Cybersecurity 101

Three Key Operational Components of Cybersecurity

• DETECTION

• INVESTIGATION

• REMEDIATION

Cybersecurity solutions are geared towards protecting:

• ENDPOINT DEVICES - i.e. computers, smart devices, and routers

• NETWORKS

• THE CLOUD

Type of Cybersecurity Threats

• PHISING

  • The practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card numbers and login information. It’s the most common type of cyber attack
     

• SOCIAL ENGINEERING

  • ​A tactic that adversaries use to trick you into revealing sensitive information. They can solicit a monetary payment or gain access to confidential data. Social engineering can be combined with phishing, watering hole attacks, business email compromise attacks, and USB baiting
     

• RANSOMWARE

  • ​A type of malicious software. It is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered or the system restored
     

• MALWARE

  • ​Malware is a type of software designed to gain unauthorized access or to cause damage to a computer

Which government body sets standards for Cybersecurity?

• National Institute of Standards and Technology (NIST)

  • ​Founded in 1901, NIST is an agency of the U.S. Department of Commerce. It advances measurement science, standards, and technology to improve our quality of life. NIST has provided important computer security guidance for many decades

  • The NIST developed the Cybersecurity Framework (CSF), a set of cybersecurity best practices and recommendations for private and public organizations around the world

​

• NIST Cybersecurity Framework (CSF)

  • GOVERN (GV) — The organization’s cybersecurity risk management strategy,
    expectations, and policy are established, communicated, and monitored
     

  • IDENTIFY (ID) — The organization’s current cybersecurity risks are understood.
    Understanding the organization’s assets (e.g., data, hardware, software, systems,
    facilities, services, people), suppliers, and related cybersecurity risks enables an
    organization to prioritize its efforts consistent with its risk management strategy and the
    mission needs identified under GOVERN
     

  • PROTECT (PR) — Safeguards to manage the organization’s cybersecurity risks are used.
    Once assets and risks are identified and prioritized, PROTECT supports the ability to
    secure those assets to prevent or lower the likelihood and impact of adverse
    cybersecurity events, as well as to increase the likelihood and impact of taking
    advantage of opportunities. Outcomes covered by this Function include identity
    management, authentication, and access control; awareness and training; data security;
    platform security (i.e., securing the hardware, software, and services of physical and
    virtual platforms); and the resilience of technology infrastructure
     

  • DETECT (DE) — Possible cybersecurity attacks and compromises are found and analyzed.
    DETECT enables the timely discovery and analysis of anomalies, indicators of
    compromise, and other potentially adverse events that may indicate that cybersecurity
    attacks and incidents are occurring. This Function supports successful incident response
    and recovery activities
     

  • RESPOND (RS) — Actions regarding a detected cybersecurity incident are taken. RESPOND
    supports the ability to contain the effects of cybersecurity incidents. Outcomes within
    this Function cover incident management, analysis, mitigation, reporting, and
    communication
     

  • RECOVER (RC) — Assets and operations affected by a cybersecurity incident are restored.
    RECOVER supports the timely restoration of normal operations to reduce the effects of
    cybersecurity incidents and enable appropriate communication during recovery efforts.

​

​

​