Benchmark – Framework Compliance Assessment Report

profiletukaz2005
Organizationalriskassessment.docx

RUNNING HEAD: ORGANISATION RISK ASSESSMENT

CYBERSECURITY CONTROLS 6

Student Name

A Cybersecurity framework describe controls that once fulfilled, are a representation of a completely functional program for cybersecurity. There are various framework controls that serve the needs that exists in various industries. Cybersecurity controls encompass the safeguards that are executed by an organization towards preventing a possible compromise on an electronic information (Thames, & Schaefer, 2017). A compromise on electronic data means any action that lowers the confidentiality as well as integrity of the electronic information. Cybersecurity controls are designed to be either preventive in nature or detective. All the forms of cybersecurity controls prevent, identify, or respond to any forms of breach on electronic information in an organization.

When some controls cannot be implemented

One of the biggest threats that basically come from personal laptops is connections with other networks. In the instance where a personal laptop is connected to a network whether public or private, protection to that computer is provided by firewall. While it is easy to implement some security controls on stand-alone personal computers, it is a hard task to ensure that your personal computer is securely protected when it is connected to a network (Lin, 2006). The reason being that the available firewall rules may not offer the level of protection required whenever there are threats that result from new malware or changes on the network. Again, some firewalls can be misconfigured and therefore exposing the firewalls to attacks that check for known vulnerabilities from those personal computers.

Solutions to the above case highlighted above.

Identification is the capacity to establish in a unique way the user of a computer system. Authentication is the way to prove that a user of a system is who they claim to be. Therefore, the authentication scheme refers to what is needed during the entre user identification process. This includes the following:

· The system login module stack

· The user interfaces that collect all the necessary details for user authentication.

Owners of data resources or network resources wishes to verify the correctness of the user, who is trying to access the resources that are stored in diverse location. Identifying a particular user which determines which parts of the resource user is trying to access (Liao, Lee, & Hwang, 2006). Keep tracking unknown uniquely is vital because history is used to provide the details activities of the user.

How compensating controls ensure the non-compliant system can continue operating within a secured and compliant environment.

A compensating control refers to a mechanism established to ensure the security requirements of a system thought to be extremely hard to implement in the meantime. There are number of compensatory controls that deliver smooth operation of a system that is non-compliant:

· Identify diverse locations of data stored and accordingly define compliance scope.

· Gain visibility over data as well as control over sensitive and private data.

· Periodically keep monitor system security control as well as compliance of the system.

· Training and hands-on session about security awareness to all the members working in particular organization (Christ, Masli, Sharp, & Wood, 2015).

· Filling of questionnaires on compliance self-assessment is essential without validating some of the security controls.

In short, compensating controls remain very important as far as compliance is concerned. However, they are not lifetime solutions and therefore the organization should take back the original control in a short time possible. This should never be a shortcut for organization towards compliance.

The likelihood of a cyber security breach within the compliant environment and the impact it might have on the organization.

A cybersecurity breach can happen to even the companies that have their systems compliant. Dealing with a data breach can be a very stressful experience for any company. Even when a data breach occurs in an environment that is compliant, the issue should be taken seriously and treated as one that be dealt with well. 

Cyber Threats

Cyber threats are a cyber security event which causes harm inside the system. Some of the example of cyber threats are phishing attack which enable an attacker to install malicious software such as Trojan and stealing private data from user's application, second one is when an system administrator leaving deliberately data which leads to data breach.

Vulnerabilities

Major weaknesses in a particular system is known as a vulnerability. Vulnerabilities essentially, make threat which is very dangerous for the system. Any system must be exploited via a single vulnerability, take an example of single SQL Injection attack, which gives full control to attacker on private and sensitive data.

Risks

A cyber security risk is collection of threat probability and loss that can happen in a particular system. One example of the risk is private and sensitive information theft is biggest threats which SQL injection can enable.

Any kind of cyber security breach can impact an organization negative in the following ways.

Destruction of the brand reputation- A security breach can have a long-term effect on the reputation of any brand not just the revenue streams. For instance, any breach on the information about customer payment details may violation of privacy and customers or even those potential will find it hard to trust a firm with history of not protecting their data against invasion by unauthorized persons (Haislip, Kolev, Pinsker, & Steffen, 2019).

Intellectual Property loss- Revenue loss plus damaged organizational image is a big deal for any organization. However, hackers also target at designs, strategies, and blueprints of companies. A loss of an intellectual property negatively impacts the trustworthy and respect of your firm thus the competitors get some undue advantage.

List of references

Lin, P. P. (2006). System security threats and controls. CPA JOURNAL76(7), 58.

Thames, L., & Schaefer, D. (2017). Cybersecurity for industry 4.0. Heidelberg: Springer.

Liao, I. E., Lee, C. C., & Hwang, M. S. (2006). A password authentication scheme over insecure networks. Journal of Computer and System Sciences72(4), 727-740.

Christ, M. H., Masli, A., Sharp, N. Y., & Wood, D. A. (2015). Rotational internal audit programs and financial reporting quality: Do compensating controls help?. Accounting, Organizations and Society44, 37-59.

Haislip, J., Kolev, K., Pinsker, R., & Steffen, T. (2019). The economic cost of cybersecurity breaches: A broad-based analysis. In Workshop on the Economics of Information Security (WEIS) (pp. 1-37).