Contact Us: +44 (0) 845 070 1750 

• Home
• IT Governance

  IT Governance

  ISO 38500

  Calder Moir

  CobiT & ValIT

  Data Governance

  Architecture Frameworks

  King III

  SOA Governance

  Tools & Services

  Books & pocket guides

  ITG Framework Toolkit

  Training Courses

  Consultancy Services

  Green IT

  Books and Pocket guides

  ISO 14001

  EN 16001/ISO 50001

  Toolkits

  Consultancy Services

  Training Courses

  Other IT Governance

  Capability Maturity Model

  Cloud Computing

  IT Audit

  IT Outsourcing

  Social Media Governance

• Risk Management

  ISO 27001

  ISO 27000 Standards

  Books & Pocket Guides

  Documentation Toolkits

  Training Courses

  Staff Awareness eLearning

  Consultancy Services

  Risk Assessment Tools

  Qualifications

  CISA

  CISM

  CISSP

  IBITGQ

  ISO 31000

  Standards & Guides

  BCM Planning

  BS25999

  Books & Pocket guides

  Documentation Toolkits

  Training Courses

  Consultancy Services

  Penetration Testing

  Penetration Testing Services

  Training Courses Books and Guides

  IT Health Check

  Forensics

  Books

  Training Courses

• Compliance

  Data Protection

  BS10012 PIMS

  Books & Pocket Guides

  Documentation Toolkits

  Training Courses

  Staff Awareness eLearning

  Consultancy Services

  PCI DSS

  Books & Pocket Guides

  Documentation Toolkits

  Training Courses

  Staff Awareness eLearning

  Consultancy Services

  Scanning Services

  Sarbanes Oxley

  Books & Pocket Guides

  Toolkits

  Training Courses

  Training Courses

• ITIL / ITSM

  ITIL

  ISO 20000

  Books & Pocket Guides
  Documentation Toolkits

  Training Courses

  Distance Learning

  Qualification Scheme

• PPPM-Projects

  PRINCE2

  Books & Pocket guides

  Training Courses

  Distance Learning

  PMBOK

  Books & Pocket guides

  Training Courses

  Distance Learning

  MSP

  Books & Pocket guides

  Training Courses

  Distance Learning

  P3O

  Books & Pocket guides

  Training Courses

  Distance Learning

  MOP / MOV

  Books & Pocket guides

  Distance Learning

• Best Practice

  ISO 9001

  ISO 27001

  ISO 14001

  OHSAS 18001

  EN 16001/ISO 50001

  Buy Standards

  OGC Best Practice

  TickITplus

• News
• My Account
• 

What is cyber security?

Cybersecurity Standards | Cybersecurity Training | Cybersecurity Toolkits | Cybersecurity Consultancy

On this page: An introduction to cyber security Cyber criminals Cyber threats Cybersecurity solutions

Cybersecurity Whitepaper Free Download

 

Cybersecurity is the protection of systems, networks and data in cyber space. Cybersecurity is concerned with the protection against cyber risks, which broadly fall into three areas:

• Cyber crime – Individuals working alone, or large organised groups, intent on extracting money, data or causing disruption. This can take many forms including the acquisition of credit/debit card data, intellectual property and impairing the operations of a web site or service.
• Cyber war – A nation state conducting sabotage and espionage against another nation to cause disruption or to extract data. This could involve the use of APT’s
• Cyber terror – An organisation, working outside a nation state, conducting terrorist activities through the medium of cyber space

The book, ‘CyberWar, CyberTerror, CyberCrime offers a no-nonsense discussion of these cyber security issues.

Cyber criminals

Cyber security should be proportional to the risks faced by each organisation. Cyber security measures should be based upon the outcomes of a risk assessment. It is, therefore, unlikely that most organisations would face the threat of cyber war and cyber terror. Organisations that would have to consider cyber measures against cyberwar or cyber terror could include governments, those within the critical national infrastructure and very high-profile institutions.

 

Cyber crime is a far greater risk to all organisations, of all sizes, in all sectors. ISO27001 is the International Cybersecurity Standard that should be employed by all organisations. Read about ISO27001 here.

 

It’s easy for cyber criminals ... Every month, Microsoft publishes the vulnerabilities of its systems, websites like Buqtracq and organisations like SANS list every new ‘Bug’. Additionally, cyber criminals can now buy ‘off-the-shelf’ hacking software, complete with support services. Cybercrime is easy, and hard to police.

 

All organisations face one of two types of attack:

1. Either they will be deliberately attacked, because they have a high profile and appear to have valuable data (or there is some other publicity benefit in a successful attack), or
2. It will be opportunistic, because an automated scan detects the existence of exploitable vulnerabilities – and virtually every Internet-facing entity, unless it has been specifically tested and secured, will have exploitable vulnerabilities

Cyber criminals are indiscriminate. Where there is a weakness, they will try to exploit it. Therefore, all organisations need to understand the cyber threats they face, and safeguard against them.

Cyber Threats

Cybercriminals operate remotely, in what is called ‘automation at a distance’. There are many types of attack available to cybercriminals, which broadly fall under the umbrella term of malware (malicious software). These include:

 

Virus
Aim – Gain access to, steal, modify and /or corrupt information and files from a targeted computer system.
How – A small piece of software program that can replicate itself and spread from one computer to another by attaching itself to another computer file.

 

Worm
Aim – By exploiting weaknesses in operating systems, worms seek to damage networks and often deliver payloads, which allow remote control of the infected computer.
How – Worms are self-replicating and do not require a program to attach themselves to. Worms continually look for vulnerabilities and report back to the worm author when weaknesses are discovered.

 

Spyware / Adware
Aim – To take control of control of your computer and / or to collect personal information without your knowledge.
How – By opening attachment, clicking links or downloading infected software, spyware/adware is installed on your computer.

 

Trojan
Aim – To create a ‘back-door’ on your computer where information can be stolen and damage caused.
How – A software program appears to perform one function (for example, virus removal) but actually acts as something else.

There are a number of attack vectors that are available to cyber criminals:

• Phishing: An attempt to deceive users into acquiring their information by masquerading as a legitimate entity; examples include spoof emails, websites
• Pharming: An attack to re-direct a website’s traffic to another, fake website, where the individual's information is then compromised
• Drive-by: Opportunistic attacks against specific weaknesses within a system
• MITM: ‘Man in the middle attack’ where a middleman impersonates each endpoint and is thus able to manipulate both victims.
• Social engineering – Exploiting the weakness of the individual, by making them click either on malicious links, or by physically gaining access to a computer through deception. Pharming and phishing are examples of social engineering.

Cybersecurity Solutions

Cyber space is unregulated and cyber criminals have a range of ways in which to attack organisations. It is essential therefore that you have robust cyber security that protects your critical assets, customer details and your operating systems.

Effective cyber security can also help you win new business by providing assurances to your supply chain partners, stakeholders and customers of your commitment to cyber security.

 

ISO27001 is the world’s Cybersecurity Standard against which organisations can have their information security management system (ISMS) independently certified. ISO27001 gives an organisation internationally recognised and accepted proof that its system for managing information security – its ISMS or cybersecurity readiness – is of an acceptable, independently audited and verified standard.

 

IT Governance are specialists in helping organisations with cyber security, cyber governance and cyber compliance:

• Cyber compliance - to ISO27001 the International Cybersecurity Standard, PCI DSS for organisations which process card payments and the Data Protection Act
• Cyber resilience - to mitigate against cyber risk, ensure business continuity and disaster recovery
• Cyber qualifications - with the world's first certified programme of ISO27001 training
• Cyber consultancy - our highly experienced consultants can help you implement IT standards and achieve certification
• Cyber testing – with our range of Pen Testing Packages

We also offer the most extensive range of books and tools on the Web to help organisations with cyber security:

 

Cyber security Standards Kit: Includes ISO27001, ISO27002, ISO27035 & ISO27031

 

Cyber security toolkits to help you quickly implement a cyber security

 

A huge bookstore on cybersecurity books, including Cyber Risks for Business Professionals, Above The Clouds and Cyberwar, CyberTerror, CyberCrime

• Home
• Online Shop
• Best Sellers
• New Products
• About Us
• Contact Us
• Join Us
• Expert Panel
• Shipping
• Links
• Free Resources
• Knowledge Bank
• Newsletter
• Terms/Privacy
• Site Map
• Blog

© 2003- IT Governance Ltd.  | eCommerce by Xanthos