According to a 2005 report in the CQ Researcher, nearly 10 million consumers are affected annually by lost or stolen data, costing the U.S. economy $53 billion (Katel)
Though attacks on the national or international infrastructure seem terrifying, much more likely to affect an individual are attacks on their personal information or a company they patronize. "Eighty four percent of data breaches involved credit card information, and about one third involved personal information" (Marshall 173)
The cybersecurity issue has become a focus for the following international organizations: United Nations (UN), International Telecommunications Union (ITU), Organization for Economic Co-operation and Development (OECD), European Union (EU) and Council of Europe (CoE) (Schjolberg & Hubbard, 2005). Many professional organizations have codes of conduct for their members (Baase, 2008)
As such, cybersecurity can be characterized as technology plus network security plus information assurance ("Booz Allen Hamilton," 2011). Strategic integration of cybersecurity efforts is measured by the degree to which it is integrated into enterprise risk management (ERM), overall mission assurance activities, and any associated internal and external security strategies (Bodeau, et al
A fully formed strategic operating model will ensure that enterprise leadership "delivers a coherent and consistent decision- making structure, clarifying decision rights and a model that avoids decision ambiguity and 'paralysis by analysis'" ("Booz Allen Hamilton," 2011). Enterprise leadership must be able remain focused on the mission so that resources are aligned with enterprise strategy and organizational goals (Goodman, 2011)
Increasing dependence on communications and information technology (CIT) for ordinary enterprise activity points to a greater reliance on enterprise cybersecurity defenses. Certainly a degree of resources must be diverted from direct revenue production when an enterprise determines to invest in mature cyber diagnostics and to strengthen the organization's cybersecurity position and posture (Gordon, 2010)
An effective cybersecurity effort will be characterized by the following: (a) Establishment of layered defense against threats; (b) Fostering a complete recognition of the enterprise's vulnerabilities; ( c) react to, constrain, and cripple cyber attacks that do get through; (d) evolve in response to compliance requirements; and (e) establish quick, deep learning from experience ("PCAST," 2007). The role of IT can be as essential as providing the support for an operational surge or providing the flexibility to rapidly deploy new technology (Lynch, 2011)
Legal, ethical, and technical cybersecurity considerations. The legal aspects of cybersecurity are complex, so complex, in fact, that there are multiple categories that must be coordinated and eventually harmonized into a functioning legal framework (Schjolberg & Hubbard, 2005; Spinello, 2011)
Under the legislative considerations of cybersecurity, there are additional legal categories, including substantive, procedural, mutual legal assistance, and protection of individual rights (Schjolberg & Hubbard, 2005; Spinello, 2011). The federal government and individual states may also enact laws that address cybercrime (Spinello, 2011)
Attackers achieve the attacks either through flooding or logic attack. While flooding DoS attack occurs through brute force, logic attack occurs through intelligent manipulation of vulnerabilities in the target system, such as an IP datagram that may result to a system crash because of a serious flaw in the operating system software (Chang, 2002)
Therefore, when these employees have the entry into an organizations database, especially when such access exceeds the descriptions of their work outline, they might abuse the access for malicious intentions. For instance, a university lecturer whose job outline requires them, only the capacity to alter the student contact information might take advantage of the access and maliciously alter the student's grade on the upgrade software (Erickson and Phillip, 2005)
In addition, organizations should test their software regularly and comply with many of the regulations put across. Owing to the frequency and sophistication of software vulnerabilities, it is important to restructure the activities concerning security intelligence, evaluation and remediation (Molsa, 2005)
Another significant element of the governance component is to establish performance indicators. The indicators will evaluate performance of the security support workforce against measurable objectives, which the organization would target to incorporate software security support with software development practices (Hamou-Lhadj and Hamou-Lhadj, 2009)
Although not all employees, student interns and contractors have bad intentions towards the said organization, some of them may have varying levels of malicious purposes. In regards to inside threats, we focus on malicious employees who have the capacity to initiate harm or software destruction (Whitmer, 2007)
The recommendations are impressive and substantial, and include the following: cybersecurity insurance, expedited assistance from the government during cyberattacks, grants, liability limitation, process preference, public recognition programs that help to establish recognized emblems of trust, rate recovery for price regulated industries, and streamlined regulations. There is also hope that business and industry can assist with efforts to research "the most pressing cybersecurity challenges where commercial solutions are not currently available" (Daniel, 2014)
The BBP is a bug challenges reward or VRP (vulnerability rewards programs) aimed to reward penetrators, testers, independent security researchers as well as white hat hackers in order to share knowledge about operation of the BBP. (Bilge, & Dumitras, 2012)
It announced increases in the bounty amounts in areas of particular security interest ." (Kuehn & Mueller, 2014 p 10)
It announced increases in the bounty amounts in areas of particular security interest ." (Kuehn & Mueller, 2014 p 10)
"Security bug is present in the most recent main development or released versions of Firefox, Thunderbird, Firefox for Android, or in Mozilla services which could compromise users of those products, as released by Mozilla Corporation." (Mozilla, 2015 p 1)
Another issue that has been identified by cybersecurity analysts is that many of the laws and enforcement mechanisms have been dispersed among a number of different agencies. There is little coordination of effort on cybersecurity between these agencies, and not common set of objectives to which any of them work (Advogados, 2015)