Research Topic & AbstractPlease turn in your group's Topic and Abstract after your topic has been approved by Dr. Smith. Once you you have turned in this, please start working on your outline.Step 1:

UNIVERSITY OF THE CUMBERLANDS

EMISS

Course: ISOL-533, Info Security and Risk Management

Professor. Douglass Smith

Prepared by:

Rohith Gadipelli

Radha Kasireddy

Gaurav Thakkar

Chetan Agarwal

1. INTRODUCTION:

1. 1. Topic Statement

Security and risk management are among the major issues facing business organizations in the modern society. Companies in the information security section are making efforts to ensure they provide efficient and effective means by which organizations will be able to secure themselves properly from the rising threats resulting from cybercrimes. Security and risk management are huge and essential aspects that each organization should concern itself with and have some familiarity about. Appropriately deploying any information about security and risk management makes it easy for an organization able to manage risks in an efficient manner. The paper is a research about security and risk management issues in organizations, focusing on three companies; Sony, Google and JP Morgan Chase.

1. 1. Purpose of Research

Currently, no day will pass without headlines about security issues in organizations. Many incidences of risks are happening, affecting business organizations and its stakeholders adversely. According to Soomro et al., companies are losing data without which they cannot operate (2016). Deformation of organizational reputation is impacting the capacity of companies to earn revenues, which is in turn paralyzing country economies (Soomro et al., 2016). In addition, courts are handling many cases involving breach of security policies. As such, security and risk management become a very important topic to address in order to get strategies that could aid curb the quantifiable impacts involved due to incidences of risk occurrences.

1. 1. Research Questions

When it comes to security and risk management, many different questions ring in managers’ minds. Many questions concerning risks in organizations need answers that can only be provided through intensive research (Kwiatkowski et al., 2019). Among these questions include; the various types of security risks, how to manage risks, how well-companies should prepare, and the costs involved. Getting answers to these questions can be effective for awakening managers back to senses, the only way that will secure organizations from impacts resulting risks and ensure continuity is provided for the business.

1. 1. Hypothesis

The hypothesis in any research paper defines what is to be confirmed after the research process. Information technology faces threats to which a confirmation of what is thought to be the cause needs to be given. Risks are incidences whose occurrence impact a business negatively (Soomro et al., 2016). Risk management refers to the act of handling situations involving incidences that have negative impacts on business (Soomro et al., 2016). The research hypothesis is that hacking is the most common cybersecurity risk against which a plan is needed to prevent its huge number of impacts on the three companies; Sony, Google, and JP Morgan Chase. All the three companies are faced with a similar type of cybercrime, and various data breaches; unauthorized access, cyber hacking and employee errors. This risk could have been prevented thorough system testing, use of strong authentication strategies, employee trainings, and having frequent system assessments (Soomro et al., 2018). Therefore, hacking is a common risk in each of the three companies due to the violation cybersecurity ethics and could only be prevented through appropriate strategies.

1. BACKGROUND INFORMATION:

   1. Pertinent Aspects

Information security, as mentioned above requires identification of potential risks and development of risk management strategies to counter the possible impacts associated. One pertinent part this research is that it gives security managers an understanding of the various security related risks in business organizations likely to impact business (Quinlan et al., 2019). Second, the research is a very important manner and certain manner, is applicable to the incidences in this era where cyber security occurrences is a daily routine (Quinlan et al., 2019). The research reveals that Google, Sony, and JP Morgan Chase are exposed to various threats in their operational environment. In addition, through research, it is revealed that the companies have varying security and risk management strategies determined by the company activities. Therefore, outcomes relate directly to the hypothesis, explaining some major threats for each company, risk management activities for each, and ethical issues involved.

1. 1. Points of Further Clarification: A Case Of Google, Sony,

and JP Morgan Chase

Cybercrime not only affects organizations but also its employees. It also impacts individual human beings who find access to social media platforms like Facebook, LinkedIn, and Twitter among others. According to the data provided by McCandles et al, sseveral security breaches have occurred since the evolution of technology, including breach of passwords, theft of user data, access for developers to user data, and many others (n.d). Such impact the security of both the organizations and their clients, leading to risks of lawsuit. Cases of security breaches result from different cybercrime activities. First-of all is hacking, through which attackers gain access to data stored in systems running on network without permission (McCandles et al., n.d). Phishing also has been a powerful technique for attackers to get confidential and personal data from system users. Other activities causing breach of security policies are denial-of-service, virus attack, and SQL Injections to name a few. Taking Google, Sony, JP Morgan Chase , the following are revealed in the various risks encountered.

First, analyzing Google in depth, a variety of security and risk management issues unfold. From McCandles et al. (n.d), Google has occasionally encountered a cybercrime risk in which the impact was huge. Google was hacked in 2018, causing data leakage that resulted to shutting down of the social network for a period of four months (Brandon & Statt, 2018). The impact was so huge that a total of 52.5 million users had their privacy breached. The vulnerability exposed the users private data to other social applications. User email accounts were also hacked in 2014. This was devastating as its exposed users to various other cybersecurity risks like identity theft and cyber stalking.

JP Morgan Chase is another organization to consider in this research. The company has also once been a big victim of cybersecurity risks. JP Morgan Chase also had a security and risk management issue, hacking, which affected a total of 76 million people (Silver-Greeberg et al., 2014). This compromised users’ accounts; both individuals and businesses. According to the bank, this was the largest kind of intrusion that affected the bank (Silver-Greeberg et al., 2014). In the report, malware programs or SQL injection were the most likely means by which the attack was accomplished. The attack lead to access to customer data and accounts which interfered with at least a million of accounts.

Similarly, Sony PSN was hacked in 2011. A total of 77 million users’ accounts were lost due to the crime. However, this was not the first time the breach occurred but the third time (McCandles et al., n.d). Hacking interfered with the organizations data, denied customers access to their accounts, and in general, this can be said to have been a huge impact. As such, hacking can be said to be the most vulnerable cyber-attack that organizations are exposed to.

1. 1. 1. Security and Risk Management Issues Present

Some issues to do with security and risk management can be revealed in the information above. One of the issues present in the cases above is the most common type of cyber-attack. Hacking is presented as the most vulnerable attack that organizations are prone to. However, in some cases like Google and Sony PSN, hacking is something that could be happening without the organization’s knowledge (Kuner et al., 2017). Another present issue is the impact of cyber risks on business organizations. Cyber-attack has a huge impact on organizations and customers. First is the loss of data. Hacking can delete or modify data such that organizational processes cannot take place (Kuner et al., 2017). The loss of Sony PSN’s user accounts was a major impact on both the company and its customers who could not access their accounts. An impact of this could be loss of customers. In addition, a company could face lawsuits due to breaching its customers’ security, costing it a lot of finance (Fischer, 2017). Loss of customers limits the amount of revenue earned by an organization.

1. 1. 1. Security and Risk Management Activities

Risk management strategies in the event of risk occurrence is addressed. The various activities and steps that could be taken to prevent further damage and impact are explained. Every company requires a risk management plan or a contingency plan that would enable it resume activities in the event of any risk occurring (Fischer, 2017). Such include system shutdown and system testing. An important activity would be communication to stakeholders. Google, on realizing that its user data was being accessed, decided to shut down the network for some time. This gave time for testing in order to establish any loopholes that could have caused the potential of hacking (Brandon & Statt, 2018). In addition, communication should be done to inform stakeholders about the situation and the reason for shutdown. With such in place, then it can be easy to prevent further impacts while at the same time getting an opportunity to investigate and solve the problem.

1. 1. 1. Security and Risk Management Ethical Issues

The foundation of any secure company systems are all practices and the principles considered moral as well as the employee professional standards with an organization. The ethical issues present in the above cases are unauthorized access to private data, decision making, cyber hacking, and employee negligence. Employees, in the case of Google were negligent during their development of the system about the privacy of customers and allowed themselves an access to the client information. Decisions in data handling, therefore, need to be made ethically by employees before engaging in any matter that could interfere with security. While people are an essential part of any form of decision making, they are also the largest problem (Niatec, n.d). While developers could decide to have access to user data, the decision is unethical and unacceptable. Second, the unauthorized access to client data by the attackers was unethical and interfered with client privacy and confidentiality. Computers should only be used for the correct purposes and in the correct way (Niatec, n.d). Hacking in each of the companies was unethical. Any form of fraud such as theft, system access without permission and identity theft is considered to be a fraud and misuse. This is against the information technology ethics.

1. 1. Comparison and Contrast: Security and Risk Management Activities Recommended in the Companies

In both the situations in the case above, some activities were undertaken after risk occurrence. After a realization was made by Google that user information was being hacked, the company decided to engage in some activities.

1. 1. 1. Similarities

In both the situations, an analysis is done. Analysis is important for getting the size of impact resulting from the risk. Through risk analysis, the length of exposure is determined too, a good way of being precise. Apart from risk analysis, communication is taken as one of the activities in the event of a risk. Essential information is put across for stakeholders, giving a clear picture of the risk, impact, and the immediate steps that the company intends to take. Lastly, in both, an initiative to recover the system is made to bring about the initial state of activities. Testing is a major example.

1. 1. 1. Differences

As much as initiatives are taken to manage the hacking risk in both the cases, a slight difference exists in the initiative types. Of all the three companies, just one company is concerned with restoring its lost image. Only Sony made an effort to its affected customers with a package of free services and a premium rated content like free games, free movie rentals and many more virtual goods (Kessler, 2011). Therefore, to restore operations to normal, customers need to be given priority.

1. EVALUATION:
   1. Evaluation of Hypothesis

The above hypothesis can be confirmed to be true. This is because all it claims is what manifests in each of the company security scenarios discussed above. Each company was hacked, after which initiatives were taken to counter further impacts of the risk. The research information, therefore, concurs with the hypothesis, confirming the reason why cyber-security is the most dangerous risk affecting business organizations.

1. 1. Evaluation of Research

An evaluation of the research provides some insights too. First, the most beneficial thing with the research was that there exist many sources about the research topic. This made it easy to obtain the essential information. Second, one weakness was that some sources were not reliable. They were either too old or not scholarly, disqualifying some data thought to be valuable at first. Enough information during research was obtained from journals, news companies, statistical websites, company websites, and books. To obtain quality and accurate information, I relied on more sources. The more the sources, the more the information. The data I reviewed was of high quality from trusted sources and current. In the research, it was found that; first, hacking is the most common cybercrime organizations face. Second, planning is appropriate for actions to take in the event of risk occurrence. Third, cybersecurity is also governed by ethical standards. Lastly, cybercrimes come with different impacts.

1. 1. Lessons Learned

Security and risk management is a very important way of reducing risk impacts in an organization. There needs to be well-planned actions for responding to any kind of risk. One of the lessons learnt is that the hacking incidence in each of the companies would have been prevented by performing frequent system checks, employing security measures like strong password controls, and security detection systems for easy detection of any intrusion (Kuner et al., 2017). Maintenance of system logs by each company would have been an efficient way to identify anomalies in system activities, raising an alarm before the worst happened (Kuner et al., 2017). Lastly, it would have been secure if employees were trained about security in order to help monitor and prevent system hacking.

1. CONCLUSION:

To conclude, security and risk management is a topic that should be embraced by any organization that seeks success and continuity in its operations. To mitigate cybercrime risks, various cybercrime needs to be known. Impacts can be eliminated with clear risk business recovery steps.

Brandon, R. & Statt, N. (2018). Google will shut down Google+ four months after second data leakage.

Retrieved from https://www.theverge.com/2018/12/10/18134541/google-plus-privacy-api-data-leak-developers/

Fischer, E. A. (2017). The Impact of Cybersecurity. Cyberwarfare, 10.

Kessler, S. (2011). Sony promises all PlayStation services will return next week.

Retrieved from https://mashable.com/2011/05/31/sony-playstation-services-return/

Kuner, C., Svantesson, D. J. B., H Cate, F., Lynskey, O., & Millard, C. (2017). The rise of cybersecurity and its impact on data protection. International Data Privacy Law, 7(2), 73-75.

Kwiatkowski, T., Palomaki, J., Rhinehart, O., Collins, M., Parikh, A., Alberti, C., ... & Lee, K. (2019). Natural questions: a benchmark for question answering research.

McCandles, D., Evans, T., Barton, P., Tomasevic, S. & Geere, D. (n.d). World’s biggest data breaches and hacks.

Retrieved from https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Niatec (n.d). Ethical issues.

Retrieved from https://www.niatec.iri.isu.edu/ViewPage.aspx?id=153&rebuild=true/

Quinlan, C., Babin, B., Carr, J., & Griffin, M. (2019). Business research methods.

South Western Cengage.

Silver-Greeberg, J., Goldstein, M. & Perlroth, N. (2014). JP Morgan Chase hacking affects 76 million households.

Retrieved from https://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_php=true&_type=blogs&_r=0/

Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.