Governance
Cyber security is essential for corporate bodies and it is interlinked with decision making. The companies need to understand the business strategy model along with cyber. The success of an organization not only lies in its innovation, but also with the strategic importance of cyber Security. Vodafone is a multinational conglomerate, based out of London. It has centers in Africa, Asia and Europe. It is a mobile operating company and has been ranked second because of its high number of the customers.
According to the recent reports of 2018, there are 535 million customers (Tsoumas and Gritzalis, 2012). Vodafone has been operating in more than 25 countries and has partnerships with more than 45 countries. Its global enterprise corporate body arranges IT and telecommunication services for more than 150 countries. Vodafone is the largest company listed on the London Stock Exchange and comprises of market capitalization which is approximately 52 billion Euros (Horowitz and Lucero, 2016).
The management team of Vodafone Company is making huge investments in Cyber Security. The company is confident to strive growth in the business and create differentiation in the marketing. Vodafone is acquiring new customers and prioritizing cyber security to a large extent. Businesses need to focus on the transformation and improvement initiatives. This not only includes digitalization, but also cyber security. The decision making body is significant for the individual projects and must not be neglected at large. The companies need to emphasize on the robust cyber security issues and this must be streamlined with networks. Another key aspect which cannot be ignored is security budget.
The energy sector is diverse and complicated. There is existing energy sources which are using the ERP technology to be more effective and cost-efficient and all the new energy sources must provide the energy customers with power choices. The innovation impact is bigger than the choice as it brings changes in the economies of scale. Suppliers of the energy sector will be required to meet with the different criteria’s to provide right supply to energy equipment owners. The supplier must have these product characteristics-
- High Quality
- Compliance with the engineering specifications
- Product documentation must be correct and implementing of instructions.
- History of order requests and rapid availability.
- Service maintenance record of vital equipment’s and machinery.
Brazilian Energy Sector is based on the renewable energy resources, this account for 80 percent of electricity generation. Brazil is dependent on the hydro generation of power; Energy sources in Brazil include oil, minerals, hydropower and biofuels. The development of economic activities, similarly, account energy issues are under the competitive and environmentally sustainable conditions. Brazil has done its homework and has been frequently mentioned in the oil production and hydroelectricity power generation. The massive use of wind energy and interconnected transmission system and especially, the energy renewability and power mix.
The achievement of Brazilian industry is essentially through the institutional and regulatory framework that ensures favorable conditions for the investments. Energy is one of the sectors where in countries will have more significantly restoring the capabilities of decision making and policy making and planned actions must be executed through integrated public-private associations.
The organizations need to have an awareness of the fact that there is no robust technology available that can provide well-tested technical backup. The scheduling of a backup plan is required and rapid recovery can ensure the decrease of cyber security crimes. There are different principles applicable to the wide variety of operations. For instance- The sound and encyclopedic governance must be in place to enjoy the privileges given to different users to perform the necessitated jobs. An important key concern for CEOs and managing directors is the level of compromise being made at the enterprise level to ensure protection to malicious systems or inside actions. Here, the organizations need to adopt the unified corporate and risk governance. Standard and Frameworks
Management
Enterprise Resource Planning models have been evolved from integral business systems towards large and medium organizations. The ERP strength is a computerized information transactional system which is data repository. This allows the data availability and collaboration among the different business functions. Realizing the associations of an ERP implementation is challenging. The establishment of ERP system has forced the organization to critically review its position. This study has identified some shortfalls in initial implementation of ERP and introduces the ERP framework named COSO, COBIT 5, CSGM and ISO 31000. These will assist in evaluating the ERP system evaluation results and support the organization with evaluation results. These are based on the organizational fit. These models and frameworks can effectively decrease the product cost, enhance customer satisfaction and increase the competitiveness for most of the enterprises. The successful implementation of ERP system requires initial planning and achievement of intended goals is possible. Aiming at the different issues, the IT governance ERP framework has been prepared and this is based on IT governance methodology which includes strategy and enterprise organization, governance arrangements, ERP related performance goals, related accountabilities and metrics.
Image Source: – www.coolblue.com
The consistency of a strategic road map and cyber security plan must take into the legal framework of ISO 31000:2018 and controlling the information objectives and related technology. The detection of fraud and internal control at the enterprise level is relevant within the information framework of ISO 31000. The Indian Standard Organization 31000 has been formed with the aim of protecting the frauds and effective allocation of resources and comparison of risk practices at different levels. The expected computational loss can be advocated through the implementation of ISO 31000 frameworks.
CSGM Model and ISO 31000 are intended for organizations to protect the value and risk management in any organization which can manage the risks, decision taking management and setting up of objectives and working on improving the performance. The CSGM model discovers keeping the risk management simple. Risk management guidelines have moved forward and it is now available for the public comments. This is a revision work which will follow the distinct objective of making the riskier things clear and easy. This is achievable by simple language techniques and expressing the risk fundamentals wich are understandable to the users. There are certain standard policies and guidelines on the values and benefits of efficient and effective risk management and can help the organizations to understand the uncertainties and accomplish the objectives. The major task is finding the right balance detailed guidance and complete textbook. The text has been shortened to the fundamental concepts and has created the clearer, concise statement which can be read easily and remains widely applicable. In order to avoid weighing the security risk standards and making the process too complex, the ISO 31000 terminologies will be reduced. This is strengthened by generic quality and provides the renewed basis for experts and end users. These are the users who will be facing the challenges to determine risk and communication with different stakeholders. There must be a risk management framework which comprises of guidance and is relevant for end users and must be augmented with different concept. This must be in relevance with different countries and industries.
Suitability for Industry
Cyber security is gaining huge importance and business organizations must embed the networks from the very beginning. The companies will be required to heavily focus on the investment plans. There is a young team of decision makers that believe in the complete automation of the IT industry. More than 70 percent of the people are of the belief that business security is necessary due to the increase number of internet threats. The humans are not capable alone to handle the cyber security issues (Lehto, 2013). The COSO Enterprise Risk Management is a cross-market data format that has separate IT guidelines. The model provides a framework for the collection of cyber exposures. The companies need to plan a detailed analysis of their organization and note responses demographically, industrial units, revenue plans and recovery plans. .
The Vodafone Company assesses the nightmare occurring due to cybercrime. These are increasingly rising in cost and numbers. The company needs to implement the CSGM Model and COSO ERM framework. The legal protection is very costly and there is no specific software that can perform the cyber risk governance and management. The best methodology adopted for the prevention of cybercrime attacks and minimal asset losses is defining the CSGM Model and COSO ERM framework and principles that ensure active defense (Amin, 2017). The company needs to adhere to certain critical steps for implementing the scheduled checks. This is done in order to reduce the number of technical errors. The exploitation of IT Systems is mainly due to unwanted or pending alerts. The corporate governance combined with security risk management alerts must be addressed and systems must be up-to-date. The company needs to get prepared and active CSGM Model and COSO ERM framework against the security breaches must be taken into account. The minimization of cyber security crimes is required in the corporate bodies, specifically when the companies are data flooded (Malhotra, 2015).
COBIT 5 is in practice from past 2 decades and IT governance frameworks on audit, management control and information security business model has been released (Haugen, 2005). The roadway to provide customer satisfaction and direct monitoring of stakeholder transparency lies within the framework of COBIT 5. The changing business environment is highlighted with the use of Cyber security models and its alignment with COSO, COBIT 5 and ISO 31000. The performance at different enterprise levels must be improvised with an approach highlighted as an input. The companies need to attain leadership in addressing the enterprise risk and internally recognizing the guidance given through body of individuals (Peters, Shevchenko and Cohen, 2018).
The companies lack the all-encompassing cyber risk models that can mitigate risks and allocate solutions for a given event. The probabilistic cyber risk model must not be seen from the stakeholder perspective, but develop a re-assurance towards the CSGM Model and COBIT 5. The quantification of loss and individual accounts allows the companies to implement a new model within its framework. The different industries with relevance to marine, energy, insurance and property must be linked with the data portfolios and incorporated COBIT 5 or CSGM structure (Olcott and Sills, 2014).
Brazilian Energy Sector
Image Source: – https://www.isaca.org
The Vodafone Company needs to focus on finding some of the limitations that are associated with implementation of cyber security models. The evaluation of budgetary limits is one of the key concerns of management. Hiring a legal team for the purpose of underwriting and cyber security probability accumulation analysis is an increased cost in corporate’s. Regulatory compliance is another aspect of cyber security that requires different bodies to analyze the legality of IT frameworks adopted by the corporate structure.
Suitability of the CSGM Model for Vodafone is a lengthy task and requires retaining the legal IT security team. A cost-benefit analysis is necessary to be conducted for the implementation of CSGM Model (Malhotra, 2015). The cyber security products are aimed at reducing the financial losses that happen through security breaches. The IT technology adopted by the company must be compliant with the CSGM Model. The cyber risk can be assessed through different models. The different models must be implemented into the corporate body after assessing the different variables that have an impact over the returns or the revenue of the firm. The profile of wealth firm needs to be insured by the legal bodies. In a scenario of a security breach in an organization, the cyber risk assessment must be performed (Eling, 2018).
The CEO may oversight the vulnerabilities of a department, but cyber security division has a strong and robust view to effectively understand the risk governance. An appropriate cyber security cell is guaranteed in upcoming years, in every enterprise. The board of directors and must play a major role in assessment of cyber risk inputs and risk mitigation. The distinctive corporate governance must encompass all the key domains of cyber risk and security. There are no comprehensive solutions to a given IT governance problem. The IT surroundings in which a corporate structure has been built requires a legal body and personnel trained service that can deliver the cyber security at the enterprise level. The companies need to identify the complexity that encompasses the cyber security. A need for the identification of employee skills, security staff and appropriate body of individuals that can lead the pathway for global cyber security is significant in its own terms. The cyber resilience has been used synonymously with cyber security (Paté-Cornell et al., 2017). The philosophy behind the cyber security is based on tested IT processes which can encourage the subsistence of a corporate structure. When information or a policy and/or guidelines are breached, the escalated matters must be responded appropriately and simplified. The damage to a corporate repute/image must be emphasized with the juncture of different processes, skills and re-occurrence of mishaps within a given span of time.
Cyber security is gaining huge importance and business organizations must embed the networks from the very beginning. The companies will be required to heavily focus on the investment plans. There is a young team of decision makers that believe in the complete automation of the IT industry. More than 70 percent of the people are of the belief that business security is necessary due to the increase number of internet threats. The humans are not capable alone to handle the cyber security issues (Lehto, 2013). The Cyber Risk Exposure Model is a cross-market data format that has separate IT guidelines. The model provides a framework for the collection of cyber exposures. The companies need to plan a detailed analysis of their organization and note responses demographically, industrial units, revenue plans and recovery plans.
Suitability for Industry in General
The cyber market is enhanced and broad and risk mitigation options are always available to organizations with respect to liabilities. The ability of Vodafone Company with its capability to respond and detect behavioral analysis is in context of real time response. The cyber security model extends with an enterprise capability and not only limited to the infrastructure. The privacy and security regulation has been shaping the Vodafone Company from past 20 years. The company has not only been involved with the significant investment, but control of critical data to its users. The different legal and cyber security compliance bodies have highlighted the important gap that exists between the enterprise and directed guidelines. The employees of an organization must be cyber-aware and cyber security cell must be present at different levels. However, the Vodafone Company has a long way to go with a price premium attached to its credibility. This has become a part of customer proposition and accountable for core security (Kosub, 2015).
The transference of data can enhance the vulnerabilities. The company needs to analyze the causes of data-Extortion, physical and public relations, Programming omissions and errors, Replacement of IT data and fines, the liability of website publishing and business interruption. Another Cyber Security Model is accumulated approach for cyber scenario modeling (Sari, 2018). The company needs to prepare an uncorrelated view of portfolio exposures, The organization of aggregation points, the identification of exposures that will be having an effect on an aggregation scenario and last calculating the insures losses for a specific scenario. Probabilistic cyber model is also a cyber-security model that evaluates the annual probability of breach by revenue/ industries. The company needs to list down the breach done by an industry or any records stolen and what is the estimated costs of breach done to X and Y and maintaining the written records. Some of the cyber security characteristics that must be incorporated into probabilistic model are- Antivirus effectiveness, intrusion detection, file sharing, security ratings, firewall health and email filters.
The cybercrime is still unknown in this era and request for elevated precedence over other matters of concern manifested in a corporate body. The new elucidation lies in establishing a platform that can assimilate Cyber security models with COBIT 5 and relevant frameworks. What is the new way to respond to cybercrime? The capability of a company to exceed the Enterprise resource systems and aligning with cyber security and risk models/frameworks must be in a continuum. At the same time, triggering losses must be brought under the consideration of management (Malhotra, 2017). The individuals that conceal the data or any information that is in relevance to a corporate body must be limited.
The expansion in functionality of working people is possible only with the excursion of malware present in the organization. The Determination of organization policies that can be streamlined with cyber risk is essential. The data that is exposed to cybercrime must be recorded and maintained. Evaluation of cyber scenarios that is frequent to happen. Estimation of cyber incidents that are taking place in the IT surroundings is necessary with respect to cost-benefit analysis. Standalone Cyber product offers first-party loss cover from cybercrime. The decrease of organizational exposures to cyber events can be easily achieved by standalone cyber. This includes forensic investigators, credit monitoring, public relations, breach coaches and many more (Eling and Schnell, 2016). The cyber endorsement policy is provided for the commercials that includes the liability coverage for the following products- Entertainment, educational and environmental, Industry services, health industry, human services and outdoor products, sports and public services. ate governance approach must be taken into account with major cyber processes. The deeper understanding of ERP system and its alignment with cyber security models and relevant frameworks is a concern for the majority. The companies need to plan an informed cyber risk strategy that can eliminate the business interruption. Taking an insurance coverage for a cyber-risk issues is often accompanied with corporate reputation (Camillo, 2017).
ISO31000:2018 Guidelines written
Recognition of cyber security risk with relation to the corporate body and critical business processes- The acceptance level of risk and investment made for cyber security risk must be reflected in the books of accounts. The company needs to understand the complexity of frauds that are done within an organization. Incorporation of technical security services, personnel services, physical services and IT services- The risk approach strategy must be integrated with cyber security strategy. The dynamic system of combating with the inside threats requires specific theoretical disciplines and intervention of bodies which enhance network security software configuration in a protected way (Rao et al., 2015). The formulation of an effective monitoring system for prevention and corporate threat- A comprehensive view of cyber security issues across the different corporate bodies must embrace a culture that can counter-effect the critical behavior of IT systems. At times, the company may undergo through the attack or cybercrime, which requires regulations of the different bodies to deliver the guidance and management of cyber risk.
Silent cyber is latent cybercrime comprised within the conventional property framework and liability of which, is implicitly included or excluded cyber risk. Silent cyber refer to the cyber losses that may occur in certain circumstances. The parameters of which are included in cyber cover and conventional insurance policies. Silent cyber has been also referred to as non-affirmative cyber in few cases. This is specifically relevant for the aviation industry, marine industry, real estate and transport and few liability covers. There is no prevalent cyber segregation in the real estate market. The underwriter’s experts need to analyze the future prospects of cyber load resulting through the commercial cyber-attacks, targeting the industrial bodies or smart cities (Ogut, Raghunathan and Menon, 2010).
The Vodafone company acknowledges the need for cloud computing and IT security issues. This is visible through the more than 55 percent of people who are aged above 35 have a better decision making power with regard to cyber security issues. The strategies are well-defined through the business owners and protection of organization data is on the priority list.
With context to above, a plan for cyber security model. Cyber Attack and review plan-The identification of resources within the corporate structure is necessary to eliminate the problems. The cyber response may vary from one company to another, but an emphasis must be on the formulation of a cyber-plan (Peters et al., 2017).
The cyber scenarios are inevitable for any corporate body. The cyber risks must be critically analyzed and executing risk mitigation actions. The company needs to focus on having the security budget and ensure about not suffering from business interruption or breach. The complete elimination of risk is possible only through the deeper understanding of variables. The process of cyber risk includes scenario planning for an event or a business. This can have a lot of impact over the business and can be made available in many forms. Businesses may undertake holistic view towards cyber risk and different programs (Mainelli, 2012).
References
Amin, Z. (2017). A practical road map for assessing cyber risk. Journal of Risk Research, pp.1-12.
Camillo, M. (2017). Cyber risk and the changing role of insurance. Journal of Cyber Policy, 2(1), pp.53-63.
Eling, M. (2018). Cyber Risk and Cyber Risk Insurance: Status Quo and Future Research. The Geneva Papers on Risk and Insurance – Issues and Practice, 43(2), pp.175-179.
Eling, M. and Schnell, W. (2016). What do we know about cyber risk and cyber risk insurance?. The Journal of Risk Finance, 17(5), pp.474-491.
Haugen, S. (2005). E-government, cyber-crime and cyber-terrorism: a population at risk. Electronic Government, an International Journal, 2(3), p.403.
Horowitz, B. and Lucero, D. (2016). System-Aware Cyber Security: A Systems Engineering Approach For Enhancing Cyber Security. Insight, 19(2), pp.39-42.
Kosub, T. (2015). Components and Challenges of Integrated Cyber Risk Management. SSRN Electronic Journal.
Lehto, M. (2013). The Cyberspace Threats and Cyber Security Objectives in the Cyber Security Strategies. International Journal of Cyber Warfare and Terrorism, 3(3), pp.1-18.
Mainelli, M. (2012). Learn from insurance: cyber bore. The Journal of Risk Finance, 14(1), pp.100-102.
Malhotra, Y. (2015). Toward Integrated Enterprise Risk Management, Model Risk Management & Cyber-Finance Risk Management: Bridging Networks, Systems and Controls Frameworks. SSRN Electronic Journal.
Malhotra, Y. (2015). Stress Testing for Cyber Risks: Cyber Risk Insurance Modeling beyond Value-at-Risk (VaR): Risk, Uncertainty, and, Profit for the Cyber Era. SSRN Electronic Journal.
Malhotra, Y. (2017). Advancing Cyber Risk Insurance Underwriting Model Risk Management beyond VaR to Pre-Empt and Prevent the Forthcoming Global Cyber Insurance Crisis. SSRN Electronic Journal.
Ogut, H., Raghunathan, S. and Menon, N. (2010). Cyber Security Risk Management: Public Policy Implications of Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self-Protection. Risk Analysis, 31(3), pp.497-512.
Olcott, J. and Sills, E. (2014). Cybersecurity: Energy Industry Mobilizing for Cyber Risk Control. Natural Gas & Electricity, 30(10), pp.20-24.
Paté-Cornell, M., Kuypers, M., Smith, M. and Keller, P. (2017). Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies. Risk Analysis, 38(2), pp.226-241.
Peters, G., Shevchenko, P. and Cohen, R. (2018). Understanding Cyber-Risk and Cyber-Insurance. SSRN Electronic Journal.
Peters, G., Shevchenko, P., Cohen, R. and Maurice, D. (2017). Understanding Cyber Risk and Cyber Insurance. SSRN Electronic Journal.
Rao, N., Poole, S., Ma, C., He, F., Zhuang, J. and Yau, D. (2015). Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models. Risk Analysis, 36(4), pp.694-710.
Sari, A. (2018). Countrywide virtual siege in the new era of cyberwarfare: remedies from the cyber-firewall: Seddulbahir. Journal of Cyber Security Technology, 2(1), pp.14-36.
Tsoumas, B. and Gritzalis, D. (2012). Inside Cyber Warfare: Mapping the Cyber Underworld. Computers & Security, 31(6), p.801.
Isaca.org. (2018). COBIT Case Study: Use of COBIT 5 for ISACA Strategy Implementation. [online] Available at: https://www.isaca.org/COBIT/Pages/COBIT-Case-Study-Use-of-COBIT-5-for-ISACA-Strategy-Implementation.aspx?utm_referrer= [Accessed 8 Oct. 2018].
Paroda, R. (2018). Battling the Mandate: ERP & EAM Integration Styles | Blue Mountain Quality Resources. [online] Coolblue.com. Available at: https://www.coolblue.com/blog/industry-insights/battling-the-mandate-erp-eam-integration-styles/ [Accessed 8 Oct. 2018].
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
