http://www.iaeme.com/IJM/index.as 125 editor@iaeme.com
International Journal of Management (IJM)
Volume 8, Issue 4, July– August 2017, pp.125–133, Article ID: IJM_08_04_016
Available online at
http://www.iaeme.com/ijm/issues.asp?JType=IJM&VType=8&IType=4
Journal Impact Factor (2016): 8.1920 (Calculated by GISI) www.jifactor.com
ISSN Print: 0976-6502 and ISSN Online: 0976-6510
© IAEME Publication
DISASTER RECOVERY, AN ELEMENT OF
CYBER SECURITY- A FLICK THROUGH
J. Srinivasan
Assistant Professor, Sri Krishna Arts and College, Coimbatore, Tamilnadu, India
S. Simna
II B.Com, Sri Krishna Arts and College, Coimbatore, Tamilnadu, India
ABSTRACT
Cyber security has never been easy and because attacks progress every day as
attackers become more imaginative, it is precarious to properly define cyber security
and classify what establishes good cyber security. Why is this so significant? Because
year over year, the universal devote for cyber security endures to cultivate. 71.1 billion
in 2014 (7.9% over 2013), and 75 billion in 2015 (4.7% from 2014) and anticipated to
spread 101 billion by 2018. Cyber security defends the data and honesty of calculating
assets fitting to or linking to an organization’s network. Its determination is to protect
those assets against all danger actors all over the entire life cycle of a cyber-attack.
Cyber security experts need a sturdier considerate of these topics and many others, to
be able to challenge those encounters more efficiently. This paper will focus on the
elements of cyber security specially concentrating on the element DISASTER
RECOVERY/ BUSINESS CONTINUING PLAN. This paper will also explain other
elements briefly.
Key words
:
Cyber security, Disaster recovery, Organization’s network, Considerate.
Key words: J. Srinivasan and s. Simna, Disaster Recovery, An Element of Cyber
Security- A Flick Through. International Journal of Management, 8 (4), 2017, pp. 125–
133.
http://www.iaeme.com/ijm/issues.asp?JType=IJM&VType=8&IType=4
1. INTRODUCTION
Cyber security is the organization of skills, procedures and observes intended to defend
networks, computers, agendas and information from dose, injury or unlawful admission. In a
calculating setting, security includes both cyber security and corporeal security. Certifying
cyber security needs synchronized labors throughout an information system. One of the most
stimulating elements of cyber security is the quickly and continually developing nature of
security dangers. The traditional method has been to focus most resources on the most vital
system mechanisms and protect against the biggest known intimidations, which required
Disaster Recovery, An Element Of Cyber Security- A Flick Through
http://www.iaeme.com/IJM/index.as 126 editor@iaeme.com
leaving some less vital system apparatuses unprotected and some less dangerous risks not
protected against. Such an approach is inadequate in the current environment. In this paper we
will discuss the various elements of cyber security.
2. REVIEW OF LITERATURE
Adel S.Elmaghraby and losavia M M (2014) in their article explains two important and
entangled challenges: security and privacy. Security includes illegal access to information and
attacks causing physical disruptions in service availability. As digital citizens are more and
more instrumented with data available about their location and activities, privacy seems to
disappear. Privacy protecting systems that gather data and trigger emergency response when
needed are technological challenges that go hand-in-hand with the continuous security
challenges. Their implementation is essential for a Smart City in which we would wish to live.
We also present a model representing the interactions between person, servers and things. Those
are the major element in the Smart City and their interactions are what we need to protect.
P. Fallara (2003) in his article examined that A catastrophe is anything that threatens the
function or existence of a business, ranging from a computer virus to a huge earthquake. A well
thought out disaster recovery plan can play a major role in a company's survival/success.
Disaster recovery covers a broad range of topics and includes practically everyone in an
organization. Every employee - manager and janitor - must be on the same page when a disaster
occurs. The support of all the management teams is also necessary. This article covers two
important topics in disaster recovery, risk management and disaster recovery planning.
Joost R. Santos, Yacov and Y. Haimes, Chenyang Lian (2007) in their article examined that
the nation is a hierarchical system as it consists multiple classes of decisionmakers and
stakeholders ranging from national policymakers to operators of specific critical infrastructure
subsystems. In order to ensure the stability, sustainability, and operability of our critical
economic and infrastructure sectors, it is imperative to understand their inherent physical and
economic linkages, in addition to their cyber interdependencies. The result is a foundational
framework for modeling cybersecurity scenarios for the oil and gas sector. A hypothetical case
study examines a cyber-attack that causes a 5-week shortfall in the crude oil supply in the Gulf
Coast area.
Peter Sommer and Ian Brown (2011) in their article stated that cyber-related events have
the capacity to cause a global shock. Governments nevertheless need to make detailed
preparations to withstand and recover from a wide range of unwanted cyber events, both
accidental and deliberate. There are significant and growing risks of localised misery and loss
J. Srinivasan and s. Simna
http://www.iaeme.com/IJM/index.as 127 editor@iaeme.com
as a result of compromise of computer and telecommunications services. In addition, reliable
Internet and other computer facilities are essential in recovering from most other large-scale
disasters.
3. ELEMENTS OF CYBER SECURITY
Application security
Information security
Network security
Disaster recovery / business continuity planning
Operational security
End-user education
4. APPLICATION SECURITY
Application security is the use of software, hardware, and technical approaches to defend
applications from exterior intimidations. Once an addition in software design, security is
flattering a progressively significant alarm during expansion as applications develop more
normally reachable over networks and are, as a result, susceptible to a wide variety of threats.
Security measures built into applications and a sound application security dull minimalize the
probability that unauthorized code will be able to operate applications to admission, bargain,
adapt, or erase subtle data. Actions taken to safeguard application security are sometimes
called countermeasures. The most rudimentary software countermeasure is an application
firewall that bounds the implementation of files or the treatment of data by exact connected
programs. Application security can be improved by thoroughly defining enterprise assets,
classifying what each application does with respect to these assets, making a security profile
for each application, identifying and ordering potential threats and recording opposing events
and the actions taken in each case. This process is known as threat demonstrating. In this
context, a threat is any possible or actual contrasting event that can negotiate the assets of an
enterprise, counting both spiteful events, such as a denial-of-service (DoS) bout, and unplanned
events, such as the letdown of a storage device.
5. INFORMATION SECURITY
Data security (InfoSec) is an arrangement of techniques for dealing with the procedures, devices
and strategies important to anticipate, identify, archive and counter dangers to advanced and
non-computerized data. Infosec obligations incorporate building up an arrangement of business
forms that will ensure data resources paying little respect to how the data is designed or whether
it is in travel, is being prepared or is very still away. infosec programs are worked around the
center destinations of the CIA ternion: keeping up the classification, trustworthiness and
accessibility of IT frameworks and business information. These goals guarantee that touchy
data is just revealed to approve gatherings (secrecy), avoid unapproved change of data
(integrity) and assurance the information can be gotten to by approved gatherings when asked
for (accessibility).
Numerous extensive endeavors utilize a committed security gathering to execute and keep
up the association's infosec program. Regularly, this gathering is driven by a main data security
officer. The security bunch is for the most part in charge of leading danger administration, a
procedure through which vulnerabilities and dangers to data resources are ceaselessly
evaluated, and the proper defensive controls are chosen and connected. The estimation of an
association exists in its data - its security is basic for business operations, and holding validity
and gaining the trust of customers.
Disaster Recovery, An Element Of Cyber Security- A Flick Through
http://www.iaeme.com/IJM/index.as 128 editor@iaeme.com
6. OPERATIONAL SECURITY
OPSEC (operational security) is an explanatory procedure that arranges data resources and
decides the controls required to ensure these advantages. OPSEC began as a military term that
portrayed methodologies to keep potential enemies from finding basic operations-related
information. As data administration and insurance has turned out to be essential to achievement
in the private part, OPSEC forms are presently regular in business operations.
Operational security commonly comprises of a five-stage iterative process:
1. Distinguish basic data: The initial step is to decide precisely what information would be
especially destructive to an association on the off chance that it was acquired by a foe. This
incorporates licensed innovation, workers' and additionally clients' by and by identifiable data
and budgetary articulations.
2. Decide dangers: The subsequent stage is to figure out who speaks to a risk to the association's
basic data. There might be various foes that objective diverse snippets of data, and organizations
must consider any contenders or programmers that may focus on the information.
3. Break down vulnerabilities: In the helplessness investigation arrange, the association looks at
potential shortcomings among the shields set up to secure the basic data that abandon it
defenseless against potential enemies. This progression incorporates recognizing any potential
slips by in physical/electronic procedures intended to ensure against the foreordained dangers,
or ranges where absence of security mindfulness preparing leaves data open to assault.
4. Survey dangers: After vulnerabilities have been resolved, the subsequent stage is to decide the
risk level related with each of them. Organizations rank the dangers as per factors, for example,
the odds a particular assault will happen and how harming such an assault would be to
operations. The higher the hazard, the all the more squeezing it will be for the association to
actualize chance administration controls.
5. Apply proper countermeasures: The last stride comprises of executing an arrangement to
moderate the dangers starting with those that represent the greatest risk to operations. Potential
security changes coming from the hazard relief design incorporate executing extra equipment
and preparing or growing new data administration strategies.
7. END USER EDUCATION
When weighing up the greatest security risks to an association, it might come as an
astonishment to find that the end client inside the association is frequently the first to trade off
security. Through no blame of their own, and for the most part because of an absence of
mindfulness, representatives oftentimes open the virtual doors to aggressors. With the ascent in
cybercrime and in addition the expansion in the consumerization of IT and BYOD, it is more
vital than any time in recent memory to completely instruct representatives about security
assaults and insurance. As a last point to consider, the security of an association depends on
location. Counteractive action is vital however identification is pivotal. The way to handling
dangers is figuring out what typical conduct is, as an empowering influence for the
distinguishing proof of bizarre movement. In the event that an association comprehends their
pattern then this makes it a great deal simpler to spot variations from the norm, for example,
intemperate access to data or strange get to demands.
J. Srinivasan and s. Simna
http://www.iaeme.com/IJM/index.as 129 editor@iaeme.com
8. DISASTER RECOVERY
Dangers to delicate and private data come in a wide range of structures, for example, malware
and phishing assaults, wholesale fraud and ransomware. To dissuade aggressors and relieve
vulnerabilities at different focuses, numerous security controls are executed and facilitated as a
major aspect of a layered resistance top to bottom procedure. This ought to limit the effect of
an assault. To be set up for a security break, security gatherings ought to have an episode
reaction design (IRP) set up. This ought to enable them to contain and restrain the harm,
evacuate the reason and apply refreshed protection controls. Data security procedures and
approaches commonly include physical and advanced safety efforts to shield information from
unapproved get to, utilize, replication or obliteration. These measures can incorporate mantraps,
encryption key administration, arrange interruption location frameworks, secret key approaches
and administrative consistence. A security review might be directed to assess the association's
capacity to keep up secure frameworks against an arrangement of set up criteria. A calamity
recuperation design (DRP) is a reported, organized approach with guidelines for reacting to
impromptu occurrences. This well ordered arrangement comprises of the safety measures to
limit the impacts of a calamity so the association can keep on operating or rapidly continue
mission-basic capacities. Commonly, catastrophe recuperation arranging includes an
investigation of business procedures and congruity needs. Before creating a nitty gritty
arrangement, an association frequently plays out a business affect examination (BIA) and
hazard investigation (RA), and it builds up the recuperation time objective (RTO) and
recuperation point objective (RPO). Find the best contemplations you have to know when
building up a business progression and debacle recuperation design, find out about the best DR
items available today, get tips on the best way to spending plan and get ready staff for different
DR/BC activities and considerably more.
9. DISASTER RECOVERYPROCEDURES
A Disaster recovery methodology should begin at the business level and figure out which
applications are most essential to running the association. The RTO depicts the objective
measure of time a business application can be down, commonly measured in hours, minutes or
seconds. The RPO depicts the past point in time when an application must be recouped.