies, 24(7), pp.2309–2330. doi: https://doi.org/10.1007/s10902-023-00682-y.
Gao, P., Shao, F., Liu, X., Xiao, X., Qin, Z., Xu, F., Mittal, P., Kulkarni, S.R. and Song, D. (2021). Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence. [online] IEEE Xplore. doi: https://doi.org/10.1109/ICDE51399.2021.00024.
Kaplan, B. (2020). Revisiting Health Information Technology Ethical, Legal, and Social Issues and Evaluation: Telehealth/Telemedicine and COVID-19. International Journal of Medical Informatics, 143(1). doi: https://doi.org/10.1016/j.ijmedinf.2020.104239.
Liu, H., Han, D. and Li, D. (2020). Fabric-iot: A Blockchain-Based Access Control System in IoT. IEEE Access, 8, pp.18207–18218. doi: https://doi.org/10.1109/access.2020.2968492.
Liu, N., Nikitas, A. and Parkinson, S. (2020). Exploring expert perceptions about the cyber security and privacy of Connected and Autonomous Vehicles: A thematic analysis approach. Transportation Research Part F: Traffic Psychology and Behaviour, [online] 75, pp.66–86. doi: https://doi.org/10.1016/j.trf.2020.09.019.
Nifakos, S., Chandramouli, K., Nikolaou, C.K., Papachristou, P., Koch, S., Panaousis, E. and Bonacina, S. (2021). Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. Sensors, [online] 21(15), p.5119. doi: https://doi.org/10.3390/s21155119.
Prince, P.B. and Lovesum, S.P.J. (2020). Privacy Enforced Access Control Model for Secured Data Handling in Cloud-Based Pervasive Health Care System. SN Computer Science, 1(5). doi: https://doi.org/10.1007/s42979-020-00246-4.
Rich, M.S. and Aiken, M.P. (2024). An Interdisciplinary Approach to Enhancing Cyber Threat Prediction Utilizing Forensic Cyberpsychology and Digital Forensics. Forensic Sciences, [online] 4(1), pp.110–151. doi: https://doi.org/10.3390/forensicsci4010008.
Saeed, S., Altamimi, S.A., Alkayyal, N.A., Alshehri, E. and Alabbad, D.A. (2023). Digital Transformation and Cybersecurity Challenges for Businesses Resilience: Issues and Recommendations. Sensors, [online] 23(15). doi: https://doi.org/10.3390/s23156666.
Sarker, I.H., Khan, A.I., Abushark, Y.B. and Alsolami, F. (2022). Internet of Things (IoT) Security Intelligence: A Comprehensive Overview, Machine Learning Solutions and Research Directions. Mobile Networks and Applications. doi: https://doi.org/10.1007/s11036-022-01937-3.
Taherdoost, H. (2022). Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview. Electronics, [online] 11(14), p.2181. doi: https://doi.org/10.3390/electronics11142181.
Tawalbeh, L., Muheidat, F., Tawalbeh, M. and Quwaider, M. (2020). IoT Privacy and Security: Challenges and Solutions. Applied Sciences, [online] 10(12), p.4102. doi: https://doi.org/10.3390/app10124102.
Walker-Roberts, S., Hammoudeh, M., Aldabbas, O., Aydin, M. and Dehghantanha, A. (2019). Threats on the horizon: understanding security threats in the era of cyber-physical systems. The Journal of Supercomputing. doi: https://doi.org/10.1007/s11227-019-03028-9.
write