SlideShare a Scribd company logo

Running head cyber security competition framework cyber securi

Download as DOCX, PDF
D
DIPESH30

This document proposes a cyber security competition framework using action research. It discusses action research methodology, which involves planning, taking action, observing results, and reflecting to improve solutions in iterative cycles. The framework aims to address cyber threats by protecting vital business assets and data, rather than just technological vulnerabilities. It will reorient security from devices/locations to roles and data, and introduce approaches to manage evolving business needs and threats. Implementing the cyber competition program through action research ensures the solutions framework continually improves after each research cycle.

Education
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Running head: Cyber Security Competition Framework Cyber Security Competition Framework 2 Cyber Security Competition Framework Divya Valaboju IST 8101- Field Experience/Internship Billy Machage 9/18/2016 Contents Cyber Security Competition Framework 3 Methodology 5 Action Research 5 History of Action Research 5 The steps that have been suggested for action research include: 7 The planning phase 7 The action phase 7 The observation phase 7 The reflection phase 7 References 9 Cyber Security Competition Framework Innovation is the main issue that drives economic growth as well as job creation. Cyber security encompasses the protection of an organization’s intellectual property as well as business information that is in digital form of different types of abuse
and misuse, which is a growing management issue. The desire to protect intellectual property through trademarks, patents as well as copyrights is vital to the objective of ensuring that an organization can pursue innovation. Thus the ability by an organization top protects their information technology platform from the diverse security threats that could hamper their success is by implementing an effective cyber security competition platform (Andrijcic & Horowitz, 2006). The competition from other players in the industry is the main issue that leads to the increase in the threat of there being theft of an organization productivity base. Through the framework, it will be possible for an organization to possess risk-based compilation guidelines that are going to make it possible for them to identify, implement and consequently improve their cyber security practices (Tisdale, 2015). Although the framework does not introduce new concept or standards, it serves to leverage as well as integrate diverse cyber security practices that have been developed by the organization as the international standardization organization and the NIST. The framework refers to the compilation of the practices as the “CORE” which encompasses five continuous as well as concurrent functions (Von Solms & Van Niekerk, 2013). These promote the identification, protection, detection, response as well as recovery, which present a strategic view of an organization’s lifecycle in the management of their cyber security risk. The threat that is posed to business and their operations due to the diverse cyber security threats has seen an increase in the number as well as the form of attacks. The threats that these businesses are also facing change with issues as disgruntled employees releasing sensitive company information taking an organization’s intellectual property to the competitors as well as taking part in online fraud being on the increase. Other organizations have had to ensure that the losses they have suffered as a result of the cyber security threats and breach to their technology infrastructure do not become public (Tisdale,
2015). Other business organizations have been compelled to pay ransom to the cyber criminals as well as to get a description of the vulnerabilities that an attack has exposed. There is the general trend whereby value is migrating online, and that digital data is becoming increasingly pervasive. The implication of this drift is that institutions are experiencing more online attacks. There is also an increase in the number of people who are accessing the corporate networks via mobile devices they use in their personal lives which increase cyber security threats. The plan, in this case, is to implement a cyber security competition framework that addresses all the threats that an organization faces. There will be the implementation of a framework to be addressed at the most senior levels of the organization. Addressing these threats will revolve around the protection of the organization’s most vital business assets instead of merely focusing on the technological vulnerabilities as the use of the multilayer programs for the classification of corporate data (Andrijcic & Horowitz, 2006). Further, a framework will be targeted at the protection of an organization’s data instead of on the perimeter through the reorientation of an organization’s security architecture from the devices as well as locations to roles and data. There will be an additional introduction of a paradigm that refreshes the cube security strategies employed by an organization and ensure that they deal with the fast-evolving business needs as well as threats. Methodology Action research encompasses the systematic collection of information whose core rationale is the contribution to social change. It entails the learning that is realized through doing, and in this assertion, a group of people identifies a certain problem within their setting or organization, implement strategies that are meant to resolve the problem. Further, the group that is involved in the implementation of the solution evaluates how successful their efforts have been and if they have not been satisfied, they try the implementation again. The
issues addressed above lead to the definition of action research, which is believed to revolve around the desire to contribute to practical concerns of the individuals in the problematic situation and at the same time promote the advancement of the goals of science (Stringer, 2007). It is thus clear that there is an element of dual commitment depicted in the use of action research in studying a system as well as collaborating with the members of that system to change the situation they find to be problematic. Action Research History of Action Research The origin of action research is connected with Kurt Lewin. Lewin proposed that action research falls under the classification of research that is needed for social practice and is best attributed as one meant to social management or engineering. The approach that is proposed by Lewin is that of steps, with each step encompassing a circle of planning, action along with fact findings concerning the implication of the action. In the mid-1940s, Lewin developed a theory of action research, saying that it is a proceeding spiral of steps, with each of the steps encompassing the planning, action as well as evaluation of the result of the action (Collis & Hussey, 2003). According to Lewin, the initial step of action research encompasses the careful assessment of the idea in light of the available means. If there is the success in this planning period, there is the emergence of two items that encompass the overall plan on how to realize the objective and the second attribute being the decision relating to the first step. In the 1960s, action research faced a decline in its effectiveness owing to the association that it had with radical political activism. There was the development of doubts relating to the rigor of AR as well as the training that had been acquired by the individuals using it (Brydon-Miller, Greenwood & Maguire, 2003). It, however, is evident that AR has attained considerable foothold within the areas of community-based as well as participatory AR as well as a type of practice that is oriented towards the improvement of the educative encounters. Action research has a wide assortment of uses in the scientific
field mainly about the advancements that promote the realization of the diverse objectives stipulated in the scientific study. In this assessment, AR is vital to the development of reflective scientific practitioners who are instrumental to the progress of the scientific field, when individual scientists commit themselves to fostering continuous growth and development of the scientific field (Collis & Hussey, 2003). When each of the research is assessed through the empirical investigation into the issues that are causing, the challenges realized in the field and helped in the development of solutions. Further, the use of action research in the scientific investigations aids in the development of a professional culture that promotes their focus in mapping out the solution to the challenges in the field. It follows that the fact that all scientist are committed to realizing the same objective contributes to the sharing of a similar vision of a culture of commitment to coming with solutions to the IT challenges. The steps that have been suggested for action research include:The planning phase The initial AR phase is the planning and encompasses the assessment of the solution and implementing a plan of how the main issues identified are going to be resolved. The main issue in this phase is the development of a plan and procedures that are going to be included in developing the solution.The action phase The second phase of AR is the action phase and will revolve around the introduction of the procedures and solutions that have been established in the planning phase. The action shall include the methodical execution of all the steps as enumerated in the planning phase.The observation phase The third AR phase is the observation phase and includes the evaluation of the execution of the solutions and procedures. The main reason behind this phase is the assessment of whether the solutions that are being implemented are addressed the issue under focus and making the necessary changes.The reflection phase The last phase of AR is a reflection of what was successful in
the execution of the solution and what was not successful. There additionally is the assessment of the elements that could be improved during the subsequent execution to ensure that the solutions are successful. Diagram 1: Action research cycle source (Collis & Hussey, 2003). The implementation of the cyber security competition program through the employment of action research offers the assurance that the solutions framework is going to be a success as it will be a product of iterative research, ensuring that solutions are better after every cycle. References Andrijcic, E., & Horowitz, B. (2006). A Macro‐ Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property. Risk Analysis, 26(4), 907- 923. Brydon-Miller, M., Greenwood, D., & Maguire, P. (2003). Why action research?. Action research, 1(1), 9-28. Collis, J. & Hussey, R. (2003). “Business Research. A Practical Guide for Undergraduate and Graduate Students” 2nd edition, Palgrave Macmillan Stringer, E. T. (2007). Action Research: A handbook for practitioners 3e, Newbury Park, ca.: Sage. 304 pages. Sets community-based action research in context and develops a model. Chapters on information gathering, interpretation, resolving issues; legitimacy etc. See, also Stringer’s (2003) Action Research in Education, Prentice Hall. Tisdale, S. M. (2015). Cybersecurity: Challenges From A Systems, Complexity, Knowledge Management And Business Intelligence Perspective. Issues in Information Systems, 16(3). Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Running head: CYBER SECURITY FRAMEWORK CYBER SECURITY FRAMEWORK 11 Literature Review Cyber Security Framework Action Research Course Code: Name: Table of contents Literarure review4 Proposal 8 References 11 List of Figures Figure 1: 10 steps to cyber security 7 Figure 2: Cyber security 8 Figure 2: Visual representation 10
LITERATURE REVIEW The ICTs have been observed to evolve rapidly and their usages also expanding rapidly. Currently, the internet and mobile services have become embedded in the people’s daily lives all over the world (th ITU Global Symposium for Regulators, 2009). While this is the case, it has also emerged that that the risks in the ICTs have also evolved and increased in both magnitude and complexity, and this has become a key headaches for the ICT administrators in the various organizations. It is a fact that the organizations cannot do away with the information communication technologies because of the many benefits that are derived from these, and the only option is to focus more on improving the security of the systems. The issue of cyber security is not new, and it has attracted heated debates from various stakeholders and governments. Cybercrime and cyber terrorism are a major threats not only to the organizations, but also to governments (Daya, 2008). So, what is being done about this situation? There are various definitions of the term cyber security. In some cases, there are various concepts that are used together or in place of the term cyber security, for example, Critical
Information Infrastructure Protection (CIIP). Other related concepts include critical infrastructure, critical information infrastructure, and non-critical infrastructure. The definition differs from country to country. A simple definition of the concept of cyber security is the protection of the information and the systems that the organizations or governments rely on every day (State of Alabama IS Division, n.d.). Other definitions offered by Fischer (Fischer, 2016) include the following: · The set of activities, as well as measures aimed at protecting – from disruption, attacks, and other threats – computer networks, computers, hardware and software components, and the information they contain and communicate among other components of cyberspace. · The state of being protected from the threats mentioned above. · The broader discipline of implementing and implementing the activities mentioned above. There are also concepts that are often mistaken to be the same as cyber security, and these include information sharing, privacy, intelligence gathering, and surveillance. Another concept often related, but not identical, to the concept of cyber security is information security. This concept is defined under federal law (44 U.S.C § 3552(b)(3)) as: “Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide- truction, and includes ensuring information nonrepudiation and authenticity; (B) Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and (C) Availability, which means ensuring timely and reliable access to and use of information. It is a fact that the incidences cyber security attacks are on the increase, as Balasubramanian (n.d.) gives several examples of the recent cyber-attacks that have been executed successfully
and caused huge losses to the victim organizations. Among them include the case of European financial Services Company that lost $ 7 billion (Balasubramanian, n.d.). Among the most common threats to the cyber security include the following (Zaharia, 2016): · Cyber criminals – these are the greatest threat to the cyber security who hack and access organizations’ finances and loots them. The FBI have a list of 19 individuals each of whom has caused consumer losses ranging from $ 350 000 to $ 100 million. · Computer viruses – currently, the most expensive virus is called MyDoom, and this has caused financial damages amounting to $ 38.5 billion. This was first spotted in 2004, and has since become the fastest-spreading email worm in history. · Social media – the social media has become the hackers’ new target. The various cyber-attacks targeted at the social media include like-jacking, link-jacking, phishing and social spam. · Human error – all humans do make mistakes, and human error has also been established as a key cyber security threat. Statistics gathered by IBM have established that about 95 % of the security incidents can be attributed to the human error (Howarth, 2014). · Computers’ vulnerability to exploit kits. · Inside jobs · Social engineering · Government-created malware Figure 1: 10 steps to cyber security (adapted from https://www.gov.uk/government/publications/cyber-risk- management-a-board-level-responsibility/10-steps-summary) Cyber security is basically the responsibility of each and every person in the society (Crucial Research, 2014). This is because the threats affect the entire society, and this is has been evidenced by the various incidences of personal accounts hacked and funds stolen. Cyber security is very important for
various reasons, among these being the fears that the threats endanger the global economy (Gabel, 2015). Proposal The purpose of this action research is to implement a cyber - security framework untended for protecting the organizations information infrastructure and systems. Being an action research, the researcher will involve various groups of people including organizational executives and government officials, as well as IT experts in order to accomplish this implementation. The action research will highly rely on the input from the various stakeholders and also acceptance by the government and the organizations. Figure 2: Cyber security (adapted from https://www.cesg.gov.uk/articles/infographics-cesg) The action research will have four iterations, and these are as discussed in the paragraphs that follow. Iteration 1: Understanding cyber security. The first iteration will involve gaining more insight into the concept of cyber security and the various measures already taken to improve the cyber security situation. The iteration will also establish the current trends in the cyber security in order to fully define the problem and design the cyber security framework. Iteration 2: Design the cyber security framework. The second iteration will entail designing the cyber security framework, keeping in mind that here are existing frameworks that still have failed to offer the ultimate cyber security. Iteration 3: Implementing the cyber security framework. The third iteration involves the implementation of the cyber security framework that has been designed previously. The implementation will be done taking into account the fact that each organization of government has different cyber security needs. Issues of customization will also be addressed during the third iteration. Iteration 3: Monitoring. The last iteration will entail monitoring
the implementation process and taking the relevant corrective actions. Changes and modifications will also be done to the initial implementation plan in order to cover for the deviations from the plans. Iteration flow diagram The diagram below illustrates the iteration flows of this action research. Iteration 1: Understanding cyber security Reflect Observe Act Plan Iteration 2: Designing cyber security framework Reflect Observe Act Plan Iteration 3: Implementing cyber security framework Reflect Observe
Act Plan Reflect Observe Act Plan Iteration 4: Monitoring Figure 3: Iteration Flow Diagram Each of the above iteration will have four phases – plan, act, observe, and reflect. The planning phase involves laying out the course of action for the iteration among other things. The action phase entails actual undertaking the various activities for the iteration. Observe phase will entail taking note of the happenings of the iteration, while the reflection phase intends to explain various things that happen within the iteration. References Balasubramanian, V. (n.d.). Combating Cyber Security Threats. Threat, Threat Everywhere; Cyber-Criminals on the Prowl, 1- 10. Retrieved from https://download.manageengine.com/products/passwordmanager pro/combating-cyber-security-threats.pdf Crucial Research. (2014). People’s Role in Cyber Security: Academics’ Perspective. Crucial Research, 1-8. Retrieved from
https://www.crucial.com.au/pdf/Peoples_Role_in_Cyber_Securit y.pdf Daya, B. (2008). Network Security: History, Importance, and Future. 1-33. Retrieved from http://web.mit.edu/~bdaya/www/Network%20Security.pdf Fischer, E. (2016). Cybersecurity Issues and Challenges: In Brief. Congressional Research Service, 1-12. Gabel, D. (2015, July 01). Cyber risk: Why cyber security is important. Retrieved from Whitecase.com: http://www.whitecase.com/publications/insight/cyber-risk-why- cyber-security-important Howarth, F. (2014, Sept 2). The Role of Human Error in Successful Security Attacks. Retrieved from Securityintelligence.com: https://securityintelligence.com/the- role-of-human-error-in-successful-security-attacks/ State of Alabama IS Division. (n.d.). Cyber Security is our Shared Responsibility. 1-2. Retrieved from http://cybersecurity.alabama.gov/Documents/security/WhyCyber SecurityisImportant.pdf th ITU Global Symposium for Regulators. (2009). Cybersecurity: The Role and Responsibilities of an Effective Regulator. Draft Background Paper, 1-40. Zaharia, A. (2016, May 12). 10 Alarming Cyber Security Facts that Threaten Your Data [Updated]. Retrieved from Heimdalsecurity.com: https://heimdalsecurity.com/blog/10- surprising-cyber-security-facts-that-may-affect-your-online- safety/ Running head: CYBER SECURITY CYBER SECURITY 6 Iteration 1: Understanding Cyber security Cyber Security Framework Action Research
Course Code: Name: Table of contents Plan3 Act 4 Observe 5 Reflect 5 Iteration 1: Understanding cyber security Plan. Planning is a crucial activity in the research process, as it entails the preliminaries to the research activities. In action research, planning is an action conducted at every iteration, and this is because each iteration is a set of activities distinct from other iteration. There are a good number of activities that the researcher needs to undertake before undertaking the actual events of the action research. The anticipated tasks, their outcomes and resources needed, as well as people involved are as discussed below: i. Researching the topic of cyber security. The first task to be undertaken will be to conduct some research on the topic of
cyber security with an intention of offering an insight or understanding of the topic. The resources to be used include computer, the internet, books and stationery. Pertaining to the people involved, that will involve myself alone. The activity is expected to take two days. The result of this activity will be gathering information of what cyber security is. ii. The second activity is to conduct some analysis of the information or data collected. The analysis will use some resources that include stationery and computer. Once again, only I will be involved in this activity. The analysis will be done with the aim of extracting the relevant content pertaining to explaining the concept of cyber security and related concepts. iii. Lastly, preparing a brief report pertaining to the entire endeavour and lessons and outcomes obtained will follow. After all information has been made clear, a report will then be presented. The expected outcome of this activity is a well written report outlining all that was done and the outcomes of the various actions. Act. Planning comes before the actual action can be taken. In action research, every iteration has an action phase where the researcher undertakes to follow the guideline or plan developed previously to achieve the goals and outcomes predetermined in the planning phase. Among the activities that I conducted herein include researching on the concept of cyber security. Researching this concept made me to seek information from various sources, the key among them being books and academic papers. These were among the resources allocated during the planning phase. Other resources or sources of information include databases and website or the internet. The main aim of the iteration is to give a clear overview of the concept and also related concepts. As such, I used various strategies during the research process, and this included use of keywords when searching for the specific contend from the internet. Another activity I undertook was recording the data obtained from these sources. Data recording was simply in the form of
notes taken during the research. This was followed by data analysis where the researcher used content analysis to obtain the information from the various sources. Any content relating to the cyber security and related concepts was extracted from these sources. Lastly, I undertook to define and offer some more information pertaining to cyber security. Being the final activity in this iteration phase, I discussed various aspects of the cyber security concept and related this information to the main theme of the action research – that is, designing and implementing a cyber-security framework. This phase ushered in the next phase in this iteration where the lessons derived from this phase and the planning phase are highlighted and explanations offered where necessary. Observe. The third phase of each iteration is the observation phase. The observation phase of an action research simply entails the analysis of the situations of the iteration in question. In other words, the researcher undertakes to extract some lessons from the previous iterations. Each action in the iterations is expected to bear some to bear some outcomes as had been predetermined during the planning phase. This is why the researcher, in the observation phase, takes note of all that went on in the iteration. The first iteration was a rigorous with so much to observe. The researcher observed that there was adequate literature pertaining to the issue of cyber security. Researchers and practitioners have extensively documented the various issues regarding the topic and this only meant that the researcher could easily access data and gain an understanding of the cyber security. Secondly, there are several models of the cyber security framework that have been designed previously to address cyber security threats. This is an indication that the researcher would only be replicating the previous models only that the framework to be designed and implemented would be customized. This is because the researcher understands the problem at hand and develops a solution to the specific
problem, rather than a general solution to general problems. The previous models be used not only as reference points, but also as controls to ensure the researcher designs and develops a viable solution. Lastly, there are several concepts closely related to the cyber security concept that would require to be clarified in order to draw clear lines between them. There are chances that these concepts would be confused with the concept under investigation. Reflect. The final phase of each of the iterations is the reflection phase, whereby the researcher ponders the happenings of the iteration and establishing the relationships between the various phenomena. This is a careful analysis of the happenings of the iteration determining why things happened as they did and what effect they had on the outcome or other things. This is where the researcher makes various judgments pertaining to various issues. Entirely, the iteration can be said to have been a success, and this is because the desired outcome was obtained after a careful performance of the various goal-oriented activities. Even though it is a wide concept that could take many days and a lot of resources to cover fully, he researcher was able to gain an understanding of the concept with the resources and timeframes allocated for this iteration. The planning went on well, and this is the major reason for the iteration success. Some things may not have gone too well, and this includes a comprehensive discussion of the concept and related concepts. This did not happen owing to the fact that the resources and time needed for that would have been too much. This is also a process that could be improved. Among the challenges included time and resources, as their limitation also caused a limitation of the scope of the iteration. Given adequate time and resources, a comprehensive review of the topic would have been possible, and this could have implied a better framework could be developed. This is also a risk factor in that the shallow discussions exposes the researcher to the risk
of developing an inferior framework that would not overcome the problems it is intended to.

More Related Content

DOCX
Running head finding employment as a java developer
DIPESH30
 
DOCX
P o l i t i c a l c s r d o e s d e m o c r a t i c t h
DIPESH30
 
DOCX
College of computing and informatics case study phase 1
AMMY30
 
PDF
Employee performance appraisal system
ijcsit
 
PDF
System Adoption: Socio-Technical Integration
The International Journal of Business Management and Technology
 
PDF
A0330107
iosrjournals
 
DOCX
Emotional Intelligence Capabilitlies and PM
kaywakeham
 
PDF
EMPIRICAL STUDY OF THE EVOLUTION OF AGILE-DEVELOPED SOFTWARE SYSTEM IN JORDAN...
ijbiss
 
Running head finding employment as a java developer
DIPESH30
 
P o l i t i c a l c s r d o e s d e m o c r a t i c t h
DIPESH30
 
College of computing and informatics case study phase 1
AMMY30
 
Employee performance appraisal system
ijcsit
 
System Adoption: Socio-Technical Integration
The International Journal of Business Management and Technology
 
A0330107
iosrjournals
 
Emotional Intelligence Capabilitlies and PM
kaywakeham
 
EMPIRICAL STUDY OF THE EVOLUTION OF AGILE-DEVELOPED SOFTWARE SYSTEM IN JORDAN...
ijbiss
 

What's hot (19)

DOCX
Senior ipt term4_casestudy
hccit
 
PPT
The overlaps between Action Research and Design Research
Sandeep Purao
 
PPTX
Information Systems Action design research method
Raimo Halinen
 
PDF
An Overview of Relational Coordination - Suchman
Sociotechnical Roundtable
 
PDF
Promise 2011: "A Principled Evaluation of Ensembles of Learning Machines for ...
CS, NcState
 
PDF
Ph.D Public Viva Voce - PPT
Dr. M. Praveen Sandeep
 
PDF
Transitioning IT Projects to Operations Effectively in Public Sector : A Case...
ijmpict
 
PDF
Integrating goals after prioritization and
ijseajournal
 
PPTX
Euro symposium Action Design Research practise 19092019
Matti Rossi
 
PDF
Intro to o.r.
kharar
 
PDF
Analyzing the solutions of DEA through information visualization and data min...
ertekg
 
PDF
The Architecture of System for Predicting Student Performance based on the Da...
Thada Jantakoon
 
DOCX
Bsa 411 preview full class
fasthomeworkhelpdotcome
 
PDF
BRAND IMAGE, SERVICE QUALITY AND HOUSEHOLDER’S SATISFACTION AND LOYALTY TOWAR...
IAEME Publication
 
PPT
Where to Look for KM Success - Murray Jennex
SIKM
 
PDF
Assessing Information System Integration Using Combination of the Readiness a...
journalBEEI
 
PDF
12 9243 it analysis of virtual positions managemen (edit ty)
IAESIJEECS
 
PDF
IRJET - Student's Academic Performance Forecasting: Survey
IRJET Journal
 
PDF
Not Good Enough but Try Again! Mitigating the Impact of Rejections on New Con...
Aleksi Aaltonen
 
Senior ipt term4_casestudy
hccit
 
The overlaps between Action Research and Design Research
Sandeep Purao
 
Information Systems Action design research method
Raimo Halinen
 
An Overview of Relational Coordination - Suchman
Sociotechnical Roundtable
 
Promise 2011: "A Principled Evaluation of Ensembles of Learning Machines for ...
CS, NcState
 
Ph.D Public Viva Voce - PPT
Dr. M. Praveen Sandeep
 
Transitioning IT Projects to Operations Effectively in Public Sector : A Case...
ijmpict
 
Integrating goals after prioritization and
ijseajournal
 
Euro symposium Action Design Research practise 19092019
Matti Rossi
 
Intro to o.r.
kharar
 
Analyzing the solutions of DEA through information visualization and data min...
ertekg
 
The Architecture of System for Predicting Student Performance based on the Da...
Thada Jantakoon
 
Bsa 411 preview full class
fasthomeworkhelpdotcome
 
BRAND IMAGE, SERVICE QUALITY AND HOUSEHOLDER’S SATISFACTION AND LOYALTY TOWAR...
IAEME Publication
 
Where to Look for KM Success - Murray Jennex
SIKM
 
Assessing Information System Integration Using Combination of the Readiness a...
journalBEEI
 
12 9243 it analysis of virtual positions managemen (edit ty)
IAESIJEECS
 
IRJET - Student's Academic Performance Forecasting: Survey
IRJET Journal
 
Not Good Enough but Try Again! Mitigating the Impact of Rejections on New Con...
Aleksi Aaltonen
 
Ad

Similar to Running head cyber security competition framework cyber securi (20)

PDF
Introduction to cyber security by cyber security infotech (csi)
Cyber Security Infotech
 
PDF
Mobilization +
Integrated Knowledge Services
 
PPTX
Action research
mishasirohi
 
DOCX
Information Assurance Framework for Web Services .docx
jaggernaoma
 
PDF
Action Research A Remedy To Overcome The Gap Between Theory And Practice
Angie Miller
 
DOCX
PAGE 52What is Action ResearchViaA review of the Literat.docx
gerardkortney
 
PPTX
Cet7034 unit 2
Simpson Debbie
 
PPTX
8 - PPT - Action Research - PhD R4 Qualitative Track.pptx
yvettelopez21
 
DOCX
Running head INTERNSHIP AT SICL AMERICA AS A BUSINESS ANALYST1.docx
cowinhelen
 
PPTX
Action research a study power point slides
AleehaIlyas1
 
PDF
Action research&organizationdevelopment (1)
Muhammad Mustafa
 
DOCX
(Unit 1&2) ReadingThe Action Research Dissertation A Guide for .docx
mercysuttle
 
PDF
Why Traditional Security has Failed
Steven_Jackson
 
PDF
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
David Sweigert
 
DOCX
IntroductionJava EE is a standard, robust, adaptable, and secure p.docx
normanibarber20063
 
PDF
Action Research - David Avison
guestc990b6
 
PDF
02c2
eximiusresearch
 
PPT
Ngs Hsm 700bl Module 4 01062009
Peter Stinson
 
DOCX
Discussion Questions The difficulty in predicting the future is .docx
duketjoy27252
 
PDF
resarch nnnffffffffffffffffffffffffffffffffffffffffff
singhparmparkash12
 
Introduction to cyber security by cyber security infotech (csi)
Cyber Security Infotech
 
Mobilization +
Integrated Knowledge Services
 
Action research
mishasirohi
 
Information Assurance Framework for Web Services .docx
jaggernaoma
 
Action Research A Remedy To Overcome The Gap Between Theory And Practice
Angie Miller
 
PAGE 52What is Action ResearchViaA review of the Literat.docx
gerardkortney
 
Cet7034 unit 2
Simpson Debbie
 
8 - PPT - Action Research - PhD R4 Qualitative Track.pptx
yvettelopez21
 
Running head INTERNSHIP AT SICL AMERICA AS A BUSINESS ANALYST1.docx
cowinhelen
 
Action research a study power point slides
AleehaIlyas1
 
Action research&organizationdevelopment (1)
Muhammad Mustafa
 
(Unit 1&2) ReadingThe Action Research Dissertation A Guide for .docx
mercysuttle
 
Why Traditional Security has Failed
Steven_Jackson
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
David Sweigert
 
IntroductionJava EE is a standard, robust, adaptable, and secure p.docx
normanibarber20063
 
Action Research - David Avison
guestc990b6
 
02c2
eximiusresearch
 
Ngs Hsm 700bl Module 4 01062009
Peter Stinson
 
Discussion Questions The difficulty in predicting the future is .docx
duketjoy27252
 
resarch nnnffffffffffffffffffffffffffffffffffffffffff
singhparmparkash12
 
Ad

More from DIPESH30 (20)

DOCX
please write a short essay to address the following questions. Lengt.docx
DIPESH30
 
DOCX
please write a diary entry from the perspective of a French Revoluti.docx
DIPESH30
 
DOCX
Please write the definition for these words and provide .docx
DIPESH30
 
DOCX
Please view the filmThomas A. Edison Father of Invention, A .docx
DIPESH30
 
DOCX
Please watch the clip from the movie The Break Up.  Then reflect w.docx
DIPESH30
 
DOCX
please write a report on Social Media and ERP SystemReport should.docx
DIPESH30
 
DOCX
Please write 200 wordsHow has the healthcare delivery system chang.docx
DIPESH30
 
DOCX
Please view the documentary on Typhoid Mary at httpswww..docx
DIPESH30
 
DOCX
Please use the two attachments posted to complete work.  Detailed in.docx
DIPESH30
 
DOCX
Please use the sources in the outline (see photos)The research.docx
DIPESH30
 
DOCX
Please submit a minimum of five (5) detailed and discussion-provokin.docx
DIPESH30
 
DOCX
Please think about the various learning activities you engaged in du.docx
DIPESH30
 
DOCX
Please type out the question and answer it underneath. Each question.docx
DIPESH30
 
DOCX
Please use the following technique-Outline the legal issues t.docx
DIPESH30
 
DOCX
Please use from these stratagies This homework will be to copyies .docx
DIPESH30
 
DOCX
PLEASE THOROUGHLY ANSWER THE FOLLOWING FIVE QUESTIONS BELOW IN.docx
DIPESH30
 
DOCX
Please share your thoughts about how well your employer, military .docx
DIPESH30
 
DOCX
Please select and answer one of the following topics in a well-org.docx
DIPESH30
 
DOCX
Please see the attachment for the actual work that is require.  This.docx
DIPESH30
 
DOCX
Please see the attachment and look over the LOOK HERE FIRST file b.docx
DIPESH30
 
please write a short essay to address the following questions. Lengt.docx
DIPESH30
 
please write a diary entry from the perspective of a French Revoluti.docx
DIPESH30
 
Please write the definition for these words and provide .docx
DIPESH30
 
Please view the filmThomas A. Edison Father of Invention, A .docx
DIPESH30
 
Please watch the clip from the movie The Break Up.  Then reflect w.docx
DIPESH30
 
please write a report on Social Media and ERP SystemReport should.docx
DIPESH30
 
Please write 200 wordsHow has the healthcare delivery system chang.docx
DIPESH30
 
Please view the documentary on Typhoid Mary at httpswww..docx
DIPESH30
 
Please use the two attachments posted to complete work.  Detailed in.docx
DIPESH30
 
Please use the sources in the outline (see photos)The research.docx
DIPESH30
 
Please submit a minimum of five (5) detailed and discussion-provokin.docx
DIPESH30
 
Please think about the various learning activities you engaged in du.docx
DIPESH30
 
Please type out the question and answer it underneath. Each question.docx
DIPESH30
 
Please use the following technique-Outline the legal issues t.docx
DIPESH30
 
Please use from these stratagies This homework will be to copyies .docx
DIPESH30
 
PLEASE THOROUGHLY ANSWER THE FOLLOWING FIVE QUESTIONS BELOW IN.docx
DIPESH30
 
Please share your thoughts about how well your employer, military .docx
DIPESH30
 
Please select and answer one of the following topics in a well-org.docx
DIPESH30
 
Please see the attachment for the actual work that is require.  This.docx
DIPESH30
 
Please see the attachment and look over the LOOK HERE FIRST file b.docx
DIPESH30
 

Recently uploaded (20)

PDF
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
PPTX
20th Century Theater, Methods, History.pptx
cpadilla9
 
PDF
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
PDF
FOISHS ANNUAL IMPLEMENTATION PLAN 2025.pdf
EllenJoyCaniya2
 
PDF
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
PDF
medical_surgical_nursing_10th_edition_ignatavicius_TEST_BANK_pdf.pdf
victor kamau
 
PDF
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
PDF
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
PDF
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
PPTX
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
PPTX
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
PDF
FORM 1 BIOLOGY MIND MAPS and their schemes
arcade5
 
PDF
advance database management system book.pdf
hinamannan364
 
PDF
احياء السادس العلمي - الفصل الثالث (التكاثر) منهج متميزين/كلية بغداد/موهوبين
S LS
 
PDF
HVAC Specification 2024 according to central public works department
amitrobanipl
 
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
20th Century Theater, Methods, History.pptx
cpadilla9
 
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
FOISHS ANNUAL IMPLEMENTATION PLAN 2025.pdf
EllenJoyCaniya2
 
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
medical_surgical_nursing_10th_edition_ignatavicius_TEST_BANK_pdf.pdf
victor kamau
 
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
Trump Administration's workforce development strategy
Mebane Rash
 
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
FORM 1 BIOLOGY MIND MAPS and their schemes
arcade5
 
advance database management system book.pdf
hinamannan364
 
احياء السادس العلمي - الفصل الثالث (التكاثر) منهج متميزين/كلية بغداد/موهوبين
S LS
 
HVAC Specification 2024 according to central public works department
amitrobanipl
 

Running head cyber security competition framework cyber securi

  • 1. Running head: Cyber Security Competition Framework Cyber Security Competition Framework 2 Cyber Security Competition Framework Divya Valaboju IST 8101- Field Experience/Internship Billy Machage 9/18/2016 Contents Cyber Security Competition Framework 3 Methodology 5 Action Research 5 History of Action Research 5 The steps that have been suggested for action research include: 7 The planning phase 7 The action phase 7 The observation phase 7 The reflection phase 7 References 9 Cyber Security Competition Framework Innovation is the main issue that drives economic growth as well as job creation. Cyber security encompasses the protection of an organization’s intellectual property as well as business information that is in digital form of different types of abuse
  • 2. and misuse, which is a growing management issue. The desire to protect intellectual property through trademarks, patents as well as copyrights is vital to the objective of ensuring that an organization can pursue innovation. Thus the ability by an organization top protects their information technology platform from the diverse security threats that could hamper their success is by implementing an effective cyber security competition platform (Andrijcic & Horowitz, 2006). The competition from other players in the industry is the main issue that leads to the increase in the threat of there being theft of an organization productivity base. Through the framework, it will be possible for an organization to possess risk-based compilation guidelines that are going to make it possible for them to identify, implement and consequently improve their cyber security practices (Tisdale, 2015). Although the framework does not introduce new concept or standards, it serves to leverage as well as integrate diverse cyber security practices that have been developed by the organization as the international standardization organization and the NIST. The framework refers to the compilation of the practices as the “CORE” which encompasses five continuous as well as concurrent functions (Von Solms & Van Niekerk, 2013). These promote the identification, protection, detection, response as well as recovery, which present a strategic view of an organization’s lifecycle in the management of their cyber security risk. The threat that is posed to business and their operations due to the diverse cyber security threats has seen an increase in the number as well as the form of attacks. The threats that these businesses are also facing change with issues as disgruntled employees releasing sensitive company information taking an organization’s intellectual property to the competitors as well as taking part in online fraud being on the increase. Other organizations have had to ensure that the losses they have suffered as a result of the cyber security threats and breach to their technology infrastructure do not become public (Tisdale,
  • 3. 2015). Other business organizations have been compelled to pay ransom to the cyber criminals as well as to get a description of the vulnerabilities that an attack has exposed. There is the general trend whereby value is migrating online, and that digital data is becoming increasingly pervasive. The implication of this drift is that institutions are experiencing more online attacks. There is also an increase in the number of people who are accessing the corporate networks via mobile devices they use in their personal lives which increase cyber security threats. The plan, in this case, is to implement a cyber security competition framework that addresses all the threats that an organization faces. There will be the implementation of a framework to be addressed at the most senior levels of the organization. Addressing these threats will revolve around the protection of the organization’s most vital business assets instead of merely focusing on the technological vulnerabilities as the use of the multilayer programs for the classification of corporate data (Andrijcic & Horowitz, 2006). Further, a framework will be targeted at the protection of an organization’s data instead of on the perimeter through the reorientation of an organization’s security architecture from the devices as well as locations to roles and data. There will be an additional introduction of a paradigm that refreshes the cube security strategies employed by an organization and ensure that they deal with the fast-evolving business needs as well as threats. Methodology Action research encompasses the systematic collection of information whose core rationale is the contribution to social change. It entails the learning that is realized through doing, and in this assertion, a group of people identifies a certain problem within their setting or organization, implement strategies that are meant to resolve the problem. Further, the group that is involved in the implementation of the solution evaluates how successful their efforts have been and if they have not been satisfied, they try the implementation again. The
  • 4. issues addressed above lead to the definition of action research, which is believed to revolve around the desire to contribute to practical concerns of the individuals in the problematic situation and at the same time promote the advancement of the goals of science (Stringer, 2007). It is thus clear that there is an element of dual commitment depicted in the use of action research in studying a system as well as collaborating with the members of that system to change the situation they find to be problematic. Action Research History of Action Research The origin of action research is connected with Kurt Lewin. Lewin proposed that action research falls under the classification of research that is needed for social practice and is best attributed as one meant to social management or engineering. The approach that is proposed by Lewin is that of steps, with each step encompassing a circle of planning, action along with fact findings concerning the implication of the action. In the mid-1940s, Lewin developed a theory of action research, saying that it is a proceeding spiral of steps, with each of the steps encompassing the planning, action as well as evaluation of the result of the action (Collis & Hussey, 2003). According to Lewin, the initial step of action research encompasses the careful assessment of the idea in light of the available means. If there is the success in this planning period, there is the emergence of two items that encompass the overall plan on how to realize the objective and the second attribute being the decision relating to the first step. In the 1960s, action research faced a decline in its effectiveness owing to the association that it had with radical political activism. There was the development of doubts relating to the rigor of AR as well as the training that had been acquired by the individuals using it (Brydon-Miller, Greenwood & Maguire, 2003). It, however, is evident that AR has attained considerable foothold within the areas of community-based as well as participatory AR as well as a type of practice that is oriented towards the improvement of the educative encounters. Action research has a wide assortment of uses in the scientific
  • 5. field mainly about the advancements that promote the realization of the diverse objectives stipulated in the scientific study. In this assessment, AR is vital to the development of reflective scientific practitioners who are instrumental to the progress of the scientific field, when individual scientists commit themselves to fostering continuous growth and development of the scientific field (Collis & Hussey, 2003). When each of the research is assessed through the empirical investigation into the issues that are causing, the challenges realized in the field and helped in the development of solutions. Further, the use of action research in the scientific investigations aids in the development of a professional culture that promotes their focus in mapping out the solution to the challenges in the field. It follows that the fact that all scientist are committed to realizing the same objective contributes to the sharing of a similar vision of a culture of commitment to coming with solutions to the IT challenges. The steps that have been suggested for action research include:The planning phase The initial AR phase is the planning and encompasses the assessment of the solution and implementing a plan of how the main issues identified are going to be resolved. The main issue in this phase is the development of a plan and procedures that are going to be included in developing the solution.The action phase The second phase of AR is the action phase and will revolve around the introduction of the procedures and solutions that have been established in the planning phase. The action shall include the methodical execution of all the steps as enumerated in the planning phase.The observation phase The third AR phase is the observation phase and includes the evaluation of the execution of the solutions and procedures. The main reason behind this phase is the assessment of whether the solutions that are being implemented are addressed the issue under focus and making the necessary changes.The reflection phase The last phase of AR is a reflection of what was successful in
  • 6. the execution of the solution and what was not successful. There additionally is the assessment of the elements that could be improved during the subsequent execution to ensure that the solutions are successful. Diagram 1: Action research cycle source (Collis & Hussey, 2003). The implementation of the cyber security competition program through the employment of action research offers the assurance that the solutions framework is going to be a success as it will be a product of iterative research, ensuring that solutions are better after every cycle. References Andrijcic, E., & Horowitz, B. (2006). A Macro‐ Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property. Risk Analysis, 26(4), 907- 923. Brydon-Miller, M., Greenwood, D., & Maguire, P. (2003). Why action research?. Action research, 1(1), 9-28. Collis, J. & Hussey, R. (2003). “Business Research. A Practical Guide for Undergraduate and Graduate Students” 2nd edition, Palgrave Macmillan Stringer, E. T. (2007). Action Research: A handbook for practitioners 3e, Newbury Park, ca.: Sage. 304 pages. Sets community-based action research in context and develops a model. Chapters on information gathering, interpretation, resolving issues; legitimacy etc. See, also Stringer’s (2003) Action Research in Education, Prentice Hall. Tisdale, S. M. (2015). Cybersecurity: Challenges From A Systems, Complexity, Knowledge Management And Business Intelligence Perspective. Issues in Information Systems, 16(3). Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
  • 7. Running head: CYBER SECURITY FRAMEWORK CYBER SECURITY FRAMEWORK 11 Literature Review Cyber Security Framework Action Research Course Code: Name: Table of contents Literarure review4 Proposal 8 References 11 List of Figures Figure 1: 10 steps to cyber security 7 Figure 2: Cyber security 8 Figure 2: Visual representation 10
  • 8. LITERATURE REVIEW The ICTs have been observed to evolve rapidly and their usages also expanding rapidly. Currently, the internet and mobile services have become embedded in the people’s daily lives all over the world (th ITU Global Symposium for Regulators, 2009). While this is the case, it has also emerged that that the risks in the ICTs have also evolved and increased in both magnitude and complexity, and this has become a key headaches for the ICT administrators in the various organizations. It is a fact that the organizations cannot do away with the information communication technologies because of the many benefits that are derived from these, and the only option is to focus more on improving the security of the systems. The issue of cyber security is not new, and it has attracted heated debates from various stakeholders and governments. Cybercrime and cyber terrorism are a major threats not only to the organizations, but also to governments (Daya, 2008). So, what is being done about this situation? There are various definitions of the term cyber security. In some cases, there are various concepts that are used together or in place of the term cyber security, for example, Critical
  • 9. Information Infrastructure Protection (CIIP). Other related concepts include critical infrastructure, critical information infrastructure, and non-critical infrastructure. The definition differs from country to country. A simple definition of the concept of cyber security is the protection of the information and the systems that the organizations or governments rely on every day (State of Alabama IS Division, n.d.). Other definitions offered by Fischer (Fischer, 2016) include the following: · The set of activities, as well as measures aimed at protecting – from disruption, attacks, and other threats – computer networks, computers, hardware and software components, and the information they contain and communicate among other components of cyberspace. · The state of being protected from the threats mentioned above. · The broader discipline of implementing and implementing the activities mentioned above. There are also concepts that are often mistaken to be the same as cyber security, and these include information sharing, privacy, intelligence gathering, and surveillance. Another concept often related, but not identical, to the concept of cyber security is information security. This concept is defined under federal law (44 U.S.C § 3552(b)(3)) as: “Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide- truction, and includes ensuring information nonrepudiation and authenticity; (B) Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and (C) Availability, which means ensuring timely and reliable access to and use of information. It is a fact that the incidences cyber security attacks are on the increase, as Balasubramanian (n.d.) gives several examples of the recent cyber-attacks that have been executed successfully
  • 10. and caused huge losses to the victim organizations. Among them include the case of European financial Services Company that lost $ 7 billion (Balasubramanian, n.d.). Among the most common threats to the cyber security include the following (Zaharia, 2016): · Cyber criminals – these are the greatest threat to the cyber security who hack and access organizations’ finances and loots them. The FBI have a list of 19 individuals each of whom has caused consumer losses ranging from $ 350 000 to $ 100 million. · Computer viruses – currently, the most expensive virus is called MyDoom, and this has caused financial damages amounting to $ 38.5 billion. This was first spotted in 2004, and has since become the fastest-spreading email worm in history. · Social media – the social media has become the hackers’ new target. The various cyber-attacks targeted at the social media include like-jacking, link-jacking, phishing and social spam. · Human error – all humans do make mistakes, and human error has also been established as a key cyber security threat. Statistics gathered by IBM have established that about 95 % of the security incidents can be attributed to the human error (Howarth, 2014). · Computers’ vulnerability to exploit kits. · Inside jobs · Social engineering · Government-created malware Figure 1: 10 steps to cyber security (adapted from https://www.gov.uk/government/publications/cyber-risk- management-a-board-level-responsibility/10-steps-summary) Cyber security is basically the responsibility of each and every person in the society (Crucial Research, 2014). This is because the threats affect the entire society, and this is has been evidenced by the various incidences of personal accounts hacked and funds stolen. Cyber security is very important for
  • 11. various reasons, among these being the fears that the threats endanger the global economy (Gabel, 2015). Proposal The purpose of this action research is to implement a cyber - security framework untended for protecting the organizations information infrastructure and systems. Being an action research, the researcher will involve various groups of people including organizational executives and government officials, as well as IT experts in order to accomplish this implementation. The action research will highly rely on the input from the various stakeholders and also acceptance by the government and the organizations. Figure 2: Cyber security (adapted from https://www.cesg.gov.uk/articles/infographics-cesg) The action research will have four iterations, and these are as discussed in the paragraphs that follow. Iteration 1: Understanding cyber security. The first iteration will involve gaining more insight into the concept of cyber security and the various measures already taken to improve the cyber security situation. The iteration will also establish the current trends in the cyber security in order to fully define the problem and design the cyber security framework. Iteration 2: Design the cyber security framework. The second iteration will entail designing the cyber security framework, keeping in mind that here are existing frameworks that still have failed to offer the ultimate cyber security. Iteration 3: Implementing the cyber security framework. The third iteration involves the implementation of the cyber security framework that has been designed previously. The implementation will be done taking into account the fact that each organization of government has different cyber security needs. Issues of customization will also be addressed during the third iteration. Iteration 3: Monitoring. The last iteration will entail monitoring
  • 12. the implementation process and taking the relevant corrective actions. Changes and modifications will also be done to the initial implementation plan in order to cover for the deviations from the plans. Iteration flow diagram The diagram below illustrates the iteration flows of this action research. Iteration 1: Understanding cyber security Reflect Observe Act Plan Iteration 2: Designing cyber security framework Reflect Observe Act Plan Iteration 3: Implementing cyber security framework Reflect Observe
  • 13. Act Plan Reflect Observe Act Plan Iteration 4: Monitoring Figure 3: Iteration Flow Diagram Each of the above iteration will have four phases – plan, act, observe, and reflect. The planning phase involves laying out the course of action for the iteration among other things. The action phase entails actual undertaking the various activities for the iteration. Observe phase will entail taking note of the happenings of the iteration, while the reflection phase intends to explain various things that happen within the iteration. References Balasubramanian, V. (n.d.). Combating Cyber Security Threats. Threat, Threat Everywhere; Cyber-Criminals on the Prowl, 1- 10. Retrieved from https://download.manageengine.com/products/passwordmanager pro/combating-cyber-security-threats.pdf Crucial Research. (2014). People’s Role in Cyber Security: Academics’ Perspective. Crucial Research, 1-8. Retrieved from
  • 14. https://www.crucial.com.au/pdf/Peoples_Role_in_Cyber_Securit y.pdf Daya, B. (2008). Network Security: History, Importance, and Future. 1-33. Retrieved from http://web.mit.edu/~bdaya/www/Network%20Security.pdf Fischer, E. (2016). Cybersecurity Issues and Challenges: In Brief. Congressional Research Service, 1-12. Gabel, D. (2015, July 01). Cyber risk: Why cyber security is important. Retrieved from Whitecase.com: http://www.whitecase.com/publications/insight/cyber-risk-why- cyber-security-important Howarth, F. (2014, Sept 2). The Role of Human Error in Successful Security Attacks. Retrieved from Securityintelligence.com: https://securityintelligence.com/the- role-of-human-error-in-successful-security-attacks/ State of Alabama IS Division. (n.d.). Cyber Security is our Shared Responsibility. 1-2. Retrieved from http://cybersecurity.alabama.gov/Documents/security/WhyCyber SecurityisImportant.pdf th ITU Global Symposium for Regulators. (2009). Cybersecurity: The Role and Responsibilities of an Effective Regulator. Draft Background Paper, 1-40. Zaharia, A. (2016, May 12). 10 Alarming Cyber Security Facts that Threaten Your Data [Updated]. Retrieved from Heimdalsecurity.com: https://heimdalsecurity.com/blog/10- surprising-cyber-security-facts-that-may-affect-your-online- safety/ Running head: CYBER SECURITY CYBER SECURITY 6 Iteration 1: Understanding Cyber security Cyber Security Framework Action Research
  • 15. Course Code: Name: Table of contents Plan3 Act 4 Observe 5 Reflect 5 Iteration 1: Understanding cyber security Plan. Planning is a crucial activity in the research process, as it entails the preliminaries to the research activities. In action research, planning is an action conducted at every iteration, and this is because each iteration is a set of activities distinct from other iteration. There are a good number of activities that the researcher needs to undertake before undertaking the actual events of the action research. The anticipated tasks, their outcomes and resources needed, as well as people involved are as discussed below: i. Researching the topic of cyber security. The first task to be undertaken will be to conduct some research on the topic of
  • 16. cyber security with an intention of offering an insight or understanding of the topic. The resources to be used include computer, the internet, books and stationery. Pertaining to the people involved, that will involve myself alone. The activity is expected to take two days. The result of this activity will be gathering information of what cyber security is. ii. The second activity is to conduct some analysis of the information or data collected. The analysis will use some resources that include stationery and computer. Once again, only I will be involved in this activity. The analysis will be done with the aim of extracting the relevant content pertaining to explaining the concept of cyber security and related concepts. iii. Lastly, preparing a brief report pertaining to the entire endeavour and lessons and outcomes obtained will follow. After all information has been made clear, a report will then be presented. The expected outcome of this activity is a well written report outlining all that was done and the outcomes of the various actions. Act. Planning comes before the actual action can be taken. In action research, every iteration has an action phase where the researcher undertakes to follow the guideline or plan developed previously to achieve the goals and outcomes predetermined in the planning phase. Among the activities that I conducted herein include researching on the concept of cyber security. Researching this concept made me to seek information from various sources, the key among them being books and academic papers. These were among the resources allocated during the planning phase. Other resources or sources of information include databases and website or the internet. The main aim of the iteration is to give a clear overview of the concept and also related concepts. As such, I used various strategies during the research process, and this included use of keywords when searching for the specific contend from the internet. Another activity I undertook was recording the data obtained from these sources. Data recording was simply in the form of
  • 17. notes taken during the research. This was followed by data analysis where the researcher used content analysis to obtain the information from the various sources. Any content relating to the cyber security and related concepts was extracted from these sources. Lastly, I undertook to define and offer some more information pertaining to cyber security. Being the final activity in this iteration phase, I discussed various aspects of the cyber security concept and related this information to the main theme of the action research – that is, designing and implementing a cyber-security framework. This phase ushered in the next phase in this iteration where the lessons derived from this phase and the planning phase are highlighted and explanations offered where necessary. Observe. The third phase of each iteration is the observation phase. The observation phase of an action research simply entails the analysis of the situations of the iteration in question. In other words, the researcher undertakes to extract some lessons from the previous iterations. Each action in the iterations is expected to bear some to bear some outcomes as had been predetermined during the planning phase. This is why the researcher, in the observation phase, takes note of all that went on in the iteration. The first iteration was a rigorous with so much to observe. The researcher observed that there was adequate literature pertaining to the issue of cyber security. Researchers and practitioners have extensively documented the various issues regarding the topic and this only meant that the researcher could easily access data and gain an understanding of the cyber security. Secondly, there are several models of the cyber security framework that have been designed previously to address cyber security threats. This is an indication that the researcher would only be replicating the previous models only that the framework to be designed and implemented would be customized. This is because the researcher understands the problem at hand and develops a solution to the specific
  • 18. problem, rather than a general solution to general problems. The previous models be used not only as reference points, but also as controls to ensure the researcher designs and develops a viable solution. Lastly, there are several concepts closely related to the cyber security concept that would require to be clarified in order to draw clear lines between them. There are chances that these concepts would be confused with the concept under investigation. Reflect. The final phase of each of the iterations is the reflection phase, whereby the researcher ponders the happenings of the iteration and establishing the relationships between the various phenomena. This is a careful analysis of the happenings of the iteration determining why things happened as they did and what effect they had on the outcome or other things. This is where the researcher makes various judgments pertaining to various issues. Entirely, the iteration can be said to have been a success, and this is because the desired outcome was obtained after a careful performance of the various goal-oriented activities. Even though it is a wide concept that could take many days and a lot of resources to cover fully, he researcher was able to gain an understanding of the concept with the resources and timeframes allocated for this iteration. The planning went on well, and this is the major reason for the iteration success. Some things may not have gone too well, and this includes a comprehensive discussion of the concept and related concepts. This did not happen owing to the fact that the resources and time needed for that would have been too much. This is also a process that could be improved. Among the challenges included time and resources, as their limitation also caused a limitation of the scope of the iteration. Given adequate time and resources, a comprehensive review of the topic would have been possible, and this could have implied a better framework could be developed. This is also a risk factor in that the shallow discussions exposes the researcher to the risk
  • 19. of developing an inferior framework that would not overcome the problems it is intended to.