Word limit: 10 to 15 pages in length Students are expected to research and discuss and submit report. The project can be in any of the following areas: • Cybersecurity • Internet of Things • Cloud...

Running head: Cybersecurity
Cybersecurity
Student Name:
University Name:
Unit Name:
Date:
Contents
1.    2. Table of contents    3
3. Executive Summary (2-3 pages in length)    5
3.1 Provides a clear statement of the technology project that is being assessed    6
3.2 An overview of your recommendations to management as to the merits of the project based on your risk assessment    7
4. Risk assessment based on threats, vulnerabilities and consequences (4 - 10 pages in length)    8
4.1 These are must be derived from an IT control framework and any existing industry risk recommendations for the project.    9
4.2 Identify and discuss the key threat agents.    10
List threat agents    10
Issues    10
Consequences    10
Include pictures, images, tables, analysis    11
4.3 What could be done to mitigate the risks and their impact on the system    11
Impact    11
Mitigation    12
5.1 Protection mechanisms you could employ for the information security.    15
Safe guards    15
Other measurements Security mechanisms    16
Like change in key principle of information security    16
6 Conclusions    17
7 References    18
8 Appendices    19
Executive Summary
Cybercriminal is going to make 3.5 million latest, unfilled cybersecurity jobs by 2021. This increase is 350 percent in five years. As well as because of that growth several major cyber security revenues are surrendered. Everywhere, to employ business security professionals, customers invest a significant amount to monitor the privacy and avoid ransomware attacks. In today's Internet-connected world, where technology is under almost every aspect of our community, cyber security and forensic experts are handling extensively with cyber hazards in real-time situations. Without the risky information, large data and the employment of machine learning techniques, in real-time situations, the ability to detect, analyze and prevent such threats is not possible. For example, when large-scale data is collected or generated by various security monitoring solutions, then intelligent and next-generation large data analytical techniques for knowledge, definition, and removal of this arbitrary/structured (large) data are necessary. Or maybe it's other method. Internet is creating social opportunities as well as latest business that scale moreover widely interacts. Increasing or accelerating personal as well as corporate data makes it more profitable target for a cyber crooks moreover a state-sponsored spy or saboteur. At a same time, more connectivity offers more probable attacking vectors. The report shows the responsibilities of the responsible person and the financial driver and the social media as well as the concerns related to the future of the Internet. One central theme is that the Internet must be successful in both areas; it should be reliable, safe and easy to use.
Statement of the technology project
The information or communications technology industry has also evolved significantly over last half century. This technology is universal as well as consistent integral in almost each aspect of modern technology. ICT devices as well as components are commonly mutually dependent and someone's interruptions might affect others. For the past some years, experts or policy maker have expressed rising concern about cyber attacks in protecting the ICT system, which is why lots of experts are expected to increase intensity and frequency over next few years. The work of protecting information or communications technology system or their content has been identified as cyber security (Bartlett & Bottollier-Depois, 2005). Comprehensive and rationally, some unclear ideas can be a useful term for cyber security, but that definition is denied. Sometimes they are messed up with other ideas like privacy, intelligence gathering as well as monitoring. But, cyber security may be a significant tool to protect privacy or prevent unauthorized monitoring, and gathering information as well as intelligence may be helpful tools due to cyber security. Risk management is considered to be the basic for cyber security in the information system. The threat related to any attack is dependent on three factors: Threats, vulnerability and impact. Most cyber attacks have restricted results; however some elements of critical infrastructure (CI) are a successful attack - most of the which, by a private sector, have important impact on the national security, financial system and individual citizens' livelihood as well as security. Reducing such risks usually involves the removal of threats, removal of vulnerabilities, and decreasing effects. Federal roles in cyber security include helping to safeguard both federal system and protect nonfederal system (Basu & Fernald, 2014). According to the current law, all federal agencies are responsible for their own cyber security capabilities related to their system moreover many people have area-specific responsibility for the CI. More than fifty rules cite the several aspects of cyber security. In the 113th Congress, five bills were implemented, and at 114th position, the second federal ICT and the USI Security, federal cyber security workforce, cyber security research and development, public and private sector information sharing and international aspects of cyber security. Other bills considered by Congress include restrictions and responses to data violation, cybercrime and law enforcement and other things besides internet cases. During the 114th Congress Period, the Obama administration has promoted and expanded non-Federal Information Sharing and Analysis Organizations; Announcement of action plan to improve cyber security across the country; More than 30% of federal agencies prepare a mobile van for the modernization of federal ICT with the proposed increase in cyber security funding; Instructions on how the federal government will respond to cyber security incidents of government and private sector (Biswas & Mukhopadhyay, 2016). Those recent legislative and executive-branch functions have been designed to meet the well-established needs of cyber security in large numbers. However, that requirement exists in the context of long-term challenges related to design, promotion, comprehensive, and environmental. 114th and future Congress legislation and executive actions can have a significant impact on those challenges.
Recommendations to management as to the merits of the project
The International Organization for Standardization (ISO) defines risk as the "effect of uncertainty on objectives." It is an ongoing procedure of recognizing risk management, evaluating as well as responding to risks. To manage risks, organizations must evaluate the probable impact of the probability of an event or then recognize the better approach to handling risks: Avoid Move, Accept and Decrease. To reduce the risk, one type of safety measures (preventing, preventing, detecting, correcting, etc.) should be ensured by an organization. Not every risk may be removed, and no grouping has a restricted budget and sufficient staff to deal with all the risks (Brody, Bianca & Krysa, 2012). Risk management (RM) is similar to managing the effect of the uncertainty on institutional objectives, which is why it is the most efficient and effective use of restricted resources. This ensures that the decisions of the risk can be well-inform, can be considered as well as made in context of organizational objective, for example the opportunity to support organization campaign or get professional awards. Risk management must take a broader approach to risks in an organization, so that resource allocation information, risk management, and responsibility must be enabled. Ideally, risk management helps in early detection of risks and applies appropriate measures to prevent or prevent the occurrence of events (Dourado & Castillo, 2018).
Risk assessment based on threats, vulnerabilities and consequences
Vulnerability Analysis The purpose of analyzing the sensitivity is to check whether current safeguards are sufficient in case of information gathering, confidentiality, integrity or availability to gather information and check current exposure. They will also indicate whether the proposed safe guard will be sufficient. Different tools can be used to identify specific weaknesses in the system. Solving the problem in many organizations is the ability to effectively filter false positives in the evaluation applications. It is necessary to verify the results of various tools to accurately determine the reliability of the devices in use and to prevent the protection of an area that does not exist in reality. False positive effects can be reduced by ensuring that the evaluation app is updated with the latest stable signature and patches (Giles, 2011).
Threat Analysis Risks are described as such things that contribute to the persecution, destruction or disruption of any service or value item. The risk of analysis will focus on each item that will probably be possible. These risks can be divided into human and inhuman elements.
Consequences Assessing whether existing policies, procedures, and protection items are enough in these places is one of the last steps. If there is no security guard in providing adequate protection, such deficiency can be considered. Existing and planned protection should be reviewed to determine whether earlier known and discovered threats and threats have been reduced (Groves, Cox & Hesse, 2017).
IT control framework
The preferred, flexible, or cost-effective approaches to Cyber security framework helps to promote vital protection and flexibility and promote the economy and other areas required for national security. Many organizations need to mix state, industry-specific and international cyber security rules. Challenge for an organization at a national or international level is important. Of all the companies considered in the survey, often in the banking and financial sector, security frameworks are often used and then they use information technology. Healthcare and medical sectors were the worst, 27% are not in any of these boxes (Heires, 2012).
Key threat agents
List threat agents
· Hackers
· Terrorists
· Cyber Criminals
Issues
Hackers: There are people interested in arcan working in the computing system. Hackers constantly try to deliver knowledge further or freely. The Hackers will not intentionally disrupt the data.
Terrorists: Those who violate systems integrity are malicious purposes. The terrorists enjoy the pleasure of these abuses and their temporary strength (M.Alghazzawi, Hamid Hasan & Salim Trigui, 2014).
Cyber Criminals: While considering threatening agents in relation to cyber-security, each of them come in one of the following: Cracker, Hacker, Amateur, therefore, is more effective to utilize the structure present in Figure 1, as well as then distinguish between us. Risk conditions depending on the agent. The above statements only have one concession (Malhotra, 2015).
Consequences
For cyber security, the definition of a cyber danger is somewhat less in Oxford Dictionary: "A malicious attempts to harm or inhibit computer network and systems." These definitions are incomplete, including attempts to access the files or intrusions or theft of data. But after the release of this list, different types of game-changing technologies have been widely used: name cloud computing, big data and mobile device use. Successful cyber attacks can cause main harms to your company. The effect of the security breaches can be divided into a three sections: financial, honorable or legal (Ramage, 2012).
Image Source: helpnetsecurity.com
Image Source: facilityexecutive.com
Mitigation the risks
Impact
Cyber attacks often result in substantial financial loss arising from:
· Theft of the corporate data
· Theft of the financial data (e.g. bank details and payment card)
· Theft of the money
· Disruption to trading
· Loss of the business and contract
The costs related with the repairing affected system, networks, as well as devices, including victims of cyber breach, are also usually taken (Sheetlani, 2017). Data Protection or Privacy Laws You must manage security of overall your data - be it on your employees and your clients. If this information has been compromised and deliberately compromise as well as you fails to use the correct security measures, then you have to face penalties and regulatory approvals.
Mitigation
Over the past several years cyber attacks have been going on in the attacks of hackers and cyber criminals. These attacks on computers and computer programs can often be disastrous for a company or a private user, rigorous and occasionally lengthy restoring processes are needed that can provide valuable time and income.
The Proper computer security is required when trying to prevent any type of cyber attack from a virus from a phishing scam to random software. One way to make sure your device is safe enough is to ensure that any software or security updates are available instead of taking as long as possible (Valasek, 2017). Hackers can...