Technology is rapidly changing. New tools for managing information, providing remote access, and calculating data analytics are being deployed at a feverish pace. Meanwhile, skillful exploits and attacks are being perfected and launched by hacktivists and criminals from across the globe. The ability for an organization to reach out to a world-wide market base has never been so effortless, but at the same time the risks from doing so have never been greater.
Increasingly, the Internet interconnects individuals and businesses which also grants unfettered access by criminals and those who wish to abuse these systems. “Cyber threats” define the attacks that compromise computers, networks, data-sets, and/or their communications. “Cyber attacks” can reach a target from local sources (ie, already on your network) or from across a wide area network link (ie, the Internet). A compromise of IT infrastructure, communications, or data stores can result in serious economic and financial losses. Additionally, security breaches can lead to privacy violations, negative publicity, a depletion of public trust, a reduction of consumer confidence, and loss of market share. Security compromises can cause a violation of regulations, place the organization at risk of losing their license to operate, cause bankruptcy, and potentially trigger criminal or civil penalties for the organization and its officers.
Organizations must take the threat and risk of computer hacking seriously. A well-trained and prepared cyber-work-force is imperative. All personnel in the organization, from the C-level executives to new interns, require cyber-awareness. All organizations benefit from having some personnel trained as cyber warriors. A well-prepared organization is able to build sufficient defenses to ward off most attacks, tune detection systems to discover attempted attacks, and respond to compromises promptly in order to contain and eradicate the violation. The best defense starts with information, knowledge, and education. You need the right-people with the right skills and expertise to counter the ever present onslaught to cyber threats and attacks. Six main security disciplines and their corresponding competencies include:
- Asset Protection
- Threat Management
- Access Control
- Incident Management
- Configuration Management
- Contingency Planning
Continuing next week, this seven part series will teach you to use and understand each of these disciplines to better protect you and your company.