The Future of Cybersecurity on Corporate Networks, Research Paper Example
Words: 2820Research Paper
The present research has been dedicated to the analysis of the modern cyber-security measures taken in business and governmental organizations for the sake of securing data integrity, security, and confidentiality. The focus of the present study was also made on the measures that organizations have to take for preventing cyber-crime, information leakage, and other IT-related threats. For the purpose of achieving the aim of the study, the research emphasized the need to identify the ways in which cyber-security is now maintained in various types of organizations, and the policies and procedures that need to be enacted for the sake of making cyber-security tools more effective.
The key problem researched within the framework of the present study is the cyber-crime and hacking threat that has become more feasible nowadays than ever. The example of Wiki Leaks, a large-scale leakage of confidential documents and materials that put thousands of lives into threat, shows how easy it has become to hack the protected computers, and to steal confidential, valuable information. It is also obvious that in the modern age called the information age, information has become the most valuable asset that can be sold, bought, and used for intimidation and blackmailing; hence, the protection of confidentiality, especially under the conditions of transferring the majority of operations online, has become the key priority of the IT field nowadays.
The profession of a Security Manager is a logical response to the information security threat that the majority of organizations, both of commercial and governmental origin, experience in the modern period. Among the most popular services that a Security Manager can provide, one can find management, operational, and technical services directed at the intensification of information security measures. Therefore, the task of the Security Manager is to identify the ways in which cyber-security should be maintained, to develop policies and procedures for sustaining cyber-security at a higher level, and to have specific skills and training for combating cyber-crime.
Cyber-security threats are evolving over time, getting more and more sophisticated, and posing additional dangers to the online operations of organizations. For instance, the use of rogue wireless area networks allows the cyber-criminals to introduce an additional router to the organizational network, and to gain the access to the wider network, which implies unlimited access to the organizational informational assets. Since it is a hardware intrusion by its nature, the software applications programmed to detect intrusions of such kind should notify the Security Management team about the interference attempt. As for the spoofing international communications, they represent a direct outside attack and intervention from external computers aimed at gaining access to the organizational computer system. Another threat to be considered is the direct theft of network resources; it occurs when the bandwidth of the network traffic is stolen for surfing the Internet, usually for illegal activities.
The solution to the majority of problems is offered by the LAN segmentation – it helps improve security by improving the network efficiency, and offering operational advantages for organizational functioning. Some earlier methods used for avoiding eavesdropping and packet snitching were WEP and WPA; WPA is a more modern and more effective way of protecting the organizational network assets, since it uses more complicated codes that are harder for hackers to decipher, though it is not ideal as well, and innovative preventive measures seem necessary.
- What is the future of cyber-security on corporate and government networks?
- How is the current state of Cyber-Security maintained on business systems in order to provide a high level of sustained risk mitigation?
- What policies and procedures need to be put in place to eliminate the threat of espionage against business system computers and networks?
- What are the specific skills and educational training required for the modern Security Manager in order to combat Cyber crime?
- What are the risks and implications to business of having a relaxed computer security policy?
Review of Methodology
The methodology for the present work was chosen in accordance with the specific research questions targeted in this research. Hence, the research methodology for the first research question is to focus on the definitions of the key concepts (cyber-security, government networks) and their relationships. The focus is made on explicating the key issues regarding these IT-specific terms and concepts, since the research has to be easily readable for both professionals and laypeople. As for the second research question, the methodology presupposes focusing on the relationship between computer networks and espionage. Cyber-terrorism, hacking, spyware, and other forms of digital threats are examined qualitatively by means of document/artifact analysis.
The third research question is researched with the help of applying the procedures and methodologies essential for securing government and corporate networks; the methodology of this section is related to the provision of recommendations on making secure networks, and focuses on the issues of computer forensics, virtual ID, digital signature, and other related concepts applied for researching and applying cyber-security principles. The final research question will be approached from the perspective of identifying the lack of cyber-security policies in the national cyber-security programs and measures. The overall methodology comprises the methods of document/artifact analysis, case study analysis, and comprehensive data and literature reviews.
Summary of Results
The summary of results for the present work is based on the integrative analysis of the results obtained after conducting a comprehensive literature review on the subject, as well as researching each separate research question. As it follows from the research methodology, the specific approach for analyzing every research sub-question has been taken, so the results for them should be presented accordingly, in categories. The results of this study mainly pertain to the overview of the role cyber-security and Security Managers now play in the organizations of commercial and organizational types, and the ways in which the organizational networks can be protected by means of thoughtful and reasonable application of cyber-security principles and measures. The focus on the cyber-threats such as cyber-terrorism, hacking, computer forensics, and other security-related issues are also subject to the analysis in the corresponding sections.
Summary of the Results for Sub-Question One
- How is the current state of cyber security maintained on business systems in order to provide a high level of sustained risk mitigation?
The results on question one show that despite the fact that the organizational systems and networks are the most vulnerable aspects of organizational functioning and information exchange, there is still a lack of understanding of the key importance they have for the successful operation. Hence, according to Shackelfold (2010), the organizational cyber-security measures are at the germinal stage of development, and represent the least researched and developed elements of the organizational activity. The present observation of the researcher is highly discouraging, especially taking into account the specificity of cyber-risks associated with every particular type of a computer network. Thus, according to the advice of the US Department of Homeland Security (2009), the organizations should at first assess the exact risks connected with the specificity of their functioning, then quantify and qualify those risks, and employ the key organizational resources for the sake of mitigating the potential risks their organization may encounter. The vital aspect of cyber-security also involves being careful regarding compliance with the security standards established by corresponding authorities for the sake of ensuring the feasible, real-life security of online operations and information storage.
Summary of the Results for Sub-Question Two
- What policies and procedures need to be put in place to eliminate the threat of espionage against business system computers and networks?
The research on question two detected the risk mitigation measure as the key approach to ensuring cyber-security in commercial and governmental organizations (Feigelson & Calman, 2010). Risk mitigation is an essential measure used by the majority of organizations for the sake of eliminating the threat of digital espionage. According to the information provided by Nalla and Morash (2002), there is a need to establish multi-dimensional and multi-layered systems – this way, the level of security increases accordingly. The support for the use of layered security systems was also provided by the report of the US Department of Homeland Security (2009), since its experts noted it as the most effective way of eliminating computer threats. The reason for such high effectiveness of layered systems can be found in its inclusion of single, multi-homed, dual, and cascading firewalls, various types of switches, routes, and routing tables, which makes it a flexible and highly sensitive system of combating cyber-attacks.
Summary of the Results for Sub-Question Three
- W hat are the specific skills and educational training required for the modern Security Manager in order to combat Cyber crime?
The present section of research revealed that a Security Manager had to acquire specific types of professional training in order to further execute the role of the cyber-security controller in the organization. The US Department of Defense (2010) underlined the need for specialized training as the key focus for any contender for the position of a Security Manager in any organization. The Digital Bond (2007) sources emphasized the need to acquire training in the cyber-security training programs, and the security awareness aspects that distinguish the cyber-security responsibilities.
It is obvious that the comparative cost of obtaining proper training and liquidating the damage from an effective cyber-attack is non-comparable; however, the challenge identified in the process of research is the lack of organizational leaders’ willingness to forgo the financial expenditures for the sake of ensuring enhanced cyber-security, Hence, O-Regan (2001) underlined the need to accept the cost of training Security Managers with the purpose of avoiding the threats of cyber-attacks. The guidance for all Security Managers was discussed by Nash (2005); the National Institute of Standards and Technology issued a guide for all Security Managers dealing with cyber-security. Among core guidelines underlined in the guide, Security Managers have to oversee the protection of intellectual property, compliance with the ethical rules and principles, etc. (Cadwell, 2005).
Summary of the Results for Sub-Question Four
- What are the risks and implications to businesses of having a relaxed computer security policy?
It is obvious that the companies lacking a proper system of cyber-security protection become the most likely victims of cyber-criminals. The breaches of cyber-security include the security breach, the information and identity thefts, and financial theft in case the companies breached by hackers work with financial information of their customers, or have their own online accounts (Digital Bond, 2007). There are also cases of active content insertion into organizational networks, including applications related to VBScript, Active-X etc. – these actions may destroy some programs or software of the networks, crippling their operation and blocking access to certain information, allowing access for hackers instead. At the same time, the practice of reverse engineering of control system protocols is also quite widespread, which allows the hackers take over a certain segment of operations into their control, which is especially dangerous for various confidential governmental organizations, banks, shops, etc. (Nash, 2005).
It is essential to note that the present research proved the role of cyber-security systems’ vulnerability in the hackers’ receipt of access to the privileged information traditionally held confidential from the unauthorized users (Denning & Denning, 2010). Therefore, the information storage with explicit vulnerabilities in protection is an unsure way of securing the clients’, partners’, employees’, as well as the organizations’ informational and financial assets. It is also notable that the additional danger of the hacking activity and cyber-crimes comes from the increased use of wireless communications networks. The wireless communication type is even less protected than the wired connection is; hence, criminals may obtain easier and quicker access to materials sent by means of using the wireless technology, which requires additional protection from cyber-threats (Nalla, 2005).
Relationship of Research to the Field
The present research is highly valuable for the field of cyber-security provision, since it focuses on the delineation of the key concepts and their relationships within the discussed field. The focus of this paper was to research the current status of cyber-security measures and applications, and the scope of recommendations for the further strengthening of the cyber-security mechanisms and responses by governmental and business organizations for the sake of achieving higher standards of information security and organizational protection of digital assets. The present field is of exceptional strategic significance nowadays, since the general public, as well as specialized organizations, transfer the majority of their operations online. It is notable that e-commerce, shopping, communication, business information exchange, and financial operations (online banking, digital money, digital payments, etc.) are now conducted online, which makes it easier for hackers and cyber-criminals to steal the identity and financial information of Internet users. The availability of online operations increases, which in its turn increases the attractiveness of online operations; however, the level of security provided for individuals and organizations is unfortunately incompliant with the level of online opportunities’ supply. Hence, there is an urgent need to use improved preventive measures to secure the provision, transfer, receipt, and storage of any information in the digital form to ensure the safe and effective use of networks and Internet resources.
Hence, the present study can contribute to the field of information security, and understanding of the role of a Security Manager in the field of providing services vital for the execution of cyber-security measures. As the research findings imply, the Security Manager should be able to deal with Information Technology, communications, and the international cyber-terrorism. Internet crimes have become an extremely popular and lucrative field of activity; moreover, there are cyber-terrorism attacks aimed at disrupting communications, disabling the networks, destroying the information, and stealing huge financial resources. Therefore, research on cyber-crime essence, and the ways in which cyber-security can evolve to keep up with the cyber-crimes’ becoming more sophisticated is essential in understanding the effective response mechanisms likely to aid in the struggle against cyber-criminals and cyber-terrorism.
Discussion of Results
The present research aimed at identifying the role of cyber-security in the modern organizations, as well as the paths for its strengthening and improvement in the near future. The research findings suggest that in the context of the intensifying cyber-terrorism and cyber-crimes, the need to establish strong and workable cyber-security systems in all types of organizations grows very quickly. Therefore, there is an urgent need to understand all aspects of cyber-security, to increase the organizational awareness about the need to implement cyber-security policies, and to employ professional cyber-security professionals – Security Managers – to tackle the issues of reduced security of online operations.
The present research investigated the attention paid to cyber-security by modern organizations, and the findings suggest that there is still a pronounced lack of focus on the cyber-security issues, mainly because of the high costs for training a seasoned Security Manager able to provide the company with multi-layered and multi-dimensional support systems. However, the key to understanding the cyber-threats is to recognize the possibility of being affected by it in the near future – the majority of organizations seem to neglect the need for improved cyber-protection because of their hope to be unaffected by the increasing number of online intrusions and attacks.
The organizations storing important confidential information and conducting their financial operations online have to understand that the easiest way to conduct cyber-security activities is the risk mitigation policy. To arrange the cyber-security measures properly, organizations need to assess the particular type of risks their type of activities presupposes, to quantify and qualify those risks, to employ the key resources that can mitigate that particular type of risks, and ensure adherence to security standards provided by the National Institute of Standards and Technologies providing guidance for cyber-security professionals. To enhance security, the Security Managers should be well-trained, and should use multi-dimensional and multi-layer systems of protection from various types of breaches.
Both commercial and governmental organizations should understand that security breaches involve a wide array of implications, both for the information and financial losses. The confidential information stored for privileged authorized users can be misused by the hackers and cyber-criminals, and substantial funds can be stolen from the accounts of customers in cases of attacks at financial institutions. Security breaches are diverse in nature, so the task of Security Managers is to protect the organization from the attacks that insert malware into the organizational networks, and from the active content that allows hackers to grasp the power of navigating certain aspects of the organization’s activities. The more vulnerabilities the organizational network has, the quicker and easier access criminals may obtain to it. Hence the role of cyber-security grows, and becomes the issue of strategic importance in the technological age of digital information exchange.
Cyber-security is becoming a feasible and serious threat for all types of organizations nowadays, at the time of cyber-crime and cyber-terrorism intensification. Cyber-security professionals should be well-trained, and should possess the skills of arranging the security for financial and persona information held by organizations. Unfortunately, there is a lack of cyber-security initiatives nowadays, mainly because of their high costs. However, the need to protect the digital information is well-understood by all stakeholders, and much more intense attention to cyber-security establishment is advised in the near future for ensuring the confidentiality of data, and the security of financial resources.
Time is precious
don’t waste it!