Chat with us, powered by LiveChat Based on attached documents please answer below 600 wo - Study Help
  

  Based on attached documents please answer below 600 words

Final Reflection

Write a reflection about your journey in this course. In your reflection, give a detailed explanation about how you intend to start your data collection process {once you get the green light from IRB [if you do not have it already]}. Include the when, who, what, and how you intend to start this process.It is essential to have this game plan as a roadmap to keep you on task as you continue your work. 

Informed Consent Form

I am conducting a study about Cyber Security. I invite you to participate in this research. You were selected as a participant because you were victim of breach of cyber security in the Twitter Spear Phishing and the Zoom credential hack companies. Please read this form and ask any questions you may have before consenting to be in the study.

This study is being conducted by: researcher :Prem chander Boinapally.

Background Information:

The purpose of this study is bring awareness of how cyber infiltrators have developed many ways of hacking into systems. In this day and era, cyber security helps maintain order, and keep the internet safe for users. The current digital era has influenced change in the ways we buy things, bills get paid, watch movies, how people pay mortgages and rent houses just to mention but a few. Incidents of security breaches are widely reported as well as fraud, malicious cyber-attacks, fraud, hacking, and cyber-bullying making it necessary for the need of cyber security.

Consent forms will be provided for minors, to be signed by their guardians indicating approval for conducting the research on minors. Experts also will have to sign a consent form indicating that they freely and willingly gave information to their best of their knowledge and without any bias whatsoever. Adults also will sign a consent stating the same that they willingly gave information free from coercion or biasness.

Procedures:

If you participate in this study, I will ask you to do the following things. Provide relevant information as provided for in the questionnaires or provide relevant answers when called or when an interviewer conduct the survey face to face. Information provided will remain confidential. You may ask questions of the researcher at any point in the study. Participants will require to fill in written questioners especially for the focus group and online through mail. Some other participants will be called by surveyors to collect the relevant information and will be asked questions also from the questionnaires. The focus groups will comprise of minors, their guardians, and affected members of cyber-attacks. The aim of the focus groups is to bring the people with the commonality of being cyber attacked together to shed light and give their personal perspectives on the cyber-attack research. Meetings will be conducted online and physically where groups will me in designated public spaces as promptly communicated through email. Participants especially those conducting the surveys will travel across the designated geographical areas of group meetings.

Risks and Benefits of Being in the Study:

The study has several risks. First, the victims may get traumatized and emotional. Second, big corporation may fire their employees for giving out information of breaches in their system not made public. Third, threats maybe issued by corporations who feel the need to bury this kind of information.

There is minimal risk of emotional discomfort if you choose to participate in this study and be recorded. If needed for support, resources can be reached at [email protected]. There is risk of being traumatized, fired and threatened by the corporations under review might be inevitable.

There are no immediate benefits to you for participating in this study.

The direct benefits of your participation are: awareness will be raised to help fight cyber security breaches. The consumer will gain awareness and be protected from cyber criminals. Consumers will get better know how of why and how these breaches occur. Businesses and organizations will know what measures to adopt to reduce cyber-attacks.

Confidentiality:

In any publications of the results, pseudonyms will be used in place of names of participants or locations. The records of this study will be kept private. In any sort of report I publish, I will not include information that will make it possible to identify you in any way. Research records will be kept secured; my Judson University research advisor and I are the only people who will have access to the records as well as video and audio recordings. No names will be noted down with the answers on questioners. The questioners won’t capture details of the participant filling it. After compilation and deduction of the research the questioners will be burnt.

Video Recordings

Video recordings for data analysis, and portions of recordings may be presented in a professional context. Although real names will not be used in presentations of the research, and responses will be treated with confidentiality to anyone outside of the project research staff, participants might be identifiable to people who recognize them in video recorded artifacts. Recordings will be kept until completion of study groups sessions, face to face interviews, telephone interviews, and online meetings through the designated platform and destroyed immediately thereafter after compilation of data collected. Please sign below if you are willing to have your image recorded. You may still participate in this study if you are not willing to have your image recorded. If you are not willing to be video recorded, the camera will be situated in the classroom at an angle that will avoid capturing your image. Any unintentional video recording(s) of you will be edited to blur their image, causing them to be unrecognizable to viewers.

___________________________ ______________

Signature Date

· Audio Recordings

Interviews may be audio recorded for data analysis, and portions of recordings may be presented in a professional context. Although real names will not be used in presentations of the research, and responses will be treated with confidentiality to anyone outside of the project research staff, participants might be identifiable to people who recognize them in audio recorded artifacts. Recordings will be kept until completion of degree and destroyed immediately thereafter. Please sign below if you are willing to have the interview(s) audio recorded. You may still participate in this study if you are not willing to have the interview(s) audio recorded.

__________________________ ___________

Signature Date

Voluntary Nature of the Study:

Your participation in this study is entirely voluntary. Your decision whether or not to participate will not affect your current or future relations with your employer or Judson University. If you decide to participate, you are free to withdraw from the study at any time without penalty. Should you decide to withdraw from the study, data collected about you, or your students will only be used up to the point of your withdrawal.

Contacts and Questions

My name is Prem chander Boinapally. You may ask any questions you have now and at any point through the research process. If you have questions, you may contact me at [email protected]. You can also contact my advisor Dr. Olabisi Adenekan email which is [email protected]. Or the Disaster Distress Helpline at 1-800-985-5990.

You will be given a copy of this form to keep for your records.

Statement of Consent:

I have read the above information. My questions have been answered to my satisfaction. I give consent to participate in the study.

___________________________ ________________

Printed Name of Participant Date

___________________________ ________________
Signature of Study Participant Date

__________________________ ________________
Signature of Researcher Date

JUDSON UNIVERSITY INSTITUTIONAL REVIEW BOARD

RISK ASSESSMENT FOR RESEARCH INVOLVING HUMAN SUBJECTS

This protocol must be approved by the Judson University Institutional Review Board before data are collected. Please refer to the Judson University IRB Procedures and Policies manual available at www.judsonu.edu/irb.

__________________________________________________________________________________________

Name: Prem chander Boinapally Date: 1/31/2022

__________________________________________________________________________________________

Program or Department: Adult and Continuing Education and Teaching

Supervising Professor: Dr.Olabisi Adenekan

__________________________________________________________________________________________

Title of Proposed Research: Cyber Security

Read the following Risk Level Assessment Form(next page) and mark all items in each risk category that apply to your research. Record the totals from each category below:

No risk: __2________ Minimum risk: __4_________

Moderate risk: __6________ High risk: __1_________

Be sure your IRB Application thoroughly describes the following:

If your research involves vulnerable populations, include the following in the IRB application.

1. If your subjects are MINORS: Describe how you will obtain each child’s verbal or written assent as well as written consent from the child’s legal guardian. Note: At ANY level of risk, informed consent must be obtained from both the parent or guardian AND the minor before data is collected. If consent is given by the minor, but not by the parent or guardian, data should not be collected. Describe the means to be taken to reduce risks and to safeguard the subjects. Describe why alternative, less risky methods of research would not be possible.

2. If your subjects are VULNERABLE TO “UNDUE INFLUENCE”: For example, anyone over whom you have authority or anyone in your care is vulnerable to your influence (students, clients, parishioners, employees, etc.). Describe how the subject’s right to decline participation without negative consequences will be preserved. Describe the means to be taken to reduce risks and to safeguard the subjects. Describe why alternative, less risky methods of research would not be possible.

3. Other “VULNERABLE POPULATIONS”: For example, those who are institutionalized or are unable to make their own decisions are vulnerable. Describe the vulnerability of the subjects and how the risk caused will be minimized. Describe actions to be taken to reduce risks and safeguard the subjects. Describe why alternative, less risky methods of research would not be possible.

If the Principal Investigator is a student:

Signature of supervising professor ________________________________________

Date ____________________________

RISK LEVEL ASSESSMENT FORM

This checklist is provided to help researchers, reviewers, and the IRB to consider thoroughly the research proposal in light of the potential risk to human subjects and does not in itself determine the decision or recommendations of the IRB. It is not the intent of the IRB to use this risk level assessment tool to comment on the merits, quality, or design of the research beyond the potential risks to human subjects.

Based on your research purpose, population, and methods, check all items in each category that apply to your research, and indicate the totals on p. 1. It is not uncommon for items to be checked in multiple categories, and it may take only one risk factor to place the entire research project in a particular category. You may be able to justify the value of a research project being at a particular risk level, or you might describe procedures that reduce the potential impact of an acknowledged risk factor in your IRB application.

NO RISK LEVEL CRITERIA:

____ People will be observed randomly in a public place where there is no personal identification of subjects.

____ Subjects are not aware of the observation and do not have direct contact with the researcher.

__X__ Only public information will be utilized, such as phonebooks, directories, or other widely published lists.

____ Data are collected without any identifying information. There is no possible or imaginable way to trace responses back to subjects.

__X__ Data will be used collectively in a statistical manner, and no one individual’s response can or will be tracked.

__2__ TOTAL for NO RISK

MINIMAL RISK LEVEL CRITERIA:

__X__ Subjects are interviewed or otherwise contacted to solicit participation.

__X__ Inquiries are made regarding to basic identifying information such as age, gender, ethnicity, etc.

__X_ Subjects are asked to answer general questions regarding non-personal information.

__X__ Subjects are asked to give opinions or attitudes toward commonplace matters such as general trends or other benign topics.

____ The research will not in any way influence or affect the subject socially, psychologically, or spiritually.

____ The collection of required information will not take more than 4-5 minutes of the subject’s time.

__4___ TOTAL for MINIMAL RISK

MODERATE RISK LEVEL CRITERIA:

__X__ The subject is asked to reveal personal information regarding individual opinions, background, behaviors, attitudes, or beliefs.

__X__ Subjects will be selected to participate based upon a particularly unique characteristic or group membership (similar position, training, background)

____ Subjects will be selected to participate based on an extraordinary life experience.

____ Topics or questions raised are politically, emotionally, culturally, spiritually, or psychologically sensitive.

__X_ Individual or group presentations, phone calls, or questionnaires will be used to solicit participation in the research.

__X__ The research objective is not revealed at the outset to the subject in a direct and straightforward manner, such as research that requires that the subject be naïve regarding the research in order to participate objectively.

__X__ Subjects are required to reflect on their own behavior, values, relationships, or self in such a way that one might be influenced or affected, and/or anxiety or concern might be raised about the subject matter of the research.

__X__ The subject may have regrets, concerns, afterthoughts, or reactions to the research method after data collection is completed.

___ The subject may become tired, weakened, or be mentally or physically affected as a result of the research method.

____ The research may inconvenience subjects by causing a delay or intrusion into their routine or schedule.

___ Involvement in the research will require more than 5 but less than 60 minutes of the subject’s time(outside of normal learning activities if the study is conducted in a classroom.)

__6__ TOTAL for MODERATE RISK

HIGH RISK LEVEL CRITERIA:

____ Subjects are asked or led to reveal highly personal information in areas such as close relationships, trauma, sexuality, or potentially immoral, unethical, or illegal acts.

____ The topic or research methodology will raise issues that are highly charged politically, emotionally, culturally, psychologically, socially, or spiritually.

__X__ The research will involve minors who do not have the authority and/or ability to give fully informed consent to participate.

____ The research will intentionally, or by design, involve persons who may be of legal age yet who are dependent on others due to a chronic or crisis health concern, developmental delays, advanced age, a language barrier, and/or incarceration, which may impair the subject’s ability to give fully informed consent.

____ Subjects will be selected to participate based upon a particular diagnosis, disorder, or physical or mental health concern.

____ The subject is likely to be affected emotionally, socially, or psychologically through the research over the short and/or long term, to the extent that debriefing or other reparative interventions are built into the research design (not solely for preventative purposes).

____ The research design calls for deception of the subject at any level.

____ The research involves physical manipulation, contact or touching either with the researcher or between subjects, physical exercise, and/or any medical procedure.

____ The research itself or the information obtained from the subjects may have immediate and/or long term political, legal, economic, and/or social consequences for the subjects.

____ Involvement in the research will require more than 60 minutes of the subject’s time(outside of normal learning activities if the study is conducted in a classroom.) or significantly influence the person’s routine and/or activities.

__1__ TOTAL for HIGH RISK

Principal Investigator:

Prem chander Boinapally

Study:

Adult and Continuing Education and Teaching



APPLICATION FOR APPROVAL OF RESEARCH

Institutional Review Board

Principal Investigator

1. Principal Investigator:

a. Full name:

Prem chander Boinapally

b. University department, program, and position:

Education/Student

c. Email address:

[email protected]

d. Phone number:

510-556-7011

b. Co-Principal Investigator (if applicable):

a. Full name:

b. University department, program, and position:

c. Email address:

d. Phone number:

c. Person completing this application (if not PI):

a. Full name:

b. Email address:

c. Phone number:

d. If the PI is a student, the supervising professor or academic advisor:

a. Full name:

Dr. Olabisi Adenekan

b. Email address:

[email protected]

c. Phone number:

e. Has this study been approved by a committee?

f.

Yes

X

No

5. Submission Category (please check one):

Exempt – no human subjects involved

X

Expedite – minimal risk to human subjects

Full Review – moderate to high risk to human subjects

6. Publication Audience:

Internal – research intended for teaching purposes only within courses at Judson University.

X

Public – research may be published outside of Judson University.

Research Study Identification and Overview

1. Title of study:

Cyber Security

2. Full description of the research, its objectives, methods, and what subjects will be asked to do.

Our dependency on the internet has become immense. It is wrong to assume one’s safety in the sense that only big organizations are more susceptible to hackers. A normal consumer connected to the internet if not vigilant enough is at the risk of getting trapped easily. Cyber infiltrators have developed many ways of hacking into systems. In this day and era, cyber security helps maintain order, and keep the internet safe for users. The current digital era has influenced change in the ways we buy things, bills get paid, watch movies, how people pay mortgages and rent houses just to mention but a few. Incidents of security breaches are widely reported as well as fraud, malicious cyber-attacks, fraud, hacking, and cyber-bullying making it necessary for the need of cyber security.

This research will use the qualitative research method. Data will be collected and analyzed. Non-numerical data will be used to help gather deeper insights into the problem to help generate new ideas. The intention is to investigate cyber security and find out possible measures put in place to be secure against threats, investigate the measures organization put in place and adopt for safety, and to find out what measures individuals and organizations should take to protect themselves. Deceptive practices will be avoided when designing the research at any time. The participants will remain anonymous and confidentiality will be upheld more concerning their identity and information they shared. Experts, and affected members that members who have suffered a cyber-attack were the targeted audience for survey. Measures have been adopted to avoid any kind of bias by making sure that the surveyors understand stereotyping more so as the foundation of bias and avoid it. Leaders are made responsible for transparent conducting of surveys where realistic expectations are set outlining clear criteria for the evaluation process of qualification and performance. Bias training to the surveyors was conducted and a means of making complaints from the targeted audience was set through way of email. Experts and cyber-attack victims being surveyed won’t be interviewed together. The victims will be interviewed together with other victims as these will be done in order to try and bring a safe space with commonality amongst the victims which will in turn enhance the information collection. I will travel to all four geographical locations to meet participants at their local geographical locations in order to attain efficiency as it would be hard for the participants to attend a synchronized meeting out of their local geographical locations. Data collected upon finalizing of the survey will be burnt.

Focus group participants: Focus group meetings will be held in two distinct manners one through the phone and the other through face-to-face surveys. The focus will provide helpful insights in the research as there is multiple interaction, not only between the interviewee and participants, but among the participants themselves. Two rounds of face to face and physical focus group meetings were conducted with different groups. These focus groups consisted of 5-7 people including minors and their guardians. Victims and experts will not be in the same focus groups. Experts will interviewed separately with the data collected from the concluded focus group meetings. Data from network administrators is also reported. During the first focus group meeting participants were on the different way hackers get access to their networks and the different types of malwares. For the second focus group we gave data analysis of the first group and tried to reach a consensus of the most important deviations of the security rules. The focus that was conducted over the phone consisted of 5-7 members and lasted about one and a half hours. Minors were not part of these online focus group meetings as well as their guardians. The focus groups were audio taped and the audio tapes transcribed in anonymized text files. Adults with minors will be asked whether;

· Online safety should be formalized within the education system?

· Who should have the main responsibility for cyber safety?

· What the main concern as a parent in relation to the children being online?

· What challenges parents face in protecting their children?

· What education should be given to parents?

· What unique challenges are posed by cyber-bullying for parents, and what can be done for parents to monitor the children’s online activity?

Analysis: The analysis of qualitative data is an iterative process. The coding of data comes first to determine major categories fit into different categories. Interpreting of qualitative data is highly subjective and procedures have to be developed to establish inter reliability. Two coders were used to code the data. They agreed to different categories and reached a consensus of how the data fitted into the main categories. After consensus, their solutions, and the data on which they were based, they were presented to another researcher. Based on the feedback of the other researcher changes were made of how the data fitted into the main categories. The same process continued and only after the three researchers came to a consensus about the right interpretation of the qualitative data, the solutions were accepted.

Participation requirement: Subjects are asked to provide honest information for the survey. Participants will answer questions and provide insight on different questions asked. Minors involved will be required to ask for consent from their guardians where guardians will have to sign a formal consent form indicating that they agreed to the survey. The guardians will have to stay with the minors throughout the survey. All participants will converse in English.

Group Component: groups will have 6-7 members brought together by a common characteristic.

Meeting Preparation: Participants will be notified through emails of relevant information pertaining meetings especially. The participants will meet in meeting rooms, churches, classrooms more so after class activities have come to attend mostly in the evenings, where meetings will be held in backrooms in order to maintain confidentiality.

Working logistics: each focus group members will determine accordingly to responses from the survey logistics. After meeting for one and a half hours, for two meetings, each group will be discontinued.

Focus Group Meetings: A sign sheet will be provided for each meeting day to allow for the documentation of participants present. Only the initials and numbers assigned with every initial of the members names will be on the sign sheet. Name tags with initials and numbers will be given for easy identification. Relevant information will be communicated while making sure that the participants agree with the confidentiality agreement. The researcher will be the moderator and will take notes during the meeting. Different meetings will have different agendas.

3. Dates for conducting study:

This study will take place between February and July 2022.

General logistics; survey distribution, identifying participants will take place between February and March 2022.

Focus group meeting will be done between April and May 2022.

Transcription and coding will be done between April and July 2022.

4. Site(s) of study:

The data to be collected will be collected from the following geographical areas:

· Washington D.C area location.

· Colorado Springs area location.

· Albuquerque area location.

· New York area location

5. Description of the population/subjects participating in the research study, recruitment of the subjects, and the criteria for inclusion as a participant of the study.

The participants for this study will be of all ages and categorized as either an expert or a victim.

The involvement selection process will be based on availability and willingness of the participants.

A follow up survey will be conducted to people available and willing to participate in the research.

Participant for this research study will be drawn from the mentioned geographical place above. Washington D.C will get higher popularity than the rest. Participants will be of mixed ages and gender. Participants who are victims take precedence as they provide insights of value to the research topic. For easier communication, participants will be able to converse in English. Participants will be of 5-7 participants who will be categorized by the geographical region they are in.

6. Identification of special subjects/ populations, if any, such as children and minors, pregnant women, cognitively-impaired persons, prisoners, traumatized and comatose patients, terminally ill persons, elderly, minorities.

The research will be open to all ages and races with exception to children who need a guardian’s consent. The consent will be in writing signed executed by the guardians.

7. Full description of provisions to care for subjects where there is risk of physical or emotional research-related harm.

When interviewing the victims, I’ll make sure they are in a safe space physically and psychologically to talk about how cyber security breach affected them.

8. Description of confidentiality provisions and measures to protect the identity and privacy of subjects.

Any information given by participants is confidential and he or she won’t be exposed. Both during and after research anonymity is paramount and will be guaranteed. Hard copies and electronic ways will be used to store data. The audios will be transcribed by the researcher and the hard copies locked away in the cabinet. Only the research team will have access.

9. Description of obtaining consent from subjects and, if the subjects are minors, obtaining consent from the child’s legal guardian.

Any participating minor ought to have consent from their parents or legal guardian.

10. Risk Assessment scores (taken from the Risk Assessment form).

No Risk: 2 Minimum Risk: 4 Moderate Risk: 6 High Risk: 1


As principal investigator, I assure that the information provided is correct, that I will seek Judson University IRB approval for any substantive modifications in the research study, and that I will report to the IRB Chair promptly any incidents or anticipated problems that may occur during the course of the study that may affect subjects adversely or change the risks and benefits described.

Signature of principal investigator __________________________

Date of signature _____________________________

If the PI is a student:

Signature of supervising professor:

Date of signature: February 7, 2022

Email the following documents to

[email protected]

· This application saved as 1 Lastname IRB application

· Study proposal (if applicable) saved as 2 Lastname Proposal

· Completion certificate of ethics training saved as 3 Lastname Certificate

· Risk Assessment form saved as 4 Lastname Risk Assessment

· Instruments used in the study saved as 5 Lastname Instrument Name (repeat for additional instruments)

· Consent forms sent as WORD DOCUMENTS and saved as 6 Lastname Parent Consent, 6 Lastname Student Consent, 6 Lastname School Consent, as necessary

This study has been approved by Judson University’s Institutional Review Board.

Signature of IRB Chair ___________________________________

Date of signature ______________________________

1

5

Table of Contents
CHAPTER 1 3
Introduction 3
Background. 3
Significance of the study 4
Theoretical Foundations 5
Researcher’s Positionality 8
Purpose of the Study 9
Research Questions 10
Definition of the Terms 10
A. Cyber Security 10
B. Threats 11
C. Business Data 11
D. Attacks 11
E. Firewall 11
F. Authentication 11
G. Data Encryption 11
H. Hacker 11
I. Incident response plan 12
Summary and Organization of the Remainder of the Study 12
Chapter 1 12
Chapter 2 12
Chapter 3 12
CHAPTER 2 LITERATURE REVIEW 13
Introduction 13
CHAPTER 3 18
Research Methodology 19
Research Design 20
Study Population 22
Data Collection Methods 23
A. Face to face interviews 23
B. Telephone surveys 23
C. Online surveys 24
Data Analysis and Procedures 24
Limitations in data collection and analyzation 24
Validity and Reliability of the Study. 26
Trustworthiness of the Study 28
Ethical Considerations 29
CHAPTER 4 30
Results 30
CHAPTER 5 31
Conclusion 31
References 33

CHAPTER 1



Introduction

Organizations are facing an increase in challenges with the rapid increase of security threats and attacks with the advancement of technology. Internet user are prey for cyber criminals who release malicious malware and links. Personal information found on different media streams also makes it easy for cyber criminals to target their prey. Cyber security is a term sitting in the centre of many minds as malicious attacks damage continuously corporations and companies. Cyber attacks not only destroy the corporate bottom lines.

Cyber threats negatively impact all businesses that use modern technology (Hinde, 2001). Cyber-attacks come through phishing, malware, spear-phishing, brute force, credential stuffing, ransomware, and so on. Some of these threats include social engineering, third-party software, vulnerabilities due to cloud computing, and challenges in handling corporate security. Some organizations struggle still to treat cyber security like business ending, bottom line financial threat.

The first chapter of this paper is the introduction, which includes the background, problem statement, significance of the selected topic, conceptual framework, research questions, and the purpose of this study. The second chapter offers the literature review of the topic. The third chapter explains the methodology, and the final chapter provides the research paper’s summary and conclusion.


Background.

We live in a digital era that has seen change in the way certain things are done. Changes have come about in the way we watch movies, apartment renting, buying clothes, booking flights, learning, research, communication, and e-commerce. Most of the things needed are just but a click away, brought about by the internet and electronic media.

Due to the growth of the use of the technology, innumerable incidents of security breaches, fraud, malicious attacks have become rampant. For the safety of all internet users, there is need for cybersecurity. Cybersecurity is deemed to protect one from criminals, fraudsters, hackers, and anybody with the intent of harm either financially, mentally, or theft of data online. If one is not cautious enough, fraudsters hack and obtain personal information or data of organizations for personal gain.

.Problem Statement

Every business organization aims to successfully conduct its business by achieving all its business goals and objectives without facing any disturbances. This is mainly because many organizations are not aware of analysing the cyber-attacks or threats effectively and successfully. So, to get awareness, every business organization must have the potential knowledge about the cause of the various cyber-attacks and threats. /Are you saying that organizations require knowledge of attack-deterring technology.


Significance of the study

Our dependency on the internet has become immense. It is wrong to assume one’s safety in the sense that only big organizations are more susceptible to hackers. A normal consumer connected to the internet if not vigilant enough is at the risk of getting trapped easily. Cyber infiltrators have developed many ways of hacking into systems. In this day and era, cyber security helps maintain order, and keep the internet safe for users. The current digital era has influenced change in the ways we buy things, bills get paid, watch movies, how people pay mortgages and rent houses just to mention but a few. Incidents of security breaches are widely reported as well as fraud, malicious cyber-attacks, fraud, hacking, cyber-bullying making it necessary for the need of cyber security.

People globally are connected through a connection of devices resulting from the fast development of technology. With the emergence of the dark web, cybercrime activities have been on the rise. Criminals compromise computers and obtain personal data and information illegally as most people are universally reliant on information and communication technology. Cyber security minimizes your exposure to threats and helps one stand a chance against these threats.


Theoretical Foundations

Cybersecurity means protecting and securing programs, networks, data, and other confidential information from unattended or unauthorized access, change, or destruction. China and the U.S, India have more internet users in the current world. The rise of modern technologies mainly ranges from Big Data and IoT to machine learning and artificial intelligence. Based on that, technology has transformed how all organizations evolve, compete, and operate. combine these two sentences to make a point of some Strategically deployed, competitive technology help businesses enjoy better control of their cyber safety and profitability

The changing nature of every digital environment keeps hackers increasingly aggressive with more dangerous tools and larger attack surfaces. Many vulnerable endpoints of artificial intelligence can operate employee credentials from the networks related to the Internet of Things. Additionally, the evolution of every workplace technology improves the refinement of cyberattacks. The increase of companies will be proportional to the increase of data breaches stakes. Economic cybercrime can destabilize the economy of the country, transaction systems, and banking security through credit or debit and financial theft. All these cyber-attacks are almost connected to devices, and they can be an accessible medium for spreading viruses. One of the common attacks is a denial of service. It is a problem that attempts to make a network resource or machine unavailable to various intended users. It can easily suspect different services connected to the network that may be permanent or temporary. So, hindering the other operations of a service or website through data destruction and alterations will be helpful to avoid attacks. The current situations of harming someone’s reputation, inferring a fake identity, and threatening email can lead to mental challenges for those people. Moreover, misusing social media advantages can also create tolerances to provoke riots.

As business companies become more reliant on the digital world, their exposure to cyber-attacks or threats also increases. It certainly does not imply that all organizations go for critical investments. If they did, then their potential surface should be aware of dangers and issues. The specific environment of the IoT networks can boost reliance on the particular cloud, and its problems are internally linked to how companies operate on present business. For instance, IoT networks mainly functioned by way of hundred connected network devices distributed across the office building, supply chain, and most importantly, workspace. These devices can be connected to the WAN, and cyber attackers can easily manage them to compromise an individual’s assets to breach the rest of the organization’s network.

Relating to that, investing more could increase the company’s risks in processing and storing proprietary offsite data. Generally, the expansion of this cloud computing can also enable many benefits that include cost savings and greater organizational flexibility. It relies on different clouds such as hybrid, private, or public that primarily require the detailed protocol for cybersecurity. Some providers come under the third party because they may or may not be responsible for cloud security. So, cloud computing and IoT networks are not alone in relating to many companies because they are the only new range for the issues in cybersecurity. Artificial Intelligence, Machine learning, DevOps, Blockchain, and other emerging technologies will take a better interest in the digital environment security. However, these technologies should reap many advantages of modern technologies in mitigating cybersecurity issues.

The development of modern capabilities and platforms leads to many competitive organizations’ critical vulnerabilities. Managed service providers must analyse what tactics cybercriminals will use to benefit the unprotected and unprepared organizations. Ransomware, DDoS attacks, and Botnets are some types of digital weapons that cyber attackers will use to compromise confidential information and breach networks. Even though many strategies exist, the latest wave in the innovative workplace is increasing the specific environment of cloud computing, and IoT networks make these attacks more accessible and more devastating.

Preventing a system and the breach of its network requires adequate protection against various cyber threats and cyberattacks. The proper countermeasures should be used or deployed to deter it from influencing a weakness or vulnerability for every incident. The first-line defenders in an organization should focus on implementing and assessing adequate security controls. Then some of the best ways to prevent cyber threats or issues will include anti-malware software, installing spam filters, implementing security awareness training, expanding cybersecurity policies, installing endpoint response & detection, and deploying better generation firewalls. For better measures, businesses should also utilize various cybersecurity measures to maintain their cash flow, business data, and customer data safely online.

Due to all these high internet penetrations and cyber threats or issues, cybersecurity technology is becoming the world’s most significant necessity because the threats and cybersecurity issues are too dangerous to the country’s security and successful business organizations. For this security, the companies, governments, and citizens must spread awareness in society to update better network security to the system settings to properly utilize the antivirus software so that every network and system security settings will stay malware and virus free.


Researcher’s Positionality

The internet in many ways has vastly helped in the way people go about their daily livelihoods and communicate. Nations, individuals, companies, and organizations are intertwined as different avenues for businesses are introduced, and governing through various platforms by the government is made easier. Despite the positives and the endless list of services and opportunities available, many risks emerge most of which are not known to the consumer.

Companies suffer losses of millions as most of the company’s data is stored online which in itself is a vulnerability to cyber hacks and thieves. Cyber security cost is high when dealing with cyber thieves, costs which sometimes trickle down to compensation to consumers or losing money to cyber-crime. The safety of many businesses is not guaranteed more so companies in the sectors concerned with technology, financial services, energy, and manufacturing. Firms incur extra costs in trying to manage cybercrimes ranging from cyber security technology expertise, public relations support, ransomware, and insurance premiums. Further, companies are hit with indirect costs from cyberattacks such as the interruptions in the normal operations which decreases output and results in revenue loss which may in some instances lead to damage to a company’s reputation.

Anybody and any business are a potential target of a cyber-attack. Criminals identify with key assets of interest to them from which they can exploit. Exploits range from financial information, personal information of staff and customers, or the infrastructure of the business. Once one understands why cyberattacks happen, one understands better the risk one faces and how best to go about it. Mostly, cyber-attacks are propagated by financial gain but others are influenced by other reasons. Cyber attackers may either be from the inside or the outside of an organization. Insiders mostly have remote access to the organization and its assets a good example being that of employees either trusted, careless, disgruntled, or malicious insiders.

Cyber security is important as having a robust security solution is deemed essential. The risks cannot be simply ignored as there are too many threats out there that could cost one his livelihood making prevention key. Training of staff is essential as employees are aware of the most common ways cybercriminals use to access information. Updating software and systems help minimize weaknesses to one’s network. Patch management systems are a wise investment where the software is managed and kept up to date. For remotely bridged devices, endpoint protection is recommended for the protection of networks. Phones, tablets, and laptops which are connected to the corporate network often give access paths to security with the protection of specific endpoint protection software. Firewalls are also one of the most effective ways of defense from cyber-attacks. Brute force attacks are protected by the firewall before they cause any irreversible damage


Purpose of the Study

In the last decade, the significance and attention towards cybersecurity have increased due to various cyber threats and attacks. The primary purpose of this study is to conduct a significant and practical analysis of cybersecurity issues, attacks, and threats. Thus, the most valuable information is provided by selecting the practical conceptual framework to make the research successful by fulfilling all the research objectives and goals. Every business organization aims to expand its business successfully worldwide by increasing its business reputation and brand value. However, this cannot be achieved when there is any cause of the cyber threats and attacks within the organization, leading to a decrease in their business reputation within the global market, and it will not be easy to expand their business successfully. To avoid this, organizations need to have the potential knowledge about the various cyber-attacks, threats, and issues that result in their business failure. Therefore, this proposal seeks to discuss key aspects to obtain practical analysis related to the various cyber-attacks and threats. First, the significance of cybersecurity is provided, then the different types of cyber-attacks and threats, effects, significant reasons for these cyber-attacks and threats; finally, the measures that the business organizations can adopt to reduce the occurrence of these cube attacks and threats to the maximum extent.


Research Questions

● What role does cybersecurity play in today’s world?

● What are the effects that business organizations face due to cyber-attacks and threats?

● What are the primary reasons that cause these attacks and threats within the organizations?

● What measures can business organizations adopt to reduce these cyber-attacks and threats?


Definition of the Terms

The key terms in this field are cybersecurity, threats, data, attacks, firewall, authentication, encryption, hacker, etc. Apart from these consistent and most common factors, there are still many major ones for the current study.


A. Cyber Security

Cybersecurity is defined as protection, which ensures security for computer systems from cyber-attacks. It is considered a required field in managing security aspects in the business. Therefore, most companies tend to use cybersecurity principles in business activities for development methodologies.


B. Threats

Threats are referred to as the faults or damaged actions attacked in the business companies. It can either be internal or external ones where internal ones would occur because of its employees.


C. Business Data

Data in business companies in the powerful instinct that regulates work concerns. It is the most critical asset in making business activities get executed successfully.


D. Attacks

Attacks in the business are known as the preceding view of threats where both seem to be the general cause of damage exemption in the workplace.


E. Firewall

A firewall is system software that works with the idea of protection. A firewall is an intermediary system between the internet and the user’s computer. It works as a protective interface that helps the business world to address security concerns and provide security.


F. Authentication

Authentication is a security factor that every organization prefers to ensure customer segmentation for business security. This would check in all the perceptions and work for the business benefits.


G. Data Encryption

It is the process through which data changes its form from one point to another through which the visibility of the data and the integrity can be ensured positively.


H. Hacker

Hacker is a person who can be referred to in two ways, one is positive and the other negative. This means that the positive one would help work for the insights caused in the business systems. However, at the same time, the negative ones use knowledge to hack other systems and imply fraud actions.


I. Incident response plan

An incident response plan in the business is referred to as the pre-existing plan to be maintained by companies to work with technical and network security issues. This helps in working with unfortunate incidents and balances the business conditions.

These are the various terms used in regulating the business modules to be secured by implying the cybersecurity issues in being proactive in the organizational views.


Summary and Organization of the Remainder of the Study

This section of the current view summarizes the concept used and the mentioned insights as per the assignment. This includes various headers used in completing the assignment and their contribution towards the successful end of the procedures.


Chapter 1 makes a compelling case is made of the problem under investigation, th purpose of this study, and research questions to be investigated. Where applicable, theoretical or conceptual framework upon which the dissertation is based should also be introduced. The significance, the purpose of the view taken, the study presented for the topic, the definition of each term used in the contextual understanding of the dissertation are also looked at.



Chapter 2 deals with review of literature where summaries of what is known, and what is unknown is identified about the topic of the dissertation study. The chapter serves as the foundation which the study is built. Major findings and relevant methodological issues are included. Relevant examples of research that reports findings that do no support the case being made for the dissertation should also be included. Literature review



Chapter 3 reviews the methodology used. The design of the research is described in detail in this chapter paving a clear understanding for the readers of how the study is conducted, and helps future researchers are made aware of what procedures to follow should they want to replicate this study.



CHAPTER 2 LITERATURE REVIEW



Introduction

The first computer worm came about in the year 1988. A student at Cornell University created a string of code that spread from one computer to the next leading to consumption of memory and later shut down. Approximation by the security officers was that the worm knocked down 10 percent of the internet despite no harm being intended by the offender causing thousands of dollars in damages. Programmers from Berkley and Prude eventually came up with solutions to stop the worm. The perpetrator was convicted under the Computer Fraud and Abuse Act later on sentenced to three years in prison with a probation of 400 hours of community service and a US$10000 fine. The cyber threat landscape has considerably changed since then.

Jaccard & Nepal (2014) argue that cyber-attacks have resulted from the vast growth of the interconnections of the internet. Malicious intents carried out by malware are the primary means by which attacks are instigated through cyberspace, either by the exploitation of the vulnerabilities that emerge propelled by the different characteristics of the different technologies. It’s an urgent requirement for the development of more effective and more so innovative mechanisms for the defense mechanisms deemed urgent in the cybersecurity community. With the increase in dependency on technology, cyber attacks have grown in numbers. The economy and critical infrastructures such as hospitals financial institutions all depend on the internet and computer networks. Companies suffer the most with the time lost by companies in recovering from these attacks when counted estimates the total cost of cyber attacks to reach a staggering $385 billion.

Cyber attacks are rampant as they are convenient, cheaper, and contain less risk than physical attacks. Only a few expenses beyond a reliable internet and a computer are required. Cyber attacks are not restricted to distance or geography and can’t be easily identified or prosecuted as a result of their anonymous nature. The number of attacks is estimated to grow as information attack is lucrative and very attractive. According to many cybersecurity experts, malware is the key choice o weaponry used to execute malicious intends aimed at the breach of cybersecurity. Malware is loaded into the system without the knowledge of the owner because of compromising the system to an adversary’s benefit. Some prime examples of malware include; Trojan horses, spyware, and bot executables. Malware keeps evolving taking new forms as the emerging technologies mask themselves and avoid detection (Jaccard & Nepal, 2014).

Interchangeably the word cyber security can also be used to mean information security. These two terms concepts can be compared to each other despite there being a substantial overlap. Cyber security in its meaning not only relates to the protection of information but further of other assets such as individuals themselves (Jaccard & Nepal, 2014).). All the technologies and practices deemed to keep the computer systems safe and data in an era where online usage has become a social norm. the Cyber Security and Infrastructure Security Agency (CISA) hold that cyber security ensures confidentiality, integrity, and information availability (Patterson, 2021).

Getting hacked goes beyond the threat of personal information or a company’s data as it ruins the relationship with clients creating legal jeopardy. Nowadays technological advancement has seen everything rely on technology ranging from self-driving cars to homes enabled with internet control systems and security systems. The demand for cyber security practitioners is high as almost all businesses today have an online presence as the need for protection of data and information is paramount. Organizations with valuable customer data, individuals’ personal information, and governments need to protect state secrets adopt a measure for cyber security to prevent the compromise of their databases. In 2017, 147.9 million people’s information through breach of credit was compromised (Patterson, 2021).

Malicious software known s malware is intrusive software developed by criminals or by the dark web to damage and destroy computers and computer systems according to CISCO. This malware exfiltrates large amounts of data examples being viruses, worms, trojan viruses, spyware, adware, and ransomware (Ursillo & Arnold, 2019). Phishing attacks communicate fraudulently masking themselves as reputable sources through emails or mobile phones. The aim is to obtain information such as financial information or the log-ins to different individual amenities such as bank logins (Patterson, 2021). Ransomware renders files and systems unusable through encryption followed by ransom in exchange for decryption.

Tunggal (2021) holds that cybercrime is profitable with the demand for information being on the high. With the advancement of technology and software development information theft is on a tremendous rise. Identity information mostly found on cloud services makes it easy for hackers. Energy grids and controls to industries are destroyed causing disruptions. Cyber-attacks also are aimed to control the integrity of organizations by either destroying or changing the data the easiest form of cyber-attacks is social engineering which is the easiest mode of entry. There is practice of poor cyber security practices as ransomware, spyware, and phishing are among the easiest way of gaining entry.

Cyber threats may emerge from within an organization at any level. One might argue that training is not recommendable and is not wise to employees within an organization. All businesses are small industries, highly regulated industries with the perfect example of the health industries, or large organizations that are heavily affected by data breaches as there is heavy reliance on computer systems daily. This paired with poor cloud service security creates a vulnerability that was non-existent a few years ago (Tunggal, 2021).

Cybercrimes are getting government recognition globally with the GDPR as a good example. All organizations operating in the EU as a means of increasing reputational damage are forced to; “amply convey and communicate data breaches, anonymize data for privacy, appoint a data protection officer, and require consent to process information” (Tunggal, 2021). Public disclosure is not only limited to Europe. In all the 50 states in the U.S there are data breach laws with the commonalities being;” the requirement to notify the affected soonest possible, let the government know as soon as possible, and pay some sort of fine” (Tunggal, 2021).

(Tunggal, 2021) s of the view that cybercriminals are finding nowadays more sophisticated methods of obtaining information, as they have changed their targets, their effect on organizations, and the mode of attack they use for the different systems of security in place. The Ninth Annual Cost of Cybercrime Study from Accenture and the Ponemon Institute states that there has been an increase in the average cost of cybercrime in an organization by $1.4 million to $13.0 million within the last year and breaches in data rising by 11 percent to 145 averagely. This creates the need for the management of information risk.

Tunggal (2021) holds that information obtained from data breaches includes; financial information such as credit card numbers, details of bank accounts, protected health information (PHI), personal identifiable information, (PII), trade secrets, intellectual property, and other industrial espionage. The vast distribution of the nature of the internet, the difficulty in policing as cybercriminals attack outside targets of their jurisdiction, the profitable nature of the dark web, and the mobile gadgets proliferation and the Internet of Things are some factors fuelling the growth in cybercrime.

Damages to businesses damage businesses in a range of ways which include economic costs, reputational costs, and regulatory costs. Economic costs include intellectual property theft, theft of corporate information, trading disruptions, and damaged systems repairs. The reputation cost is where consumers lose trust in the organization which leads to loos of customers present and in the future, and poor media coverage. Regulatory costs are costs where organizations may be subjected to regulatory fines or sanctions resulting from cybercrimes. Staff must have the know-how of all the possible threats and the measures to take when they are faced with threats. Training the employees helps minimize the risk of data leaks or the risk of breach. It is difficult however to detect and understand the direct and indirect costs of the security breaches. It does not necessarily mean that the reputational damage or a small breach in data is not large (Tunggal, 2021).

The governance of cybersecurity and the management program risk because of the organization’s size should be established. The cyber security risk is a risk that needs to be considered as a significant business risk in line with the other risk assessments in place an example being operational, compliance, financial, and reputational risk. Some frameworks are voluntary and are used to consider the assessment risk best-related practices. The National Institute of Standards and Technology NIST Cybersecurity Framework includes five functions which are continuous and concurrent;

Identify; come up with an understanding in the organization to handle cybersecurity risk to the systems, assets, people capabilities, and data.

Protect: Make safeguards appropriate for the insurance delivery of the critical services

Detect: Put in place activities for the identification of an event of cybersecurity.

Respond: set up activities for action taking regarding the detection of incidents of cybersecurity

Recover: Manage appropriate activities for the maintenance of resilience plans …

error: Content is protected !!