Analysis of Cybersecurity Standard and Framework Components

Satisfactory cybersecurity protection, encompassing all data security solutions, can only be achieved by adopting a cybersecurity framework that provides a structure and methodology for protecting critical digital assets. In addition, security experts recommend using cybersecurity standards which consist of a collection of best practices to protect organizations from cyber threats. However, many organizations, companies and governments lack experienced personnel in the cybersecurity domain, so they have difficulty adopting a standard approach or cybersecurity framework. Protecting organizations from cyber threats while demonstrating compliance with laws and standards is seen as extremely complex due to the difficulty on choosing the appropriate standard to be used. Moreover, lack of knowledge on the elements needed that offered by the standard is lead to the problem on identifying the started point where the protection will be began.  Therefore, in this paper, a literature and the analysis is presented in identifying the elements of cybersecurity standard and framework that can be facilitate the organization or government on choosing the appropriate standard and framework to be used and utilized. The literature review was carried out to understand the various types of cybersecurity standards and frameworks and the analysis is conducted to identify the elements in each of them. In this paper, eight steps are presented and include the types of international standards, which are general, local regulation, as well as specific standards used in the industrial sector, to conclude the findings of the analysis. Furthermore, a relation map is presented using Writing a Literature Review release 2.0 approach to show the relationship between the literature review and future research

An Analysis of the Impact of Information Security Policies on Computer Security Breach Incidents in Law Firms

Law firms maintain and store voluminous amounts of highly confidential and proprietary data, such as attorney-client privileged information, intellectual properties, financials, trade secrets, personal, and other sensitive information. There is an ethical obligation to protect law firm client data from unauthorized access. Security breaches jeopardize the reputation of the law firm and could have a substantial financial impact if these confidential data are compromised. Information security policies describe the security goals of a law firm and the acceptable actions and uses of law firm information resources. In this dissertation investigation, the author examined the problem of whether information security policies assist with preventing unauthorized parties from accessing law firm confidential and sensitive information. In 2005, Doherty and Fulford performed an exploratory analysis of security policies and security breach incidents that highlighted the need for research with different target populations. This investigation advanced Doherty and Fulford\u27s research by targeting information security policies and security breach incidents in law firms. The purpose of this dissertation investigation was to determine whether there is a correlation between the timing of security policy development (proactive versus reactive policy development) and the frequency and severity of security breach incidents in law firms of varying sizes. Outcomes of this investigation correlated with Doherty and Fulford\u27s general findings of no evidence of statistically significant relationships between the existence of a written information security policy and the frequency and severity of security breach incidents within law firms. There was also a weak relationship between infrequency of information security policy updates and increase of theft resources. Results demonstrated that, generally, written information security policies in law firms were not created in response to a security breach incident. These findings suggest that information security policies generally are proactively developed by law firms. Important contributions to the body of knowledge from this analysis included the effectiveness of information security policies in reducing the number of computer security breach incidents of law firms, an under represented population, in the information assurance field. Also, the analysis showed the necessity for law firms to become more immersed in state security breach notification law requirements