This blog is about to Cybersecurity Fundamentals, there are total ten agenda which has explained step by step.
Data Breach Statistics
What is Cybersecurity?
• The protection of information assets by addressing threats to information processed, stored and transported by internetworked information systems.
What is Information Security (InfoSec)?
• Infosec deals with information, regardless of its format (it encompasses paper documents, digital and intellectual property in people’s minds, and verbal or visual communications.
• Cybersecurity on the other hand, is concerned with protecting digital assets, everything from networks to hardware and information processed, stored or/and transported by internetworked information systems.
Protecting Digital Assets
• The NIST (National Institute of Standards and Technology) & ENISA (European Union Agency for Network and Information Security) have identified 5 key functions necessary for the protection of digital assets
Key Concepts
• It is important to understand the elements of Information Security
Cybersecurity Roles
• Governance
̶ It’s the responsibility of the board of directors and senior management of the organization. Provide strategic direction, ensure that objectives are achieved, ascertain whether risk is being managed appropriately and verify that the organization’s resources are being used responsibly, are goals of the governance program
• Risk Management
̶ It’s the process by which an organization manages risk to acceptable levels, it requires the development and implementation of internal controls to manage mitigate risk throughout the organization, including financial and investment risk, physical risk and cyberrisk
• Compliance
̶ The act of adhering to mandated requirements defined by laws and regulations, this also includes contractual obligations with clients, partners and internal policies
Cybersecurity Concepts
• Risk:
̶ The combination of the probability of an event and its consequence (ISO/IEC 73:2009). Risk is mitigated through the use of controls or safeguards.
• Approaches
Risk Treatment
Risk Treatment (Contd)
What is Residual Risk?
• The risk that still remains after countermeasures and controls have been implemented.
• If residual risk is greater than the acceptable risk level, then it should be further treated with the option of additional mitigation through implementing more stringent controls