Paper Example on CyberLeet Technologies' Business Culture

Introduction

CyberLeet Technologies provides cybersecurity services to small-scale businesses. Our services entail protection of internet and computer-based systems and information. Unauthorized access to network systems leads to misuse, loss, or destruction of data (Singer & Friedman, 2014). The demand for information security in the business environment continues to grow. Cybersecurity helps businesses safeguard proprietary and confidential information. Cyber-attacks compromise a company's IT services, devices, and databases leading to loss of money and valuable company time.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Role of New Hire

The overall duty of the new information security hire is to design and implement security systems. The primary functions of the job include monitoring computer systems and investigating cyber threats and breaches (Whitman & Mattord, 2013). The analyst shall also carry out tests to check for system vulnerabilities. He shall assist in the formulation of company security policies.

Purpose of the Manual

The purpose of this manual is to provide a clear outline of CyberLeet Technologies' business culture. The principles and practices contained serve as a guideline to how the firm conducts business and the role of the staff. Failure to abide by the policies can compromise clients' systems. It also tarnishes the firm's reputation which can lead to client loss. The ultimate goal of the analyst is to detect and prevent system vulnerabilities.

Core Tenets

Confidentiality refers to the safeguarding of information against access by unauthorized users. The term entails rules and practices that limit access to information systems. Failure in upholding privacy leads to data breaches that cause significant financial and data loss (Tchernykh, Schwiegelsohn, Talbi, & Babenko, 2016). For instance, confidentiality in an accounting firm protects data such as account numbers, passwords, and balances.

Integrity refers to ensuring the validity of data in computer systems. Integrity focuses on the authenticity of data by preventing unauthorized alterations. The integrity of information is essential to building a company's reputation and public confidence (Tchernykh et al., 2016). For instance, when hackers change the prices of goods in computer systems, clients pay more. Measures such as user access controls help maintain integrity.

Availability refers to ease of access to information by authorized users when required. Access facilitates daily business operations and efficient service delivery. Timely access is achievable through proper system maintenance (Tchernykh et al., 2016). For instance, for online banking businesses, constant software upgrades are necessary. Failure to upgrade can lead to website and server crashes that delay access.

Cryptography

Violated Security Policies

Investigations into the Anthem breach reveal that the hack happened over many weeks. The findings imply that the firm never conducted frequent tests to determine weaknesses in the system (Edwards, Hofmeyr, & Forrest, 2016). The company was also in violation of the principle of preparedness. Due to leniency in regulatory requirements, the company had taken only reasonable measures.

Preventive Measures

Cryptography entails the use of code to secure data and limit access to authorized users only. Anthem Inc. should have used several authentication protocols to regulate access to data. Complex encryption algorithms are essential in developing secure data configurations and limiting the number of interconnected network systems (Whitman & Mattord, 2013). Secure encryptions would limit hackers' access should one component be compromised.

Recommendation

Social engineering awareness is a practical initiative that can help reduce the possibility of intrusion. Anthem Inc. suffered a significant loss due to a simple phishing email. Hackers continue to exploit human beings as the weakest link in cybersecurity (Shively, 2006). Awareness equips the staff with knowledge on how to avoid malicious hacks, especially when using remote access devices. Thus, training of employees is crucial in fostering security of information systems.

References

Edwards, B., Hofmeyr, S., & Forrest, S. (2016). Hype and heavy tails: A closer look at data breaches. Journal of Cybersecurity, 2(1), 3-14.

Shively, B. (2006). Risk Assessment: Social Engineering vs. Traditional Digital Warfare. Risk.

Singer, P. W., & Friedman, A. (2014). Cybersecurity: What everyone needs to know. Oxford University Press.

Tchernykh, A., Schwiegelsohn, U., Talbi, E. G., & Babenko, M. (2016). Towards understanding uncertainty in cloud computing with risks of confidentiality, integrity, and availability. Journal of Computational Science.

Whitman, M., & Mattord, H. (2013). Management of information security. Nelson Education.