The request is for two 600 word essay's. For the first essay I have uploaded the paper, biolography, and proposal to assist in this.The first is answering two questions which are:Part I Identify and d

Below is the paper, proposal, and bibliography pertaining to this project.

The paper is based on this questions: With technology ever advancing and criminals rising to meet the changes can cyber security keep up?

Abstract

Hackers have grown bolder in the last few years and companies are striving diligently to countermeasure them through their cyber security systems. The problem is that some of the companies who have created such programs have yet to resolve create updates to their programs to combat such. As well as some companies don’t provide the necessary support to provide sufficiently in combating cyber-attacks. This paper discusses strategies that companies can take to minimizing such attacks and protecting their data and clients.

Combating Cyber Insecurity

Introduction

Terrorists are taking a new trend on how they conduct their activities. The traditional methods of attack and theft are no longer used, instead they have started using the internet. While the internet can be used for benefiting people and companies, it can also be used to harm them. In fact, there are a hundred and one risks associated with cyber and internet use. It should be noted that computer specialists have done a good job in laying strategies that can curb cyber insecurity, but this does not mean that cyber terrorists are resting. The cyber criminals too are improvising and being more creative in order to get adjusted to the system.

This brings a balance between the two forces and a need for specialists to work an extra mile in order to ensure that they are able to combat cyber insecurity (Pitts, 2017). If they do not do this, there is a possibility that cybercrime rates will continue to rise. This leads to an intriguing question: Where will they attack next? This is the sort of question that evokes feelings of fear, which also leads to the computer specialists to take strict measure in trying to curb and combat cyber insecurity.

Risks associated with cyber insecurity

There are many problems and risks that are associated with cyber insecurity. First, the rate of theft is increasing and companies, as well as organizations, are losing so much financially. The theft comes in the form of hacking and fraud. There has been a rise in companies that get hacked in recent times. For instance, in 2012, six point five million LinkedIn accounts were hacked. By the year 2016, one hundred and seventeen million accounts had been hacked and their passwords, as well as their names, had been sold. In December 2013, Target’s one hundred and ten million customer accounts were hacked, personal financial information was exposed, and this led to the resignation of CEO Gregg Steinhafel because he was part of the team that shammed the company.

In 2014, JPMorgan Chase's servers were hacked and data was stolen from them. It is estimated that millions of bank accounts were opened to steal money amounting to one hundred million dollars. Home Depot was hijacked in the same year and on hundred and seventy-nine million dollars’ worth of money was stolen. Sony was also hacked in the same year with hackers who were believed to be associated worth North Korea through the servers of Sony Pictures Entertainment. Hilton Hotels was hacked in 2015 together with Law Firms in 2016 by hackers who are believed to be of Chinese descent who accessed email accounts of the firm. Swift followed in 2016 together with Tesco (Ulsch, 2014). Chipotle was next in 2017 and as well as many others. In fact, the list is endless.

Hackers have stolen a lot of money that could be used in developing the nation in a number of ways. It is also important to note that some of these companies have undergone a crisis since too much money has been stolen from them. In a situation where a company loses more than five hundred million dollars in theft is a sure downfall and it is thus one of the risks of cyber insecurity. In case this situation is not handled, so many companies both private and public and other organizations will end up closed because they will lack financial resources to run their activities. All the money will be going to the hackers and fraudsters.

Government hacking can lead to unprecedented losses. More than once, the hackers have hacked government systems thus disabling governance. There is no way that tasks can be carried out if the system is not working. In most cases, the hackers are targeting something in particular when they hack the government system. For instance, it has been researched that when the terrorists are planning to attack a given place, they disable the system so that the security agencies will not be aware of them. This is affecting the performance of the government and especially the dense system.

Terrorism activities are also enabled through cyber insecurity. Countries such as North Korea and China are accessing the information of the U.S government and other nations by use of the internet; after which they attack them. It is believed that in the recent and future time, terrorists will not attack any place without the use of the internet. This is one reason why people should be very careful about their accounts, emails, and passwords among other items that can be accessed by the terrorists.

There is also the risk of ransomware through the internet. This is a situation in which hackers use malware and viruses to attack computer systems. There is evidence that the malware uses very sophisticated technology in carrying out its services. There are ransomware variants that are able to evade the security system that is normally installed and get access to the cloud-based storage solutions like Dropbox, one drive as well as Google Drive (Amoroso, 2015). This malware will then affect the data of the user such that the credentials of the logged- on user will be affected. This malware can hack mobile devices and cloud-backed data.

When the user of the system that is hacked tries to gain access, they find that they are required to pay a ransom in order to be given access to their cloud storage that can enable them to restore their data. The hackers will not release the data to the victims until they get a ransom. This is also another form of theft although it comes in a different way; it too involves taking someone’s money without working for it and without getting it from the person legally.

In some instances, hackers are just happy when they disable systems and they cause pain, disruption, and fear to people. For example, hackers can disable health care systems so that services are stopped. They are just happy when other people suffer since they have the spirit of terrorism. Also, they may hack the education systems when there are exams, so that students miss their exams. All these can be counted as hacking directed towards bringing pain to the society. This is also one of the main aims of hackers and terrorists especially when they have vengeful intentions.

Cyber insecurity also results in physical theft. There are times when the whole system in a company or organization is infected with viruses and malware such that they cannot function. This acts as a sign of what is to come in the future. In these recent times, the use of internet has been used as a true warning of upcoming threats.

Measures taken in order to combat cyber insecurity

There are a number of steps that can be taken in order to combat cyber insecurity. The aim of combating cyber insecurity is to increase the safety of the people, the government, and that of companies and organization. Cyber insecurity can be handled through three levels:

1. Prevention: This points to how the cyberspace insecurities can be kept from being launched. This level also points to how an attack can be stopped before it reaches its final destination so that it does not cause any harm as the attackers had intended.

2. Management of incident, mitigation of attacks and damage mitigation. This is directed towards lessening the effects that have been caused by cyber insecurity especially when the attacks have reached their targets (Sood & Enbody, 2014). It points to how people and organizations can reduce the impacts of attacks and how they can stop the attacks without so much loss to the victims who have been attacked. It also points to how the people and organizations can identify and limit the damage that has already been caused by the cyber attackers.

3. The third level is consequence management, which points to what to do next especially when an attack has occurred.

There are a good number of approaches that can be used in each of the three stages above. All the approaches are aimed at protecting the critical infrastructure of the government, the people, companies, and organizations against cyber-attacks. Each approach is concerned with how to lay strategic options and the strategic objectives as well as the tactics that will be used in order to curb this crime. Since the cyber terrorists are learning to use high technologies in attacking by the cyber, it is also important that IT developers come up with unique and distinct strategies that will curb or mitigate the effects caused by this crime.

Prevention strategies

There are many strategies that can be used in blocking the attacks from happening. The strategists try to develop ways that can help prevent attacks before the attackers can hit. In fact, the developers here do not even have to know what the attackers plan is, but they lay general strategies that can prevent any attack from any part of the world or with any intentions. This is a step that is aimed at securing the system from any sort of attack. It is important that cybersecurity be taken seriously so that strict measures can be drawn on how to prevent it. Some of the prevention strategies include:

1. Creation of awareness

The first strategy in cyberspace security is creating awareness in the general public on what cyber insecurity is. It is also important to tell people how it works and the effects it can create if it is launched. By creating awareness, there is a great possibility that people will gain knowledge and insight about the dangers of cyberspace insecurity and hence, they will engage in prevention strategies. Creating awareness will not only be at the company and organization level but also in the general public. This is because it can also affect individuals and private enterprises (Shackelford, 2014). Thus, the creation of awareness in all populations will bring to light the plight of cyber- insecurity and what entails.

Creating awareness will also enable people to be prepared in case of attacks. For instance, if people are aware of this sort of crime, it is possible that people will create passwords that are more complicated which can enable their systems to be secure. In addition, the people will try to install spyware and other security systems that will ensure that the security of their systems is guaranteed. When they take action, they could have prevented any given attack on their systems because the attackers will not avail their email accounts or for that matter; any sort of data from their systems. The attackers will not be able to manipulate their systems in any manner, or at the very least make penetration more difficult.

1. Offering training services

Training is very important in an environment where the terrorists are also getting more and more knowledge. By offering training services to the people, they are equipped with more insight into the problem and hence enabling them to get solutions. For instance, through training, it is possible that the professionals are able to come up with better strategies that can help overcome the problem. Training also enables the professionals to know which angle to use in dealing with such problems. In the recent times, there are many security measures that have been given by IT specialists that can be used in preventing cyber-attacks.

For instance, when using passwords, the professionals make it very complex by mixing letters and numbers, mixing small and capital letters and other symbols. This will not allow the attackers to predict the passwords of their systems. There is no way they can attack any system if they do not have the system passwords and accounts. Training will help the trainees to identify easily any internal and external risks in the emails as well as across the internet. In fact, this can reduce the risk of people who walk into phishing schemes and malware attacks.

Training should also extend to informing the employees to not to be clicking on phishing email links because these may be the tricks used by hackers (Pitts, 2017). The emails should only be clicked into if the sender is known to the company or to the individual who is using the system. In addition, employees should know how the spyware and firewall systems work such that when they are given a warning, they can actively respond to it as appropriately.

There are some cases reported of firewall or spyware giving messages on threats but companies and organizations ignoring them only to be hacked later. It should be clearly communicated to the employees that there is no message that should be ignored from the spyware and the firewalls. This is because they are installed to monitor the security in a system and any message they give is important and should be handled with maximum concern; maybe by signaling the cyber experts to try and find out about the warning.

1. Vetting partners in companies and organizations

Partners and other stakeholders are usually given access to the organization’s network servers. For instance, potential customers or investors may be given access to the company’s network housing. This network housing may have lots of important data that can endanger the company if exposed. In some situations, there could be people who may pretend to be potential customers but their main aim is to get access to the company’s network system. This can be evidenced by what had happened to Target and Home Depot in 2013 and 2014 respectively.

It is important that before a company or organization discloses important information such as passwords to its third-party stakeholders, they should be well investigated and evaluated what their intentions are. Sharing such information can also help companies come up with a concrete plan on how they can handle any misfortunes related to cyber -attacks. One thing that company management and administration need to be sure of before sharing any important information about their systems is total trust from their stakeholders no matter how close they are.

It is possible that companies and organizations will overcome any cyber insecurity; but it is important that all stakeholders from the private sectors, public sectors and the government to come together in order to design ways they can be used in combating cyber insecurity. All of them and other partners such as non- governmental organizations can be stakeholders in this problem and their contributions in whatever manner will be very helpful to ending this cybercrime that is growing so fast.

1. Laying a plan for off-site employees

It should be noted that some employees may pose a threat to the company’s security. This is normally true in companies that have given their passwords and emails to so many employees even those who are temporary employees. Some of the employees could be working from their homes and others will be distant employees (Sood & Enbody, 2014). No one will be quite sure about what the employees are doing when they are not in the company. Even when they are working in the company, there are some employees who may be working with other digitalized gadgets such as USBs, and flash disks that are able to collect and store large amounts of information from the company’s system.

It is therefore important that the company administration evaluates mobile device management and the way employees use their electronic gadgets. In an effort to do so, a company can decide to employ multi-level verification in the procedures and requirements of mobile use in the company as well as the use of other electronic gadgets. When this is done, the company should then work hard to ensure that it is only the authorized people who have access to the company's system. This can be very helpful in preventing internal threats and employees who can manipulate company information and sell it out for their own benefits.

Even the internal employees too can be a threat to the company. In a way, the company management should make rules about administration clear. It can be easier to track a person who has manipulated the system when there are few employees working with the system than when the whole company has access to the company system passwords. The company should only give access to the people who are leaders in a way and who have higher offices. Otherwise, the other employees should be prevented from entering the administration offices.

It is up to the company management to have a given office for all the other employees. Other passwords that are not leading to important company data can be created and given to these other employees while the important data be limited only to the management. This can be a better way of handling employees so that they do not feel excluded from company activities at the same time taking care of the company’s important data.

1. Remaining up- to- date and get educated on the current cyber information

The company has to set the time limit for editing the cybersecurity information. It can be annually, two times a year or even less. These intervals will be aimed at helping the company to learn new cyber threats and the threats that are mostly used at the moment (Shackelford, 2014). This can help companies to know which preventive measures they will take in order to prevent an attack from happening. For instance, McAfee Labs is an agency that produces a Threat Prediction Report annually and this helps the company to know which direction the attackers are taking and what strategies they can lay in order to prevent the attacks from being launched. The information is also very important because it can help IT professionals to bridge the gap that is widening between the hackers of cyberspace and them that is also thought to be widening. Therefore, it is safe to be updated and to maintain the security solutions.

1. Hiring a cyber-expert

Cyber experts are people who better understand the knowledge about cybersecurity better than any other employee. They are trained specifically on cyber issues and their only responsibility will be to ensure that the company is protected. This means that their tasks will be to check whether the company is secure and whether there are any threats that can be handled on a daily basis. It can be very easy to detect early signs of a cyber-threat when the company is alert and cyber insecurity can easily be prevented. This is because many companies are hacked not because they do not have security measures, but because they do not read any early warnings.

With cyber experts permanently in the company and regular outside cyber experts who are invited to check if everything is in order, it is possible that the company is insured of any cyber threat. However, it should be noted that when external cyber experts are invited to the company, there is a need to have their trust first before giving them the company passwords. These cyber experts can be a big threat to the company since they can may manipulate the system with the passwords given (Popoola, 2015). Thus, it can be important that immediately after an external cyber expert has been given the passwords and they are sure that there is no threat to the company, the company will change the passwords. Even so, the company should not depend on these external cyber securities because, with time, they may learn the trend used by the company when creating their passwords and therefore, the prediction will be easy.

1. Creation of complex passwords

Passwords are the locks and keys to company information. In one way or the other, they are the ones that can either give or deny access to the system. If a hacker does not have the system password, it is not easy for them to manipulate that system because they will be locked outside. Just like a house, an individual or company needs to have a strong lock that one will struggle with to get in; especially if that individual is not part of the family. Security passwords need to be regarded in the same manner. When creating passwords, they should be made as complex as possible such that one will not predict them easily. For instance, passwords can be made of letters that are mixed with symbols and numerals and other unique characters. The letters can be mixed with small and capitals and should be as confusing as possible. They should also be long and complex.

This is to ensure that one will not easily predict it and at the end, it is the company that will be protected. In addition, passwords need to be changed from time to time (Popoola, 2015). It should be noted that no one knows what will be going on behind the office hours with the employees. Having their trust is important but there are some who may like to exchange the company information for large sums of money.in order to avoid this, passwords to special data such as finance should only be given to the top two or three leaders in the company so that in case of anything, they will be questioned.

Otherwise, with technology increasing day and after day, companies can use locks that are not letters but can manipulate their signatures into electronic cards that can be flown on top of a machine to give access to the system. This will be the only super security that can end all these problems. After all, no one will go home with this machine and no hacker really comes to the office to steal the card. This is one technology that the experts should try to come up with because it will offer a total insured solution to cyber threats.

1. Addition of a cyber-blanket

With so many threats through the internet, it is high time companies seek to get back up from companies that are abler. Just like any insurance plan, a company can decide to insure themselves from cyber threats. This means that the company will be paying small premiums and if they are hit with such a calamity as cyber hacking, the insurance company will be able to fund the amount lost. This will be so functional owing to the fact that most companies have subscribed to online commerce to get access to many customers.

This puts them at a higher risk of being hacked than when they are simply working from their storehouses. Insurance will ensure that the company does not get a total loss when an attack has occurred but that it is covered (Sood & Enbody, 2014). According to Willie Sutton's message, money is in the companies that make it and the internet age is witnessing an expanded and dramatic criminal conduct on the internet that is in form of fraud, theft, and espionage. The banks, stagecoaches, trains, and private businesses are the main focus of the cybercriminals and these are the organizations that need to be insured since they will not be aware when and where the hackers will shoot next.

Incident management, mitigation of attacks and damage limitation

It is important that in this stage, businesses offer indications and warnings that an attack is taking place. Although some companies that have been hacked do so it is hard to know that hacking has taken place, it can be detected because the email addresses will be blocked and the company administration will not be able to login in. This is one sign that is supposed to warn a company that there has been an attack. When a warning has been sent that there is an attack, the company can try to prevent penetration of the system that is at risk from the outside erecting barriers and hardening the security to the interior of the system.

However, it is good to note that detection will be difficult given false positives during the early stages of any given attack before the real damage has not been instigated. The criminals are aware that if they are exposed early, they may not be able to get what they want. So they may stay in hiding for as long as they have achieve their goals. While passwords are the oldest security techniques, there are most recent ones which involve the use of firewalls and proxy servers are more efficient. This does not mean that they are completely impermeable but they offer better security than the passwords.

They also offer quite a strong defense and protect the system from attempted attacks. When using physical protection techniques, it is very important to consider penetration attempts in order to isolate the system (Sood & Enbody, 2014). For instance, there can be attacks on electronics by the use of electromagnetic pulses, attempts to cut cable endings and others and their protection can range from installation of fences to the use of biometrics.

Immediately the company has warnings of external attacks, there is an immediate need for internal compartmentalization as well as containment. This will be aimed at limiting penetration to the internal system where important data is stored and thus limiting damage, protecting and gathering information that will help in the response system and protection of the surviving assets. In order to protect the internal system after an external attack, the company will create internal barriers and cyber barriers. This can also be an effort aiming at the need- to- know access controls of the system, the intrusion tolerance schemes, the maintenance of protected redundancies, hiding assets and setting up decoys. All these strategies are enabled with the static of the pre-positioned and unchanging as well as dynamic variants.

It is also very important to ensure that automatic or the partial shutdown and relocation of the system is made. A normal system that has signals of an attack will erect internal barriers that will be intolerable during normal operations so that it can set apart the parts of the system that have been tampered with. The system can also load –shed to relocate surviving capabilities to the core functions needed by the organization. There can be a real-time reconfiguration as well as reassignment under given rapid degradation.

There is a core need to pay attention to the preserving and data collection in any attack. This can easily be achieved through the back- up plans as well as audit. The first step here is to get a recent pre-attack state that can be used to effectively recover and allow the system to resume its operations. This can be made even easier when a given attack has a starting time and back-ups are made at a regular interval. It can also be easier if the company or organization has a redundant shadow system. It is noted that internal attacks are in most cases very slow- building and they offer a more difficult challenge when it comes to identification of a state where the system has been compromised, especially when the system is free from inserted malicious code.

This is the reason why strong and regular auditing are essential because they will aid in identifying when an attack has started and can also help get data that can help in the identification as well as the apprehension of the attacker. It can also offer the company or organization with a better defense for similar future attacks; enabling the company management to formulate and establish strong security policies and response plans that will be preventive against future attacks. The comprehensive plan should be made to cover all the possible identifiable risks to the organization and have a defense system that covers all these risks (Amoroso, 2015). Even when there are many identified risks of attacks, the company should give special attention to the insider attacks. This is because this is where the heart of the company lies and when insider attacks take place, the company losses so much that it may even capitulate.

The staff members in any company and organization should be told in advance who to call and who to inform when they sense that help is needed. Using mock exercises can be a better tool to train the employees and make them ready to face these attacks. In most private systems especially those that are owned by individuals, the high cost of fire drills and their disruptive nature makes the individuals not to use them. This is added to the fact that the fire drills are delicate making the individuals have a constant fear of being attacked.

It is, however, important to note that all the approaches that are being discussed do not form 100% risk protection, but they can be of ultimate importance if they are all incorporated since they can form a multifaceted defense approach and can offer security to a company from cyber- attacks. Some security systems such as the DC/SCADA have given specific challenges. In the first place, they are very small and self- contained and have many requirements. This means that they may not offer security at all times due to power needs, lack of space and other real-time problems. In fact, there could be times when security measures can lead to reduced performance and challenges in synchronization of other system processes. They also are costly therefore many private businesses may also lack a financial way of securing them hence, putting their businesses at risk.

Looking at counter-terrorism, one can think that attacking physical targets through the control and management systems will lead to massive damage, mass casualties, and fear as well as lack of confidence. Most systems have a high risk of being tampered with especially on their control signals by insiders. This is where cyber terrorists pose a real-time concern. Activities in this stage are called terminal defense or passive defense since they are owned by private business owners. Cybercrime can pose far-reaching long-term effects apart from just stealing money and data.

These can range from loss of personal property, credit outstanding and loss of personal resources among others. While cybercrime is a big threat to businesses and governments, it is estimated that a total of 80% of the total attacks is a result of lack of protective measures by the company. Only 20% of the total attacks are as a result of sophisticated and advanced attacks. This is why before coming to the mitigation efforts, the preventive measures should be very strong and business stakeholders should ensure that there is no small gap left for the attackers to penetrate and take what they have worked for so long. In most recent studies, there are indications that criminals are at a better chance of winning since economics favor them (Pitts, 2017). One can just imagine a single individual who is able to cause havoc on so many individuals and companies with the least cost and with the least risk of being caught. This can be a very sophisticated cyber expert.

Implementation of a response plan

In matters of national economy and national security, it is very important that a National Cyber Incident Response Plan be established. This national response plan should include all the stakeholders in matters of security. It should start with the government, going down to the public sectors such as public companies and organizations, the private sector, the defense system and even individuals and the public at large all have a role to play in the establishment of a cybersecurity response plan. In fact, the nature and the risks of cyber – attacks are unique and very unpredictable. In presenting a sustainability of security system the roles should be distributed to all the stakeholders (Pitts, 2017). The strategy that should be used should be integrated with a framework by operational playbooks across all the areas.

In the response plan, it is very important that a coherent, coordinated and a collaborative approach is used so that all the stakeholders get to participate equally ensuring that attacks are totally reduced or that their effects are mitigated. People should not just look up to the government to give the solution to the cyber insecurity challenges. Everyone should be aware that he or she has a big role in security cyber environment. The response should also be a trusted partnership that is based on mutual respect as well as an engagement, responsibility and that recognizes that tasks will be carried out in a joint and integrated manner so as to reach common goals and objectives. This will start with the internet devices that are on our hands and houses. Ensuring that they are totally secured from cyber- attacks is the first step in contribution towards ending cyber - attacks.

One thing that needs to be noted is that cybersecurity is not a fight with some thieves who are hiding in a nearby bush but with people who have brains and who are sophisticated. They too understand technology. In addition, they too are fighting so that they can get better strategies that can be used in order to continue stealing the big money that they get. Thus, combining effort is important in order to come up with one solid and concrete solution that will bring the long story of cyber terrorism to a stop.

Consequence Management

This is a defense stage that can be divided into two; recovery and response. In recovery, IT assets are reconstituted to enable the organization work almost as normal as it used to do before it was attacked. It can be defined as a passive form of defense. On the other hand, it can be used to help the organization to get future defense against any cyber- attack. This stage of defense will be engaged in removing and shutting down harsh defective entities. It also involves assessment of damages that were caused during the attack; what assets have been broken, stolen or even changed. It is also aimed at prioritizing functions that need to be reconstituted, automation and semi-automation procedures for making assessments, quickly and efficiently reallocating as well as rationing whatever has been left (Amoroso, 2015).

Other responses that will be required are:

1. Identifying the culprits who committed the crime, and getting them arrested. This needs strong forms of clear and accurate forensic tools such as fingerprinting.

2. Retaliation measures; these are the legal principles that are applicable and proportional to the kind of crime the culprit is found committing.

3. Escalation; this is assessing the damages caused in order to make a decision on what step to take next.

4. Asymmetries; this is making a decision about what to do concerning the attackers who have few IT assets.

Conclusion

Dealing with cybersecurity is very subtle and it needs sophisticated knowledge. There is also a need to combine effort so that the task can be much simpler. It may not take one year- two years or a specific amount of time but ultimately, it will come to a stop. Cyber professionals are doing a lot in ensuring that they come up with a strategy that can be used in dealing and providing a solution to the cyber threats and crime. There are many measures that can be used to combat cyber- attacks; preventive, management and maintenance strategies. One thing that is very important is that all people should come together and understand that they each have a role to play in making the long journey a success. All of us have a role to play.

References

Amoroso, E. G. (2015). Cyber Attacks: Protecting National Infrastructure. Waltham, MA: Elsevier.

Harris, E.  & Perlroth, N. (2014) For target, the breach numbers grow. NY Times. Retrieved from https://www.nytimes.com/2014/01/11/business/target-breach-affected-70-million-customers.html

Krebs, B. (2014). The target breach, by the numbers. Krebs on Security RSS. Retrieved from https://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/

Newman, L. H. (2017). The biggest cybersecurity disasters of 2017 so far. Wired.com. Retrieved from https://www.wired.com/story/2017-biggest-hacks-so-far/

Pitts, V. (2017). Cyber Crimes: History of World's Worst Cyber Attacks. Vij Books India Pvt Ltd.

Popoola, D. M. (2015). Nightingale Online Praxis and Prevention of Cyber Attacks. Trafford Publishing.

Shackelford, S. J. (2014). Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace. New York: Cambridge University Press.

Sood, A., & Enbody, R. (2014). Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware. Waltham, MA: Elsevier Science, 2014.

Sterling, B. (2012). Spear-phishing and Water-holing. Wired.com. Retrieved from https://www.wired.com/ 2012/10/spear-phishing-and-water-holing/

Ten Napel, Novealthy, Mano. (2015). Wearables and Quantified Self Demand Security First Design. Wired.com. Retrieved from https://www.wired.com/insights/2014/10/wearables-security-first-design/

Ulsch, M. (2014). Cyber Threat!: How to Manage the Growing Risk of Cyber Attacks. Hoboken, New Jersey: Wiley.

Proposal:

Abstract

With technology advancement and the technological risks facing business organizations today, there is need to investigate if cyber security will keep up with rising changes in technology crimes. Many business organizations are suffering huge losses due to attack of organization data by cyber criminals which is in relation to lack of security to their systems or their securities are breached by cyber criminals. This study seeks to investigate the impact of cyber security crisis planning as a way of curbing cyber criminals, impact of cyber security crisis management, and regular surveillance of technology in an organization as one of the processes of curbing cyber-crime. The study will use qualitative research methods in data collection and analysis. The rationale for this methodology is due to its in depth understanding of a phenomenon that is under study.

Problem Statement

With technology ever advancing and cyber criminals rising to meet the changes, can cyber security keep up?

Purpose Statement

Cyber criminals are increasingly changing their tact of doing crimes as technology advances. Usage of computer software which allow multiple users like business organization, vendors and customers, to face a high risk of being hacked if adequate security is not taken into consideration. With advancement in technology, cyber criminals are increasingly advancing to beat the advancements in security that is brought about by the advancement in technology. Cyber criminals are able to access sensitive information stored in computers, mobile devices, and even hacking into financial accounts of those people who use magnetic or swipe cards.

The most effective way for mitigating risk associated with cyber-crime in an organization is identification of assets to protect. Priorities are then given to those assets which are most important and store crucial data such as corporate and client’s data that incase of attack, an organization may suffer huge losses.

The risk management process starts with cyber security outline which is established by each department in a business organization. Usually, there exists software in market which can assist in mapping the data of organization. When data has been mapped, better decisions on how that data can be secured and therefore reduce risk of being attacked by the cyber criminals. With technology advancement and the technological risks facing business organizations today, there is need to investigate if cyber security will keep up with rising changes in criminals as a result advancement in technology.

Research Questions

Q1. Is cyber security crisis planning appropriate to curb cyber criminals?

Q2. Is Cyber security Crisis Management appropriate in deterring cyber-crime?

Q3. Is regular surveillance of technology in an organization way to curb cyber-crime?

Key Points Addressed

P1. To study the cyber security crisis planning as appropriate way to curb cyber criminals.

P2. To investigate the impact of Cyber Security Crisis Management in preventing cyber- criminal

Q3. To assess regular surveillance of technology in an organization as one of the process of curbing cyber-crime

Proposed Methodology/Research Strategy

This study will use qualitative research methods. The rationale for this methodology is due to its in depth understanding of a phenomenon that is under study. The methodology gives descriptions that are detailed which may be used to build a theory. The second reason for usage of qualitative method is due to its explanatory nature in that the research will allow finding of new ideas and occurrences that were never anticipated.

This study will be a small scale research and therefore the use of qualitative method of research will be justified. Qualitative method is usually associated with small scale research since the method of collecting data mainly involve; focus groups, observation and interviews. Finally, this method is warranted since the researcher may aid as a participant. In this case, the researcher offers insights as well as may observe during data collecting process.

Assumptions

The researcher assumes that the respondents will cooperate and provide the data required for the study to be successful.

Scope

The study will investigate if cyber security is up to the task of curbing cyber criminals. The researcher has considered (*****insert area) town as an area of study. Primarily, the study will focus on cyber security on tackling cyber criminals that are on rise due to advancing in technology.as a result of advancement in technology. The scope of study will be limited to financial institutions.

Limitations

This study may face a challenge of accessing classified cyber security information from the institutions the research will be conducted. Due to busy learning schedule on the side of researcher, it may be a challenge to get adequate time to conduct the research appropriately.

Tentative Schedule

Week 1 write up proposal

Week 2 write up project

Week 3 Project presentation

Week 4 Data collection

Week 5 Data analysis

Week 6 Report writing

References

J. J. Prichard and L. E. MacDonald. (2004). Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks. Journal of Information Technology Education, vol. 3,

M. Crotty (1998). The Foundation of Social Research: Meaning and Perspective in the Research Process. St Leonards, NSW: Allen and Unwin.

R. Ahmad, Z. Yunos, S. Sahib, and M. Yusoff, (2012). Perception on Cyber Terrorism: A Focus Group Discussion Approach. Journal of Information Security, vol. 03, no. 03, pp. 231–237, 2012.

Schaeffer, B.S., Chan, H, Chan, H., and Qgulnick, S. (2009). Cyber crime and cyber security: A white paper for franchisors, licensors, and others. Retrieved from http://business.cch.com /franlaw /cybercrime_whitepaper.pdf

Simpson, D. (2017). Cyber security risk reduction. Public Safety & Homeland security Bureau of Federal Communications Commission. Washington, DC. Retrieved from https://apps.fcc.gov/edocs_public /attachmatch/DOC-343096A1.pdf

Bibliography

Amoroso, E. G. (2015). Cyber Attacks: Protecting National Infrastructure. Waltham, MA: Elsevier.

Amoroso is specifically handling the challenge of national infrastructure. To him, cyber-terrorism has led to many challenges that are related to the destruction of the national economy. Controlling and managing cyber threats can lead to a more developed culture and a stable governance system. This author also discusses the importance of cooperation and support from management to provide a well-rounded cyber security system for a company.

Pitts, V. (2017). Cyber Crimes: History of World's Worst Cyber Attacks. Vij Books India Pvt Ltd.

Pitts follows the history of cyber- crimes and the cyber-criminals who have been in history. It is a way of teaching the current businesses to learn from the past mistakes so that they can get defense against cyber- attacks.

Popoola, D. M. (2015). Nightingale Online Praxis and Prevention of Cyber Attacks. Trafford Publishing.

Popoola talks about online attacks and how they can affect businesses. According to Popoola, the best strategies that can be used to prevent cyber threats is preventive. They help do away with cyber- attacks.

Shackelford, S. J. (2014). Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace. New York: Cambridge University Press.

This source handles the cyber- crimes that have been handled in the criminal courts, where the crimes happened and the judgment that the criminals were given. It is aimed at bringing to light the methods and strategies that cyber criminals use so that the others can learn from them. It also discusses situations and issues of cybersecurity within the aspects of science, politics, law, and economics. The authors speaks on how security sectors can work to advance their cybersecurity to better protect their environments.

Sood, A., & Enbody, R. (2014). Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware. Waltham, MA: Elsevier Science, 2014.

These authors handle the companies that are targeted by cyber - attackers and the reasons why they are targeted. This book discusses targeted cyber-attack and the many definitions associated with how these attacks are classified as well as the reasoning to the attacks. It also gives direction on what vulnerabilities leaves a company open to an attack. This is a strict warning that strict and strong cyber security walls need to be built in order to prevent the attacks from being installed.

Ulsch, M. (2014). Cyber Threat!: How to Manage the Growing Risk of Cyber Attacks. Hoboken, New Jersey: Wiley.

This source comes as a warning to create awareness that cyber- attacks are real and they can come when they are least expected. It goes on to speak on the effects that arise from cyber-attacks and consequences that occur when such takes place. That these attacks cause problems for our economics and national relations. And that the best thing to do is to get secured so that the company or organization is at the safe side.