CASE STUDY 3 ~ WEEK 4, 21st March 2016

Some Risks in the global risk landscape give us low levels .of
confidence with varying views of likelihood and impact. For example,
mobile apps aid us but also attract elements to intrude into our lives
which we certainly are not comfortable with. For these very reasons,
such risks may surprise us or overwhelm us. These are the risks to
watch.
CYBER SECURITY
Awareness is growing that the real world is vulnerable to
security threats from the virtual world, but the complexity of
cyber security issues is still not well understood and its risks
could be underestimated. Cyber security encompasses online
data and information security and critical information
infrastructure breakdown, and ranges from petty online
theft by disenfranchised youths to government-led provocations with potentially
catastrophic consequences.

Four distinct global risk related activities stand out:

1. Cyber theft has become a growing industry with a long tail, particularly in
countries where economic disparity has recently been combined with access to
global communication technologies. Actors in this field
range from entrepreneurial individuals to shell
corporations built with the hope of economic gains
offset by acceptable
risks. Interestingly, some
assessment indicate that cyber thieves experience a
substantially lower feeling of guilt than is apparent in
other criminal activities.

2. Cyber espionage , whether by the private or

public sector, ahs brought the age-old practice of
intelligence gathering into a new era. Particularly
insidious, as has repeatedly been shown in the past
two decades, is he use of such techniques not only
by generally understood as enemies but also by
friendly allies.
C.DCRUZ ~ EPM 5740 ~CASE STUDY 3- 2016 .doc
1

3. Cyber war is little understood by the general public and has stirred controversy
among civilian and military leader. While an open
war in cyber space is possible, experts indicate that
the interplay between cyber war and physical war
poses a more likely risk for society, with aggression
online not only serving but also potentially provoking
conventional attacks.

4. Cyber terrorism is perhaps even less understood and is fuelling concerns overt
the openness of the internet, security and privacy. Many have inferred a high risk
of cyber terrorist attacks from terrorist organisations extensive use of the internet
in recent years for doctrinal, recruitment, operational communication purposes as
well as some occurrences of cyber theft.
However, these practices do not in
themselves indicate any capacity for largescale cyber terrorist attacks and it should
be noted that terrorist use of the internet
equally allows law enforcement agencies
to gather valuable intelligence.
..
In addition to these intentional or malevolent risks a range of risks relate to design flaws
in smart systems connected to the internet. Data gathered for one benign purpose may
be spread to other networks with unintended consequences, potentially leading to new
machine-to- machine threats.
Further contributing to the confusion about cyber securitys landscape is the constant
innovation in each of the above fields and potential new connections among them.
Nevertheless, understanding the range of negative consequences is central to managing
effective risk response. The pervasiveness of the internet and the importance of related
technologies to everyday life and business means that should a major disruption occur, it
is likely to have high impact globally.

C.DCRUZ ~ EPM 5740 ~CASE STUDY 3- 2016 .doc

2

REPORT TO ADDRESS ONE OF THE TOPICS ABOVE- SIGNED OFF BY LECTURER. AS

WELL, COMMENT ON 1 & 2 BELOW. PREPARE A LEVEL OF RISK MATRIX (as shown
below) and having prepared your matrix , using the template from last weeks case study,
complete this case study with your comments and recommendations .
1. Many countries have their own cyber laws but they are unable to control the growth of cyber
crime. Comment.
2. Discuss the possible measures that can be taken by the governments of various countries to
protect companies from hackers and prevent cyber crime.
Key words: Internet and of computer technology, Hacking, Association Group Insurance
Administrators (AGIA), Internet hackers, SQL Slammer worm, Blaster worm, Sobig. F virus,
online marketers, viruses, denial-of-service attacks, intellectual property theft, The Council of
Europe, The Organization of American States, cyber law making agencies.
Then, prepare a likelihood and consequence list as under:
The likelihood of an event can be classified as:
a (almost certain) The event is expected to occur in most circumstances.
b (likely)
The event will probably occur in most circumstances.
c (moderate)
The event should occur at some time.
d (unlikely)
The event could occur at some time.
e (rare)
The event may occur only in exceptional circumstances.
The consequence or impact of the event occurring can be defined as:
1 (trivial)
No action is required and/or low financial loss.
2 (minor)
No further action is needed at present, but monitoring reqd. to ensure that controls are
maintained
3 (moderate) Reduce the risk, but the costs of doing so need to be carefully considered.
4 (substantial) The activity halted until the risk has been reduced /sufficient control measures are in place.
5 (intolerable) Activity that gives rise to risk should be prohibited -this may indicate that it needs to be part
of a legal compliance plan.

Having understood the two measures of likelihood and consequence bring them together into a
level of risk matrix

C.DCRUZ ~ EPM 5740 ~CASE STUDY 3- 2016 .doc

3

Having prepared your matrix, using the template from last weeks case study, complete
this case study with your comments and recommendations .

This Assignment, when well prepared will attract BONUS MARKS.

C.DCRUZ ~ EPM 5740 ~CASE STUDY 3- 2016 .doc

4