Cyber Security At Honda Case Solution & Answer

Cyber Security At Honda Case Solution 

Executive Summary

Honda’s Information Security Program has been analyzed using the NIST cyber-security framework by the Miskanic security team.  The policy and the process maturity levels have been evaluated, which enabled the team to identify the security gaps, as mentioned in the report below. The security gap analysis also helped the security team in assessing the current state in comparison with the ideal and the target states and ultimately identifying the levels, at which control can be implemented by providing key recommendations.

An appropriate dollar value was generated to proceed through operational expenditure. It also includes staffing requirements. For the next three years, it will move our program more closely to our target score.

For executing this analysis, NIST CSF was chosen as it has the best approaches to manage cybersecurity-related risks. It manages risks more deliberately. The cyber-security framework offers a cost-effective and flexible approach to a quantity and focuses on the associated risks generated through the lack of action. It also provides a platform for Honda and associated stakeholders by providing and promoting the resilience infrastructure.

 Frame Work Usage

            The framework promotes industry standards and best practices to help organizations who manage cyber security risks. It provides a common language to all the employees at all the levels within the organization and throughout the supply chain.  It also develop a shared understanding of their cyber security risks. NIST has worked with private companies and government experts to develop the Framework, which was released in early 2014. The effort went so well that Congress suspended them as a NIST employee in the 2014 Cyber-security Enhancement Act.

The framework not only deals and helps the organizations but also it understand cyber security threats and risks. It also helps to reduce these risks through customized measures. The framework also promotes and respond to redirect cyber security events, which in turn motivates them to analyze the causes and look for ways to improve. Companies from different world who have welcomed the use of the Framework, which includes JP Morgan Chase, Microsoft, Boeing, Intel, Bank of England, Nippon Telegraph and Telephone Corporation, and the Ontario Energy Board.

NIST continues to pursue and promote awareness of the Framework. Its implementation in the domestic and international markets is beyond threads. NIST also continues to work with industry and other stakeholders to ensure that the renewal of the Framework maintains its usefulness and utilization of various organizations.

The Cyber-security Framework is used by more than 30% of US organizations and is expected to reach 50% this year. Among those organizations are JP Morgan Chase, Microsoft, Boeing and Intel. Meanwhile, overseas organizations using the framework include the Bank of England, the Nippon Telegraph and the Telephone Corporation, and the Ontario Energy Board.

The purpose of this framework is to:

  • Integrate standards of industry and imply the best practices to help the organizations and manage their cyber security threats
  • It provides a usual languages for all the employees and allow them to understand the common security threats
  • promote and guide the employees that how to reduce risks
  • Give advice on how to respond to and recover from cyber security attacks and learn from these incidents.

Cyber security framework updates 2018

The NIST’s Cyber-security Framework was renewed in 2018 after the four years of its creation, After publicizing it on public, it gets the huge response, According to the feedback of a public, It shows that;

  • This version 1.1 has shown updates on:
  • Cyber security risking self-assessment
  • Identification and authentication of threats
  • disclosure of risk

The CSF Program Manager, Matt Barrett pays a comment on these changes: He said, “This update is improving and clarifying Version of 1.0. It is highly flexible to meet the demands of each business or organization, and applies to a variety of technical areas such as information technology, industrial management systems and Internet of Things. ”

The equivalency of cyber security framework in UK

As some of the countries are directly included and connected with CSF in their legislation, The UK has not officially connected with CSF. There are number of laws that duplicate CSF neutral objectives. These objectives are not specifically addressed. For example, SMEs and startups, they contain examples of best practices such as NIST guidelines that are used worldwide in developing a risk management strategy.The existing legislation of Cyber security CSF includes the following;

Minimum Cyber ​​Security Standard (MCSS)

It is published in June 2018. It has been operating successfully in different departments of UK government. The MCSS is quite close to CSF.

Health and Safety (HSE) Operational Guide for Industrial Automation and Control Systems (IACS)

It is published in 2017. It aims to prevent the dangers opposed by cybersecurity violations. This law mainly affects the suppliers and distributors of electrical businesses involved in the manufacturing and storage of hazardous and explosive chemicals. It also includes in microbiological factors.

Director of Networks and Information Systems (NIS)

It is launched by EU in July 2016. NIS Directive is targeted at critical infrastructure such as businesses within the oil, gas, energy, transport, banking, water, food and telecommunications. It also targets the online service providers or online platforms, such as -computing clouds or search sites. NIS is very important for promoting online businesses which in retturn make its absolute worth in the market.

Security Gaps:

In today’s world, the information has become a crucial asset for the top performing, even the small companies. The changing world has led the organizations to put efforts in securing their key asset i.e. information. The security experts have to keep a vigilant eye over the latest trends in technology, as the threat coming from the environment is increasing day by day over the organizations. Not only this, the organizations need to ensure that a proper cyber-security framework and policies have been implemented, apart from the technological advancements. For such purposes, an organization must implement a proper cyber security framework, which allows a cyber security leader to manage the risks associated with the organization’s cyber-security systems, more intelligently, if done properly.

The cyber-security framework refers to a well-designed plan, which involves the implementation of tools and practices required for safeguarding the data and systems of a particular organization(Swiss Cyber Forum, 2020). The main reason behind the implementation of a cyber security framework is that it minimizes the cyber security risks and it enables the security team to highlight the components, which may not be accounted by the security team. Overall, the cyber security framework enables an organization to develop a standard security policy, which could keep the organization secure form the future cyber-security incidents.

In order to analyze the cyber-security attack at Honda, NIST cyber security framework has been utilized so that the problems and the potential solutions can be figured out. The NIST framework is basically comprised of three parts which have been used over Honda in order to find out the reasons and solutions towards the cyber-security breach. The basic structure of the NIST framework comprises of three main parts including the framework core, implementation tier and the framework profile. In order to build a comprehensive cyber-security strategy for Honda, these three parts have been carefully carried out in a joint manner…………….

This is just a sample partial case solution. Please place the order on the website to order your own originally done case solution.

Share This