Cybersecurity – are you protected???

Cybersecurity attacks are inevitable for modern business. Therefore, it is vital that businesses deploy countermeasures to mitigate the damage these attacks cause. This quick glossary will help you understand what factors you should consider as you – hopefully - deploy your own.

Access control

Refers to the means and mechanisms used to manage access to and the use of resources. In cybersecurity, the access being controlled is to computer networks and systems. To gain access to facilities and systems, users must have both proper identification credentials and authorization.

Antimalware

Any security program, software, hardware, or combination of both, de- signed to monitor a system for malicious software. Malicious software can include viruses, worms, Trojan Horses, etc.

Security Response Policy

Good cyber and physical security can make or break companies. While of course it would be preferable that security breaches or incidents do not take place at all, they don’t necessarily signal the death knell of an organization unless responded to in a poor fashion (or not at all).

Companies with a complex security response policy, which identifies the appropriate steps to take in the wake of a security problem are much better aligned to survive the process intact.

The purpose of the Security Response Policy is to outline the security incident response processes which must be followed. This policy will assist to identify and resolve information security incidents quickly and effectively, thus minimizing their business impact and reducing the risk of similar incidents recurring. It includes requirements for both end users and IT administrators.

Access management policy

Without appropriate access management controls, businesses are at significant risk from the loss or theft of both physical and digital assets. Access management controls establish who is allowed the appropriate level of access in order to do their jobs, while reducing the potential for damage or harm to the company.

The purpose of the policy is to provide guidelines for appropriate management of access to company resources. It covers both physical and digital environments.

Storage area networking (SANs) policy

Storage Area Networks (SANs) provide manageable, centralized storage capacity for systems offering vast amounts of disk space via a dedicated network link. SANs can offer servers much more disk space than they might be able to utilize locally, often spanning dozens if not hundreds of terabytes of data.

Because of their complexity, however, SANs are not easy to properly administer. Often, they require dedicated professionals to manage properly.

A Storage Area Networking policy can help lay out guidelines for the appropriate set up and usage of SANs in order to get the best performance and operational efficiencies out of them. This in turn helps companies maximize their often pricy investments in SAN technologies.

In all these cyber security efforts it is essential to bear the SCOPE in mind:

All employees, whether full-time, part-time, contract workers, consultants, part-time staff, interns and temporary workers and other personnel must be covered by this policy. It also applies to all company-owned equipment, employee-owned equipment used to conduct company business, or material related thereto.

EXCEPTIONS?  There are no exceptions to this policy except where permitted in writing by the HR and IT departments.

Feedback is welcome; if assistance is needed, let me know. You can email me at [email protected]