Revanth Challuru

ENGL 2116 - 002

Internet & Cyber Security Annotated Bibliography
Loveland, Gary, and Mark Lobel. "Cybersecurity: The New Business Priority." PwC. PwC,
n.d. Web. 12 Nov. 2015. <http://www.pwc.com/us/en/view/issue-15/cybersecurity-businesspriority.html>.
This article talks about cybersecurity in the business world. Information security is not
one of the foremost details that executives worry about according to a survey done by PwC.
Although executives talk about how their information security activities are efficient, not many
of them are actually proactively involved nor have a good strategy to implement. 14% (globally)
of executives surveyed admitted that they are lacking in a strategy and being reactive when it
came to information security. According to the survey, only 13% of the companies had
information security strategies in place, have leading practices, a high-level security chief, and
possess a deep understanding of the security events that occurred within their organizations. The
article continues on describing few of the barriers to an effective cybersecurity as told by their
survey. While CEOs say lack of capital funding was the main issue, CFOs state that lack of
leadership from the CEO was the reason, and lastly, the CIOs and security executives point
towards a lack of actionable vision or understanding within the organization. The next section
describes about the four growing cyber threats and real world-examples of these threats;
nuisance hacking, hacking for financial gain, advanced persistent threat, and hacktivism. The last
sections of the article talks about info security challenges companies face such as keeping with
new technologies and the risks that come with it, business leaders unsure about where to focus
info security strategies on, locating and protecting sensitive data, and testing and reporting
security incidents.
PwC, the publisher of this article, is a company that have experience in delivery quality
in assurance, tax and advisory services. They have provided services to 418 companies in the
Fortune Global 500. The authors of this article are also quite knowledgeable in information
security, as Gary Loveland a US Leader, Lobel is a Principal in PwCs Security practice, and
both oversee the Global State of Information Security Survey, which PwC has conducted for 14

years. I also used EasyBib credibility checker for further confirmation. Taking this information
into account, I believe this article to be credible.
What I was surprised by the most about this article is that executives dont prioritize nor
consider the importance of cyber security. I would believe in this modern digital age, with the
growing numbers of sophisticated cyber-attacks, companies would have strategies and resources
in place to counteract potential threats. When it comes to actual protection and knowledge
though, according to the survey, fewer than 13% of the respondents (executives) actually have
info security strategies in place, have leading practices such as high-level security chiefs,
regularly measure and review policies, and possess a deep understanding of the types of
security events that have occurred within their organization. These people are categorized as
True Leaders by PwC. I believe that the government has to place strict laws that require every
company to have proper up-to-date security measures, and possibly a cybersecurity group. The
True Leaders are also the only companies that experienced 50% fewer info security incidents
compared to other respondents. Eventually though, I hope and believe that all corporations will
one day have the necessary cyber security setup and experience less than 3% info security related
incidents.
This information could help me in the future when I get a job and also if and when I
decide to start my own IT consulting business. In terms of job, I can try to work closely with the
executives to implement strong security measures, inform them of new technological advances
that could be used against them and ways to protect the company against such possibilities.
When it comes to having my own business/ company, at that time, I would make sure to have a
cybersecurity group in place and also make sure to stay knowledgeable on current cyber security
related news, products ,and other helpful resources. This way, I can make sure to have an
understanding of the inner workings of my company.
Nesh, Randy. "Phishing: Why Are We (Still) Getting Caught?" InformIT. Pearson, 9 Feb.
2015. Web. 12 Nov. 2015. <http://www.informit.com/articles/article.aspx?p=2301452>.
The first paragraph introduces spam email, which advertises some product. The
spammers get income from just the number of recipients that they send the spam mail to.

Generally, spam is not malicious. The articles then describes how phishing works; it is a form of
social engineering that is targeted and launched via email or malicious sites. They attempt to gain
trust by using the names of known companies and people the recipient may know. These mails
request account info to verify identity, use names of well-known charities, or pretend that
theres a problem with a shipment. They use malware, viruses, etc. to compromise the recipients
computer and gain more info. Over time, phishing has grown but also other forms of attack have
been growing, such as ransomware, in which malware encrypts files on an infected computer and
demands money in order for the file to be decrypted. People still continue to fall for phishing,
due to trust, fear, or lack of knowledge/awareness. Nesh then gives suggestions on how to
prevent phishing. Methods include: patch everything (download updates for various programs),
check incoming email carefully, be wary of email attachments, dont provide personal, financial,
or account info (instead take up the matter directly with the company that supposedly sent the
email), dont trust phone callers that ask for personal info, use defensive software (antivirus,
spyware protection, and firewall), be careful when sharing and downloading info, and check the
websites address given in phishing emails. Lastly, the article talks about how if a recipient has
been compromised by a phishing attack, he/ she should, either report it to the respective
company to which the sensitive info pertains to, contact financial institutions if such info was
shared, or change passwords if shared.
This article comes from informIT, a branch of Pearson, which is a primary indicator of
valid information. The author, Randy Nash also has had more than 30 years of experience with
all aspects of Information Security and Information Assurance, certified in ADP Security and
Risk Management, and currently works with a government contractor, providing oversight,
guidance, and support. This information shoes that the author is highly credible, knowledge
about the topic, and most likely up to date on current tech and security advances. I also used
EasyBib credibility checker for further confirmation. Taking this information into account, I
believe this article to be credible.

It is quite saddening but understandable that people still continue to fall for phishing and
spam emails. I believe that internet users should have access to some kind of interactive activity
or brief program where they can learn about protecting themselves and using security products to
their advantage and for a peace of mind. What is quite surprising is that generally the senders of
spam email are not intending any harm and that just sending mass amounts of such email
provides a source of income. I would like to know though how these spammers manage to get a
hold of emails. I personally am very careful of inputting any information on any website, but
somehow I still managed to get spam email which always puzzles me. Looking at examples of
legitimate emails versus phishing emails, I found it quite difficult to spot the differences between
the two, as many of them are quite small, such as spelling errors or a different shade of a color. I
would never have thought of hovering the cursor over the given hyperlink to see where the link
will take you without actually clicking the link until some of the other articles I have read.
When it comes to my field, knowing how to defend myself against phishing and other
internet security threats will help me use my computer more wisely, be sure to not store sensitive
company code on a personal computer, and not somehow share it with anyone or anything. If I
learn more about phishing, I can also learn to code a counterattack to phishing software if it ever
tried to infect my computer.