Report on Contemporary cyber security practice an evidence of IT industry

Chapter 1

Introduction of Contemporary cyber security practice an evidence of IT industry

It is a fact that cyber-attacks are a big threat to infrastructure and systems of companies, individuals and government. The use of technology is increasing with the passage of time, and this increased use is also coming up with several issues and vulnerabilities in the information technology systems. Keeping the cyber security attacks in mind, where credit cards data has been stolen, ATMs are not working, and mutual fund companies are unable to operate; all of them need to consider some counter measures.

If any technology is used on a small scale, its issues and problems can also be small, but when things have become huge part of daily life and businesses as information technology has become, then its relevant issues are obvious to happen. That’s why it is critical for individuals and companies to stay alert and come up with various countermeasures so that they can avoid cyber-attacks in the first place, and if they do happen, then they must have a plan to deal with those threats (Amoroso, 2012).

Cyber security is one of the biggest concerns of recent times, and if considerable countermeasures will not be taken by stakeholders, then they may face severe consequences. The individuals, companies, and governments should come up with policies and systems to protect their data and sensitive information by developing and implementing above mentioned countermeasures because this is the only way to effectively deal with cyber security issues.

The companies are required to ensure that they are following the policy guidelines provided by the government and experts to keep countermeasures in their cyber security systems. If they will follow the policy guidelines and come up with a comprehensive strategy, then they will be in a better position to resolve vulnerabilities in their systems, and if something wrong happens, they would be better in making a response to those cyber-attacks (cyberdefensemagazine, 2019).

1.1 Problem Statement of Contemporary cyber security practice an evidence of IT industry

Cyber threats and data breaches are getting common in society as information technology is improving and advancing. In the presence of such security threats, it is becoming difficult to make IT industry secure and data breaches controlled. Credit cards and banking system are also a point of attention for these security threats and cybercrimes. In short, cyber threats are a problem for cyber security. The research will study this problem to find out a solution.

1.2 Research objectives of Contemporary cyber security practice an evidence of IT industry

The key objectives of this research work are enlisted below:

To examine the impact of unauthorized access on the cyber security

To identify suspicious activities in IT industry

To explain the significance of the security measures for cyber security.

1.3 Rationale of the study of Contemporary cyber security practice an evidence of IT industry

The rationale of this research study is the prime reason for conducting this research work. IT security issues are becoming a problem for the strength of the industry. IT security issues are also causing problems for customers availing services of banks and credit cards. Moreover, another reason is to identify problems which need to be controlled and managed for secure IT system (Hasib, 2014).

1.4 Research questions of Contemporary cyber security practice an evidence of IT industry

Q1. What is the impact of unauthorized access on the cyber security?

Q2. What are the suspicious activities in IT industry?

Q3. What is the significance of the security measures for cyber security?

1.5 Significance of the study of Contemporary cyber security practice an evidence of IT industry

The current study tends to have both the theoretical and the practical implications. It will serve as the basis for the future research work. Also, it will help the managers to use the findings and the discussions of the current research work for the strategy formulation.

1.6 Hypotheses development of Contemporary cyber security practice an evidence of IT industry

The hypotheses development is as given:

H1: Unauthorized access tends to increase the cyber security threats.

H2: Suspicious activities in IT industry have a positive significant association with the cyber security threats.

H3: Effective security measures help to minimize the cyber security threats.

Chapter 2

Literature Review of Contemporary cyber security practice an evidence of IT industry

It is evident due to so many cyber-attacks that cyber-criminals are getting sophisticated with their approach, and if they continue in this fashion, then there will be more severe challenges for individuals and companies to deal with. There is a need to use the technology of automated security intelligence which keeps an automatic eye on systems, and if any vulnerability or issue is found, it is quickly detected (Gantz & Philpott, 2012). The role of AI can be crucial in placing considerable countermeasures so companies should use the essence of AI to improve cybersecurity. In addition to that, all security systems should be updated and they are placed in every aspect of the IT infrastructure so that attackers may experience resistance at every point (Shinichiro, 2017).

As Kazan (2016) described that as a function of five fundamental attributes of protected computing device, as well as the information security such as the confidentiality, accuracy, integrity, availability as well as authenticity, the effectiveness of the latest computer applications is usually observed. The concepts of the cyber security are usually applicable to different areas or the different departments such as education, government systems as well as the ordinary lives of the private individuals. The extended applications which are runnable on the internet or the special internet applications are involved by normally considerations with the name of cyber security.

As stated by Kazan (2016), the process to maintain as well as achieving secure cyberspace is very difficult and complex, as well as it also concerns with intellectual property, sustainability, privacy, the critical infrastructure as well as the personal identity of the organization. The threats for making secure the operating infrastructure are profound as well as serious such as cybercrime, cyber terrorism, cyber espionage as well as a cyber war for the kind of the technical community has responded with the procedures as well as safeguards and normally the private sector supplies. The whole study gives very brief information on the security within the cyber domain with the objective of the developing techniques of cyber security (Kazan, 2016).

As stated by Knowles, Prince, Hutchison, & Jones (2015), in isolation, it is operated by the contemporary industrial control system while distinguished networks are used such as the internet as well as the corporate networks, for the facilitation as well as for improving the business process. Furthermore, exposure to cyber threats increases the consequences of this kind of development. The whole survey of this study tells about the recent techniques and methodologies as well as the research to calculate the effects of the risks as well as handle those risks effectively.

Knowles, Prince, Hutchison, & Jones (2015) also described that it has identified by the dearth of the security metrics for the specific industrial control system as a hurdle for the implementation of this kind the methodologies. Therefore, an agenda is outlined in the industrial security control system metrics for future research. To handle the fail-secure as well as a fail-safe of the industrial control system operations, the concept of functional assurance is also introduced (Knowles, Prince, Hutchison, & Jones, 2015).

As stated by Scully (2014), the attitudes that ‘it won’t happen to me’ still overcome within the industry’s boardrooms at the time of the consideration on the senior the executives of the threats of the cyber interruptions. In the commercial world of the cyber security, not too much changes occurred in the previous few years such as the data breach drivers, hackers or the attackers are not being confronted for identification of the new ways for the stealing the sensitive information as well as the intellectual property of the companies or the organizations. Furthermore, the consequences of the even main breaches of the security seem not to become felt by the leaders of those organizations which are a victim.

Furthermore, some questions are also raised in this study which is discussed in Scully (2016) which are: why is it so? Surely the practitioners or experts of the security of IT are determining the new methods for the identification as well as preventions of the chosen interruptions within the networks of the organizations? Are the consequences of the chosen interruptions as too much importantly, which the leaders of the organization tolerate them, or do only distinctions feel of the failure pain? The whole study is exploring all of the possible threats which can cause the failure of cyber security in the very beginning within the industry as well as contends. On the other side, the leaders of the industry must not be along for taking the responsibilities for such kind failures in the cyber security as well as they should take the initiative to prevent the cyber-attacks by making the lives of hackers harder. The concepts of cyber security are usually applicable to different areas or the different departments, such as education, government systems, as well as the ordinary lives of private individuals. Moreover, the leaders of the companies cannot wait for the governmental policy, coordination, or strategy for the leadership. The study is suggesting some kind of calculations that a chief executive officer may adopt for making a new approach for the company to increase cyber security (Scully, 2014).

As described by Nissenbaum (2005),the study on cyber security, which is determining the conception of the security into the two different ways within the contemporary concerns on the vulnerability of the networks as well as the computers for the hostile attack. In computer science as well as engineering ,the one conception is derived from the conceptions of focuses of the individual of computer security, which is developed. The concepts of the cyber security are usually applicable to different areas or the different departments such as education, government systems as well as the ordinary lives of the private individuals. Therefore, an agenda is outlined on the industrial security control system metrics for future research.

In the commercial world of the cyber security, not too much changes occurred in the previous few years such as the data breach drivers, hackers or the attackers are not being confronted for identification of the new ways for the stealing the sensitive information as well as the intellectual property of the companies or the organizations. The concerns of the security of the national agencies of the government information to others, as well as the distinguished owner of the intellectual property, are also informing others. In the last, the Copenhagen school of the international relations develops the securitization as well as the evaluation comparatively of this tow the conception are also using the theoretical construct of the securitization (Nissenbaum, 2005).

As described by Hare (2009) that the examination of whether the review interruption of some foreign companies is related to the relations of the audit companies along with the multinational companies. The study is based on the listed companies in the study around115 companies of the stock exchange for the end of the year 1998. Furthermore, to find any kind of important distinctions that exist between those companies working on the audits, they all have used the nonparametric tool. The outcomes of the past researches on the delay of the audit appear that the companies related to those international companies were doing audits for the provision of the motivation to the small delays of the audit. Although, the study highlights that the multinational companies within Bangladesh have larger delays of audits with the 6.31 mean months, while the global mean month is 5.86 (Hare, 2009).

As stated by Cook, Smith, & Janicke(2016),the underpin complicated national infrastructure may be classified as the low-frequency events or the high impact when the cyber attacks on the industrial control system come into form. Furthermore, the range and the quantity of the cyber attacks against the total foot prints of the industrial control system is small, as well as the outcome there is an inadequate dataset for the assessment adequately for the threats for the operator of ICS, and up till now, the effects are potentially catastrophic to date. So, the study is determining the very important elements of the current science of the decision which may be utilized for informing as well as for improving the cyber security of industrial control system against the aggressive risks as well as it also appears the parts where further development work is needed for discovering the assessments of the risks. Moreover, the research study is also proving the detail of how the informative data from the generated processes for safety may inform the process of decision making. The study is also concluding by providing some recommendation on how a data set after validation which can be made for the supporting the investments within the cyber security of industrial control system (Cook, Smith, & Janicke, 2016).

As described by Tikk (2010) that the contemporary global regimes of cyber security, as well as this artiocle, tells that the main focus of the cyber security regime is on the number of the different role of the multination organizations. The approach of the prevailing of such companies is disjointed as well as at odds with the priorities of the national-level policy. Furthermore, a comprehensive approach is required for the rectification of such kind conditions as well as it also increases the cyber security. For the acknowledgment, the full array of cyber threats as well as it also combines the dissimilar actors at the level of the country. Furthermore, the provided traditional profile is exclusively located for becoming the sources of such kind of comprehensive framework (Tikk, 2010).

2.1 Theoretical Framework

 Chapter 3

Research Methodology of Contemporary cyber security practice an evidence of IT industry

For the current research work the questionnaire, regarding the cyber security, is used. It is distributed among 350 employees of 6 IT firms in Pakistan. SPSS is used to perform the tests on the data and evaluate the results. The correlation and the regression analysis is better suggested be used for the data analysis purposes.

3.1 Research Design of Contemporary cyber security practice an evidence of IT industry

3.1.1 Research Approach of Contemporary cyber security practice an evidence of IT industry

There exist various forms of the study. For the current research work, it is confirmed that the nature of the study is quantitative. The data nature better helped to evaluate the methodology for the said research. There exists the numerical data if it is the case of the quantitative methodology. In order to collect the data from the respondents, the self-administered survey is conducted.

3.1.2 Type of investigation of Contemporary cyber security practice an evidence of IT industry

In order to get the desired results from the data, it is suggested to make use of the correlation analysis. Also, the use of correlation analysis is determined due to the numerical nature of the data. The use of regression analysis made it possible to decide whether to accept or reject the hypotheses.

3.1.3 Unit of Analysis of Contemporary cyber security practice an evidence of IT industry

The data collection is based on the professionals of the IT firm. So, an employee who is working in the IT firm is the unit of analysis.

3.1.4 Time Horizon of Contemporary cyber security practice an evidence of IT industry

This study is cross- sectional in nature based on the fact that the data is gathered for just once. There is no need for the follow ups for the data collection purposes.

3.1.5 Research Strategy of Contemporary cyber security practice an evidence of IT industry

The data is collected by making use of the questionnaire. These are distributed among the individuals of IT firm in order to get their responses.

3.2 Research Methodology of Contemporary cyber security practice an evidence of IT industry

The self-administered survey better helped to achieve the purpose of the study. The questionnaire is perceived to be the simple and quick tool for the data gathering purposes. The questionnaire is provided with the five-point likert scale having its range from 1 to 5. A questionnaire is if complete only then it is accepted for the analysis purposes.

3.2.1 Population of the study of Contemporary cyber security practice an evidence of IT industry

The population is all about the employees of the IT firms in Pakistan. The unit of analysis helped to determine the study population.

3.2.2 Sample and sampling strategy of Contemporary cyber security practice an evidence of IT industry

The questionnaire is distributed among 350 employees of 6 IT firms in Pakistan. So the sample size is 350 employees of the IT firm. To achieve the objectives of the current study the non-probability (convenient sampling) technique is used. The data is collected from the respondents who are willing to give their responses.

3.2.3 Data Collection Method of Contemporary cyber security practice an evidence of IT industry

The primary data collection is based on the self-administered survey. The questionnaire is considered to be the economical and the cheap resource for the data collection. The secondary data is collected through the previous already existing research articles.

3.2.4 Pilot Study of Contemporary cyber security practice an evidence of IT industry

The pilot study tends to determine both the instrument’s validity and the data reliability. The sample size of 25 employees is being taken for the pilot study. The value of Cronbach Alpha for all the study items is greater than 0.70 which depict the high reliability of the study items on the questionnaire.

3.2.5 Response rate of Contemporary cyber security practice an evidence of IT industry

The questionnaires which are distributed among the employees of the IT firms in Pakistan are being filled and returned back for the analysis purposes. Out of 350 questionnaires, the count returned is 298 which depict 85% of the response rate.

3.2.6 Data Analysis Software and techniques of Contemporary cyber security practice an evidence of IT industry

The data analysis is performed by making use of SPSS (Statistical Package for the Social Sciences), version 22. First the organized data is entered to the excel sheet. The data from the excel sheet is then copied & pasted to the SPSS. The reliability analysis, correlation analysis and regression analysis are performed by making use of SPSS.

The SPSS results will be helpful to determine if any technology is used on a small scale, its issues and problems can also be small, but when things have become huge part of daily life and businesses as information technology has become, then its relevant issues are obvious to happen. That’s why it is critical for individuals and companies to stay alert and come up with various countermeasures so that they can avoid cyber-attacks in the first place, and if they do happen, then they must have a plan to deal with those threats (Djekic, 2019; Bauman, Toomey, & Walker, 2013).

References of Contemporary cyber security practice an evidence of IT industry

Amoroso, E. (2012). Cyber Attacks: Protecting National Infrastructure, STUDENT EDITION (illustrated Edition ed.). Elsevier.

Bauman, S., Toomey, R. B., & Walker, J. L. (2013). Associations among bullying, cyberbullying, and suicide in high school students. Journal of Adolescence , 36, 341-350.

Cook, A., Smith, R., & Janicke, L. M. (2016). Measuring the Risk of Cyber Attack in Industrial Control Systems. Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research (ICS-CSR 2016) , 23-25 .

cyberdefensemagazine. (2019). Some counter measures of cyber attack. Retrieved from https://www.cyberdefensemagazine.com/some-countermeasures-to-cyber-attacks/

Djekic, M. D. (2019). Some Countermeasures to cyber attacks. Retrieved from https://www.cyberdefensemagazine.com/some-countermeasures-to-cyber-attacks/

Gantz, S. D., & Philpott, D. R. (2012). FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security. Newnes.

Hare, F. B. (2009). Private Sector Contributions to National Cyber Security: A Preliminary Analysis. Journal of Homeland Security and Emergency Management , 6 (1), 1547-7355.

Hasib, M. (2014). Cybersecurity Leadership: Powering the Modern Organization. Tomorrow's Strategy Today, LLC.

Hurley, R. F. (1998). Innovation, market orientation, andorganizational learning: an integration and empirical examination. Journal of Marketing , 62 (3), 42-54.

Kazan, H. (2016). Contemporary Issues in Cybersecurity. Journal of Cybersecurity Research (JCR) , 1 (1).

Knowles, W., Prince, D., Hutchison, D., & Jones, J. F. (2015). A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection , 9, 52-80.

Nissenbaum, H. (2005). Where Computer Security Meets National Security. Ethics and Information Technology , 61–73.

Scully, T. (2014). The cyber security threat stops in the boardroom. Journal of Business Continuity & Emergency Planning , 7 (2), 138-148.

Shinichiro, N. K. (2017). Countermeasures against Unknown Cyberattacks Using AI. NEC Technical Journal , 12.

Spry, A. P. (2011). Celebrity endorsement, brand credibility and brand equity. European Journal of Marketing , 45 (6), 882-909.

Tikk, E. (2010). Global Cybersecurity–Thinking About the Niche for NATO. SAIS Review of International Affairs , 105-119.

 Appendix 1: Questionnaire

The purpose behind conducting this survey is to meet up the objectives of this research. It will take almost 10 minutes to fill out this questionnaire. It is assured that the information will be kept confidential and anonymous to others. For the completion of research work, your assistance is required. All of your efforts are highly appreciated.

Name (optional)

Age:  a) 18-24                     b) 25-34 years                   c) 35-44 years                    d) 45 or above

Gender: a) Male         b) Female

Educational Level: a) Bachelor           b) Masters     c) M-Phil       d) Others

Employment status: a) Private officials b) Government officials   c) others    

For the said questionnaire five-point likert scale is used. It ranges from 1 to 5. Here, 

Kindly provide your response for each of the given statements: