According to the 2012 Global Risk Report, cyber-attacks are listed in the world’s top five risks that countries, industries, and data will experience in the next decade. The contemporary society’s data dependency, increased use of electronic devices, connectivity growth, and resultant Internet of Things are alarming progressions. Today, malicious cyber-attacks can be conducted on any software-dependent device. Further, external attacks can be executed on any network-connected hardware or software. Moreover, even small and medium enterprises that were previously ignored have become targets of information technology security compromise. However, challenges of information insecurity still adversely impact organizations, with the ability to achieve a complete protection from extrinsic IT threats still existing. Therefore, corporations have developed an extensive variety of information technology security management measures, using highly technologized resources to protect valuable organizational assets. The completion of the selected capstone project will help corporations determine their vulnerable assets, information technology security threats they may face, and solutions that should be used to strengthen their IT assets.
Corporations may embrace various information technology security risk management approaches to secure their network-connected assets and data. For instance, companies may identify risk mitigation mandates, such as determination of critical assets, vulnerabilities, threats, and pre-existent safeguards ( Fenz, Heurix, Neubauer, & Pechstein, 2014). The organization may then analyze potential threatening scenarios, measures associated risks, conduct acceptance tests, select appropriate safeguard approaches, and implement the identified risk protection strategies. Alternatively, organizations may recognize security problems, conduct risk analyses embodied in risk prioritization and threat identification, generate alternative risk mitigation solutions, and implement them Gutta, R. (2019) . However, organizations must always analyze potential severe losses that may result from exposure of valuable company assets to IT risks, and assess the standard deviations propelled by the IT security risk mentioned above ( Sá-Soares & Polónia, 2013 ) . Organizations could also identify the sources of IT threats, the anticipated outcomes from mentioned risks, vulnerable areas that external cyber-attackers could exploit, frequency and success rates of risk occurrences, resultant adverse impacts, and solutions for determined threats.
Delegate your assignment to our experts and they will do the rest.
However, organizations face various challenges when implementing the information technology security risk mitigation strategies mentioned above. Firstly, most organizations experience restraints when determining the exact assets likely to be targeted by malicious cyber-attackers ( Amarachi, Okolie, & Ajaegbu, 2013) . Many companies are unaware that any asset they own which is associated with information technology is likely to be exposed to IT threats. Firms tend to think that only hardware, such as computers, laptops, documents, and servers are vulnerable to IT risks, yet even intangible items, such as data bases, source codes, software, and electronic files may be compromised by IT malware ( Pereira & Santos, 2014) . Additionally, organizations may experience challenges assigning value to vulnerable network-connected assets, such as emails. Losses that cannot be quantified in monetary means from IT security breaches, such as tarnishing of brand images, loss of competitive ability, and damaged customer trust, challenge organizations when conducting information security risk management protocols ( Jang-Jaccard & Nepal, 2014) . Further, organizations today are challenged by the fact that they cannot accurately foresee the onset of IT threats from external cyber attackers on value assets, which results in loss of critical data, primarily from assets that are often deemed of little interest to IT malware. Moreover, organizations face challenges from overconfident managers, who fail to institute information technology security protection policies and technologies because they have excessive faith in their existing protective measures.
However, the opportunity to remedy the challenges mentioned above may presented through the organizational use of automation techniques to determine value tangible and intangible assets that may be targeted by cyber-attackers, such as production facilities and customer data. Firms may also utilize automation techniques to identify assets that act as IT threats countermeasures, such as systems that detect intrusions and malware scanners, which may be targeted by cyber-attackers ( ACS, 2016) . Additionally, organizations should assess and strengthen their physical countermeasures, such as security doors, locks, and guards. Further, companies must evaluate their technical IT protective measures, such as surveillance systems, firewalls ( Tawalbeh, Muheidat, Tawalbeh, & Quwaider, 2020) . Moreover, businesses should ensure their organizational policies that enhance IT threat protection are properly adhered to, such as policies concerning usage of mobile devices and data backups. Organizations should also identify relevant security breach patterns, develop mechanisms such as policies concerning network shares to remedy identified problems, and consistently evaluate the effectiveness of executed information technology security measures.
Further, companies should conduct an intensive knowledge sharing campaign, where IT professionals teach new and existing employees on potential sources of IT security breaches, how to identify a malware, and the necessary departments to conduct in the case that data has been compromised ( Conti, Dehghantanha, Franke, & Watson, 2018) . Organizational web-portals should also be secured, where content editing should only be conducted by authorized IT professionals to avoid compromise of critical data from external attackers ( Deruma, 2014) . Finally, organizations should evaluate the costs of countermeasures and those that result from loss of value assets exposed to IT threats, and ensure that the latter does not outweigh countermeasure costs. Companies must conduct an intensive cost-benefit analysis to ensure that the determined information technology security policies instituted will protect value assets from loss of data, which is a core essential for short and long-term organizational sustainability.
References
ACS. (2016). Cybersecurity: Threats Challenges Opportunities. www.acs.org.au con/tent/dam/acs/acs-publications
Amarachi, A. A., Okolie, S. O., & Ajaegbu, C. (2013). Information Security Management System: Emerging Issues and Prospect. http://iosrjournals.org/iosr-jce/papers/Vol12-issue3/N012396102.pdf
Conti, M., Dehghantanha, A., Franke, K., & Watson, S. (2018). Internet of Things Security and Forensics: Challenges and Opportunities. Elsevier , 1-7. https://arxiv.org/ftp/arxiv/papers/1807/1807.10438.pdf
Deruma, S. (2014). Problems and solutions of information security management in Latvia. https://core.ac.uk/download/pdf/25591407.pdf
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information security risk management. Information Management & Computer Security , 22 (5), 410-430. https://doi.org/10.1108/imcs-07-2013-0053
Gutta, R. (2019). Managing Security Objectives for Effective Organizational Performance Information Security Management [Unpublished doctoral dissertation]. Walden University . https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?article=8426&context=dissertations
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences , 80 (5), 973-993. https://doi.org/10.1016/j.jcss.2014.02.005
Pereira, T., & Santos, H. (2014). Challenges in Information Security Protection. Conference: 13th European Conference on Cyber Warfare and Security (ECCWS-2014)At: The University of Piraeus, Piraeus, Greece , 1-7. https://www.researchgate.net/publication/264116803_Challenges_in_Information_Security_Protection
Sá-Soares, F. D., & Polónia, F. (2013). Key issues in information systems security management. Thirty Fourth International Conference on Information Systems , 1-14. https://core.ac.uk/download/pdf/301361262.pdf
Tawalbeh, L., Muheidat, F., Tawalbeh, M., & Quwaider, M. (2020). IoT Privacy and Security: Challenges and Solutions. https://doi.org/10.3390/app10124102
