CIS6714 Cyber Resilience Assessment 2 – Cyber Resilience Design

CIS6714 Cyber Resilience

Assessment 2 – Cyber Resilience Design

Student ID –

Student Name -

Introduction

UniNet is a middle-grade ISP nestled in regional Queensland and has been successfully offering reliable and fast internet connection to clients such as members of society, residents, and small to medium-sized enterprises. Security is a keen issue at UniNet due to its preservation of confidentiality and sensitive customer information and its reliance on secure systems to provide its services. As part of this report, it has been recommended that UniNet implement the Cyber Resilience Design to improve the security architecture and allow organizations to maintain regular operations while meeting ISO 27001 regulations.

The goal of this report is to plan out measures that safeguard UniNet’s human resources and its systems, third parties, endpoints, and business impact. The controls have broken down into specific control objectives, current best practices, controls for compliance with regulations, and documentation for the five fundamental areas of cyber security.

Overview of Cyber Resilience Design

Background Information:

UniNet is an Internet Service Provider (ISP) in regional Queensland with comparatively moderate Internet services to homes and small and medium enterprises. UniNet is a network service provider that deals with customer-sensitive information and implements important IT services; cyber Resilience is important to safeguard its activities, Customers, and continuity.

Purpose of the Report:

This report shall therefore look at establishing a Cyber Resilience Strategy for UniNet about the contemporary need for security controls geared toward protecting UniNet’s systems, employees, and customers from possible cyber threats. This document details principles addressing controls and activities that can significantly improve comprehension of cybersecurity risks and bolster the security posture of UniNet while ensuring business continuity.

Scope of the Report:

What makes the specific report stand out is the fact that the report groups the areas of cyber resilience into five categories.

1. Human Resource Security: They are headed toward training, granting access controls, and increasing awareness programs.

2. System Acquisition, Development, Architecture, and Design: The more challenges there are in securing development and deployment processes.

3. Supplier and Third-Party Security Management: An issue associated with the management of risks from vendors and third-partners.

4. Endpoint and Remote Access Security: Ensuring all the physical and software devices and all remote network access points are secured.

5. Business Continuity Management: Intention in making strategies to facilitate business continuity even during major disruption.

Key Terms and Acronyms:

• Cyber Resilience: The capability of an organization to prevent a cyber-attack and its capability to effectively deal with such an incident when it occurs.

• ISO 27001: Referenced below is an international standard that can be used in managing information security.

• SOC 2: A guideline on how third parties can be secured.

• VPN: A Virtual Private Network that is used in creating secure remote network access.

Controls for Human Resource Security

1. Objectives

The specific objectives of the Human Resource Security controls are to protect organizational information and assets, control the employment and third-party contractor population’s access to this information and assets, maintain compliance with cybersecurity policies and procedures, and foster a security-conscious population. The primary objectives are:

• Limit this access through strict measures in an attempt to ensure that only authorized personnel are allowed to access such data.

• Educate security personnel on the latest trends in cybersecurity and information security fundamentals as well as proactively conduct online security training.

• Human resources security regulations like ISO 27001 as well as NIST should be put into consideration.

• Reduce insider risk by conducting thorough background checks, and regularly monitoring the employees who have authorization to access the sensitive information.

• Limit exposure during their employment life cycle through poor hiring, transfer, and termination as well as rewarding bad access privileges and removing bad access privileges respectively (Thite 2020, pp. 87-103).

2. Scope

The scope of Human Resource Security at UniNet covers:

• Full-time employees: Employees included are; Network engineers, system administrators, cybersecurity analysts, and other major personnel.

• Contractors and third-party workers: Top management, internal IT employees, external IT consultants or vendors, and outsourced service providers.

• Temporary and part-time staff: People who work with UniNet’s systems temporarily or during busy hours at the workplace.

• Remote workers: Any individual who uses a computer to connect to UniNet’s IT systems, either from home or while on duty in some other location.

• Interns and trainees: People who are part of learning or supporting capacity and could hardly get access to these systems (Bhargava et al. 2021,pp.106-113).

3. The proposed controls for the Human resource security are:

3.1. Users’ Access Rights and Privileges

• Role-Based Access Control (RBAC): Develop a policy of use of computers in the organization that limits employees’ access to any system or data beyond their responsibilities. This cuts the incidence of unauthorized entry and consequently protection against data leakage.

• Multi-Factor Authentication (MFA): Ensure that users apply Multi-Factor Authentication for anyone to access the core resources. This provides an extra form of security like inserting a biometric fingerprint, or a one-time password (OTP) among others thus increasing the security of the user’s account (Mohammed 2021,p. 2320).

3.2. Valuable Lessons – Onboarding and Offboarding Processes

• Background Checks: Ensure that everybody who is hired into the company and everyone who is contracted to work for the company undergoes a detailed background check. This involves affirming the person’s identity, conducting a background check that considers his criminal records, and evaluating the prospective risk from the job experience.

• Onboarding Training: Use renewed employee orientation as the best time to teach the new employees about the company’s cybersecurity rules. This training should touch on UniNet security policies, phishing threats, passwords, and special data privacy provisions (Varshney 2022, pp. 58-80).

3.3. Security Awareness Training and Communication

• Continuous Security Training: It is recommended to give more information to the employees about the new threats appearing in the information space by conducting a set of training sessions not less often than per quarter. Discussed topics should concern social engineering threats, ransomware attacks, malware scanning, and current company policies.

• Phishing Simulations: They recommended that the employees should be taken through simulated phishing at least once in a while to check their preparedness towards identifying and reporting phishing emails. Those staff who invariably fail these tests should be put through remedial training.

• Security Awareness Campaigns: Some of the suggestions include the periodic use of posters, and newsletters, as well as the use of seminars to remind the entire organization about the constant dangers of cyber threats (Dash & Ansari 2022).

3.4. Monitoring and Auditing

• Regular Access Audits: /IT policies: establish monthly checks of employees’ access to security-relevant systems. Any abnormal access must be investigated in the same way to check for risks or breaches that might have occurred.

• Behavioral Analytics: Employ user behavior analytics (UBA) that enables the identification of out-of-the-norm employee activities in the organization marking them as insider threats. This is for example log-in activity at nonconventional times, movement of files, or unauthorized use of data (Bhattacharjee et al. 2024, pp.123-146).

3.5. Incident and Accident Response and Management

Incident Response Training: Make it a point to educate your employees most especially those that have administrative access to whatever systems and applications your company has in place with regards to the right steps one must take in the event of an incident. This comprises recognizing how to inform security incidents, and their part in countermeasures (Kaluvakuri 2023, pp. 950-963).

4. Legal and regulatory requirements

• ISO 27001 Compliance: This standard requires organizations to maintain proper procedures in access control and requisite safety measures of workplace awareness.

• General Data Protection Regulation (GDPR): When dealing with EU citizens’ information make sure that they follow GDPR rules and regulations concerning data protection (Breyer et al. 2022).

Controls for System Acquisition, Development, Architecture, and Design

1. Objectives

The primary objectives of System Acquisition, Development, Architecture, and Design controls are:

• Secure System Acquisition: All new systems provided as software and/or as hardware should meet security requirements and should not have well-known flaws.

• Secure System Development: Use security at the design, development as well as implementation stages in the development of the system to avoid design vulnerabilities.

• Resilient Architecture and Design: Construct resilient system designs that can effectively recover from computer-based risks together with advanced security properties.

• Regulatory Compliance: Comply with such standards as ISO 27001 as well as NIST SP 800-53 to meet legal and industrial requirements (Upadhyay & Sampalli 2020, p. 101).

2. Scope

The scope of these controls covers:

• System Acquisition: Off-the-shelf IT applications software solutions, and hardware platforms including routers, servers, and the cloud.

• System Development: Development of internal software, communications with, and procurement of software from outside developers.

• Architecture and Design: Any network, database, or any web-based application that forms a part of the overall system.

• System Upgrades and Patches: It involves the addition of security fixes, modification of versions, and improvement of the current system (Tekinerdogan & Verdouw, 2020,p. 5103).

3. Proposed Controls for System Acquisition, Development, Architecture, and Design

3.1. Secure System Acquisition

• Vendor Risk Assessment: Regular risk assessments should be carried out for security assurances that the sellers are ISO 27001 or SOC 2 compliant and that they have sound policies on vulnerability.

• Justification: Recruitment ensures the exclusion of systems that may contain security vulnerabilities from being purchased.

• Security Clauses in Contracts: All contracts with vendors should involve terms and conditions that bind vendors to standards of security as well as timelines for reporting security issues.

  • Justification: Security clauses make vendors ensure compliance with elements of security giving them legal responsibility for the exercise (Alnaseef et al. 2023, p. 107).

3.2. Secure System Development

• Secure Development Lifecycle (SDLC): Require security for multidisciplinary phases of the SDLC, threat profiling, and vulnerability as well as security code assessment.

  • Justification: That approach eradicates risks following the deployment stage by identifying them during development.

• Code Reviews and Audits: Carry out frequent checkups in the form of peer code reviews and third-party audits to identify any probable holes before release.

  • Justification: Code reviews prove that dangerous practices are not used, and safe ones are used instead.

• Penetration Testing: Use a trial run of systems before unleashing actual attacks and checking the strength of the security mechanisms put in place.

• Justification: Basically, penetration testing offers an organized method of revealing potential points of attack within the system (Furrer 2023,pp.96-103).

3.3. System Architecture and Design

• Zero Trust Architecture: Adopt a Zero Trust framework in which a user or a component cannot be trusted and identity validation occurs for all the incoming accesses.

• Justification: Zero Trust eliminates and restricts the possibility of access to unauthorized resources granting access only in real-time (Stafford 2020,p. 207).

• Network Segmentation and Isolation: Implement segmentation to isolate valuable resources from less protected areas of the network, making it more difficult for thugs to wander around.

• Justification: Reduction of the effects of a potential breach happens since key resources are partitioned using segmentation.

• Redundancy and Fault Tolerance: Make information systems are designed with back-ups and contain ways to self-heal to support availability in the face of hardware breakdown and/or cyber-attacks.

  • Justification: Redundancy helps to reduce the probability of system failure and keep the business going.

4. Principles and Best Practices

4.1. Security by Design

Security by Design is the security of a system which begins at the early stages of system development. They are not simple workarounds created ad hoc once the possibility of an assault has been identified but constructions made to endure one.

Best Practice:

This is done in the design phase, as the firm ought to be aware of various threats that it faces in the business environment.

It means that developers should follow secure coding standards such as the Open Web Application Security Project’s Top Ten.

Original Insight: By integrating threat analysis involving the use of artificial intelligence during the design process, it is made easier to handle design threats that may emerge in the future thereby minimizing vulnerabilities.

4.2. Continual Monitoring

It means that the security of systems is perpetually checked to ensure that threats are detected and handled immediately after the system has been deployed.

Best Practice:

• The manipulation of activity, detection of anomalies, and management of incidents should be done through SIEM systems.

• Continuously install security updates and perform post-deployment assessments.

Original Insight: The inclusion of MLLs in SIEM systems enables the detection of threats and event behavior by analyzing its patterns and differences from the norm in real-time (Doynikova et al. 2020, p.301).

Controls for Supplier and Third Party Security Management

1. Objectives

Supplier and Third-Party Security Management’s goals are to effectively protect UniNet’s data and system’s purity while interacting with other organizations. The key control objectives include:

• Vendor Risk Assessment: Reporting on the security dangers of extending business relations with suppliers and third-party service providers, and management of identified security threats to meet applied security standards.

• Security Compliance: Also, to make sure that all the suppliers have complied with security policies, industry best practices, and regulatory requirements in their line of business, for example, ISO 27001 and SOC 2.

• Continuous Monitoring: To keep a regular check and balance of supplier security management and their response to security incidences during the cycle of the contract.

• Incident Response Coordination: To provide timely and efficient communication and cooperation with UniNet suppliers in the event of an unsafe situation (Kenyon 2024).

2. Scope

The scope of these controls encompasses all aspects of supplier and third-party interactions, including:

• Supplier Selection and Onboarding: The process to investigate potential suppliers and estimate their security status and compliance with UniNet’s requirements in the procurement process.

• Contract Management: Measures include the insertion of security clauses standards and requirements that should be incorporated in contracts.

• Ongoing Management: Supervisory control of suppliers after the onboarding process constantly to check their compliance with security standards, which involves periodic audits and assessments.

• Incident Management: The development of guidelines on how to respond in case of security incidents concerning third parties (Keskin et al. 2021,p. 1168).

3. Supplier and Third-Party Security Management Control Proposed

3.1. Vendor Risk Assessment

• Initial Risk Assessment: Carry out an analysis of risk for all the suppliers to be relied on before engaging their services. This entails assessing their levels of security policies and practices, and compliance with the set standards.

  • Justification: Because risks are assessed at the earliest stage, suppliers associated with high risks will not be selected for contract awards to supply UniNet to minimize exposures that could adversely affect the functioning of the company.

• Continuous Risk Monitoring: Carry out risk evaluations in a continuous manner depending on the changes the supplier is faced with or its business model change maybe in a cyclic manner.

  • Justification: The fact that monitoring is continuous means that new risks are constantly discovered and managed before they can cause harm.

3.2. Contractual security obligations

• Security Clauses in Contracts: Incorporate several and specific security clauses in the supplier’s contract that spell out the security measures, policies, and procedures on data protection and regulation.

  • Justification: Modern agreements state effective security practices that suppliers have to adhere to, thus making them accountable.

• Service Level Agreements (SLAs): Create specific and measurable security performance goals that help define clear and measurable standards of acceptable performance levels what corrective actions should be taken and what consequences are involved when the standards are not met.

  • Justification: Being the covenant of suppliers, SLAs assist in depicting to the suppliers the significance that UniNet places on the security requirements and also form the backbone of recourse if suppliers neglect the essence of the implementation guide.

3.3. Continuous Monitoring and Auditing

• Regular Security Audits: Carry out regular assessments of the security measures implemented by your suppliers together with their adherence to contract requirements; outsourcing the assessments, when required.

  • Justification: Suppliers' regular audit ensures that they have the right security measures as well as meet the set standards.

• Performance Metrics and Reporting: Implement specific measures, such as standard establishment for supplier security and its constant reporting, for evaluation of continuous compliance.

  • Justification: KPIs help UniNet to measure the performance of a supplier company and also analyze the possibilities of future enhancements (Abrahams et al. 2024, pp.21-39).

4. Principles and Best Practices

4.1. Due Diligence

It encourages a proper evaluation and validation of the supplier's security competence before engaging them in service delivery.

Best Practice:

• The first component is to apply questionnaires for security assessment for the vendors that includes the check of measures, policies, and compliance.

• Make follow-up phone calls to other of the suppliers’ clients to confirm this information.

Original Insight: Creating an effective vendor risk management scorecard implemented from quantitative as well as qualitative factors will be very helpful in eliminating lengthy research work and will also give a clear idea of the risk assessment of each vendor.

4.2. The concept covered under this principle states that security is a joint responsibility between UniNet and its suppliers.

Best Practice:

• Specify communication and escalation and both entities should be very clear on how they are going to deal with incidents.

• Engage with third-party vendors on developing cross-company response strategies for such a situation.

Original Insight: Supplementing joint training with suppliers provides an opportunity for better organization and management of security threats, as well as the creation of a joint risk management culture.

4.3. Principle of Risk Management

Supplier relationships must be transparent; it is essential for trust and risk management.

Best Practice:

• Set parameters that suppliers must report any major security events or security breaches at any time, including their actions taken and what they have evoked.

• Exchanges of appropriate security policies and practices between UniNet and suppliers to ensure the correctness of shared qualities.

Original Insight: The use of an accountable rear for security information sharing can help promote awareness of security issues as well as help communication flow quickly regarding security threats and occurrences.

Controls for Endpoint and Remote Access Security

1. Objectives

The primary goals of Endpoint and Remote Access Security are the protection of the organizational systems and information from external unauthorized access while also addressing secure end-user remote access. The critical control objectives include:

• Endpoint Protection: For the protection of laptops, smartphones, tablets, IoT devices, and all digital devices against malware, malicious accesses, data theft, etc.

• Secure Remote Access: To provide a pathway for remote users to be able to access company resources where the data passed is encrypted and more so authenticated.

• User Authentication and Access Control: To facilitate identification of the user and restrict access to the data in the organization depending on the set role.

• Incident Detection and Response: For them to have measures of identifying, tracking, and addressing events relating to endpoints and remote connections (Rakha 2023,p.3).

2. Scope

The scope of controls for Endpoint and Remote Access Security includes:

• Endpoint Devices: Devices that are connected to the network including; desktops, laptops, and any other mobile devices.

• Remote Access Methods: VPNs, RDPs, cloud, and other secure access types of applications.

• Access Control Mechanisms: Software/ hardware used in the identification and authorization of clients/users and protection of resources.

• Data Protection: Solutions that guarantee that the information coming and going from the firm and stored on the endpoint devices cannot be accessed by the wrong people.

3. Proposed Controls for Endpoint and Remote Access Security

3.1. Endpoint Protection Controls

• Endpoint Detection and Response (EDR): Use EDR solutions to actively scan endpoints for activities that indicate a threat, malware, or security losses.

  • Justification: EDR gives endpoint exposure in real-time and makes it easy to identify incidents and respond to them within the shortest possible time.

• Antivirus and Anti-malware Solutions: On all the endpoint devices ensure that you have the recent antivirus and anti-malware software.

  • Justification: Periodic updates of the antivirus help categorically counter new and existing forms of attack.

• Data Encryption: Use encryption for all the data that is stored in the point of use and utilize the strong encryption standards.

  • Justification: Everyone has a right to privacy hence encryption serves to protect the data in case the device is lost or rather stolen.

3.2. Secure Remote Access Controls

• Virtual Private Network (VPN): Make it mandatory for users outside the reach of the organization’s network to log in through a VPN, which would encrypt all data Traffic.

  • Justification: VPNs afford data interception and protection of information that is sent through remote connections.

• Multi-Factor Authentication (MFA): Effective today, more than one factor must be used for remote connections besides the password.

  • Justification: Due to misadventures of credential compromise, MFA greatly decreases the probability of unapproved access.

• Role-Based Access Control (RBAC): Implement rollback capability to provide the necessary user resources without allowing them unnecessary access to a system.

  • Justification: RBAC addresses the issue of large numbers of users being granted access to a system, thereby reducing insider threats and more generally, curtailing any opportunities that an attacker might have to exploit.

4. Principles and Best Practices

4.1. Principle

It is generally referred to as the principle of minimum privilege where user ID helps in granting only those privileges to a user that are necessary to complete a specific assignment.

The Principle of Least Privilege guarantees that any user/ system possesses only the privilege required to perform its/ his tasks.

Best Practice:

• Always audit access right to work to guarantee that the user works only with the approved permissions level.

• Grant specific project-related access to users on a limited basis for a set time.

Original Insight: The usage of automated tools to set privileges from the analysis of the user behavior and context is secure without interfering with real work.

4.2. Security by Design, also referred to as Perimeter by Design.

Security needs to be aligned as part of the design in other generation’s endpoint and remote access systems, and not as an adjunct.

Best Practice:

• Threat modeling should be carried out during the design phase of the remote access system.

• Integrate security features into the application by implementing functionality that includes logging and monitoring.

Original Insight: Such security frameworks based on AI can detect escapes at the architectural stage, and systems can also be changed as the threat evolves.

4.3. Flow

It flows from continuous monitoring to incident response and extends that to threats identified in the associated risk registers.

They are used for constant monitoring to respond to incidents related to endpoints and remote access as they happen.

Best Practice:

• Implement SIEM that is used to detect logs and other anomalous activities.

• Create an incident response plan to contain endpoint as well as remote access security issues adequately.

Original Insight: The use of machine learning in SIEM systems can forecast and avoid security events with the help of the recognition of unusual behavior patterns.

Controls for Business Continuity Management

1. Objectives

BCM's main aims are to allow UniNet to keep vital processes running and reduce the negative effects of disruptive incidents on customers and other interested parties. Key control objectives include:

• Risk Assessment and Mitigation: People should evaluate various risks likely to affect business operations and come up with ways to deal with them.

• Operational Resilience: Make certain that critical operations can go on during interruptions, which will protect service provision, and hence customer confidence.

• Recovery Strategies: Have clear plans as to how normalcy shall be restored as soon as possible after the occurrence of an incident.

• Compliance and Governance: Ensure that BCM practices adhere to compliance with regulatory and legal requirements and other relevant standards such as ISO 22301 (Suresh et al. 2021, pp.129-138).

2. Scope

The scope of BCM controls encompasses:

• Critical Business Functions: Recognize and schedule critical operations that are necessary for the delivery of a certain service.

• Risk Assessment and Impact Analysis: Carry out periodic risk and risk management output vulnerability assessment.

• Crisis Management Plans: Create contingency plans that include details of action to be taken by employees in case of emergency and disaster.

• Testing and Maintenance: In the area of personnel, specific actions require procedures for frequent testing and revision of business continuity plans.

3. Risk Treatment for Business Continuity Management

3.1. Risk assessment and Business impact analysis (BIA).

• Comprehensive Risk Assessment: Understudy adequate evaluations to understand threats, which might be natural disasters, cyber security threats, and operating system breakdowns.

• BIA: To assess, evaluate, and act on such disruptive in relation to various business processes one should prioritize the restoration of critical services.

3.2. Development of Continuity Plans

• Crisis Management Plans: Describe means by which key personnel can organize response strategies depending on the given situation, i.e., protocols on how to act as well as frameworks for decision-making.

• Resource Allocation: Determine and assign available means required to support continuity as well as people, technologies, and funds.

3.3. Training and Awareness

• Employee Training: Page 7 states that there is a need to organize training meetings for the workers to introduce them to the BCM procedures and their responsibilities in the continuity processes.

• Crisis Simulation Drills: Organize comprehensible simulations to check the preparedness of a company’s staff and the efficiency of response plans.

4. Principles and Best Practices

4.1. Principle of proactive planning

Preparation of an organization for handling crises is a vital element in organizational BCM.

Best Practice: Continuity plans should be reviewed and informed of changes for the reason that the business environment is repeatedly altering.

Original Insight: Real-time data integration can help improve situation awareness during emergency response and make correct decisions.

4.2. The principle of periodic update and review

BCM should not be a one-off activity but instead should be done continually to reflect changing risks as well as refinement of existing plans.

Best Practice: Organize post-incident critique processes to determine the effectiveness of the response, and what the weaknesses are.

Conclusion

This report introduces a strategy to improve UniNet’s cyber security by strengthening controls over individual domains, such as HR, system and supply chain procurement, endpoints, and BCM. The first goal is focused on the protection of UniNet operations against emerging risks, compliance with current regulations, and retaining customer confidence.

Principle findings reveal that the guiding principles of the Security by Design and the Principle of Least Privilege are essential in managing risks. In the design phase, the difficulty lay in bringing security into line with existing working structures and gaining acceptance from all factions. To deal with these matters, supplier and customer engagements were made, and awareness and implementation of the proposed controls training were started.

Further steps will include the rollout of the recommended controls; periodic reviews of calibration; and modification of the strategies based on empirical evidence. Ongoing training sessions and risk assessment will be indispensable geographic intelligence tools for adaptation to new threats and achieving the long-term security of a country’s assets. Finally, the strategic vision outlined here places UniNet in the best posture to handle future adversities while preserving its core values and objectives of assuring secure service delivery.

References

Abrahams, T.O., Farayola, O.A., Kaggwa, S., Uwaoma, P.U., Hassan, A.O. and Dawodu, S.O., 2024. Reviewing third-party risk management: best practices in accounting and cybersecurity for superannuation organizations. Finance & Accounting Research Journal, 6(1), pp.21-39.

Alnaseef, F., Niazi, M., Mahmood, S., Alshayeb, M. and Ahmad, I., 2023. Towards a successful secure software acquisition. Information and Software Technology, 164, p.107.

Bhargava, A., Bester, M. and Bolton, L., 2021. Employees’ perceptions of the implementation of robotics, artificial intelligence, and automation (RAIA) on job satisfaction, job security, and employability. Journal of Technology in Behavioral Science, 6(1), pp.106-113.

Bhattacharjee, S., Hillison, S.M. and Malone, C.L., 2024. Auditing from a distance: The impact of remote auditing and supervisor monitoring on analytical procedures judgments. The Accounting Review, 99(5), pp.123-146.

Breyer, S.G., Stewart, R.B., Sunstein, C.R., Vermeule, A. and Herz, M., 2022. Administrative Law and Regulatory Policy: Problems, Text, and Cases [Connected eBook with Study Center]. Aspen Publishing.

Dash, B. and Ansari, M.F., 2022. An effective cybersecurity awareness training model: first defense of an organizational security strategy.

Doynikova, E., Fedorchenko, A. and Kotenko, I., 2020. A semantic model for security evaluation of information systems. Journal of Cyber Security and Mobility, pp.301-330.

Furrer, F.J., 2023. Safe and secure system architectures for cyber-physical systems. Informatik Spektrum, 46(2), pp.96-103.

Kaluvakuri, V.P.K., 2023. Revolutionizing Fleet Accident Response with AI: Minimizing Downtime, Enhancing Compliance, and Transforming Safety. International Journal For Innovative Engineering and Management Research, 12, pp.950-963.

Kenyon, B., 2024. ISO 27001 controls–A guide to implementing and auditing. IT Governance Ltd.

Keskin, O.F., Caramancion, K.M., Tatar, I., Raza, O. and Tatar, U., 2021. Cyber third-party risk management: A comparison of non-intrusive risk scoring reports. Electronics, 10(10), p.1168.

Mohammed, I.A., 2021. Identity Management Capability Powered by Artificial Intelligence to Transform the Way User Access Privileges Are Managed, Monitored and Controlled. International Journal of Creative Research Thoughts (IJCRT), ISSN, p.2320.

Rakha, N.A., 2023. Ensuring Cyber-security in Remote Workforce: Legal Implications and International Best Practices. International Journal of Law and Policy, 1(3).

Stafford, V., 2020. Zero trust architecture. NIST special publication, 800, p.207.

Suresh, N.C., Sanders, G.L. and Braunscheidel, M.J., 2020. Business continuity management for supply chains facing catastrophic events. IEEE Engineering Management Review, 48(3), pp.129-138.

Tekinerdogan, B. and Verdouw, C., 2020. Systems architecture design pattern catalog for developing digital twins. Sensors, 20(18), p.5103.

Thite, M., 2022. Digital human resource development: where are we? Where should we go and how do we go there?. Human Resource Development International, 25(1), pp.87-103.

Upadhyay, D. and Sampalli, S., 2020. SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations. Computers & Security, 89, p.101.

Varshney, D., 2022. Understanding virtual employee onboarding (VEO): the new normal and beyond. Emirati Journal of Business, Economics and Social Studies, 1(1), pp.58-80.