Description
Notice :
1- you must prepare 7 to 10 ppt slides
2- you will be asked to conduct class presentation .
3- the total points for this activity will be 10 marks.
4- each student should chose only one topic
5- No shared presentation.
6- the Excel file will be unavalable at 2.3.2025 (the due date)
7- if you have no interset in all listed topic please dont hesitate to add your own one
GHADEER ALRAHEEM
Cybercrime
Collapse
Introduction
Cybercrime has reached an alarming scale in recent years, with attackers becoming
increasingly sophisticated. This trend poses significant risks for organizations, especially as
digital transformation accelerates. The financial and reputational damage from cyber-attacks
such as data breaches, ransomware, and phishing can be catastrophic. The global cost of
cybercrime is projected to reach trillions of dollars annually (Shackelford, 2020), affecting
companies across all industries. As a business manager, this is a growing concern because
cybercrime can disrupt operations, lead to data loss, and create legal liabilities, all of which can
harm an organization’s bottom line. Additionally, the rise of remote work, cloud services, and IoT
devices expands the attack surface, making cybersecurity a higher priority than ever before
(Whitman & Mattord, 2022).
Importance of Frameworks, Standards, and Models in Cybersecurity
To mitigate these cyber risks, businesses need structured frameworks, standards, and models
to guide their cybersecurity efforts. These frameworks provide best practices for protecting
sensitive information, ensuring operational continuity, and maintaining regulatory compliance.
The NIST Cybersecurity Framework (CSF) is one such framework that provides a risk-based
approach to identifying, protecting, detecting, responding to, and recovering from cyber
incidents (NIST, 2018). By following these steps, a business manager can develop a
comprehensive security program that addresses each phase of a cyber incident lifecycle.
The ISO/IEC 27001 standard also offers valuable guidance by establishing a management
system to protect information assets and ensure business continuity (ISO, 2022). By using such
standards, business managers can minimize vulnerabilities and ensure they follow a globally
recognized set of cybersecurity practices. These frameworks provide not only guidelines but
also a structured methodology to address cybersecurity in a consistent and repeatable way.
One more widely used model is COBIT (Control Objectives for Information and Related
Technologies), which focuses on aligning IT with business goals. This model emphasizes the
need for businesses to implement governance structures to oversee cybersecurity measures
and ensure accountability (ISACA, 2019). Such models are crucial for maintaining a wellorganized and efficient cybersecurity program.
Can Frameworks Keep an Organization Safe?
While frameworks, standards, and models provide critical tools for managing cyber risks, they
cannot guarantee absolute protection. Cybersecurity is a continuously evolving field, and new
threats emerge regularly. Frameworks like NIST and ISO/IEC 27001 are effective in providing
structured approaches to risk management, but they must be complemented by proactive
security measures such as threat intelligence, incident response plans, and employee training.
As Whitman and Mattord (2022) discuss, the principle of defense in depth—implementing
multiple layers of security controls—helps ensure that if one layer fails, others will continue to
provide protection.
Moreover, the Zero Trust Architecture (ZTA) principle has gained popularity, advocating for never
trusting and always verifying access requests, regardless of their origin (Pfleeger & Pfleeger,
2019). This approach assumes that every user, device, and network connection may be
compromised and limits access based on strict authentication processes. By incorporating
such principles alongside established frameworks, organizations can significantly reduce the
likelihood of a successful cyber attack.
Conclusion
In conclusion, cybercrime is a growing threat that demands a structured and proactive
response. While no framework or model can completely eliminate cyber risks, implementing
frameworks like NIST, ISO/IEC 27001, and COBIT provides businesses with essential guidelines
for building a robust cybersecurity program. As a business manager, understanding the
importance of these frameworks and principles ensures the organization’s data and reputation
are protected. However, continuous adaptation and improvement of cybersecurity measures
are crucial as the threat landscape evolves.
References:
•
ISACA. (2019). COBIT 2019 framework: Introduction and methodology. ISACA.
•
ISO. (2022). ISO/IEC 27001: Information security management systems – Requirements.
International Organization for Standardization.
•
National Institute of Standards and Technology (NIST). (2018). Framework for improving
critical infrastructure cybersecurity (Version 1.1). U.S. Department of Commerce.
•
Pfleeger, C. P., & Pfleeger, S. L. (2019). Security in computing (6th ed.). Pearson.
•
Pollard, C., Turban, E., & Wood, G. (2018). Information technology for management:
Ondemand strategies for performance, growth, and sustainability (11th ed.). John Wiley
& Sons, Inc.
•
Shackelford, S. (2020). Cybersecurity law, policy, and institutions. Oxford University
Press.
•
Whitman, M. E., & Mattord, H. J. (2022). Principles of information security (7th ed.).
Cengage Learning.
9 days ago
REEM ANDIJANI
Cybersecurity
Collapse
Current State of Cybercrime
Cyberattacks targeting business organizations have surged recently. The attack ranges from
data breaches and ransomware attacks to complex phishing schemes. Turban et al. (2021) note
that hackers target computers, mobile phones, servers, and Internet of Things (IoT) devices to
spy on users, steal identities, and disrupt business operations. Reliance on cloud computing,
mobile phones, and IoT has increased the attack surface, offering hackers more entry points.
The democratization of hacking tools has also contributed to cyberattacks by lowering the entry
barrier and enabling even semi-skilled individuals to attack organizations. Furthermore, the
interconnected nature of global networks enables one breach to affect entire organizations. For
instance, a breach could affect entire supply chains and disrupt critical infrastructures. Hence,
factors such as increased attack surface, democratization of hacking tools, and
interconnection of global infrastructure have contributed to the worrying cyberattack trend.
The changing cybersecurity landscape is deeply concerning for managers due to financial
impacts, reputational damage, legal and regulatory scrutiny, and operation disruption
associated with attacks. Cyberattacks can affect organizations financially through loss of
revenue and recovery costs. Li & Liu (2021) note that attackers have targeted financial
documents and spread false economic information, causing economic damage. Small and
medium-sized businesses (SMEs) are significantly affected since they lack sufficient resources
to implement robust security measures. Security incidents also damage an organization’s
reputation, eroding customer trust.
Cybersecurity Frameworks, Standards, and Models
Benefits of Implementing Frameworks, Standards, and Models
Frameworks, standards, and models offer a systematic approach to managing
cybersecurity risks and implementing appropriate controls. Frameworks such as COBIT 2019
integrate security, IT governance, and risk management. They include principles, guidelines, and
best practices that a firm can use to implement a security program. Frameworks are also
flexible, allowing organizations to customize them based on specific needs. Cybersecurity
standards such as PCI DSS are more specific than frameworks, setting mandatory requirements
for organizations to comply with industry regulations (Turban et al., 2021). Standards often
focus on particular areas of cybersecurity, such as data protection. Moreover, models offer a
conceptual representation of how various security controls can be combined to provide
multiple levels of protection. Models help identify potential gaps in the defense systems.
Hence, frameworks, models, and standards help organizations mitigate and manage
cybersecurity incidents through adequate controls and best practices.
Additionally, frameworks, standards, and models are essential for business managers
since the tools support continuous improvement, decreasing costs, and compliance with
industry best practices. Frameworks and standards provide a culture of continuous
improvement through monitoring, auditing, and updating the security program. These measures
ensure the security program can mitigate and manage emerging threats. Moreover, frameworks
and models reduce the cost of implementing a security program. Multiple complementary
security layers are employed in a structured approach to identify vulnerabilities and prevent
costly data breaches. Standards and frameworks ensure a firm complies with industry best
practices and procedures (Taherdoost, 2022). The compliance supports the comparison of
security programs internationally. Thus, frameworks, standards, and models are essential to
managers’ cybersecurity efforts through reduced costs, continuous improvement, and
compliance with industry best practices.
Safety Guarantee in an Organization
Frameworks, standards, and standards are vital tools for an effective cybersecurity
program, but they cannot completely guarantee safety. Cyber threats constantly evolve,
necessitating adaptive and dynamic security approaches. Additionally, new system
vulnerabilities are continuously discovered. Cybercriminals can utilize unpatched
vulnerabilities to gain unauthorized access to a system. Moreover, human error is a major factor
in many cyber incidents. Security programs could fail to mitigate and manage attacks caused by
human errors successfully. However, implementing the tools reduces the risk of a successful
attack. Hence, models, frameworks, and standards are essential for a strong security program
but cannot fully guarantee safety.
References
Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security;
Emerging trends and recent developments. Energy Reports, 7, 81768186.
Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security
standards—A review and comprehensive overview. Electronics, 11(14),
2181.
Turban, E., Pollard, C., & Wood, G. (2021). Information technology for management: Driving
digital transformation to increase local and global performance, growth and
sustainability (12th ed.). John Wiley & Sons.
Purchase answer to see full
attachment
