CYBER SECURITY

Security plan

JANUARY 28, 2020

CIBER CAFE
ECC, CPC, Library
Table of Contents

Executive summary ................................................................................................................................. 2

What is Cybersecurity ............................................................................................................................. 2
Security at organisational level ................................................................................................................ 2
Protection of assets .................................................................................................................................. 3
Need of security plan ............................................................................................................................... 3
Case Study .............................................................................................................................................. 3
Risk analysis ....................................................................................................................................... 3
Risk of human holdings ....................................................................................................................... 4
Risk of electronic holdings .................................................................................................................. 4
Organisational threats .............................................................................................................................. 5
Physical threats.................................................................................................................................... 5
Human threats ..................................................................................................................................... 5
Electrical threats .................................................................................................................................. 5
The Security Plan .................................................................................................................................... 5
Measures for Physical counter ............................................................................................................. 5
Measures for Human counter ............................................................................................................... 5
Measures for Electronic counter........................................................................................................... 6
Education and awareness program ........................................................................................................... 6
Conclusion .............................................................................................................................................. 6
References............................................................................................................................................... 7

1|P ag e
Executive summary
The security importance for any organisation is included in this report. How security can
be breech and what are different ways to improve the security measures in an organisation is also
included in this document. Different types of threats is discussed like potential threats.
To prevents these threats different counter measures process are defined to support the organisation
and its staff. Here in this document we have discussed that how can we improve our security
polices to avoid these threats and some new polices are also introduced in this.

What is Cybersecurity
To avoid the digital attacks and protect the systems, networks and programs the practice
used is known as Cybersecurity. Theses attacks can have different purposes. Some cyberattacks
are for accessing someone’s data. Sometimes these attacks are used to change the information
stored. And some use these attacks to destroy the data and information completely.
Cyberattacks are also used for money extorting as well as for making interruptions in
businesses. In new era to implement cybersecurity completely with full proficiency is not an easy
task because of excessive no of devices available more than people. Different new attacks and
attackers are being introduced day by day.
Different layers are used to protect the systems from the cyberattacks. Protection at
computers, networks, data and programs can be applied to avoid the cyberattacks and secure the
information stored. For the protection from cyberattacks the proper and combined approach is
needed by the people, processes and technologies.
Cisco security products provide the option of automatic integrations to improve the security
operations and functions. This support for the detection, investigation as well as for remediation.
People get helped through the cyberthreat analysts as 250 risk scientists at Talos. They are
developing and introducing new dangers and systems for digital assault. They discovered new
flaws and direct how to improve these new uncovered vulnerabilities. They also made the people
aware about the cybersecurity and its significance. This helped to improve and secure the internet
for everybody.

Security at organisational level

When it comes to an organisation then the security of information is not only dependent on
the technology. The factor that also needs to be focused in an organisation for the security of
information is the users’ behavior. Here it is necessary for an organisation to encourage the
employees to obey the policies of information which are relating to the collection, preservation,
dissemination and management of the information that will direct toward the improvement in the
information security.
The culture is a major factor that affects the organisation security at a high level. Different
cases are observed and evaluated for this purpose. A relationship map is always needed between
the culture and information security. After the end of advanced progressively innovations, skilled

2|P ag e
experts are being observed inside an organisation for the regular criminals. This proved to be the
successful attacks verification in an organisation.
As the digital security are being expanded at significant level, different experts are
interested. Having the aced abilities individuals are needed for the associations to secure and
protect the network and data in the computer to avoid the attacks and lessen the threats. The
security at organisation level have different meanings like integrity, protection of customers’ data
and assets. When we talk about an organisation then it automatically includes the customer and
their data integrity which is always the most important for the organisation.
For an organisation the basic and most important factor is the customers’ trust. The
organisation have to assure the security of the customers’ data and the accessibility to only
authorized person. The availability and security of data should be assured by the organisation all
the time. A proper maintenance of data regarding the confidentiality, availability, integrity and
privacy.

Protection of assets
For an organisation assets are always important and treasured and without these assets
organisation cannot survive in the market anymore. Different types of assets can be considered in
different organisations like data, computer, labs, buildings, documents, electric machines and data.

Need of security plan

For the integrity of an organisation there are many threats to affect it. To avoid these threats
to harm an organisation assets as well as resources the protection is always needed at high scale.
These possible threats can damage the resources and assets of an organisation.
A proper planned and organized security plan can help an organisation to keep the integrity of
customers and data, confidentiality of documents, availabilities of services and privacy protection
all the time for the threats that can attack. But if an organisation want to survive without any
security plan then it is impossible for it because the first thing in today’s era is the security check.

Case Study
Risk analysis
The threats that can be harmful to an organisation can be find out with the help of risk
analysis. After the identification of the harmful threats, the flaws and weaknesses of the
organisation are found to be resolved and to improve the security plan as well. Nowadays mostly
the organisations are running on automatic systems and organisations are completely depending
on the technology and computers.
It will lead to a great loss of finance as well as data breeching if any disturbance is being made
in the automatic systems though any cyberattack. Considering this possibility of a big loss just
because of a little interruption all an organisation is need to have an administration that only thinks
and works about the security plans as well as improve the flaws present in the network of the
system and to stay always ready for facing and solving the upcoming problems in future.

3|P ag e
 The employees in administration should be that much expert to resolve the occurring
problems and attacks with no time and stop the interruptions. Their efficiency in doing the tasks
quickly is preferred and fruitful for an organisation and hardworking employees are always
welcome to any organisation because these are the main assets that protect the other assets of an
organisation.
Assets holds the main importance in any organisation because these are the factors on which
an organisation works and there are different assets according to the organisation. The common
and most important holdings are physical assets, human resources, electronic holdings and the
digital assets.
• Physical assets
o Land
o Property
o Furniture
o Physical equipment
All physical objects are included in physical assets category and if any of the object get harmed
that mean it is a risk for the organisation. Harm for the physical assets can be from internal or
external fire, floods, natural disasters like earthquake and any activity that can destroy the physical
objects present in the organisation.
Risk can be for all other assets of an organisation like computers, laptops, furniture,
technical equipment and printers, etc. It is observed that most of the time management ignores the
physical assets and don’t concern it. If any of the company employees steels the object from the
organisation then it is also a human risk and should not be ignored by the management. Asset is
asset for a company although if it is a smallest component.
Risk of human holdings
Every single employee is a resource for an organisation although if it is a manager, worker,
guard, office boy, contractor or any CEO. They all have specific value in the organisation and the
are important resources for the company. All employees are holding of the organisation while they
work for the company and security issues can harm them too.
Risk of electronic holdings
All the electronic machines and equipment are involved in electronic holdings. For an
organisation the data, information and all electronic equipment are in its property and nowadays
mostly every organisation stores data in the form of digital data and electronic form.
When data is stored in digital and electronic form then it need different parameters to make
the information secure because as it is available online, so the authorization, integrity and security
need to be assured all the time. The online data can be hacked, or the data can be stollen physically
or someone can inject virus in the system to make the data loss that can be fatal loss for any
organisation.

4|P ag e
Organisational threats
Physical threats
Physical threats involve all-natural disasters and accidents. It can include floods, fire,
earthquake, environmental changes, power loss and explosions. Any threat that can harm the
organisation and its assets physically will be considered as physical threat.

Human threats
It includes the threats that can occur due to the human help and actions. For example,
terrorism, steeling the data from an organisation, doing robbery in an organisation, doing fraud
with organisation and cyberattacks. Some other human threats can b the criminals of computer like
hackers, thief, unsatisfied employees and other technical threats.
Electrical threats
Power loss can be the main electrical threat in an organisation because it can damage the
computers where all the information is stored. Unavailability of electricity is also a threat for all
the online working organisations. Other electrical machines and equipment can be damaged
because of instant power loss. Computers can get easily damage and all other objects relying on
electricity like AC, heater, ventilator can have electrical threat.

The Security Plan

For the better effectiveness of the security plan the consideration of many factors is needed
while making it. To counter the risk and minimize the threats the security plan should consider all
factors effecting the security of an organisation. After the identification of threat if it is a human,
physical or electronic threat it should be encountered properly according to the best available
option and expertise of staff. Staff should be aware of the plan to know the effectiveness of the
security plan.
Measures for Physical counter
The main safety features which are also most important are the measures taken for the
physical counter. During the hiring of new internees and employees the consideration of physical
assets is compulsory. The check and balance along with proper monitoring is needed for physical
assets.
Being a part of the organisation it is responsibility of every employee to take care of the
assets related to them in the organisation. If any of the employee in the organisation have doubt
about any threat or problem then he should immediately inform the manager, so he could take
action to resolve the problem before it start to damage the organisation at big level of security.
Backup, hot and cold sites, electronic cards, disposing papers, tapes, hard drives and all
other measurements should be considered and implemented to assure the security of data and
information.
Measures for Human counter
Proper training session and workshops should be arranged to train the employees to resolve
the threats on monthly bases. To stop the increasing threats and lessen the vulnerabilities the

5|P ag e
implementation of a protocol should be assured. How to minimize the damage from any natural
disaster should be taught to the employees during the training sessions. They should also be trained
and aware of how to work and deal with the psychological and physical emergencies.
Measures for Electronic counter
Mostly the data is stollen electronically as mostly the data of all the organisations are stored
in computer or online. Hijacking and hacking computers to steal data or spreading viruses in
computers should be considered. The cyberattacks needs to be counter to secure the information.
While removing the data it should made assure that data is removed properly by deleting and
rewriting the data many times to clear the digital data. Because data recovery is possible if data is
not deleted properly.
Degaussers should be used for the removal of data and destruction of a hard drive because
data cannot be recovered if erased using Degaussers. For avoiding any data or network breeching
proper combination of steps should be taken. A complete setup of firewalls, antiviruses and
monitoring process should be used and installed to avoid cyberattacks.

Education and awareness program

Proper education systems and awareness programs should be held. Where the employees
are trained and educated about the security threats and should be taught the ways to resolve and
minimize these threats. These programs should also include the different types of securities and
threats for the safety of the staff and management.

Conclusion
The objective of a security plan should not be limited to the safety of an organisation, but
it should also include the safety of management, workers, holdings, environment and staff. The
training should base on the protection of data, invasion of data, privacy of data, social, health and
safety measures and the most important one is the exit plan in the case of emergency.
In the IT security policy, the identity along with the authenticity is created for the data
protection that is also secured through passwords and other physical policies. For the better
performance a proper and dedicated department related to security should be developed in every
organisation to implement the security plans and polices. All these policies should be monitored
and updated on need based.

6|P ag e
References

• Services, P. (2020). What Is Cybersecurity?. Retrieved 29 January 2020, from

https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html

• Hoffmann, R., Kiedrowicz, M., & Stanik, J. (2016). Risk management system as the
basic paradigm of the information security management system in an
organization. MATEC Web Of Conferences, 76, 04010. doi:
10.1051/matecconf/20167604010
• Tang, M., Li, M. & Zhang, T. The impacts of organizational culture on information
security culture: a case study. Inf Technol Manag 17, 179–186 (2016).
https://doi.org/10.1007/s10799-015-0252-2

7|P ag e