Cyber Security

Discuss about the Literature Review for Corporate Security Measures and Practices.

  Security can be defined as the state of being secure without any harm or injury (Sennewald & Baillie). In other words, the corporate security officers work to protect the organizational assets and confidential data from external attacks.  In computer terms, the term security indicates cyber security. Technical surveillance and monitoring by the higher level management team is a major requirement for corporate organization. The employees working for corporate industries must have little formal education such as security relevant knowledge, risk management knowledge about corporate security (Halibozek, 2003). In where the operational are carried out daily without any disruption either from natural catastrophe or from criminal threats in which communication devices, applications, and services are communicated and stored in the cyber environment (Cavanagh, 2004).

Cyber security ensures the attainment and maintenance of the assets of an organization against security risk in the cyber environment (Jan-Frederik Kremer, Benedikt Müller). The security is concerned in four areas: availability – ensures the data is available when needed, confidentiality – the data or information that can be accessed by only authorized person and integrity – the data has not been modified. The security encompasses protecting the information and assets we depend on daily life whether at home or work. For example preventing of stealing trade secret, intellectual property, bank account number, password, credit card password number, etc. should be remain safe and confidentiality. (Chia.). Therefore, it is required to protect the valuable information and hence, the need of security is arises.

Corporate is an organization that carried a certain business to accomplish objectives (Foster, B., & Lejins, Y.). In Corporate business, there are hierarchies of groups that control the business in an organization. In the growing period of business today, the business required a stable environment to carried out the operation in a day to day work like organization goodwill, continuous reliability of the technical as well as regular business manner, safeguard of physical, employees and financial assets; all these depends upon the security program for the smooth running of the business. In today, the corporate organization is shaped by many impacts regarding the certain needs, alarms and susceptibilities within the organization, its competences of its security group, and the management insight to the importance of the security all pay to the organizations structure and roles. Even, business downscaling hamper the security because security itself has to acquire to operate in the learning environment with higher demands and higher expectations respectively at the same rate while operational in a corporate with a proportion to increased threats and risks. So, corporate security becomes a challenging job to accomplish. (Halibozek, Edward)

Corporate Business and Security

The corporate business has now been undertaken security as a common body or part of operations within the organization. Large Corporations, maintains many risk management system to develop the corporate management. The general security profile is one of consistence and cost hindrance (Hatzi Georgopoulos, 2012).In small companies, security plays a supplementary role assigned to the human resources. Small companies have a smaller division of security departments with low resources and commonly, depend upon security professionals of lack of expertise with extensive and general knowledge instead of highly specific security experts often used in larger corporations. Large business organizations invest their budget allocated on the security operation than the small business companies find out difficult to manage the security resources (Halibozek, Edward).

That is why, large business organization are more successful and found beneficial implementation of security operations that helps simultaneously to maintain operations carried either from the business perspective or from the information to be secure (Cavanagh). Today’s context a rival business organization hired hacker to disrupt other business operation with a motive of competences in the global market. So, the corporate security has become more complicated and sophisticated in terms of protecting business assets or its intellectual property. Whether large or Small Corporation today, companies assumed outsourcing specialized in security for a corporation because this includes safeguards of assets to investigation and information system security, and also believed that outsourcing saves money. Instead, corporate management either smaller or larger corporate must look security as a costs because the threat continues to rises every day, the business organization need to hired the skilled security professionals to protect the business integrity, availability and confidential to protect from exposure. (Halibozek, Edward)

According to EU, corporate security strategies are divided into 3 areas in which network and information security, law enforcement and defense.  These some tasks are allotted within nation states likewise in law enforcement, the judicial regulation says in case of “particular serious cyber incident or attack”Article 222, (Solidarity Clause) will come into effect (Hatzi Georgopoulos pp-30) According to the report, the top attack that is used to stolen the credentials are firstly, weak domain user password, secondly broadcast name resolution poisoning , local administrator attack, clear text password  and lastly insufficient network access controls. This is a serious difficult because credential theft always look after credentials and it’s like hood and reliable. So, this is why it is requirement and becomes vital to limit the access on business requirement. (Writer). The position of the company data protection steering committee has come to be an essential tool inside the quest for a coordinated corporate protection method, for decreasing duplication in protection spending, for taking manage of complicated infrastructures and ultimately, for decreasing safety danger.

Corporate Security Strategies and EU Regulations

Many corporate business has built a security groups together and to embark on enterprise-wide information safety platforms. However, these teams have struggled to align business aims with strategic security funding. Likewise, most of the security groups conflict to define and establish their company missions, scope, and influence. Moreover, these security groups have poorly described and operate without powerful communications plans. The end result of such poor foundation is the invitation for newly installed teams to immerse themselves in technology missions, trying to find elusive employer-extensive technical answers.  By surveying of the company in United States, 11 security directors of fortune based 1000 corporation, it is examined that the scope of the corporate security remit and its relationship with the different business functions among the organization. Curiously, it is found that corporate security was actually positioned terribly high within the structure hierarchy which it had been usually closely integrated among the business operation often on a co-operative cross basis.   The study of this shows that the corporate business usually worked closely with and found supportive of the company security operation. (McGee). Contributors of an information security committee encompass: line of enterprise managers, IT managers, the IT director, the chief security officer, the company risk supervisor and the leader internal auditor. A clean difference has to be made between the function of the governance and the leadership role (i.e., daily control of the security group) of the chief security office. (Scholtz)

Worldwide markets, uniqueness of item, differences of the workforce, clients, and a speedily changing technical environment make the security undertaking more perplexing. Seeing how a business functions is important yet is not adequate for giving anacceptable level of assurance. It takes more than only a comprehension of the business to create and actualize an effective resources security program. It additionally takes a comprehension of central security standards. This is the reason security experts ought to deal with the undertaking of giving resources assurance to any organization. Official administration ought not to play or think the security part softly either, for it can truly cost lives and employments. (Halibozek, Edward)

There are numerous suppositions as to where the obligation regarding security best fits into a corporate structure. Some propose that in light of the fact that security is a consistence capacity it ought to be a piece of a bigger consistence association, for example, reviewing or the lawful division. Others propose that security’s part is firmly adjusted to individuals, and subsequently should be a piece of the HR association. Some in administration propose that security is basic to the congruity of the endeavor and should be a piece of a business coherence association. Powerful contentions can be made for security to have a place with any of these capacities and a few others (Halibozek, Edward).

Global Market and Corporate Security

Where in the corporate structure security best to place, the general security profile for any company is the duty of its CEO. Powerlessness to enough ensures individuals, physical resources, and data can negatively affect the organization’s productivity. Gainfulness is plainly sympathy toward any CEO. This is not to say that a CEO should be included in the everyday administration of advantages insurance. That is the part of the CSM and security experts. The security protection has a connection with the number and estimation of the corporate resources (Halibozek, Edward).

On the contrary,  the security professionals in the corporate organization must be reliable and must have knowledge to make assurance in protection of the assets in the organizations, have a decent comprehension of how business function and have the capacity to change and oversee change. Since, the global market is bigger, highly economical, inconsistent and maybe more risky. With lower resources of assets, the unpredictable in a higher amount can be predictable. Technology is both the gifted and condemnation respectively. Protecting assets in an organization needs protective procedures. Utilization technology for defense purpose also required skills of the security professionals having a comprehension of technology and how business works etc (Halibozek, Edward).    

Corporate security is referred to as a practice sector that provides safety to corporate assets and its internal and external operations (Damodaran). In daily management of different corporate activities the employees, including the manager and directors are required to possess certain skills and clear understandings. The profession of information security is transforming and getting matured rapidly and has become one of the fastest changing areas in different corporate offices (Brooks). In order to manage the security technologies, the employees should acquire inter-personnel technical skills and in-depth network based knowledge regarding technologies (McCrie).

1. Skillful person must know the way to handle outsourced functions of securities. These are required to be well arranged for risk assessments, management and system based operations.
2. For rapid driving trends in individual risk management expertise skills are needed. Different risk assessment approaches should be proposed by the management team for information security so that after prototype usability the best suited one can be selected (Pathan)
3. Process based approaches should be adopted based on the corporate cases and the experts should have to be proactive about the process centric approaches.
4. The professionals should have application knowledge on corporate culture, terminologies, technical requirements and general concept of businesses. Skill is the application of knowledge.
5. Inter personnel skills are also required such as communication among the coworkers and understanding between them is a crucial necessity.
6. Premature evaluation should be strictly avoided. This is something, which leads to misunderstanding among the employees working together and organizational conflicts (Campbell). Overall, all the employees should work efficiently and actively wherever essential.

In order to avoid corporate complexity the work load is divided among the employees of commercial enterprises based on their knowledge and department. The roles of different designation holders are as follows:

• Chief information officer – The hard skills are specified for the chief information manager. They must have teaching abilities including all other basic requirements. In order to provide protection within the corporate society, CIO should have proficiency in computer languages and software application(Damodaran) .Network security monitoring and continuous monitoring of the roles of all the employees is another work to be done by the CIO. They must have proficiency in IT service frame working. The norms ad policies are different for various organizations; the CIO creates the norms on security policy. They also secure the cost management, project management and they also provides technical business strategies to avoid risks (McCrie). 

• Security director – The SD plays the major role in corporate security management system. Basically, they provide direction to entire security management process. They have software knowledge to protect the system from outside attacks. Budget development is also decided by the security director(Peltier, 2016). 

• Security manager – A security manager will lead the security team and will protect the assets. They maintain the security details within the office building and data warehouse. Apart from this, for any security development the managers should inform the director. Development in protocol s and algorithm also increase the management capability of corporate industry (Brooks, 2013). Implementation of cloud computing to resolve risks are also adjusted by the security managers(Sennewald & Baillie). 

• Chief technical officer – The head of the technical department provides technical advice and guidance to the employees working under technical department. They supervises the IS and communication network. They look after the internal and external digital operations including software development.(Campbell, 2014)

Different corporate methodologies are found during the assessment of corporate security. The rate of industry rate is directly dependent on the business risk ratting and financial risk rating (Damodaran). At the same time, in the application areas certain corporate methodologies are determined by the management authority. The generalized corporate methodologies are as follows:

Data Gathering

Working with key contacts for divisions to acquire further foundation on their working and physical security including measurements of occurrences, clear insufficiencies, barricades to further upgrades, and extraordinary prerequisites of specific arrangements of corporate level in their division.

Current Administration and Corporate Security

Acquiring pertinent insights corporate misfortune reports, H&S reports, Security occurrence reports to be decide the level of dangers for various territories.

Identification/Prioritization of the Threats

ID/prioritization of the different threats postured and the assessment of the present measures set up to check these threats (a risk evaluation). A security threats evaluation of the corporate organization should take a standard document risk assessment technique, for example, NIST and so on.

Standards Development

Planningapplication security standards, practices, arrangements, counter-measures to empower the corporate department to relieve the dangers which that threat is present.

In view of the above information, a Corporate Security Plan is made for every division that:

1) Documents the present security highlights set up for every office

2) Completes a threat assessment by examining measurements, reports and functional threats.

3) Determines the security highlights required to address the threat highlighted in the Threat Assessment, with reflection of industry principles and benchmarks;

4) Highlights the hole between the present security highlights and the prescribed security highlights

3.0 Comparison between roles and responsibility of corporate security with protective security policy Framework (PSPF)

Role of corporate security	Responsibility of corporate security
All the employees working under the security department if corporate industry play differ roles to accomplish the objection of the enterprises (Sennewald & Baillie)	The roles play by the employees contains a set of responsibility.
Role always describes the responsibilities of the employees. Role is the instant of responsibility.	Responsibility is one of the factors of role.
In corporate world, role of different employees varies and it is dependent on the security perspectives.	The responsibility is divided among the employees and is done by the chief executive of the corporate enterprise (Brooks).
The role of the employees is pre-determined by the management and is similar for all the employees belonging to the same designation (Campbell).	If all the employees play their responsibility properly then, the standard target for corporate security is will be fulfilled.

Table 2:  Comparison between rules and responsibilities

Source: (Brooks)

Figure1: PSPF framework

The Protective Policy security framework was developed by Australian government to secure its assets, people and information from external attack (McCrie). This particular framework reduces the security risks. In previous days the Australian government used to use compliance model or PSM, which was not enough secured in terms of increasing number of agencies. PSM was not reliable and flexible in case of sensitive matter handling. Private information were not safe, thus in order to enhance the security Australian government converted its security model from PSM to PSPF (Peltier). PSPF is flexible and the approached framework was feasible to all.  Data integration and additional risk management system is associated to PSPF. Due to financial and security management PSPF is stated to be better. 

Reference

Brooks, D. J. “Corporate security: Using knowledge construction to define a practising body of knowledge.” . Asian journal of criminology (2013): 89-101.

Campbell, G. Measures and metrics in corporate security. Elsevier, 2014.

Cavanagh, Thomas E. Corporate Security Measures and Practices . New York: The Conference Board, Inc. , 2004.

Chia., Terry. Confidentiality, Integrity, Availability: The three components of the CIA Triad. 20 August 2012. <https://security.blogoverflow.com/2012/08/confidentiality-integrity-availability-the-three-components-of-the-cia-triad/>.

Damodaran, A. Damodaran on valuation: security analysis for investment and corporate finance (Vol. 324). John Wiley & Sons, 2011, 2016.

Foster, B., & Lejins, Y. Ehealth security Australia: The solution lies with frameworks and standards. 2013.

Halibozek, Edward. The Manager’s Handbook for Corporate Security. Burlington: Butterworth-Heinemann, 2003.

Hatzi Georgopoulos, M. “he EU Mutual Assistance and Solidarity Clauses.” European Security Review (2012): 3.

Jan-Frederik Kremer, Benedikt Müller. Cyberspace and International Relations: Theory, Prospects and Challenges. Berlin: Springer, 2013.

McCrie, R. Security operations management. Butterworth-Heinemann, 2015.

McGee, Anthony. Corporate Security’s Professional Project: :An examination of the modern condition of corporate security management and, the potential for further professionalisation of the occupation. Cranfield: Cranfield University, 2006.

Pathan, A. S. K. (Ed.). Security of self-organizing networks: MANET, WSN, WMN, VANET. . CRC press, 2016.

Peltier, T. R. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. . CRC Press, 2016.

Scholtz, Tom. The Role of the Corporate Information Security Steering Committee. 12 January 2004. 2 August 2016 <https://www.itnews.com.au/feature/the-role-of-the-corporate-information-security-steering-committee-61354>.

Sennewald & Baillie. Effective Security Management, 6th Edition. Butterworth-Heinemann, 2015.

Writer, Staff. How hackers get into corporate networks. 22 August 2016. 2 September 2016 <https://mybroadband.co.za/news/security/176661-how-hackers-get-into-corporate-networks.html>.