Cyber Security: Essential principles to secure your organisation
()
About this ebook
Cyber Security – Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks.
Organisations large and small experience attacks every day, from simple phishing emails to intricate, detailed operations masterminded by criminal gangs, and for every vulnerability fixed, another pops up, ripe for exploitation.
Cyber security doesn’t have to cost vast amounts of money or take a short ice age to implement. No matter the size of your organisation, improving cyber security helps protect your data and that of your clients, improving business relations and opening the door to new opportunities.
This pocket guide will take you through the essentials of cyber security – the principles that underpin it, vulnerabilities and threats and the attackers who use them, and how to defend against them – so you can confidently develop a cyber security programme.
Cyber Security – Essential principles to secure your organisation:
- Covers the key differences between cyber and information security;
- Explains how cyber security is increasingly mandatory and how this ties into data protection, e.g. the Data Protection Act 2018 and the GDPR (General Data Protection Regulation);
- Focuses on the nature of the problem, looking at technical, physical and human threats and vulnerabilities;
- Explores the importance of security by design;
- Gives guidance on why security should be balanced and centralised; and
- Introduces the concept of using standards and frameworks to manage cyber security.
No matter the size of your organisation, cyber security is no longer optional – it is an essential component of business success and a critical defence against the risks of the information age. The only questions left are to decide when and where your journey will begin.
Start that journey now – buy this book today!
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
ISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsRisk Assessment for Asset Owners Rating: 4 out of 5 stars4/5PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsIT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5The Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5PCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsNine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5PCI DSS: A Pocket Guide - 3rd edition Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratings
Related to Cyber Security
Related ebooks
Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5NIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsThe Future and Opportunities of Cybersecurity in the Workforce Rating: 3 out of 5 stars3/5Managing Cybersecurity Risk: Book 3 Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsTrends In Cybersecurity: The Insider To Insider Risks Rating: 0 out of 5 stars0 ratingsThe Psychology of Information Security: Resolving conflicts between security compliance and human behaviour Rating: 5 out of 5 stars5/5Cyber Security Awareness for Corporate Directors and Board Members Rating: 1 out of 5 stars1/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Be Cyber Secure: Tales, Tools and Threats Rating: 0 out of 5 stars0 ratingsHands-on Incident Response and Digital Forensics Rating: 0 out of 5 stars0 ratingsCyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Easy Steps to Managing Cybersecurity Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: How Directors and Corporate Officers Can Protect their Businesses Rating: 5 out of 5 stars5/5Managing Information Security Breaches: Studies from real life Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsBuilding an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratingsAssessing Information Security: Strategies, Tactics, Logic and Framework Rating: 5 out of 5 stars5/5The Cybersecurity Mindset: Cultivating a Culture of Vigilance Rating: 0 out of 5 stars0 ratingsLessons Learned: Critical Information Infrastructure Protection: How to protect critical information infrastructure Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Cases Studies and Solutions Rating: 0 out of 5 stars0 ratingsCyber-Physical Attacks: A Growing Invisible Threat Rating: 4 out of 5 stars4/5Cybersecurity Law, Standards and Regulations, 2nd Edition Rating: 0 out of 5 stars0 ratingsCyber Attacks: Protecting National Infrastructure Rating: 4 out of 5 stars4/5
Security For You
Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCybersecurity For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsDark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratings
Reviews for Cyber Security
0 ratings0 reviews
Book preview
Cyber Security - Alan Calder
reading
INTRODUCTION
The cyber security landscape is complex and constantly changing. Organisations large and small experience attacks every day, from simple phishing emails to intricate, detailed operations masterminded by criminal gangs, and for every vulnerability fixed, another pops up, ripe for exploitation.
Given the frequency of large-scale data breaches and cyber attacks in the news, you could be forgiven for thinking that it’s impossible to defend your organisation against the predations of cyber attackers – after all, if massive multinationals can’t stay secure, what hope is there for SMEs?
The answer is: more than you think. Cyber security doesn’t have to cost vast amounts of money or take a short ice age to implement. No matter the size of your organisation, improving cyber security helps protect your data and that of your clients, improving business relations and opening the door to new opportunities.
This pocket guide will take you through the essentials of cyber security – the principles that underpin it, vulnerabilities and threats and the attackers who use them, and how to defend against them – so you can develop a cyber security programme for your organisation with confidence.
CHAPTER 1: INFORMATION SECURITY AND CYBER SECURITY
The terms ‘information security’ and ‘cyber security’ are often used interchangeably, when in fact they refer to different (albeit related) things.
Information security is concerned with ensuring the confidentiality, integrity and availability (C, I and A) of all information held by an organisation, irrespective of whether the information is electronic or in hard-copy format. As a result, information security generally involves considering physical and environmental controls alongside technological ones (lockable filing cabinets, key-code doors, etc.).
Cyber security is a subset of information security and is concerned with the same things, but where information security takes a generalist approach, cyber security focuses specifically on electronic information (including the physical aspects of defending that information). New cyber risks emerge almost daily, and the successful organisation must do all it can to stay ahead of the curve.
Laws, regulations and contracts
The days of cyber security as an afterthought are long past. Today’s organisations collect, use and store more information than ever before, and the global regulatory system is beginning to catch up.
The introduction of the EU General Data Protection Regulation (GDPR) in 2018 marked a major milestone for data protection and privacy laws across the globe. Most of us remember the flood of ‘we need your consent’ emails that arrived in our inboxes in the days leading up to (and after) the GDPR took effect, but those emails were only the tip of the iceberg.
The GDPR places a wide range of security and privacy obligations on organisations that process EU residents’ data and is supported by a regime of significant financial penalties (up to 4% of annual turnover or €20 million, whichever is greater). The Regulation also requires organisations based outside of the EU that process data on EU residents to appoint an EU representative, extending the reach of those obligations and penalties far beyond the EU’s physical borders.
Another law that may be relevant is the Directive on security of network and information systems (NIS Directive). This places specific cyber security and business continuity obligations on digital service providers and operators of essential services such as power and water, with a view to mitigating the disruption that could occur as the result of a major cyber security incident.
While many organisations still grapple with the GDPR and NIS Directive, new laws such as the California Consumer Privacy Act (CCPA) or the Brazilian General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais) are being introduced around the world, and further legislation is expected in the coming years. The increasing regulatory focus on data protection, privacy and continuity of key services inevitably leads to a greater focus on cyber security, as so much of the information held by organisations is in electronic formats, and the majority of essential services rely on electronic infrastructure.
It’s not just laws that mandate effective cyber security. Cyber security obligations in contracts are increasingly common, as organisations begin to recognise the risks posed by information sharing between suppliers and partners. If your organisation takes card payments, for example, banks will expect you to adhere to the requirements of the Payment Card Industry Data Security Standard (PCI DSS), while many government contracts mandate a minimum level of cyber security to enter the tendering process.
CHAPTER 2: THREATS AND VULNERABILITIES
Risk is an inevitable part of life. Every time you do something in which the outcome is uncertain, you take a risk, whether it’s something simple like crossing the road, or something complex like undergoing surgery. Risk is a function of uncertainty – without uncertainty, there is no risk.
Different business fields approach risk in different ways, but the general principles remain the same: the likelihood of an adverse event is mapped against the effect that event would have were it to occur. If the outcome is severe and the likelihood high enough, then it is sensible to take steps to protect against it – usually by reducing the damage