Cybersecurity

Definition

Basic kinds

• Network security: Securing computer networks against threats such as DDoS attacks, ransomware, phishing, and unauthorised access attempts.
• Application security: Protecting applications and software from vulnerabilities that can be used to take control of the system.
• Information security: Protecting sensitive and confidential data, both at rest (stored) and in transit, through encryption methods and access management.
• Operational security: Processes and preventive measures to ensure continuity of operations and minimise the risk of attacks on critical systems and industrial infrastructure.
• Identity and access management (IAM): Controlling user access to digital resources, which includes multi-factor authentication and role and privilege management.

Main roles

• Protection of all categories of data including but not limited to: sensitive data, personally identifiable information, protected health information, personal information, intellectual property and industry information systems from theft and damage.
• Protection of commonly used computer systems, networks and data exchange.
• Protection of cloud services, mobile devices (e.g. smartphones) and Internet of Things solutions.

Basic elements

• Firewall: A device or software that monitors and controls network traffic to protect against unauthorised access attempts.
• Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs): IDSs monitor the network for anomalies and signal potential attacks, while IPSs automatically block suspicious activity.
• Data encryption: A technology that secures data by encrypting it, making it unreadable without having the proper decryption key.
• Multi-factor authentication (MFA): A process that requires users to confirm their identities through various methods, such as passwords, tokens, or biometric scans, making access to resources more secure.
• Antivirus and antimalware software: Programs that protect devices from viruses, malware, and other malicious software that can damage your system or take control of your data.
• Identity and access management (IAM): Systems to control who has access to what resources on the network, using mechanisms such as roles, permissions, and access protocols.
• Data backup and recovery: Systems that store backups of data and enable rapid recovery in the event of a crash or ransomware attack.
• Security monitoring: Continuous monitoring of networks and devices to detect suspicious activity and respond quickly to threats. SIEM (Security Information and Event Management) systems collect and analyse data from a variety of sources to identify potential threats.
• Audit and compliance: Regular reviews and audits to ensure compliance with regulations and industry standards (e.g. RODO, ISO 27001) and identify security gaps.

Mechanism of action

• Identification of resources and risks: The organisation identifies key resources that need to be protected and potential threats that could affect their security.
• Risk prevention: Implementing security measures, such as firewalls, encryption, and multi-factor authentication to reduce the risk of unauthorised access and attacks.
• Monitoring and detection: Monitoring systems (e.g. IDS, SIEM) track network traffic, analyse user activities, and detect anomalies and potential attacks in real time.
• Responding to incidents: If an incident is detected, the cybersecurity team implements countermeasures, such as isolating infected systems, removing malware, and restoring data from backups.
• Data recovery: After an incident, the organisation implements processes to recover data and restore full system functionality, minimising business interruption.
• Review and improvement: The organisation conducts audits and analysis to assess the effectiveness of its cybersecurity strategy, identifies new threats, and makes improvements to minimise the risk of future incidents.
• Training and education: Organisations provide training for employees to raise awareness of risks and teach best practices related to data security, which reduces the risk of human error.