Critically examine the threats to information security and the extent to which they can be mitigated by security managers.

Critically examin" rel="nofollow">ine the threats to in" rel="nofollow">information security and the extent to which they can be mitigated by security managers. Order Description Guidance Harvard Referencin" rel="nofollow">ing with 25 Reference Lists or more. In order to answer this question you will need a sound understandin" rel="nofollow">ing of the subject matter of all units of the module material. The question is broadly framed in" rel="nofollow">in terms of the potential areas that can be in" rel="nofollow">included and you should carefully consider which of the relevant areas you wish to explore and how you will justify their in" rel="nofollow">inclusion. Do bear in" rel="nofollow">in min" rel="nofollow">ind that the more areas you in" rel="nofollow">include the more superficial your examin" rel="nofollow">ination of them: you should aim to achieve a balance between in" rel="nofollow">includin" rel="nofollow">ing the areas that are of particular in" rel="nofollow">interest to you and the depth of the discussion required to do them justice. You should consider what meanin" rel="nofollow">ing you will give to the term ‘in" rel="nofollow">information security’. This is a constantly shiftin" rel="nofollow">ing area: how (if at all) does this impact on the type of threat? You should also thin" rel="nofollow">ink about the role of security managers in" rel="nofollow">in relation to in" rel="nofollow">information security. Do all security managers have responsibilities in" rel="nofollow">in this regard? What are and should be the extent and limitations to that responsibility? What are the ‘tools’ at their disposal? How effective are those tools in" rel="nofollow">in mitigatin" rel="nofollow">ing a range of threats? How will you evaluate their effectiveness? You may wish to draw on case studies and/or your professional experience as evidence to illustrate the poin" rel="nofollow">ints that you are makin" rel="nofollow">ing. Please ensure that you take an objective and unbiased approach when evaluatin" rel="nofollow">ing your own experience and in" rel="nofollow">incorporate it in" rel="nofollow">into your argument in" rel="nofollow">in an impartial way. Keywords Cybercrime and cyber security should be critically defin" rel="nofollow">ined. The effect of data breaches on reputation and brand should be substantially argued among other consequences of data breach and emphasized with examples which could in" rel="nofollow">include the Sony Entertain" rel="nofollow">inment Picture data breach of November, 2014. Examples should reflect economic loss, when, where and how the breach occurred. Write-up should be built around cybercrime and cyber security with emphasis on Data Breach and Data Protection caused by Malwares. The UK Data Protection Act 1998 and Computer Misuse Act 1990 and the Serious Crime Act 2015 should be used to buttress arguments and lay emphasis. Impact of legislation to curbin" rel="nofollow">ing cybercrime should be briefly discussed (see James, S. (2015) Can Legislation stop Cyber Crime? Available at: https://www.computerweekly.com/opin" rel="nofollow">inion/Can-legislation-stop-cyber-crime) How Security Managers can adopt Baselin" rel="nofollow">ine Framework among other Cyber Security Framework to reduce cyber risk to critical in" rel="nofollow">infrastructure should be critically analyzed in" rel="nofollow">in lin" rel="nofollow">ine with the US National Institute of Standards and Technology Framework and Cyber Security Strategy. The use of standards and practices to manage in" rel="nofollow">information security and cybercrime should also be critically evaluated. Frameworks such as ISO 27001:2013, COBIT5 ISA 62443-1-1:2009, NIST SP 800-53 Rev. 4 Cryptography as a counter measures to protect critical in" rel="nofollow">information systems should be critically evaluated. The advantages and disadvantages of brin" rel="nofollow">ing your own device (BYOD) has it affects data breaches and cyber security should be evaluated with referenced examples and in" rel="nofollow">instances. NIST Special Publication 800-83 Revision 1 provide a comprehensive guide to malware in" rel="nofollow">incident prevention and handlin" rel="nofollow">ing for desktops and laptops which should be in" rel="nofollow">incorporated in" rel="nofollow">in the essay. The Executive Summary and Technical Data on PwC (2016) Information Security Breaches Survey 2015 from the Department of Busin" rel="nofollow">iness, Innovation and Skills/PwC. London can be a great resource to support arguments in" rel="nofollow">in the essay. The ASIS International, ISSA and ISACA Alliance for Enterprise Security Risk Management (AERSM) should be used to discuss converged and team defense and response to data breaches with examples of argument for and again" rel="nofollow">inst. Emphasis should be made on Convergence as in" rel="nofollow">in how physical security and HR security (background check of employees, hirin" rel="nofollow">ing skilled employees etc.) impact cyber security. (See Teuber, C (2012) Security Convergence – can we afford to ignore it?, Smith, M (2012) The Case for Convergence and Oparnica (2012) Experiences from a Real Convergence Project. Core prin" rel="nofollow">inciples and theories of crimin" rel="nofollow">inology such as social bondin" rel="nofollow">ing theory, social learnin" rel="nofollow">ing theory, rational choice perceptive, Crime prevention through environmental design (CPTED), situational crime prevention (SCP), Dhillion (1999), balanced approach to managin" rel="nofollow">ing and controllin" rel="nofollow">ing IS misuse, crime pattern theory should be in" rel="nofollow">introduced and critically evaluated where appropriate. Crime prevention through environmental design (CPTED) for in" rel="nofollow">instance can be used to discuss physical security as a means of converged security approach to defense again" rel="nofollow">inst cybercrime. Any other in" rel="nofollow">information required to follow the guide and address the question critically examin" rel="nofollow">ine the threats to in" rel="nofollow">information security and the extent to which they can be mitigated by security managers.