Cybersecurity Business Risk, Literature Review
-
Upload
enow-eyong -
Category
Documents
-
view
944 -
download
0
Transcript of Cybersecurity Business Risk, Literature Review
Running head: CYBERSECURITY BUSINESS RISK 1
Cybersecurity Business Risk
Enow Eyong
University of Phoenix
CYBERSECURITY BUSINESS RISK 2
Cybersecurity Business Risk Literary Review
The area of information systems application chosen for this paper is cybersecurity. The
focus in this paper will be the business risk of cybersecurity for social media corporations. While
examining the financial records of social media corporations like Facebook, Twitter, and
LinkedIn it became clear that the risk of cybersecurity threatens the success of these businesses
(Bressler, & Bressler, 2014). Cybersecurity threat could cause the business to loose customer
engagement due to the diminished customer experience posed by cybersecurity risks. Loosing
customer engagement has the potential of affecting revenue generating capacity for social media
companies. Social networking sites rely on interactions by individuals and communities on these
sites. They in turn sell marketing rights to corporations, which is a source of generating revenue
(Boyd, & Ellison, 2007). The paper will review the historical development, contemporary best
practices, and emerging trends and opportunities in the field.
Historical Development
The historical development of social network sites and their development as profitable
businesses cannot be complete without understanding the historical progression of information
systems as a social science field. The progress in information systems will serve as a guide for
reviewing the process leading to the establishment of social media sites as staples in the business
world. The historical development of cybersecurity risk affecting social media sites’ success will
also be reviewed. All the information combined provides significant literature needed to
understand how cyber security risk threatens the success of social media sites.
The history of information systems traces back to the beginning of telecommunications
industry. Information theory was initially placed within the frame of engineering (Watson, &
CYBERSECURITY BUSINESS RISK 3
Carlin, 2012). The role of significant figures in information theories studies like Garfinkel,
gradually guided focus on information systems to be viewed as a social science rather than
engineering (Watson, & Carlin, 2012). Information system was first considered in the
engineering sector, because of its role in telecommunications during the World War II by Britain
and the United States in different ways. Some of the ways information system was used
involved, strategy, information organization, storage, retrieval, encoding, decoding, information
organization, storage, retrieval, and much more. In reviewing the information the analytical
aspect of the information was noticed, leading to the development of information systems as
social science. From the onset information system contributed to cognitive theory studies.
Understanding and analyzing information became important for organizations.
Social network sites make use of information systems to provide targeted marketing for
businesses, and other organizations. The businesses and organizations pay fees to the social
network sites for the marketing services offered by the social network sites. The social network
sites then generate revenue from these fees charge to businesses and other organizations. The
social network sites are able to provide targeted marketing, because of the information systems
processes used to analyze information (Esmaeili, Nasiri, & Minaei-Bidgoli, 2012). Keeping users
engaged on the social networking sites generates information which is analyzed for marketing
purposes.
Cyber security is a risk factor to the success of social networking sites as a business.
Cyber security provides a risk, because unpleasant experiences by users will diminish user
interaction like in the case with MySpace (Boyd, 2007). The history of cyber security risks is
relatively new (Saydjari, 2004). Cyber defense aims to protect against cybersecurity risk. Cyber
is derived from cyberspace, which refers to both the networked infrastructure, and the
CYBERSECURITY BUSINESS RISK 4
information assets. The network infrastructure consists of, computers, routers, hubs, switches,
and firewalls. Information assets consist of, critical data on which an organization depends to
carry out its mission (Saydjari, 2004). Information systems management, network system
management, and data management systems are important components when developing
architecture for cyber security (Cohen, Lyche, & Riesenfeld, 2009). For social networking sites
to develop proper architecture to negate the effects of cyber security risks, they have to consider
all these components. So, the next section will focus on the contemporary best practices in the
industry.
Contemporary Best Practices
The reason for choosing this area of cybersecurity is to review the influence of cyber-
espionage and crimes, and how they affect the sustainability of social media companies. Social
media plays a role in all these, because of the wide use of social media with Facebook having
more than 757 million users as of 2013 (Facebook Annual Report, 2013). If Facebook was a
nation, it will be the third largest nation in the world today. As of 2014, half of the 770 million
professionals and students had access to LinkedIn (LinkedIn Annual Report, 2014). Twitter had
288 million monthly active users as of 2014 (Twitter Annual Report, 2014). Companies use
social media for marketing because of the user interaction on those websites. In turn, these social
media corporations generate revenue from advertisement. Social media corporations mostly
indicated that the advertisement revenue from businesses was a major source of revenue in the
financial reports.
The value of cyber information systems is the opportunity it creates for businesses to
market to customers and monitor customer satisfaction. The opportunity to use the information
CYBERSECURITY BUSINESS RISK 5
from social networking sites is threatened by problems in cybersecurity. The social media
corporations mention cybersecurity as a major risk in their financial reports, but there are no
details on the steps that are being taken to stop the risk. There is also the growing problem of
security risks of mobile social media (He, 2013). Users have to be made aware of these risk and
corporations have to make significant effort to change the exposure to cybersecurity risk for
users. Having significant discussions and completing detailed research on cybersecurity risks is a
step towards containing the problem (He, 2013).
Some of the actions a corporation can take to curtail cyber security risk or increase cyber
defense are provided in this paper. The information on cyber defense was gathered from literary
review of scholarly works by others in different fields from military, to information systems,
applied science, and social science. Businesses and other organizations like governments
organizations and not for profit organizations, have to take steps within the legal boundaries to
protect their cyber activities (Schmitt, 2015). This is because cyber-attacks have developed to
involve warfare tack ticks across nations. Cyber defense is no longer only a domestic issue, but
cyber defense involves international implications. Some suggested guidelines will be to ask
basic questions regarding the laws that apply to the operation, authority to engage the intended
target, lawfulness of the weapon, avoidance of collateral damages, and the likely success of the
defense plan. Taking the necessary steps to prevent the negative impact from cyber defense is
important because, the wrong action could affect the business. When developing a company’s
cybersecurity system certain guidelines have to be maintained so the process does not break any
established laws, both local and international (Alexander, 2013). The process of establishing
cyber security could be complicated, so proceeding in the process should be done with caution.
CYBERSECURITY BUSINESS RISK 6
Some of defensive systems social networking sites can use for protecting against cyber-
attacks can be borrowed from the military. Information operations can be used to support the
business leaders in determining the situation, assessing threats and risks, making timely and
correct decisions, in relation to cyber security (Trias, & Bell, 2010). Having a reliable
architecture for the information systems is important, to improve the company’s ability to
generate accurate and timely information. An adequate amount of resources have to be deployed
to develop the effective architecture, systems designs (Eisgruber, 1973). The role of managerial
information and decision systems continue to expand, so developing an adequate system permits
the company to stay on target to achieve success. Ignoring the managerial information and
decision systems, will only lead to business frustration and possibly business failure.
New developments in cyber defense operations in the military provide useful steps
business can implement in enhancing cyber security. Another tool to borrow from the military in
cyber security risk defense is intelligence, surveillance, and reconnaissance (ISR) (Trias, & Bell,
2010). The basis of this tool is to collect information regarding the enemy, which in the case of
social network sites includes hackers and other cyber criminals. The process of collecting
information on these perpetrators will generate the necessary intelligence needed to defeat, and
curtail the activities of cyber criminals.
Understanding the threats posed by potential cyber-attack can provide a measuring base
for the effects these cyber-attacks will have on the business operations (Dutt, Ahn, & Gonzalez,
2013). Cyber-attacks are disruptive due to the loss in functions of computers, and loss of private
information in a network due to malicious network events (Dutt, Ahn, & Gonzalez, 2013).
Having the proper network system to defend against cyber-attacks is necessary. The network
CYBERSECURITY BUSINESS RISK 7
system has to have the capacity needed for managing huge data (Mandemakers, & Dillon, 2004).
Managing the intelligence data properly improves security.
Borrowing ideas from the military to combat cyber-attacks on a company’s cyber
infrastructure is necessary if the process is a proven system. All proven systems of cyber
security should be evaluated and implemented to reduce the potential of cyber-attacks and the
negative effects of these attacks. Another approach necessary for identifying and analyzing
threats and vulnerabilities of network systems to cyber-attacks, involves matching threats with
cyber assets. The process then considers vulnerabilities to attacks, existing countermeasures, and
the needed improvement in the countermeasures (Baybutt, 2003). The process can be combined
with security vulnerability analysis to measure the estimated risk of malevents; malevents
described as deliberate acts that result in adverse consequences (Baybutt, 2003). The degree to
which cyber assets like hardware, software, data, and peopleware, are exposed to threats of
cyber-attack has to be clearly defined. From there on, the next step will be to acquire and
develop the resources needed to protect the gaps in security, thus providing improved speed in
building security measures.
The human aspects of the crimes are observed when studying cybercrimes, and the
combined knowledge is used as a valued asset. Leveraging behavioral science to mitigate cyber
security risks is important in the process of understanding the human aspects of the crimes.
(Pfleeger, & Caputo, 2012). Understanding the human criminals who perpetrate these
cybercrimes will give a clearer idea on how to stop them and way to prevent cybercrimes. Also
understanding the users of the security technology is important because the technology to stop
cybercrime will incorporate behavioral science. Incorporating behavioral science during the
design process of cybersecurity technology will result in a design which users are more likely to
CYBERSECURITY BUSINESS RISK 8
use. The members of the organizations are responsible for making sure the cyber security
measures being implemented are effective, by actively taking the steps recommended by the
company, and developing new ideas.
The learning team members in this class sharpen the focus in this area from discussions.
There were not enough details about the cybersecurity issues posed by social media. So, it
encouraged the curiosity to research this topic more. The insights about cybersecurity found
while looking at other leaning team members’ fields is the realization that cybersecurity is an
important aspect of information systems. The leaning team members provided much insight
about the changes going on in the information system field (University of Phoenix, 2015). Some
examples from different material were provided showing how users make it easy for cybercrimes
to occur by not being informed. Individuals provide their information to stranger simply, because
they are asked to, without considering the security risk involved.
Emerging Trends and Opportunities
The emerging trends in information systems pertaining to social network sites, and cyber
security risk will be reviewed. One of the trends is the purchase of cyber-crime insurance, which
typically covers crisis management costs, customer notification expenses, data extortion,
professional services, multimedia liability, security and privacy liability, and privacy regulatory
defense and penalties (Mainelli, 2013). The risk of cyber-attacks warrants the need for insurance,
since the ability to completely protect a company from cyber threats is almost impossible.
Insurance will provide some recovery after cyber-attacks, like in other aspects of the business
covered by insurance.
CYBERSECURITY BUSINESS RISK 9
The trend of businesses using social networking to create awareness regarding their brand
has to be considered. Studies find that small businesses are aware of the possibilities and
opportunities offered by social networking, but, most small businesses need to move beyond
passive presence (Boling, Burns, & Dick, 2014). Having a strong presence on the various social
networking sites has the potential of achieving competitive advantage for businesses. Further
recommendations are provided for businesses to increase their business contacts, by making
connections through individuals on social networking sites. Another growing trend is social
scholarship, combining traditional scholarship practices with more informal, social web-based
practices (Greenhow, 2009). The interactions on social media can be used to develop productive
outputs such as, research papers for students, and development of contacts for businesses. The
opportunities created by the use of social networking sites can always be explored further.
In addition to the previous trends agile software development methodologies have
become significant for businesses. The increases in the speed of the internet, and the growth in
the number of internet users, provide a challenge for businesses to adapt to the constant changes.
Complex adaptive systems (CAS) theory can be used to increase understanding of agile software
development practices (Meso, & Radhika, 2006). The constant change in cyber security risk for
social networking companies requires agile software development methodologies in developing
security software. Agile software development methodologies will provide the flexibility, current
cyber security software requires for adaptation to constant change. Innovation of new technology
is important for economic growth, but it is important to understand the Innovation Systems (IS)
necessary for technological change. Studying Innovation Systems focuses on the central idea that
innovation and diffusion of technology is both individual and a collective effort (Hekkert, Suurs,
Negro, Kuhlmann, & Smits, 2007). Technological change and Innovation Systems are not
CYBERSECURITY BUSINESS RISK 10
isolated, as they are influenced by the environment, and they also have an effect on the
environment as well. Analysis of all the resources is needed when developing, information
systems, networking systems, and data management systems required for an organization.
Conclusion
In conclusion social media, social network sites, and businesses in the same line of
activities are affecting change in society. Developing the proper information systems,
networking systems and database managements systems to sustain the information generated by
these businesses becomes crucial. The threat to the process of collecting the data and using the
data as a business resource is threatened by cyber security risks. Different theories and
Innovation Systems provide hope in the process for combating cyber security risk. The process
needed for combating cyber security risk will continue to evolve and it is necessary to stay
informed and ready for the changes. The review of scholarly literature is a step towards the right
direction in gathering information needed for advancing technological development in cyber
security. The review of scholarly literature also, provides the broad scope through which the
topic of cyber security should be observed. The information is then analyzed to understand the
link between the pieces of the puzzle, between Information Systems Management, cyber
security, and the effect on social networking sites. Utilizing the information to improve business
practices is a way of using scholarly literature in practical implementation for a real business.
Scholarly literature will be useful in everyday practice of business.
CYBERSECURITY BUSINESS RISK 11
Reference
Alexander, S. N. (2013). Regulating cyber-security. Northwestern University Law Review, 107,
(4), 1503 – 1568.
Baybutt, P. (December 2003). Cyber security vulnerability analysis: An asset-based approach.
Process Safety Progress, 22, (4), 220 – 228.
Boling, R., Burns, M. & Dick, G. (2014). Social networking and small business: An exploratory
study. Contemporary Readings in Law and Social Justice, 6, (2), 122 – 129.
Boyd, D. M., & Ellison, N. B. (December 2007). Social Network Sites: Definition, History, and
Scholarship. Journal of Computer-Mediated Communication, 13, (1), 210 – 230.
Bressler, M. S., & Bressler, I. (2014). Protecting your company’s intellectual property assets
from cyber-espionage. Journal of Legal, Ethical and Regulatory Issues, 17, (2) 1-15.
Cohen, E. Lyche, T. & Riesenfeld, R. F. (January 2010). MCAD: Key historical developments.
Computer Methods in Applied Mechanics and Engineering, 199, (5 -8), 224 – 228.
Dutt, V., Ahn, Y. & Gonzalez, C. (June 2013). Cyber situation awareness modeling detection of
cyber-attacks with instance based learning theory. The Journal of the Human Factors and
Ergonomics Society, 55, (3), 605 – 618.
Eisgruber, L. M. (December, 1973). Managerial information and decision systems in the U.S.A.:
Historical developments, current status, and major issues. American Journal of
Agricultural Economics, 55, (5), 930 – 937.
CYBERSECURITY BUSINESS RISK 12
Esmaeili, L., Nasiri, R., & Minaei-Bidgoli, B., (January – March 2012). Applying personalized
recommendation for social network marketing. International Journal of Online
Marketing, 2, (1), 50 – 63.
Facebook Annual Report. (2013). http://investor.fb.com/annuals.cfm.
Foster, N. J. (December 2014/ January 2015). Culture sets the tone for effective cyber security.
The RMA Journal, 97, (4) 8.
Greenhow, C. (March / April 2009). Social scholarship: Applying social networking
technologies to research practices. Knowledge Quest, 37, (4), 42 – 47.
He, W. (2012). A review of social media security risks and mitigation techniques. Journal of
Systems and Information Technology, 14, (2), 171 – 180.
He, W. (2013). A survey of security risks of mobile social media through blog mining and an
extensive literature search. Information Management & Computer Security, 21, (5), 381 -
400.
Hekkert, M. P., Suurs, R. A. A., Negro, S. O., Kuhlmann, S., & Smits, R. E. H. M. (2007).
Functions of innovation systems: A new approach for analyzing technological change.
Technological Forecasting & Social Change, 74, (4), 413 – 432.
LinkIn Annual Report. (2014). http://investors.linkedin.com/annuals.cfm
Mainelli, M. (2013). Learn from insurance: cyber bore. Journal of Risk Finance, 14, (1), 100 –
102. .
CYBERSECURITY BUSINESS RISK 13
Major. Trias, E. D. & Captain, Bell, B. M. (Spring 2010). Cyber this, cyber that . . . so what? Air
& Space Power Journal, 24, (1), 90 – 100.
Mandemakers, K., & Dillon, L., (Winter 2004). Best practices with large database on historical
populations. Historical Methods, 37, (1), 34 – 38.
Meso, P., & Jain, R. (Summer 2006). Agile software development: Adaptive systems principles
and best practices. Information Systems Management, 23, (3), 19 – 30.
Pfleeger, S. L., & Caputo, D. D. (June 2012). Leveraging behavioral science to mitigate cyber
security risk. Computers and Security, 31, (4), 597 – 611.
Saydjari, O. S. (March 2004). Cyber defense: art to science. Communications of the Association
for Computing Machinery (ACM). 47, (3), 52 – 57.
Schmitt, M. N. (Spring 2015). The law of cyber targeting. Naval War College Review, 68, (2), 11
– 30.
Twitter Annual Report. (2014). https://investor.twitterinc.com/annuals.cfm
University of Phoenix. (2015). Foundation of Information Systems Management. Discussions.
Watson, R., & Carlin, A. P. (June 2012). ‘Information’: Praxeological considerations. Human
Studies, 35, (2), 327 – 345.