Journal of Machine and Computing


Network Security Governance Policy and Risk Management: Research on Challenges and Coping Strategies



Journal of Machine and Computing

Received On : 02 August 2023

Revised On : 12 September 2023

Accepted On : 02 November 2023

Published On : 05 January 2024

Volume 04, Issue 01

Pages : 153-169


Abstract


Cybersecurity is a big issue for major multinational corporations in today's lightning-fast digital world. Risk management and Network Security Governance (NSG) are complex, and this paper discusses the challenges and strategies needed to protect digital assets in a more vulnerable cyber environment. Cyber threats are constantly changing, technological integration is complex, and regulatory compliance is severe, all of which make it more challenging to maintain robust network security. NSG requires strong security rules and standards, which this conversation must address. The ever-changing threat environment demands that these regulations be open, accurate, and flexible. Risk management identifying, assessing, and mitigating threats—is essential to regulatory compliance and organizational reputation, according to the article. Risk mitigation methods like proactive, investigative, and remedial approaches are examined, along with cybersecurity advancements like Artificial Intelligence (AI) and Machine Learning (ML). In solving network security issues, the text emphasizes continuous learning, collaboration, and information sharing. Network Security Governance and Risk Management (NSGRM) is complex and dynamic, and this study covers its challenges and strategies.


Keywords


Risk Management, Network Security, Governance Policy and Standards, Risk Mitigation Strategies, Artificial Intelligence.


  1. T. M. Siebel, “Digital transformation: survive and thrive in an era of mass extinction,” RosettaBooks, 2019.
  2. V. Radunovic, J. Gratz-Hoffmann, and M. Maciel, “Impact of Good Corporate Practices for Security of Digital Products on Global Cyber Stability,” 2021 13th International Conference on Cyber Conflict (CyCon), May 2021, doi: 10.23919/cycon51939.2021.9467805.
  3. J. M. Borky and T. H. Bradley, “Protecting Information with Cybersecurity,” Effective Model-Based Systems Engineering, pp. 345–404, Sep. 2018, doi: 10.1007/978-3-319-95669-5_10.
  4. K. Stine, S. Quinn, G. Witte, and R. K. Gardner, “Integrating Cybersecurity and Enterprise Risk Management (ERM),” Jul. 2020, doi: 10.6028/nist.ir.8286-draft2.
  5. F. M. Alotaibi, A. Al-Dhaqm, W. M. S. Yafooz, and Y. D. Al-Otaibi, “A Novel Administration Model for Managing and Organising the Heterogeneous Information Security Policy Field,” Applied Sciences, vol. 13, no. 17, p. 9703, Aug. 2023, doi: 10.3390/app13179703.
  6. H. M. Melaku, “A Dynamic and Adaptive Cybersecurity Governance Framework,” Journal of Cybersecurity and Privacy, vol. 3, no. 3, pp. 327–350, Jun. 2023, doi: 10.3390/jcp3030017.
  7. M. T. Nguyen and M. Q. Tran, “Balancing Security and Privacy in the Digital Age: An In-Depth Analysis of Legal and Regulatory Frameworks Impacting Cybersecurity Practices”, IJIAC, vol. 6, no. 5, pp. 1–12, Sep. 2023.
  8. O. Kayode-Ajala, “Establishing Cyber Resilience in Developing Countries: An Exploratory Investigation into Institutional, Legal, Financial, and Social Challenges”, IJSICS, vol. 8, no. 9, pp. 1–10, Aug. 2023.
  9. V. Demertzi, S. Demertzis, and K. Demertzis, “An Overview of Cyber Threats, Attacks and Countermeasures on the Primary Domains of Smart Cities,” Applied Sciences, vol. 13, no. 2, p. 790, Jan. 2023, doi: 10.3390/app13020790.
  10. H. Taherdoost, “Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview,” Electronics, vol. 11, no. 14, p. 2181, Jul. 2022, doi: 10.3390/electronics11142181.
  11. H. H. H. Aldboush and M. Ferdous, “Building Trust in Fintech: An Analysis of Ethical and Privacy Considerations in the Intersection of Big Data, AI, and Customer Trust,” International Journal of Financial Studies, vol. 11, no. 3, p. 90, Jul. 2023, doi: 10.3390/ijfs11030090.
  12. M. I. khalil and M. Abdel-Rahman, “Advanced Cybersecurity Measures in IT Service Operations and Their Crucial Role in Safeguarding Enterprise Data in a Connected World”, ERST, vol. 7, no. 1, pp. 138–158, Jul. 2023.
  13. A. Latiša, “EU regulations regarding digital businesses, such as GDPR, DMA, and DSA, impose a disproportionate administrative burden, compliance costs, and commercial risks on entrepreneurs operating in the EU on digital platforms,” 2023.
  14. M. A. Kafi and N. Akter, “Securing Financial Information in the Digital Realm: Case Studies in Cybersecurity for Accounting Data Protection,” American Journal of Trade and Policy, vol. 10, no. 1, pp. 15–26, Apr. 2023, doi: 10.18034/ajtp.v10i1.659.
  15. M. Lehto, “Cyber-Attacks Against Critical Infrastructure,” Cyber Security, pp. 3–42, 2022, doi: 10.1007/978-3-030-91293-2_1.
  16. V. Bandari, “Enterprise Data Security Measures: A Comparative Review of Effectiveness and Risks Across Different Industries and Organization Types”, IJBIBDA, vol. 6, no. 1, pp. 1–11, Jan. 2023.
  17. J. Madavarapu, “Electronic Data Interchange Analysts Strategies to Improve Information Security While Using EDI in Healthcare Organizations,” (Doctoral dissertation, University of the Cumberlands) 2023.
  18. D. Stalin David et al., “Cloud Security Service for Identifying Unauthorized User Behaviour,” Computers, Materials & Continua, vol. 70, no. 2, pp. 2581–2600, 2022, doi: 10.32604/cmc.2022.020213.
  19. H. Nikkhah and V. Grover, “An Empirical Investigation of Company Response to Data Breaches,” MIS Quarterly, vol. 46, no. 4, pp. 2163–2196, Dec. 2022, doi: 10.25300/misq/2022/16609.
  20. J. Wolff, “Cyber insurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks,” MIT Press, 2022.
  21. B. Dash and M. F. Ansari, “An Effective Cybersecurity Awareness Training Model: First Defense of an Organizational Security Strategy,” IRJET, vol. 9, no. 4, 2022.
  22. G. R. Permana, T. E. Trowbridge, and B. Sherborne, “Ransomware Mitigation: An Analytical Investigation into the Effects and Trends of Ransomware Attacks on Global Business,” Dec. 2022, doi: 10.31234/osf.io/ayc2d.
  23. M. Podrecca, G. Culot, G. Nassimbeni, and M. Sartor, “Information security and value creation: The performance implications of ISO/IEC 27001,” Computers in Industry, vol. 142, p. 103744, Nov. 2022, doi: 10.1016/j.compind.2022.103744.
  24. M. Jagadeeswari, P. N. Karthi, V. A. Nitish Kumar, and S. L. S. Ram, “A Secure File Sharing and Audit Trail Tracking Platform with Advanced Encryption Standard for Cloud-Based Environments,” 2023 4th International Conference on Electronics and Sustainable Communication Systems (ICESC), Jul. 2023, doi: 10.1109/icesc57686.2023.10193389.
  25. A. Hammes, “The Dangers of Open-Source Software Projects: Strategies for Approaching Open-Source Software as an Organization,” (Doctoral dissertation, Utica University) 2022.
  26. Y.-C. Tian and J. Gao, “Network Security and Privacy Architecture,” Signals and Communication Technology, pp. 361–402, Oct. 2023, doi: 10.1007/978-981-99-5648-7_10.
  27. X. Ramaj, M. Sánchez-Gordón, V. Gkioulos, S. Chockalingam, and R. Colomo-Palacios, “Holding on to Compliance While Adopting DevSecOps: An SLR,” Electronics, vol. 11, no. 22, p. 3707, Nov. 2022, doi: 10.3390/electronics11223707.
  28. H. Taherdoost, “E-Business Security and Control,” EAI/Springer Innovations in Communication and Computing, pp. 105–135, 2023, doi: 10.1007/978-3-031-39626-7_5.
  29. L. Leite, D. R. dos Santos, and F. Almeida, “The impact of general data protection regulation on software engineering practices,” Information & Computer Security, vol. 30, no. 1, pp. 79–96, Aug. 2021, doi: 10.1108/ics-03-2020-0043.
  30. B. Gavaza, A. Kandiero, and C. Katsande, “A Human-Centric Cybersecurity Framework for Ensuring Cybersecurity Readiness in Universities,” Advances in Information Security, Privacy, and Ethics, pp. 242–276, Jun. 2023, doi: 10.4018/978-1-6684-9018-1.ch012.
  31. S. Sarkar, G. Choudhary, S. K. Shandilya, A. Hussain, and H. Kim, “Security of Zero Trust Networks in Cloud Computing: A Comparative Review,” Sustainability, vol. 14, no. 18, p. 11213, Sep. 2022, doi: 10.3390/su141811213.
  32. “A NARRATIVE REVIEW OF ADAVNTAGEOUS CYBERSECURITY FRAMEWORKS AND REGULATIONS IN THE UNITED STATES HEALTHCARE SYSTEM,” Issues In Information Systems, 2023, doi: 10.48009/4_iis_2023_126.
  33. E. P. Williams, “The Writing on the [Fire] wall:" Mission Critical" Cybersecurity Derivative Litigation is on Delaware's Horizon,” Fla. L. Rev., 74, 169, 2022.
  34. E. Percarpio, “Federalizing Data Breaches,” NYU Ann. Surv. Am. L., 79, 119, 2023.
  35. E. B. Blancaflor, J. L. C. Daluz, R. A. G. Garcia, N. G. S. Monton, and J. M. S. Vergara, “A Literature Review on the Pervasiveness of Ransomware Threats and Attacks in the Philippines,” Journal of Advances in Information Technology, vol. 14, no. 4, pp. 630–638, 2023, doi: 10.12720/jait.14.4.630-638.
  36. M. Firoozi and C. H. Ku, “Corporate accountability during crisis in the digitized era,” Accounting, Auditing & Accountability Journal, vol. 36, no. 3, pp. 933–964, Oct. 2022, doi: 10.1108/aaaj-04-2020-4509.
  37. A. H. Almulihi, F. Alassery, A. Irshad Khan, S. Shukla, B. Kumar Gupta, and R. Kumar, “Analyzing the Implications of Healthcare Data Breaches through Computational Technique,” Intelligent Automation & Soft Computing, vol. 32, no. 3, pp. 1763–1779, 2022, doi: 10.32604/iasc.2022.023460.
  38. N. Bajgorić, L. Turulja, S. Ibrahimović, and A. Alagić, “Enhancing Business Continuity and IT Capability,” Nov. 2020, doi: 10.4324/9781003106098.
  39. M. Ryan, “Ransomware Case Studies,” Ransomware Revolution: The Rise of a Prodigious Cyber Threat, pp. 65–91, 2021, doi: 10.1007/978-3-030-66583-8_5.
  40. A. Li, “An Analysis of the Recent Ransomware Families,” 2021.
  41. M. Willett, “Lessons of the SolarWinds Hack,” Survival, vol. 63, no. 2, pp. 7–26, Mar. 2021, doi: 10.1080/00396338.2021.1906001.
  42. K. D. Logue and A. B. Shniderman, “The Case for Banning (and Mandating) Ransomware Insurance,” SSRN Electronic Journal, 2021, doi: 10.2139/ssrn.3907373.
  43. H. Griffioen and C. Doerr, “Examining Mirai’s Battle over the Internet of Things,” Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Oct. 2020, doi: 10.1145/3372297.3417277.
  44. J. Scott Sr and W. Summit, “Rise of the machines: The Dyn attack was just a practice run,” Institute for Critical Infrastructure Technology, Washington, DC, USA, December 2016.
  45. V. Perumal, (2022). “The Future of US Data Privacy: Lessons from the GDPR and State Legislation,” Notre Dame Journal of International & Comparative Law, vol. 12, no. 1, Article 7, 2022.
  46. J. Linzy, “The Implications of the Sarbanes-Oxley Act of 2002 Twenty Years Later,” Southern University College of Business E-Journal, 17(2), 3, 2022.
  47. J. Ruohonen and K. Hjerppe, “The GDPR enforcement fines at glance,” Information Systems, vol. 106, p. 101876, May 2022, doi: 10.1016/j.is.2021.101876.
  48. D. Sam and X. M. Liu, “The Impact of unplanned System Outages on National Critical Infrastructure Sectors: Cybersecurity Practitioners’ Perspective,” (Doctoral dissertation, Marymount University) 2023.

Acknowledgements


The author(s) received no financial support for the research, authorship, and/or publication of this article.


Funding


No funding was received to assist with the preparation of this manuscript.


Ethics declarations


Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.


Availability of data and materials


The data that support the findings of this study are available from the corresponding author upon reasonable request.


Author information


Contributions

All authors have equal contribution in the paper and all authors have read and agreed to the published version of the manuscript.


Corresponding author


Rights and permissions


Open Access This article is licensed under a Creative Commons Attribution NoDerivs is a more restrictive license. It allows you to redistribute the material commercially or non-commercially but the user cannot make any changes whatsoever to the original, i.e. no derivatives of the original work. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/4.0/


Cite this article


Jiehua Zhong, Xi Wang and Tao Zhang, “Network Security Governance Policy and Risk Management: Research on Challenges and Coping Strategies”, Journal of Machine and Computing, pp. 153-169, January 2024. doi: 10.53759/7669/jmc202404015.


Copyright


© 2024 Jiehua Zhong, Xi Wang and Tao Zhang. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.