research
Running head: ANNOTATED BIBLIOGRAPHY
ANNOTATED BIBLIOGRAPHY 2
Annotated bibliography
Anil Kumar Bandi
University of The Cumberlands
ITS 835- Enterprise Risk Management
Dr. Oludotun Oni
July 5th, 2019
Annotated bibliography: Cyber Security
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do they fail to change behaviour. arXiv preprint arXiv:1901.02672.
In this technology era where we are using technology everywhere and at the same time cyber threats also became very common. So, having awareness about the cyber security is always good. security is a touchy issue that should be treated with most extreme classification. Authors through this book, explained about the key factors regarding the security which may lead them to neglecting to properly change individuals' behavior. Past what's more, current endeavors to improve data security rehearses and advance a maintainable society have not had the ideal effect. It is significant in this way to basically think about the difficulties engaged with improving data security practices for natives, buyers and representatives as there are not aware of risks in cyber security. This research paper considers the challenges from a psychology perspective and, they believed that creating awareness is always based on how people react and perceive the risks.
The very important finding from this study is that, people know the answers for the questions asked during the survey about the risks they know about the cyber security but the interested thing, they don’t react how they usually react in real life. Being that said, it is very proposed that it is very essential for having risk awareness and practices from the beginning. This article also explained about the factors influencing the risks awareness failure in cyber security. And other important finding is, intercessions dependent on major hypothetical information to change conduct that consider social convictions and frames of mind and are bound to succeed.
Coffey, K., Maglaras, L. A., Smith, R., Janicke, H., Ferrag, M. A., Derhab, A., ... & Yousaf, A. (2018). Vulnerability Assessment of Cyber Security for SCADA Systems. In Guide to Vulnerability Analysis for Computer Networks and Systems (pp. 59-80). Springer, Cham.
This paper explains about the cyber security risk assessment of Supervisory Control and Data Acquisition system. In this system, security is mainly done by controlling physical access to framework parts which were extraordinary unique restrictive correspondence conventions. According to this paper, security in this system was present as an implication of safety. Modern day SCADA systems are more sophisticated and because of using the advanced technology and it’s complex too and prone to many risks as well. The SCADA systems are also prone to may risks because of rapidly increasing interconnectivity, hard wares and protocols using for communication and their standardization. So, risk assessment is an important of the ERM in SCADA and it answers the following things like:
· What can be wrong?
· What are the chances of going wrong and likelihood of happening?
· What are the results and consequences of that?
Smith. R also explained that Risk assessment in ERM also helps to understand what can be done and what are the options available to mitigate the risks in cyber security. And, impact of decisions from the top people in the management on future scope. The ERM methodology consists of mainly
· Identify the system configuration
· Identify the quantitative risk model.
· Distinguish and organize the security necessities of the primary targets.
· Identify and categorize the vulnerabilities.
· Understand the attack paths.
Paté‐Cornell, M. E., Kuypers, M., Smith, M., & Keller, P. (2018). Cyber risk management for critical infrastructure: a risk analysis model and three case studies. Risk Analysis, 38(2), 226-241.
Overseeing digital security in an association includes assigning the insurance spending plan over a range of potential alternatives. This requires surveying the advantages and the expenses of these choices. The hazard investigations displayed here are measurable when applicable information is accessible, and system‐based for high‐consequence occasions that have not occurred at this point. This article presents, initial, a general probabilistic hazard examination system for digital security in an association to be indicated. It at that point portrays three instances of forward‐looking investigations persuaded by ongoing digital assaults.
This paper explaining about the problem and stakeholders in cyber security. Now a days, cyber security has become very common and because of this it damages the people confidence in believing the mangers who’s maintaining the infrastructure. The countermeasures considered in this article address the various periods of a digital assault on explicit associations. That includes 2-factor authentication to reduce the risk intrusion on the systems. The hazard evaluations portrayed here yield a lot of hazard bends for a given framework, with and without thought about upgrades. These outcomes would then be able to move toward becoming contributions to a choice investigation, permitting a decision maker to recognize the measure or set of measures that will expand his or her normal utility. The authors were given private access to a database of digital assaults on a huge, U.S.‐based association. This enabled us to represent our hazard examination technique, including, initial, a factual investigation of a past occasion, at that point an expansion of the outcomes to the likelihood of progressively genuine occasions in the future.5 This database incorporates more than 60,000 digital assaults over an ongoing six‐year period (2009–2015). The seriousness of an assault is basically estimated in long periods of examination. We investigated this information to decide if the assault recurrence had expanded after some time, and to contrast a few alternatives with decrease the current digital hazard.
Naseer, H., Ahmad, A., Maynard, S., & Shanks, G. (2018). Cybersecurity Risk Management Using Analytics: A Dynamic Capabilities Approach.
The advanced undertaking uses chance driven and control-focused security the executives’ frameworks to secure data assets and continue upper hand. Such frameworks have demonstrated to be very viable in the avoidance of dangers that adventure normal vulnerabilities. Be that as it may, they are less fit to dynamic reaction against dangers, for example, Advanced Persistent Threats. To better understand the how companies are dealing with new dynamic threat, this researcher took the data from ten expertise interviews and analyzed in depth. The dynamic capacities hypothesis tends to the topic of how endeavors can adapt to evolving business conditions. Consequently, the hypothesis has increased expanding consideration in numerous regions
counting hierarchical learning, innovation move, and assembling (Teece et al. 1997). This hypothesis is an expansion of the asset-based view (RBV), which estimates that 'when firms have assets that are profitable, uncommon, supreme, and non-substitutable, they can accomplish maintainable upper hand by executing crisp worth making techniques that can't be effectively copied by contending firms' (Barney et al. 2001).
Cybersecurity chance administration is the general procedure that coordinates the recognizable proof and investigation of an endeavor's digital dangers, gives the evaluation of the probability and effect of said hazards on the business, and empowers a choice with respect to the move that ought to be made to relieve those dangers (Spears what's more, Barki 2010). The appraisal part of the procedure includes gathering information to distinguish: (1) resources and their business esteem, (2) dangers that may affect resources, (3) security vulnerabilities in resources that could be misused, and (4) explicit dangers and gauge their probability and potential effect (Shedden et al. 2016). In view of this hazard evaluation, fitting controls are actualized and after that checked to measure the viability of the cybersecurity hazard the executives procedure (Webb et al. 2014).
References
Scholl, M. C., Fuhrmann, F., & Scholl, L. R. (2018). Scientific Knowledge of the Human Side of Information Security as a Basis for Sustainable Trainings in Organizational Practices.
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do they fail to change behaviour? arXiv preprint arXiv:1901.02672.
Paté‐Cornell, M. E., Kuypers, M., Smith, M., & Keller, P. (2018). Cyber risk management for critical infrastructure: a risk analysis model and three case studies. Risk Analysis, 38(2), 226-241.
Naseer, H., Ahmad, A., Maynard, S., & Shanks, G. (2018). Cybersecurity Risk Management Using Analytics: A Dynamic Capabilities Approach