Saket chapter 2
Continue to develop your Chapter 2 literature review around the theory for your dissertation topic.I have worked on a paper and I need to complete the above requirement.2 pages, apa format and references
Information Governance in Cyber Security
(Network security in information governance)
Table of Contents
Chapter Two: Review of Literature
Network security in information governance
Information governance is the general information policies that are significant in balancing the risks related the value of data held in an organization. Information governance helps companies governed by both legal and operational compliances in reducing the expenses that are linked to legal knowledge discoveries (Abomhara, 2015). Cybersecurity denotes the process of safeguarding the organization’s computing devices from any damage. Cybersecurity consists of the various practices, approaches and technologies that are primarily designed to secure networks and systems from unauthorized access. It comprises of all the defensive technologies and methods utilized to offer data and network protection. Also, cybersecurity techniques are crucial in enhancing data, information and network protection against various threats such as malware attacks, phishing and ransomware (Brown et al., 2015).
Network security and information governance are two elements that define the integrity, confidentiality, and accessibility of data in the current information age filled with a lot of cyber threats. Therefore, information governance will dictate that the data of the customers, just like those of the company, will be protected through network security. The segmentation approach will help in ensuring that each level of users accesses their network segment. Proper network management practices will be ideal for the success of information governance. Information governance practices should consider the need for policies to help in the network’s operation and management. The need for proper procedures in information and communication technology is necessary to ensure that there are minimal data loss cases and compromise. Understanding the need for network security as part of information governance is essential to successfully use and consume the ever-growing demand for information technology. This chapter seeks to exploit Network security and Information governance as a specific area of my research dissertation.
The new age and era have seen an increased use of information technology in e-commerce and global connectivity, made possible by interconnections of networks. The use of networks and systems has heightened its usability at individual levels and organizations and in information transfers and storage. The increased use of information technology across the globe has attracted hackers and other online malicious groups who strive to exploit vulnerable systems. Their efforts have led to extreme actions such as bringing down the government and parastatal systems such as the national power system. Network security can be defined as the activities designed chiefly to bring about protection onto the network to enhance usability, safety, and reliability of the network infrastructure at hand. On the other hand, Information Governance (IG) can be defined as the orchestration of processes, technology, and people to make it possible for organizations to handle their data as enterprise assets. The need for information governance and network security has, after that, surfaced and became a household activity.
The company’s primary duty through its network administrators and security team is to ensure that the company data and those of its customers maintain its dictates of integrity, confidentiality, and availability. For instance, the customers will trust the company with their data, such as personal emails and telephone numbers, for the case of e-commerce. As such, the company should protect them from potential attackers (Borgman et al. 2016). Therefore, information governance will dictate that the data of the customers, just like those of the company, will be protected through network security. The customers have the right to decision rights and call the company into accountability in cases where its data is compromised. Therefore, the company should deploy robust network security as part of information governance. The primary aspect is the prevention and control of threats that could penetrate or spread into and within the network (Borgman et al. 2016). The paper will hence address the issue of network security in information governance.
Ransomware: It is malicious software or malware that makes various attempts scrambling or encrypting data and participating in extortion attacks for the sole purpose of freeing the otherwise inaccessible data. Ransomware attacks are effected through the use of emails containing suspicious links. To ensure that organizations have systems against these attacks, there is a dire need for the organization to engage in frequent employee trainings with regards to opening emails on the organizational network and devices. Also, frequent antivirus updates will go a long way in preventing these attacks. Lastly, the IT technical team must ensure the network devices within the organization are always up to date with the current and emerging security patches.
Phishing: In today’s society, phishing scams are growing in prevalence. While this is happening, businesses are suffering. A phishing attack occurs when a fraudulent email or text message is sent with the purpose of collecting sensitive information (O’Leary, 2019). Since email is the primary method of communication for most businesses, it is also the most effective way for phishing attacks to occur. Worldwide there are more than 269 billion emails sent from more than 3.7 billion accounts (Binks, 2019). The ubiquitousness of email use among businesses is what makes it so successful with attackers. In 2007, it is estimated that phishing attacks cost businesses an estimated $3 billion in losses. This trend has worsened over the years as phishing attacks have become more sophisticated. In the United States, for example, it is estimated that businesses lost $2.76 million per attack (O’Leary, 2019). With phishing attacks growing in sophistication and prevalence, there is an undeniable financial cost to businesses. To help combat these attacks, it is imperative that you understand what a phishing attack looks like. Understanding this will help you develop strategies and best practices to protect yourself and your company from the financial cost of phishing attacks. These emails almost always prey on our fears and instinctual ability to panic. This is done by creating a sense of urgency.
Targets of these attacks are threatened with the possibility of losing data or account details (Binks, 2019). Figure 1 illustrates how a phishing attack works. These fear tactics utilized by cybercriminals hope to create a sense of urgency within the busy business professional so they do not examine the email too closely. Unfortunately, they are very effective in doing just that. Approximately 23 percent of phishing emails are opened by unsuspecting victims of these scams and 12 percent of those targeted open a malicious link (Binks, 2019). In the midst of the Covid-19 pandemic, this situation has worsened. The world’s fear and uncertainty over the virus has created a prime environment for cybercriminals to thrive. In addition to the fear society is experiencing, millions of people are working from home away from the network security of their offices.
Figure 1. The phases of phishing (Bursztein, 2015)
Crypto-jacking: this approach entails the use of personal devices to mine information from the blockchain technology. Hackers are utilizing this method through email links send to clients. This links works in a manner that loads crypto mining codes on the systems. Organizations must work closely with Cyber security experts to provide advice on protecting them from these attacks. For instance, there is need to install website filtering tools which must be updated regularly.
Information governance is the general information policies that are significant in balancing the risks related the value of data held in an organization. It is an all-round practice that is employed in managing information by putting in place controls and practices that are essential in creating useful organizational assets of data. All the efforts of information governance are towards eradication of threats in an organization. The entire process of information governance consists of planning and organizing, monitoring and evaluation, acquisition and development and delivery as well as providing support. Figure 2 below shows the holistic process of information governance that must be implemented in any organization to safeguard its network, information and devices from external threats.
Figure 2a A holistic view of the Information governance process
Figure 2b Information governance process in the organization
Network security revolves around several devices, processes, and technologies. These components are conjoined through rules as well as configurations that are meant to cement the elements of the CIA triad of the company’s data and computer networks through hardware and software technologies. While managing the network security sufficiently, it will be necessary to have information governance in place, regardless of the organization’s size, infrastructure, or industry. Rasouli et al. (2016) noted that as the complexity of network architecture keeps growing as per the threat environment, it will be necessary to have policies that can manage as a move to contain ever-changing dimensions, attackers. Understanding network security paradigms and dictates will help tackle vulnerabilities that exist across data, networking devices, applications, devices, and users. Therefore, due to this, there are several management tools for managing network security that can be used in addressing cyber threats within an organization.
Little downtimes can be the source of prevalent disruptions and huge damage to the company’s image, hence the need for these protection measures (Rasouli et al. 2016). The success of information governance in any organization depends on the level of network security. This is because the proper setup of network security will guarantee information security, which is also part of the information governance. Through information governance, the company gets to view the company data as its assets, hence influencing the need for an increase in information and data management. Succeeding in its deployment of information governance, it will be ideal for harmonizing the core components: the people, technology, and processes. Therefore, these three entities will allow the organization to enhance data management as its assets, which are critical for its existence and success. Poor information governance will expose data to possible cases of attack whereby the third party will misuse data, hence compromising the company’s situation.
The companies that have been hacked before commonly attribute the success of hackers to the company’s laxity. For instance, the network’s poor management led to the loss of data loss of up to 7 million customers of JP Morgan & Chase Bank through data breach (Silver-Greenberg et al., 2014). Such cases lead to the company being sued by customers because their data will be used by the third-party for malicious purposes, such as using them for acquiring loans through mobile banking. The hackers of JP Morgan bank are said to have exploited a fault within the company’s website, and it had continued for more than a month before its finding, as stated in the article by Silver-Greenberg et al. (2014). A proper configuration of network security will have alerted the company of such intrusion. This further means that there was laxity in information governance because if that were not the case, the network’s fault would have been addressed long before the attack. The fact that it also lasted for a whole month is an indication that there were no policies in place that guides constant checking of the company’s network and systems.
The items to factor in when dealing with network security are the three different network security controls, which are the administrative, physical, and technical.
Physical Network Security: these types of controls are designed in a way that will prevent any possibility of unauthorized personnel who may tempt to gaining physical access onto the company’s network components (Eugen & Petruţ, 2018). The features being protected include routers, servers, cabling cupboards, to mention a few. The standard entities for fostering controlled access are majorly locks and biometric authentication, which remains ideal for any company. As part of information governance, the data should remain confidential, reliable, and highly available. In achieving this, it will be ideal to ensure that the central data center is only accessible to the company administrators. Having such restrictions will help prevent cases where stray strangers in the company or malicious employees will enter the data center and manipulate the company information hence compromising the availability, reliability, and confidentiality of company data (Eugen & Petruţ, 2018).
Technical Network Security: this is a type of security controls whose sole purpose is to protect stored data on the company’s network and those data that moves within the network or out of the network. As part of information governance, the company’s network administrator should design policies and regulations that will be used for controlling how data move between workstations in the company. The protection can be said to be twofold, whereby there is a need to protect company data and systems against possible employees’ malicious activities and unauthorized personnel (Eugen & Petruţ, 2018). Having strong information governance in place will entail a comprehensive plan on how the network is accessed, controlled, and used by both the system users and the network administrators. The provisions of network control and its subsequent operations fall within the information governance. Therefore, the technical part will involve how data will be transferred within the network and how to access shared data. Furthermore, there will be configurations of virtual private network whereby some employees will be allowed to access the company’s data and information remotely (Eugen & Petruţ, 2018). As part of information governance, it will be ideal to ensure a robust authentication system to avoid cases where the sniffers and snoopers will “listen” to the data and information being shared.
Administrative Network Security: this is network security controls that deal with the security processes and policies affecting user behavior, such as the employees’ level of information and data access (Borgman et al. 2016). It also deals with how the company’s network users are authenticated, and again, the company’s IT team should implement any changes needed to the network infrastructure. Proper management within the network on the level of access is part of information governance in that the network users will be restricted from accessing those components within their levels (Kao, 2016). The levels of access are down to the company hierarchy. The top management will not have to share the same data access level with the company employees at the bottom of the hierarchy. The move will foster ideal information governance in that it will be easier to detect and trace possible cases such as misuse of company data. For instance, if all the employees were having the same access to data, it will be hard to trace employee who injected a malicious program into the system. On the other hand, if such an occurrence is registered in a clustered network, it will be easier to trace it based on the level of information access (Syed & Dhillon, 2015). Consequently, the core company data should only be available for full management access because of its criticality.
The essence of information governance is to ensure that the company’s data and information are within the CIA (confidentiality, integrity, accessibility). In this case, there will be a need for a proper understanding of the network security types to foster information governance.
Network Access Control: The network components can be protected by controlling how the network users access them. This is essential because the hackers and potential attackers will always try to infiltrate the company network; hence the existence of comprehensive access control policies will be necessary for both the devices and users (Mikhed & Vogan, 2018). For instance, the company administrators will be allowed to access different folders within the network, but there are those specific confidential folders which they will not be accessing. The move will help ensure that if attackers gain the login credential of an administrator into the network, they will not be able to access some confidential information due to access control. Additionally, Kao (2016) stated that if there is a situation where the network access control is set to accept a set of devices, it will be hard for the attackers to join the network using non-set devices. The network access control should also have a visualization mechanism in which the administrators will be used to monitor traffic movement in the network, making it easier to detect cases such as abnormal traffics, which is common during network attacks (Syed & Dhillon, 2015).
Antivirus and Antimalware Software: these are the type of network security that will help prevent malicious software from tampering with the company resources. The policies that are part of the information governance will be needed to guide the crucial aspects such as the antivirus and antimalware that the company will be using to protect its data (Mikhed & Vogan, 2018). The policies guiding antivirus and antimalware software will also give a framework on how the network will be maintained in terms of activities such as network scans, tracking of files, and software activation. The information governance will help identify the section within the network, which will be labeled as hotspots and thus subject to constant scrutiny and observation. This approach aims to prevent potential elements such as viruses, worms, Trojans, and ransomware, which hackers could use to collect or destroy company data, hence jeopardizing its integrity, confidentiality, and availability (Mikhed & Vogan, 2018). The sphere of information governance will also cover the type of vendors and software being used in the network because there are those which do not meet the standards hence becoming the problem rather than a solution.
Firewall Protection: these are components in the network placed between the company’s trusted internal network and the untrusted external networks. It is within the administrators’ mandate to configure rules and policies that will help block or permit traffic that enters the system. Controlling the components that find its way into the company network is necessary because, in most cases, these are the hackers’ entry points. Syed & Dhillon (2015) stated that the policies that are part of the information governance would entail the sites that are not blocked from access by the company because they can potentially harm the company. It is also used to monitor the elements that are downloaded into the company’s network (Acemoglu et al., 2016). As part of maintaining a healthy network, it will be mandatory to reserve programs for administrators.
Network security for consumers and businesses: the rise in the use of information technology in business, more so e-commerce, has attracted a pool of hackers who want to exploit online customers. For this matter, the company should prioritize network security to prevent both the customers and its business from possible compromising. The administrators should draft policies on how the company should regulate the network traffic to acid cases where the hacker will capitalize on the high traffic to gain access to the company’s network (Mikhed & Vogan, 2018). The priority remains to be the protection of assets as well as data integrity from potential external exploits. The other approach for boosting information governance through network security is enhancing network performance whereby the faster the network, the easier the management (Saffady, 2017). It is hard to manage a slow network because the customers will cause unnecessary traffic while trying to refresh their webpages. In cases where there is high traffic in the network due to poor performance, it will be hard for the network administrator to quantify the traffic source, hence giving leeway to the hackers to access the network.
Behavioral analytics: using this approach will help in identifying cases within the network that are not common. For instance, if there is a workstation with more logins than usual, it will attract the network administrator’s attention because the first possibility is that there is an intrusion (Muddu & Tryfonas, 2016). If there is also a customer account, for online banking or e-commerce, that is registering more business activities than usual, the network administrator should isolate it and investigate the potential issue of hacking. As part of network security, the company should use behavioral analytics software to identify a security breach’s possible case. The application is ideal for spotting a problem quickly and isolating potential threats. According to Muddu & Tryfonas (2016), the use of these technologies and processes forms part of the information governance whose sole mission is to ensure that there are no data loss cases.
Data loss prevention: This is a type of network security that will ensure that there is no compromising of the organization’s data through cases such as employees sharing valuable and sensitive information of the company knowing or unknowingly outside the company network. For instance, the employee may download a file from the internet and open it, exposing the whole company network to viruses and other worms attack. Alternatively, the downloaded file may be having prompts which, when clicked, will lead to other links hence loss of company data in the long run. As part of data loss prevention, the system users will have to be trained on using the company network in terms of best practices and dos and don’ts. The system users should be trained on handling possible attacks such as alerting the admin in case of abnormal behaviors such as instant log out or password rejection (Acemoglub et al., 2016). On the other hand, the admin should design a mechanism of detecting when there is a change in login credentials within the specific workstation. The move will ensure that any case of attempted intrusion is detected and nullified before it causes menace within the network.
Network security and information governance exist as a unit whereby a fault or laxity in one area will lead to a vulnerability in the other area. The success of information governance depends on the dictates and structure of network security and vice versa. Increased use of information technology in our day to day company activities has increased the need for better network security to foster information governance (Acemoglub et al., 2016). Mobile device security, for instance, should be factored in because they have become the latest targets among hackers and other intruders. Given that the main aim of information governance is to ensure proper use and maintenance of data and devices, mobile devices should also be given consideration. Mobile devices such as phones, tablets, and laptops can contain sensitive company information, hence keeping them protected. The first step is to limit the use of these devices within the network, more so when accessing confidential company data because they are the hackers’ prime targets (Saffady, 2017). The aim of imposing such dictates is to ensure that there is proper monitoring of network traffic and the prevention of possible leakages through such devices.
Another proper management of mobile devices as a network security measure is to ensure that the flash disk and memory devices are not accessible through the workstation by deactivating all ports. The practice will prevent cases such as injecting viruses and other malicious programs into the network through such ports. Some bold hackers can take advantage of laxity in network administration who do not make such restrictions to access the physical network and use their portable devices such as HDD to transfer company data. According to Acemoglub et al. (2016), the need for network segmentation will also be a factor in enhancing information governance through network security. For this matter, the network will be divided and sorted to ease network traffic whereby certain classifications will be used in streamlining the segmentation. According to Saffady (2017), the segmentation approach will ensure that each level of users accesses their network segment. Consequently, the network will be set so that if a particular section is attacked, it will be deactivated, and its traffics re-directed to the functioning network segment.
Network security and information governance usually go hand in hand, and as such, they are dependent on each other. As seen in the discussion above, a proper understanding of the network will be necessary to control and implement information governance. Poor network security practices will open the way for attacks such as DDoS (dedicated denial of service), which will cause unnecessary traffic in the servers hence causing unavailability of data. Proper network management practices will be ideal for appropriate the success of information governance. The information governance practices should also need policies that can help in the network’s operation and management. Whereas other potential entry points of the hackers and other malicious personal, the primary route remains to be that of the network hence the need for emphasis on network security. The network administration should work closely with the information governance team to help them draft policies and laws, which will help streamline the operations that will boost network security.
From the above, it can be concluded that cybersecurity denotes how information within the organization as well as data can largely be safeguarded from unauthorized access via utilization of the most reliable and appropriate strategies and polices. With these in mind, it is equivalent to an essential asset for any organization since. Without proper communications, operations within the company cannot be implemented as per the required standards. In this paper, various threats that impact the organization’s operations were highlighted, and it is essential to recognize them as all the data can be breached and released in the wrong hands that can misuse it. In ensuring that the systems and processes’ security is achieved, the information governance framework must be adopted.
Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88.
Acemoglu, D., Malekian, A., & Ozdaglar, A. (2016). Network security and contagion. Journal of Economic Theory, 166, 536-585.
Binks, A. (2019). The art of phishing: past, present and future. Computer Fraud & Security, 2019(4), 9-11. doi: 10.1016/s1361-3723(19)30040-5
Borgman, H., Heier, H., Bahli, B., & Boekamp, T. (2016, January). Dotting the I and Crossing (out) the T in IT Governance: New Challenges for Information Governance. In 2016 49th Hawaii International Conference on System Sciences (HICSS) (pp. 4901-4909). IEEE.
Brown, S., Gommers, J., & Serrano, O. (2015, October). From cyber security information sharing to threat management. In Proceedings of the 2nd ACM workshop on information sharing and collaborative security (pp. 43-49).
Bursztein, E. (2015). The five phases of the phishing cycle [Image]. Retrieved from https://elie.net/blog/anti_fraud_and_abuse/how-phishing-works/
Eugen, P., & Petruţ, D. (2018). Exploring the new era of cybersecurity governance. Ovidius University Annals, Economic Sciences Series, 18(1), 358-363.
Kao, D. Y. (2016). Performing Information Governance: Golden Triangle Components For APTs Countermeasures. International Journal of Development Research, 6(1), 6539-6546.
Mikhed, V., & Vogan, M. (2018). How data breaches affect consumer credit. Journal of Banking & Finance, 88, 192-207.
Muddu, S., & Tryfonas, C. (2016). “Network security threat detection by user/user-entity behavioral analysis.” U.S. Patent No. 9,516,053. Washington, DC: U.S. Patent and Trademark Office.
O’Leary, D. (2019). What Phishing E-mails Reveal: An Exploratory Analysis of Phishing Attempts Using Text Analysis. Journal Of Information Systems, 33(3), 285-307. doi: 10.2308/isys-52481
Rasouli, M., Trienekens, J. J., Kusters, R. J., & Grefen, P. W. (2016). Information governance requirements in dynamic business networking. Industrial Management & Data Systems, 116(7), 1356-1379.
Silver-Greenberg, J., Goldstein, M., & Perlroth, N. (2014). JP Morgan Chase hack affects 76 million households. New York Times, 2.
Syed, R., & Dhillon, G. (2015). Dynamics of data breaches in online social networks: Understanding threats to organizational information security reputation.
William Saffady PhD, F. A. I. (2017). Enterprise content management as an information governance enabler. Information Management, 51(1), 40.
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason may is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Our essay writers are graduates with diplomas, bachelor, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college diploma. When assigning your order, we match the paper subject with the area of specialization of the writer.
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more