Challenges In Cyber Security For Business Managing Security

Question: Discuss about theChallenges In Cyber Security For Businessfor Managing Security. Answer: Establishes Research Territory The territory that has been chosen for the research is Australia. This is mainly because the digital age has been recognized as central to the Australias national security and economic prosperity. Starting from terrorism to the organized crime to espionage, the malicious cyber activity has been observed to be a growing and ever changing threat to national security in Australia (Mailguard, 2017). Moreover, with the passage of time the organizations in Australia experiencing cyber crime are continuously rising. This is evident from the report published by PWC that puts forward the fact that the total number of cyber security incidents has risen to 42.8 million in the year 2014 i.e. there has been increase by 48% since the year 2013 (PwC, 2015). Moreover, it has also been estimated by PWC that there are around 71% of incidents of cyber crime in Australia that goes undetected where large organizations have been observed to be reporting for increased detection of cyber crime incidents. As per the report published by PWC in the year 2015, it can be said that the number of detected cyber security incidents that have taken place in Australia has been the highest in comparison to the cyber security incidents across the globe in the last 12 months (PwC, 2015). Where there has been an increase of 38.5% increase in the cyber incidents globally, there has been an increase of 109% in the cyber crimeincidents in Australia.So, these figures motivated the researcher in conduct the research in context to challenges in cyber security for businesses in Australia. Establishes Significance of Territory Cyber crime in the recent times has emerged as a major issue for the business organizations in Australia. Moreover, even though the total cost of the cyber crime incidents on the business organizations in Australia is difficult to estimate, the annual cost average across the benchmark organizations was observed to be roughly around $A4.9 billion every year (ABC News, 2015). Business disruption is considered as the most expensive consequence of the cyber crime incidents and it is also followed by the loss of information and loss of revenue. Thus, the rise in the cyber crimeincidents across Australian business organizations has emerged as a major area of concern for both the private sector organizations and Australian government. Moreover, it has been observed that the Australian industry is being persistently targeted by a wide range of malicious cyber activities that risks not only the profitability of the business organizations but also risks their reputation and competitiveness. The spectrum of the malicious cyber activities tend to range from online vandalism and cybercrime to the theft of commercially sensitive intellectual property and negotiation strategies (ASCC, 2016). Thus, it can be said that with increasing and continuing theft of the intellectual property from the business organizations in Australia tends to pose challenges to the future competitiveness of the economy of Australia. So, in particular it can be said that the cyber espionage tends to impede the competitive advantage of Australia in profitable and exclusive areas of the research and development that includes the intellectual property that is generated within the Australian universities, private and public research firms and the gove rnment sectors that proves to be beneficial and advantageous for the foreign competitors (AIIA, 2015). On the other hand it has also been observed that the ability and the willingness on the part of the private sector organizations in Australia for recognizing the extent of the threat of the cyber crimeand thereby implementing the strategies to mitigate the risks tend to vary across and within the sectors(defence, 2015). Thus, taking into consideration the above aspects in context to the increasing cyber crime incidents, selection of Australia for the research would provide scope to the researcher to collect the facts and issues that are faced by the business organizations in Australia due to these cyber crime incidents. Establishes Research Niche In context to the research conducted on the Australian territory regarding the cyber incidents, the research has been narrowed down to Australian Universities. This is because; Australian Universities tend to rely heavilyupon Information systemsfor theiroperations and business that includeteaching, their administration, research and learning (the Guardian, 2015). The Universities are characterized with a combination of financial and personal details together with confidential data like the medical records of the students and commercially desirable research that makes these universities obvious targets for the cyber attacks(Hemphillet al.,2012). The virtual assailants tend to range from information thieves to identity thieves to the disgruntled students and theuniversity IT system is once hacked; it can lead to vulnerability of financial losses.It may damage reputationof the universities. Moreover,it has been observed that even though the vice chancellors of the universities are very much aware of the value of the intellectual property they hold, they do not take the issue of cyber security seriously always and this is the major concern where the incidents of cyber crimehas been increasing at a rapid pace. The relevance of the research can be considered to be of significant value to the university sector since fewer researches have been conducted in this area about how the cyber crime incidents tend to make a significant impact on the business operations of the universities. Much of the studies conducted in context to the challenges of cyber security have been conducted in context to the business organizations that include sectors like energy sector, defence sector and others and the university sector has remained an untouched area of research. So, the attempt towards conducting the research in context to the challenges in cyber security in the university sector would prove to be beneficial in gaining an enhanced understanding of the knowledge on security managementsystems in Australian Universities. This would also prove to be beneficial in moving aheadtowardsplacing security at a level where the Australian Universities would be analysed and made aware of the security as an increasing ly prominent theme in their business. The research studies focusing mainly upon the information security management in Australian universities have been observed to have gained little academic focus despite the increasing reliance of the sector on information and effectiveness of the information protection through the security practices. So, this motivated the researcher to undertake the study. Motivates Next Part of Literature Review The studies conducted by May Lane, (2006) put forward the fact that the increasing importance of information in the modern societies aim at defining the feature of the present day world. Thus, on the basis of the prominence of information in the present day society, it can be said individuals live in a new information society i.e. a society where information tends to dominate the needs of the social organizations. Moreover,it has been proposed by Whitman Mattord, (2011) that social order in the contemporary society is dependent upon the accurate and predictable information structures and boundaries in cyber space demandan integral relationship between the structure of the organization and their information foundations. Thus, it is observed that there exist a connection between the increased reliance on the electronic systems and the associated information and so this necessitates enhanced information security management for the protection of the information systems against increasin g threats and risks in form of cyber crime. On the basis of the above aspects, it can be said that universities at present are highly dependent upon the information for providing support to its core activities and business operations. It can be said that there is dependency of the activities which are associated with using, creating and sharing information for the basic core activities of the universities that include teaching, learning and research functions.Thus, it becomes important for the universities to secure their information and in this context; the universities like the other organizations have adopted information systems and technologies to sustain their competitiveness within the industry. It has been pointed out by Dhillon Torkzadeh, (2006) that effective operational control and strategic direction in the present day business environment are directly linked to the effective management of the information of high quality. So, the Universities like the other business organizations in the information age have observe d the importance of acknowledging the information security for protecting their business as well as their research information. This acknowledgement on the part of the Universities can be considered to be underpinned by the recognition of the strategic information resource and as a valuable asset. So, since the information is treated as a valuable asset, it requires appropriate protection and this can be achieved by adopting appropriate and effective information security control mechanisms for ensuring the availability, confidentiality and integrity of information. Again, even though the concept of adopting and appropriate and effective information security control mechanism is easy to state, the practical implementation ofthe activities that are associated with the security of the information processes in the Universities is not easy and straightforward(Wood, 2006). So, with increased awareness among the management about the necessity of information security, it can be said that it is important for the universities to appoint Information Security Officers, Coordinators or Program Managers. Moreover,it has been observed that even though there has been high recognition for the need for information security, the funding level is not proportionate to meet the acknowledged need for security. So responsibility of information security should be the responsibility of the entire organization as a whole that leads to the emergence of number of difficulties. The difficulties include lack of commitment on the part of the senior management, lack of authori tative source of guidance and understanding problems and thus lack of knowing exactly the extent of security that is required (Luker And Petersen, 2008). Again, it might also happen that the risk analysis might not be sufficient enough for uncovering all the required necessary information and demonstrating the security compliance with the external as well as internal auditors can also prove to be difficult without any adequate and proper representation of the information security. Thus, emphasizing upon the challenges faced by the universities, it can be said that the challenges tend to extend well beyond the technical diversity. The need for high effective information security tend to coexist as well as the balance with the more traditional university cultural values that include the academic freedom and efficient work practice merge with the modern goals of the Universities. Kotulic and Clark, (2006) has observed to have been advocating these type of challenges by identifying the need to not only attend to the complexities of the different components of the IT systems but also successfully integrating the components within the strategies of the business organizations. The essential goals of the information security therefore extend towards enabling the functions of business in the Universities. If the universities are characterized with effective information security systems than it proves to be beneficial in ensuring proper high quality information infrastructure service and technologies that not only supports but also complements the organizational goals.The increase in the demand of information security demands from its practitioners to integrate enhanced understanding the issues ofbusiness, make an effective use of the interpersonal skills and adapt a solid understanding of the role of the information technology in the process of enhancing the information security as stated by Lane and May, (2006). Effective management of information security demands the universities to adopt an approach that is mostly best suited to the organization and also it demands enhanced understanding of security of information fits on the basis of the culture and the structure of the organization. So, this is the aspect that differentiates the need for information security among the business or ganizations and among the universities. As per the studies conducted by May, (2007), it can be said that information security has been progressively viewed upon as an important business functions that requires effective management from the perspective of the business. Moreover, technology in itself is a major control that is applied by the business organizations for mitigating the security risks posed towards the valuable information and so the most important aspect that can lead to business success is the effective management of the security and incorporating the process as a business function. Lane And May, (2006) in this context proposed the fact that the application of technology is considered to be most effective when it is applied in perfect alignment with the business goals and so it can be said that for effective security, there needs to be effective management. Thus, it can be said that the need for effective information security management is based upon an effective combination of factors like the fact that there has been an increased dependency of the universities upon the electronic information and increasing events and incidents that pose threat and risk to the information that is considered as a value asset at present among the business organizations and especially the universities. Moreover, the need is also stimulated by the need to mitigate the risks posed towards information security. Further Justifies the Need to Investigate the Impact of Social Influence on Memory As per the studies conducted by Abraham Chengalur-Smith, (2010), it has been observed that cyber criminals strive towards taking full advantage of the secrecy, anonymity and interconnectedness that is facilitated by the internet and attacking the foundations of the modern information society. Cyber crimes involve cyber bullying, computer viruses, botnets, cyber stalking, cyber terrorism, denial of service attacks, hacktivism, malware, identity theft and spam. The increased incidents of cyber crime have kept the law enforcement officials struggling to maintain pace with the cyber criminals who cost billions annual to the global economy. Various attempts have been made by the police for making an effective use of the same tools that are used by the cyber criminals to perpetrate the crimes for preventing the crimes and bringing the guilty parties to the justice. Moreover, the dichotomy of the social reliance on information is very much evident from the fact that there are some components of the society that inadvertently fail in stabilising of deliberately increase the efforts of destabilising the information on which the society is dependentWall, (2007). These incidents can occur through malicious actions that are taken by the hackers and cyber criminals and system user errors. So, these results in the compromise of the factors likeavailability, confidentiality and integrity of the information. So, it can be said that the in order to maintain continuity in the present day organizations, it is important on the part of the business organizations to preserve the information that is treated as a valuable asset and this can be achieved through adopting the process of implementing effective information security management systems. References ABC News. (2015).Cyber attacks on Australian businesses rose 20pc last year. [online] Available at: https://www.abc.net.au/news/2015-04-23/cyber-attacks-on-australian-businesses-rise-20-per-cent/6415026 [Accessed 26 Apr. 2017]. Abraham, S., Chengalur-Smith, I. (2010). An overview of social engineering malware: Trends, tactics, and implications.Technology in Society,32(3), 183-196. AIIA. (2015).Review of Australian Government Cyber Security Strategy: AIIA Response. [online] Available at: https://www.aiia.com.au/documents/policy-submissions/policies-and-submissions/2015/150417_AA_Cyber_Security_Submission_Final.pdf [Accessed 26 Apr. 2017]. ASCC.(2016).Australian Cyber Security Centre. [online] Available at: https://www.acsc.gov.au/publications/ACSC_Threat_Report_2016.pdf [Accessed 26 Apr. 2017]. defence. (2015).Cyber Security: Time for an integrated whole-of-nation approach in Australia. [online] Available at: https://www.defence.gov.au/ADC/Publications/IndoPac/150327%20Brookes%20IPS%20paper%20-%20cyber%20(PDF%20final).pdf [Accessed 26 Apr. 2017]. Dhillon, G., Torkzadeh, G. (2006).Value?focused assessment of information system security in organizations.Information Systems Journal,16(3), 293-314. Hemphill, S. A., Kotevski, A., Tollit, M., Smith, R., Herrenkohl, T. I., Toumbourou, J. W., Catalano, R. F. (2012).Longitudinal predictors of cyber and traditional bullying perpetration in Australian secondary school students.Journal of Adolescent Health,51(1), 59-65. Kotulic, A. and Clark, J., (2006), Why There Arent More Information Security Research Studies, Information and Management, No. 41, pp. 597-607 Lane T. And May L., (2006) Information Security Management in Australian Universities, 5th Asia Pacific Industrial Engineering and Management Systems Conference (APIEMS 2004), pp. 36.7.1-36.7.17 Luker, M. And Petersen, R., (2008), Computer Network Security in Higher Education, San Francisco, Jossey-Bass. Mailguard. (2017).Study: Only 1% of Aus companies very confident about cyber resilience. [online] Available at: https://www.mailguard.com.au/blog/study-only-1-of-aus-companies-very-confident [Accessed 26 Apr. 2017]. May, C., (2007), Dynamic Corporate Culture Lies at the Heart of Effective Security Strategy, Computer Fraud and Security, Issues 5, pp. 10-13 May, L., Lane, T. (2006).A model for improving e-security in Australian universities.JTAER,1(2), 90-96. ponemon. (2012).The Impact of Cybercrime on Business. [online] Available at: https://www.ponemon.org/local/upload/file/Impact_of_Cybercrime_on_Business_FINAL.pdf [Accessed 26 Apr. 2017]. PwC. (2015).Australia Tops Asian Region for Cyber Security Risks: Report. [online] Available at: https://www.pwc.com.au/press-room/2015/cyber-security-risks-oct15.html [Accessed 26 Apr. 2017]. the Guardian. (2015).Universities need to plug into threat of cyber-attacks. [online] Available at: https://www.theguardian.com/education/2015/mar/31/universities-cyber-attacks-research-criminals [Accessed 26 Apr. 2017]. Wall, D. (2007).Cybercrime: The transformation of crime in the information age(Vol. 4). Polity. Whitman, M. E., Mattord, H. J. (2011).Principles of information security.Cengage Learning. Wood, C. (2006) An Unappreciated Reason Why Information Security Policies Fail.Computer Fraud and Security.Vol: 200, Issue: 10, pp. 13-14.