Brief Summary of the Case Study
In most of the organizations today, especially the ones that follow the Information and Communication Technology or ICT based environment for their business organization, it becomes a pretty difficult task to handle the critical challenges that are there in the Cyber Risk Management and Resilience. In these kinds of organization, there is constant risk about the security of data and thus becomes an even bigger challenge to implement a risk assessment and management procedure to handle all the risks that the company faces from the cyber world (Tricker and Tricker 2015). A company listed on the Australian Stock Exchange would be at a higher risk, since the company deals with all the financial information about the customers of the organization. Any security breach and compromise of data would not just be harmful for the business organization but would also be perilous for the customers of the organization since this would mean handing over random financial information to the malicious attackers over cyber world. Thus, the following report would be based on the security system of a company listed on the Australian Stock Exchange and its critical analysis on the basis of the best practices for initiating a resilience policy in the organization as a positive change.
The organization as mentioned in the case study is as listed in the Australian Stock Exchange. Therefore, this means that the organization handles a lot of personal details of their clients other than the data related to the business. For example, if it is assumed that the organization belongs to a real estate business, it would have all the personal details of a client, including their contact information and financial data (Duncan, Zhao and Whittington 2017). Thus, there has to be a strict security policy and system maintained in the organization that would imply upon the organization’s business process and operations management. As a consultant for the business organization it is the duty of the consultant to check for the security systems and policies that are applicable in the organization.
Thus, it can be stated that the organization works on an existing security system that runs within the organization to protect the integrity of the employee data and the client data as well. It is required for the consultant in the organization to produce a clear critical analysis of the security system and provide new cyber resilience for the company’s well being and which compensates the company’s appetite as well (Tagarev, Sharkov and Stoianov 2017). This is because; with the emerging technologies and advancement of the technological era, there is also ways by which the malicious attackers can defy the existing security systems and carry on with their malicious works even with the ways to stop them. Thus, there would be a cyber resilience proposition advised by the consultant for the sake of enhancing the security system of the organization.
Critical Analysis of the security system existing in the company
The organization in the case study is included in the Australian stock exchange top 200 companies. Therefore it is quite justify that it goes to such a system that provides security to the company regarding the employee and customer data (Trim and Lee 2016). However it is not to be neglected as a matter of fact that Bose and managers of Enfield to acknowledge an impending the risk that may have been preventable but somewhat due to poor handling of the security system it may result into something bigger. For example we have seen that the breach of customer data that occurred in Equifax had the company at a loss of almost 1.5 billion USD including the hacking of customer data consisting of personal and contact information of the organization (Avant, Kahler and Pielemeier 2017). Therefore it can be pointed out that it is not just the security system that needs to be up to date with the latest technological advancements but also the employees who work in the organization need to be up to date about the handling of the systems. In this case as well it is identified that there has been no security policy for handling the security systems in the business organization. It had no lack in its implementation of security system what the employees have no idea on how to secure the entire organization system so that it may not form a problem in the near future. However the security system is up to date according to the technological advancements it can be said that on the part of the employees there have been some cases of mishandling the security system that have resulted into minor problems in handling of information and data regarding the customers and the employees.
Therefore after the critical analysis of the security system in the entire organization it can be said that it is a positive point that the company is advanced enough to implement state of the art facilities for its security system but they also need to find a way to make the employees in the organization handle them as well so that there should be no mishandling of data and no possibility of malicious attack cause hacking into the system in the near future (Deschaux-Dutard 2016). It is found that the organization is focusing more on the security system rather than applying and strategic early to the entire organization to make sure that it is impermeable to any malicious attacker in the cyber world. It is often found that the entire organization had been putting up a very strong system but the handling of data or the storing processing and capturing of important employee and customer information is not established as a strategy clearly to the workforce (North and Pascoe 2016). The ignorance in handling intricate and confidential data would make a company vulnerable to any external malicious attack from the cyber world even if the organization processes state of the art security system in the business organization process.
Justification for the integration of cyber security and resilience
There has been a huge demand for the board level cyber resilience tool simply because the challenges that cyber security and cyber resilience implement on an organization have found to be seemingly novel. This is why it is often found that the people at the cream of the hierarchy levels of an organization especially the senior executive and the other Board members are continuously demanding the board level cyber resilience tools (Choras et al. 2015). The world economic forum offers these tools simply for the Governance of strategy in a business organization instead of having a set standard or tactics for a business management. Since boards function a vital governance characteristics for an organization in determines the behaviour of the entire company and it sets the risk appetite for a company as well. The world economic forum have found several misconceptions in the frame Works from the perspectives of the board of directors and this has been well notice in business scholarships (Rashid, Joosen and Foley 2016). The cyber resilience Technologies and strategies bridges the gap by conducting an interview for the board of the directors across several industries and continents and only due to that it has been found that the security risks in every organization has been increasing at an exponential rate due to the technological advancements and thus the cyber resilience to learn essentially needed to govern the security system existing in the business process of and ICT based organization or an organization listed under the top 200 organizations of the Australian stock exchange (Sandberg, Amin and Johansson 2015).
Nowadays it is considered that the existing security systems installed in an organization of such a huge impact has been insufficient to meet the challenges of the digitisation of the latest era of Cyber world (Harrop and Matteson 2015). It is important that an organization go for extra protection but it should also develop strategies to make sure that the networks used in the organization and durable enough and they are able to extract the advantages and opportunities of the world of digitisation when it is implied (Cavelty, Kaufmann and Kristensen 2015). Cyber security has much broader definition but cyber security and strategic cyber security system has huge difference. Cyber resilience evokes the long-term thinking in the strategic system for a business organization for its data and information security and thus resonance should we dependent on conversations rather than implementing them on an individual organization.
Best Practice Examples for Cyber Resilience
Regarding the best practices for initiating the residence policy in the organization, following would be a structured list for the highly esteemed organization as described in the case study as advised by the consultant:
- Board principles for Cyber resilience: it had been found in the analysis above by the consultant that even though the organization has a huge state of the art Security System enabled in the organization for securing the intricate and confidential employee and customer data there is a lack of common sense in the entire work force in handling the security system (Shafqat and Masood 2016). It can also be found that there is a haphazard way of maintaining the system used for security of data in the organization and it has not been up to date with the latest technological advancement does falling short of hacking vulnerabilities. Therefore would principles for Cyber resilience is a set frame work consisting of 10 principle that reduces the supervisory cyber risk that the Bose have developed in the recent years raising high awareness (Roege et al. 2017). This Framework consisting of the ten principles enables board action that helps in the recognition of pivotal roles within a board.
- Cyber principal tool kits: The framework of the 10 principles to enable the board members in recognising their pivotal role in handling the security system in the organization for Cyber resilience is now supported with a set of questions that fosters the constructive dialogue that happens between a senior management and the board (Pate-Cornell and Rouse 2016). This conversation is mainly generated due to the topic regarding the maintenance of the dignity of the cyber security system in the organization and implementation of Cyber resilience (North and Pascoe 2016). The questionnaire will does help the boat in understanding and performing their role for overseeing the handling of security system.
- Board cyber risk framework: this Framework suggest that the boat should review the risk that the organization faces in the cyber world time to time on a regular basis to ensure that the entire cyber system is integrated and review of other business risks are easily available (Knowles et al. 2015). This Framework helps in the handling of cyber security program as a whole and provides the information based on risk management prioritising actions that occurs within the cyber resilience program.
- Insights on the emerging Technology risks: the cyber resilience policy that is handed over with the help of this document has asset guideline and insights that can be applied to any organization who is under the process of shifting the business model for the latest innovations in the technological world (Musman 2016). Since the company in the case study already has such change implemented in the business process before the insides and the guidelines would more specifically facilitate the discussion in between the stakeholders of the board level with the executive teams which would rather help them devices strategy to make the entire work force work as a single unit and in an intelligent way to handle the security system with respect to the technological advancements that happen in the cyber world.
Thus, it is recommended that the corporate governance structure as implemented by the consultant to the organization in the case study should follow the cyber resilience policy to make an effective way of handling the employee and customer data with the use of the existing cyber security system even though the technological advancements of the cyber world keeps on or crying at an exponential level. Applying cyber resilience policies in an organisation would only help them handle their business process as well as the security system in the organisation in a structured way for the board members to effectively make a decision out of the meeting with the executives for devising a successful plan or implementing a strategy to handle the technological change in the cyber world with respect do the security system that exist in the organisation.
Conclusion
From the above report, it can be concluded that the Australian Organization listed in the country’s Stock Exchange had an effective security system but with the advancement of technology and the greater loopholes detected during the process of advancements, there was a need to implement a better and improved security system for the organization. This had been done by a consultant who proposed effective ways by which a resilience policy can be implemented within the organization on the basis of the existing security system and its vulnerabilities. This had been done because a company listed on the Australian Stock Exchange is always at a higher risk, since the company deals with all the financial information about the customers of the organization. Any security breach and compromise of data would not just be harmful for the business organization but would also be perilous for the customers of the organization since this would mean handing over random financial information to the malicious attackers over cyber world. Thus, the following report was based on the security system of a company listed on the Australian Stock Exchange and its critical analysis on the basis of the best practices for initiating a resilience policy in the organization as a positive change.
References
Tricker, R.B. and Tricker, R.I., 2015. Corporate governance: Principles, policies, and practices. Oxford University Press, USA.
North, J. and Pascoe, R., 2016. Cyber security and resilience It’s all about governance. Governance Directions, 68(3), p.146.
Recommendations for Board-level Cyber Resilience Policy
Trim, P. and Lee, Y.I., 2016. Cyber security management: a governance, risk and compliance framework. Routledge.
Deschaux-Dutard, D., 2016. Cyber security in the European Union: resilience and adaptability in governance policy. By George Christou.
Avant, D., Kahler, M. and Pielemeier, J., 2017. Innovations in Global Governance: How Resilient, How Influential?. Innovations in Global Governance, p.1.
Choras, M., Kozik, R., Bruna, M.P.T., Yautsiukhin, A., Churchill, A., Maciejewska, I., Eguinoa, I. and Jomni, A., 2015, August. Comprehensive approach to increase cyber security and resilience. In Availability, Reliability and Security (ARES), 2015 10th International Conference on (pp. 686-692). IEEE.
Roege, P.E., Collier, Z.A., Chevardin, V., Chouinard, P., Florin, M.V., Lambert, J.H., Nielsen, K., Nogal, M. and Todorovic, B., 2017. Bridging the gap from cyber security to resilience. In Resilience and Risk (pp. 383-414). Springer, Dordrecht.
Rashid, A., Joosen, W. and Foley, S., 2016. Security and resilience of cyber-physical infrastructures: Proceedings of the First International Workshop held on 06 April 2016 in conjunction with the International Symposium on Engineering Secure Software and Systems, London, UK.
Tagarev, T., Sharkov, G. and Stoianov, N., 2017. Cyber Security and Resilience of Modern Societies: A Research Management Architecture. Information & Security, 38, pp.93-108.
Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P. and Jones, K., 2015. A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 9, pp.52-80.
Sandberg, H., Amin, S. and Johansson, K.H., 2015. Cyberphysical security in networked control systems: An introduction to the issue. IEEE Control Systems, 35(1), pp.20-23.
Harrop, W. and Matteson, A., 2015. Cyber resilience: A review of critical national infrastructure and cyber-security protection measures applied in the UK and USA. In Current and Emerging Trends in Cyber Operations (pp. 149-166). Palgrave Macmillan, London.
North, J. and Pascoe, R., 2016. Cyber security and resilience It’s all about governance. Governance Directions, 68(3), p.146.
Dunn Cavelty, M., Kaufmann, M. and Søby Kristensen, K., 2015. Resilience and (in) security: Practices, subjects, temporalities. Security Dialogue, 46(1), pp.3-14.
Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security strategies. International Journal of Computer Science and Information Security, 14(1), p.129.
Pate-Cornell, E. and Rouse, W.B., 2016. Perspectives on Complex Global Challenges: Education, Energy, Healthcare, Security, and Resilience (Vol. 1). John Wiley & Sons.
Musman, S., 2016, April. Assessing prescriptive improvements to a system’s cyber security and resilience. In Systems Conference (SysCon), 2016 Annual IEEE (pp. 1-6). IEEE.
Duncan, B., Zhao, Y. and Whittington, M., 2017, February. Corporate Governance, Risk Appetite and Cloud Security Risk: A Little Known Paradox. How Do We Square the Circle?. In Eighth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2017). IARIA.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
