Please read below student posts each in 130 words.
Varsha-Today every organizational leader needs the situational awareness to
protect the operations, sensitive data, and particularly National infrastructure.
Overgrown dependency on cyberspace has increased, which intern increased the need
for situational awareness. This will help us understand the accurate predictions,
understanding, and responding to the potential problems that might occur. Basic
situation awareness helps with security countermeasures that are needed to protect
from cyber-attacks. To achieve situational awareness, we need to understand four key
things: Business Mission and goals, Cyber assets, Cyber Threats, and Network
Infrastructure (Giandomenico 2017).
Situation awareness helps in monitoring the critical national Infrastructure
vulnerabilities and threats and providing appropriate information for senior managers
and officials. This way, they can maintain the knowledge and vulnerabilities of risk
up-to-date. It gives the Reporting of cyber security-related incidents against the
critical national infrastructure. Managing the information cybersecurity incident
response database, helps in conducting the event analysis, and recommend actions to
minimize the attacks. Situational awareness helps in coordinating the response
activities, communicating relevant information such as bulletins, reports on data
vulnerabilities, virus alerts, patch notifications of vendor patches etc.
All the advantages mentioned above using the situation awareness helps to
fight against cyber threats and vulnerabilities. Situation awareness will help as
Prasanna -Security awareness refers to the attitude, information, and knowledge that
members of an organization possess regarding the protection of the assets of that organization.
Naturally, human beings are continually in the process of looking for knowledge and critical
information that can help them improve a particular situation. Lack of security awareness
measures causes too much risk to the safety of an organization’s assets and their critical
information (Yepuru, Hsu, & Li, 2018). It is always advisable that people, especially those
working in an organization that holds very vital information always to be cautious and that in
case they notice any suspicious persons or activities around their environment they should
quickly report and seek a follow-up. To address such major security challenges, people need to
have a focus on the risks, threats, and priorities of an organization (Fennelly & Perry, 2020).
Besides, individuals need also to establish security and situational awareness programs to help
curb the security situation.
The security awareness program will aid in the training of an organization’s staff of the
potential risks that cause a threat to an organization’s information together with measures that
can help to avoid the situations that might put an organization’s information at risk. The
members of the public also need to be trained some of the safety measures and practises that can
guarantee the safety of their assets and information in their day to day activities
(Connolly, Lang, Gathegi & Tygar, 2017). The security awareness program targets to destroy an
organization’s attack surface, educate users to take a personal initiative of being responsible and
protecting the information of their respective organization. The security awareness programs also
develop policies and procedures that will not only protect an organization’s information but also
safeguard each user’s personal information.
Eswari -Wiki, as a hallmark of web 2.0, ensures people gain more information about
their surroundings. It’s a mark of providing information, for example, bringing people
closer to countermeasures of dealing with security issues. Security awareness is the
knowledge and attitude possessed by organization members to protect different assets
within an institution (Nykänen & Kärkkäinen, 2016, 2018). Being aware of holding a lot
of information makes it easy to come up with strategic ways to deal with security issues.
Information on security awareness pursues the understanding and enhancement of
human risk behaviors and insights on information security. Also, people get to
understand and enhance the organizational culture as a countermeasure to any
Wikis, for example, state and give information on the need for organizations to
have their employees trained on security countermeasures. These security
countermeasures are essential in ensuring that a company doesn’t lose its data.
Awareness makes people or only employees keep their eyes open since the world is full
of thieves who, at any time, are likely to enter into a server and access all information.
Awareness is the fact that an employee will be able to stop this kind of malice through
employing the possible ways or information learned from the web 2.0 tools such as
Wikis. Olt, Gerlach, Sonnenschein, & Buxmann (2019) explains that management
teams within institutions employ knowledge from Wikis to help employees and
themselves too to understand possible ways they can use to keep data safe.
Security awareness includes providing valuable information, such as the need to
have a security program. Through getting information on how to create security
programs, companies put that information into use and the teams to manage risks.
Information provided also is based on different types of threats that are likely to occur,
and security controls such as administrative, technical, and physical controls are to be
used to curb the risks (Nykänen, & Kärkkäinen, 2016, 2018). Anyone, including the
employees, can access information from the Wikis and utilize them whenever they
encounter threats at their workplace. The Wikis also provide details on any danger that
is likely to be encountered. Pieces of information provided by Wikis are prior to ensuring
security threats are responded to and deal with or mitigated.
Saigutta-How simply awareness can help with security countermeasures
Being aware of your surroundings is a good thing in real life since it enables you to guard yourself against
any danger as well as remaining confident within your environment. It is the same in cybersecurity. Cyber
awareness is having a good and thorough understanding of the potential cyber threats that surrounds you and the
potential ways to avert or avoid them (Mamonov & Benbunan-Fich, 2018). Humans (staff in a company), are known
to be the weakest link when it comes to cybersecurity. For instance, no matter how huge an enterprise invests in
preventing cyber threats, if it does not promote cyber awareness to its employees, all that considerable investment
will be all for nothing. This is because most of the advanced methods of cyber-attacks rely on having a naïve or
distracted staff such that he or she can click on a malicious link in an email that opens the attacker to the rest of the
enterprise system despite the expensive cybersecurity countermeasures.
According to Abawajy (2017), approximately 90% of today’s attacks in cyber originate from email attacks,
while the enterprise or organization employees click 24% of those malicious emails. Having an effective cyber
awareness training for the employees can go a long way into having the employees as the first line of defense and
with awareness; it is tough to break that defense (McCrohan, Engel & Harvey, 2017). Organizations, as well as
government agencies, should have a strong cyber awareness program, which is ready to provide their employees
with a better understanding of the vulnerabilities as well as the cyber threats and, at the same time equip them with
the know-how as well as the technology to avoid them.
With efficient cyber awareness programs in place, the 23% of the malicious email clicks as well as the 90%
malicious email clicks will be reduced to a minute amount if not below 1%.
The recent cyber attack is on the U.S. Health and Human Services Department. It suffered a cyber-attack
on its computer system where some portion of the department could not account for the attack due to the recent
outbreak COVID-19. It is planned for weakening the response to the coronavirus pandemic and may have
significantly impacted the response time it could support the economy. (Shira 2020).
The attack, which included over-burdening the HHS servers with millions of hits more than several hours,
did not succeed in slowing the office’s systems significantly, as was expected, as indicated by one of the individuals
acquainted with the issue. The requested information to discuss details of the sensitive occurrence. (Shira 2020).
This defense inside and out strategy includes preventive, observing, and criminologist measures to ensure
the security of our systems. For instance, they perform infiltration tests where a contractual worker attempts to
discover and abuse vulnerabilities. The results of these regular infiltration tests educate companies about whether
their preventive strategies are working so that they can improve their assurance as technologies and capabilities
advance. Entrance testing also allows them to practice and improve their observing capabilities. (Owens 2012).
The worldview has changed with the coming of the Industrial Internet of Things that foresees adaptable and
interconnected systems. Right now, gadget going about as an association between the operational innovation system
and data innovation arrange proposes. The gadget is an intrusion identification system identified with heritage
systems that is ready to gather and revealing information to and from industrial IoT devices. (Colelli 2019).
Following the Information Governance (IG) principles could have prevented the attack on the health and
human services department. The IG principles strategies a plan to have an effective countermeasures that helps in
safeguarding the organizations from these attacks
Akshay -Research recent cyber attacks in the news and report on one here in our
discussion. How could information governance helped in preventing it?
In this discussion, the customer accounts of leading supermarket chain Tesco being
hacked is studied (Kleinman, 2020). The hackers always look for username and password
patterns and try to crack the credentials of the users to gain access to the accounts. This was
exactly what happened at Tesco as the common username passwords were tried on the user
accounts of Tesco club members and were successful in redemptions. With 19 million people
having the accounts and for each 100 points getting converted to 1 pound, based on the number
of points each user holds can be a huge transaction if successful. Assuming on an average each
user has 100 points (considering Tesco to be one of the leaders in the supermarket chain business
and the long time of existence in the market), the breach would have cost 19 million pounds
which is a huge amount.
In this case, the management was quick to identify the attack and revoke the access
before issuing the new vouchers and the benefits would be still valid. As a countermeasure, the
company sent a security alert email and assured that the benefits will not be compromised even
for the accounts which were hacked.
It can be mentioned that in this case, Tesco was quick enough to identify the breach.
Having the strong information governance framework and the policies implemented will protect
the systems from the cyber attacks which ensure strong privacy and security to its users.
Privacy governance framework helps include the privacy related practices in the planning
and strategy and those practices will be included in the program and service delivery in the form
of privacy management plan checklist. In case of any compliance issues, they will be handled
with well defined privacy internal review and finally there will be an audit which will help in
assessing the efficiency of the privacy policies and implementation using the evaluation and
reporting (InfoGovANZ, 2020). Having this framework would have helped in avoiding the attack
as the privacy policies would have ensured unique usernames and multi factor authentication
which is difficult to attack and decode.
So, it is advised for all the organizations to invest in information governance framework
planning and implementation which is customized for its requirements.
Purchase answer to see full