- SBA 8(a)
- ISO 9001:2015
- ISO/IEC 27001:2013
- ISO/IEC 20000-1:2018
- CMMI-SVC ML3 v2.0
Cybersecurity is defined by Merriam-Webster as measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.
So what does that really mean to you?
You own or utilize information systems daily. Maybe they’re in a data center – or maybe they’re in the cloud. These systems contain your data. Trade secrets. PII. Maybe even some embarrassing photos. Whether you realize it or not, your systems and data are constantly under attack. Nonetheless, these are your systems and data – and the goal of cybersecurity is to maintain the confidentiality, integrity and availability of that data.
Confidentiality means ensuring that only the people you authorize to have access to your data can access your data.
Integrity means that your data maintains its consistency, accuracy and trustworthiness through its entire life cycle and is not maliciously modified or deleted.
Availability means that your data is accessible when you need it and the ability to access your data is not challenged by a malicious actor.
Implementing a Successful Cybersecurity Program
In order to implement a successful cybersecurity program – it is important to realize that you must utilize a combination of People, Process and Technology. People must understand basic cyber hygiene and security principles. For example, not opening suspicious email attachments, not using easily guessable passwords, backing up data, and being aware of social engineering attempts. Processes must be in place to identify attacks, protect systems, detect and respond to threats, and recover from successful attacks. These processes don’t have to be created from scratch as there are several industry standard frameworks available that can provide this structured approach. And of course, Technology must be architected to provide defense-in-depth. It is also important to note that technology is only effective if it is properly deployed and configured to work in harmony.
Whose Responsibility is it?
Remaining vigilant about cybersecurity is something that individuals, companies and governments alike must put thought and effort into. The consequences of not doing so could result in undesirable events such as personal identity theft, company breaches and the loss of national security information. With most of our critical infrastructure susceptible to attack – even our energy, healthcare, and financial services are at risk. It is important for everyone to play their role in understanding and implementing sound cybersecurity practices.