⬆️ ⬇️

About the lost stages of cybersecurity

Happy is he who hears about his shortcomings, can correct (c) W. Shakespeare
Cryptoworm viruses, mining plugins, phishing mobile applications are increasingly showing us what they are capable of and what we are not capable of.



When introducing cyber security systems, companies often copy ready-made solutions. However, what helps some companies can harm others. In various companies, as a rule, unique puzzles are composed of various IT systems, devices, types of information, value assessment of information.



Some companies perceive security only as the installation of software protection. Installing a firewall and intrusion detection software is often used as an effective means of protecting information and fighting hackers. But if an employee leaves a password on a phishing site or carelessly (or on purpose) reveals his passwords to third parties, even the most advanced software will not solve the problem of cybersecurity.



Other companies spend exorbitant funds on safety where it is not required. The placement of armed guards around the perimeter of the building sounds impressive, but if the main threat is unauthorized remote access to intellectual property or confidential information, such security is of little importance.

')

Cybersecurity is a process, not a product. The process is built by identifying potential threats and applying adequate security measures to them.



The cybersecurity process cannot be standardized. Using the example of a few steps, I’ll tell you where cybersecurity should begin:



1. Identification of information resources



In order to start applying information security, it is first necessary to determine in relation to which objects we will spend our efforts. Often, companies do not even know in which unexpected places confidential information can be found. We are looking for answers to the following questions:





2. Periodic risk assessment



The next step is to assess the potential risks to information security. This includes:





Risks are evaluated on the basis of the nature of the business, the value of the stored information for business and partners, the size and volume of transactions and their quantity. The purpose of the assessment at this stage is to determine the level of acceptable risk. Understanding this level provides an opportunity to assess the necessary financial investments in the fight against potential risks.



3. Development and implementation of a security program



Based on the results of the risk assessment, a security program is developed and implemented. The security program consists of physical, technical and administrative security measures to manage and set up control over the risks identified during the assessment.



Remember, a security program is being developed to reduce risks to an acceptable level.



Summary



7 fatal mistakes leading companies to fail in cybersecurity:



Source: https://habr.com/ru/post/349090/



All Articles