Question

please help me to solve this!

8.16 .Organisations are often subject to legal requirements, with controls put in place to meet these. An example is the Privacy Act, which places restrictions on how data is to be gathered, used and stored. It also addresses security of data and procedures for protecting access to data. Required (a) Explain why protecting data is an increasing challenge for organisations. (b) Suggest organisational control activities that could be implemented to protect data. 8.17 Read the article by Fiona Smith115 in figure 8.16 and answer the following questions.

Answer 1

Why protecting data is an increasing challenge for organizations.

It is because new risks are springing up that target on stealing data which has exposed the data to new vulnerabilities. Thus advanced cyber security strategy, controls and methods are required that also should be constantly updated to beat the cybercriminals.

Protecting data is an increasing challenge for organizations because:

• The people behind cyber-attacks use gullible employees of organization through social engineering techniques e.g. employee are lured to click on suspicious links that breach whole security of organizations.
• Organizations are less agile in comparison to hackers. They are lagging in adopting a “risk-based view of their environment”. Thus hackers come up with innovative ways to hack enterprise data.
• A fatigue or inertia gets in the people of organization. They lose their motivation to follow cyber-security warnings and guidelines.
• The third party cloud vendors fail to follow security regulations and companies don’t audit then for it.

Suggest organizational control activities that could be implemented for protecting data

• The companies need to go for educative and awareness programs and training on cyber security for e.g. simulation on data phishing can be used. The most modern way could be real-time security risk management: through recognition of risk and generation of notifications by machine learning and employing artificial intelligence remedial system.
• On all end to end networks, devices, applications etc. the company should use end-to-end encryption solutions
• Access controls should be placed and it could be with permission of administration intervention.
• The company should encourage use of cyber vigilance in employees by developing a culture around it. It should have program of celebrations for cyber-security triumphs, reward consistency in teams and employees who show pro behavior towards it.

https://www.csoonline.com/article/3187305/article.html