Critical on Cybersecurity - Annotated Bibliography Example

Critical Annotated Bibliography on Cyber security Anderson R. (2001). Why information security is hard – An economic perspective. 17th Annual Computer Security Applications Conference (ACSAC01), IEEE Computer Society. Retrieved from http://www.acsac.org/2001/papers/110.pdf Accessed on 06-02-2014. Internet has become vital for economic competitiveness for collective well being of human and innovation. Internet has made continuous growth and impacted all aspects of lives. Parallel to internet development for business, an increase in cyber security risks has been noticed. Interconnectedness of the internet has been exploited by the broadband attacks. Cyber security also includes the targeted attacks in order to manipulate, destroy, steal or getting to access to confidential data. Researcher examined the information warfare and weaknesses in the area of information security. He found that offensive operations were more productive as compared to defensive measures. Defending a system from attack is much harder than attacking a system. Locke Gary (2011). CYBERSECURITY, INNOVATION AND THE INTERNET ECONOMY, Available from http://www.commerce.gov/sites/default/files/documents/2011/june/cybersecurity_green_paper_finalversion_0.pdf Accessed on 10-02-2014. Discovering flaws in system security prior an attack is crucial and less costing factor in cyber security. Author’s point of view on offensive measures rather than defensive measures is some extent useful in many real world scenarios. In addition to this, information management requires more attention of political powers to keep their interests and desires more secret. Information security solutions are partial and subtle as simpler techniques of cyber security cannot provide a comprehensive solution to security flaws. Anderson R., Bohme, R., Clayton, R., Moore T. (2008). Security Economics and the Internal Market. European Network and Information Security Agency (ENISA). Retrieved from http://www.enisa.europa.eu/publications/archive/economics-sec Accessed on 05-02-2014. Anderson et al. (2008) found that network security was significant. They found that billions of Euros are spent on information security measures. Both public services and markets development is negatively impacted by the information security and public concerns. Loss of data on children and electronic medical information in UK called the government to plan for the secure e-health information system. It is more appropriate to say that information systems do not fail for the technical reasons, but for the wrong incentives. Several key principle recommendations have been suggested for the elimination of cyber security issues, which require stakeholder support for implementation of cyber security recommendations. Johannes M. Bauer and Michel J.G. van Eeten, (2009). Cybersecurity: Stakeholder Incentives, Externalities, and Policy Options. Telecommunications Policy, Vol. 33, No. 10. P.p.706-719. Criminal and fraudulent motivations cause the breaches in information security. In the current age of information technology, activities of criminals have increased. Individual stakeholders take information security decisions, which favor public interests in shaping the cyber security measures. Sub optimal security levels emerge from externalities, which are afflicted through the decentralized decisions. Cyberspace at a global level has become complicated instead of devising many effective solutions, as heterogeneous and diverse players as well as interdependence players are involved. Although, stakeholders take cyber security information individually, yet they can prove to be supportive motives behind the security implications in an information communication technology ecosystem. Department of Defense Strategy, (2011) Five Strategic initiatives, United States of America. Retrieved from http://www.defense.gov/news/d20110714cyber.pdf Accessed on 07-02-2014. Cyberspace is a good source for trading the services and goods all around the world as assets move from one place to another place in seconds. Communication transportation, finance and banking, and energy sectors mainly rely upon the cyber security in US. Other than these departments, defense department of US also depends upon the cyberspace for its functioning. Military intelligence and business operations of US military largely depend upon the cyberspace. US Nation and defense department found the vulnerabilities in the cyberspace. Cyberspace is embedded with devices, network systems and other platforms to complete the set objectives. Many foreign companies have acquired the access of various elements of the defense system of US. Defense department of US works with international partners to mitigate the cyber security risks. However, it is questionable that how US DoD and its partners control over the cyber security risks. Department of defense must install parallel warning systems. Warning system must be embedded with the intrusion systems for cyber security and also capable to monitor the activities of partners using the same equipment. Security vendors also need to develop the software which is effective in combating the cybercrimes. O’Connell, E. M. (2012). Cyber security without cyber war, Journal of Conflict & Security Law Oxford University Press. Retrieved on http://jcsl.oxfordjournals.org/content/17/2/187.full Accessed on 06-02-2014. Many developing countries are entering in the world of cyberspace. Every country with cyber security capabilities has either its own security system which looks for the activities over the internet or hire third body to support them. US have assigned this responsibility to its military for cyber security functions. It is known that cyber space was the international space. However, countries or organizations affected through risks of cyber security, but every country differ in legislation enacted for cyber security criminals. Therefore, international legislation for cyber security must be formulated, which must comply with the local laws of countries. Military in USA defends the cyberspaces and free from applications of international laws practically. In various incidents of cyber attacks, governments sponsor the hackers, which cause destruction in targeted countries. Scales H.R. (2000). Future Warfare Anthology, Available from http://www.strategicstudiesinstitute.army.mil/pdffiles/pub222.pdf Accessed on 09-02-2014. Network and good computer defenses can go much farther as compared to military forces to keep the communication and commerce peaceful over the internet. Another solution for cyber security is the life cycle model for cyber security, and technology users must eliminate all holes from where hackers can enter and exploit the services. For example, IBM, Microsoft, and other companies need the consideration of cyber security measures, which are necessarily required avoiding the cyber security attacks. Wamala, F. (2011). ITU National cyber security strategy guide, International telecommunication Union. Retrieved from http://www.itu.int/ITU-D/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdf Accessed on 06-02-2014. Many world organizations took measures to build trust and confidence among nations in use of ICT as it is important for socio-economic well being of human being. United Nation Organization passed five resolutions to combat the issue of cyber security attacks in member countries. In a study of Wamala (2011) critical infrastructure (CI) which was defined as a key system that functions and serves the governments, organizations, and people. Disruption or destruction of this critical infrastructure can deliberately impact the public safety and health, national security, commerce or combination of these problems. Physical assets and critical sectors of member countries are controlled through the operation of critical information infrastructure. European Commission (2013). Cyber security of the European Union, Available from http://eeas.europa.eu/policies/eu-cyber-security/cybsec_comm_en.pdf Accessed from 09-02-2014. Regarding the functioning of cyber security, the reliable functioning of cyber security may ensure the trust and confidence in the applications of ICT. Otherwise it can hinder the national security, commerce and daily life. However, this national security, daily life, and commerce can be saved if proper protection principles are timely applied. In addition to protection measures, cyber security training and skills are essentially required. Therefore, member countries should organize their educational priorities to avail opportunities and combat the cyber security issues. Scholarship programs for cyber security education may increase the awareness and measures of cyber security. Bohme R., and Schwartz G. (2010). Modeling Cyber-Insurance: Towards A Unified Framework, Workshop on the Economics of Information Security, Harvard University, Cambridge, MA. Retrieved from http://weis2010.econinfosec.org/papers/session5/weis2010_boehme.pdf Accessed on 07-02-2014. Market models on the cyber security insurance have been proposed and classified through the formal framework. A unified way of cyber security risk was used to model this framework. A survey on models identified for cyber security assurance and also those areas which were not covered with these models had been studied. This unifying framework helped the navigation of literature and simulated the research, which resulted into formal recommendations for the cyber security. The framework also gives key components after modeling them for decisions. Network environment, organizational environment, supply side, demand side, and information format are key components of the framework. Particular obstacles for development of cyber insurance on the correlated risk and interdependent security are encompassed in this framework. Although this work is crucial in identification of literature work for cyber security framework but requires the implementation of the outcomes from the work. This work directed the attention of researchers towards the components identified in this paper, and future work can explore all the components and find the tradeoffs between expressiveness and model complexity. The framework used in this research was only helpful for the analytical models on the cyber insurance. Hence it cannot reflect the reality of art based on the quantitative empirical work. TechAmerica (2011). Improving our Nation’s Cybersecurity through the Public‐Private Partnership, The Association of companies driving innovation worldwide. Retrieved from https://www.cdt.org/files/pdfs/20110308_cbyersec_paper.pdf Accessed on 07-02-2014. A group of companies working in America believed that cyber security had been the priority of US. It was impossible for a single entity to control over the cyber security risks alone. Companies together can cooperate and coordinate their efforts with the collaboration of governments. In the context of cyber security, government of US has focused on the seven crucial areas including risk management, incident management, privacy and information sharing, international engagement, supply chain security, research and development, innovation, education and awareness. Instead of establishing a new model of partnership, existing model of cooperation between public and private sectors must be strengthened. Bucci, S., Rosenzweig, P and Inserra D. (2013). A Congressional Guide: Seven Steps to U.S. Security, Prosperity, and Freedom in Cyberspace, Available from http://www.heritage.org/research/reports/2013/04/a-congressional-guide-seven-steps-to-us-security-prosperity-and-freedom-in-cyberspace Accessed on 09-02-2014. Cooperation between private and public sectors can take a number of measures to eliminate the existing problems in cyber security. However, congress and executive branch of US must implement the recommendations to promote the cyber security, protect the privacy and spur the innovation. Read More