docx
keyboard_arrow_up
School
University of Kabianga *
*We aren’t endorsed by this school
Course
24
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
30
Uploaded by GeneralCobra390
1
How can nations enhance their cybersecurity measures to protect critical infrastructure
and national security interests?
Name of Student
Course Code: Course Title
Instructor
Date of Submission
2
Since bad actors can operate from anywhere in the globe, it is difficult to eliminate
vulnerabilities and repercussions in cyber networks that are complex in nature (Vigan, et al.,
2020, p.158), making cyberspace difficult to safeguard. Adopting and following secure
cybersecurity best practices is a smart move for individuals and enterprises of all sizes. The use
of complicated passwords, frequent software updates, care before clicking on links, and
activating multi-factor authentication are all examples of "cyber hygiene" practices that might
improve their online safety. Learning these foundations of cybersecurity is important for
individuals and organizations alike. Both public and private institutions need to develop and
implement unique cybersecurity policies and processes to safeguard business operations and stay
competitive. As information technology grows more pervasive, the likelihood of large-scale or
high-consequence catastrophes that might damage or impair services upon which the economy
and the everyday lives of millions of Americans depend has increased (Dubicki, 2019).
The Internet is being used to manage critical infrastructure including power plants, petrol
stations, and water treatment facilities. The many components that make up its cyber vital
infrastructure are all interconnected. Despite the many benefits, their everyday reliance on their
Internet-connected critical infrastructure makes us vulnerable to disruptions in their ability to use
the system. Unfortunately, its cyber critical infrastructure faces threats from a wide range of
actors, including governments of highly developed nations and common criminals.
Government officials at the highest levels agree that inadequate cybersecurity inside this
critical infrastructure constitutes a serious danger to national security (Vigan, et al., 2020, p.158).
Recently, risks to national and financial security have increased interest in focusing on
imperative frameworks in both the open and private segments. They have to be discouraged from
certain activities, but they also ought to take assistive safety measures to ensure the fundamental
3
administrations that permit them to preserve their way of life. Due to the basic significance of the
cyber framework and the reality of the dangers, the President yesterday signed an Official
arrangement encouraging government divisions and offices to utilize their existing powers to
guarantee progress in cybersecurity for the Country (Chris 2021). Businesses and governments
alike have to collaborate more closely on these sorts of ventures.
Before conscripting the Act, the Federal interacted with a range of business, states,
parliament, and advocacy sets. Their suggestions were helpful in finalizing an order that
incorporates best policies and procedures from both the public and commercial sectors. We have
held over 30 groups representing all 18 critical infrastructure industries and gotten direct
feedback from over 200 companies in the past six months. There were representatives from
another 6,000 businesses at the gatherings, which together generate over $7 trillion annually and
provide jobs for over 15 million people (Zwilling et al., 2022, p.1).
The vast majority of those
they contacted ended up backing the Executive Order. Reinforcing cybersecurity measures to
secure the basic foundation and national security interface can be done in a number of ways.
These incorporate solid data sharing and participation, venture into cutting-edge innovations and
frameworks, advancement of a cyber-aware culture, and advancement of worldwide standards
and understandings.
Background information
National security dangers from cyberattacks are a genuine concern in today's
interconnected world. The expanding dependence on innovation and the interconnecting of
worldwide systems make securing basic foundations, delicate information, and national
interfaces more troublesome for governments. Cyberattacks can have far-reaching impacts on a
nation's GDP, innovation, and imaginative generation (Kramer & Butler, 2019, p. 4). Threats to a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
country's capacity to improve and develop in innovation include mental property burglary,
mechanical surveillance, and the attack on investigation and development.
When it comes to securing mental property, a country's level of cyber security may make
all the difference. Cybercriminals, state-sponsored programmers, and other undesirable
performers regularly take mental property from businesses and colleges. Burglary of mental
property has far-reaching impacts on the economy and has a chilling effect on development and
imagination within the United States. The creative capacity of a nation is also vulnerable to cyber
espionage. State-sponsored hacking organizations regularly target foreign governments, defense
contractors, and academic institutions in order to get access to sensitive data and research
findings (Linkov & Kott, 2019, p.2). When invaders steal a country’s, trade secrets and scientific
breakthroughs, it can hurt the country's image for innovation and inventiveness.
Cyber assaults may disrupt essential services including the electricity grid, transportation
networks, and communication systems (Indriasari et al., 2020). These disruptions have the
potential to dampen economic activity and the generation of new ideas. As just one example,
consider a cyberattack that compromises data or makes essential services unavailable. may put a
damper on innovation in a variety of fields by impeding research and development, blocking the
dissemination of innovative technology, and discouraging the development of novel concepts.
The fear of cyberattacks may impair a country's motivation to share information and
cooperate with other countries. In today's worldwide climate, international collaboration is more
crucial than ever for inspiring creativity and driving innovation. However, nations may employ
more restrictive and protective measures in response to cyber assaults (Fuster & Jasmontaite,
2020, p.109) in an aptitude to stop more bouts. The Federal Government primarily functions
through the states, which are created by executive order by the President. The work of a State
5
Secretary is aided by assistant secretaries and subject matter experts. As government agencies
and ministries carry out their missions with the help of their separate core and support functions
technical teams, the FBI monitors their processes, controls, and risk management (Johnson,
2013). Internal auditors assess departments and provide advice to management on how to
mitigate risks and improve operations before an external audit is done. Cybersecurity must be a
national priority and robust defenses must be established if nations are to overcome these
dangers, despite the fact that it is within the jurisdiction of an external audit to examine security
measures (Ghernouti-Hélie, 2010). That means doing things like improving cybersecurity
education and training, funding R&D for safe technology, and encouraging information
exchange and collaboration among stakeholders. In an increasingly linked world, governments
may defend their creativity, innovation, and national security by adopting preventative actions to
secure their digital infrastructure and intellectual property.
Problem statement
E-government systems are supported on the grounds that they may make public services
available 24/7 via decentralized and user-friendly networks. The business sector is not the only
one that needs safe, reliable information transmission across decentralized networks that serve
the demands of numerous stakeholders. Effective e-government systems need a blend of people,
processes, infrastructure, and technology, much like any other information system. This indicates
that a country's e-government success is influenced by its citizens' demographic and
socioeconomic qualities.
The government has proven to be successful in combating cyber security risks. Concerns
are raised when websites thought to hold national secrets, critical security information, or
financial data are hacked. There are official websites for the Federal Reserve Banks, the
6
Government Financial Accounting System (IFMIS), and the Department of Registration of
Persons and Immigration. More than Ksh2 billion is lost each year due to cybercrime in the
public sector, and that does not include the cost of fixing computers that have been
compromised. Cyber-attacks erode stakeholder faith in e-government activities, which hinders
service delivery by the public sector; hence, understanding the factors influencing cyber security
in public service is essential (Montasari, 2023, p. 15).
Previous research has shown that there is a connection between e-government,
organizational management, and security issues. Researchers have largely concentrated on
quantifiable technological difficulties to address the vulnerability of information systems. An
impartial evaluation of the security of information systems, however, reveals that non-technical
elements are equally as significant as technological ones when it comes to protecting sensitive
data, as Wagner et al. (2019, p. 12) point out. There's a need for freely accessible literature
examining the elements of environment, populace mindfulness, and socio-cultural standards and
how these components relate to conventional approaches to overseeing data frameworks in
creating countries since most earlier investigations have been conducted inside the setting of
created nations.
To fulfill the same objectives, the open division needs a more distinctive combination of
assets and strategies than the private segment. Open talks must take place inside governments
with respect to the procedures they utilize, the dissemination of reserves between the official and
administrative branches (which can have an impact on legislative issues), the arrangement of
items for the public good instead of for benefit, and the conveyance of these substances over the
authoritative locale, notwithstanding whether or not doing so is financially judicious(Malatji et
al., 2022). Hence, it is fundamental that open division administration follow the particular
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
standards and rules of each office. Concerns about protection and security are justified in light of
the open, decentralized, and effortlessly open nature of e-government systems.
Only a small number of experimental studies have been distributed that handle the issue
of cyber security and the utilization of IT in creating nations head-on. (Wagner et al., 2019, p.
12). The cyber security assessment frameworks used by Kenyan government departments were
studied by academics in the region. The framework's limitations were evaluated through an
examination of strategy, baseline assessment, and prioritization (an inventory of assets ranked by
their worth to the organization's infrastructure). Despite the study's cyber security focus, its
conclusions are applicable to public service assessment as well. Taking into account both the
framework and the individuals and authorities responsible for executing it and maintaining its
incorporation into management, this research will evaluate the current condition of cyber
security in the public sector.
Comparing the commercial and governmental sectors revealed the necessity of using
distinct approaches. This research will build upon existing literature on cyber security by
expanding individual’s understanding of the psychological and institutional elements that
influence cyber security across nations. Different settings have been studied in the past when it
comes to cyber security, such as the African context and the cyber security framework in the
United States's Federal states. Despite the infrastructure in place to secure them, the Public
Service has been affected by repeated cyberattacks, particularly long-standing organizations like
Federal agencies. Understanding how nations may strengthen their cybersecurity strategies to
protect their most important institutions and their own national security is the primary emphasis
of this study.
Literature Review
8
Leadership and Culture
AlGhamdi et al. (2020, p. 10) argue that a company's culture is an important
consideration when developing an information security strategy. According to Wagner et al.
(2019, p. 13), a company's culture is a key factor in its success because it drives employee
motivation, shapes business decisions, and shapes how people behave in defense of the company.
They classify corporate culture into three levels—artifacts, declared values, and shared implicit
assumptions—and argue that upper management should promote corporate culture in addition to
implementing the organization's standards. To make information security a core value inside a
business, it is important to adopt a "Top-Down" strategy and educate all internal users.
Management attention and backing may be improved by moving away from viewing
information security as a technical responsibility and instead focusing on building a culture of
security throughout the company (AlGhamdi et al., 2020, p. 11). The authors believe that a
company with a strong information security culture will reap the benefits of increased trust, legal
compliance, and shareholder value. Increases in internal information security awareness,
training, monitoring, and risk assessments were associated with a more secure organizational
culture, as reported by AlGhamdi et al. (2020, p. 11). Christen et al. (2020, p. 11) argue that an
organization's culture is the single most critical factor in data and infrastructure security.
Deliberate efforts to create security objectives that are in accordance with the strategies of the
firm are the consequence of an effective information security culture.
According to the American Computer Society (2016, p. 2), a nation's infrastructure is one
of the most susceptible targets during a cyberwar. Utilities such as power plants, communication
networks, transportation, and others are especially susceptible to assaults due to their reliance on
automation (Crowther, 2017, p. 66). Take the increasingly popular concept of autonomous
9
vehicles as an illustration of what may go wrong if they continue to develop goods and services
without thinking about cybersecurity. In 30 years, civilization will rely on driverless
automobiles, buses, and trains. Drones are commonplace, yet human pilots are still required for
aircraft. Reduced pollution and transportation expenses are only two examples of how
technological advancements have improved their daily lives. This is the finest period in history.
Then a cyberattack hits the primary network. With no way to coordinate traffic, the city of
Sydney, home to 7 million people, ground to a halt.
According to Cains et al. (2022, p. 1646), the lack of a standardized language compounds
the difficulties of risk communication caused by cognitive biases. Consistent language has been
shown to be useful in both multi- and cross-disciplinary studies. For instance, a lack of consistent
terminology prevented scientists and resource managers from making progress in fish
reproductive studies (Cains et al., 2022, p. 1666). In order to facilitate better communication
between stakeholders from diverse sectors, lexical standardization sometimes involves the
creation of a specified, systematic nomenclature. Cains et al. (2022, p. 1666) suggest that the first
step toward a standardized cyber security language is to increase research on finding trends in
terminology standards. The authors (Cains et al., 2022, p. 1646) suggest that public policy,
computer science, management, and the social sciences are the four main areas into which cyber
security may be subdivided. Ramirez argues that the adoption of a uniform technical terminology
is an important first step toward improving communication among cyber security professionals
like the ARL and their academic colleagues in the CSec CRA.
Military personnel have been involved in intelligence efforts for as long as there have
been organized forces, as shown by Crowther (2017, p. 67). Sun Tzu, per Crowther (2017, p. 67),
discusses intelligence gathering in the military. Current US national intelligence shows this
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10
clearly, since eight of the 17 members of the Intelligence Community publicly acknowledge
having ties to the Department of Defense. Cyberspace operations are an integral part of the
military's intelligence mission. Intelligence activities like espionage and source development
were commonplace before the advent of the internet. Manual intelligence collection will become
increasingly rare as modern societies become increasingly data-driven. Remote areas of the
Middle East, Central Asia, and Africa are not yet connected to the global information system, so
traditional means of obtaining intelligence, such as infiltrating terrorist cells, will remain relevant
there (Crowther, 2017, p. 67). Groups like al-Qaeda and ISIS take precautions to limit or
minimize their exposure to cutting-edge kinds of intelligence collection (such as signals
intelligence); therefore, traditional techniques of espionage will also be required to penetrate
them.
Recent events, such as pandemics and the shift in economic power, pose several
challenges for individuals (Dawson et al., 2021, p. 71). As a result of these dangers, both new
and familiar enemies arose. If no action is taken, being aware of these challenges will help in
devising a plan to mitigate them. Information leakage, total system failure, or system damage are
the goals of motivated hackers, hacking groups, and nation-states when they sabotage
infrastructure systems (Dawson et al., 2021, p. 71). An adversary may, for instance, insert
malicious malware into the power grid. A hacker who gets unauthorized access to the electrical
grid might potentially cause widespread blackouts by interfering with its many components.
Many things must go right for vital infrastructure to function reliably. It's not uncommon for
attacks on one network to ripple over others (Dawson et al., 2021, p. 71).
One strategy for increasing traffic violations is to consistently enable the system's green
traffic lights and other indicators. Cyberattacks on water supply infrastructure systems can have
11
far-reaching immediate and long-term implications (Dawson et al., 2021, p. 71). As it is, hackers
who gain unauthorized access to a watergate system can cause floods that imperil people and
property. Water filtration and sanitation in metropolitan areas may be impacted, which may
potentially leave fire departments without access to water in the case of an emergency. Internet
access might be disrupted if a hacker were to gain unauthorized control of the power grid and
cause localized blackouts or brownouts. The failure to power vital infrastructure like traffic lights
or public communication networks like WiFi in the absence of a stable backup power supply can
have far-reaching effects.
Since there are issues with the available labor force, many tasks must be automated.
Protecting these lifelines requires significant contributions from artificial intelligence, machine
learning, and data science. Before a system can connect to a specific industry, it must run an AI
agent that tracks user activity on the device and saves this data to learn useful and habitual
behaviors (Malatji et al., 2022). As soon as a standard is set for comparison. The device is
immediately removed from the network until further authentication is performed and the logs
have been verified by a system administrator. The sheer amount of data necessitates the use of
complex data analysis software. To affirm the occasions that have happened, an information
researcher at that point carefully surveys the logs (Dawson et al., 2021, p. 71). After usually total
isolation, the framework can be isolated incidentally to halt the contamination from spreading to
other systems. If malware is found on a computer, it will have to be reimaged using a clean
duplicate of the working framework. It is conceivable to utilize the Mission System to include all
significant parties within the solution-making process (Dawson et al., 2021, p. 71).
Devi (2019, p. 150) argues that the safety of their referent objects—whether they be
individuals, businesses, or governments—is constantly at risk from cyberattacks. Meanwhile, the
12
infrastructure supporting the nation's defense and intelligence organizations is vulnerable to the
same kinds of attacks. Thus, all cyber-attacks, whether directed against individuals, businesses,
or government institutions, have severe consequences, with a greater risk of theft of military and
state secrets associated with assaults on government equipment. The transmission of data for
commercial transactions and communication reasons relies significantly on networks across
India's most vital industries, including defense, energy, finance, communications, transportation,
and other public services (Devi, 2019, p. 150). For these companies, internet use is vital to
national safety as it helps as a main means of interacting and information assemblage. The states
have big desires to develop telecommunications systems, internet availability, and online
marketing. The cabinet has approved Prime Minister Narendra Modi's ambitious Digital India
initiative, which he says would provide broadband internet to every gram panchayat (village
council), boost e-governance, and turn India into a linked knowledge economy (Devi, 2019, p.
150).
Due to poor regulation of information transmission and undeveloped institutions to aid it,
information on cyber-attacks and equipment vulnerabilities is nearly nonexistent, as stated by
Devi (2019, p. 151). However, global cyber security is getting to a point where sophisticated
attacks on the energy sector are possible. Also, the common disposition reflects the common
need for certainty in India's cyber framework. To fulfill the country's vitality needs and overcome
the troubles that have emerged, India has consolidated cutting-edge innovation into its vitality
segment. Be that as it may, a few challenges have emerged as a coordinated result of advances in
cutting-edge innovation. On occasion, a few programmers posted anti-India and anti-nuclear
messages on the Bhabha Nuclear Inquire's site after India conducted atomic tests in May 1998
(Devi, 2019, p. 151).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
13
Cyberspace is progressively becoming a target for programmers because it is fundamental
to the financial and political development of the United States (Dill, 2018, p. 56). When data and
communications frameworks and the information they contain are both secure against
unauthorized access, utilization, or divulgence, neither one can be abused or compromised in any
war. The cyber domain grew, but laws and standards to affect cybersecurity practice lagged
behind because of a lack of awareness among either a centralized government or private
administration. This gulf allowed for the exploitation of vulnerabilities and the creation of many
entry points via which assaults could be launched against their nation's defenses and most
essential assets. While state, non-state, and criminal actors are actively seeking to exploit their
cyberspace capabilities to thwart US national objectives (Dill, 2018, p. 57), the Department of
Defense (DoD) is having trouble cultivating and keeping a skilled cyber workforce that includes
a crucial cybersecurity talent pool. Current, non-cyberspace-related projects from throughout the
Armed Forces may aid with the long-term expansion of the United States' cybersecurity
workforce.
Connecting daily and industrial devices to one another and to people, the Internet of
Things (IoT) promises to expand the intelligence, programmability, and interactivity of these
objects (Djenna et al., 2021, p. 4). The IEEE provides us with this definition. Patients' heart rates,
blood pressures, and other physiological indications are being monitored with the help of the
Internet of Things. However, there is no universally accepted definition of the IoT in healthcare.
There is a wide range of definitions, some of which emphasize technical aspects while others
emphasize applications and features. Managing and organizing an online infrastructure of
networked medical equipment to create "smart" healthcare facilities is a major component of the
IoT in this sector (Laković et al.,2021). Wearables and implantable like pacemakers are only two
14
examples of the types of medical devices that may be connected to a network to provide "smart
health" services. Examples of such health-tracking wearables include trackers for heart rate,
motion, and sleep, as well as two-way communication capabilities (Djenna et al., 2021, p. 4). For
the purpose of remote patient monitoring in healthcare institutions or at home, these devices can
connect with one another to form an Internet of Things network. The healthcare industry stands
to gain the most economically. Numerous sectors, such as healthcare and industry, stand to
greatly benefit from the IoT.
According to Fuster and Jasmontaite (2020, p. 109), EU-level cybersecurity strategies
target specific actors. So, there are lots of individuals for politicians to hear from. The general
Information Security Control and the Network and Data Security Mandate are two illustrations
of modern administrative activities that force obligations on people and hold them responsible
for certain activities. It's up to each individual to guarantee their claim of security from the
potential peril. Tragically, the current enactment on information security can, as it were, address
a portion of the challenges in this region since it basically centers on information controllers.
Data protection by design is optional for technology and service developers and
providers. Recital 78 of the GDPR reveals the legislator's ambivalence by requiring that the right
to data protection be considered in the development and design of goods, services, and
applications that rely on the processing of personal data. Both controllers and processors fall into
this category. However, unless they are also data controllers or processors, developers and
producers of software and hardware are not subject to the legal duties envisioned in the EU data
protection framework (Fuster & Jasmontaite, 2020, p. 110). In actuality, the EU has not settled
on a single agency to oversee the safeguarding of citizens' personal data and other rights in the
online world.
15
In the next few years, there will supposedly be 21 billion operational IoT devices, as
predicted by Goel (2020, p. 76). While Cisco estimates 100 billion IoT devices, Intel forecasts
200 billion. Around 50 billion gadgets, according to Cisco. The first industrial revolution began
when the power loom was developed. The second industrial revolution began in the 1870s with
the introduction of assembly lines; the third began with the introduction of PLCs (Goel, 2020, p.
76). The fourth industrial revolution is now being propelled by sensors, AI, and robotics. Think
for a moment about the possibilities presented by "smart farming," wherein sensors offer
accurate information on environmental factors like temperature and humidity, soil pH, and
nutrient levels, all of which can be used to enhance farming practices and crop yields. Or the
incredible potential in biomedical informatics of insulin pumps that monitor blood sugar and
adjust insulin levels in real time, or IBM's Medical Sieve, which, driven by smart algorithms and
advanced AI, analyzes a patient's images by learning everything there is to know about the
individual in seconds for a smarter diagnosis and an infinitely more personalized outcome.
According to Gunduz & Das (2020, p. 1), the Smart Grid concept involves moving from
"a limited number of highly managed devices" to "an Internet-like distributed environment" with
numerous devices. A speaker at an IEEE meeting on the subject is quoted by Cohen as saying,
"We know how to secure the Internet," but very few people would agree with this statement.
While there is no silver bullet for Internet security, the most pressing dangers may be mitigated.
The authors mention the routing infrastructure and general-purpose computing as two instances
of challenges. Cyber security solutions that were initially designed for corporate networks are
likely to be inadequate if one wants a smart grid communication system to run safely on public
data communication networks like the internet (Gunduz & Das 2020, p.2). Cybersecurity for
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
16
smart grid communication networks has different goals, objectives, and underlying assumptions
than for traditional enterprise networks.
Cybersecurity information agreements are more common but less exact than previously
thought, as Hitchens & Goren (2017, p. 5) found. In total, 116 countries and 2,349 signatories
participated in documenting and analyzing 196 accords as part of this research. Consensus on the
importance of information sharing is shown by the widespread signing of agreements and the
attendant debate. However, it is uncertain how much information is really transmitted or what
sort of information is provided. The text of public agreements is often vague, even when they are
published. Despite the potential gains from increased sharing of cyber security information,
several disincentives and practical barriers remain. For this research, the authors gathered data on
"what governments have committed to do, what they actually do, and why they do it" (Tumkevi,
2018, p. 81).
Analysis of Results
Several scholarly discussions have focused on how to include corporate governance and
culture into the proposed ISG program framework. Reviewing these studies has led us to the
conclusion that the great majority of them do not validate the proposed framework or give a
detailed explanation of the procedures needed to put it into action. For instance, several studies
provided a framework for the ISG program without discussing its validation, the theoretical
underpinnings underlying it, or the technique employed (Kramer & Butler, 2019, p. 5). As a
result of these and other changes, the government will have to play a more prominent role in the
provision of cybersecurity (Kramer & Butler, 2019, p. 5). Other studies proposed a hybrid
approach, fusing COBIT, ISO17799, ISO27001, and ITIL to cover all the bases of ISG. None of
these studies described or provided a framework for how to put their results into reality, and most
17
lacked either an expert evaluation or a real-world application. Previous studies have presented
ISG frameworks, but they have not detailed either the implementation instructions or the
validation process. For instance, AlGhamdi et al. (2020, p. 27) used COBIT and ISO 27036 to
create a conceptual ISG framework for the value chain, but they did not go into detail on how to
really implement it or make sure it was legitimate.
The review identified the need for developing a holistic framework for information
security governance that connects the organization's objectives and its protection, addresses each
aspect of strategy, control, and regulation, ensures compliance of procedures and guidelines with
policies, and ensures continuous evaluation and compliance. The fact that there is no one
effective model for ISG, as Humayun et al. (2020, p. 6) concluded, is validated here. Many other
frameworks, for both governance and information security, have been suggested by the research
community as ways forward. The ISG system, in any case, has been criticized by those who
claim it cannot adjust rapidly sufficient to modern data (Humayun et al., 2020, p. 6). Based on
the findings, this paper has chosen that an ISG framework must have the following
characteristics: it must be basic to induce and execute; it must be self-sufficient; it must
acclimate to the wants of the organization; it must allow a road diagram for the shapes included
in putting the framework into activity; and it must characterize parts and responsibilities.
This paper agrees that states can way better guarantee their essential structures and
national security needs by taking a multifaceted approach to cybersecurity, which includes
extended information sharing and support, subsidizing cutting-edge progress and establishments,
instruction and mindfulness campaigns, and the advancement of widespread guidelines and
attestations.
18
Effective methods for exchanging threat intelligence, vulnerabilities, and best practices
across government agencies, business sectors, and foreign partners can assist governments in
enhancing their cybersecurity measures, as stated by Montasari (2023, p. 16). Collaborative
activities, including information-sharing platforms and coordinated cybersecurity exercises, may
help encourage proactive threat detection and response. In order to facilitate real-time
information sharing and collaboration on cybersecurity challenges, Kshetri (2019, p. 80) argues
that governments can set up information sharing platforms. These networks allow for the sharing
of threat intelligence, vulnerabilities, and best practices across public and private organizations
on a global scale. Cyber threats do not respect international boundaries, so international
cooperation is crucial. Information-sharing agreements, joint cybersecurity exercises, and the
implementation of industry-wide best practices are all examples of ways in which nations might
work together (Trump, 2017, p. 14). The global fight against cybercrime will benefit from this
increased level of trust and collaboration. Governments may also opt to invest in cybersecurity
education and awareness efforts in order to help build a culture of cybersecurity. By providing
education and tools to government agencies, businesses, and the general public, nations may
strengthen their cybersecurity posture and promote a safer digital environment.
Nations ought to make critical ventures in cutting-edge advances like counterfeit insights,
machine learning, and blockchain to boost their cybersecurity capabilities. Way better risk
detection, occurrence reaction, and information security are all fundamental to extending the
basic infrastructure's flexibility to cyberattacks, and they may be realized through the utilization
of state-of-the-art innovation and frameworks. Blockchain technology's decentralized and
immutable record-keeping can improve authentication and access control systems (Wilson, 2021,
p. 16). If governments employ blockchain to establish secure and accessible identity
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
19
management systems, fraud and theft will be reduced. However, remember that investing in
technology alone won't provide a safe network (Li & Liu, 2021, p. 8183). Developing their
workforce, collaborating with other nations, and enforcing stringent regulations are all aspects
governments should consider. A comprehensive approach that combines hardware, software, and
skilled personnel with sound management practices is essential for building effective
cybersecurity infrastructure (Li & Liu, 2021, p. 8183).
A nation's residents, corporations, and government institutions must all be educated and
informed of the need for cybersecurity if it is to foster a cyber-conscious society. Individuals may
play an active role in protecting national cybersecurity if they are educated about best practices
in cyber hygiene, provided with training programs, and made aware of possible threats and
countermeasures. Jaeger and Eckhardt (2021, p. 33) agree with interpretations of this study’s
empirical findings, which suggest that cues that trigger awareness may also be received through
security warnings. The security warning is a common target for researchers, but it's important to
keep in mind that consumers rely on a variety of other sources of information as well. Methods
for understanding how users perceive and react to security warnings (Kertysova et al., 2018, p.
17) must take into consideration information acquired by users from other sources in the current
system environment in order to evaluate the efficacy of security warnings. Extending prior
research that isolated the impact of a warning, we show that the presence of a security warning
increases the value of other security-related signals utilized to form a holistic understanding of
the situation.
Cyberattacks on people, businesses, and governments can cause serious harm. Increasing
cybersecurity knowledge and education may help nation-states better prepare themselves, their
populations, their businesses, and their government agencies against cyberattacks. Protecting
20
individuals, companies, and government agencies from cyber-attacks requires countries to
develop a culture of cybersecurity awareness and education (The Cybersecurity 202 Network,
2021, par. 3). Countries may improve their overall cybersecurity posture and create a safer digital
environment by investing in cybersecurity education, fostering responsible online conduct, and
establishing a competent workforce.
Luzzatto (2022, p. 265) argues that states should participate in international forums and
make diplomatic efforts to establish and implement cybersecurity standards and agreements.
Advancing good behavior on the internet, advocating for the conservation of basic foundations,
and tending to state-sponsored cyber threats through political channels may all contribute to a
more secure and steady computerized environment on a worldwide scale (Linkov & Kott, 2019,
p. 3). It's conceivable for cyberattacks to happen anywhere at any time. Any country is
vulnerable to attacks launched from any other country. Participation in international forums and
diplomatic initiatives to share information, intelligence, and best practices can help identify and
reduce global cyber threats (United Nations, 2018, p. 34). Significant infrastructure, state
security, and individual information must be preserved on a worldwide scale, and nations must
collaborate to make this occur.
The expansion of the e-economy, which is playing a larger part in current's globe, is also
reliant on data security. Diplomatic actions and the adoption of cybersecurity standards can
protect national economic interests (Maurer & Nelson, 2020, p. 15). An integral aspect of this is
preventing cybercrime, industrial espionage, and other forms of data breach that might
compromise a company's intellectual property, trade secrets, or other private information.
Boosting cyber security makes for a better business-friendly environment all around (Marrone &
Sabatino, 2021, p. 10).
21
As stated by Tumkevi (2018, p. 82), active participation in international forums and
diplomatic initiatives is necessary to establish and improve cybersecurity norms and agreements.
It encourages collaboration between countries in the fight against cybercrime around the world,
the improvement of agreeable rules, the assurance of a financial interface, and the advancement
of a shared belief. Protecting individuals, basic infrastructure, and national security in the
computerized age requires cooperation between states. Information sharing, unused advances, a
move in national culture, and agreeable endeavors over borders are all parts of a comprehensive
approach to reinforcing national cybersecurity (McDonald, 2017). According to the European
Union Office for Cybersecurity, an all-encompassing approach is essential for nations to secure
their basic framework and national security interface in today's universally interconnected and
carefully subordinate world.
Cybersecurity experts utilize numerous tools and strategies to secure systems, computers,
and information. These heroes protect innocent people from harm and bring relief to those in
need. Psalm 19:7–10 states "The Law of the LORD is perfect" and "The judgments of the LORD
are true and righteous altogether." God instructed His people, "Thou shalt not steal." Christians
working in the cybersecurity profession are committed to preventing theft even as they abstain
from stealing.
Limitations
The study presented here has some shortcomings. The ISG domains and CSFs were
determined using qualitative text analysis and author interpretation of the data, which might
introduce bias into the review. The focus is on ISG and strategy within the internal framework of
the firm rather than on technological specifics. Despite these drawbacks, the evaluation
highlighted critical prerequisites for the establishment of an ISG program (Lamont, 2021).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
22
Conclusion
After studying the available literature, it became clear that an in-depth ISG structure is
required to enable the business to reach its objectives and maintain its security. The structure
must be adaptable so that it may change as the business does. Top-level management's
willingness to take responsibility for providing adequate resources for ISG efforts was also
emphasized in the research. Another aspect to consider when planning a security strategy is the
evaluation's emphasis on the necessity of including an awareness program in an ISG framework.
The evaluation revealed a total of 27 CSFs across seven categories that might potentially serve as
the basis for the ISG. The combination of these ISG domains and CSFs is essential for
developing information security governance as a comprehensive approach for ensuring
information security policy congruence with business goals. These factors may be used to win
over high management and include everyone in the company using a "Top-Down" approach. As
a result, workers will take their responsibilities to the firm and its success and safety more
seriously. Using the review's results, a comprehensive ISG framework will be created to
demonstrate the value of the identified ISG domains and CSFs.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
23
References
AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020).
Information security governance
challenges and critical success factors: Systematic review
. Computers & security, 99,
102030.
Australian Computer Society. (November, 2016).
Cybersecurity; Threats, Challenges,
Opportunities
. Retrieved from:
file:///C:/Users/user/Downloads/ACS_Cybersecurity_Guide.pdf/
Cains, M. G., Flora, L., Taber, D., King, Z., & Henshel, D. S. (2022).
Defining cyber security
and cyber security risk within a multidisciplinary context using expert elicitation
. Risk
Analysis, 42(8), 1643-1669.
Chris M. (2021).
Privacy and Cybersecurity, in Privacy, Regulations, and
Cybersecurity: The Essential Business Guide
, Wiley, pp.171-171, doi:
10.1002/9781119660156.part3.
Christen, M., Gordijn, B., & Loi, M. (2020).
The ethics of cybersecurity
(p. 384). Springer
Nature.
Crowther, G. A. (2017).
The Cyber Domain
. The Cyber Defense Review, 2(3), 63–78.
http://www.jstor.org/stable/26267386/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
24
Dawson, M., Bacius, R., Gouveia, L. B., & Vassilakos, A. (2021).
Understanding the challenge
of cybersecurity in critical infrastructure sectors
. Land Forces Academy Review, 26(1),
69-75.
Deibert, R. J. (2018).
Toward a human-centric approach to cybersecurity
. Ethics & International
Affairs, 32(4), 411-424.
Devi, S. (2019).
Cyber security in the national security discourse
. World Affairs: The Journal of
International Issues, 23(2), 146-159.
Dill, K. J. (2018).
Cybersecurity for the Nation: Workforce Development
. The Cyber Defense
Review, 3(2), 55–64. Retrieved from: http://www.jstor.org/stable/26491223/
Djenna, A., Harous, S., & Saidouni, D. E. (2021).
Internet of things meet internet of threats: New
concern cyber security issues of critical cyber infrastructure
. Applied Sciences, 11(10),
4580.
Dubicki, E. (2019).
Mapping curriculum learning outcomes to ACRL's Framework Threshold
education: A systematic literature review
.
Education and Information Technologies
,
25
,
5205-5234.
Fuster, G. G., & Jasmontaite, L. (2020). Cybersecurity regulation in the European union: the
digital, the critical and fundamental rights. The ethics of cybersecurity, 97-115.
Ghernouti-Hélie, S. (2010, February).
A national strategy for an effective cybersecurity
approach
and culture.
In 2010 International Conference on Availability, Reliability and Security
(pp. 370-373). IEEE.
Goel, S. (2020).
National cyber security strategy and the emergence of strong digital borders
.
Connections, 19(1), 73-86.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
25
Gunduz, M. Z., & Das, R. (2020).
Cyber-security on smart grid: Threats and potential solutions
.
Computer networks, 169, 107094.
Hitchens, T., & Goren, N. (2017).
International Cybersecurity Information Sharing Agreements.
Center for International & Security Studies
, U. Maryland. Retrieved from:
http://www.jstor.org/stable/resrep20426/
Humayun, M., Niazi, M., Jhanjhi, N. Z., Alshayeb, M., & Mahmood, S. (2020).
Cyber security
threats and vulnerabilities: a systematic mapping study
. Arabian Journal for Science and
Engineering, 45, 3171-3189.
Indriasari, T. D., Luxton-Reilly, A., & Denny, P. (2020). Gamification of student peer review in
infrastructure resilience.
Information & Computer Security
,
30
(2), 255-279.
Jaeger, L., & Eckhardt, A. (2021).
Eyes wide open: The role of situational information security
awareness for security‐related behaviour
. Information Systems Journal, 31(3), 429-472.
Johnson, L. K. (2013).
American foreign policy and the challenges of world leadership: Power,
principle, and the constitution
. Oxford University Press.
Kertysova, K., Frinking, E., Dool, K. V. D., Maričić, A., & Bhattacharyya, K. (2018).
Cybersecurity: Ensuring awareness and resilience of the
private sector across Europe in face of mounting cyber risks.
The European Economic
and Social Committee (EESC). Retrieved from:
https://www.eesc.europa.eu/sites/default/files/files/qe-01-18-515-en-n.pdf/
Kramer, F. D., & Butler, R. J. (2019).
A ROADMAP TO BETTER CYBERSECURITY. In
CYBERSECURITY: CHANGING THE MODEL
(pp. 5–20). Atlantic Council. Retrieved
from: http://www.jstor.org/stable/resrep20932.5/
Kshetri, N. (2019).
Cybercrime and cybersecurity in Africa
. Journal of Global Information
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
26
Technology Management, 22(2), 77-81.
Lamont, C. (2021). Research methods in international relations. Research Methods in
International Relations, 1-100.
Laković, L., Ognjanović, I., Šendelj, R., & Injac, O. (2021, February).
Semantically enhanced
cyber security model for industry 4.0: methodological framework.
In 2021 25th
International Conference on Information Technology (IT) (pp. 1-4). IEEE.
Li, Y., & Liu, Q. (2021).
A comprehensive review study of cyber-attacks and cyber security;
Emerging trends and recent developments
. Energy Reports, 7, 8176-8186.
Linkov, I., & Kott, A. (2019).
Fundamental concepts of cyber resilience: Introduction and
overview
. Cyber resilience of systems and networks, 1-25.
Luzzatto, C. A. (2022).
Regulating Cyber Warfare Through the United Nations
. The Cyber
Defense Review, 7(4), 261–270. Retrieved from: https://www.jstor.org/stable/48703304/
Malatji, M., Marnewick, A. L., & Von Solms, S. (2022).
Cybersecurity capabilities for critical
infrastructure resilience
. Information & Computer Security, 30(2), 255-279.
Marrone, A., & Sabatino, E. (2021).
Cyber Defence in NATO Countries: Comparing Models
.
Istituto Affari Internazionali (IAI). Retrieved from:
http://www.jstor.org/stable/resrep28807/
MAURER, T., & NELSON, A. (2020).
PRIORITY #1: CYBER RESILIENCE. In International
Strategy to Better Protect the Financial System Against Cyber Threats
(pp. 33–72).
Carnegie Endowment for International Peace. Retrieved from:
http://www.jstor.org/stable/resrep26915.7/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
27
McDonald, O. M. (2017).
Harvesting Daniels: Cognitive Tools for Cultivating Moral Authority
to Secure Nations
.
Montasari, R. (2023). Countering Cyberterrorism:
The Confluence of Artificial Intelligence,
Cyber Forensics and Digital Policing in US and UK National Cybersecurity
(Vol. 101).
Springer Nature.
Nish, A., Naumaan, S., & Muir, J. (2020).
Cyber Resilience and Testing Schemes. In Enduring
Cyber Threats and Emerging Challenges to the Financial Sector
(pp. 16–17). Carnegie
Endowment for International Peace. Retrived from:
http://www.jstor.org/stable/resrep27701.8/
Organisation for Economic Co-operation and Development. (March 21st, 2012).
Cybersecurity
Policy Making at a Turning Point; Analysing a new generation of national cybersecurity
strategies for the Internet economy.
Retrieved from:
https://www.oecd.org/sti/ieconomy/cybersecurity%20policy%20making.pdf/
Pauletto, C. (2020).
Information and telecommunications diplomacy in the context of
international security at the United Nations
. Transforming Government: People, Process
and Policy, 14(3), 351-380.
Petrenko, S. (2022).
Cyber resilience
. CRC Press.
Renaud, K., Orgeron, C., Warkentin, M., & French, P. E. (2020).
Cyber security
responsibilization: an evaluation of the intervention approaches adopted by the Five
Eyes
countries and China.
Public Administration Review, 80(4), 577-589.
Scala, N. M., Reilly, A. C., Goethals, P. L., & Cukier, M. (2019).
Risk and the five hard problems
of cybersecurity
. Risk Analysis, 39(10), 2119-2126.
Sciences
,
11
(10), 4580.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
28
Sepasgozar, S. M., Khan, A. A., Smith, K., Romero, J. G., Shen, X., Shirowzhan, S., ... &
Tahmasebinia, F. (2023).
BIM and Digital Twin for Developing Convergence
Technologies as Future of Digital Construction. Buildings
, 13(2), 441.
Shrobe, H., Shrier, D. L., & Pentland, A. (Eds.). (2018).
New Solutions for Cybersecurity
. MIT
Press.
Snyder, D., Powers, J. D., Bodine-Baron, E., Fox, B., Kendrick, L., & Powell, M. H. (2015).
Cybersecurity Laws and Policies. In Improving the Cybersecurity of U.S. Air Force
Military Systems Throughout Their Life Cycles
(pp. 18–39). RAND Corporation.
Retrieved from: http://www.jstor.org/stable/10.7249/j.ctt19rmd15.8/
Spaulding, S., Nair, D., Barkoff, S., Ali, H., Subah, N., Higman, M., Majkut, J., Harding, E., &
Ghoorhoo, H. (2023).
Cyber Resilience. In Innovation for Resilience: A Focused Study
on
Workforce, Climate, Supply Chain, and Cyber Resilience
(pp. 22–30). Center for
Strategic and International Studies (CSIS). Retrieved from:
http://www.jstor.org/stable/resrep48645.7/
Trump, D. J. (2017). National security strategy of the United States of
America.
https://apps.dtic.mil/sti/pdfs/AD1043812.pdf
The Cybersecurity 202 Network. (February 23, 2021).
Connecting cybersecurity experts across
government and industry in an ongoing survey.
The Washington Post (Online).
Washington, D.C. WP Company LLC d/b/a The Washington Post.
The European Union Agency for Cybersecurity. (November, 2021).
ENISA REPORT: Raising
Awareness of Cybersecurity; A Key Element of National Cybersecurity Strategies
.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
29
Retrieved from: file:///C:/Users/user/Downloads/ENISA%20Report%20-
%20Raising%20awareness%20of%20cybersecurity%20as%20a%20key%20element%20
of%20NCSS.pdf/
Tumkevič, A. (2018).
Uncertain Security Community: Building Western Cyber-Security Order
.
Journal of Information Warfare, 17(1), 74–86. Retrieved from:
https://www.jstor.org/stable/26504130/
United Nations. (2018).
The protection of critical infrastructures against terrorist attacks:
Compendium of good practices
. United Nations Office on Counter-Terrorism. Retrieved
from:
https://www.un.org/securitycouncil/ctc/sites/www.un.org.securitycouncil.ctc/files/files/do
cuments/2021/Jan/compendium_of_good_practices_eng.pdf/
Viganò, E., Loi, M., & Yaghmaei, E. (2020).
Cybersecurity of critical infrastructure
. The Ethics
of Cybersecurity, 157-177.
Wagner, T. D., Mahbub, K., Palomar, E., & Abdallah, A. E. (2019).
Cyber threat intelligence
sharing: Survey and research directions
. Computers & Security, 87, 101589.
Wilson, D. C. (2021).
Cybersecurity
. MIT Press.
Zwilling, M., Klien, G., Lesjak, D., Wiechetek, Ł., Cetin, F., & Basim, H. N. (2022).
Cyber
security awareness, knowledge and behavior: A comparative study
. Journal of Computer
Information Systems, 62(1), 82-97.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
30
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help