ICT role in 21st century education and it's challenges.
Running head cyber security competition framework cyber securi
1. Running head: Cyber Security Competition Framework
Cyber Security Competition Framework 2
Cyber Security Competition Framework
Divya Valaboju
IST 8101- Field Experience/Internship
Billy Machage
9/18/2016
Contents
Cyber Security Competition Framework 3
Methodology 5
Action Research 5
History of Action Research 5
The steps that have been suggested for action research include:
7
The planning phase 7
The action phase 7
The observation phase 7
The reflection phase 7
References 9
Cyber Security Competition Framework
Innovation is the main issue that drives economic growth as
well as job creation. Cyber security encompasses the protection
of an organization’s intellectual property as well as business
information that is in digital form of different types of abuse
2. and misuse, which is a growing management issue. The desire to
protect intellectual property through trademarks, patents as well
as copyrights is vital to the objective of ensuring that an
organization can pursue innovation. Thus the ability by an
organization top protects their information technology platform
from the diverse security threats that could hamper their success
is by implementing an effective cyber security competition
platform (Andrijcic & Horowitz, 2006). The competition from
other players in the industry is the main issue that leads to the
increase in the threat of there being theft of an organization
productivity base.
Through the framework, it will be possible for an organization
to possess risk-based compilation guidelines that are going to
make it possible for them to identify, implement and
consequently improve their cyber security practices (Tisdale,
2015). Although the framework does not introduce new concept
or standards, it serves to leverage as well as integrate diverse
cyber security practices that have been developed by the
organization as the international standardization organization
and the NIST. The framework refers to the compilation of the
practices as the “CORE” which encompasses five continuous as
well as concurrent functions (Von Solms & Van Niekerk, 2013).
These promote the identification, protection, detection, response
as well as recovery, which present a strategic view of an
organization’s lifecycle in the management of their cyber
security risk.
The threat that is posed to business and their operations due to
the diverse cyber security threats has seen an increase in the
number as well as the form of attacks. The threats that these
businesses are also facing change with issues as disgruntled
employees releasing sensitive company information taking an
organization’s intellectual property to the competitors as well as
taking part in online fraud being on the increase. Other
organizations have had to ensure that the losses they have
suffered as a result of the cyber security threats and breach to
their technology infrastructure do not become public (Tisdale,
3. 2015). Other business organizations have been compelled to pay
ransom to the cyber criminals as well as to get a description of
the vulnerabilities that an attack has exposed.
There is the general trend whereby value is migrating online,
and that digital data is becoming increasingly pervasive. The
implication of this drift is that institutions are experiencing
more online attacks. There is also an increase in the number of
people who are accessing the corporate networks via mobile
devices they use in their personal lives which increase cyber
security threats.
The plan, in this case, is to implement a cyber security
competition framework that addresses all the threats that an
organization faces. There will be the implementation of a
framework to be addressed at the most senior levels of the
organization. Addressing these threats will revolve around the
protection of the organization’s most vital business assets
instead of merely focusing on the technological vulnerabilities
as the use of the multilayer programs for the classification of
corporate data (Andrijcic & Horowitz, 2006). Further, a
framework will be targeted at the protection of an
organization’s data instead of on the perimeter through the
reorientation of an organization’s security architecture from the
devices as well as locations to roles and data. There will be an
additional introduction of a paradigm that refreshes the cube
security strategies employed by an organization and ensure that
they deal with the fast-evolving business needs as well as
threats. Methodology
Action research encompasses the systematic collection of
information whose core rationale is the contribution to social
change. It entails the learning that is realized through doing,
and in this assertion, a group of people identifies a certain
problem within their setting or organization, implement
strategies that are meant to resolve the problem. Further, the
group that is involved in the implementation of the solution
evaluates how successful their efforts have been and if they
have not been satisfied, they try the implementation again. The
4. issues addressed above lead to the definition of action research,
which is believed to revolve around the desire to contribute to
practical concerns of the individuals in the problematic
situation and at the same time promote the advancement of the
goals of science (Stringer, 2007). It is thus clear that there is an
element of dual commitment depicted in the use of action
research in studying a system as well as collaborating with the
members of that system to change the situation they find to be
problematic. Action Research History of Action Research
The origin of action research is connected with Kurt Lewin.
Lewin proposed that action research falls under the
classification of research that is needed for social practice and
is best attributed as one meant to social management or
engineering. The approach that is proposed by Lewin is that of
steps, with each step encompassing a circle of planning, action
along with fact findings concerning the implication of the
action. In the mid-1940s, Lewin developed a theory of action
research, saying that it is a proceeding spiral of steps, with each
of the steps encompassing the planning, action as well as
evaluation of the result of the action (Collis & Hussey, 2003).
According to Lewin, the initial step of action research
encompasses the careful assessment of the idea in light of the
available means. If there is the success in this planning period,
there is the emergence of two items that encompass the overall
plan on how to realize the objective and the second attribute
being the decision relating to the first step.
In the 1960s, action research faced a decline in its effectiveness
owing to the association that it had with radical political
activism. There was the development of doubts relating to the
rigor of AR as well as the training that had been acquired by the
individuals using it (Brydon-Miller, Greenwood & Maguire,
2003). It, however, is evident that AR has attained considerable
foothold within the areas of community-based as well as
participatory AR as well as a type of practice that is oriented
towards the improvement of the educative encounters.
Action research has a wide assortment of uses in the scientific
5. field mainly about the advancements that promote the
realization of the diverse objectives stipulated in the scientific
study. In this assessment, AR is vital to the development of
reflective scientific practitioners who are instrumental to the
progress of the scientific field, when individual scientists
commit themselves to fostering continuous growth and
development of the scientific field (Collis & Hussey, 2003).
When each of the research is assessed through the empirical
investigation into the issues that are causing, the challenges
realized in the field and helped in the development of solutions.
Further, the use of action research in the scientific
investigations aids in the development of a professional culture
that promotes their focus in mapping out the solution to the
challenges in the field. It follows that the fact that all scientist
are committed to realizing the same objective contributes to the
sharing of a similar vision of a culture of commitment to
coming with solutions to the IT challenges. The steps that have
been suggested for action research include:The planning phase
The initial AR phase is the planning and encompasses the
assessment of the solution and implementing a plan of how the
main issues identified are going to be resolved. The main issue
in this phase is the development of a plan and procedures that
are going to be included in developing the solution.The action
phase
The second phase of AR is the action phase and will revolve
around the introduction of the procedures and solutions that
have been established in the planning phase. The action shall
include the methodical execution of all the steps as enumerated
in the planning phase.The observation phase
The third AR phase is the observation phase and includes the
evaluation of the execution of the solutions and procedures. The
main reason behind this phase is the assessment of whether the
solutions that are being implemented are addressed the issue
under focus and making the necessary changes.The reflection
phase
The last phase of AR is a reflection of what was successful in
6. the execution of the solution and what was not successful. There
additionally is the assessment of the elements that could be
improved during the subsequent execution to ensure that the
solutions are successful.
Diagram 1: Action research cycle source (Collis & Hussey,
2003).
The implementation of the cyber security competition program
through the employment of action research offers the assurance
that the solutions framework is going to be a success as it will
be a product of iterative research, ensuring that solutions are
better after every cycle.
References
Andrijcic, E., & Horowitz, B. (2006). A Macro‐ Economic
Framework for Evaluation of Cyber Security Risks Related to
Protection of Intellectual Property. Risk Analysis, 26(4), 907-
923.
Brydon-Miller, M., Greenwood, D., & Maguire, P. (2003). Why
action research?. Action research, 1(1), 9-28.
Collis, J. & Hussey, R. (2003). “Business Research. A Practical
Guide for Undergraduate and Graduate Students” 2nd edition,
Palgrave Macmillan
Stringer, E. T. (2007). Action Research: A handbook for
practitioners 3e, Newbury Park, ca.: Sage. 304 pages. Sets
community-based action research in context and develops a
model. Chapters on information gathering, interpretation,
resolving issues; legitimacy etc. See, also Stringer’s
(2003) Action Research in Education, Prentice Hall.
Tisdale, S. M. (2015). Cybersecurity: Challenges From A
Systems, Complexity, Knowledge Management And Business
Intelligence Perspective. Issues in Information Systems, 16(3).
Von Solms, R., & Van Niekerk, J. (2013). From information
security to cyber security. computers & security, 38, 97-102.
7. Running head: CYBER SECURITY FRAMEWORK
CYBER SECURITY FRAMEWORK 11
Literature Review
Cyber Security Framework
Action Research
Course Code:
Name:
Table of contents
Literarure review4
Proposal 8
References 11
List of Figures
Figure 1: 10 steps to cyber security 7
Figure 2: Cyber security 8
Figure 2: Visual representation 10
8. LITERATURE REVIEW
The ICTs have been observed to evolve rapidly and their usages
also expanding rapidly. Currently, the internet and mobile
services have become embedded in the people’s daily lives all
over the world (th ITU Global Symposium for Regulators,
2009). While this is the case, it has also emerged that that the
risks in the ICTs have also evolved and increased in both
magnitude and complexity, and this has become a key headaches
for the ICT administrators in the various organizations. It is a
fact that the organizations cannot do away with the information
communication technologies because of the many benefits that
are derived from these, and the only option is to focus more on
improving the security of the systems. The issue of cyber
security is not new, and it has attracted heated debates from
various stakeholders and governments. Cybercrime and cyber
terrorism are a major threats not only to the organizations, but
also to governments (Daya, 2008). So, what is being done about
this situation?
There are various definitions of the term cyber security. In some
cases, there are various concepts that are used together or in
place of the term cyber security, for example, Critical
9. Information Infrastructure Protection (CIIP). Other related
concepts include critical infrastructure, critical information
infrastructure, and non-critical infrastructure. The definition
differs from country to country. A simple definition of the
concept of cyber security is the protection of the information
and the systems that the organizations or governments rely on
every day (State of Alabama IS Division, n.d.). Other
definitions offered by Fischer (Fischer, 2016) include the
following:
· The set of activities, as well as measures aimed at protecting –
from disruption, attacks, and other threats – computer networks,
computers, hardware and software components, and the
information they contain and communicate among other
components of cyberspace.
· The state of being protected from the threats mentioned above.
· The broader discipline of implementing and implementing the
activities mentioned above.
There are also concepts that are often mistaken to be the same
as cyber security, and these include information sharing,
privacy, intelligence gathering, and surveillance. Another
concept often related, but not identical, to the concept of cyber
security is information security. This concept is defined under
federal law (44 U.S.C § 3552(b)(3)) as:
“Protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification,
or destruction in order to provide-
truction, and includes ensuring information nonrepudiation and
authenticity;
(B) Confidentiality, which means preserving authorized
restrictions on access and disclosure, including means for
protecting personal privacy and proprietary information; and
(C) Availability, which means ensuring timely and reliable
access to and use of information.
It is a fact that the incidences cyber security attacks are on the
increase, as Balasubramanian (n.d.) gives several examples of
the recent cyber-attacks that have been executed successfully
10. and caused huge losses to the victim organizations. Among them
include the case of European financial Services Company that
lost $ 7 billion (Balasubramanian, n.d.). Among the most
common threats to the cyber security include the following
(Zaharia, 2016):
· Cyber criminals – these are the greatest threat to the cyber
security who hack and access organizations’ finances and loots
them. The FBI have a list of 19 individuals each of whom has
caused consumer losses ranging from $ 350 000 to $ 100
million.
· Computer viruses – currently, the most expensive virus is
called MyDoom, and this has caused financial damages
amounting to $ 38.5 billion. This was first spotted in 2004, and
has since become the fastest-spreading email worm in history.
· Social media – the social media has become the hackers’ new
target. The various cyber-attacks targeted at the social media
include like-jacking, link-jacking, phishing and social spam.
· Human error – all humans do make mistakes, and human error
has also been established as a key cyber security threat.
Statistics gathered by IBM have established that about 95 % of
the security incidents can be attributed to the human error
(Howarth, 2014).
· Computers’ vulnerability to exploit kits.
· Inside jobs
· Social engineering
· Government-created malware
Figure 1: 10 steps to cyber security (adapted from
https://www.gov.uk/government/publications/cyber-risk-
management-a-board-level-responsibility/10-steps-summary)
Cyber security is basically the responsibility of each and every
person in the society (Crucial Research, 2014). This is because
the threats affect the entire society, and this is has been
evidenced by the various incidences of personal accounts
hacked and funds stolen. Cyber security is very important for
11. various reasons, among these being the fears that the threats
endanger the global economy (Gabel, 2015).
Proposal
The purpose of this action research is to implement a cyber -
security framework untended for protecting the organizations
information infrastructure and systems. Being an action
research, the researcher will involve various groups of people
including organizational executives and government officials, as
well as IT experts in order to accomplish this implementation.
The action research will highly rely on the input from the
various stakeholders and also acceptance by the government and
the organizations.
Figure 2: Cyber security (adapted from
https://www.cesg.gov.uk/articles/infographics-cesg)
The action research will have four iterations, and these are as
discussed in the paragraphs that follow.
Iteration 1: Understanding cyber security. The first iteration
will involve gaining more insight into the concept of cyber
security and the various measures already taken to improve the
cyber security situation. The iteration will also establish the
current trends in the cyber security in order to fully define the
problem and design the cyber security framework.
Iteration 2: Design the cyber security framework. The second
iteration will entail designing the cyber security framework,
keeping in mind that here are existing frameworks that still
have failed to offer the ultimate cyber security.
Iteration 3: Implementing the cyber security framework. The
third iteration involves the implementation of the cyber security
framework that has been designed previously. The
implementation will be done taking into account the fact that
each organization of government has different cyber security
needs. Issues of customization will also be addressed during the
third iteration.
Iteration 3: Monitoring. The last iteration will entail monitoring
12. the implementation process and taking the relevant corrective
actions. Changes and modifications will also be done to the
initial implementation plan in order to cover for the deviations
from the plans.
Iteration flow diagram
The diagram below illustrates the iteration flows of this action
research.
Iteration 1: Understanding cyber security
Reflect
Observe
Act
Plan
Iteration 2: Designing cyber security framework
Reflect
Observe
Act
Plan
Iteration 3: Implementing cyber security framework
Reflect
Observe
13. Act
Plan
Reflect
Observe
Act
Plan
Iteration 4: Monitoring
Figure 3: Iteration Flow Diagram
Each of the above iteration will have four phases – plan, act,
observe, and reflect. The planning phase involves laying out the
course of action for the iteration among other things. The action
phase entails actual undertaking the various activities for the
iteration. Observe phase will entail taking note of the
happenings of the iteration, while the reflection phase intends to
explain various things that happen within the iteration.
References
Balasubramanian, V. (n.d.). Combating Cyber Security Threats.
Threat, Threat Everywhere; Cyber-Criminals on the Prowl, 1-
10. Retrieved from
https://download.manageengine.com/products/passwordmanager
pro/combating-cyber-security-threats.pdf
Crucial Research. (2014). People’s Role in Cyber Security:
Academics’ Perspective. Crucial Research, 1-8. Retrieved from
14. https://www.crucial.com.au/pdf/Peoples_Role_in_Cyber_Securit
y.pdf
Daya, B. (2008). Network Security: History, Importance, and
Future. 1-33. Retrieved from
http://web.mit.edu/~bdaya/www/Network%20Security.pdf
Fischer, E. (2016). Cybersecurity Issues and Challenges: In
Brief. Congressional Research Service, 1-12.
Gabel, D. (2015, July 01). Cyber risk: Why cyber security is
important. Retrieved from Whitecase.com:
http://www.whitecase.com/publications/insight/cyber-risk-why-
cyber-security-important
Howarth, F. (2014, Sept 2). The Role of Human Error in
Successful Security Attacks. Retrieved from
Securityintelligence.com: https://securityintelligence.com/the-
role-of-human-error-in-successful-security-attacks/
State of Alabama IS Division. (n.d.). Cyber Security is our
Shared Responsibility. 1-2. Retrieved from
http://cybersecurity.alabama.gov/Documents/security/WhyCyber
SecurityisImportant.pdf
th ITU Global Symposium for Regulators. (2009).
Cybersecurity: The Role and Responsibilities of an Effective
Regulator. Draft Background Paper, 1-40.
Zaharia, A. (2016, May 12). 10 Alarming Cyber Security Facts
that Threaten Your Data [Updated]. Retrieved from
Heimdalsecurity.com: https://heimdalsecurity.com/blog/10-
surprising-cyber-security-facts-that-may-affect-your-online-
safety/
Running head: CYBER SECURITY
CYBER SECURITY 6
Iteration 1: Understanding Cyber security
Cyber Security Framework
Action Research
15. Course Code:
Name:
Table of contents
Plan3
Act 4
Observe 5
Reflect 5
Iteration 1: Understanding cyber security
Plan. Planning is a crucial activity in the research process, as it
entails the preliminaries to the research activities. In action
research, planning is an action conducted at every iteration, and
this is because each iteration is a set of activities distinct from
other iteration. There are a good number of activities that the
researcher needs to undertake before undertaking the actual
events of the action research. The anticipated tasks, their
outcomes and resources needed, as well as people involved are
as discussed below:
i. Researching the topic of cyber security. The first task to be
undertaken will be to conduct some research on the topic of
16. cyber security with an intention of offering an insight or
understanding of the topic. The resources to be used include
computer, the internet, books and stationery. Pertaining to the
people involved, that will involve myself alone. The activity is
expected to take two days. The result of this activity will be
gathering information of what cyber security is.
ii. The second activity is to conduct some analysis of the
information or data collected. The analysis will use some
resources that include stationery and computer. Once again,
only I will be involved in this activity. The analysis will be
done with the aim of extracting the relevant content pertaining
to explaining the concept of cyber security and related concepts.
iii. Lastly, preparing a brief report pertaining to the entire
endeavour and lessons and outcomes obtained will follow. After
all information has been made clear, a report will then be
presented. The expected outcome of this activity is a well
written report outlining all that was done and the outcomes of
the various actions.
Act. Planning comes before the actual action can be taken. In
action research, every iteration has an action phase where the
researcher undertakes to follow the guideline or plan developed
previously to achieve the goals and outcomes predetermined in
the planning phase.
Among the activities that I conducted herein include
researching on the concept of cyber security. Researching this
concept made me to seek information from various sources, the
key among them being books and academic papers. These were
among the resources allocated during the planning phase. Other
resources or sources of information include databases and
website or the internet. The main aim of the iteration is to give
a clear overview of the concept and also related concepts. As
such, I used various strategies during the research process, and
this included use of keywords when searching for the specific
contend from the internet.
Another activity I undertook was recording the data obtained
from these sources. Data recording was simply in the form of
17. notes taken during the research. This was followed by data
analysis where the researcher used content analysis to obtain the
information from the various sources. Any content relating to
the cyber security and related concepts was extracted from these
sources. Lastly, I undertook to define and offer some more
information pertaining to cyber security. Being the final activity
in this iteration phase, I discussed various aspects of the cyber
security concept and related this information to the main theme
of the action research – that is, designing and implementing a
cyber-security framework. This phase ushered in the next phase
in this iteration where the lessons derived from this phase and
the planning phase are highlighted and explanations offered
where necessary.
Observe. The third phase of each iteration is the observation
phase. The observation phase of an action research simply
entails the analysis of the situations of the iteration in question.
In other words, the researcher undertakes to extract some
lessons from the previous iterations. Each action in the
iterations is expected to bear some to bear some outcomes as
had been predetermined during the planning phase. This is why
the researcher, in the observation phase, takes note of all that
went on in the iteration. The first iteration was a rigorous with
so much to observe.
The researcher observed that there was adequate literature
pertaining to the issue of cyber security. Researchers and
practitioners have extensively documented the various issues
regarding the topic and this only meant that the researcher could
easily access data and gain an understanding of the cyber
security. Secondly, there are several models of the cyber
security framework that have been designed previously to
address cyber security threats. This is an indication that the
researcher would only be replicating the previous models only
that the framework to be designed and implemented would be
customized. This is because the researcher understands the
problem at hand and develops a solution to the specific
18. problem, rather than a general solution to general problems. The
previous models be used not only as reference points, but also
as controls to ensure the researcher designs and develops a
viable solution. Lastly, there are several concepts closely
related to the cyber security concept that would require to be
clarified in order to draw clear lines between them. There are
chances that these concepts would be confused with the concept
under investigation.
Reflect. The final phase of each of the iterations is the
reflection phase, whereby the researcher ponders the happenings
of the iteration and establishing the relationships between the
various phenomena. This is a careful analysis of the happenings
of the iteration determining why things happened as they did
and what effect they had on the outcome or other things. This is
where the researcher makes various judgments pertaining to
various issues.
Entirely, the iteration can be said to have been a success, and
this is because the desired outcome was obtained after a careful
performance of the various goal-oriented activities. Even
though it is a wide concept that could take many days and a lot
of resources to cover fully, he researcher was able to gain an
understanding of the concept with the resources and timeframes
allocated for this iteration. The planning went on well, and this
is the major reason for the iteration success. Some things may
not have gone too well, and this includes a comprehensive
discussion of the concept and related concepts. This did not
happen owing to the fact that the resources and time needed for
that would have been too much. This is also a process that could
be improved.
Among the challenges included time and resources, as their
limitation also caused a limitation of the scope of the iteration.
Given adequate time and resources, a comprehensive review of
the topic would have been possible, and this could have implied
a better framework could be developed. This is also a risk factor
in that the shallow discussions exposes the researcher to the risk
19. of developing an inferior framework that would not overcome
the problems it is intended to.