Steps for Proper IT Infrastructure Management

Discuss about the Cyber Defence and Cyber Warfare.

The management of the information technology is a critical issue regarding the proper deployment of the information technology infrastructure.  The control of the information technology in the organization includes different issues like maintaining the cyber security, adequate monitoring of the system. To manage the IT infrastructure properly, there are specific steps and the planning are needed to be followed by the organization (Ashok et al. 2015).  The primary objective of this paper is to evaluate the security and the risks associated with the implementation of the cyber system in a selected organization. The chosen, in this case, is Abu Dhabi Commercial Bank, which is a prominent organization in the banking sector of UAE. The primary objective of this paper is to evaluate the project management planning to maintain the cyber security in the organization. In this context, the reference of the cyber security system and the managing plan has been discussed at Abu Dhabi Commercial Bank. The discussion in the paper provides the proper guideline or the roadmap for the implementation of the cyber security and the data security in the organization. Along with that it also helps to give the ways those are effective in the elimination of the security threats and the risks associated with the cyber security in the organization.

The proper implementation of the cyber security can be carried out through the application of the project management processes.  Abu Dhabi Commercial bank has adopted the IT project management processes to implement the cyber security in the organization.

The IT project management process consists of the distinct steps or the stages which ensures the IT project will deliver the right come, meeting all the requirements of the clients. There are five phases of the project IT project management (Han et al. 2017). The first phase includes the gathering of the requirements and the documentation of the elements. The requirement gathering phase is essential to phase, and the clarity in the condition reduces the chances of scope creep in the project management. Abu Dhabi Commercial bank has gathered the requirements at the beginning of the project planning. This helps the bank to understand the security system that is needed to be implemented. The planning and the designing phase follow the requirement gathering phase. The planning phase includes the planning or making the blueprint for the execution based on the requirements. The third phase of the process is the execution based on the plan. The monitoring and the control phase include the evaluation of the performance of the project. The project closes with the closing stage.

Application of Project Management Processes for Cyber Security Implementation

The information management system is the database; manages all the business information related to the financial and operational matters. The managers can obtain reports and the feedback through the use of the information management system. Abu Dhabi Commercial bank uses the information management system to get the financial information regarding the business of the bank. The information management system helps to manage the data in the Abu Dhabi Commercial Bank to maintain the economic data and get the forecast of the economic issues and matters (Slay 2016).  Information management system collects data from different electronic checkout counters and periodic intervals. The regular reports are run on the ranges and data are provided on demand to the project managers in the bank.l:

Project planning and control deals with the preparation of the execution of the project and monitoring the performance of the project. The development of the project mainly focuses on the making of the blueprint for the implementation of the plan (Van den Berg et al. 2014). The planning is based on the requirements those were documented at the initial phase of the project management (Kim, Park and Lim 2015). The implementation of the cyber security system at Abu Dhabi commercial bank has gone through the planning phase that includes the fulfillment of all the requirements needed for the banking system (Lee et al.2015). The planning phase ensures the execution of the cyber security system will ensure that the transaction of the data in the banking system will be secured and the confidential data of the consumers will be safely handled by the banking authority (Mierzwa and Scott 2017.). The planning phase also ensures that the unauthorized users will not access all the systems running in the bank.

The control phase includes controlling and monitoring the performance of the system. The Abu Dhabi Commercial bank ensures that the project regarding the cyber security has been implemented correctly and the system those are supporting the newly implemented security measures is working correctly (Kuusisto and Kuusisto 2016). The planning phase has its significance in the project management as it helps the project managers to understand the quality and the performance of the newly implemented system. In case, if it is known that the system is not meeting all the requirements and not working correctly, the further modification is needed to be made on the project.

Staffing and costing of the project is an essential factor for the success of the project. The staffs, in this case, the crews are the members of the project management team of the Abu Dhabi Commercial bank. The selection of the project team members is needed to be chosen in a right way so that each of the team members has the proper knowledge of the domain of the project. In this case, the sharing of the awareness among the team members will result in the choice of the best option for the compilation of the project (DiMase et al. 2015). Abu Dhabi Commercial bank has chosen the group of employees who have the sound knowledge about the cyber security and threats related to it (Pangulur, Nelson and Wyman 2017). The experience of the cyber security has helped the team members to understand the possible risks and the threats related to this domain, based on that the project team has implemented the implementation of the solution.

Information Management System and Its Use at Abu Dhabi Commercial Bank

The costing of the project is another issue. Every organization granted a specific amount of the budget for the particular project. The managers and the higher authority of the Abu Dhabi Commercial bank have also given a budget of the specific amount for the implementation of the cyber security in the banking process. The primary target for the project development team is to complete the project within the budget. To do this the following of the project management lifecycle is essential for the project development team. The planning of the project management aims to deliver the right outcome cost-effectively.

The information system security aims to protect the data and the information stored in the system of the organization. It is the responsibility of the organization to protect the confidential and the sensitive data.  In the context of the information security, the cyber security can be discussed (Min, Chai and Han 2015). The information security and the cyber security overlap partially as the cyber security is related to maintaining the safety of the sensitive data transmitted through the internet (Benzel 2015). During the implementation of the project, maintenance of the cyber security and information security will be an essential subject (Carter 2016). Abu Dhabi Commercial bank deals with the sensitive data regarding the bank and the consumers of the bank. Data breaches in the bank are not desirable. In this context, the bank took some security measures for the implementation and maintaining the cyber security during execution of the project.

Security threats and the information vulnerabilities can of different types like the breaching of data, modification, insertion or deletion of the information by the unauthorized access.

One of the main threats from the cybercrime is the data breaching. The data breaching can be done through the unauthorized access to the systems of the organizations. The data breaching enables the entrance of the confidential information of the organization and its clients to be exposed, which is a significant security threat for the business of the organization.

Cybercrime can be regarded as the emerging risks. Presently, the word is becoming more dependent on the internet; in this context the cyber security risks are increasing rapidly (Okubo et al.2016.). The companies and the individuals can be affected from the cyber security risks both directly and indirectly (Bang,  Jung and Lee 2017). To mitigate the effects of the cybercrime, specific strategies are needed to be taken during the implementation of the project management (DuBow et al. 2016 ). The identification of the risks will help the developer and the project managers to implement the solutions applicable to mitigate those risks. Some of the ways those can help to reduce the risks from the cybercrime are-

• Strong encryption in the system.
• Usage of the right passwords
• Implementation of the security protocol and using the firewall and VPN in the order.

Project Planning and Control for Cyber Security Implementation

Multi criteria Decision Framework for Cyber security Risk Assessment and Management:

The data security is partially overlapped with the cyber security. The data security concerns the excellent maintenance of the information stored in the organization. The violation of the information security by some external entities can be regarded as the cybercrime. Some of the roadmaps and strategies can be taken to mitigate the risks.

Multi-criteria decision making framework can be achieved through the use of DECRIS approach. The process of the DECRIS follows the mentioned approach:

• First, the establishment of the taxonomy and the dimension of the risks are evaluated. This includes developing the hierarchy of the unwanted events (Fielder et al.2016). The activities can be technical and non-technical events (Park, Suh and Park 2016). The decision is made on the evaluation of the consequences of the unwanted events. The risks matrix is formed based on the decision making.
• The analysis is performed which identifies all adverse events and finding the risks related to the adverse events.
• The selected events are further evaluated. In the DECRIS approach, the information is provided for the support of the selection, and the dependencies of the risks are assessed.
• The performance of the selected items is valued. The events are the consequences are evaluated and analyzed in more details. By the evaluation, proper suggestions are given to mitigating the measures of the vulnerabilities.

There are various risk assessment methodologies preset for the evaluation and mitigation of the risks related to the cyber security. Some of these methodologies are-

In this method, all the plans are cover ECIP (Enhanced Critical Infrastructure Protection). The collection of the reliable data supports all the arrangements under this cover. It facilitates 18 infrastructure sectors and the approach in this case sectored approach is followed.

Baseline protection plan has been issued by the Federal Ministry of Interior of Germany. This is a risk assessment methodology that helps to make the communication between the infrastructure operators and the states. The primary function of this methodology is to assess the risk in critical infrastructure.

The security management in the enterprise includes implementing and managing the procedure and plans those will support the security system of storing and processing the data in the organization. There are specific methodologies those can be followed to implement the cyber security management. The different governing bodies create different methods.

There are six steps those can act as the strategies for the control of the cyber security. These ares-

• Assigning priority to the information regarding the assets and the processes.
• Assigning priority to the identified risks.
• Implementation of the security controls.
• A building of the security capability model.
• The improvement roadmap regarding the security is needed to be developed.
• Ensuring the organizational engagement and the governance.

Steps to integrate these strategies into enterprise cyber security:

Some of the actions those can be helpful for the integration of the policy into enterprise cyber security system:

• Understanding the working methods in the organizations and evaluation of possible risks associated with the system.
• Identification of the type of cyber crimes those can happen.
• Setting the priority of those crimes and the threats.
• Selection of the right strategies from the different security maintaining methodologies.
• Making the users and the employees aware about the importance of keeping the cyber security.

Understanding Human Factors affecting the cyber security:

The human factors play a significant role in maintaining the cyber security in the dynamic system. The violation of the security can be happened due to the lack of attention of the people. Sometimes the security breaches are done by the internal employees of the organization.

Information systems security governance and auditing

The role of internal audit and user training in information security policy compliance:  The improved audit practices will help to improve the cyber security systems and will help to counter the risks associated with the cyber security (Shackelford and Bohm 2016). The auditors of the information security can take two roles in mitigation of the security risks in the cyber system. They can identify the risks and evaluate the risks, and they can advise the users about the dangers.

Staffing and Costing for Successful Cyber Security Implementation

The importance of organization governance for Information systems and cyber security

If the government is not able to properly secure the information systems in the organization, then it may hamper the daily working of the organization. Other than this the organization may get easily hampered. The government must be efficient in discovering the threats. Management authority must be competent to protect the integrity of the data’s that are stored in the systems of the organizations. The confidentially of the data is also one of the other factors that are the responsibility of the governance. Other than this the management must also be efficient enough making the data available to which it is meant.

The use of project risk management tools to manage and protect enterprises, infrastructure and project against cybercrime

Use of project risk management tools against the cyber security:

Risk management tools:

The risk management tools those are necessary to secure an information system and from the cyber world are:

Risk identification: This is one of the primary tools that can be used to protect the data from the cyber world. There also some significant risk identification tools that are used for the risk identification.

• Information gathering techniques
• Brainstorming
• Interviewing  

Other than this some of the different techniques that are used for the analysis of the risk assessments are cause analysis which is recognizing a problem, learning the causes that led to it and developing preventive action. Analysis of checklists is also an important technique that is used for the analyzing the risk in the purpose of the analyzing risks. Swot analysis can also be used to explain the risks in an organization.

Techniques for managing the risks against the cybercrime in the organization:

• The organization should at first identify the dangers that can happen in a particular project.
• The second step is to reduce the chances of the risk that may occur.
• Risk response planning is also an essential factor in evaluating risk.
• If there is any case of danger, then the organization at first must locate the occurrence of the risk.
• After identifying the risk source must take measure in order to reduce to risk.
• After the threat is over then the organization must make sure that organization data must be secured with better protection.
• Further, the same danger must not again affect the system.

1. A discussion on the importance of organization governance for Information systems and cyber security

Securing an information system is one of the vital things to be done by any governing body of any organization. The first action for any management program is to implement the security protocols for the organization correctly. Some of the significant security options that an organization must achieve are

1. The management must protect the company and the assists of the organization.
2. The administration must be efficient to manage the risks that the organization must phase, like the discovering the threats, estimating the dangers or the risk and discovering risks.
3. Providing direction of the security activities that are ongoing.
4. Classifying the information
5. The management must provide the software that are highly efficient.

Conclusion

There are various ways and methods for the evaluation and analysis of the cyber security risks in the organization. The discussion revolves around different issues in maintaining the sustainability in the cyber security system in the organization. The example, in this case, is taken from the implementation of the cyber security in the Abu Dhabi Commercial Bank. It can be concluded from the above discussion that the application of the correct cyber security methodology and the framework will help the decision making process regarding the cyber security plans in the organizations.

Information System Security and Its Importance

References

Ashok, A., Wang, P., Brown, M. and Govindarasu, M., 2015, July. Experimental evaluation of cyber attacks on automatic generation control using a CPS security testbed. In Power & Energy Society General Meeting, 2015 IEEE (pp. 1-5). IEEE.

Bang, S.W., Jung, B.S. and Lee, S.C., 2017. Research on financial institutional network partition design for anti-hacking. Journal of Computer Virology and Hacking Techniques, 13(4), pp.257-263.

Benzel, T., 2015. A strategic plan for cybersecurity research and development. IEEE Security & Privacy, 13(4), pp.3-5.

Carter, A., 2016. DoD Cybersecurity Discipline Implementation Plan. Department of Defense Washington United States.

DiMase, D., Collier, Z.A., Heffner, K. and Linkov, I., 2015. Systems engineering framework for cyber physical security and resilience. Environment Systems and Decisions, 35(2), pp.291-300.

DuBow, J. and Meyer, D., Fulcrum IP Services, LLC, 2016. System and method for implementation of cyber security. U.S. Patent 9,401,926.

Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F., 2016. Decision support approaches for cyber security investment. Decision Support Systems, 86, pp.13-23.

Han, J.W., Hoe, O.J., Wing, J.S. and Brohi, S.N., 2017, December. A Conceptual Security Approach with Awareness Strategy and Implementation Policy to Eliminate Ransomware. In Proceedings of the 2017 International Conference on Computer Science and Artificial Intelligence (pp. 222-226). ACM.

Kim, K., Park, S. and Lim, J., 2015, August. Changes of cybersecurity legal system in East Asia: focusing on comparison between Korea and Japan. In International Workshop on Information Security Applications (pp. 348-356). Springer, Cham.

Kuusisto, T. and Kuusisto, R., 2016, July. Leadership for Cyber Security in Public-Private Relations. In European Conference on Cyber Warfare and Security (p. 173). Academic Conferences International Limited.

Lee, M.S., Kim, T.H., Park, S.P. and Kim, Y.M., 2015. Systematic elicitation of cyber-security controls for NPP I and C system.

Mierzwa, S. and Scott, J., 2017. Cybersecurity in Non-Profit and Non-Governmental Organizations. Institute for Critical Infrastructure Technology, February.

Min, K.S., Chai, S.W. and Han, M., 2015. An international comparative study on cyber security strategy. International Journal of Security and Its Applications, 9(2), pp.13-20.

Okubo, S., Yamaguchi, K., Nakamikawa, T., Jp, P.E. and Uchiyama, H., 2016. Security Solutions that Protect the Life Cycle of Control Systems. Hitachi Review, 65(8), pp.58-62.

Panguluri, S., Nelson, T.D. and Wyman, R.P., 2017. Creating a Cyber Security Culture for Your Water/Waste Water Utility. In Cyber-Physical Security (pp. 133-159). Springer, Cham.

Park, J., Suh, Y. and Park, C., 2016. Implementation of cyber security for safety systems of nuclear facilities. Progress in Nuclear Energy, 88, pp.88-94.

Randall, K.P. and Kroll, S.A., 2016. Getting Serious about Law Firm Cybersecurity. NJ Law., p.54.

Shackelford, S.J. and Bohm, Z., 2016. Securing North American critical infrastructure: A comparative case study in cybersecurity regulation. Can.-USLJ, 40, p.61.

Slay, J., 2016. Training and education for cyber security, cyber defence and cyber warfare. United Service, 67(3), p.24.

Van den Berg, J., Van Zoggel, J., Snels, M., Van Leeuwen, M., Boeke, S., van de Koppen, L., Van der Lubbe, J., Van den Berg, B. and De Bos, T., 2014. On (the Emergence of) Cyber Security Science and its Challenges for Cyber Security Education. In Proceedings of the NATO IST-122 Cyber Security Science and Engineering Symposium (pp. 13-14).