Running head: INFORMATION GOVERNANCE AND NETWORK SECURITY
Information Governance in Cyber Security
(Network security in information governance)
Student’s Name: Uma Saket Gorrepati
Date: December 13, 2020
1
INFORMATION GOVERNANCE AND NETWORK SECURITY
2
Table of Contents
Introduction ................................................................................................................................................. 3
Cyber Security Threats in Networks with the need for Information governance ................................ 6
Ransomware ............................................................................................................................................ 6
Phishing.................................................................................................................................................... 7
Crypto-jacking ........................................................................................................................................ 8
Network security in information governance ......................................................................................... 10
Network Security Controls and Information Governance .................................................................... 17
Physical Network Security ................................................................................................................... 17
Technical Network Security ................................................................................................................. 18
Administrative Network Security ........................................................................................................ 18
Types of network security and information governance ....................................................................... 19
Network Access Control ....................................................................................................................... 19
Antivirus and Antimalware Software ................................................................................................. 20
Firewall Protection................................................................................................................................ 20
Network security for consumers and businesses ................................................................................ 21
Behavioral analytics .............................................................................................................................. 21
Data loss prevention.............................................................................................................................. 22
A Synergistic Relationship ....................................................................................................................... 22
Summary.................................................................................................................................................... 24
INFORMATION GOVERNANCE AND NETWORK SECURITY
3
Chapter Two: Review of Literature
Network security in information governance
Introduction
Information governance is the general information policies that are significant in
balancing the risks related the value of data held in an organization. Information governance
helps companies governed by both legal and operational compliances in reducing the expenses
that are linked to legal knowledge discoveries (Abomhara, 2015). Cybersecurity denotes the
process of safeguarding the organization’s computing devices from any damage. Cybersecurity
consists of the various practices, approaches and technologies that are primarily designed to
secure networks and systems from unauthorized access. It comprises of all the defensive
technologies and methods utilized to offer data and network protection. Also, cybersecurity
techniques are crucial in enhancing data, information and network protection against various
threats such as malware attacks, phishing and ransomware (Brown et al., 2015).
Network security and information governance are two elements that define the integrity,
confidentiality, and accessibility of data in the current information age filled with a lot of cyber
threats. Therefore, information governance will dictate that the data of the customers, just like
those of the company, will be protected through network security. The segmentation approach
will help in ensuring that each level of users accesses their network segment. Proper network
management practices will be ideal for the success of information governance. Information
governance practices should consider the need for policies to help in the network's operation and
management. The need for proper procedures in information and communication technology is
necessary to ensure that there are minimal data loss cases and compromise. Understanding the
INFORMATION GOVERNANCE AND NETWORK SECURITY
4
need for network security as part of information governance is essential to successfully use and
consume the ever-growing demand for information technology. This chapter seeks to exploit
Network security and Information governance as a specific area of my research dissertation.
The new age and era have seen an increased use of information technology in ecommerce and global connectivity, made possible by interconnections of networks. The use of
networks and systems has heightened its usability at individual levels and organizations and in
information transfers and storage. The increased use of information technology across the globe
has attracted hackers and other online malicious groups who strive to exploit vulnerable systems.
Their efforts have led to extreme actions such as bringing down the government and parastatal
systems such as the national power system. Network security can be defined as the activities
designed chiefly to bring about protection onto the network to enhance usability, safety, and
reliability of the network infrastructure at hand. On the other hand, Information Governance (IG)
can be defined as the orchestration of processes, technology, and people to make it possible for
organizations to handle their data as enterprise assets. The need for information governance and
network security has, after that, surfaced and became a household activity.
The company's primary duty through its network administrators and security team is to
ensure that the company data and those of its customers maintain its dictates of integrity,
confidentiality, and availability. For instance, the customers will trust the company with their
data, such as personal emails and telephone numbers, for the case of e-commerce. As such, the
company should protect them from potential attackers (Borgman et al. 2016). Therefore,
information governance will dictate that the data of the customers, just like those of the
company, will be protected through network security. The customers have the right to decision
rights and call the company into accountability in cases where its data is compromised.
INFORMATION GOVERNANCE AND NETWORK SECURITY
5
Therefore, the company should deploy robust network security as part of information
governance. The primary aspect is the prevention and control of threats that could penetrate or
spread into and within the network (Borgman et al. 2016). The paper will hence address the issue
of network security in information governance.
Information governance echoes fiduciary duty and accountability in corporate
governance. Essentially integrity, which incorporates compliance, audit and control, and risk
management is the critical aspect of information governance. It extends as far as regulatory and
legal elements of the context in which information is controlled and used. The meaning of these
definitions is that accountability is the critical aspect of the organization. Various theories have
been formed to help define information governance and role of organizations with regards to
accountability. All the theories imply there exists steady progression, going as far as to apply
more holistic approach that incorporates behavioral and organizational (social) elements, rather
than the narrow focus on technical controls (Muddu, & Tryfonas, 2016). These theories include
corporate governance, resilient business, and social-technical theories.
This research mainly insists that organizations, through the security team and network
administrators are responsible and accountable for maintenance of integrity, availability, and
confidentiality of organization data and those of customers. While there is need for enhancing
knowledge about the individual level of information security, there has been little focus on the
governance level (Eugen, & Petruţ, 2018). Consequently, the corporate governance approach has
been employed in research to relate network information security to corporate governance. There
is need for putting more emphasis on the technical controls of the organization (Rasouli,
Trienekens, Kusters, & Grefen, 2016). The corporate governance’s compulsory forces should
drive network security. Protecting data of customers and that of the organization is responsibility
INFORMATION GOVERNANCE AND NETWORK SECURITY
6
of the directors, who should be held accountable for the internal controls and risk management
system of the organization.
Arising out of the moral duties of organizations to avoid intentionally causing harm to
customers and employees, a second argument is that organizations have ethical obligation to
improve network information security. With regards to this perspective, this research argues that
the most suitable path of organizations’ corporate governance is gaining control of network
information and security process. In rapidly changing environments, the existing data
conformance and control mechanisms and traditional view of information governance turn out be
inadequate.
Cyber Security Threats in Networks with the need for Information governance
Ransomware: It is malicious software or malware that makes various attempts
scrambling or encrypting data and participating in extortion attacks for the sole purpose of
freeing the otherwise inaccessible data. Ransomware attacks are effected through the use of
emails containing suspicious links. To ensure that organizations have systems against these
attacks, there is a dire need for the organization to engage in frequent employee trainings with
regards to opening emails on the organizational network and devices. Also, frequent antivirus
updates will go a long way in preventing these attacks. Lastly, the IT technical team must ensure
the network devices within the organization are always up to date with the current and emerging
security patches.
INFORMATION GOVERNANCE AND NETWORK SECURITY
7
Phishing: In today’s society, phishing scams are growing in prevalence. While this is
happening, businesses are suffering. A phishing attack occurs when a fraudulent email or text
message is sent with the purpose of collecting sensitive information (O'Leary, 2019). Since email
is the primary method of communication for most businesses, it is also the most effective way
for phishing attacks to occur. Worldwide there are more than 269 billion emails sent from more
than 3.7 billion accounts (Binks, 2019). The ubiquitousness of email use among businesses is
what makes it so successful with attackers. In 2007, it is estimated that phishing attacks cost
businesses an estimated $3 billion in losses. This trend has worsened over the years as phishing
attacks have become more sophisticated. In the United States, for example, it is estimated that
businesses lost $2.76 million per attack (O'Leary, 2019). With phishing attacks growing in
sophistication and prevalence, there is an undeniable financial cost to businesses. To help combat
these attacks, it is imperative that you understand what a phishing attack looks like.
Understanding this will help you develop strategies and best practices to protect yourself and
your company from the financial cost of phishing attacks. These emails almost always prey on
our fears and instinctual ability to panic. This is done by creating a sense of urgency.
Targets of these attacks are threatened with the possibility of losing data or account
details (Binks, 2019). Figure 1 illustrates how a phishing attack works. These fear tactics utilized
by cybercriminals hope to create a sense of urgency within the busy business professional so
they do not examine the email too closely. Unfortunately, they are very effective in doing just
that. Approximately 23 percent of phishing emails are opened by unsuspecting victims of these
scams and 12 percent of those targeted open a malicious link (Binks, 2019). In the midst of the
Covid-19 pandemic, this situation has worsened. The world’s fear and uncertainty over the virus
has created a prime environment for cybercriminals to thrive. In addition to the fear society is
INFORMATION GOVERNANCE AND NETWORK SECURITY
8
experiencing, millions of people are working from home away from the network security of their
offices.
Figure 1. The phases of phishing (Bursztein, 2015)
Crypto-jacking: this approach entails the use of personal devices to mine information
from the blockchain technology. Hackers are utilizing this method through email links send to
clients. This links works in a manner that loads crypto mining codes on the systems.
Organizations must work closely with Cyber security experts to provide advice on protecting
them from these attacks. For instance, there is need to install website filtering tools which must
be updated regularly.
INFORMATION GOVERNANCE AND NETWORK SECURITY
Information governance is the general information policies that are significant in
balancing the risks related the value of data held in an organization. It is an all-round practice
that is employed in managing information by putting in place controls and practices that are
essential in creating useful organizational assets of data. All the efforts of information
governance are towards eradication of threats in an organization. The entire process of
information governance consists of planning and organizing, monitoring and evaluation,
acquisition and development and delivery as well as providing support. Figure 2 below shows
the holistic process of information governance that must be implemented in any organization to
safeguard its network, information and devices from external threats.
Figure 2a A holistic view of the Information governance process
9
INFORMATION GOVERNANCE AND NETWORK SECURITY
10
Figure 2b Information governance process in the organization
Network security in information governance
Network security revolves around several devices, processes, and technologies. These
components are conjoined through rules as well as configurations that are meant to cement the
elements of the CIA triad of the company's data and computer networks through hardware and
software technologies. While managing the network security sufficiently, it will be necessary to
have information governance in place, regardless of the organization's size, infrastructure, or
industry. Rasouli et al. (2016) noted that as the complexity of network architecture keeps
growing as per the threat environment, it will be necessary to have policies that can manage as a
INFORMATION GOVERNANCE AND NETWORK SECURITY
11
move to contain ever-changing dimensions, attackers. Understanding network security
paradigms and dictates will help tackle vulnerabilities that exist across data, networking devices,
applications, devices, and users. Therefore, due to this, there are several management tools for
managing network security that can be used in addressing cyber threats within an organization.
Little downtimes can be the source of prevalent disruptions and huge damage to the
company's image, hence the need for these protection measures (Rasouli et al. 2016). The
success of information governance in any organization depends on the level of network security.
This is because the proper setup of network security will guarantee information security, which
is also part of the information governance. Through information governance, the company gets
to view the company data as its assets, hence influencing the need for an increase in information
and data management. Succeeding in its deployment of information governance, it will be ideal
for harmonizing the core components: the people, technology, and processes. Therefore, these
three entities will allow the organization to enhance data management as its assets, which are
critical for its existence and success. Poor information governance will expose data to possible
cases of attack whereby the third party will misuse data, hence compromising the company's
situation.
The companies that have been hacked before commonly attribute the success of hackers
to the company's laxity. For instance, the network's poor management led to the loss of data loss
of up to 7 million customers of JP Morgan & Chase Bank through data breach (Silver-Greenberg
et al., 2014). Such cases lead to the company being sued by customers because their data will be
used by the third-party for malicious purposes, such as using them for acquiring loans through
mobile banking. The hackers of JP Morgan bank are said to have exploited a fault within the
company's website, and it had continued for more than a month before its finding, as stated in the
INFORMATION GOVERNANCE AND NETWORK SECURITY
12
article by Silver-Greenberg et al. (2014). A proper configuration of network security will have
alerted the company of such intrusion. This further means that there was laxity in information
governance because if that were not the case, the network's fault would have been addressed long
before the attack. The fact that it also lasted for a whole month is an indication that there were no
policies in place that guides constant checking of the company's network and systems.
Quantitative and Qualitative Analysis
Machine learning is the study of computers that automatically improve through
experience. It is known to be a subset of artificial intelligence. This is the concept of computer
intelligence that has the capability to learn through a large amount of data entered by humans. It
is a portion of artificial intelligence that is used throughout the world. These models have been
embedded in many aspects of our daily life, such as social media, finance, and Healthcare.
Researchers have created a variety of techniques to explain the benefits of machine learning to
stakeholders. The development of machine learning in artificial intelligence has significantly
improved treatment, medication, contact racing, predictions, and drug or vaccine development
posing for the Coronavirus COVID-19 pandemic.
Based on the manuscript titled "Development and Evaluation of an AI system for
COVID-19 diagnosis," this study was conducted by multiple colleagues to use machine learning
through an artificial intelligence system to improve CT chest scans and CXR chest x-rays and
quickly diagnose the virus COVID-19. The researchers developed an AI system that could detect
COVID-19, pneumonia, influenza, and other health issues with high diagnostic accuracy. This
article is well written, but various AI systems are used for lung CT chest scans, and some
information is being left out. It is not difficult for radiologists to determine or detect COVID-19
from healthy patients, it is based on the CT chest scan. Still, there are more difficult concerns
INFORMATION GOVERNANCE AND NETWORK SECURITY
13
with detecting similar illnesses like pneumonia and influenza that is not very easy for
radiologists to see. Even the most trained radiologist make mistakes in missing diagnoses. There
were CXR chest x-rays and CT scans performed to see if chest x-rays work better in the machine
learning diagnosis. Some studies need to be performed to understand the motion artifacts and
diagnosis performance. More data need to be collected.
Machine learning's main intent is based on computer systems to predict future trends by
taking big data and analyzing it. Big data is all over our society, and human intelligence does not
have the proper capability to evaluate the information. The complexity and size of the databases
prove that humans are unable to extract useful information from them. Mathematics is used as
the number one prerequisite needed to enable the machine learning program. The mathematical
solutions created must be accurate for the machine to produce a data model that can produce
reliable information. Programming and graphic design is also an essential asset needed in
machine learning.
Data is another important factor in machine learning because this information allows the
machine to grow and succeed. Machine learning will release the data then the data turns into the
algorithm. The efficient learning machine is designed to process in these steps:
● The data is collected.
● The data is processed.
● The data transform into an algorithm.
● The algorithm is trained.
● The algorithm is tested.
● The algorithm is applied.
INFORMATION GOVERNANCE AND NETWORK SECURITY
14
● The last algorithm is executed.
Machine learning has allowed society to obtain high-quality information. This is what
primarily allows the business to make decisions and design better strategies internally and
externally.
Information Governance
Information governance is the overall information approaches that are huge in adjusting
the dangers related the estimation of information held in an association. Information governance
helps organizations represented by both legitimate and operational compliances in decreasing the
costs that are connected to lawful information revelations (Abomhara, 2015). Cyber security
means the way toward defending the association's registering gadgets from any harm. Cyber
security comprises of the different practices, approaches and advancements that are essentially
intended to make sure about organizations and frameworks from unapproved access. It involves
all the guarded advances and techniques used to offer information and organization security.
Additionally, cyber security methods are significant in upgrading information, information and
organization security against different dangers, for example, malware assaults, phishing and
ransomware (Brown et al., 2015).
INFORMATION GOVERNANCE AND NETWORK SECURITY
Figure 2a A holistic view of the Information governance process
15
INFORMATION GOVERNANCE AND NETWORK SECURITY
16
Figure 2b Information governance process in the organization
Information governance is the overall information arrangements that are huge in adjusting
the dangers related the estimation of information held in an association. It is an overall practice
that is utilized in overseeing information by setting up controls and practices that are fundamental
in making valuable hierarchical resources of information. All the endeavors of information
governance are towards destruction of dangers in an association. The whole cycle of information
governance comprises of arranging and sorting out, observing and assessment, securing and
advancement and conveyance just as offering help. Figure 2 underneath shows the comprehensive
cycle of information governance that must be executed in any association to defend its
organization, information and gadgets from outer dangers. A legitimate arrangement of
organization security will have alarmed the organization of such interruption. This further implies
INFORMATION GOVERNANCE AND NETWORK SECURITY
17
that there was laxity in information governance since, supposing that that were not the situation,
the organization's flaw would have been tended to well before the assault. The way that it
additionally went on for an entire month means that there were no arrangements set up that guides
steady checking of the organization and frameworks.
Network Security Controls and Information Governance
The items to factor in when dealing with network security are the three different network
security controls, which are the administrative, physical, and technical.
Physical Network Security: these types of controls are designed in a way that will
prevent any possibility of unauthorized personnel who may tempt to gaining physical access onto
the company's network components (Eugen & Petruţ, 2018). The features being protected
include routers, servers, cabling cupboards, to mention a few. The standard entities for fostering
controlled access are majorly locks and biometric authentication, which remains ideal for any
company. As part of information governance, the data should remain confidential, reliable, and
highly available. In achieving this, it will be ideal to ensure that the central data center is only
accessible to the company administrators. Having such restrictions will help prevent cases where
stray strangers in the company or malicious employees will enter the data center and manipulate
the company information hence compromising the availability, reliability, and confidentiality of
company data (Eugen & Petruţ, 2018).
INFORMATION GOVERNANCE AND NETWORK SECURITY
18
Technical Network Security: this is a type of security controls whose sole purpose is to
protect stored data on the company's network and those data that moves within the network or
out of the network. As part of information governance, the company's network administrator
should design policies and regulations that will be used for controlling how data move between
workstations in the company. The protection can be said to be twofold, whereby there is a need
to protect company data and systems against possible employees' malicious activities and
unauthorized personnel (Eugen & Petruţ, 2018). Having strong information governance in place
will entail a comprehensive plan on how the network is accessed, controlled, and used by both
the system users and the network administrators. The provisions of network control and its
subsequent operations fall within the information governance. Therefore, the technical part will
involve how data will be transferred within the network and how to access shared data.
Furthermore, there will be configurations of virtual private network whereby some employees
will be allowed to access the company's data and information remotely (Eugen & Petruţ, 2018).
As part of information governance, it will be ideal to ensure a robust authentication system to
avoid cases where the sniffers and snoopers will "listen" to the data and information being
shared.
Administrative Network Security: this is network security controls that deal with the
security processes and policies affecting user behavior, such as the employees' level of
information and data access (Borgman et al. 2016). It also deals with how the company's network
users are authenticated, and again, the company's IT team should implement any changes needed
to the network infrastructure. Proper management within the network on the level of access is
part of information governance in that the network users will be restricted from accessing those
components within their levels (Kao, 2016). The levels of access are down to the company
INFORMATION GOVERNANCE AND NETWORK SECURITY
19
hierarchy. The top management will not have to share the same data access level with the
company employees at the bottom of the hierarchy. The move will foster ideal information
governance in that it will be easier to detect and trace possible cases such as misuse of company
data. For instance, if all the employees were having the same access to data, it will be hard to
trace employee who injected a malicious program into the system. On the other hand, if such an
occurrence is registered in a clustered network, it will be easier to trace it based on the level of
information access (Syed & Dhillon, 2015). Consequently, the core company data should only be
available for full management access because of its criticality.
Types of network security and information governance
The essence of information governance is to ensure that the company's data and
information are within the CIA (confidentiality, integrity, accessibility). In this case, there will
be a need for a proper understanding of the network security types to foster information
governance.
Network Access Control: The network components can be protected by controlling how
the network users access them. This is essential because the hackers and potential attackers will
always try to infiltrate the company network; hence the existence of comprehensive access
control policies will be necessary for both the devices and users (Mikhed & Vogan, 2018). For
instance, the company administrators will be allowed to access different folders within the
network, but there are those specific confidential folders which they will not be accessing. The
move will help ensure that if attackers gain the login credential of an administrator into the
network, they will not be able to access some confidential information due to access control.
Additionally, Kao (2016) stated that if there is a situation where the network access control is set
INFORMATION GOVERNANCE AND NETWORK SECURITY
20
to accept a set of devices, it will be hard for the attackers to join the network using non-set
devices. The network access control should also have a visualization mechanism in which the
administrators will be used to monitor traffic movement in the network, making it easier to detect
cases such as abnormal traffics, which is common during network attacks (Syed & Dhillon,
2015).
Antivirus and Antimalware Software: these are the type of network security that will
help prevent malicious software from tampering with the company resources. The policies that
are part of the information governance will be needed to guide the crucial aspects such as the
antivirus and antimalware that the company will be using to protect its data (Mikhed & Vogan,
2018). The policies guiding antivirus and antimalware software will also give a framework on
how the network will be maintained in terms of activities such as network scans, tracking of
files, and software activation. The information governance will help identify the section within
the network, which will be labeled as hotspots and thus subject to constant scrutiny and
observation. This approach aims to prevent potential elements such as viruses, worms, Trojans,
and ransomware, which hackers could use to collect or destroy company data, hence
jeopardizing its integrity, confidentiality, and availability (Mikhed & Vogan, 2018). The sphere
of information governance will also cover the type of vendors and software being used in the
network because there are those which do not meet the standards hence becoming the problem
rather than a solution.
Firewall Protection: these are components in the network placed between the company's
trusted internal network and the untrusted external networks. It is within the administrators'
mandate to configure rules and policies that will help block or permit traffic that enters the
system. Controlling the components that find its way into the company network is necessary
INFORMATION GOVERNANCE AND NETWORK SECURITY
21
because, in most cases, these are the hackers' entry points. Syed & Dhillon (2015) stated that the
policies that are part of the information governance would entail the sites that are not blocked
from access by the company because they can potentially harm the company. It is also used to
monitor the elements that are downloaded into the company's network (Acemoglu et al., 2016).
As part of maintaining a healthy network, it will be mandatory to reserve programs for
administrators.
Network security for consumers and businesses: the rise in the use of information
technology in business, more so e-commerce, has attracted a pool of hackers who want to exploit
online customers. For this matter, the company should prioritize network security to prevent both
the customers and its business from possible compromising. The administrators should draft
policies on how the company should regulate the network traffic to acid cases where the hacker
will capitalize on the high traffic to gain access to the company's network (Mikhed & Vogan,
2018). The priority remains to be the protection of assets as well as data integrity from potential
external exploits. The other approach for boosting information governance through network
security is enhancing network performance whereby the faster the network, the easier the
management (Saffady, 2017). It is hard to manage a slow network because the customers will
cause unnecessary traffic while trying to refresh their webpages. In cases where there is high
traffic in the network due to poor performance, it will be hard for the network administrator to
quantify the traffic source, hence giving leeway to the hackers to access the network.
Behavioral analytics: using this approach will help in identifying cases within the
network that are not common. For instance, if there is a workstation with more logins than usual,
it will attract the network administrator's attention because the first possibility is that there is an
intrusion (Muddu & Tryfonas, 2016). If there is also a customer account, for online banking or e-
INFORMATION GOVERNANCE AND NETWORK SECURITY
22
commerce, that is registering more business activities than usual, the network administrator
should isolate it and investigate the potential issue of hacking. As part of network security, the
company should use behavioral analytics software to identify a security breach's possible case.
The application is ideal for spotting a problem quickly and isolating potential threats. According
to Muddu & Tryfonas (2016), the use of these technologies and processes forms part of the
information governance whose sole mission is to ensure that there are no data loss cases.
Data loss prevention: This is a type of network security that will ensure that there is no
compromising of the organization's data through cases such as employees sharing valuable and
sensitive information of the company knowing or unknowingly outside the company network.
For instance, the employee may download a file from the internet and open it, exposing the
whole company network to viruses and other worms attack. Alternatively, the downloaded file
may be having prompts which, when clicked, will lead to other links hence loss of company data
in the long run. As part of data loss prevention, the system users will have to be trained on using
the company network in terms of best practices and dos and don'ts. The system users should be
trained on handling possible attacks such as alerting the admin in case of abnormal behaviors
such as instant log out or password rejection (Acemoglub et al., 2016). On the other hand, the
admin should design a mechanism of detecting when there is a change in login credentials within
the specific workstation. The move will ensure that any case of attempted intrusion is detected
and nullified before it causes menace within the network.
A Synergistic Relationship
Network security and information governance exist as a unit whereby a fault or laxity in
one area will lead to a vulnerability in the other area. The success of information governance
INFORMATION GOVERNANCE AND NETWORK SECURITY
23
depends on the dictates and structure of network security and vice versa. Increased use of
information technology in our day to day company activities has increased the need for better
network security to foster information governance (Acemoglub et al., 2016). Mobile device
security, for instance, should be factored in because they have become the latest targets among
hackers and other intruders. Given that the main aim of information governance is to ensure
proper use and maintenance of data and devices, mobile devices should also be given
consideration. Mobile devices such as phones, tablets, and laptops can contain sensitive company
information, hence keeping them protected. The first step is to limit the use of these devices
within the network, more so when accessing confidential company data because they are the
hackers' prime targets (Saffady, 2017). The aim of imposing such dictates is to ensure that there
is proper monitoring of network traffic and the prevention of possible leakages through such
devices.
Another proper management of mobile devices as a network security measure is to ensure
that the flash disk and memory devices are not accessible through the workstation by
deactivating all ports. The practice will prevent cases such as injecting viruses and other
malicious programs into the network through such ports. Some bold hackers can take advantage
of laxity in network administration who do not make such restrictions to access the physical
network and use their portable devices such as HDD to transfer company data. According to
Acemoglub et al. (2016), the need for network segmentation will also be a factor in enhancing
information governance through network security. For this matter, the network will be divided
and sorted to ease network traffic whereby certain classifications will be used in streamlining the
segmentation. According to Saffady (2017), the segmentation approach will ensure that each
level of users accesses their network segment. Consequently, the network will be set so that if a
INFORMATION GOVERNANCE AND NETWORK SECURITY
24
particular section is attacked, it will be deactivated, and its traffics re-directed to the functioning
network segment.
Summary
Network security and information governance usually go hand in hand, and as such, they
are dependent on each other. As seen in the discussion above, a proper understanding of the
network will be necessary to control and implement information governance. Poor network
security practices will open the way for attacks such as DDoS (dedicated denial of service),
which will cause unnecessary traffic in the servers hence causing unavailability of data. Proper
network management practices will be ideal for appropriate the success of information
governance. The information governance practices should also need policies that can help in the
network's operation and management. Whereas other potential entry points of the hackers and
other malicious personal, the primary route remains to be that of the network hence the need for
emphasis on network security. The network administration should work closely with the
information governance team to help them draft policies and laws, which will help streamline the
operations that will boost network security.
From the above, it can be concluded that cybersecurity denotes how information within
the organization as well as data can largely be safeguarded from unauthorized access via
utilization of the most reliable and appropriate strategies and polices. With these in mind, it is
equivalent to an essential asset for any organization since. Without proper communications,
operations within the company cannot be implemented as per the required standards. In this
paper, various threats that impact the organization's operations were highlighted, and it is
essential to recognize them as all the data can be breached and released in the wrong hands that
INFORMATION GOVERNANCE AND NETWORK SECURITY
can misuse it. In ensuring that the systems and processes' security is achieved, the information
governance framework must be adopted.
25
INFORMATION GOVERNANCE AND NETWORK SECURITY
26
References
Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders
and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88.
Acemoglu, D., Malekian, A., & Ozdaglar, A. (2016). Network security and contagion. Journal of
Economic Theory, 166, 536-585.
Binks, A. (2019). The art of phishing: past, present and future. Computer Fraud & Security,
2019(4), 9-11. doi: 10.1016/s1361-3723(19)30040-5
Borgman, H., Heier, H., Bahli, B., & Boekamp, T. (2016, January). Dotting the I and Crossing
(out) the T in IT Governance: New Challenges for Information Governance. In 2016 49th
Hawaii International Conference on System Sciences (HICSS) (pp. 4901-4909). IEEE.
Brown, S., Gommers, J., & Serrano, O. (2015, October). From cyber security information sharing
to threat management. In Proceedings of the 2nd ACM workshop on information sharing
and collaborative security (pp. 43-49).
Bursztein, E. (2015). The five phases of the phishing cycle [Image]. Retrieved from
https://elie.net/blog/anti_fraud_and_abuse/how-phishing-works/
Eugen, P., & Petruţ, D. (2018). Exploring the new era of cybersecurity governance. Ovidius
University Annals, Economic Sciences Series, 18(1), 358-363.
Kao, D. Y. (2016). Performing Information Governance: Golden Triangle Components For APTs
Countermeasures. International Journal of Development Research, 6(1), 6539-6546.
Mikhed, V., & Vogan, M. (2018). How data breaches affect consumer credit. Journal of Banking
& Finance, 88, 192-207.
INFORMATION GOVERNANCE AND NETWORK SECURITY
27
Muddu, S., & Tryfonas, C. (2016). "Network security threat detection by user/user-entity
behavioral analysis." U.S. Patent No. 9,516,053. Washington, DC: U.S. Patent and
Trademark Office.
O'Leary, D. (2019). What Phishing E-mails Reveal: An Exploratory Analysis of Phishing Attempts
Using Text Analysis. Journal Of Information Systems, 33(3), 285-307. doi: 10.2308/isys52481
Rasouli, M., Trienekens, J. J., Kusters, R. J., & Grefen, P. W. (2016). Information governance
requirements in dynamic business networking. Industrial Management & Data Systems,
116(7), 1356-1379.
Silver-Greenberg, J., Goldstein, M., & Perlroth, N. (2014). JP Morgan Chase hack affects 76
million households. New York Times, 2.
Syed, R., & Dhillon, G. (2015). Dynamics of data breaches in online social networks:
Understanding threats to organizational information security reputation.
William Saffady PhD, F. A. I. (2017). Enterprise content management as an information
governance enabler. Information Management, 51(1), 40.
Eugen, P., & Petruţ, D. (2018). Exploring the new era of cybersecurity governance. Ovidius
University Annals, Economic Sciences Series, 18(1), 358-363.
Muddu, S., & Tryfonas, C. (2016). Network security threat detection by user/user-entity
behavioral analysis & U.S. Patent No. 9,516,053. Washington, DC: U.S. Patent and
Trademark Office.
Rasouli, M., Trienekens, J. J., Kusters, R. J., & Grefen, P. W. (2016). Information governance
requirements in dynamic business networking. Industrial Management & Data Systems,
INFORMATION GOVERNANCE AND NETWORK SECURITY
28
116(7), 1356-1379.
Kao, D. Y. (2016). Performing Information Governance: Golden Triangle Components For APTs
Countermeasures. International Journal of Development Research, 6(1), 6539-6546.
Mikhed, V., & Vogan, M. (2018). How data breaches affect consumer credit. Journal of Banking
& Finance, 88, 192-207.
Muddu, S., & Tryfonas, C. (2016). "Network security threat detection by user/user-entity
behavioral analysis." U.S. Patent No. 9,516,053. Washington, DC: U.S. Patent and
Trademark Office.
O'Leary, D. (2019). What Phishing E-mails Reveal: An Exploratory Analysis of Phishing Attempts
Using Text Analysis. Journal Of Information Systems, 33(3), 285-307. doi: 10.2308/isys52481
Rasouli, M., Trienekens, J. J., Kusters, R. J., & Grefen, P. W. (2016). Information governance
requirements in dynamic business networking. Industrial Management & Data Systems,
116(7), 1356-1379.
Silver-Greenberg, J., Goldstein, M., & Perlroth, N. (2014). JP Morgan Chase hack affects 76
million households. New York Times, 2.
Syed, R., & Dhillon, G. (2015). Dynamics of data breaches in online social networks:
Understanding threats to organizational information security reputation.
William Saffady PhD, F. A. I. (2017). Enterprise content management as an information
governance enabler. Information Management, 51(1), 40.
Purchase answer to see full
attachment