Cyber Security Research: Understanding Threats, Vulnerabilities And Countermeasures

Background and Aims

Describe what this researcher will do in the context of this project:

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Cyber security is the process of securing data and information systems from theft, damage, corruption, or disruption; sometimes it is referred to as computer security or IT security. It entails protection of data and information systems from physical access, unauthorized network access, data and code injections, and other malpractices that may impact the privacy and integrity of data and information. Currently, there the use of computer and internet have increased because of technology evolution over the years.

Include a brief summary of relevant experience for this project:

Cyber security is a wide subject that should be handled by several key experts. Cyber criminals are educated and well-informed on cyber trends to enable them steal secret and private information, intellectual property, and confidential information. Cybercrimes are becoming more frequent and complex especially where financial gain is involved. Individuals, governments, businesses, and corporations are becoming a baseline of cyberattacks because of the increasing use of internet. The way individuals share information and communicate through the internet has evolved because of the emergence of social networking sites, cloud computing, and smart phones. The increasing volume of data and information over the internet has necessitated the need of cyber security. There exist many computer crimes that may adversely affect organizations in terms of loss of information and money.

Provide a brief outline of the project describing in everyday, jargon-free language the key aspects of the research (e.g., who will be participating, what information will be collected and by what means, what participants will be required to do, etc.) and the key research aims. The lay description must be in everyday, jargon-free language that is comprehensible by the average educated layperson. Define any technical terms or discipline-specific phrases, and use the full form of all acronyms the first time they are used. (300 words max.)

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

This report seeks to expound on the subject of cyber security and the various issues facing this concept. It explores the increasing threats and vulnerabilities affecting information systems. The increasing use of internet across the world has improved communications and information sharing but have also given rise to more cyberattacks. The effects and impacts of cybercrime are real even though online threats are not visible; globally accessed information systems are the mostly targeted systems and thus are more vulnerable. The value of information to companies and governments gets more amplified as its transmission on cyberspace continue to increase.

Cyber criminals are identifying more system vulnerabilities in the major networks and thus information security remains a major concern around the world. Each day new cyber tools and disruptive technologies are challenging organizations to implement new security intelligence measure that can be able to detect, sieve, and notify for any possible threat. This paper gives more details on information systems threats and vulnerabilities, types of cybercrimes, factors promoting cybercrimes, counter measures to cybercrimes, and cyber security regulations.

State the aims, key research questions, and significance of the project. Where relevant, state the specific hypothesis to be tested. Also provide a brief description of the relevance of your proposed project to current research; (supported by a literature review and references) – refer to National Statement 1.1c, a justification as to why your research should proceed, including an explanation of any expected benefits to the community and its potential to contribute to existing knowledge.

Statement of Problem

The increasing overdependence of computers and internet by almost all organizations and industries as well as individuals to share and transmit data and information have posed great challenges to cyber security. As such there is need to protect and secure cyber segments of the information systems against the increasing cybercrimes such as hacking and phishing. Cyber-attacks have led to disruption of many information systems as it has been evidenced in various critical infrastructures such as inventory and financial systems which has resulted to loses. As such there is need to develop measure and systems to address this challenge.

This research seeks to answer the following questions:

        i.            What are some of the existing system threats and vulnerabilities?

      ii.            What are the common types of cybercrimes?

    iii.            What factors are promoting cybercrimes?

    iv.            What cybercrime counter measures can be put in place?

      v.            What are some of the cyber security regulations?

Aims and Objectives

The following are the objectives that this research seeks to accomplish:

        i.            Identify information system threats and vulnerabilities

      ii.            Identify the common types of cybercrimes

    iii.            Identify the factors promoting cybercrimes

    iv.            Identify counter measures to cybercrimes

      v.            Identify cyber security regulations.

This report will seek to discuss the various aspects of cyber security including threats and vulnerabilities, cybercrimes, cybercrime counter measures, factors promoting cybercrimes, and cyber security regulations.

Researchers should include any source of funding (e.g., departmental, commercial, non-commercial, governmental) The HREC will consider whether there is a conflict of interest.

Has this protocol received research funding or is this submission being made as part of an application for research funding?

 Yes

 No

What is the status of the funding application?

 Approved

 Refused

 Pending

             

If yes, what is the source of the funding

The principal researcher is responsible for informing each HREC of all other sites at which the research is being proposed or conducted; disclosing to each HREC any previous decisions regarding the research made by another HREC; and informing each HREC of whether the protocol is presently before another HREC.

If yes, give details of other centres involved; the approval status of the study at each centre; and details of any required amendments.

If your research involves participants from other organisations (e.g. educational institutions, companies, agencies, collectives), you may need to obtain authorised approval before approaching participants, eg: Department of Education and Training, School Principals, School Councils (for research involving Government schools); Catholic Education Office (Catholic schools); School Boards (Independent schools); Senior Officers (Commercial or Government entities); Elders (Aboriginal communities); or Representative bodies (Collectives). Copies of approval letters must be attached to this application or, if pending at the time of submission, forwarded to HREC when available. Some authorities may decline to provide permission letters until ethics approval has been granted. In such cases, you should submit your application to the HREC for provisional approval pending receipt of the documentation.

If yes, please specify from whom and attach a copy If no, specify from whom, and advise when this will be obtained

Research Questions

Provide an outline of the proposed method, including details of data collection techniques, tasks participants will be asked to complete, the estimated time commitment involved, and how data will be analysed. If the project includes any procedure that is already established and uses accepted techniques please include a description of the procedure. (500 words max).

Research Methodology

This research aims to study cyber security issues using a survey methodology. A survey carried out on XYZ ICT company is intended to identify cyber security challenges in information systems. The survey was conducted by administering questionnaires to the employees of XYZ. This research investigates the various cybercrimes that employees and the company at large face daily and some of the counter measures that have been put in place to address these threats. In these research primary and secondary data will be collected investigate the cybercrimes and the importance of cyber security to various organizations. Survey method will be used to collect primary data whilst secondary data will be gathered through unpublished and published materials.

Data Collection Methods

Primary data

This data is original and is collected by use of survey methodology. Respondents were given questionnaires for them to fill. Manual questionnaires as well as online questionnaires were used. 

Secondary data

Reputable journals, product documentation, articles, and websites were used to collect secondary data. This was used to identify what other researchers found out about the different cyber security aspects.

Is it likely / possible that any of the data collected may be used by you, or others, for any research other than that outlined in this application? See NS Chapter 2.2 and Chapter 3.2 when preparing your response. 

If YES, describe below and ensure this is outlined in all Plain Language Information Sheets and Consent forms.

  • Participants should be fully informed of the possibility of any future use of data collected and their ‘extended’ or ‘unspecified’ consent gained. Failure to do this may restrict the future use of the data.
  • Any restrictions on the use of participants’ data should be recorded and the record kept with the collected data. Restrictions must be accessible to researchers who want to access those data for research.
  • Participant Details

Describe your proposed recruitment strategy to source target participants. Provide the number and age range, giving a justification of your proposed sample size. Include details of statistical power of the sample where appropriate. To ensure the requirements for consent are met, refer to the National Statement Chapter 2.2 General requirements for consent:

 Sampling Technique

The research seeks to gather information on cyber security. To sample out the participants Yamane formulae below was used:

In this formula, N is the population size, n is the sample size and e is the level of precision. The assumption made was that there was 0.5 variability and 95% level of confidence. Level of significance will be 5% considering the normal distribution table 0.05 being the value of e given.

At least 30% of the sample population makes a representation of the target population. The sample is high enough to give a general conclusion about the target population because higher samples gives higher ecological information.

Who are the target participants? (Tick as many as applicable)

 Students or staff of this University

 Adults (over the age of 18 years and competent to give consent)

 Children/legal minors (under the age of 18 years, with parental consent)*

 Children in out of home care (under the age of 18 years – Note: Contact DHS for guidance in this area)

 Care Leavers – An adult who spent time in care as a child (under the age of 18) this could have been foster care, residential care, or other arrangements outside the immediate or extended family

 Women who are pregnant, Human Fetuses and Neonates

 Aboriginal and/or Torres Strait Island communities

 Other collectives where leader/council of elders may need to give consent

 Elderly individuals

 Individuals from non–English-speaking backgrounds

 People in other countries

 Pensioners or welfare recipients

 Intellectually or mentally impaired individuals unable/with compromised capacity to provide consent

 Individuals highly dependent on medical care with a compromised capacity to give consent

 Physically disabled individuals

 Patients or clients of professionals

 Prisoners, parolees

 People who may be involved in illegal activities

*Parental/Guardian consent may not be required in some instances

A copy of all recruitment materials used (e.g., printed advertisements, radio and television advertisement transcripts, posters, letters of invitation) must be attached to this application for review by the committee.

What is the proposed recruitment method? (Tick all that apply)

 Mail-out

 Email

Have you attached a copy of the text of the email that will be sent?  Yes   No

If no, please explain:

 Telephone

 Contact details obtained from public documents (e.g., phone book)

 Recruitment by researcher(s)

 Participants from a previous study

 Snowball (participants suggest other potential participants)

 Personal contacts – Provide details:

 Other – please explain:

  Advertisement (e.g. for a noticeboard or FedNews)

Have you attached a copy of the advertisement?  Yes   No

If no, please explain:

  Facebook

Have you attached a copy of the advertisement that will be posted on Facebook? 

Yes   No

If no, please explain:

  Other Social Media forum

Name forum:

Have you attached a copy of the advertisement that will be posted? 

Yes   No

If no, please explain:

 I have read and will comply with the Federation Universities Social Media Policy and  Social Media Procedure

Yes   No

If no, please explain why:

  Recruitment by a third party (e.g., employer, doctor)

Have you attached a copy of the letter requesting their assistance, and/or the letter confirming their willingness to assist?  Yes   No

If no, please explain:

  Private sources

Have you attached a copy of the relevant approval letter?  Yes   No

      If no, please explain:

This section raises the issue of your duty of care toward research participants. To what risks are participants subjected? What will you do should an emergency occur, or should a participant become upset or distressed? What is your risk management strategy Likely Benefits

How will potential benefits to participants or community outweigh the risks esearch Activities

Which of the following activities will the research involve? (Tick as many as apply)

 Use of a questionnaire (attach copy)

 Interviews (attach interview questions)

 Observation of participants without their knowledge

 Participant observation

 Audio- or video-taping of interviewees or events

 Access to personal and/or confidential data (including student, patient or client data) without participants’ specific consent

 Administration of any stimuli, tasks, investigations or procedures which may be experienced by participants as physically or mentally painful, stressful or unpleasant during or after the research process

 Performance of any acts which may diminish the self-esteem of participants or cause them to experience embarrassment, regret or depression

 Investigation of participants involved in illegal activities

 Procedures that involve deception of participants

 Administration of any substance or agent

 Use of non-treatment of placebo control conditions

 Collection of body tissues or fluid samples

 Collection and/or testing of DNA samples

 Participation in a clinical trial

 CTN Trial   CTX Trial  Please provide Phase number, i.e., either 1, 2, 3 or 4 

 Testing a medical/diagnostic device

Identify as far as possible all potential risks to participants (e.g. physical, psychological, social, legal, economic) associated with the proposed research. Explain what risk management procedures will be put in place. Any potential risks should be outlined in the Plain Language Information Statement (PLIS) along with contact details of an appropriately qualified organisation for participant reference in case of distress, eg: Lifeline

Where will the research be conducted? (Tick as many as apply)

  Federation University

  Other location(s)

If other, please give details (including the URL for web-based studies)

Are facilities at the research location appropriate for the scientific needs of the research?

 Yes

 No

How will the conduct of the project be monitored to ensure that it conforms to the procedures set out in this application, the University’s human ethics guidelines, the National Statement 5.5, and the Australian Code for the Responsible Conduct of Research 3.4? (In the case of student projects please give details of how the supervisor/s will monitor the conduct of the project; e.g., how often student and supervisor will meet; how meetings will be conducted: email/phone/in person; how efforts will be coordinated if a number of researchers are involved.)

Aims and Objectives

Will there be support provided for participants? (You may need to consider having additional support for participants during or after the study, depending on risks to participants. Consider whether your project would require additional support and what support would be available.)

What debriefing will participants receive following the study and when? (Attach a copy of any written material or statement to be used in such a debriefing. Participants may need to talk with the researchers about the experience of being involved in the study as well as learn more about the aims of the research.)

Note that while participants may, in certain circumstances, be paid or reimbursed for their inconvenience and time, the payment should not be of an amount that risks inducement to participate, thus potentially biasing the project‘s results. If rewards are to be used, all participants are to receive the reward.

If yes, describe how much and in what form the payment/incentive will take (e.g., money to reimburse travel costs, vouchers for movie tickets, chocolate frogs).Dependent or Unequal Relationships

The consent of a person to participate in research must not be subject to any coercion. Research involving those in dependent or unequal relationships (e.g., teacher/student, manager/employee, parent/child, doctor/patient) may compromise a participant’s ability to give consent that is free from any form of pressure (real or implied) arising from this unequal power relationship. The HREC therefore recommends that, where possible, researchers should choose participant cohorts where no dependent relationship exists.

However, if the researcher believes that research involving people in dependent relationships is purposeful and methodologically defensible, the HREC will require additional information explaining why this is so and how any risks inherent in the dependent and unequal relationship will be managed. The HREC will also need evidence to show that participants have been reassured that refusal to participate will not result in any discrimination or penalty. Applicants should note that reasons of convenience will not normally be considered adequate justification for conducting research in situations where dependent relationships exist.

* Please refer to the National Statement on Ethical Conduct in Human Research – Chapter 4.3 for information on unequal relationships before answering the following question.f yes, please explain the relationship and the steps to be taken by the researchers to ensure that the participant’s participation is purely voluntary and not influenced by the relationship in any way.

Informing Participants – Plain Language Information Statement (PLIS)

The potential participant must be provided with information at their level of comprehension about the purpose, methods, demands, risks, inconveniences, discomforts, and possible outcomes of the research (including the likelihood and form of publication of research results, and whether their data may be made available for future research projects) so their consent is fully informed. Download the current template for the PLIS from the HREC website.

Does the PLIS comply with the following guidelines?

 

YES

N/A

It is presented on the Fed Uni HREC approved template, downloaded from the website

 

*

It has clear identification of the University, the School(s) involved, the project title, the Principal and Other Researchers (including FedUni contact details).

 

*

It details what involvement in the project will require (e.g., involvement in interviews, completion of questionnaire, audio/video-taping of events), estimated time commitment, any risks involved.

*

It advises how participants’ contact details were obtained and/or how potential participants were selected

   

If staff or students of the Federation University are to be involved as participants, it advises that the project has received clearance by the HREC

It advises that if the sample size is small this may have implications for privacy/anonymity.

It states clearly that if participants are in a dependent relationship with any of the researchers involvement in the project will not affect ongoing assessment, grades, employment, management or treatment of health (as relevant).

It states clearly that involvement in the project is voluntary and that participants are free to withdraw their consent to participate at any time, and to withdraw any unprocessed data previously supplied.

*

It states that arrangements will be made to protect confidentiality of data, including that confidentiality of information provided is subject to legal limitations (e.g., subpoena, freedom of information claim, or mandatory reporting in some professions).

   

It advises whether or not data will be destroyed after a minimum period.

   

It advises the de-identified data collected may be used in future research projects

   

It provides any other relevant information.

*

How will informed consent be obtained/recorded?

 Signed consent form

 Recorded verbal consent

 Implied by return of survey  *NB If consent is to be implied by return of survey, all information that would normally be presented on the consent form must be included in the PLIS

 Other (Please specify):

The correct template for the consent form can be found at:

If no, please explain how consent will be documented:

Does the consent form comply with the following guidelines?

  It is presented on the Fed Uni HREC approved template, downloaded from the website

  It states the title of the project and names of the researchers

  It confirms that the project is for research

  It confirms that involvement in the project is voluntary and that participants are free to withdraw at any time or withdraw any unprocessed data previously supplied

  It details specific requirements of participants (e.g., interviews will be audio-/video-taped)

  It advises of any legal limitations to data confidentiality

  It advises that if the sample size is small this may have implications for privacy/anonymity

  It provides any other information relevant to obtaining participant consent

attention to implications for compliance with legislative requirements including, for example, Guidelines Approved under Section 95A of the Privacy Act 1988, produced by NHMRC, and Statutory Guidelines on Research Issued for the Purposes of Health Privacy Principles produced by the Office of the Health Services Commissioner.

What are Data? (NS Ch3.2 Databanks)

Data are pieces of information, eg:

  • What people say in interviews, focus groups, questionnaires, personal histories and biographies;
  • Analysis of existing information (clinical, social, observational or other);
  • Information derived from human tissue such as blood, bone, muscle and urine.

(Note: Where the sample size is very small, or information is obtained through a focus group, it may be impossible to guarantee anonymity or confidentiality of participants’ identity, and participants involved in such projects need to be advised of this limitation.)

Tick which method will be used to guarantee confidentiality/anonymity?

Individually identifiable data, where the identity of a specific individual can reasonably be ascertained.  Examples of identifiers include the individual’s name, image, and date of birth or address.

Re-identifiable data, from which identifiers have been removed and replaced by a code, but it remains possible to re-identify a specific individual by, for example, using the code or linking different data sets.

Non-identifiable (anonymous) data, which have never been labelled with individual identifiers or from which identifiers have been permanently removed, and by means of which no specific individual can be identified. A subset of non-identifiable data are those that can be linked with other data so it can be known that they are about the same data subject, although the person’s identity remains unknown.