What is Cyber Security?

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks,
and data from malicious attacks. It's also known as information technology security or electronic information
security.
The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few
common categories.
Network security is the practice of securing a computer network from intruders, whether targeted attackers or
opportunistic malware.
Application security focuses on keeping software and devices free of threats. A compromised application could
provide access to the data its designed to protect. Successful security begins in the design stage, well before a
program or device is deployed.
Information security protects the integrity and privacy of data, both in storage and in transit.
Operational security includes the processes and decisions for handling and protecting data assets. The
permissions users have when accessing a network and the procedures that determine how and where data may
be stored or shared all fall under this umbrella.
Disaster recovery and business continuity define how an organization responds to a cyber-security incident or
any other event that causes the loss of operations or data. Disaster recovery policies dictate how the
organization restores its operations and information to return to the same operating capacity as before the
event. Business continuity is the plan the organization falls back on while trying to operate without certain
resources.
End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally
introduce a virus to an otherwise secure system by failing to follow good security practices. Teaching users to
delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons
is vital for the security of any organization.

Types of cyber threats

The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial gain or to cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.
So, how do malicious actors gain control of computer systems? Here are some common methods used to
threaten cyber-security:
Malware
Malware means malicious software. One of the most common cyber threats, malware is software that a
cybercriminal or hacker has created to disrupt or damage a legitimate user’s computer. Often spread via an
unsolicited email attachment or legitimate-looking download, malware may be used by cybercriminals to make
money or in politically motivated cyber-attacks.

There are a number of different types of malware, including:

Virus: A self-replicating program that attaches itself to clean file and spreads throughout a computer system,
infecting files with malicious code.
Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick users into uploading
Trojans onto their computer where they cause damage or collect data.
Spyware: A program that secretly records what a user does, so that cybercriminals can make use of this
information. For example, spyware could capture credit card details.
Ransomware: Malware which locks down a user’s files and data, with the threat of erasing it unless a ransom is
paid.
Adware: Advertising software which can be used to spread malware.
Botnets: Networks of malware infected computers which cybercriminals use to perform tasks online without
the user’s permission.

Cyber safety tips - protect yourself against cyberattacks

How can businesses and individuals guard against cyber threats? Here are our top cyber safety tips:

1. Update your software and operating system:This means you benefit from the latest security patches.

2. Use anti-virus software:Security solutions like Kaspersky Total Security will detect and removes threats. Keep
your software updated for the best level of protection.
3. Use strong passwords:Ensure your passwords are not easily guessable.

4. Do not open email attachments from unknown senders:These could be infected with malware.

5. Do not click on links in emails from unknown senders or unfamiliar websites:This is a common way that malware
is spread.

6. Avoid using unsecure WiFi networks in public places:Unsecure networks leave you vulnerable to man-in-the-
middle attacks.

Planning for cyber security

Developing Your Cybersecurity Plan

Identify Key Assets And Threats. The first step in developing a cybersecurity plan is to identify the assets you're
protecting. ...
Prioritize Assets, Risks, and Threats. ...
Set Achievable Goals. ...
Document Your Cybersecurity Policies. ...
Link Goals To Business Objectives. ...
Test For Vulnerabilities.

6 Cyber Security Best Practices To Protect Your Organisation

Cybercrime has become a major problem for organisations around the world. Data breaches continue to dominate
the headlines, and the Coronavirus pandemic has highlighted the need for improved cyber security practices to
defend against evolving threats.
Small to mid-sized organisations are increasingly under attack and are proving to be a very attractive target for
cybercriminals. In fact, according to the Global State of Security report, 66% of these organisations have
experienced a breach within the last 12 months.

1. Regular Patching

Patch Management should be a key part of your cyber security strategy. New vulnerabilities are discovered all the
time and unless patches are applied, hackers will exploit these vulnerabilities to gain access to your network.
A patch is essentially a piece of code that is installed into an existing software program to correct a problem or to
improve an application’s general stability. It’s essential in keeping machines up to date, stable, and safe from
malware and other threats.
Patching is estimated to prevent up to 85% of all cyber-attacks so it’s vital your organisation applies these patches
as soon they become available. Failure to do so could be catastrophic for your business.

2. Two-Factor Authentication

Two-Factor authentication provides an extra layer of security that can make all the difference between an
attempted hack and a business crippling data breach.
In addition to a username and password, two-factor authentication requires a second piece of information to
confirm the user’s identity. This could be a pin, code, token, or even biometric data such as a fingerprint.
It’s one of the simplest ways to keep sensitive company information private and secure from interception. This
could be for logging in, resetting a password, or to provide a stronger authentication process for the protection of
sensitive data like personally identifiable or financial information.
With an increasing number of employees now working remotely, two-factor authentication enables them to access
company data without compromising corporate networks.

3. High-Quality Security Training for Employees

90% of all successful cyber-attacks are a result of information unknowingly provided by employees. As networks
become harder to breach, hackers are increasingly targeting staff as they provide the easiest way to infiltrate a
network.
Effective security awareness training is essential in training employees on how to identify and respond
appropriately to the growing range of cyber security threats. All employees, at every level of the organisation
should receive this training to ensure they are armed with the skills required to identify an attack.
The training will not only educate staff on the range of threats they face internally, but it will also cover the cyber
security risks faced when working remotely. Remote working has now become the norm, but it can pose a serious
i ik h l i i ’ IT k dd i hi hl l bl k
 security risk that can leave your organisation’s IT network, systems, and devices highly vulnerable to attack.
Cybercriminals will take advantage of any lapses in security and the current crisis is providing them with lots of
attractive weak points to exploit.

4. Reliable Offsite Back-Up Solution

With attacks against businesses almost doubling in the last five years, organisations need to be able to react
quickly and effectively to any security incidents that may arise.
One of the best ways to protect your organisation and ensure it is equipped to deal with the growing range of cyber
security threats is to use the services of an outsourced Security Operations Centre (SOC).
A SOC is run by a dedicated team of security professionals who work to monitor an organisation’s security
operations to prevent, detect and respond to any potential threats. They will typically track security threats,
including potential threat notifications via tools, employees, partners, and external sources. The security team will
then investigate the threats, and if it’s deemed to be a security incident, they will handle it quickly and effectively.
If you don’t have the resources for an in-house security team, an outsourced SOC will provide you with the
expertise, experience, and technologies that can protect your organisation against the growing range of cyber
security threats.

5. Identify Information Assets and Data Processing Activities

To develop a comprehensive cyber security strategy and effectively identify risks, your organisation will need to
complete a thorough audit of its information assets and data processing activities.
This will help determine what your most valuable information assets are, where they are located, and who has
access. Once these have areas have been identified you can focus on how each information asset could
potentially be compromised. Whether it’s a system breach, malware, or even an insider threat, steps can be
taken to improve these processes and reduce the chance of a cybercriminal gaining access to critical systems.
Regular audits of data processing activities will help safeguard data and reduce organisational risk.

6. Create an Incident Response Plan

As the number of cyber attacks and data breaches continues to rise, your organisation will inevitably
experience a security incident at some point.
To effectively deal with any incident that may arise, it’s important to have a reporting structure in place that
will enable staff to identify and report incidents in a timely manner. The reporting capability will address the
full range of incidents that could occur and set out appropriate responses. The supporting policy, processes,
and plans should be risk-based and cover any regulatory reporting requirements.
The establishment of an incident response plan will help educate and inform staff, improve organisational
structures, improve customer and stakeholder confidence, and reduce any potential financial impact following a
major incident.

Security governance principles

There are six security governance principles, namely, responsibility, strategy, acquisition, performance,
conformance, and human behavior.
These practices should support, define, and direct the security efforts of an organization, with the goal of
maintaining business processes in the middle of growth.

Components and approach:

Operational technology (OT) is the use of hardware and software to monitor and control physical processes,
devices, and infrastructure. Operational technology systems are found across a large range of asset-intensive
sectors, performing a wide variety of tasks ranging from monitoring critical infrastructure (CI) to controlling robots
on a manufacturing floor. OT is used in a variety of industries including manufacturing, oil and gas, electrical
generation and distribution, aviation, maritime, rail, and utilities.

What is OT Security?
Gartner defines OT security as, “Practices and technologies used to (a) protect people, assets, and
information, (b) monitor and/or control physical devices, processes and events, and (c) initiate state changes to
enterprise OT systems.” OT security solutions include a wide range of security technologies from next-
generation firewalls (NGFWs) to security information and event management (SIEM) systems to identity
access and management, and much more.

Offensive security is a proactive and adversarial approach to protecting computer systems, networks
and individuals from attacks. Conventional security -- sometimes referred to as "defensive security" --
focuses on reactive measures, such as patching software and finding and fixing system vulnerabilities.

What is cyber security risk management?

Cyber security risk management is the process of identifying potential risks, assessing the impact of those risks,
and planning how to respond if the risks become reality.
It is important for every organization, no matter the size or industry, to develop a cyber security management
plan.
However, it is also important to know that not all risks, even if identified in advance, can be eliminated. That
said, even in those cases, there are steps that your organization can take to reduce the potential impact.

10 considerations for cyber security risk management

Build a company culture

Di ib ibili
 Distribute responsibility
Train employees
Share information
Implement a cyber security framework
Prioritize cyber security risks
Encourage diverse views
Emphasize speed
Develop a risk assessment process
Incident response plan.

Asset Identification

Asset identification plays an important role in an organization's ability to quickly correlate different sets of
information about assets. This specification provides the necessary constructs to uniquely identify assets based
on known identifiers and/or known information about the assets.
This specification describes the purpose of asset identification, a data model for identifying assets, methods for
identifying assets, and guidance on how to use asset identification. It also identifies a number of known use
cases for asset identification.
The Asset Specifications Development List is available for developers interested in Asset Identification and
other asset related security automation standards.

Identifying Threats

Threat analysis involves the identification of potential sources of harm to the assets (information, data) that
you need to protect.
The world is full of threats, and the boundaries between what constitute relevant “cyber threats” and other
kinds of threats will always be unclear. For example, although hacking is clearly a cyber threat, environmental
factors such as flooding and fire could also threaten your data. You will have to decide how relevant they are to
your situation.
Business-related threats constitute an even grayer area regarding their relevance to cybersecurity. Equipment
failure like broken disks could threaten your data.
An emerging source of much preoccupation is supply-chain security: can you be sure that your suppliers are
not delivering malware to you, intentionally or otherwise? Insider threats, e.g. from disgruntled or idealistic
employees (or former employees) who decide to steal or publish your data constitute another growing cause for
concern.

Vulnerability identification

What is a vulnerability?
A vulnerability is a flaw that could lead to the compromise of the confidentiality, integrity or availability of an
information system. Vulnerability identification involves the process of discovering vulnerabilities and
documenting these into an inventory within the target environment.
Special care should be taken so as not to go out of scope of the allowed targets to identify vulnerabilities on. If
care is not taken, there are consequences that can follow: for instance, disruption of service, breach of trust
between yourself and the client or, worst of all, legal action against you by the client.
In order for vulnerabilities to be identified, they need to be accurately mapped. There are vulnerability lists that
make this easy to do.
What are vulnerability lists?
A vulnerability list is a documented listing of common vulnerabilities. The documented vulnerabilities are
usually assigned an identification number, a description and public references. These vulnerabilities have been
found to occur commonly and often lead to the exploitation of systems on the internet.
Databases: These databases include various information on vulnerabilities. For instance, information might
include security checklist references, security-related software flaws, misconfigurations, product names and
impact metrics.
Vendor advisories: Software vendors may issue advisories on how to deal with security vulnerabilities by
applying patches that fix these security issues.
CIRT lists and bulletins: These are groups that handle events that involve security breaches

Risk assessment approaches

Cybersecurity risk assessments help organizations understand, control, and mitigate all forms of cyber risk. It
is a critical component of risk management strategy and data protection efforts.
Risk assessments are nothing new and whether you like it or not, if you work in information security, you are
in the risk management business. As organizations rely more on information technology and information
systems to do business, the digital risk landscape expands, exposing ecosystems to new critical vulnerabilities.
Th N i lI i fS d d dT h l (NIST) h d l d C b i F k
 The National Institute of Standards and Technology (NIST) has developed a Cybersecurity Framework to
provide a base for risk assessment practices.
What is cyber risk?
Cyber risk is the likelihood of suffering negative disruptions to sensitive data, finances, or business operations
online. Most commonly, cyber risks are associated with events that could result in a data breach.
Examples of cyber risks include:
Ransomware
Data leaks
Phishing
Malware
Insider threats
Cyberattacks

How to Perform IT Risk Assessment

Cybersecurity is all about understanding, managing, controlling and mitigating risk to your organization’s
critical assets. Whether you like it or not, if you work in security, you are in the risk management business.

What is a security risk assessment?

Cybersecurity risk assessment is the process of identifying and evaluating risks for assets that could be affected
by cyberattacks. Basically, you identify both internal and external threats; evaluate their potential impact on
things like data availability, confidentiality and integrity; and estimate the costs of suffering a cybersecurity
incident.
With this information, you can tailor your cybersecurity and data protection controls to match your
organization’s actual level of risk tolerance.

To get started with IT security risk assessment, you need to answer three important questions:

What are your organization’s critical information technology assets — that is, the data whose loss or exposure
would have a major impact on your business operations?
What are the key business processes that utilize or require this information?
What threats could affect the ability of those business functions to operate?

Once you know what you need to protect, you can begin developing strategies. However, before you spend a dollar
of your budget or an hour of your time implementing a solution to reduce risk, be sure to consider which risk you
are addressing, how high its priority is, and whether you are approaching it in the most cost-effective way.

Importance of regular IT security assessments

Conducting a thorough IT security assessment on a regular basis helps organizations develop a solid
foundation for ensuring business success.
In particular, it enables them to:
Identify and remediate IT security gaps
Prevent data breaches
Choose appropriate protocols and controls to mitigate risks
Prioritize the protection of the asset with the highest value and highest risk
Eliminate unnecessary or obsolete control measures
Evaluate potential security partners
Establish, maintain and prove compliance with regulations
Accurately forecast future needs

What is a cyber risk (IT risk) definition?

The Institute of Risk Management defines a cyber risk as “any risk of financial loss, disruption or damage to
the reputation of an organization from some sort of failure of its information technology
systems”. Gartner gives a more general definition: “the potential for an unplanned, negative business outcome
involving the failure or misuse of IT.”
?Examples of cyber risk include:
Theft of sensitive or regulated information
Hardware damage and subsequent data loss
Malware and viruses
Compromised credentials
Company website failure
N l di h ld d
 Natural disasters that could damage servers
ISO 27001 and cyber risks
The international standard ISO/IEC 27001:2013 (ISO 27001) provides the specifications for a best-practice
ISMS (information security management system). An ISMS provides a risk-based approach to information
security risk management that addresses people, processes and technology.
Clause 6.1.2 of the Standard sets out the requirements of the information security risk assessment process.
Organisations must:
Establish and maintain specific information security risk criteria;
Ensure that repeated risk assessments “produce consistent, valid and comparable results”;
Identify “risks associated with the loss of confidentiality, integrity and availability for information within the
scope of the information security management system” and identify the owners of those risks; and
Analyse and evaluate information security risks according to the criteria established earlier.
It is essential that organisations “retain documented information about the information security risk
assessment process” to demonstrate that they comply with these requirements.
They will also need to follow several steps – and create relevant documentation – as part of the information
security risk treatment process.
ISO 27005 provides guidelines for information security risk assessments. It is designed to assist with the
implementation of a risk-based ISMS.

Security management function

Overview

Security is concerned with ensuring legitimate use, maintaining confidentiality, data integrity, and auditing in
the network. Security Management involves identifying the assets, threats, vulnerabilities, and taking protective
measures, which if not done may lead to unintended use of computing systems.
Network management applications are increasing in size and complexity to address a broad segment of
heterogeneous computing environments. The complexity of network infrastructure demands a highly scalable
application providing end-to-end solution that goes beyond the basic network management needs. With these,
the following are the three important aspects of information security that are to be taken care from the security
service point of view:
Security Attack - Any action that comprises the security information owned by an organization.
Security Mechanism - A mechanism that is designed to detect, prevent, or recover from a security attack.
Security Service - A service that enhances the security of the data processing systems and the information
transfers in the network.
Thus, the services are intended to counter security attacks, and they make use of one or more security
mechanisms to provide the service. In general, Security threats can be classified as shown below :

What does Security Services Offer ?

W bNMS id S i M f h b i d i d ih h b bj i i
 WebNMS provides Security Management as an out-of-the-box service, designed with the above objectives in
mind. Since the security logic is completely separate from the management application's business logic, the Web
NMS platform provides an environment where other applications can seamlessly integrate into the platform to
utilize the security services.
Components of Security Framework
Security Module provides a framework that consists of the following :
Authentication
Access Control
AuthorizationAdmin
Cryptography
Audit
Pluggable Logic
Security Data Store

Security policy

Cybersecurity is an important issue for both IT departments and C-level executives. However, security should
be a concern for each employee in an organization, not only IT professionals and top managers.
One effective way to educate employees on the importance of security is a cybersecurity policy that explains
each person's responsibilities for protecting IT systems and data. A cybersecurity policy sets the standards of
behavior for activities such as the encryption of email attachments and restrictions on the use of social media.
Cybersecurity policies are important because cyberattacks and data breaches are potentially costly. At the
same time, employees are often the weak links in an organization's security. Employees share passwords, click
on malicious URLs and attachments, use unapproved cloud applications, and neglect to encrypt sensitive files.
Grand Theft Data, a McAfee report on data exfiltration, found that people inside organizations caused 43% of
data loss, one-half of which was accidental. Improved cybersecurity policies can help employees and
consultants better understand how to maintain the security of data and applications.
These types of policies are especially critical in public companies or organizations that operate in regulated
industries such as healthcare, finance, or insurance.
These organizations run the risk of large penalties if their security procedures are deemed inadequate.

Defining a cybersecurity policy

Cybersecurity procedures explain the rules for how employees, consultants, partners, board members, and
other end-users access online applications and internet resources, send data over networks, and otherwise
practice responsible security.
Typically, the first part of a cybersecurity policy describes the general security expectations, roles, and
responsibilities in the organization. Stakeholders include outside consultants, IT staff, financial staff, etc. This
is the "roles and responsibilities" or "information responsibility and accountability" section of the policy.
For large organizations or those in regulated industries, a cybersecurity policy is often dozens of pages long.
For small organizations, however, a security policy might be only a few pages and cover basic safety practices.
Such practices might include:
Rules for using email encryption
Steps for accessing work applications remotely
Guidelines for creating and safeguarding passwords
Rules on use of social media
Regardless of the length of the policy, it should prioritize the areas of primary importance to the organization.
That might include security for the most sensitive or regulated data, or security to address the causes of prior
data breaches. A risk analysis can highlight areas to prioritize in the policy.

Who should write the cybersecurity policies?

The IT department, often the CIO or CISO, is primarily responsible for all information security policies.
However, other stakeholders usually contribute to the policy, depending on their expertise and roles within the
organization.

Below are the key stakeholders who are likely to participate in policy creation and their roles:

C-level business executives define the key business needs for security, as well as the resources available to
support a cybersecurity policy. Writing a policy that cannot be implemented due to inadequate resources is a
waste of personnel time.
The legal department ensures that the policy meets legal requirements and complies with government
regulations.
The human resources (HR) department is responsible for explaining and enforcing employee policies. HR
personnel ensure that employees have read the policy and discipline those who violate it.
P d ibl f i l d i d i l d i
 Procurement departments are responsible for vetting cloud services vendors, managing cloud services
contracts, and vetting other relevant service providers. Procurement personnel may verify that a cloud
provider's security meets the organization's cybersecurity policies and verifies the effectiveness of other
outsourced relevant services.
Board members of public companies and associations review and approve policies as part of their
responsibilities. They may be more or less involved in policy creation depending on the needs of the
organization.

Updating and auditing cybersecurity procedures

Technology is continuously changing. Update cybersecurity procedures regularly—ideally once a year.

Establish an annual review and update process and involve key stakeholders.
When reviewing an information security policy, compare the policy's guidelines with the actual practices of the
organization. A policy audit or review can pinpoint rules that no longer address current work processes. An
audit can also help identify where better enforcement of the cybersecurity policy is needed.

An IT security consulting and training company, suggests the following three policy audit goals:

Compare the organization's cybersecurity policy to actual practices

Determine the organization's exposure to internal threats
Evaluate the risk of external security threats

An updated cybersecurity policy is a key security resource for all organizations. Without one, end users can make
mistakes and cause data breaches. A careless approach can cost an organization substantially in fines, legal fees,
settlements, loss of public trust, and brand degradation. Creating and maintaining a policy can help prevent these
adverse outcomes.

An acceptable use policy (AUP)

An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to
for access to a corporate network or the Internet.

Many businesses and educational facilities require that employees or students sign an acceptable use policy before
being granted a network ID.

When you sign up with an Internet service provider (ISP), you will usually be presented with an AUP, which states
that you agree to adhere to stipulations such as:

Not using the service as part of violating any law

Not attempting to break the security of any computer network or user
Not posting commercial messages to Usenet groups without prior permission
Not attempting to send junk e-mail or spam to anyone who doesn't want to receive it
Not attempting to mail bomb a site with mass amounts of e-mail in order to flood their server

Users also typically agree to report any attempt to break into their accounts.