Cyber Security refers to the technology, processes and practices employed in the protection of an organizations’ networks, computers, applications and resources from an attack damage or unauthorized access. It ensures that access to an organization’s infrastructure as well as resources are properly guarded.
Recently, there is a huge rise in the volume and sophistication of the cyber threat environment. To be able to combat the increasing threat landscape, organizations must have a robust cybersecurity framework to ensure that they are adequately protected from cyber-attacks.
Building a robust Cyber security framework involves addressing the several technologies and processes employed in granting or revoking rights for users to access critical data, resources and systems as well as protection of sensitive resources from unauthorized access and modification. Organizations must also understand how users, resources and systems on the network communicate with each other, the protocols and network services employed as well as the various vulnerabilities and threats associated with each communication.
Issues related to dealing with situations of catastrophic system failure either as a result of natural disasters, malicious attacks or other types of service affecting activities must also be carefully addressed. Network administrators are expected to know and understand which services, resources and information are critical to the survival of organizations and figure out a way to ensure that they remain available after a failure. Understanding how users interact with the network and its resources is a key factor. Every staff of the organization must be aware of security risks and should be educated on existing and evolving security threats as well as activities which exposes the organization to an attack.
Policies and processes with regards security should be put in place and there should be proper policy planning for all existing and evolving security threats to the organization. Legal issues associated with cyber security as well as internal security practices such as employee surveillance and privacy laws should be addressed.
Integration of security into the individual phases of the development life cycle of software and applications development to ensure that applications and software are secured should also be considered. Data must also be properly encrypted and organizations must understand when and how to encrypt data.
Activities that keep the systems, resources, applications and users on the network up and running in a secure and protected manner must be constantly addressed to ensure that users only have access to resources that they are entitled to. Physical access to an organizations’ network and resources such as servers and workstations must also be looked into. Site design and layout, environmental components, emergency response readiness, and power and fire protection must be properly taken care of.
Obviously, Cybersecurity is no longer an issue left for only IT administrators and specialists to address. Cybersecurity has now become the responsibility of everyone in the organization, from the CEO to the security guard, to ensure that they do not become the weak link with regards to securing the network.
Author: Irene Okuekhamhen