Business Strategy analysis of Cybersecurity Incidents (original) (raw)
Related papers
Further Strategy Analysis of Cybersecurity Incidents
Land Forces Academy Review, 2021
In current socio-economic processes, info-communication services play a determining role, modifying the activities of certain actors. The growing dependence that has developed over the past two decades has imposed the need to give political will to security, which has led to an iterative evolution of the regulatory environment. Therefore, the regulatory framework requires certain entities to develop safeguards including controls that enhance both prevention and response in a manner commensurate with the business value of the information to be protected. However, due to the nature of cybersecurity, developing such countermeasures is not the task of a standalone organization but all entities in cyberspace in a wide range, from individuals to the public sector. Therefore, each entity involved must design protection capabilities in a manner commensurate with the risk, which requires strategic tools and methods and drives organizations to learn from their security incidents. Following ou...
Mitigating Cybersecurity Risks and Improving Network Security from a Business Perspective
From a business perspective, how does a holistic approach to enhancing cybersecurity in business environments mitigate future network vulnerabilities within an ecosystem framework? Secondly, what roles should business leaders and information technology (IT) professionals play in ensuring that a holistic approach to cybersecurity complies with policy regulations and industrial standards through best practices and community policing? Unparalleled growth of cybersecurity since the late 1980s creates several lucrative opportunities for some individuals to commit cyberattacks as law enforcement and, for this study, businesses struggle to maintain updated software packages. Leadership of business environments must often work continuously to align enterprise information architectures with managerial practices. Business leadership must also hire competent IT professionals capable of managing cybersecurity risks and network vulnerabilities by deploying multiple, open-source software applications to enhance security layers. While some models for improving network security in business environments exist, IT researchers propose a holistic approach to measure vulnerabilities. A holistic approach has both theoretical and practical implications for infrastructure, human resources (HR) management, and IT professionals through best practices and community policing. Businesses with competent IT professionals applying the holistic approach ensure compliance with regulatory and industrial standards to improve cybersecurity across networks. Through practices like community policing, a holistic approach to managing risk and improving network security promotes the belief that business environments should operate similarly to an ecosystem.
Managing the financial impact of cybersecurity incidents
Security and Defence Quarterly, 2023
The complex relationships of economic actors and the high dependency on information and communication technologies make it necessary for all relevant entities to develop protection. This protection should include preventive and reactive controls in a risk-proportionate manner in relation to the business value protected. We aimed to develop a solution to support cybersecurity-related business decisions with financial analytics. The risk-based approach helps management find the optimum solution with minimal costs, where protection prevents some incidents from occurring, while the risks associated with other incidents are accepted in an informed way. The security industry developed a number of apparatuses to find the optimum security controls that enforced the fiscal aspects, which typically contain solutions used in planning. However, the actual expenditure often differs from the planned budget for several reasons, one of which is the occurrence of security incidents. We used the comm...
Purpose-This literature review aims to delve into the nexus between cybersecurity risk management and strategic management, comprehensively exploring how organizations weave risk management strategies into their broader strategies to safeguard digit al assets and infrastructure against the backdrop of ever-evolving cyber threats. Methodology-The review employs a qualitative methodology, synthesizing insights from a diverse selection of scholarly works encompassing cybersecurity, risk management, and strategic management. These insights are analyzed to unveil patterns and trends that highlight the integration of cybersecurity risk management within strategic organizational frameworks. Findings-The review uncovers a critical interdependence between cybersecurity risk management and strategic management, showcasing how organizations formulate proactive measures to mitigate cyber risks while aligning them with overarching strategic goals. It also underscores the role of organizational culture, leadership commitment, and technological advancements in shaping effective cy bersecurity risk management strategies. Conclusion-The synthesis of scholarly findings accentuates the pivotal role of cybersecurity risk management in modern organizations. The review underscores the importance of fostering a strategic mindset towards cybersecurity, with a proactive approach that integrates risk management efforts within the broader organizational strategy. This not only shields digital assets but also promotes resilie nce, enabling organizations to thrive despite an increasingly dynamic and hostile digital landscape.
Zenodo, 2024
Objectives: This study explores how cybersecurity impact trad and it polices since technological development become essential part of the commerce world. The research explains how cybersecurity can be protected and secure commerce by adopting technological means through multi-layered protection using cybersecurity and to determine the relevance of cyber security in commercial businesses along with the future instance of cyber security and it uses. Methodology: In this study, we will use the analytical approach and the descriptive approach of cyber security on commercial legislation related to the subject of the study. Results: This study reached several legal results, mainly focusing on clarifying the importance and necessity of cybersecurity as one of the necessities of the business world, which aims to protect its systems from valuable and sensitive commercial and financial information that companies use in their various operations from crimes of electronic theft, damage, or illegal use, as rapid developments in information technology work to perpetuate security threats, making the negative effects of incidents Security is more harmful. On the other hand, the study found that cybersecurity is still in its infancy and requires intensive legal and practical efforts to improve it and expand its use in commerce, which makes cybersecurity an urgent and complex challenge for institutions in commerce. Recommendations: This study reached a number of results, the most important of which is the Jordanian legislator's recommendation to make legal amendments to the legislation related to cybersecurity regulating trade and its services so that they are flexible and allow the use of advanced protection methods on a practical scale to achieve the required protection.
The Challenge of Ensuring Business Security in Information Age
2011
Every day, thousands of businesses rely on the services and information ensured by information and communication networks. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. The asymmetrical threat posed by cyber attacks and the inherent vulnerabilities of cyberspace constitute a serious security risk confronting all nations. For this reason, the cyber threats need to be addressed at the global level. Given the gravity of the threat and of the interests at stake, it is imperative that the comprehensive use of information technology solutions be supported by a high level of security measures and be embedded also in a broad and sophisticated cyber security culture.
The Impact of Cyber Security on Business: How to Protect Your Business
Open Journal of Safety Science and Technology,, 2023
This book presents knowledge and grasp of numerous sorts of computer attacks, as well as the reasons and targets of those attacks. The introduction of the article includes a brief dictionary of relevant terms that are laid out in a manner that is simple to comprehend. Following this, the paper analyzes "the patterns and severities of cyber attacks and their impact on routine computer-based operations, the furtherance of business, and electronic commerce, as well as on some Critical National Infrastructure (CNI), which supports such essential areas as power, transportation, communications, defense, and banking and finance". In the field of cyber security, which is now a highly popular topic of debate, the definition of cyberspace or cyber risk is currently a prominent issue of controversy. The major goal of this article is to educate the audience about the dilemma that is offered by cyber security and to make them aware of the possible attacks and cyber threats that now exist in the world of information technology or cyberspace. This piece will also make them aware of the attacks and cyber threats that now exist in the realm of information technology or cyberspace.
Cybersecurity: Stakeholder incentives, externalities, and policy options
Telecommunications Policy, 2009
Information security breaches are increasingly motivated by fraudulent and criminal motives. Reducing their considerable costs has become a pressing issue. Although cybersecurity has strong public good characteristics, most information security decisions are made by individual stakeholders. Due to the interconnectedness of cyberspace, these decentralized decisions are afflicted with externalities that can result in sub-optimal security levels. Devising effective solutions to this problem is complicated by the global nature of cyberspace, the interdependence of stakeholders, as well as the diversity and heterogeneity of players. The paper develops a framework for studying the co-evolution of the markets for cybercrime and cybersecurity. It examines the incentives of stakeholders to provide for security and their implications for the ICT ecosystem. The findings show that market and non-market relations in the information infrastructure generate many security-enhancing incentives. However, pervasive externalities remain that can only be corrected by voluntary or government-led collective measures. (J.M. Bauer), m.j.g.vaneeten@tudelft.nl (M.J.G. van Eeten). Telecommunications Policy 33 (2009) 706-719
Enterprise Cyber Risk Management
Risk Management for the Future - Theory and Cases, 2012
Cyber risk represents an ever-growing threat to public and private institutions alike due to its potentially disastrous effects on organizational information systems, reputational risk, and potential loss of consumer-and stakeholder's confidence. With the advent of the internet and the corresponding proliferation of information technology, firms, non-profits, and governmental entities were generally unprepared for identifying and addressing this risk, but the threat has increased in both frequency and severity over time, and the nature of attacks has also changed. In many early cases, the perpetrators of cyber attacks and information disruption campaigns interrupted business operations simply for their own amusement, or viewed breaking into the corporate information technology (IT) infrastructure as a challenge. They would deface websites or take down servers in order to aggravate or simply to challenge other cyber professionals in order to prove they could do it, not to profit . However, as the Internet has grown and e-commerce has blossomed, employee access to company data has increased, and remote access to internal computer systems has become commonplace, cyber attackers have evolved, becoming more sophisticated and their effects becoming more devastating (Rhemann, 2011). Current cyber threats and attackers are increasingly focused on profiting from the consequences of their attack actions and either exploit the data they illicitly obtain for private gain or require payments from the victimized enterprise to restore service, access, or websites back to operational functionality (Maillart & Sornette, 2010).