Importance of Cyber Security Governance

In this report, the case study of Deltex will be discussed. The organization, that is, Deltex serves in the food technology and manufacturing business. They produce various kinds of machinery which are used in restaurants which helps in reducing the cooking time (Ellis and Mohan 2019). Due to the huge success of their new technology, their product is being used in various other restaurants that situated in the overseas. However, after analysis it has been found that, the cyber security aspects of the organization are quiet low. It has been found that, the organization is using the cyber security technologies in order to protect the organization from various cyber security threats and attacks. However, the top management level, does not have a clear concept as to why millions of dollars is being spent behind the cyber security model and framework of the organization.

The report will first discuss about the importance of cyber security governance and how it helps the organization, Deltex, to improve their cyber security models (von Solms and von Solms 2018). Furthermore, the report will also discuss about the various security management model, which can be used in order to protect the sensitive information that are stored in the server of the organization. Adding to that, the report will also discuss the impact of various organizational cultural elements on the security objective of the organization, that is, Deltex. Along with that, the report will also help in understanding the benefit of develop security policies for the organization, that is, Deltex (Pernice 2018). Lastly, the report will provide suggestive approaches for policy compliance for the organization.

Within the current era, most of the organizations around the world are conveying or utilizing data framework and information technology in arrange to supply the significant administrations and operations to their conclusion – clients. Along with that, the information systems which are being used within the organization requires the sensitive data and information from the end – users in order to function properly (Calcara and Marchetti 2021). These information and data are considered to be organizational resources. Due to this reason, there has too been a sudden surge of cyber security dangers and assaults towards different organization around the world. This is the reason, cyber security governance is required within the organization, that is, Deltex. With the help of cyber security governance, the organization would be able to implement various kinds of information security policies, which will help in protecting the assets of the organization.

Benefits of Appropriate Security Management Model

With the help of information security policies, the organization would be able to implement various cyber security components within the information system of the organization. It contains the rules and regulations which the prevents the employees from clicking on malicious links which are present within the emails (Maleh et al. 2021). Cyber criminals use a method, which is known as, phishing attack. In this kind of attack, the cyber criminals post a malicious link into the email. The email is then sent to all the employees of the organization. After that, the once the employees click on the link, they are redirected to a website, which asks them to enter the sensitive information in order to get a lucrative offer. When the employees submit the credential details, it directly gets sent to the hackers and intruders. Using the credentials of the employee, the cyber criminals then logs in into the network of the organization and then collect all the information and data that are stored in storage space of the organization. With the help of cyber security governance, a phishing filter can be installed on the email server of the organization (Eugen and Petru? 2018). This will help in blocking all the phishing emails that are being sent to the organization.

The security management model contains various components which are deployed within the organization in order to enhance the cyber security framework and regulations that are being adhered within the organization (Ponnusamy, Selvam and Rafique 2020). This further helps the organization in protecting the sensitive information which are being stored within the storage space of the organization. With the help of the security management model, the organization, that is, Deltex, would be able to provide appropriate level of security to all the information. Along with that, the organization would also be able to enhance their defence mechanisms against the various kinds of cyber security threats and attacks that are launched against an organization (Schinagl and Shahim 2020). It has been found that, often due to the cyber security attacks launched towards an organization, incurs huge financial loss. Thus, with the help of appropriate security management model, the organization, that is, Deltex, would be able to reduce the financial loss, which are caused due to cyber security threats and attacks.

The components of the models which are required in context of Deltex are –

1. Good Governance – The organization need to conduct various kinds of cyber security trainings for their employees and individuals (Renaud, Von Solms and Von Solms 2019). Through the trainings and sessions, the employees and individuals would be able to know, the importance of cyber security policies and regulations.
2. Risk Management – This component is very much crucial for the organization, that is, Deltex. With the help of the risk management component, the organization would be able to identify all the risk which are present within their business processes. Once the risks have been identified, the organization would then be able to measure the impact of the risks on the business process. Through this process, the organization, that is, Deltex, would be able to give ranks to the risks, which are, high, medium and low (Calderaro and Craig 2020). Depending on the rank, the risk management department of the organization would be able to evaluate the mitigation steps which will help the organization to remove the risks from the business processes.
3. Security Culture – It is an important practice to have a security culture within the organization. All the employees and individuals of the organization is expected to adhere to the rules and regulations that are mentioned in the information security policies. The security culture, will prevent the employees from accessing malicious links which are present in emails. Also, this will help them in keeping strong passwords.

Currently, the organization, that is, Deltex, is focussing on the sale of their product and services to their end – users. Along with that, it has also been found that, the upper management level is questioning about the budget which has been granted for the cyber security upliftment of the organization (Al-Sartawi 2020). The upper management level has asked, why million dollars is being spent on the cyber security component of the organization, when the cyber security department does not provide any kind of return of sale. However, the changes had to be made into the organization, as with the evolution of information technology, the clients are demanding cyber security components for the products (Chotimah 2019). One of the clients have also asked for block chain technology, for the security product, as it will help the client to protect their business trade secrets from getting leaked due to a cyber security incident. In order to change the culture, various information security policies and regulations need to be implemented within the organization itself. This information policy will also be explained to all the employees and individuals who are currently present within the organization (Webb and Hume 2018). They would need to adhere to the information security policies. Training and sessions will be provided to the employees and individuals, which will help them in understanding the importance of cyber security rules and guidelines.

Impact of Organizational Cultural Elements

One of the benefits of developing a security policy is that, the confidentiality, integrity and availability of the data and information can be maintained. Through security policies, the data and information can be sent to the correct receiver. Along with that, the integrity of the data can also be maintained (Orji 2018). This means that, the content of data and information would not be changed when it is being sent through the organizational network. Adding to that, the security policies also help in making the data and information available when it is required by the end – user. Security policies also helps the organization from minimising the impact of the risks which are present within the business process of the organization (Huang et al. 2022). Lastly, with the help of the security policies, the organization, that is, Deltex, would be able to maintain the regulatory compliance, stated by the cyber security governing body.

Below are the policy statements –

1. It is advised for all the employee to have strong password for their emails and computer system. The password length should be between 8 – 12 characters. The password should contain an upper – case letter, a lower – case letter, a special character and a number.
2. It is recommended and advised to all the employees that, they must change their password after the end of each quarter. If they are not changing the password, then the information system will automatically assign a password for them.
3. All the employees and individuals of the organization are advised not to click on any kind of link which are present within the email (Kim and Kim 2021). If an email has been received, who’s link is not verified, the email needs to be flagged and forwarded to the information security department.
4. It is being advised and recommended to the information technology department of the organization to backup all the data and information of the organization after the end of each week.

The suggestive approaches which are require for policy compliance and comprehension are –

1. In order to proceed with the implementation of security policies within an organization correct leadership is required. This means that, there should be a leader, who would be sole responsible for all the information security guidelines, which are being stated by the organization. Also, the leader should be from the cyber security background, that will help in understanding the cyber security requirements for the organization.
2. The organization should first understand the business processes which are present. This will help in understanding which kinds of risks are present within the business processes. The policies which will be provided within the organization, needs to be comfortable with all the employees so that, they are able to maintain them while being present within the premise of the organization.
3. The policies which are being developed within the organization needs to be made easily available and accessible to all the employees. It is recommended that, both offline and online format of the security policies need to be made available for the employees.
4. After the training and sessions for the cyber security practices has been conducted in the organization, an assessment needs to be conducted with the employees, so that, the organization is able to understand whether all the employees have understood the policies and regulations. Adding to that, the organization would also need to set a deadline for the test and should be made the test mandatory for all the employees.

Conclusion

In order to conclude, in this report, the importance of cyber security governance has been discussed. It has been found that, the organization is spending a good money on the cyber security framework of the organization, however, the employees and individuals are not adhering to all the rules and regulation. Furthermore, the report has also discussed about the benefits of appropriate security management model. Along with that, the report has also discussed about the various components which are important for Deltex. Furthermore, the report has also explained the impact of organizational cultural elements on the security policies of the information security. Adding to that, the report has also explained about the various benefits which are involved with developing a security policy. Lastly, the report provides various suggestions which are required for the employees to adhere to the information security policies and guidelines.

References

Al-Sartawi, A.M.M., 2020. Information technology governance and cybersecurity at the board level. International Journal of Critical Infrastructures, 16(2), pp.150-161.

Calcara, A. and Marchetti, R., 2021. State-industry relations and cybersecurity governance in Europe. Review of International Political Economy, pp.1-26.

Calderaro, A. and Craig, A.J., 2020. Transnational governance of cybersecurity: policy challenges and global inequalities in cyber capacity building. Third World Quarterly, 41(6), pp.917-938.

Chotimah, H.C., 2019. Tata Kelola Keamanan Siber dan Diplomasi Siber Indonesia di Bawah Kelembagaan Badan Siber dan Sandi Negara [Cyber Security Governance and Indonesian Cyber Diplomacy by National Cyber and Encryption Agency]. Jurnal Politica Dinamika Masalah Politik Dalam Negeri dan Hubungan Internasional, 10(2), pp.113-128.

Ellis, R. and Mohan, V. eds., 2019. Rewired: cybersecurity governance. John Wiley & Sons.

Eugen, P. and Petru?, D., 2018. Exploring the new era of cybersecurity governance. Ovidius University Annals, Economic Sciences Series, 18(1), pp.358-363.

Huang, K., Madnick, S., Zhang, F. and Siegel, M., 2022. Varieties of public–private co-governance on cybersecurity within the digital trade: implications from Huawei’s 5G. Journal of Chinese Governance, 7(1), pp.81-110.

Kim, D.K. and Kim, S.Y., 2021. Reframing South Korea’s National Cybersecurity Governance System in Critical Information Infrastructure. Korean journal of defense analysis, 33(4), pp.689-713.

Maleh, Y., Sahid, A., Alazab, M. and Belaissaoui, M., 2021. IT Governance and Information Security: Guides, Standards, and Frameworks. CRC Press.

Orji, U.J., 2018. The African Union Convention on Cybersecurity: A Regional Response Towards Cyber Stability?. Masaryk University Journal of Law and Technology, 12(2), pp.91-129.

Pernice, I., 2018. Global cybersecurity governance: A constitutionalist analysis. Global Constitutionalism, 7(1), pp.112-141

Ponnusamy, V., Selvam, L.M.P. and Rafique, K., 2020. Cybersecurity governance on social engineering awareness. In Employing Recent Technologies for Improved Digital Governance (pp. 210-236). IGI Global.

Renaud, K., Von Solms, B. and Von Solms, R., 2019. How does intellectual capital align with cyber security?. Journal of Intellectual Capital.

Schinagl, S. and Shahim, A., 2020. What do we know about information security governance?“From the basement to the boardroom”: towards digital security governance. Information & Computer Security.

von Solms, B. and von Solms, R., 2018. Cybersecurity and information security–what goes where?. Information & Computer Security.

Webb, J. and Hume, D., 2018, March. Campus IoT collaboration and governance using the NIST cybersecurity framework. In Living in the Internet of Things: Cybersecurity of the IoT-2018 (pp. 1-7). IET.