Running head: ANNOTATED BIBLIOGRAPHY
ANNOTATED BIBLIOGRAPHY 2
Annotated bibliography
Anil Kumar Bandi
University of The Cumberlands
ITS 835- Enterprise Risk Management
Dr. Oludotun Oni
July 5th, 2019
Annotated bibliography: Cyber Security
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do they fail to change behaviour. arXiv preprint arXiv:1901.02672.
In this technology era where we are using technology everywhere and at the same time cyber threats also became very common. So, having awareness about the cyber security is always good. security is a touchy issue that should be treated with most extreme classification. Authors through this book, explained about the key factors regarding the security which may lead them to neglecting to properly change individuals' behavior. Past what's more, current endeavors to improve data security rehearses and advance a maintainable society have not had the ideal effect. It is significant in this way to basically think about the difficulties engaged with improving data security practices for natives, buyers and representatives as there are not aware of risks in cyber security. This research paper considers the challenges from a psychology perspective and, they believed that creating awareness is always based on how people react and perceive the risks.
The very important finding from this study is that, people know the answers for the questions asked during the survey about the risks they know about the cyber security but the interested thing, they don’t react how they usually react in real life. Being that said, it is very proposed that it is very essential for having risk awareness and practices from the beginning. This article also explained about the factors influencing the risks awareness failure in cyber security. And other important finding is, intercessions dependent on major hypothetical information to change conduct that consider social convictions and frames of mind and are bound to succeed.
Coffey, K., Maglaras, L. A., Smith, R., Janicke, H., Ferrag, M. A., Derhab, A., ... & Yousaf, A. (2018). Vulnerability Assessment of Cyber Security for SCADA Systems. In Guide to Vulnerability Analysis for Computer Networks and Systems (pp. 59-80). Springer, Cham.
This paper explains about the cyber security risk assessment of Supervisory Control and Data Acquisition system. In this system, security is mainly done by controlling physical access to framework parts which were extraordinary unique restrictive correspondence conventions. According to this paper, security in this system was present as an implication of safety. Modern day SCADA systems are more sophisticated and because of using the advanced technology and it’s complex too and prone to many risks as well. The SCADA systems are also prone to may risks because of rapidly increasing interconnectivity, hard wares and protocols using for communication and their standardization. So, risk assessment ...
APM Welcome, APM North West Network Conference, Synergies Across Sectors
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docx
1. Running head: ANNOTATED BIBLIOGRAPHY
ANNOTATED BIBLIOGRAPHY 2
Annotated bibliography
Anil Kumar Bandi
University of The Cumberlands
ITS 835- Enterprise Risk Management
Dr. Oludotun Oni
July 5th, 2019
Annotated bibliography: Cyber Security
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security
awareness campaigns: Why do they fail to change
behaviour. arXiv preprint arXiv:1901.02672.
In this technology era where we are using technology
everywhere and at the same time cyber threats also became very
common. So, having awareness about the cyber security is
always good. security is a touchy issue that should be treated
with most extreme classification. Authors through this book,
explained about the key factors regarding the security which
may lead them to neglecting to properly change individuals'
behavior. Past what's more, current endeavors to improve data
security rehearses and advance a maintainable society have not
2. had the ideal effect. It is significant in this way to basically
think about the difficulties engaged with improving data
security practices for natives, buyers and representatives as
there are not aware of risks in cyber security. This research
paper considers the challenges from a psychology perspective
and, they believed that creating awareness is always based on
how people react and perceive the risks.
The very important finding from this study is that, people know
the answers for the questions asked during the survey about the
risks they know about the cyber security but the interested
thing, they don’t react how they usually react in real life. Being
that said, it is very proposed that it is very essential for having
risk awareness and practices from the beginning. This article
also explained about the factors influencing the risks awareness
failure in cyber security. And other important finding is,
intercessions dependent on major hypothetical information to
change conduct that consider social convictions and frames of
mind and are bound to succeed.
Coffey, K., Maglaras, L. A., Smith, R., Janicke, H., Ferrag, M.
A., Derhab, A., ... & Yousaf, A. (2018). Vulnerability
Assessment of Cyber Security for SCADA Systems. In Guide to
Vulnerability Analysis for Computer Networks and Systems (pp.
59-80). Springer, Cham.
This paper explains about the cyber security risk assessment of
Supervisory Control and Data Acquisition system. In this
system, security is mainly done by controlling physical access
to framework parts which were extraordinary unique restrictive
correspondence conventions. According to this paper, security
in this system was present as an implication of safety. Modern
day SCADA systems are more sophisticated and because of
using the advanced technology and it’s complex too and prone
to many risks as well. The SCADA systems are also prone to
may risks because of rapidly increasing interconnectivity, hard
wares and protocols using for communication and their
3. standardization. So, risk assessment is an important of the ERM
in SCADA and it answers the following things like:
· What can be wrong?
· What are the chances of going wrong and likelihood of
happening?
· What are the results and consequences of that?
Smith. R also explained that Risk assessment in ERM also helps
to understand what can be done and what are the options
available to mitigate the risks in cyber security. And, impact of
decisions from the top people in the management on future
scope. The ERM methodology consists of mainly
· Identify the system configuration
· Identify the quantitative risk model.
· Distinguish and organize the security necessities of the
primary targets.
· Identify and categorize the vulnerabilities.
· Understand the attack paths.
Paté‐Cornell, M. E., Kuypers, M., Smith, M., & Keller, P.
(2018). Cyber risk management for critical infrastructure: a risk
analysis model and three case studies. Risk Analysis, 38(2),
226-241.
Overseeing digital security in an association includes assigning
the insurance spending plan over a range of potential
alternatives. This requires surveying the advantages and the
expenses of these choices. The hazard investigations displayed
here are measurable when applicable information is accessible,
and system‐based for high‐consequence occasions that have not
occurred at this point. This article presents, initial, a general
probabilistic hazard examination system for digital security in
an association to be indicated. It at that point portrays three
instances of forward‐looking investigations persuaded by
ongoing digital assaults.
This paper explaining about the problem and stakeholders in
cyber security. Now a days, cyber security has become very
common and because of this it damages the people confidence
4. in believing the mangers who’s maintaining the infrastructure.
The countermeasures considered in this article address the
various periods of a digital assault on explicit associations. That
includes 2-factor authentication to reduce the risk intrusion on
the systems. The hazard evaluations portrayed here yield a lot
of hazard bends for a given framework, with and without
thought about upgrades. These outcomes would then be able to
move toward becoming contributions to a choice investigation,
permitting a decision maker to recognize the measure or set of
measures that will expand his or her normal utility. The authors
were given private access to a database of digital assaults on a
huge, U.S.‐based association. This enabled us to represent our
hazard examination technique, including, initial, a factual
investigation of a past occasion, at that point an expansion of
the outcomes to the likelihood of progressively genuine
occasions in the future.5 This database incorporates more than
60,000 digital assaults over an ongoing six‐year period (2009–
2015). The seriousness of an assault is basically estimated in
long periods of examination. We investigated this information
to decide if the assault recurrence had expanded after some
time, and to contrast a few alternatives with decrease the
current digital hazard.
Naseer, H., Ahmad, A., Maynard, S., & Shanks, G. (2018).
Cybersecurity Risk Management Using Analytics: A Dynamic
Capabilities Approach.
The advanced undertaking uses chance driven and control-
focused security the executives’ frameworks to secure data
assets and continue upper hand. Such frameworks have
demonstrated to be very viable in the avoidance of dangers that
adventure normal vulnerabilities. Be that as it may, they are less
fit to dynamic reaction against dangers, for example, Advanced
Persistent Threats. To better understand the how companies are
dealing with new dynamic threat, this researcher took the data
from ten expertise interviews and analyzed in depth. The
5. dynamic capacities hypothesis tends to the topic of how
endeavors can adapt to evolving business conditions.
Consequently, the hypothesis has increased expanding
consideration in numerous regions
counting hierarchical learning, innovation move, and
assembling (Teece et al. 1997). This hypothesis is an expansion
of the asset-based view (RBV), which estimates that 'when
firms have assets that are profitable, uncommon, supreme, and
non-substitutable, they can accomplish maintainable upper hand
by executing crisp worth making techniques that can't be
effectively copied by contending firms' (Barney et al. 2001).
Cybersecurity chance administration is the general procedure
that coordinates the recognizable proof and investigation of an
endeavor's digital dangers, gives the evaluation of the
probability and effect of said hazards on the business, and
empowers a choice with respect to the move that ought to be
made to relieve those dangers (Spears what's more, Barki 2010).
The appraisal part of the procedure includes gathering
information to distinguish: (1) resources and their business
esteem, (2) dangers that may affect resources, (3) security
vulnerabilities in resources that could be misused, and (4)
explicit dangers and gauge their probability and potential effect
(Shedden et al. 2016). In view of this hazard evaluation, fitting
controls are actualized and after that checked to measure the
viability of the cybersecurity hazard the executives procedure
(Webb et al. 2014).
References
Scholl, M. C., Fuhrmann, F., & Scholl, L. R. (2018). Scientific
Knowledge of the Human Side of Information Security as a
6. Basis for Sustainable Trainings in Organizational Practices.
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security
awareness campaigns: Why do they fail to change
behaviour? arXiv preprint arXiv:1901.02672.
Coffey, K., Maglaras, L. A., Smith, R., Janicke, H., Ferrag, M.
A., Derhab, A., ... & Yousaf, A. (2018). Vulnerability
Assessment of Cyber Security for SCADA Systems. In Guide to
Vulnerability Analysis for Computer Networks and Systems (pp.
59-80). Springer, Cham.
Paté‐Cornell, M. E., Kuypers, M., Smith, M., & Keller, P.
(2018). Cyber risk management for critical infrastructure: a risk
analysis model and three case studies. Risk Analysis, 38(2),
226-241.
Naseer, H., Ahmad, A., Maynard, S., & Shanks, G. (2018).
Cybersecurity Risk Management Using Analytics: A Dynamic
Capabilities Approach
Research Paper Rubric
Component 100% 75% 50% 25% 0
Basic
Requirements
Formatted correctly, at
least 500 words in
length, citation page
and internal citations
correct (APA format), at
7. least 2 cited peer
reviewed sources.
Does not meet required
page length, and/or
does not have 2 cited
peer reviewed sources.
Thesis
Statement
Engaging, challenging,
and clearly focuses the
paper. Effectively
stated in the
introduction and
carried throughout the
paper.
Clear and articulate,
engaging and clearly
focuses the paper, but
is not challenging. Is
effectively carried
throughout the paper.
Clearly stated in the
introduction, attempts
to be engaging, is
adequate, but lacks
insight and focus, and is
carried through the
paper.
Included in the
introduction, but is
8. vague. Lacks insight,
focus, and is not carried
throughout the paper.
Is vague or may be
lacking in the
introduction; is not
focused and lacks
development; is not
carried throughout the
paper.
Introduction Strong and effective, it
is engaging and clearly
defines the thesis, as
well as provides a
foundation for the body
of the paper.
Effective and engaging,
defines the thesis and
provides foundation for
the body of the paper.
Introduces the topic of
the paper and builds a
connection between
the topic, the thesis,
and the body of the
paper. Informative but
not engaging or strong.
Introduces the topic of
the paper loosely and
includes the thesis
statement. Provides
9. little information
regarding the topic.
Includes little more
than the thesis and
shows no demonstrable
knowledge of the topic
of the paper.
Content
Strongly and vividly
supports the thesis and
is reflective of strong,
thorough research.
Illustrates extensive
knowledge of the topic.
Every aspect of the
thesis is supported by
quality academic
research.
Strongly supports the
thesis and is reflective
of good, thorough
research. Illustrates
knowledge of the topic,
but could be extended.
Most aspects of the
thesis are supported by
quality academic
research.
Supports the thesis and
reflects research, and
10. illustrates adequate
knowledge of the topic.
Could be extended and
shows some gaps in
understanding of the
topic. Although there
may be some
inconsistencies with
support from quality
academic research.
Related to the thesis
but reflects inadequate
research and
knowledge of the topic,
and demonstrates a
lack of understanding.
There may be a lack of
support from quality
academic research.
Does not convey
adequate
understanding of the
topic, the research, or
the thesis. There are
many unsupported
aspects of the thesis
and the research lacks
quality sources.
Organization Effectively organized.
Logical structure of
points and smooth
transitions convey both
understanding of topic
11. and care in writing.
Well organized, but
may lack some
transitions between
ideas. Logical structure
of most ideas conveys
understanding of topic
and composition.
Ideas are logically
structured, but may
lack transitions
between ideas. Could
benefit from
reorganizing 1 or 2
ideas.
Some significant gaps in
organization are
present but the basic
framework of ideas is
logical. Overall
organization could be
improved.
Much of the paper lacks
organization of ideas,
making it difficult to
understand the ideas
expressed in the paper.
Citation Format APA format is used
accurately as needed
throughout the entire
paper.
12. APA format is used
throughout the entire
paper, but may show
variations or slight
inconsistencies of
format.
APA format is used
throughout the entire
paper, but may be
noticeably inconsistent
in format.
APA format is used
inaccurately and
inconsistently in the
paper.
APA is not used
(regardless of the
number of sources or
citations).
Conclusion Strongly and clearly
connects the thesis
statement to the
research to draw a
specific conclusion that
does not leave the
reader with questions
regarding the thesis.
Clearly connects the
thesis statement and
the research to draw a
13. clear conclusion that
draws the research to a
logical close.
Connects the thesis
statement and research
to draw a conclusion
regarding the research.
Restates the topic
statements throughout
the paper.
Restates the thesis and
the topic statements,
but does not draw any
specific conclusion
about the research or
the thesis.
There is no conclusion;
it restates the thesis at
best.
Conventions Conventions of
standard written
English are used with
accuracy; there are few,
if any, minor errors.
Conventions of
standard written
English are used; there
may be several minor
errors of usage.
Conventions of
14. standard written
English are used;
however, there may be
a few major errors and
few minor errors of
usage.
Conventions of
standard written
English are used with
numerous major errors
and several minor
errors of usage.
The paper shows
significant errors in
conventions of
standard written
English.
Based on the annotated biography you completed for your Mid-
Term Paper on implementing Enterprise Risk Management
(ERM), write a research paper on how ERM is leveraged to
minimize risk and create opportunity in your chosen industry.
Be sure to provide specific examples.
Here are the research paper requirements:
• Submit the assignment as a Microsoft Word document (.doc or
.docx). Your paper must be in APA format; for additional
information on APA format, visit:
https://owl.english.purdue.edu/owl/resource/560/01/
• This assignment must be YOUR OWN WORK! If plagiarism
is detected in your work, you will receive a grade of zero for
15. the entire paper.
• At least two (2) peer-reviewed articles or papers
• Between 500 and 1000 words in length (excluding title page
and reference list)
• Please use the attached rubric for the paper.