Cybersecurity Business Risk, Literature Review

21
Running head: CYBERSECURITY BUSINESS RISK 1 Cybersecurity Business Risk Enow Eyong University of Phoenix

Transcript of Cybersecurity Business Risk, Literature Review

Page 1: Cybersecurity Business Risk, Literature Review

Running head: CYBERSECURITY BUSINESS RISK 1

Cybersecurity Business Risk

Enow Eyong

University of Phoenix

Page 2: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 2

Cybersecurity Business Risk Literary Review

The area of information systems application chosen for this paper is cybersecurity. The

focus in this paper will be the business risk of cybersecurity for social media corporations. While

examining the financial records of social media corporations like Facebook, Twitter, and

LinkedIn it became clear that the risk of cybersecurity threatens the success of these businesses

(Bressler, & Bressler, 2014). Cybersecurity threat could cause the business to loose customer

engagement due to the diminished customer experience posed by cybersecurity risks. Loosing

customer engagement has the potential of affecting revenue generating capacity for social media

companies. Social networking sites rely on interactions by individuals and communities on these

sites. They in turn sell marketing rights to corporations, which is a source of generating revenue

(Boyd, & Ellison, 2007). The paper will review the historical development, contemporary best

practices, and emerging trends and opportunities in the field.

Historical Development

The historical development of social network sites and their development as profitable

businesses cannot be complete without understanding the historical progression of information

systems as a social science field. The progress in information systems will serve as a guide for

reviewing the process leading to the establishment of social media sites as staples in the business

world. The historical development of cybersecurity risk affecting social media sites’ success will

also be reviewed. All the information combined provides significant literature needed to

understand how cyber security risk threatens the success of social media sites.

The history of information systems traces back to the beginning of telecommunications

industry. Information theory was initially placed within the frame of engineering (Watson, &

Page 3: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 3

Carlin, 2012). The role of significant figures in information theories studies like Garfinkel,

gradually guided focus on information systems to be viewed as a social science rather than

engineering (Watson, & Carlin, 2012). Information system was first considered in the

engineering sector, because of its role in telecommunications during the World War II by Britain

and the United States in different ways. Some of the ways information system was used

involved, strategy, information organization, storage, retrieval, encoding, decoding, information

organization, storage, retrieval, and much more. In reviewing the information the analytical

aspect of the information was noticed, leading to the development of information systems as

social science. From the onset information system contributed to cognitive theory studies.

Understanding and analyzing information became important for organizations.

Social network sites make use of information systems to provide targeted marketing for

businesses, and other organizations. The businesses and organizations pay fees to the social

network sites for the marketing services offered by the social network sites. The social network

sites then generate revenue from these fees charge to businesses and other organizations. The

social network sites are able to provide targeted marketing, because of the information systems

processes used to analyze information (Esmaeili, Nasiri, & Minaei-Bidgoli, 2012). Keeping users

engaged on the social networking sites generates information which is analyzed for marketing

purposes.

Cyber security is a risk factor to the success of social networking sites as a business.

Cyber security provides a risk, because unpleasant experiences by users will diminish user

interaction like in the case with MySpace (Boyd, 2007). The history of cyber security risks is

relatively new (Saydjari, 2004). Cyber defense aims to protect against cybersecurity risk. Cyber

is derived from cyberspace, which refers to both the networked infrastructure, and the

Page 4: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 4

information assets. The network infrastructure consists of, computers, routers, hubs, switches,

and firewalls. Information assets consist of, critical data on which an organization depends to

carry out its mission (Saydjari, 2004). Information systems management, network system

management, and data management systems are important components when developing

architecture for cyber security (Cohen, Lyche, & Riesenfeld, 2009). For social networking sites

to develop proper architecture to negate the effects of cyber security risks, they have to consider

all these components. So, the next section will focus on the contemporary best practices in the

industry.

Contemporary Best Practices

The reason for choosing this area of cybersecurity is to review the influence of cyber-

espionage and crimes, and how they affect the sustainability of social media companies. Social

media plays a role in all these, because of the wide use of social media with Facebook having

more than 757 million users as of 2013 (Facebook Annual Report, 2013). If Facebook was a

nation, it will be the third largest nation in the world today. As of 2014, half of the 770 million

professionals and students had access to LinkedIn (LinkedIn Annual Report, 2014). Twitter had

288 million monthly active users as of 2014 (Twitter Annual Report, 2014). Companies use

social media for marketing because of the user interaction on those websites. In turn, these social

media corporations generate revenue from advertisement. Social media corporations mostly

indicated that the advertisement revenue from businesses was a major source of revenue in the

financial reports.

The value of cyber information systems is the opportunity it creates for businesses to

market to customers and monitor customer satisfaction. The opportunity to use the information

Page 5: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 5

from social networking sites is threatened by problems in cybersecurity. The social media

corporations mention cybersecurity as a major risk in their financial reports, but there are no

details on the steps that are being taken to stop the risk. There is also the growing problem of

security risks of mobile social media (He, 2013). Users have to be made aware of these risk and

corporations have to make significant effort to change the exposure to cybersecurity risk for

users. Having significant discussions and completing detailed research on cybersecurity risks is a

step towards containing the problem (He, 2013).

Some of the actions a corporation can take to curtail cyber security risk or increase cyber

defense are provided in this paper. The information on cyber defense was gathered from literary

review of scholarly works by others in different fields from military, to information systems,

applied science, and social science. Businesses and other organizations like governments

organizations and not for profit organizations, have to take steps within the legal boundaries to

protect their cyber activities (Schmitt, 2015). This is because cyber-attacks have developed to

involve warfare tack ticks across nations. Cyber defense is no longer only a domestic issue, but

cyber defense involves international implications. Some suggested guidelines will be to ask

basic questions regarding the laws that apply to the operation, authority to engage the intended

target, lawfulness of the weapon, avoidance of collateral damages, and the likely success of the

defense plan. Taking the necessary steps to prevent the negative impact from cyber defense is

important because, the wrong action could affect the business. When developing a company’s

cybersecurity system certain guidelines have to be maintained so the process does not break any

established laws, both local and international (Alexander, 2013). The process of establishing

cyber security could be complicated, so proceeding in the process should be done with caution.

Page 6: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 6

Some of defensive systems social networking sites can use for protecting against cyber-

attacks can be borrowed from the military. Information operations can be used to support the

business leaders in determining the situation, assessing threats and risks, making timely and

correct decisions, in relation to cyber security (Trias, & Bell, 2010). Having a reliable

architecture for the information systems is important, to improve the company’s ability to

generate accurate and timely information. An adequate amount of resources have to be deployed

to develop the effective architecture, systems designs (Eisgruber, 1973). The role of managerial

information and decision systems continue to expand, so developing an adequate system permits

the company to stay on target to achieve success. Ignoring the managerial information and

decision systems, will only lead to business frustration and possibly business failure.

New developments in cyber defense operations in the military provide useful steps

business can implement in enhancing cyber security. Another tool to borrow from the military in

cyber security risk defense is intelligence, surveillance, and reconnaissance (ISR) (Trias, & Bell,

2010). The basis of this tool is to collect information regarding the enemy, which in the case of

social network sites includes hackers and other cyber criminals. The process of collecting

information on these perpetrators will generate the necessary intelligence needed to defeat, and

curtail the activities of cyber criminals.

Understanding the threats posed by potential cyber-attack can provide a measuring base

for the effects these cyber-attacks will have on the business operations (Dutt, Ahn, & Gonzalez,

2013). Cyber-attacks are disruptive due to the loss in functions of computers, and loss of private

information in a network due to malicious network events (Dutt, Ahn, & Gonzalez, 2013).

Having the proper network system to defend against cyber-attacks is necessary. The network

Page 7: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 7

system has to have the capacity needed for managing huge data (Mandemakers, & Dillon, 2004).

Managing the intelligence data properly improves security.

Borrowing ideas from the military to combat cyber-attacks on a company’s cyber

infrastructure is necessary if the process is a proven system. All proven systems of cyber

security should be evaluated and implemented to reduce the potential of cyber-attacks and the

negative effects of these attacks. Another approach necessary for identifying and analyzing

threats and vulnerabilities of network systems to cyber-attacks, involves matching threats with

cyber assets. The process then considers vulnerabilities to attacks, existing countermeasures, and

the needed improvement in the countermeasures (Baybutt, 2003). The process can be combined

with security vulnerability analysis to measure the estimated risk of malevents; malevents

described as deliberate acts that result in adverse consequences (Baybutt, 2003). The degree to

which cyber assets like hardware, software, data, and peopleware, are exposed to threats of

cyber-attack has to be clearly defined. From there on, the next step will be to acquire and

develop the resources needed to protect the gaps in security, thus providing improved speed in

building security measures.

The human aspects of the crimes are observed when studying cybercrimes, and the

combined knowledge is used as a valued asset. Leveraging behavioral science to mitigate cyber

security risks is important in the process of understanding the human aspects of the crimes.

(Pfleeger, & Caputo, 2012). Understanding the human criminals who perpetrate these

cybercrimes will give a clearer idea on how to stop them and way to prevent cybercrimes. Also

understanding the users of the security technology is important because the technology to stop

cybercrime will incorporate behavioral science. Incorporating behavioral science during the

design process of cybersecurity technology will result in a design which users are more likely to

Page 8: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 8

use. The members of the organizations are responsible for making sure the cyber security

measures being implemented are effective, by actively taking the steps recommended by the

company, and developing new ideas.

The learning team members in this class sharpen the focus in this area from discussions.

There were not enough details about the cybersecurity issues posed by social media. So, it

encouraged the curiosity to research this topic more. The insights about cybersecurity found

while looking at other leaning team members’ fields is the realization that cybersecurity is an

important aspect of information systems. The leaning team members provided much insight

about the changes going on in the information system field (University of Phoenix, 2015). Some

examples from different material were provided showing how users make it easy for cybercrimes

to occur by not being informed. Individuals provide their information to stranger simply, because

they are asked to, without considering the security risk involved.

Emerging Trends and Opportunities

The emerging trends in information systems pertaining to social network sites, and cyber

security risk will be reviewed. One of the trends is the purchase of cyber-crime insurance, which

typically covers crisis management costs, customer notification expenses, data extortion,

professional services, multimedia liability, security and privacy liability, and privacy regulatory

defense and penalties (Mainelli, 2013). The risk of cyber-attacks warrants the need for insurance,

since the ability to completely protect a company from cyber threats is almost impossible.

Insurance will provide some recovery after cyber-attacks, like in other aspects of the business

covered by insurance.

Page 9: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 9

The trend of businesses using social networking to create awareness regarding their brand

has to be considered. Studies find that small businesses are aware of the possibilities and

opportunities offered by social networking, but, most small businesses need to move beyond

passive presence (Boling, Burns, & Dick, 2014). Having a strong presence on the various social

networking sites has the potential of achieving competitive advantage for businesses. Further

recommendations are provided for businesses to increase their business contacts, by making

connections through individuals on social networking sites. Another growing trend is social

scholarship, combining traditional scholarship practices with more informal, social web-based

practices (Greenhow, 2009). The interactions on social media can be used to develop productive

outputs such as, research papers for students, and development of contacts for businesses. The

opportunities created by the use of social networking sites can always be explored further.

In addition to the previous trends agile software development methodologies have

become significant for businesses. The increases in the speed of the internet, and the growth in

the number of internet users, provide a challenge for businesses to adapt to the constant changes.

Complex adaptive systems (CAS) theory can be used to increase understanding of agile software

development practices (Meso, & Radhika, 2006). The constant change in cyber security risk for

social networking companies requires agile software development methodologies in developing

security software. Agile software development methodologies will provide the flexibility, current

cyber security software requires for adaptation to constant change. Innovation of new technology

is important for economic growth, but it is important to understand the Innovation Systems (IS)

necessary for technological change. Studying Innovation Systems focuses on the central idea that

innovation and diffusion of technology is both individual and a collective effort (Hekkert, Suurs,

Negro, Kuhlmann, & Smits, 2007). Technological change and Innovation Systems are not

Page 10: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 10

isolated, as they are influenced by the environment, and they also have an effect on the

environment as well. Analysis of all the resources is needed when developing, information

systems, networking systems, and data management systems required for an organization.

Conclusion

In conclusion social media, social network sites, and businesses in the same line of

activities are affecting change in society. Developing the proper information systems,

networking systems and database managements systems to sustain the information generated by

these businesses becomes crucial. The threat to the process of collecting the data and using the

data as a business resource is threatened by cyber security risks. Different theories and

Innovation Systems provide hope in the process for combating cyber security risk. The process

needed for combating cyber security risk will continue to evolve and it is necessary to stay

informed and ready for the changes. The review of scholarly literature is a step towards the right

direction in gathering information needed for advancing technological development in cyber

security. The review of scholarly literature also, provides the broad scope through which the

topic of cyber security should be observed. The information is then analyzed to understand the

link between the pieces of the puzzle, between Information Systems Management, cyber

security, and the effect on social networking sites. Utilizing the information to improve business

practices is a way of using scholarly literature in practical implementation for a real business.

Scholarly literature will be useful in everyday practice of business.

Page 11: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 11

Reference

Alexander, S. N. (2013). Regulating cyber-security. Northwestern University Law Review, 107,

(4), 1503 – 1568.

Baybutt, P. (December 2003). Cyber security vulnerability analysis: An asset-based approach.

Process Safety Progress, 22, (4), 220 – 228.

Boling, R., Burns, M. & Dick, G. (2014). Social networking and small business: An exploratory

study. Contemporary Readings in Law and Social Justice, 6, (2), 122 – 129.

Boyd, D. M., & Ellison, N. B. (December 2007). Social Network Sites: Definition, History, and

Scholarship. Journal of Computer-Mediated Communication, 13, (1), 210 – 230.

Bressler, M. S., & Bressler, I. (2014). Protecting your company’s intellectual property assets

from cyber-espionage. Journal of Legal, Ethical and Regulatory Issues, 17, (2) 1-15.

Cohen, E. Lyche, T. & Riesenfeld, R. F. (January 2010). MCAD: Key historical developments.

Computer Methods in Applied Mechanics and Engineering, 199, (5 -8), 224 – 228.

Dutt, V., Ahn, Y. & Gonzalez, C. (June 2013). Cyber situation awareness modeling detection of

cyber-attacks with instance based learning theory. The Journal of the Human Factors and

Ergonomics Society, 55, (3), 605 – 618.

Eisgruber, L. M. (December, 1973). Managerial information and decision systems in the U.S.A.:

Historical developments, current status, and major issues. American Journal of

Agricultural Economics, 55, (5), 930 – 937.

Page 12: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 12

Esmaeili, L., Nasiri, R., & Minaei-Bidgoli, B., (January – March 2012). Applying personalized

recommendation for social network marketing. International Journal of Online

Marketing, 2, (1), 50 – 63.

Facebook Annual Report. (2013). http://investor.fb.com/annuals.cfm.

Foster, N. J. (December 2014/ January 2015). Culture sets the tone for effective cyber security.

The RMA Journal, 97, (4) 8.

Greenhow, C. (March / April 2009). Social scholarship: Applying social networking

technologies to research practices. Knowledge Quest, 37, (4), 42 – 47.

He, W. (2012). A review of social media security risks and mitigation techniques. Journal of

Systems and Information Technology, 14, (2), 171 – 180.

He, W. (2013). A survey of security risks of mobile social media through blog mining and an

extensive literature search. Information Management & Computer Security, 21, (5), 381 -

400.

Hekkert, M. P., Suurs, R. A. A., Negro, S. O., Kuhlmann, S., & Smits, R. E. H. M. (2007).

Functions of innovation systems: A new approach for analyzing technological change.

Technological Forecasting & Social Change, 74, (4), 413 – 432.

LinkIn Annual Report. (2014). http://investors.linkedin.com/annuals.cfm

Mainelli, M. (2013). Learn from insurance: cyber bore. Journal of Risk Finance, 14, (1), 100 –

102. .

Page 13: Cybersecurity Business Risk, Literature Review

CYBERSECURITY BUSINESS RISK 13

Major. Trias, E. D. & Captain, Bell, B. M. (Spring 2010). Cyber this, cyber that . . . so what? Air

& Space Power Journal, 24, (1), 90 – 100.

Mandemakers, K., & Dillon, L., (Winter 2004). Best practices with large database on historical

populations. Historical Methods, 37, (1), 34 – 38.

Meso, P., & Jain, R. (Summer 2006). Agile software development: Adaptive systems principles

and best practices. Information Systems Management, 23, (3), 19 – 30.

Pfleeger, S. L., & Caputo, D. D. (June 2012). Leveraging behavioral science to mitigate cyber

security risk. Computers and Security, 31, (4), 597 – 611.

Saydjari, O. S. (March 2004). Cyber defense: art to science. Communications of the Association

for Computing Machinery (ACM). 47, (3), 52 – 57.

Schmitt, M. N. (Spring 2015). The law of cyber targeting. Naval War College Review, 68, (2), 11

– 30.

Twitter Annual Report. (2014). https://investor.twitterinc.com/annuals.cfm

University of Phoenix. (2015). Foundation of Information Systems Management. Discussions.

Watson, R., & Carlin, A. P. (June 2012). ‘Information’: Praxeological considerations. Human

Studies, 35, (2), 327 – 345.