Cyber Security Assignment: Critical Analysis On The Issues Encountered By Peanut
Question
Task:
Peanut Processing Services (PPS) is a data collection, analysis and processing company operating from an
office within Subiaco, Western Australia. PPS are used by large organisations to conduct surveys and data
analysis. In most instances, the data collected is highly confidential. Data collected is usually through an
online website, but in some instances via paper. PPS operates under a four-business day turn-around time
– meaning they cannot afford downtime, in order to maintain their current business reputation. PPS
currently employs twelve people, each using a company issued Windows 10 laptop.
A year ago, an employee’s laptop hard drive crashed, and the data was lost – this incident resulted in the
company losing a valuable customer. In recent months, one employee’s laptop was targeted with
ransomware, and the company paid the ransom as they couldn’t afford the downtime. In another breach
of security, an office assistant was caught accessing and viewing a confidential data set on another
employee’s laptop. Last week, one employee left their laptop unattended in their vehicle. The vehicle was
broken into, and the laptop was stolen. The manager has provided you with the following additional
information pertaining to the organisation’s IT equipment.
• Each laptop is using Windows 10, with automatic updates enabled.
• None of the laptops contains any security software beyond the Windows 10 defaults.
• Each laptop accesses the Internet via a wireless connection to a broadband router.
• There are currently no policies or rules guiding employees on how to best utilise resources and conform
to ideal cyber security conscious behaviours.
• Confidential data is emailed/stored without using any cryptographic techniques.
• On January 20th, 2019 week an employee found a USB flash drive in the car park and plugged it into their
computer. Since then, the employee has claimed that the computer appears to have “a mind of its own”.
• Data collection instruments used online are secure and hosted by a third party provider.
Instructions
You have been hired to devise a security solution. The employees are comfortable, and reluctant to
change their current cyber security behaviour. Many of the employees believe that the company is
functioning correctly and does not need a new cyber security operational model. The PPS manager is
committed to addressing the cyber security issues and improving the culture of the workplace, and has
allocated $25,000 to this project. The PPS manager is predominantly concerned with the confidentiality
and availability of data, but also the recent malware incidents. The manager has requested that you
compile a small, succinct report addressing five critical cyber security issues. In producing your solution,
you should address the following requirements:
1. Why the chosen cyber security issue should be addressed immediately.
2. A detailed explanation/demonstration of how you propose to address the issue.
3. Why is your chosen solution better than alternative approaches (i.e. clearly compare/contrast your
solution to alternatives)?
4. A detailed breakdown of the cost in addressing the selected issue.
Answer
Introduction
The current report on Cyber security assignment revolves around the concept of Cyber Security that can be defined as a collection of technologies, methods along with practices that can be used to protect aspects such as network, devices, programs and various types of attacks on the data that can be used to damage the unauthorized access. This security can also be termed as information technology security. The present study that has been focused on issues that are faced by an information technology in the context of cyber security along with the solutions that can be provided in order to overcome such issues. The study developed in the following sections of Cyber security assignment also provides a detailed breakdown of budget in order to overcome the prevalent issues in concerned organisation namely Peanut Processing Services (PPS).
1. Why the cyber security issue chosen in the report on Cyber security assignment should be addressed immediately?
In order to address the issues selected in the study examined in this Cyber security assignment, it can be vital to identify the issues that have been prevalent in the context. The issues that have been a major issue in the concerned organization are as follows:
- Losing of valuable data and crashing of hard drive
- Threat of ransomware in the laptop of an employee
- Data stolen from the employee’s laptop
- Keeping in check of the financial issues of company
- Educating the employees with proper knowledge related to cybersecurity
The most prominent threat that the concerned organisation has been facing is the leakage of data which can be damaging the operation of the business. The concerned organisation has been responsible for holding a range of data by conducting surveys for the large organization. The threats due to cyber security issues can put the valuable for the concerned organization and the client organisation. Another major issue that has been identified and is required to be dealt with is ransomware threat for the devices used by the employees (Gupta et al., 2016). The ransomware can be defined as the malware that can be used for encryption of the data of the business and the only way to unlock is by paying large fees by the organisation. The data that can be stored in the computers can be at risk due to the ransomware as such types of cyber-attacks that can also be risen in the prominent with the prevalent of cloud based services for storing critical data (Jokar et al., 2016).
There can be several other critical impacts identified in the study explored in the Cyber security assignment that can be related to the concern organisation due to cyber related crime. The lack of emphasis on the cyber security can be hugely damaging to the concerned organization. The direct impact can be on economic costs due to such attacks on the business that nature of theft of the critical information or disruption of the reading and in certain instances it can the financial loss can be caused to effect of the information for repairing the organisation (Gai et al., 2016). Due to lack of faith in the cyber security can affect the business as the customers might be more inclined to venture which can be further result in losing the sales and profit.
The organization needs to be ensured that the stakeholders involved in the organisation needs to updates about the latest cyber security threats and the suitable methods need to be adapted for protecting the data. The above are the reasons due to which the issues the issues can be considered to be important to be met in order to maintain the stability of the organisation and help it to sustain several issues related to cyber security (Dawson et al., 2016).
2. A detailed explanation/demonstration of how you propose to address the issue outlined in the Cyber security assignment
There can be a list of methods that can be used in order to mitigate the issues that has been prevalent in the present organisation. The most effective measure that can be used by the company in the giver study to deal with the issues can be installing software in the laptops of the employees along with training the employees in the context of the cyber security principles (Shapsough et al., 2015). This signifies that a detailed investigation has been carried on for achieving the research objectives used to develop this cyber security assignment.
Empowering the employees in order to recognise and deal with the common cybercrimes can be beneficial for the concerned organization for the security of the data for the organisations. The employees need to be aware of the responsibilities along with accountability while using the computer on a business network (Zhang et al., 2017). From the perspective of implications of the findings of this research on Cyber security assignment, it must be stated that the employees needs to be educated in the data theft incident for reporting the process in the context of events along with the laptop of the employees if it gets infected by any viruses. They need to train in order to recognize the legitimate alert for the problem. In these instances, the employees need to report in an immediate manner related to the incident so that team of security solution can be engaged in order to mitigate and investigate the threat related to the cyber-crime (Maglaras et al., 2018). Training the employees can also help in securing the computers by keeping it proper secure place. The important information need not be properly backed up the routine along with backup copies that can be kept by proper encryption in the laptops of the employees of the concerned organization. The employees can be held responsible by accepting the prevalent virus protection and the required updates related to the software like Windows 10.
On the other hand, it is also noted in this Cyber security assignment that Computer security tactics can often be considered to be an issue that can be arisen due to breaking the security due to certain unethical sources. In order to deal with the data theft, computer security can be the most vital aspect as it can help in keeping the information of the organization to be safe from various threats. It can be vital to manage the overall health of the laptops or other matching with the help of proper security of the computer that can be helpful in preventing the viruses and ransomware which can ensure the data to be protected from various types of threat (Rathore et al., 2017). In order to avoid the issues related to the cyber threats the employees need to be taught that the software that they install needs to be from a protected and verified source. Moreover, avoiding any third party who can track the activities or the messages that can be shared by the organisation can be one of the solutions. In order to avoid these issues proper software along with encryption of the messages needs to be performed (Khatoun and Zeadally, 2017). The findings obtained in the context of this Cyber security assignment signifies that the solution of installing and updating software along with maintaining the health of the computer can be achieved by properly training the employees.
3. Why is your chosen solution better than alternative approaches (i.e. clearly compare/contrast your solution to alternatives)?
The other alternatives that can be used in order to deal with issues outlined in the context of this Cyber security assignment that can be present in the relevance to cyber security are as follows:
- Making backup copies for vital information related to data and information
- Controlling the physical access to the computers, laptops and other component of networks
- Securing the network access by keeping it hidden and encrypted
- Limiting the employees accessing the data by limiting authority by installing the software
- Changing the password on a regular basis
The above mentioned method to mitigate the issues that can also be used in order to deal with the arising issues in the organisation. In order to provide proper solution to the issues, the study examined in the Cyber security assignment also mentions that it can be important to evaluate the best suitable method for the existing scenario (Gupta and Akhtar, 2017). In order to deal with the present issues for the method of training the employees can be best suited for the organisation. This because it can help in bringing holistic improvement in the concerned company and the other mentioned solutions can give rise to complexities for example changing the password on a regular basis can be one of the solutions which can create ambiguity for the password and therefore affecting the overall productivity of the company. Other than that, limiting the access of the employees can also not be a proper method of mitigate the issues like data protection (Frustaci et al., 2017). On the contrary it can give rise to resistance as it the employee may feel the management do not have trust in the employees (Tawde et al., 2015). Moreover, the above mentioned solutions cannot be considered as a permanent solution for the issues for the company.
On the other hand, the segments covered in the Cyber security assignment also proves that the training of employee related to cyber-attacks can help in protecting the sensitive data and money from various dangerous sources. Training can help in mitigating the attacks even with the help of robust infrastructure of security (Taylor and Sharif, 2017). The training of employees can help the employees to be more attentive of the consequences that can have a significant negative impact on the functionality of the organisation. Although mitigating the risks can be challenging due to finding a proper balance between the productivity of the employees and securing sensitive data (Elgargouri et al., 2015). In order to achieve a proper balance an organisation may need to create a simple and clear set of rules that can be used to address the maximum number of potential breaches in the organisation due to cyber security (Ashibani and Mahmoud, 2017).
From the overall findings developed in this Cyber security assignment, it can be illustrated that there are certain key aspects that need to be considered with providing training to the employees by creating awareness of the importance of cyber security:
- Keeping the laptops free from any of the programs that can be suspicious along with applications and data
- Using the password that can be strong and properly encrypted
- Backing up the work of the employees as per the policy of the company on a regular basis
- Proper notification needs to be provided to the security solutions team in case of any sort of irregularity in the machines
The training of the employees can be associated along with several cyber security practices and raising the awareness in the company and along with that it can provide benefits like:
- Reducing the incidence of breaches of the security
- It can help the company in saving a significant amount of money
- Improving the confidence of the employees of the concerned company
4. A detailed breakdown of the cost in addressing the selected issues
The budget of the cost for addressing the issues examined in this report on Cyber security assignment of the organizational cyber security with the help of proper training of the employees is as follows:
Criteria |
Allocated amount (AUD) |
Purchase of required anti-malware for the laptops |
8750 |
Experts to install the software’s and chinking the overall health of machines |
7500 |
Training of the employees (Theoretical) |
5500 |
Training of the employees (Practical) |
1850 |
Assigning a team of expert for meeting the issues and doubts of the employees on a regular basis |
1400 |
Total |
25000 |
Table 1: Budget of the training of the employees and installation of the software
(Source: Created by author)
The above budget has been allocated for the two suggested solution order to mitigate the issues like data theft and securing the data in the laptop of the employees. In this context, the argument raised in this Cyber security assignment focus on the solutions like installing the software that can help dealing with the ransom ware on the machines can be given a topmost priority. The installation of the software can assign be divided into two parts that can be purchasing the most suitable antivirus software along with hiring the experts who can properly install the software in the laptops. The budget allocated for both the activities can be expected to be 16,250 AUD. Other than that, the second most important step is to develop a proper program for training of the employees for using the laptops in a proper manner. The employees need to be aware of the consequences of the risk that can be assisted with the laptops of the employees. Moreover, the employees also need to be provided with proper guidelines in case of any data if stolen or used for any other purpose from the machines that has been allocated to them. As per the readings developed in the Cyber security assignment, it can be states that proper legal and ethical aspects need to be educated to the employees in case if they are held responsible for exploiting the data apart from the required activities related to the organisation. In order to provide them with proper training the management of the concrete organisation has to appoint a group of priest that can provide the employees with proper knowledge.
Apart from that, in order to provide proper solution as avoiding the issues to not to occur in the future the employees need to be provided with a team of security solution that can provide them with required solutions of the issues related to cyber security. The team that can be appointed can be internal or nay third party that can be successfully used for mitigating any sort of issues in the organisation. The budget that has been developed above in the context of this Cyber security assignment can help in forming proper steps and dealing with the issues in proper manner.
Conclusion
From the above study examined in this Cyber security assignment it can be concluded that, the cyber security has been growing as severe threat that needs to be dealt with in a proper manner. The study has been developed in the context of the concerned organisation that can be used to mitigate the issues that has been impacting in the service and productivity of the organisation. The awareness training and effective software installation has been the two required solutions that can be used by the security solution team in order to overcome the existing issues. Teaching the employees can help understanding the roles that are important to be played for protection of the data and system is can be sensitive.
References
Ashibani, Y. and Mahmoud, Q.H., 2017. Cyber physical systems security: Analysis, challenges and solutions. Cyber security assignment Computers & Security, 68, pp.81-97.
Dawson, M., Eltayeb, M. and Omar, M. eds., 2016. Security solutions for hyperconnectivity and the Internet of things. IGI Global.
Elgargouri, A., Virrankoski, R. and Elmusrati, M., 2015, March. IEC 61850 based smart grid security. In 2015 IEEE International Conference on Industrial Technology (ICIT) (pp. 2461-2465). IEEE.
Frustaci, M., Pace, P., Aloi, G. and Fortino, G., 2017. Evaluating critical security issues of the IoT world: Present and future challenges. IEEE Internet of Things Journal, 5(4), pp.2483-2495.
Gai, K., Qiu, M., Sun, X. and Zhao, H., 2016, December. Security and privacy issues: A survey on FinTech. In International Conference on Smart Computing and Communication (pp. 236-247). Springer, Cham.
Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds., 2016. Handbook of research on modern cryptographic solutions for computer and cyber security. IGI global.
Gupta, B.B. and Akhtar, T., 2017. A survey on smart power grid: frameworks, tools, security issues, and solutions. Annals of Telecommunications, 72(9-10), pp.517-549.
Jokar, P., Arianpoo, N. and Leung, V.C., 2016. A survey on security issues in smart grids. Security and Communication Networks, 9(3), pp.262-273.
Khatoun, R. and Zeadally, S., 2017. Cyber security assignment Cybersecurity and privacy solutions in smart cities. IEEE Communications Magazine, 55(3), pp.51-59.
Maglaras, L.A., Kim, K.H., Janicke, H., Ferrag, M.A., Rallis, S., Fragkou, P., Maglaras, A. and Cruz, T.J., 2018. Cyber security of critical infrastructures. Ict Express, 4(1), pp.42-45.
Rathore, S., Sharma, P.K., Loia, V., Jeong, Y.S. and Park, J.H., 2017. Social network security: Issues, challenges, threats, and solutions. Cyber security assignment Information sciences, 421, pp.43-69.
Shapsough, S., Qatan, F., Aburukba, R., Aloul, F. and Al Ali, A.R., 2015, October. Smart grid cyber security: Challenges and solutions. In 2015 international conference on smart grid and clean energy technologies (ICSGCE) (pp. 170-175). IEEE.
Tawde, R., Nivangune, A. and Sankhe, M., 2015, March. Cyber security in smart grid SCADA automation systems. In 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS) (pp. 1-5). IEEE.
Taylor, J.M. and Sharif, H.R., 2017, May. Security challenges and methods for protecting critical infrastructure cyber-physical systems. In 2017 International Conference on Selected Topics in Mobile and Wireless Networking (MoWNeT) (pp. 1-6). IEEE.
Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J. and Shen, X.S., 2017. Security and privacy in smart city applications: Challenges and solutions. Cyber security assignment IEEE Communications Magazine, 55(1), pp.122-129.