What are the three goals of cyber security

3 Cyber Security Objectives Given the complex nature of cyber security technology, and the fact that cyber security threats only escalate, it might be expected that policymakers are constantly confronted with decisions on how to react to the latest threat. However, because it is often the case that decisions concerning cyber security measures are delegated to technologists, a policymaker may not actually see these decisions being made, and thus not have a chance to weigh in on the organizational impact of various alternative approaches. In fact, the cyber security arms race often seems to offer very few alternative options. Almost immediately after cyber security technology is introduced, its usage is declared industry standard by some regulatory body, and this locks organizations into the identified countermeasure approach. For example, if a regulated organization decided to use a cyber security approach that did not make use of firewalls, they would face detailed scrutiny by their regulatory auditors. It seems easier to continue keeping up with the latest security tools and technologies than rethinking an organizational approach to cyber security. Nevertheless, if there is any lesson in Chapter 2, it is that new paradigms for cyber security are sorely needed. In this chapter, we critically examine the policy objectives that evolved with the history of cyber security as described in Chapter 2. Note that these cyber security policy objectives did not then and do not necess...

Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, In 2020, Security system complexity, created by disparate technologies and a lack of in-house expertise, can amplify these costs. But organizations with a comprehensive cybersecurity strategy, governed by best practices and automated using advanced analytics, artificial intelligence (AI) and machine learning, can fight cyberthreats more effectively and reduce the lifecycle and impact of breaches when they occur. A strong cybersecurity strategy has layers of protection to defend against cyber crime, including cyber attacks that attempt to access, change, or destroy data; extort money from users or the organization; or aim to disrupt normal business operations. Countermeasures should address: • Critical infrastructure security - Practices for protecting the computer systems, networks, and other assets that society relies upon for national security, economic health, and/or public safety. The National Institute of Standards and Technology (NIST) has created a cybersecurity framework to help organizations in this area, while the U.S. Department of Homeland Security (DHS) provides additional guidance. • • Application security - Processes that help protect applications operating on-premises and in the cloud. Security should be built into applications at the design stage, with considerations for how data is handled, user a...

How CISOs should prepare for 2021 As cyberattacks grow in number and sophistication, 2021 is unlikely to be different. Based on what we have seen so far, two assumptions can be made. The pandemic will linger long into this year, and the virtualized workplace will expand as businesses grow. Both assumptions mean increased CISO workloads and more imponderables. I believe there are seven imperatives for CISOs to focus on for 2021. 1. Make cybersecurity a boardroom agenda As digital transformation has become the core component of almost all business processes, security has become a business concern, and as a result, cybersecurity should firmly be on the boardroom agenda of all organizations. The 2. Invest in cloud security As businesses continue to move to the cloud, CISOs must prepare against more (specific) threats -- data breaches, denial of service, insecure APIs and account hijacking, among others -- simply because the growing amount of information in the cloud attracts cybercrime. Most cloud service providers include built-in security services for data protection, regulatory compliance and privacy, secure access control capabilities for effective security risk management and protection in public cloud. Yet, it is critical for organizations to 3. Implement basic IT hygiene Cybersecurity is no longer the sole responsibility of IT teams and security teams. Security is as strong as the weakest link. Therefore, it is essential to ensure that every individual is aware and agre...

Dave McKay Writer Dave McKay first used computers when punched paper tape was in vogue, and he has been programming ever since. After over 30 years in the IT industry, he is now a full-time technology journalist. During his career, he has worked as a freelance programmer, manager of an international software development team, an IT services project manager, and, most recently, as a Data Protection Officer. His writing has been published by howtogeek.com, cloudsavvyit.com, itenterpriser.com, and opensource.com. Dave is a Linux evangelist and open source advocate. Who’s Going to Come After Me? Counterintuitively, headline-grabbing cyberattacks like the recent But just like criminals in the physical world, there are various strata of cybercriminal. There are criminals who conduct diamond heists, and there are criminals who snatch handbags. Plainly these are not the same individuals. The cybercriminals who target high-profile high-value victims are unlikely to turn their sights on the average small to medium enterprise (SME). The biggest threat facing SMEs is malware. Malware is software designed to perform some action to the benefit of the cybercriminals, or threat actors. Malware may exfiltrate data, trap keystrokes to steal login credentials or credit card details, or it might be ransomware. Ransomware encrypts your data and demands a payment, usually in Bitcoin, to decrypt it. First Pillar: Technology Technology includes the hardware and software measures and systems yo...

Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, In 2020, Security system complexity, created by disparate technologies and a lack of in-house expertise, can amplify these costs. But organizations with a comprehensive cybersecurity strategy, governed by best practices and automated using advanced analytics, artificial intelligence (AI) and machine learning, can fight cyberthreats more effectively and reduce the lifecycle and impact of breaches when they occur. A strong cybersecurity strategy has layers of protection to defend against cyber crime, including cyber attacks that attempt to access, change, or destroy data; extort money from users or the organization; or aim to disrupt normal business operations. Countermeasures should address: • Critical infrastructure security - Practices for protecting the computer systems, networks, and other assets that society relies upon for national security, economic health, and/or public safety. The National Institute of Standards and Technology (NIST) has created a cybersecurity framework to help organizations in this area, while the U.S. Department of Homeland Security (DHS) provides additional guidance. • • Application security - Processes that help protect applications operating on-premises and in the cloud. Security should be built into applications at the design stage, with considerations for how data is handled, user a...

Dave McKay Writer Dave McKay first used computers when punched paper tape was in vogue, and he has been programming ever since. After over 30 years in the IT industry, he is now a full-time technology journalist. During his career, he has worked as a freelance programmer, manager of an international software development team, an IT services project manager, and, most recently, as a Data Protection Officer. His writing has been published by howtogeek.com, cloudsavvyit.com, itenterpriser.com, and opensource.com. Dave is a Linux evangelist and open source advocate. Who’s Going to Come After Me? Counterintuitively, headline-grabbing cyberattacks like the recent But just like criminals in the physical world, there are various strata of cybercriminal. There are criminals who conduct diamond heists, and there are criminals who snatch handbags. Plainly these are not the same individuals. The cybercriminals who target high-profile high-value victims are unlikely to turn their sights on the average small to medium enterprise (SME). The biggest threat facing SMEs is malware. Malware is software designed to perform some action to the benefit of the cybercriminals, or threat actors. Malware may exfiltrate data, trap keystrokes to steal login credentials or credit card details, or it might be ransomware. Ransomware encrypts your data and demands a payment, usually in Bitcoin, to decrypt it. First Pillar: Technology Technology includes the hardware and software measures and systems yo...

How CISOs should prepare for 2021 As cyberattacks grow in number and sophistication, 2021 is unlikely to be different. Based on what we have seen so far, two assumptions can be made. The pandemic will linger long into this year, and the virtualized workplace will expand as businesses grow. Both assumptions mean increased CISO workloads and more imponderables. I believe there are seven imperatives for CISOs to focus on for 2021. 1. Make cybersecurity a boardroom agenda As digital transformation has become the core component of almost all business processes, security has become a business concern, and as a result, cybersecurity should firmly be on the boardroom agenda of all organizations. The 2. Invest in cloud security As businesses continue to move to the cloud, CISOs must prepare against more (specific) threats -- data breaches, denial of service, insecure APIs and account hijacking, among others -- simply because the growing amount of information in the cloud attracts cybercrime. Most cloud service providers include built-in security services for data protection, regulatory compliance and privacy, secure access control capabilities for effective security risk management and protection in public cloud. Yet, it is critical for organizations to 3. Implement basic IT hygiene Cybersecurity is no longer the sole responsibility of IT teams and security teams. Security is as strong as the weakest link. Therefore, it is essential to ensure that every individual is aware and agre...

3 Cyber Security Objectives Given the complex nature of cyber security technology, and the fact that cyber security threats only escalate, it might be expected that policymakers are constantly confronted with decisions on how to react to the latest threat. However, because it is often the case that decisions concerning cyber security measures are delegated to technologists, a policymaker may not actually see these decisions being made, and thus not have a chance to weigh in on the organizational impact of various alternative approaches. In fact, the cyber security arms race often seems to offer very few alternative options. Almost immediately after cyber security technology is introduced, its usage is declared industry standard by some regulatory body, and this locks organizations into the identified countermeasure approach. For example, if a regulated organization decided to use a cyber security approach that did not make use of firewalls, they would face detailed scrutiny by their regulatory auditors. It seems easier to continue keeping up with the latest security tools and technologies than rethinking an organizational approach to cyber security. Nevertheless, if there is any lesson in Chapter 2, it is that new paradigms for cyber security are sorely needed. In this chapter, we critically examine the policy objectives that evolved with the history of cyber security as described in Chapter 2. Note that these cyber security policy objectives did not then and do not necess...