Abstract
Grayson Insurance, as the name suggests, is an insurance company, which operates in the U.S and all across Europe. In recent weeks, we conducted an assessment on some of the cybersecurity policies that affect our company, including the Federal Information Security Management Act (FISMA) and the General Data Protection Regulation (GDPR). This was followed by conducting a risk assessment on some of the most important information assets that Grayson Insurance uses, including customer data, employee information, patient medical records, and company information. Some of the vulnerabilities that were uncovered from the assessment include phishing attacks, insider threats, data breaches through cyberattacks, and intellectual property theft. The next step is to come up with a Strategic Cybersecurity Plan that is aligned with Grayson Insurance’s business and IT priorities.
References
Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3, 563060.
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003.
Cardona, P., & Rey, C. (2022). Management by missions: Connecting people to strategy through purpose (p. 156). Springer Nature.
Da Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, 101713.
Det Norske Veritas. (n.d.). The three-pillar approach to cyber security: Data and information protection. Retrieved from https://www.dnv.com/article/the-three-pillar-approach-to-cyber-security-data-and-information-protection-165683#:~:text=Confidentiality%20in%20this%20context%20means,not%20have%20access%20to%20them.
Howell, G., Boeckl, K., Grayson, N., Lefkovitz, N., Ajmo, J., Craft, R., McGinnis, M., Sandlin, K., Slivina, O., Snyder, J., & Ward, P. (2023). Mobile device security: Bring Your Own Device (BYOD), Special Publication (NIST SP). Gaithersburg, MD: National Institute of Standards and Technology.
Ironhack. (2024). Data privacy regulations: Compliance challenges and best practices. Retrieved from https://www.ironhack.com/gb/blog/data-privacy-regulations-compliance-challenges-and-best-practices
Kaushik, N. (2024). Risks, trends, challenges for cyber insurance. Retrieved from https://www.insurancethoughtleadership.com/cyber/risks-trends-challenges-cyber-insurance#:~:text=Unlike%20 traditional%20insurance%2C%20cyber%20insurance,uncertainty%20remains%20a%20significant%20challenge.
Marion, T. J., & Fixson, S. K. (2021). The transformation of the innovation process: How digital tools are changing work, collaboration, and organizations in new product development. Journal of Product Innovation Management, 38(1), 192-215.
Mtsweni, P., Mokwena, S. N., & Moeti, M. N. (2021). The impact of outsourcing information technology services on business operations. South African Journal of Information Management, 23(1), 1-7.
Palatty, N. J. (2023). 80+ healthcare data breach statistics 2024. Retrieved from https://www.getastra.com/blog/security-audit/healthcare-data-breach-statistics/#:~:text=95%25%20of%20all%20identity%20theft,incidents%20affecting%202.5%20million%20people.
Perwej, Y., Abbas, S. Q., Dixit, J. P., Akhtar, N., & Jaiswal, A. K. (2021). A systematic literature review on the cyber security. International Journal of scientific research and management, 9(12), 669-710.
Reijers, H. A. (2021). Business process management: The evolution of a discipline. Computers in Industry, 126, 103404.
Tidd, J., & Bessant, J. R. (2020). Managing innovation: integrating technological, market and organizational change. John Wiley & Sons.
Wiley, A., McCormac, A., & Calic, D. (2020). More than the individual: Examining the relationship between culture and Information Security Awareness. Computers & security, 88, 101640.
Yoo, C. W., Goo, J., & Rao, H. R. (2020). Is cybersecurity a team sport? A multilevel examination of workgroup information security effectiveness. Mis Quarterly, 44(2).