Cyber Security Threats In A Ghanaian Small-Scale Organisation. The Primary Focus Is To Develop A Cybersecurity Culture Framework And Evaluate Its Impact On Ghanaian Small-Scale Organisations.

profileBillymilo
Cybersecurityframework22Ver1.docx

1

1

1

                               

A Cybersecurity Culture Framework and Its Impact on Ghanaian Organizations

                                                          Tweneboah Sarfo

                                                   Authorship Declaration

So, I, Tweneboah Sarfo, certify that this dissertation and everything in it are mine.

This is always fully attributed when I reference the published work of others.

When I quote someone else's work, I always give the source. Except for these quotes, this dissertation is all my own work.

I have thanked all major sources of assistance.

If my study builds on earlier work or is part of a wider collaborative research initiative, I have specified who did what and how much I contributed.

I have read and understood the consequences of academic misconduct.

I also promise that I got informed consent from everyone who worked on this dissertation, as required by the school's code of ethics.

DEDICATION

This work is dedicated to the Almighty God, My family, and My bosses in the Army.

ACKNOWLEDGEMENT

I believe that my success in this program is directly attributable to God. Also, I'd want to give props to Captain TRANHAM for inspiring me and to Mr. Suresh Sureshkumar, my supervisor, for his unrelenting work in getting my dissertation published. Additionally, I appreciate the encouragement from all my Arden University professors. My sincere appreciation goes to my wonderful wife, Ms Charity Animah Sarfo. I appreciate the help and encouragement I've received from my peers. May God bless them all. Comment by Owner: Distribute your text evenly between margins. Comment by Owner: Check recommended line spacing and font size.

TABLE OF CONTENTS Comment by Owner: Add table of figures and tables.

AUTHORSHIP DECLARATION ……………………………………………………………. i

DEDICATION …………………………………………………………………………………. ii

ACKNOWLEDGEMENT……………………………………………………………………… iii

ABSTRACT……………………………………………………………………………………. iv

TABLE OF CONTENTS………………………………………………………………………. v

INTRODUCTION……………………………………………………………………………… vi

LITERATURE REVIEW……………………………………………………………………… vii

METHODOLOGY………………………………………………………………………… viii

RESULTS AND DISCUSSION………………………………………………………….. ix

ARTEFACT……………………………………………………………………………… x

CONCLUSIONS AND RECOMMENDATION……………………………………….. xi

REFERENCES………………………………………………………………………….. xii

 

Abstract Comment by Owner: Your abstract should include: Introduction, Methods, Results and conclusion. Usually around 100–300 words

Cybersecurity is the practise of protecting information, hardware, and software from malicious intrusions through a network. To protect information assets, people need to adopt a certain mindset, set of beliefs, set of values, and body of knowledge known as the cybersecurity culture. While Ghana has made great strides in embracing and employing ICTs, the country's businesses have not yet developed a culture of cyber security. Lack of a framework to provide direction, focus, guidance, and a consistent strategy for resolving cybersecurity issues is one of the challenges facing the ICT industry in Ghana. When there is no cybersecurity framework in place, dealing with cybersecurity problems becomes challenging since there is no guidance or direction on how to prevent, respond to, or mitigate cybersecurity breaches or risk, or how to increase employee awareness of these issues. As a result, preventing cyberattacks in Ghana requires a cybersecurity framework that promotes a cybersecurity culture. The subject under investigation is "How can a cyber security cultural framework be established to confront cybersecurity concerns for grassroots users of cyberspace in Ghana?" Thus, an interpretivist approach is required to deal with the contextual nature of the question this study aims to address. This research made use of a constructivist or interpretivist theoretical framework.

Introduction Comment by Owner: Start on anew page. Comment by Owner: Expected here are: Background – an overview of the topic and its merit as a research topic Rationale – justification for the study Case study – if relevant, an overview of the organisation or study context Aim, Objectives and Research questions Dissertation Structure Comment by Owner: Comment by Owner: Your introduction should not more than 800 words.

 

Businesses in Ghana are more susceptible to cyberattacks due to the widespread usage of web-based extensions. The vulnerabilities observed in Ghanaian SMEs also contribute to the prevalence of these assaults. Messaging, distributed computing, online interfaces, virtual entertainment, web banking, the internet of things, and similar web-based extensions have all been used by Ghanaian businesses. Cybercriminals are now able to take advantage of these developments, and most of their crimes go unreported and unrecognized. One of the difficulties encountered by ICT organisations is the absence of a system that provides leadership, focus, direction, and a standardised approach to managing network security. Most Ghanaian NGOs are founded through social data agreements, making it crucial to safeguard vital information, infrastructure, and personnel from cyberattacks. Comment by Owner: ? Comment by Owner: Introduce acronyms before using them. E-g: Small to Medium (SME)

Adoption of ICT, computerization of different bases, and construction of web networks in even the most distant areas of Ghana have all been undertaken with the aim of closing the country's digital divide (Ouassini & Amini, 2021). The targets of the attempted digital assault are also exposed. There is a significant lack of most instructions and techniques to avoid, respond to, and mitigate network security events and hazards, as well as further enhance employee understanding, when it comes to managing online security concerns without a network security system. If these prerequisites are met, it is envisaged that Ghana's small and medium-sized enterprises would be protected against cyber assaults.

The Internet of Things is a network of networked devices that exchange data and instructions via a distributed network of sensors, gateways, and other nodes. The method of transmission may be hardwired or wireless, depending on the gadget in question. Barker et al. (2020) state that, right now, the Web of Things is the best place for developers to focus their efforts. As the complexity of the web of things grows because of mechanical coordination and collaborative effort, so too does the possibility that network security will be compromised. Information falsification, information control, information and IP fraud, and hacking are all common in the gambling industry. More and more Internet of Things (IoT) devices are being produced and deployed for widespread use. The growth of massive, decentralised computing and information corporations also presents promising prospects for the expansion of the IoT sector (Barker et al., 2020). Web of Things (IoT) technologies must still pass the test of internet security.

The term "Cybersecurity Culture" (CSC) is used to describe an organization's collective knowledge, attitudes, perceptions, suspicions, norms, and preferences with regards to network security, as evidenced by the actions of those responsible for the development of data. The goal of the CSC is to ensure that the representative makes data security a central component of their work, trends, and leadership. Strong CSCs emerge organically from employees' attitudes and actions toward data resources in the workplace when data security is properly managed, and CSCs may be formed, coordinated, and modified as a part of the larger hierarchical culture of a company (Corradini, 2020). After all, businesses need to properly comply with and adjust their CSCs to new developments and dangers, shifting goals and cycles, and ever-evolving projects. A successful CSC fosters a culture of security among workers and helps them become more resistant to digital dangers, particularly those that are introduced in a user-friendly fashion, all without impeding their ability to take advantage of the most promising prospects for the company.

CSC refers to the practises of representatives regarding network security to safeguard associate data assets or get the optimal degree of online protection, and it also includes their secret data, beliefs, insights, mentalities, assumptions, standards, and values. Incorporating and capitalising on aspects outside of science and strong leadership are necessary to cultivate a compelling CSC (Barker et al., 2020). To foster a successful CSC, it is essential to acknowledge the significance of human brain research, humanistic components, and societal effects. Representatives, more than anyone else, should take a close look at both their immediate working conditions and the larger systemic issues that affect everyone. The guidelines stress the need for creating a CSC working group inside the company. This committee will be responsible for using modern technology to manage evidence-based CS, as well as for regulating CSC programmes and technology, monitoring the execution of CSC exercises, and guaranteeing that the organization's overall network security plan is upheld (Barker et al., 2020). The potential future results of the company's CSC programme have been increased by the consolidation of a core group of five express regions into one organisation. When it comes to the CSC programme, this central team requires backing from upper management, too.

An organization's projected CSC should be used to define the organization's most important goals and the performance standards that will be used to determine whether those goals have been met. Some of these objectives will be company-wide initiatives, while others will be decided upon at more localised levels. Training in Distinguishing Objectives and Their Related Success You may use the rules to refine your current CSC setup and define metrics (Corradini, 2020). Create a baseline for where you are now and measure how far you are from your intended destination. You can use one of three common routes: Stop mediating your present CSC issue. Use your CSC mediation skills to work through the problem at hand. Reduce the number of steps in both the first and second methods.

The organization's status and its goals should inform the actions it takes and the strategy it employs to implement those activities. The company needs to think about the following, in particular: The organization's focus areas, the language to employ when discussing those areas, and the desired results Choose either the middle value or the corresponding physical activity. You can learn more about the precise impact of your choice of activities if you carry them out separately and observe the results. Join forces and carry out the procedure simultaneously to find out the full impact of your efforts ("Foundations of the high-performance information security culture framework," 2021). Prior to going on to the next step, it is recommended that you repeat the previous steps and examine, reflect upon, and learn from the outcomes.

The company's acquisition and assessment of the opportunity are crucial first steps. To achieve this goal, existing values, culture, beliefs, and practices, as well as their origins, must be understood. This data is easily available across all teams and divisions (Corradini, 2020). Depending on the group, department, and/or nature of the job at hand, there may be varying requirements that must be met to ensure success. Furthermore, the organisation may be unaware of certain roadblocks to development unless those responsible for those areas bring them to management's attention.

Everyone in a company should feel empowered to contribute to the development and execution of a data security plan to foster a culture of shared ownership, appreciation, and support. This prevents security measures from being overly intrusive or complicated and instead ensures they are in line with the organization's practical and developmental contrasts. To be effective, a methodology must accomplish many things well: reinforce solid administrative viewpoints and actions; be scheduled similarly to other business opportunities to ease confirmation; centre on a flexible system suitable for long-term usage; and be quantifiable to prove performance. Metrics allow managers to regularly analyse their plans and assess their effects, allowing for more accurate assessment and more frequent strategy updates (Dawson et al., 2022). Because this method of network security is used by many businesses, employees may regard it as a suggestion rather than a requirement, even though most security incidents in businesses are the result of human error. In essence, advancement is useless to the organization's safety if it is not properly planned and exploited. Rather than aiming to restrict safe behaviour, increasing CSC influences prospects, develops safety awareness, and produces a tightly hierarchical society.

The development and rollout of an efficient CSC programme within a company is a complex endeavour that calls for the participation of top-level management and a wide range of stakeholder representatives. Culture is more than just caring; it also includes the establishment of norms, values, and beliefs. To achieve this goal, top-level management, CS contractors, and reps will need to have a common understanding of the roles, duties, and procedures that each play in preventing and responding to cyber-attacks (Dawson et al., 2022). Each company has its own unique culture; thus, to build a CSC that will last, top-down knowledge of the company's general culture, procedures, strategies, work habits, and cycles is essential.

There are risks of employees rejecting or ignoring the message, innovation, and labour of CS if CSC projects and exercises become too tough; this is especially true if CSC is not integrated in a hierarchical culture and fails to fulfil representative requirements and practises. Workers should be involved in the CSC formation process rather than being imposed upon. It is normal to expect top-level buy-in and public endorsement of the company's planned CSC to lend credibility to the initiative and signal its significance (Corradini, 2020). If your company or organisation is looking to establish a solid CSC, the advice in this section will be invaluable. This policy is based on previous CSC documentation and standards, as well as knowledge and best practises discussed at our conferences with CSC specialists and representatives from diverse organisations working on CSC tasks.

Changing a company's security culture is difficult since it calls for people to alter their worldviews, habits, and even their unspoken assumptions about how to keep a network secure. There are a variety of approaches that may be used to set up and manage a CSC effectively. Statements, mottos, awareness programmes, role models, prizes, and affirmations are all ways in which senior management responsibilities may create a new safety culture attitude. These obligations will reshape the hierarchical culture and provide the foundation for new approaches to data security across the business. Identify issues plaguing the corporate world (Dawson et al., 2022). The attitudes and actions of employees should be analysed in the context of the company. See what the situation is right now. Cybersecurity in an organisation should be evaluated in terms of its quality, arrangements and techniques, samples, assumptions and beliefs, and data before any further steps are taken.

Just as crucially, the ideal significance of business encounters should be conveyed and described. Targets and KPIs must be established for such a huge pool of potential customers. Calculate the mean distance from the present state to the ideal state (Dawson et al., 2022). Security strategies can be used to shape future objectives, cycles, and job instructions, signalling a shift away from distinguishing characteristics and toward clear and focused smart goals. Training employees on what they should do, how they should do it, and why they should stop doing it is crucial to persuading them of the need to alter the present safety culture. The curriculum should be designed with these goals in mind. Keep in mind that adjusting a culture takes time and effort. All representatives should be aware that their current employer is not a suitable match.

CSCs need metrics for measuring progress and receiving continuous feedback from boards and representatives. The goals may need to be amended if we discover them to be difficult to reach or unacceptable for representatives, but employees are continually pushed by management through incentives and approvals in the face of performance monitoring. It is possible to renegotiate and improve the final culture we seek over time. Metrics play a crucial role in defining both the present and intended CSCs, as well as progress accomplished, in the context of cultural transformation and data security. They confirm the appropriateness of security actions taken in a new network security culture by proving their efficacy, and they give helpful criticism for employees and management. Scalable, reproducible, and comparable large-scale measurements are required for reliable conclusions. Additionally, they should be doable, relevant, and provide helpful feedback on potential future developments (Dawson et al., 2022). Care must be taken to ensure that all selected measures are appropriate for the CSC. Metrics like "the number of workers that attended network security training" and "the results of a survey on network security information and competence" are comparable measures that may be used to evaluate a representative's degree of knowledge and understanding. As a result of their lack of relevance to the attitudes and worldviews of employees, these perspectives are inappropriate for gaining insight into CSC.

Analysing worker behaviour is possible by studying the real-world results of CSC implementation. Some cybersecurity technologies gather this data to help determine how often an organization's network is attacked, how often it can thwart such assaults, and how long it takes to discover an attack. Employee-sent phishing and malware assaults are another source of information on staff behaviour regarding network security. Specialized equipment evaluating staff workouts is another way to test for consistency. Finally, it's crucial to evaluate the network's disposition and protective beliefs, even if doing so is more challenging.

Employees' contributions and responsibilities to online communities, as well as their knowledge of network security risks, management roles and responsibilities, critical asset availability, cutting-edge, high-performance, and user-friendly specific tools, and strategies, can all be discussed via correspondence channels to improve the CSC. The confidentiality, propriety, and openness of any correspondence inside the company about this matter Analysing the expected practises of staff, generally, as well as their moods and feelings about cybersecurity safety and authoritative practises, awareness of place, social correspondence, disclosure of episodes, and what they see as standards for direct and hierarchical exercise, can provide insight into the beliefs and suspicions of workers.

To raise security awareness, small-scale organisations in Ghana might benefit from CSC, which is especially helpful for restricted commodities. Larger companies that already have an established IT security operation may find the framework restrictive. The government and the hidden industries worked together to consciously design this structure. The modular components of a CSC allow for extensive personalization and low costs. The CSC system's focus is on ensuring the integrity of an organization's IT infrastructure and providing some sense of direction without being process-centric ("Foundations of the high-performance information security culture framework," 2021). Money, modern/employee wellbeing, and functional risks are only some of the opportunities that may be addressed by focusing on network protection. A further non-biased feature of the system is the incorporation of internet protection risk factors into normal operations at businesses across the country.

In the realm of cyber security, fashions come and go.

The following trends are having an outsized effect on cyber security:

Web server: Attacks on online applications to steal information or propagate malware are still a real concern. Cybercriminals use hacked legal web servers to deliver harmful programs. However, there is a serious risk posed by data-stealing attacks, many of which are well publicised in the media. We now need to provide more attention to securing online infrastructure and web-based software. Web servers provide the perfect environment for these hackers to collect information. Always use a secure browser, but especially while making financial or other significant online purchases, to reduce your risk of falling victim to cybercrime.

What the cloud and its related services have to offer

Nowadays, organisations of all sizes are progressively adopting cloud services. To put it another way, Earth is climbing closer to the sky every day. As a result of this development, traffic may now avoid conventional checkpoints, which is a major problem for online safety. In addition, as the use of cloud computing continues to expand, new measures will need to be taken to ensure that sensitive information is protected within online apps and cloud services. Many worries have been voiced concerning the security of cloud services, despite their efforts to establish their own models. The cloud has many benefits, but it's important to remember that as it develops, so do potential security risks.

Specific threats and advanced persistent threats

The Advanced Persistent Threat (APT) represents a new generation of malicious programs. For a long time, web filtering and intrusion prevention systems (IPS) have played a crucial role in spotting these kinds of targeted attacks on networks (mostly after the initial compromise). Network security must combine with other security services to identify assaults as attackers grow more audacious and elusive. Therefore, we need to strengthen our security measures to forestall any attacks in the future.

Wireless data systems

There are no longer any barriers to talking to people throughout the world. A fundamental issue with these mobile networks, however, is security. Devices like tablets, phones, PCs, and so on are making firewalls and other security mechanisms less effective since they need protections beyond what the installed software provides. The safety of these wireless networks is an ongoing concern. Since mobile networks are especially susceptible to cybercrime, extra precautions should be taken whenever a security flaw is discovered.

Differentiated Protocol for the Internet

IPv6, the newest version of the Internet Protocol, is gradually being implemented to replace IPv4, the current protocol version that has served as the backbone of our networks and the Internet. Protecting IPv6 requires more than just a simple transfer of IPv4 features. IPv6 is a protocol that will completely replace IPv4 to expand the number of accessible IP addresses, but it also introduces some significant modifications to the underlying security model. Therefore, IPv6 migration should be prioritised to lessen the impact of cybercrime as soon as feasible.

The Code's Encryption

Encryption refers to the method of encrypting communications (or data) so that it cannot be deciphered by outside parties such as snoops or hackers. Using an encryption algorithm, a message or piece of data is transformed into unintelligible cypher text via an encryption system. A message's encoding method can be determined by using an encryption key. Data confidentiality and integrity are safeguarded from the start through encryption. Increased encryption use, on the other hand, introduces new challenges to the field of cyber security. Data transported across networks (such as the Internet or e-commerce), mobile phones, wireless microphones, wireless intercoms, and so on are all examples of data that might benefit from encryption while in transit. Therefore, one may check for data loss by encrypting the code and looking for leaks.

Therefore, these tendencies are some of the ones that are altering cyber security on a global scale.

Opportunities and dangers

The three parts of a vulnerability are the susceptibility or defect in the system, the attacker's access to the problem, and the attacker's ability to exploit the flaw. It is possible for an attacker to cause indirect harm to the software's stakeholders if a fault (also known as a bug) occurs at any point during the development process, including during coding, compilation, and implementation. Those who have a vested interest in a piece of software, such as users and the software's creator, are known as stakeholders. Depending on the severity of the flaw, a hacker may be able to start an attack and take advantage of it. Serious repercussions may result from a breach of high-level security. As a rule, managers of information technology are expected to overlook security flaws and other problems with their systems. After hiring an IT security agency or consultant, the company's IT infrastructure will be safeguarded adequately with minimal involvement from IT management. Security stress reverse testing, which searches for and detects blind spots or the number of flaws, can be used as a regular replacement for penetration testing, preventing catastrophic security failures. Companies that invest in ethical hackers are the ones that usually conduct these kinds of tests. In the next two parts, we will go through the most typical types of software and web security holes.

When it comes to software, some of the most typical security holes are:

Incorrect implementation of authentication and session management: Attackers can compromise credentials like passwords and logins, keys, and session tokens, or assume the identity of another registered user, if these features are not handled appropriately.

A SQL (Structured Query Language), OS (Operating System), or LDAP (Lightweight Directory Access Protocol) injection issue occurs when a user unwittingly receives malicious data in response to a request or command. The user may unwittingly provide the attacker access to sensitive information by executing the attacker's malicious data in the form of requests or command codes.

 

The Various Forms of Assault

A cyberattack is an electronic attack again among others’ a computer network, a website, or any other linked electronic device. A successful assault might compromise the security of the network and any data stored on its systems, as well as the system's availability, integrity, and confidentiality. Different types of include, tacks include a. Unauthorized attempts to gain access to a computer system or its data

DoS assaults, which overwhelm and crash websites, are becoming increasingly common. There are many different techniques to launch a denial-of-service attack. Teardrop is one such method, in which data packets of variable sizes are sent across a network.

The server has reached its storage capacity and is experiencing a buffer overflow.

Smurfing is the practise of bombarding a network with unnecessary requests in the hopes that a machine will answer.

 

strikes with precision Comment by Owner: Incomplete.

The goal of a targeted attack is for the attacker to gain access to whatever information they want or to cause as much damage as possible to a specific organisation anywhere in the world. Cyber espionage is the goal of some of these high-tech attacks.

Attackers and Their Favourite Methods of Operation

Well-known criminal networks and hosting sites include:

Dragonfly: Since 2011, the energy sectors of both Europe and the United States have been targets of the continuing cyber espionage effort known as "Dragonfly." Aside from sabotage, they're also interested in stealing information. The principal targets are those involved in the production and distribution of electricity, the provision of industrial equipment, and the operation of petroleum pipelines.

Water bug

Cyberspaces such as Water Bug operate using cutting-edge viruses such as Trojan.The government infrastructure of many nations will be methodically attacked by Trojan and Wipbot Turla. One of their attacks, called Heartbleed, led to the loss of 4.5 million medical records.

As per point (c), it would be Regin's platform.

Cyberattack platform Regin, or Regin, can keep tabs on GSM and other networks. The virus may sneak into a machine and take data, including keystrokes, screenshots, files, and emails from Microsoft Exchange servers and network traffic data. Due to the reliance on computer management in GSM networks, it is possible for malicious actors to breach the base station controller and then use it to conduct attacks via SMS and call interception or disruption. To that purpose, the Regin Platform caters to niche groups, including telecom carriers and academic organisations.

COUNTERMEASURES

There is a vast variety of countermeasures that may be taken by defenders of information systems, each of which is tailored to a certain assault type and its available resources.

Varieties of Protective Measures

Employees need to be educated about the many kinds of assaults that might hit their company and the steps they should take in the event of an attack. Important points of entry, such as passwords, should be shielded against attacks by following standard operating procedures. Because most jobs do not require specialised knowledge of information-systems security, several studies have concluded that education is the most effective countermeasure for securing information systems.

Backups

Making copies ("backups") of digital information is crucial for recovering from attacks and differentiating between modified and legitimate data since many assaults destroy data or programs. Important data should have backups produced and kept in a location that is not directly connected to the systems that might be compromised. A backup system may be a completely identical computer setup, server facility, or data centre.

Disciplinary Actions

All these assaults are technically criminal. Although most attackers don't worry about getting caught, it's because it's so hard to hunt them down and apply the rules that are in place, especially when it comes to cybercriminals who engage in cross-border crimes. Nonetheless, legislation should be able to deter repeat offenders.

Patches

It is crucial to correct flaws or problems in software as soon as they are identified, since "patches" are "packs" to fix faults in the form of new versions of software.

Taking Precautions

In the digital realm, automated access restrictions are indispensable. Computer login and resource utilisation often require the use of a password, which is used to handle access controls. Each person or group can have their own set of restrictions for reading, writing, and running resources, and they can also provide these rights to other users. "Firewalls" are specialised computers on a LAN that limit incoming and outgoing network traffic based on simple principles like source and kind of communication. Unfortunately, access restrictions may be breached by many of the threats, and they often won't prevent insider assaults by technical employees.

DIFFICULTIES IN DEVELOPING NATIONS' CYBERSECURITY

Some of the current cybersecurity challenges faced by developing countries include:

1. Physical Setup (International Telecommunications Union, 2009)

2. Legal frameworks (Norwegian Institute of International Affairs, 2018)

3. Consistent laws are the third (Bande, 2018).

4. balancing global harmony with local needs (ITU, 2012) Systems

5. 5. (Schia, 2018) (Schia, 2018)

Instruction and data (Tagert, 2010; Schia, 2018) Comment by Owner: References included at the end of the document.

Cybersecurity knowledge (The Economic Commission for Africa Policy Brief, 2014)

Money and cost-effectiveness, number 8. Muller, P. L. (2015)

Tagert (2010) classified as having a lower risk of physical assault.

Ten. There aren't enough systems in place to meet their cybersecurity needs. (Tagert, 2010)

Documenting Cybercrime 11 (2017; The Republic of Mauritius Cybercrime Strategy)

12th Trading Information

METHODOLOGY Comment by Owner: You need to have literature review before methodology. Not more than 1600 words. Expected here are: Introduction – a brief introduction to state what is contained within the chapter Topics – the number of titles of these will vary depending on your area of study Both fundamental background and up-to-date related works should be reviewed. Related are similar works as yours using either similar approach to solve the same problem, or using the same approach to solve similar problems. Summary – the chapter needs summarising to conclude where your research fits within the existing literature/ a conceptual framework that draws together the key literature(s) / ideas should have been developed. Questions – what question(s) you aim to answer or explore in your Dissertation Comment by Owner: Methodology and methods. Not more than 2000 words. Expected here are: Introduction – a brief introduction to state what is contained within the chapter Philosophical assumptions – an appreciation of research philosophy. Crucially, the selected approach should be identified and justified. Research questions – each question should be used as a subheading. In each case the methods selected should be critiqued and justified. The information relevant to populations, sampling methods, deployment plans, the design of instruments and limitations can be included on a question by question basis. Validity and Reliability – this can be considered on a question by question basis or in a section on its own. A consideration is made of how the method addresses the needs of the question and how replicable they are. Data Selection and Collection – a detailed breakdown of how and why data was collected and the associated practical challenges. Ethics and Bias – a consideration of the relevant ethical issues and any bias that may be inherent within the study or the subsequent analysis with thought given to validity, reliability and generalisability. Again, this can be considered on a question by question basis or in a section on its own. Limitations – discuss any relevant limitations to the methods selected

Mohajan paraphrases Remenyi et al. (1998), who say that a research technique can be viewed as a procedure, step-by-step template, or framework within which research is done. Researchers can choose between quantitative, qualitative, and mixed approaches to their studies. For this reason, we used a qualitative methodology to conduct our research.

Due to the study's commitment to the underlying interpretivist paradigm, which seeks to understand respondents' mental processes in each context and generate novel concepts or theories, a qualitative research strategy was used. The notion of the interpretivists that there are several realities that need to be studied in settings is consistent with the focus of qualitative research on contextual meaning (Willig, 2001, cited by Hossain, 2011).

Assessment models and methods

An overarching strategy or blueprint for a study is represented by its research design (Kothari, 2004). This preparation considers the research approaches to be used and strategies to analyse the data, while also addressing the aims of the study and the available resources. Research design is essential to maximise information gain while minimising costs, time, and labour (Kothari, 2004). In this study, we used a descriptive research strategy based on focus group discussions to probe our research questions. At the Harare International Conference Centre on March 7 and 8, 2019, the researcher presided over a cybersecurity workshop with a total of 8 participants (HICC).

A Cybersecurity Framework is Required

Society can be better prepared to deal with the challenges of using and exploiting ICT technology if it has a cybersecurity culture that addresses the economic, legal, and social problems of cyber security. The pillars of cybersecurity culture include education and awareness, lawmakers, law enforcement officials, business leaders, computer and network security specialists, regular users, and productive collaboration. According to Ghana's National Cybersecurity Policy and Strategy (2014), a plan's foundations should consist of the following:

1. Efficient leadership and public-private partnerships Comment by Owner: Numbers are not in order.

2. The Legislative and Regulatory Structure

Third, a blueprint for cyber defence tools

Building a culture and skill set for safety is priority number four.

5. Global cooperation

6. Cybersecurity emergency preparation

Seventh, the process of creating something new via research and experimentation

Discussion of Findings and Concerns Regarding Cybersecurity in Ghana

First, there is a lack of consensus on who is accountable for what in the realm of cybersecurity. Despite what some may believe, this is not a technology problem but rather a societal one.

Because more and more tiny devices are connecting to the internet and posing a significant risk to cybersecurity, the widespread use of technology and advancements on the Internet of Things (IoT) pose serious problems. In this age of widespread remote work, it's impossible to tell if the computer scanning your business is located down the street or halfway across the world.

Third, companies don't include a cybersecurity plan in their business strategy, seeing it instead as an afterthought.

Having too much faith in one service provider, like Ecocash, might be dangerous. The economy is performing well, but there remains a lot of uncertainty. A national payment system is necessary, and the government or national system should provide it so that citizens may rest easy knowing that they will have access to critically important services.

As a country in West Africa, Ghana's African culture is still developing and has seen only limited online exposure and plastic money use. Cybercriminals frequently take advantage of this kind of vulnerable situation.

Sixth, we must insist that our service providers implement redundancy by strictly enforcing and adhering to service level agreements (SLAs).

Only 47% of the population in Ghana has access to the internet, and only 3% of the population can afford to pay for electricity. This leaves a large target demographic for fraudsters of all stripes.

A clear cybersecurity vision and technical solutions that are feasible in our environment are essential.

9. More frequent, even community-level, awareness training programmes are needed to raise consciousness in Ghana.

Ten. We need to conduct a comprehensive examination of our nation's cybersecurity talent pool to address the pressing problems of talent gaps and slackening competence. In addition, brain drain is affecting Ghana since the country's scarce cybersecurity experts are sought after by employers in other countries.

There is a lack of simplification of national ICT and cybersecurity policies for the average person and grassroots organisations to implement effectively.

12. Cybersecurity education is severely lacking in American schools. Certificate, diploma, and degree programmes should all be required to include cybersecurity coursework.

They can be made available to students at lower levels of education.

13% The nation must be ready since almost no one is familiar with cybersecurity laws and legal frameworks.

To evaluate the success of a cybersecurity strategy and its associated efforts, it is helpful to have a framework in place that lays out the steps that must be taken to implement the plan and provides appropriate goal metrics.

Cybersecurity and information security are defined as follows: The practise of protecting data and computing infrastructure from threats such as unauthorised access, misuse, disclosure, disruption, modification, and destruction is known as information security.

Cybersecurity is the ability to protect data and systems in cyberspace against intrusion.

A PERSPECTIVE ON CYBERSAFETY:

There has been a dramatic increase in the frequency, scope, and ultimate peril of cyberattacks. The new wave of cybercriminals' goals extends beyond the simple theft of money and the holding of sensitive company data as ransom. They may, alternatively, aim to infiltrate and corrupt not just one organisation but the whole ecosystem to which it belongs. Cyberthreats grow when institutions transform their operations using digital channels, automation, and other cutting-edge technologies.

As individuals who want to exploit vulnerabilities become more sophisticated, brazen, and destructive, businesses must devote substantial resources to plugging the resulting security weaknesses in their internal, online, and digital infrastructures. For this reason, government agencies are prioritising the management of systemic cyber risk and the prevention of its potential contagion (spread) across firms and third parties. When we talk about modern cybersecurity, we don't only mean keeping sensitive data and systems safe from hackers; we also mean protecting people's identities, keeping personal information private, and managing risks on a massive scale. Businesses of all sizes really need to adopt a new cybersecurity strategy.

The Cybersecurity Vision includes the following five parts:

First, hone your in-house expertise so you can analyse the most pressing cybersecurity risks using the most recent data and expert opinion. Achieve rapid threat detection while maintaining a watchful eye on the safety of the company's most vital assets.

2. Scalability and resilience: Have a plan in place to swiftly recover from a cyberattack and insist that your ecosystem meets the same high standards for cybersecurity that you do as a business.

Third, make cybersecurity a core part of the company's strategy and the foundation upon which all new digital breakthroughs are built.

Fourth, prioritise risk by acknowledging the existence of both long-term trends and recent legislation that will have an impact on the future of cyber risk governance. A three-line-of-defence (3LoD) approach with well-defined roles and duties is necessary for effectively managing cyber risk.

The focus on talent: Create a culture where protecting sensitive data is everyone's job and choose a Chief Information Security Officer (CISO) who can effectively implement your plans.                                                                 

                                          ARTEFACT Comment by Owner: An artefact is presented but implemented to a limited extent and with limited functionality, demonstrating limited technical proficiency and expertise. There is scope for much more depth of implementation. There is some discussion of how the artefact has been developed in light of the research undertaken during the project and some consideration of the development process or any testing and modifications but there is scope further work.

                                   THE PFSENSE PLATFORM

Many companies invest millions of dollars annually to ensure the safety of their sensitive company data and information, making network security a crucial part of network administration. Many corporations use firewalls and encryption methods to safeguard their data. Some of the many firewalls and encryption methods now on the market are not suited for use by SMEs data and information, making network security a crucial part of network administration. Many corporations use firewalls and encryption methods to safeguard their data. Some of the many firewalls and encryption methods now on the market are not suited for use by SMEs. For small and medium-sized enterprises (SMEs), these actions may be unnecessary or excessive. Several security measures must be merged into a unified security package for proper and centralised administration and management. One of the best choices will be to use an open-source firewall. In this paper, we present the results of a case study of modern features of the open-source FreeBSD firewall pfSense. These features include a unified management interface for firewall, URL filtering, VPN, and other security services; support for both Captive Portal and Active Directory for central control of wireless network user authentication; log analysis for improved network security; and more. When combined with another open-source tool, layer 7 capabilities provide a potent answer to controlling traffic based on application patterns and may effectively thwart network assaults.

In the twenty-first century, the internet has matured into a useful resource for individuals of all ages. The way it works shifts based on who is using it. It is seen as reliable by some for business and informational purposes. Others use it to upload and download media, communicate with friends and family all over the world, and participate in online games. Individually, antiquated security methods are becoming helpless against today's malicious cyber actors. Defence actions must be coordinated to provide adequate security against network and cyber-attacks.

pfSense is a customised version of FreeBSD that serves primarily as a router and firewall. It began as a branch of the Mon0wall initiative. Embedded device deployments are where Monet Wall really shines. Contrarily, pfSense is designed primarily for full PC installations but does include options for embedded devices. It comes with a tonne of useful features out of the box, and you can add even more with the package system, which even supports "one-click" installations.

Since pfSense offers many features seen in commercial systems, it is now a viable alternative to commercial firewalling and routing solutions (Cisco Pix, SonicWall, and WatchGuard). Firewall, routing, Quality of Service (QoS), Network Address Translation (NAT), redundancy, load balancing, a virtual private network (VPN), report and monitoring, real-time data, and a captive portal are all included. Hardware designed for use in high-volume server environments has all the features necessary to handle massive data flows (above 500 Mbps). All the pfSense system's services' settings are stored in a single XML file called config.xml. Since most of the pfSense services' backend code is written in PHP, it's easy to build upon the current code base to enhance or add features.

Using the PFSense platform to implement Unified Threat Management (UTM)

Defence actions must be coordinated to provide adequate security against network and cyber-attacks. A unified threat management system (UTM) is a security appliance that performs several key functions for protecting a network all in one place. The following network security technologies are combined into a single platform by UTM: Examples of security measures include firewalls, anti-spam and anti-virus software, URL filters, and virtual private networks (VPNs).

Due to two key difficulties, we chose to implement pfsense for UTM in this project rather than a hardware or software appliance. To begin, this method can cost less than others that rely on hardware or software. Second, its dependability means fewer network disruptions. Our solution's primary focus was on cutting down on bandwidth use and associated expenses. When a user accesses a website, the proxy server stores a copy of the page they are viewing in its cache. The next time that person visits that website, they won't have to wait for the content to download because it will already be in their browser's cache. Squid Guard is also installed on the WAN interface, where it filters URLs. Squid3 is a proxy server that stores and serves online content and supports several protocols like HTTP, HTTPS, FTP, and more. Any IP range that has a high user count and low error rate is stored in its cache.

Using RADIUS Authentication and the pfSense Captive Portal to Secure a Wireless Network

A WLAN is open to all users and transfers data and communicates via radio transmission. uses WEP, WPA/TKIP, and WPA2 in that sequence. But some specialists have found a weakness in WPA2, the most secure Wi-Fi encryption and authentication mechanism currently available. As a result, to strengthen WLAN security, a new secure approach known as Captive Portal has been developed. Users are verified by a web page authentication technique. Installing pfSense on a server and setting it up with a single LAN interface so that it can be assigned an IP address is required to use pfSense Captive Portal for UMaT wireless networks. The LAN port must have a permanently assigned IP address and default gateway. When connecting to the wide area network (WAN), all pfSense LAN users must first utilise this default gateway.

With this experimental framework, we investigate the following:

1. How do I set up the pfSense captive portal?

2. How do I make a RADIUS server work?

3. How do you make a policy and find a way to keep things safe?

4. How should login information for users be handled?

Results and discussions reveal how each question might be set up and put into practice. As Due to the study's intention to prevent simultaneous Captive Portal logins, vouchers were created to allow visitors and guests to access the institution's Wi-Fi network.

This lab exercise showed how to secure wireless network credentials by configuring pfSense Captive Portal and a local RADIUS server for authorised users. Whenever a user on your wireless network makes a request for a website, pfSense will redirect them to the captive portal page using the Dynamic Host Configuration Protocol. This article seeks to discover a straightforward technique for including already existing users in an AD to connect with the captive portal, which may be used as an alternative to manually inserting data into the pfSense local user account.

It will be difficult for large organisations to execute the method proposed by Mamat and Ruzana (2013). to allow HTTP traffic monitoring, logging, and real-time analysis; and to raise the degree of security at OSI reference model layer 7.

The pfSense Platform: A Classification and Enforcement Framework

Inbound network traffic is often classified based on fields of network and transport data, such as service class designations, source and/or destination IP addresses, and ports. A classification like this may be quite useful in many situations since it strikes a great balance between ease of use and practicality. In this case, it may be feasible to bypass these limitations by undertaking traffic classification and policing at the application layer (also known as layer 7 or L7). In L7 categorization, user traffic may be identified depending on the types of applications being used.

IP Cop Firewall and Bandwidth Arbitrator are two similar L7 labelling projects. While IP Cop is useful for classifying applications, it only supports blocking policies and does not provide any form of shaping. We look at the pfSense L7 classification paradigm and handle it in this study. While pfSense does enable traffic classification at the application layer, it does not provide this feature to the user.

To that end, we have established the following goals:

Develop graphical user interface (GUI)-based solutions for managing the application protocol's classification subsystem.

Make and release wizards that make it easy for anybody to set up QoS parameters.

evaluate the performance (e.g., response time) of the categorization module based on the application layer; this will require planning and building a test environment that allows testing many application patterns simultaneously.

After implementing ipfw-classified, we found that pfSense now has an additional shaping mechanism, bringing it up to pace with many commercial solutions, and a fully integrated GUI that makes it simple for the end user to take advantage of pfSense's layer 7 capabilities. The main drawback now is that IPFW-classified isn't fully functional yet because it's constantly being improved. We still think there's room for development in the field. Putting L7 inspection into the kernel itself is a crucial and urgent task. This would lessen the time needed to redirect IP packets from the kernel to ipfw-classified or other programmes by performing the context change between the kernel and user land.

Using open-source applications to create a network security tool

Firewalls and encryption software are commonplace in commercial settings. While there are numerous firewalls and encryption methods available, not all of them are appropriate for SMBs (SMEs). Small and medium-sized enterprises (SMEs) may not need the full feature set or price tag of these apps. Network Defender is a network security solution that is built on open-source applications, and its architecture is presented in this project. Network Defender's four components are a firewall, network intrusion detection, a vulnerability scanner, and an exploit tool. Proof of the design's efficacy is seen in the fact that it was used to create Network Defender, which makes use of PfSense, Snort, Nmap, and Metasploit. The results of the tests show that the four parts can successfully detect and halt network attacks. It is also possible to launch counterattacks with the help of Metasploit.

The results of the tests show that every part can properly detect and halt network attacks.

Future development will entail the integration of other programmes and technologies, including SMS alerts and a central database, to further safeguard Network Defender from assaults. This research is said to have provided a less costly network security alternative for SMEs.

 

 

 

 

Conclusion and Recommendations Comment by Owner: You need to include results and discussion before this. Not more than 2000 words. Expected here are: Introduction – a brief introduction to state what is contained within the chapter. Signposts to where the research questions are addressed by the primary research should be included. Response rates – overview the rate of response from primary research methods (if needed). Demographic information can be included here. Importantly, the results must be linked to information about the population under study to show that the results are representative. Results – the findings are presented with suitable discussion and analysis with links to established literature. Ensure you clarify why statistical analysis is inferential or descriptive in this context characterising trends which have arisen. When using qualitative data ensure that quotes are presented with appropriate contextual analysis. Summary – summarise the chapter with key findings and link to the research question. Comment by Owner: Conclusions And Recommendations (not more than 1600 words) Expected are the following criterion: Introduction – a brief introduction to state what is contained within the chapter General conclusions – overview the key findings and their implications Research question conclusions – taking each research question separately clearly demonstrate what has been found in answering them. It is also important to point out what was not found. Recommendations – based upon the findings, recommend courses of action to provide direct benefit. If linked to a specific case study these could be organisational recommendations. If considering a topic in a more abstract way these could be generalised recommendations that have a wider scope. Wider application beyond the confines of the original research focus could also be made here. Errors and limitations – a final opportunity to recognise the things that may have limited the work undertaken. These build upon those discussed in the methodology as they may include practical limitations encountered along the way or flaws in approaches that only became apparent later on. Recommendations for further study – themes may emerge from the study that warrant further investigation. Outline what these are and how they may be addressed in the future.

Small-scale businesses in Ghana would do well to adopt a culture of cybersecurity to safeguard their data and hardware. This is crucial for fostering a company-wide culture that values safety and actively encourages workers to make informed decisions in line with established safety policies. There is a distinction between paying attention to network security and having a security culture. This necessitates having a team that is well-versed in security threats and protective measures. The company's security rests in the design and implementation of its business strategy. Most businesses have invested years of time and money into securing and creating their data assets. Extensive research and testing on firewalls have led to the conclusion that an open-source firewall offers the best chance for small and medium-sized organisations to defend their network from a wide variety of internet threats. pfSense outperformed every other open-source firewall because most of its components are supported by leased equipment needs and using it is also made possible by free permit administrations. When it comes to capabilities and functionality, PfSense is unparalleled. The captive door ensures that all connections are safe. Totally IP-based methods are employed. When execution is pushed forward, the focus shifts to the client.

 

 

 

 

 

 

 

 

 

References

1. Akaraz C. and Zeadally S. (2015): Critical Infrastructure Protection: Requirements and Challenges for the 21st Century. Journal of Critical Infrastructure Protection (IJCIP), volume 8, Elsevier Science, pp. 53–66, January 2015.

 

2. Kumar R. (2011) A Step-by-Step Guide for Beginners to Research Methodology, 3rd ed. Sage Publishers is in London.

 

3. 2018: Qualitative Research Methodology in Social Sciences and Related Subjects by Mohajan H.K. Journal of Economic Development, Environment, and People, 7(1), pp. 23–48.

4. Cybersecurity Capacity Building in Developing Countries, by P. L. Muller, 2015. There are both chances and problems. Institute of International Affairs of Norway

 

5. Schia, N.N. (2018). The cyber frontier and digital pitfalls in the Global South. Third World Quarterly, 39(5), pp. 821–837.

 

6. Shah S.R. and Al-Bargi A. (2013) Research paradigms: worldviews of researchers, theoretical frameworks, and study designs The Arab World English Journal, Volume 4, Number 4, 2013.

 

7. Barker, J., Davis, A., Hallas, B., & Mahon, C. M. (2020). Cybersecurity ABCs: Delivering awareness, behaviours, and culture change BCS, the Chartered Institute for IT

 

8. Corradini, I. (2020). Building a cybersecurity culture in organizations: How to bridge the gap between people and digital technology Springer Nature.

 

9. Dawson, M., Tabona, O., & Maupong, T. (2022). Cybersecurity capabilities in developing nations and their impact on global security IGI Global.

 

10. Foundations of the high-performance information security culture framework

 

11. (2021). Cybersecurity Readiness: A Holistic and High-Performance Approach, 49–58 https://doi.org/10.4135/9781071837313.n4

 

12. Ouassini, A., & Amini, M. (2021). Cybersecurity in Ghana Routledge Companion to Global Cyber-Security Strategy, 564-572. https://doi.org/10.4324/9780429399718-48 ACS (2016): Cybersecurity: Opportunities, Threats, and Challenges

 

13. Kothari C. (2004): Research Methodology: Methods and Techniques, 2nd Edition New Age International Publishers

 

14. Kothari C.R. (2004): Research Methodology: Methods and Techniques, Second Revised Edition New Age International Publishers