What Is Cyber Security?

ISO27001 certification

What does it mean in practice?

Cybersecurity is the practice and processes implemented to protect information, assets and infrastructure from a cyber-attack. Cyber-crime is continuing to increase globally, affecting large and small businesses. The vast majority of companies are vulnerable to an attack, as it only becomes apparent what cybersecurity they need once the attack has taken place.

 

In most cases, there is a distinct lack of risk management within organisations when it comes to likely cyber-attacks and this is simply because it is very difficult to plan for an attack when you are not aware of what type of threat you are facing.

Are you up to date with your risk management strategy?

Apart from having to protect your business and the software you use within that, it is also essential to keep personal information of employees and clients safe.

Cyber Security Risk Assessments

A cybersecurity risk assessment can quickly identify if there are potential gaps in an organisation’s system and a number of industries such as financial institutions are required by law to conduct these on a regular basis. 

There are five key points that every organisation should undertake with regards to their online safety:

Determine which assets within your organisation are the most critical (e.g.software, hardware, applications, data) and base your level of protection on the level of importance to your company.

Evaluate whether the measures currently in place are adequate or whether there are areas of improvement and again prioritise these.

Where possible, try and understand which threats could cause the greatest risk to your organisation and why.

With the above information in mind, review and if required enhance /update current security measures to strengthen controls.

-Re-assess this programme on a very regular basis, as threats and risks frequently change, as do an organisations requirement.

Consider Penetration Testing

Penetration Testing is used to identify what level of risk users face by testing and compromising servers to find potential weaknesses. The testing can be done internally or externally and is carried out in the same way as an adversary may us.

It is typically carried out in a number of steps:

  1. Gathering all essential and valuable intelligence about the application being tested.
  2. Identifying different threats or types of threats and categorising by importance.
  3. Vulnerability testing – Using specific tools like OpenVAS, Nessus, Acunetix, Wapiti or Nikto, identifying systems that could potentially be leveraged by an attack.
  4. Using a series of non-destructive types of testing, attempting to access the system and applications that may be targeted by an attacker.
  5. After the test has been completed a thorough and comprehensive report is issued giving details of vulnerabilities, misconfigurations, threat analysis countermeasures with mitigation techniques, risk identification, good practices and recommendations.

What do you need to know about Cyber Security?

We’ve created a 15 page document to cover everything you need to know about Cyber Security Reviews. 

Covering everything from: 

1. Debunking the Myths

2. Reasons Why

3. Testing Types

4. A 5 Step Formula

Get Your FREE download here

More Posts

Who Needs Security Consultancy?

Faced with the question – who needs security consultancy? – many companies may shrug and say, effectively, not us. That may not be very wise, especially if the work of the company has any sensitive aspects.

Read More »