Professional Documents
Culture Documents
Student’s Name
Institutional Affiliation
IT 2
Contents
Introduction.................................................................................................................................................3
Historical Reference point of Cyber Security...............................................................................................3
1960’s Era of Credential Protection.............................................................................................................4
1980’s Internet Boom and Start of Cyber Security Threats.........................................................................4
Clamping down the Cyber Security Threats.................................................................................................5
Increase in Cyber Security Threat at a Public Level.....................................................................................5
Critical Infrastructure Protection.................................................................................................................6
Infrastructure Sectors Comprising the Part of CIP.......................................................................................6
Importance of CIP........................................................................................................................................7
Challenges to the Framework of CIP............................................................................................................7
Cyber Intelligence and Conflict....................................................................................................................8
Understanding the Criticality of the Cyber Intelligence...............................................................................8
Cyber Intelligence and Conflict....................................................................................................................9
How Cyber Intelligence is going to be leading to resolve the Conflict.........................................................9
Legal Issues in the Cyber Security..............................................................................................................10
How to Mitigate Policy Challenges in Cyber Security................................................................................10
Other Pitfalls to Avoid...............................................................................................................................11
Future Threats in Cyber Security...............................................................................................................12
Increased Vulnerability of the Cloud Systems...........................................................................................12
AI Enhancement and Fuzzing.....................................................................................................................13
Machine Learning Infringement................................................................................................................13
Conclusion.................................................................................................................................................13
IT 3
Introduction
Cyber security is something that has become an important part of the organizational risk
management and information systems these days. As the number of cyber threats increasing, it
has become important for the business to make sure that it takes the necessary measures to make
sure that they take care of their information system infrastructure and develop adequate cyber
security measures so that they are able to mitigate the risks that are witnessed to their systems.
As the big data management has become an important part of the business processes, it has
become important for the business to make sure that they are aware of their responsibilities with
respect to the cyber security management. At a formal level, cyber security is defined as the
process through which an entity tends to protect its computers, servers and other IT infrastructure
from the external cyber security threats. The term has been used in different ways, and it
constitutes of the security management of the network, the applications and the software’s that
are used in the organization and end user data management. Cyber security is something that has
evolved considerably during the course of the last two decades, as legal issues have emerged
with respect to the data management and how mitigation of the future threats is supposed to be
done.
The steady rise of technology started with the advent of personal computers and how
computers become an integral part of the organization security management. With the advent of
internet and networking, there have always been people who have targeted the larger
organizations as well as the personal data of the users for various purposes. As the technology
IT 4
and processes have evolved, there has been change in the extent of the cyber threats as well
during last decade or so. Here it is going to be seen how cyber security protocols have evolved
and what are some of the major reference points in this regard.
If one has to pinpoint at the start of the cyber security management, then the major
starting point has to be the password and credential protection. The organizations had started to
use computer more extensively in 1960’s and as the usage increased, they prompted the users to
make sure that how they take care of their credentials. To make sure that it happens, multiple
layers of protection were being initiated with the intent of ensuring that data protection is going
It was at the start of 1980’s when the organizing started to use internet for the information
management purpose and one can argue that it was the starting point when cyber security started
to emerge as a major talking point amounts the individuals. With internet, there were new
methods and ways through which hackers and cyber criminals were able to access the users and
they started to adopt new approach to attach the private users and the organizations (Tarter,
2017). During the course of the late 1980’s, when the advent of networking initiated, there was a
major expansion and there was greater connectivity amongst government institutes, military
organizations and even governments as they started to use internet for their communication and
information management (Al-Sartawi, 2020). The early worm’s and viruses were quite harmless
in nature, as they just used to slow down the speed of the internet, but as more valuable data was
being stored on network servers, the cyber criminals started to become nefarious in their
activities and it was the same time period internet was readily available to public (Bada & Nurse,
IT 5
2019). The network security started to emerge as a major threat during the same time period and
the major stakeholders that were using internet had to make sure that they adopt security
measures with respect to how their network infiltration activities are going to be taken care off. It
was during the same time period when the firewalls and antiviruses were being used and these
security privileges were being provided to the masses to make sure that how they would take
care of their personal computer usage as well (Tarter, 2017). The advent of the firewall was a
major reference point was it made sure that how it was able to create some sort of a physical
structure that would make sure that how spreading of the files would be taken care off within the
As the data and the information became more sensitive, there was a realization that how
crucial it was to make sure that cyber security threats are being clamped down, and the
organization and governments made sure that how regulations are being developed in this regard.
Serious sentence were being implemented to the criminals that were infiltrating the system.
There was an advancement of the information security and there was evolution as well.
As the usage of internet started to become more mainstream, the threat of cybercrimes
started to become more serious. There were attacks on the major servers and organizations such
as NHS, Yahoo and thus there was a realization that users and the organizations are need to be
made more aware of the cyber security threats that are faced by them (Tarter, 2017). As the
hackers and criminals are also the critical infrastructure protection has become an integral part
for the individual as well as the organization wise users these days and how they tend to manage
The idea of CIP is about how the organization and individuals can make sure that they are
prepared with respect to mitigation of the serious incidents of cybercrime and how the critical
infrastructure of the organization can be saved from a serious threat (Tarter, 2017). It all started
when as per the Presidential Directive, a national program was being setup with the premise of
making sure that how the Critical Infrastructure Protection can be made sure at the end of the
organization (Valeriano & Maness, 2018). The same model was being implemented by some of
the other countries around the world, where the member countries that have signed the charter
are supposed to make sure that they integrate cybercrime laws within their national boundaries
CIP tends to define the organizational responsibilities for various sectors that must adhere
to these protocols. Some of the areas where it is being implemented are as followed.
Banking and Finance: The department of treasure is entrusted with the responsibility of
making sure that they develop the system for the protection of the information
management system.
country must make sure that they protect their municipal corporation infrastructure
Law Enforcement Agencies: It comprises of the intelligence agencies and other LEA’s
that are supposed to make sure that they adhere to the guidelines that are set by
Department of Justice and FBI to make sure that they maintain order when running their
The CIP protocols though are not limited to those areas though, as more or less all the
governmental departments and areas where public interests are involved must make sure that
Importance of CIP
The CIP started as something as a watchdog and was considered to be involved in more
of an advisory role, that has changed though with the passage of time, as they have become an
integral part of the systems where pubic interest is involved. One can find out many instances
when the areas of public interests are compromised when it comes to the way infrastructure
management is supposed to be carried out (Srinivas et al, 2019). One of the major impact the
presence of CIP has over the systems and networks that as compared to the past, when they used
to enjoy certain degree of freedom and autonomy with respect to their information systems, with
the adherence of the CIP guidelines, they are more less mandated to make sure that they tend to
There are many challenges that are faced when it comes to the creating an infrastructure
that constitutes all the elements of the cyber security that is likely to affect the business. One of
the major starting points is that how the national capability and the organizational resources
might vary from one state to the other and that might create challenges with respect to how the
scaling and cost efficiency is supposed to be done (Srinivas et al, 2019). The other challenge is
that how it is going to be made sure that the broader challenges that are faced at the cyber
security front are going to be managed when it comes to the implementation of these changes
As discussed, as the threats that are faced at the individual as well as the institutional
level are increasing, it is important to make sure that not only protection against the current
threats is being made possible, instead a more proactive approach is being developed that looks
at the possible threats that are going to be emerging in the future (Srinivas et al, 2019). The here
is to make sure that how strategy development is going to be made possible in the given era
when there is going to be more focus towards making sure that a more pro-active approach is
developed.
One of the common strategies when it comes to the cyber security strategy and
intelligence is to make sure that the trace of the activity is being found and effort is being made
to mitigate those threats. The starting point here is to make sure that how the digital trail of these
people is being followed and then how the consolidation effort is going to be done to make sure
that the mitigation of these threats would be made possible (Srinivas et al, 2019). Furthermore,
the other objective of the cyber intelligence is to make sure that how the level of awareness
amongst the common user is going to be increased as well as providing institutional insight to the
users so that they are more aware about the extent of the cyber threat and how it is going to be
managed at the first place (Srinivas et al, 2019). The other major aspect of the cyber intelligence
is that how the process of the digital transformation of the data is going to be carried out and how
methods of intelligence is going to be used to ensure that more broader strategy is developed in
this regard.
IT 9
The analysts have predicted that how data and information systems have become an
integral part of the security management and how they are different as to some of the conflicts
that are witnessed in the past. In some ways, the new age is going to be different from anything
that is witnessed in the past and has its own set of challenges. The LEA’s and the intelligence
have dubbed it as a 5th domain of the informational warfare (Srinivas et al, 2019). The possible
point of conflict is that how these threats are going to be mitigated as we intend to move forward
and what are some of the challenges that the businesses have to face with respect to the
management of that conflict (Dupuis, 2017). The biggest challenge in this regard is that how it is
going to be made sure that the force fitting of the cybercrime is going to be managed in the same
time period and how the organizational stakeholders are going to be managing the possible forms
of conflict in the given time period (Srinivas et al, 2019). The other challenge going forward is
going to be the classification of the cyber conflict with respect to the domain.
There are many features and quality initiatives that are needed to be taken when it comes
to the cyber initiative so that the interest of all the stakeholders can be taken care off. The
starting point is to make sure that the reporting mechanism that is witnessed at the moment is
needed to be corrected (Demirkan et al, 2020). Effort is needed to be made by the providers to
make sure that the team that is comprised from different disciplines need to work together in a
more coherent manner (Eling, 2018). Furthermore, the chief decision makers need to make sure
that they learn from the team that is working across different disciplines and a more integrated
approach towards decision making has to be developed at their end (Joinson & van Steen, 2018).
IT 10
Then there is a need to make sure that a legal framework is created with respect to the cyber
security issues.
One of the more important aspect is to make sure that a more flexible legal framework is
created that is flexible and takes into account the resource capability of all the stakeholders. One
redeeming quality of the Data Protection Act is that it emphasizes on ensuring that how data
security breaches are supposed to be controlled. It does not imply that all the cyber-attacks are
going to be stopped, because it is something of an impossible task (Demirkan et al, 2020). What
must be done is to make sure that there has to be some accountability with respect to the way
system information security protocols are going to be worked out (Priyadarshini, 2018). The
Data Protection Act that is needed to be implemented at the moment is such that it does not
reprimand the stakeholders in the case of the information security breach, and that process is
needed to be halted.
The starting point of the policy initiative is to make sure that the correct assessment of the
risk areas is being carried out. The policy must consider the factors that are discussed with
respect to how serious of damage is going to be occurred in the case when cyber security
breaches are going to be occurring. The policy making must keep this factor in mind that policy
management goes beyond the conventional measures of just implementing of implementing the
technical measures; instead there is a need to ensure that the scope of the cyber security is
needed to be defined (Al-Sartawi, 2020). For instance, people are the biggest risks within any
system are the end users who are utilizing that system (Demirkan et al, 2020). In that, the
awareness must be created that the people who are part of the system must be aware of the
IT 11
repercussions that they are going to be facing in event of any violation of cyber security
protocols (Tosh et al, 2017). The policy making at the moment is fixated with providing the
technical answer, but people management is one of the biggest issues and that is one area where
work is needed to be put together (Demirkan et al, 2020). One problem in this regard is that the
policies are made to be overly complicated, and this mistake can be avoided by making sure that
whatever the policies that are being made must be flexible and robust enough to ensure
allowance of all the stakeholders that are part of the system that exists within an organization.
The other issue that must be mitigated with respect to the policy making is that must be
made sure that the tick box compliance issues must be avoided as they are part of the overtly
simplistic approach with respect to the policy management (Kovács, 2018). Effort must be made
to make sure that the cyber security must be considered as an issue that is going to comprise of
all the stakeholders that are part of the organization, and it is not related with better management
of the security risks (Schatz et al, 2017). The whole system and organization needs to be made
accountable for any cyber security violations and that allowance must be created with respect to
the risk mitigation and management within an organization. (Carrapico & Barrinha, 2017) For
instance, there is increased emphasis on using the cloud computing solutions, and the common
perception is that it is going to provide a long term solution to the information management
issues that were faced by the organization at the given point of time (Demirkan et al, 2020). The
idea is to make sure that the legal obligations are needed to be shared and the processes are
needed to be defined (Demirkan et al, 2020). The other challenge is that as the internet and social
media revolution has brought increased onslaught of social media marketing and due to that
IT 12
massive usage, it is difficult to ensure that a middle ground can be reached with respect to
The severity of the cyber security threats has increased over the course of the past few
years. The data breaches in the areas such as healthcare, education and even crypto currency
means that there is a lot of vigilance and effort that is needed to be put together with respect to
making sure that future cyber security threats can be mitigated (Tosh et al, 2017). The fragile
connectivity system issues and the dependence on the cloud security systems means that
cybercriminals are going to be using ransom ware to damage the prospects of the security system
all around (Lee et al, 2019). Then the pace at which the technology is changing, it has created lot
of issues regarding how the conflicting demands are going to be met and how the compliance
with these long ranging issues is going to be made possible. Some of the future threats that are
The Oracle and KPMG security evaluation has showed that the cloud storage systems in
their current form and state are far from ideal, and there is lot of effort to be made to make sure
that these security threats are mitigated. The problem is that as the enterprises are using the
cloud systems for their advantage, it means that they have to make sure that they adopt their
business practices in accordance to the advance security protocols that are setup by these systems
(Kim, 2017). As more and more businesses and entities might be tempted to use cloud storage
services for their computing solutions, they might be an easy target for the cyber criminals
(Hasan et al, 2021). The large scale organizations like Amazon and Google might be using cloud
security systems to ensure that they look after their cloud security solutions, but for the smaller
IT 13
organizations, it might be a challenge when it comes to how they are going to be making sure
that they are going to be in the position to enhance their current cyber security interface.
Artificial intelligence is one of the more anticipated technological solutions that users are
going to be witnessing. The chances are that AI being integrated in the conventional operations
and systems, manufacturing and supply chain, not much thought and consideration has been put
with respect to how the security challenges that are posed by the AI (De Bruijn & Janssen,
2017). The hackers are going to be using adaptive malicious software’s to make sure that they
improve the prospects of the system, and at the same time (Hasan et al, 2021). AI fuzzing is also
going to be used. AI fuzzing is difficult to detect as it uses some of the more traditional fuzzing
techniques along with the other diagnostic tools to detect vulnerabilities in the system.
The hackers are going to be more aware about the machine learning models, and they are
likely to inject machine learning models and instructions to disrupt the system, Most of the
times, the way machine learning model tends to work are that they are being crowd sourced, or
even social media is being used for the same purpose (Eaton et al, 2019). The other modus of this
software is that they use the information that is generated from the user to create malicious
content that can compromise the security of the system and the network that they are using.
Conclusion
In the hindsight, it can be said that the cyber security has become an important element of
the information security system. If one looks at the history, it started with making sure that how
the end credentials of the user can be protected, but with the passage of time, there have been
some changes and with the extensive usage of information technology and internet, the cyber-
IT 14
attacks have increased. One of the challenges that are being faced is that the legal framework that
tends to administer the cyber security is not holding people accountable for the system breaches
that are made by them. The need of the hour is to make sure that a more integrated system could
be developed that could be more all-purpose. With the cloud computing and AI being used at an
Reference
Bada, M., & Nurse, J. R. (2019). Developing cybersecurity education and awareness
Security.
Carrapico, H., & Barrinha, A. (2017). The EU as a coherent (cyber) security actor?. JCMS:
De Bruijn, H., & Janssen, M. (2017). Building cybersecurity awareness: The need for evidence-
Deka, L., Khan, S. M., Chowdhury, M., & Ayres, N. (2018). Transportation cyber-physical
Demirkan, S., Demirkan, I., & McKee, A. (2020). Blockchain technology in the future of
Dupuis, M. J. (2017). Cyber security for everyone: An introductory course for non-technical
Eaton, T. V., Grenier, J. H., & Layman, D. (2019). Accounting and cybersecurity risk
Eling, M. (2018). Cyber risk and cyber risk insurance: Status quo and future research.
IT 16
Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness
Applications, 58, 102726.
Joinson, A., & van Steen, T. (2018). Human aspects of cyber security: Behaviour or culture
Security, 2017(7), 8-11.
Kovács, L. (2018). Cyber security policy and strategy in the European Union and NATO. Land
Lee, J., Kim, J., & Seo, J. (2019, January). Cyber attack scenarios on smart city and their ripple
Priyadarshini, I. (2018). Cyber security risks in robotics. In Cyber security and threats: concepts,
Schatz, D., Bashroush, R., & Wall, J. (2017). Towards a more representative definition of cyber
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security:
178-188.
Tosh, D. K., Shetty, S., Sengupta, S., Kesan, J. P., & Kamhoua, C. A. (2017, May). Risk
Valeriano, B., & Maness, R. C. (2018). International relations theory and cyber security. The